From af978f01e072adf6746909bbafb7bc93d29d1463 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 17 May 2022 20:10:17 +0000 Subject: automatic update --- data/CVE/list | 279 ++++++++++++++++++++++++++++++---------------------------- 1 file changed, 142 insertions(+), 137 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 6163c58690..95285b6854 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,86 +1,92 @@ -CVE-2022-30972 +CVE-2022-30973 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30971 +CVE-2022-1770 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30970 +CVE-2022-1769 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...) + TODO: check +CVE-2022-1768 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30969 +CVE-2022-1767 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30968 +CVE-2022-1766 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30967 +CVE-2022-1765 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30966 +CVE-2022-1764 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30965 +CVE-2022-1763 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30964 +CVE-2022-1762 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30963 +CVE-2022-1761 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30962 +CVE-2022-1760 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30961 +CVE-2022-1759 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30960 +CVE-2022-1758 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30959 +CVE-2022-1757 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30958 +CVE-2022-1756 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2022-30957 +CVE-2022-1755 RESERVED +CVE-2022-30972 (A cross-site request forgery (CSRF) vulnerability in Jenkins Storable ...) NOT-FOR-US: Jenkins plugin -CVE-2022-30956 - RESERVED +CVE-2022-30971 (Jenkins Storable Configs Plugin 1.0 and earlier does not configure its ...) NOT-FOR-US: Jenkins plugin -CVE-2022-30955 - RESERVED +CVE-2022-30970 (Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropd ...) NOT-FOR-US: Jenkins plugin -CVE-2022-30954 - RESERVED +CVE-2022-30969 (A cross-site request forgery (CSRF) vulnerability in Jenkins Autocompl ...) NOT-FOR-US: Jenkins plugin -CVE-2022-30953 - RESERVED +CVE-2022-30968 (Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name an ...) NOT-FOR-US: Jenkins plugin -CVE-2022-30952 - RESERVED +CVE-2022-30967 (Jenkins Selection tasks Plugin 1.0 and earlier does not escape the nam ...) NOT-FOR-US: Jenkins plugin -CVE-2022-30951 - RESERVED +CVE-2022-30966 (Jenkins Random String Parameter Plugin 1.0 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin -CVE-2022-30950 - RESERVED +CVE-2022-30965 (Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin -CVE-2022-30949 - RESERVED +CVE-2022-30964 (Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape t ...) NOT-FOR-US: Jenkins plugin -CVE-2022-30948 - RESERVED +CVE-2022-30963 (Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name ...) NOT-FOR-US: Jenkins plugin -CVE-2022-30947 - RESERVED +CVE-2022-30962 (Jenkins Global Variable String Parameter Plugin 1.2 and earlier does n ...) NOT-FOR-US: Jenkins plugin -CVE-2022-30946 - RESERVED +CVE-2022-30961 (Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin -CVE-2022-30945 - RESERVED +CVE-2022-30960 (Jenkins Application Detector Plugin 1.0.8 and earlier does not escape ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30959 (A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier all ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30958 (A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugi ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30957 (A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier all ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30956 (Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL scheme ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30955 (Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30954 (Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permis ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30953 (A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocea ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30952 (Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allo ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30951 (Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30950 (Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30949 (Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to config ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30948 (Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to con ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30947 (Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configu ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30946 (A cross-site request forgery (CSRF) vulnerability in Jenkins Script Se ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30945 (Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allow ...) NOT-FOR-US: Jenkins plugin CVE-2022-1754 RESERVED @@ -118,8 +124,8 @@ CVE-2022-1738 RESERVED CVE-2022-1737 RESERVED -CVE-2013-10001 - RESERVED +CVE-2013-10001 (A vulnerability was found in HTC One/Sense 4.x. It has been rated as p ...) + TODO: check CVE-2022-30942 RESERVED CVE-2022-30941 @@ -248,15 +254,15 @@ CVE-2022-1736 NOTE: default (https://wiki.ubuntu.com/Security/Features#ports) and the fact that the user NOTE: service was enabled by default (and not automatically enabled anymore since 42.1.1-2) TODO: check, if we want to threat this as unimportant severity issue -CVE-2022-1735 - RESERVED +CVE-2022-1735 (Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) + TODO: check CVE-2022-1734 RESERVED - linux (unimportant) NOTE: https://git.kernel.org/linus/d270453a0d9ec10bb8a802a142fb1b3601a83098 (5.18-rc6) NOTE: Support for Marvell NFC devices (CONFIG_NFC_MRVL) not enabled -CVE-2022-1733 - RESERVED +CVE-2022-1733 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) + TODO: check CVE-2022-1732 RESERVED CVE-2022-1731 (Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to ...) @@ -278,8 +284,8 @@ CVE-2022-1725 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8. NOTE: Negligible security impact; crash in CLI tool CVE-2022-1724 RESERVED -CVE-2022-1723 - RESERVED +CVE-2022-1723 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) + TODO: check CVE-2022-1722 (SSRF in editor's proxy via IPv6 link-local address in GitHub repositor ...) NOT-FOR-US: jgraph/drawio CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio ...) @@ -700,8 +706,8 @@ CVE-2022-1713 (SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4 NOT-FOR-US: jgraph/drawio CVE-2022-1712 RESERVED -CVE-2022-1711 - RESERVED +CVE-2022-1711 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) + TODO: check CVE-2022-1710 RESERVED CVE-2022-1709 @@ -710,8 +716,7 @@ CVE-2022-1708 RESERVED CVE-2022-1707 RESERVED -CVE-2022-1706 - RESERVED +CVE-2022-1706 (A vulnerability was found in Ignition where ignition configs are acces ...) - ignition NOTE: https://github.com/coreos/ignition/issues/1300 NOTE: https://github.com/coreos/ignition/pull/1350 @@ -727,10 +732,10 @@ CVE-2021-44467 RESERVED CVE-2021-4228 RESERVED -CVE-2022-30689 - RESERVED -CVE-2022-30688 [local privilege escalation] - RESERVED +CVE-2022-30689 (HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not cor ...) + TODO: check +CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privilege esc ...) + {DSA-5137-1} - needrestart 3.6-1 (bug #1011154) NOTE: https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30 (v3.6) NOTE: https://www.openwall.com/lists/oss-security/2022/05/17/9 @@ -2415,8 +2420,8 @@ CVE-2022-30112 RESERVED CVE-2022-30111 RESERVED -CVE-2022-30110 - RESERVED +CVE-2022-30110 (The file preview functionality in Jirafeau < 4.4.0, which is enable ...) + TODO: check CVE-2022-30109 RESERVED CVE-2022-30108 @@ -2489,10 +2494,10 @@ CVE-2022-30075 RESERVED CVE-2022-30074 RESERVED -CVE-2022-30073 - RESERVED -CVE-2022-30072 - RESERVED +CVE-2022-30073 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/ ...) + TODO: check +CVE-2022-30072 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\ ...) + TODO: check CVE-2022-30071 RESERVED CVE-2022-30070 @@ -2501,8 +2506,8 @@ CVE-2022-30069 RESERVED CVE-2022-30068 RESERVED -CVE-2022-30067 - RESERVED +CVE-2022-30067 (GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a ...) + TODO: check CVE-2022-30066 RESERVED CVE-2022-30065 @@ -2621,8 +2626,8 @@ CVE-2022-30009 RESERVED CVE-2022-30008 RESERVED -CVE-2022-30007 - RESERVED +CVE-2022-30007 (GXCMS V1.5 has a file upload vulnerability in the background. The vuln ...) + TODO: check CVE-2022-30006 RESERVED CVE-2022-30005 @@ -3930,8 +3935,8 @@ CVE-2022-29584 (Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stor CVE-2022-29583 (service_windows.go in the kardianos service package for Go omits quoti ...) - golang-github-kardianos-service (Windows-specific issue) NOTE: https://github.com/kardianos/service/pull/290 -CVE-2022-29581 - RESERVED +CVE-2022-29581 (Improper Update of Reference Count vulnerability in net/sched of Linux ...) + TODO: check CVE-2022-29580 RESERVED CVE-2022-29579 @@ -4407,8 +4412,8 @@ CVE-2022-29431 RESERVED CVE-2022-29430 RESERVED -CVE-2022-29429 - RESERVED +CVE-2022-29429 (Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Exte ...) + TODO: check CVE-2022-29428 RESERVED CVE-2022-29427 @@ -4636,8 +4641,8 @@ CVE-2022-29334 RESERVED CVE-2022-29333 RESERVED -CVE-2022-29332 - RESERVED +CVE-2022-29332 (D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An atta ...) + TODO: check CVE-2022-29331 RESERVED CVE-2022-29330 @@ -5549,7 +5554,7 @@ CVE-2022-1294 CVE-2022-1293 RESERVED CVE-2022-1292 (The c_rehash script does not properly sanitise shell metacharacters to ...) - {DLA-3008-1} + {DSA-5139-1 DLA-3008-1} - openssl 1.1.1o-1 NOTE: https://www.openssl.org/news/secadv/20220503.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 (openssl-3.0.3) @@ -8242,8 +8247,8 @@ CVE-2022-1118 CVE-2022-1117 RESERVED NOT-FOR-US: fapolicyd -CVE-2022-1116 - RESERVED +CVE-2022-1116 (Integer Overflow or Wraparound vulnerability in io_uring of Linux Kern ...) + TODO: check CVE-2022-1115 RESERVED - imagemagick @@ -12279,8 +12284,8 @@ CVE-2022-25943 (The installer of WPS Office for Windows versions prior to v11.2. NOT-FOR-US: WPS Office for Windows CVE-2022-0880 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...) NOT-FOR-US: ShowDoc -CVE-2022-26650 - RESERVED +CVE-2022-26650 (In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pat ...) + TODO: check CVE-2022-26649 RESERVED CVE-2022-26648 @@ -17188,8 +17193,8 @@ CVE-2022-24891 (ESAPI (The OWASP Enterprise Security API) is a free, open source NOTE: https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt -CVE-2022-24890 - RESERVED +CVE-2022-24890 (Nextcloud Talk is a video and audio conferencing app for Nextcloud. In ...) + TODO: check CVE-2022-24889 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) - nextcloud-server (bug #941708) CVE-2022-24888 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) @@ -17273,8 +17278,8 @@ CVE-2022-24858 (next-auth v3 users before version 3.29.2 are impacted. next-auth NOT-FOR-US: NextAuth.js CVE-2022-24857 (django-mfa3 is a library that implements multi factor authentication f ...) NOT-FOR-US: django-mfa3 -CVE-2022-24856 - RESERVED +CVE-2022-24856 (FlyteConsole is the web user interface for the Flyte platform. FlyteCo ...) + TODO: check CVE-2022-24855 (Metabase is an open source business intelligence and analytics applica ...) NOT-FOR-US: Metabase CVE-2022-24854 (Metabase is an open source business intelligence and analytics applica ...) @@ -17568,7 +17573,7 @@ CVE-2022-24763 (PJSIP is a free and open source multimedia communication library CVE-2022-24762 (sysend.js is a library that allows a user to send messages between pag ...) NOT-FOR-US: sysend.js CVE-2022-24761 (Waitress is a Web Server Gateway Interface server for Python 2 and 3. ...) - {DLA-3000-1} + {DSA-5138-1 DLA-3000-1} - waitress 2.1.1-1 (bug #1008013) NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 NOTE: https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0 (v2.1.1) @@ -18156,8 +18161,8 @@ CVE-2022-24613 (metadata-extractor up to 2.16.0 can throw various uncaught excep NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561 CVE-2022-24612 (An authenticated user can upload an XML file containing an XSS via the ...) NOT-FOR-US: EyesOfNetwork (EON) eonweb -CVE-2022-24611 - RESERVED +CVE-2022-24611 (Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specificati ...) + TODO: check CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto DVC-215IP ca ...) NOT-FOR-US: Alecto CVE-2022-24609 (Luocms v2.0 is affected by an incorrect access control vulnerability. ...) @@ -19765,8 +19770,8 @@ CVE-2022-24110 (Kiteworks MFT 7.5 may allow an unauthorized user to reset other NOT-FOR-US: Kiteworks managed file transfer CVE-2022-24109 RESERVED -CVE-2022-24108 - RESERVED +CVE-2022-24108 (The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remot ...) + TODO: check CVE-2022-24107 RESERVED CVE-2022-24106 @@ -21609,20 +21614,20 @@ CVE-2022-23677 (A remote execution of arbitrary code vulnerability was discovere NOT-FOR-US: Aruba CVE-2022-23676 (A remote execution of arbitrary code vulnerability was discovered in A ...) NOT-FOR-US: Aruba -CVE-2022-23675 - RESERVED -CVE-2022-23674 - RESERVED -CVE-2022-23673 - RESERVED -CVE-2022-23672 - RESERVED -CVE-2022-23671 - RESERVED +CVE-2022-23675 (A remote authenticated stored cross-site scripting (xss) vulnerability ...) + TODO: check +CVE-2022-23674 (A remote authenticated stored cross-site scripting (xss) vulnerability ...) + TODO: check +CVE-2022-23673 (A authenticated remote command injection vulnerability was discovered ...) + TODO: check +CVE-2022-23672 (A authenticated remote command injection vulnerability was discovered ...) + TODO: check +CVE-2022-23671 (A remote authenticated information disclosure vulnerability was discov ...) + TODO: check CVE-2022-23670 (A remote authenticated information disclosure vulnerability was discov ...) TODO: check -CVE-2022-23669 - RESERVED +CVE-2022-23669 (A remote authorization bypass vulnerability was discovered in Aruba Cl ...) + TODO: check CVE-2022-23668 (A remote authenticated server-side request forgery (ssrf) vulnerabilit ...) TODO: check CVE-2022-23667 (A authenticated remote command injection vulnerability was discovered ...) @@ -24817,12 +24822,12 @@ CVE-2022-22777 RESERVED CVE-2022-22776 RESERVED -CVE-2022-22775 - RESERVED +CVE-2022-22775 (The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Ente ...) + TODO: check CVE-2022-22774 (The DOM XML parser and SAX XML parser components of TIBCO Software Inc ...) NOT-FOR-US: TIBCO -CVE-2022-22773 - RESERVED +CVE-2022-22773 (The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Se ...) + TODO: check CVE-2022-22772 (The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s ...) NOT-FOR-US: TIBCO Managed File Transfer Platform CVE-2022-22771 (The Server component of TIBCO Software Inc.'s TIBCO JasperReports Libr ...) @@ -25939,12 +25944,12 @@ CVE-2022-22486 RESERVED CVE-2022-22485 RESERVED -CVE-2022-22484 - RESERVED +CVE-2022-22484 (IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a ...) + TODO: check CVE-2022-22483 RESERVED -CVE-2022-22482 - RESERVED +CVE-2022-22482 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 a ...) + TODO: check CVE-2022-22481 (IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a ...) NOT-FOR-US: IBM CVE-2022-22480 @@ -25957,8 +25962,8 @@ CVE-2022-22477 RESERVED CVE-2022-22476 RESERVED -CVE-2022-22475 - RESERVED +CVE-2022-22475 (IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 and ...) + TODO: check CVE-2022-22474 RESERVED CVE-2022-22473 @@ -38798,8 +38803,8 @@ CVE-2021-42945 (A SQL Injection vulnerability exists in ZZCMS 2021 via the askbi NOT-FOR-US: ZZCMS CVE-2021-42944 RESERVED -CVE-2021-42943 - RESERVED +CVE-2021-42943 (Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan ...) + TODO: check CVE-2021-42942 RESERVED CVE-2021-42941 @@ -39533,10 +39538,10 @@ CVE-2021-42646 (XML External Entity (XXE) vulnerability in the file based servic NOT-FOR-US: carbon-identity-framework CVE-2021-42645 (CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnera ...) NOT-FOR-US: CMSimple -CVE-2021-42644 - RESERVED -CVE-2021-42643 - RESERVED +CVE-2021-42644 (cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerab ...) + TODO: check +CVE-2021-42643 (cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnera ...) + TODO: check CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) NOT-FOR-US: PrinterLogic Web Stack CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) @@ -50156,8 +50161,8 @@ CVE-2021-38874 (IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access inf NOT-FOR-US: IBM CVE-2021-38873 (IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. ...) NOT-FOR-US: IBM -CVE-2021-38872 - RESERVED +CVE-2021-38872 (IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, a ...) + TODO: check CVE-2021-38871 RESERVED CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vu ...) @@ -73473,8 +73478,8 @@ CVE-2021-29728 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 con NOT-FOR-US: IBM CVE-2021-29727 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...) NOT-FOR-US: IBM -CVE-2021-29726 - RESERVED +CVE-2021-29726 (IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication ...) + TODO: check CVE-2021-29725 (IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IB ...) NOT-FOR-US: IBM CVE-2021-29724 @@ -167320,8 +167325,8 @@ CVE-2020-4996 (IBM Security Identity Governance and Intelligence 5.2.6 could all NOT-FOR-US: IBM CVE-2020-4995 (IBM Security Identity Governance and Intelligence 5.2.6 does not inval ...) NOT-FOR-US: IBM -CVE-2020-4994 - RESERVED +CVE-2020-4994 (IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through ...) + TODO: check CVE-2020-4993 (IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature ...) NOT-FOR-US: IBM CVE-2020-4992 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to ...) @@ -167394,8 +167399,8 @@ CVE-2020-4959 RESERVED CVE-2020-4958 (IBM Security Identity Governance and Intelligence 5.2.6 does not perfo ...) NOT-FOR-US: IBM -CVE-2020-4957 - RESERVED +CVE-2020-4957 (IBM Security Identity Governance and Intelligence 5.2.6 could disclose ...) + TODO: check CVE-2020-4956 (IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a ...) NOT-FOR-US: IBM CVE-2020-4955 (IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote ...) -- cgit v1.2.3