diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-01-29 08:10:18 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-01-29 08:10:18 +0000 |
commit | ae330aefe10cb2172cf4f076f559fc042e13f101 (patch) | |
tree | da12eff48bd567f3de94ae1c6d861b7a204e5ee2 | |
parent | 1027b97d9515ef5cb692bac6f8829d404d1cfbc7 (diff) |
automatic update
-rw-r--r-- | data/CVE/list.2016 | 4 | ||||
-rw-r--r-- | data/CVE/list.2020 | 2 | ||||
-rw-r--r-- | data/CVE/list.2021 | 468 | ||||
-rw-r--r-- | data/CVE/list.2022 | 122 |
4 files changed, 308 insertions, 288 deletions
diff --git a/data/CVE/list.2016 b/data/CVE/list.2016 index 5ce0ac7a74..1e526119da 100644 --- a/data/CVE/list.2016 +++ b/data/CVE/list.2016 @@ -22036,8 +22036,8 @@ CVE-2016-3737 (The server in Red Hat JBoss Operations Network (JON) before 3.3.6 NOT-FOR-US: Red Hat / JBoss Operations Network server CVE-2016-3736 REJECTED -CVE-2016-3735 - RESERVED +CVE-2016-3735 (Piwigo is image gallery software written in PHP. When a criteria is no ...) + TODO: check CVE-2016-3734 (Cross-site request forgery (CSRF) vulnerability in markposts.php in Mo ...) - moodle 2.7.14+dfsg-1 NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755 diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 84753a52e6..7d7edd4d6e 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -59480,7 +59480,7 @@ CVE-2020-6062 (An exploitable denial-of-service vulnerability exists in the way [jessie] - coturn <not-affected> (Vulnerable code introduced later) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985 NOTE: https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8 -CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way CoTURN 4. ...) +CVE-2020-6061 (An exploitable heap out-of-bounds read vulnerability exists in the way ...) {DSA-4711-1} - coturn 4.5.1.1-1.2 (bug #951876) [jessie] - coturn <not-affected> (Vulnerable code introduced later) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index b269879d58..35a8f803ee 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -437,16 +437,16 @@ CVE-2021-46450 RESERVED CVE-2021-46449 RESERVED -CVE-2021-46448 - RESERVED -CVE-2021-46447 - RESERVED -CVE-2021-46446 - RESERVED -CVE-2021-46445 - RESERVED -CVE-2021-46444 - RESERVED +CVE-2021-46448 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) + TODO: check +CVE-2021-46447 (A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 ...) + TODO: check +CVE-2021-46446 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) + TODO: check +CVE-2021-46445 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) + TODO: check +CVE-2021-46444 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) + TODO: check CVE-2021-46443 RESERVED CVE-2021-46442 @@ -834,16 +834,16 @@ CVE-2021-4206 RESERVED CVE-2021-4205 RESERVED -CVE-2021-31567 - RESERVED +CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability discovere ...) + TODO: check CVE-2021-26256 RESERVED CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Ever ...) NOT-FOR-US: WordPress plugin CVE-2021-23209 RESERVED -CVE-2021-23174 - RESERVED +CVE-2021-23174 (Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabi ...) + TODO: check CVE-2021-23150 RESERVED CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel ...) @@ -2911,8 +2911,7 @@ CVE-2021-45466 RESERVED CVE-2021-45465 RESERVED -CVE-2021-4160 [BN_mod_exp may produce incorrect results on MIPS] - RESERVED +CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro ...) - openssl 1.1.1m-1 NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb (OpenSSL_1_1_1m) NOTE: https://mta.openssl.org/pipermail/openssl-announce/2022-January/000214.html @@ -3810,8 +3809,8 @@ CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before NOTE: https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277 (2.2.26) CVE-2021-45106 RESERVED -CVE-2021-44463 - RESERVED +CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an attacker to ac ...) + TODO: check CVE-2021-44462 RESERVED CVE-2021-4137 @@ -3852,8 +3851,8 @@ CVE-2021-4126 {DSA-5034-1 DLA-2874-1} - thunderbird 1:91.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126 -CVE-2021-26264 - RESERVED +CVE-2021-26264 (A specially crafted script could cause the DeltaV Distributed Control ...) + TODO: check CVE-2021-23173 (The affected product is vulnerable to an improper access control, whic ...) NOT-FOR-US: Philips CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a he ...) @@ -5808,7 +5807,7 @@ CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) ver NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) -CVE-2021-33843 (Fresenius Kabi Agilia Link + version 3.0 has a default configuration p ...) +CVE-2021-33843 (Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configur ...) NOT-FOR-US: Fresenius Kabi Agilia Link CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 ...) NOT-FOR-US: Fresenius Kabi Agilia Link @@ -5849,130 +5848,130 @@ CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3 NOTE: https://www.djangoproject.com/weblog/2021/dec/07/security-releases/ NOTE: https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a (3.2.10) NOTE: https://github.com/django/django/commit/7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7 (2.2.25) -CVE-2021-44419 - RESERVED -CVE-2021-44418 - RESERVED -CVE-2021-44417 - RESERVED -CVE-2021-44416 - RESERVED -CVE-2021-44415 - RESERVED -CVE-2021-44414 - RESERVED -CVE-2021-44413 - RESERVED -CVE-2021-44412 - RESERVED -CVE-2021-44411 - RESERVED -CVE-2021-44410 - RESERVED -CVE-2021-44409 - RESERVED -CVE-2021-44408 - RESERVED -CVE-2021-44407 - RESERVED -CVE-2021-44406 - RESERVED -CVE-2021-44405 - RESERVED -CVE-2021-44404 - RESERVED -CVE-2021-44403 - RESERVED -CVE-2021-44402 - RESERVED -CVE-2021-44401 - RESERVED -CVE-2021-44400 - RESERVED -CVE-2021-44399 - RESERVED -CVE-2021-44398 - RESERVED -CVE-2021-44397 - RESERVED -CVE-2021-44396 - RESERVED -CVE-2021-44395 - RESERVED +CVE-2021-44419 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44418 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44417 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44416 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44415 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44414 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44413 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44412 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44411 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44410 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44409 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44408 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44407 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44406 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44405 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44404 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44403 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44402 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44401 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44400 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44399 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44398 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44397 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44396 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44395 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check CVE-2021-44394 RESERVED -CVE-2021-44393 - RESERVED -CVE-2021-44392 - RESERVED -CVE-2021-44391 - RESERVED -CVE-2021-44390 - RESERVED -CVE-2021-44389 - RESERVED -CVE-2021-44388 - RESERVED -CVE-2021-44387 - RESERVED -CVE-2021-44386 - RESERVED -CVE-2021-44385 - RESERVED -CVE-2021-44384 - RESERVED -CVE-2021-44383 - RESERVED -CVE-2021-44382 - RESERVED -CVE-2021-44381 - RESERVED -CVE-2021-44380 - RESERVED -CVE-2021-44379 - RESERVED -CVE-2021-44378 - RESERVED -CVE-2021-44377 - RESERVED -CVE-2021-44376 - RESERVED +CVE-2021-44393 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44392 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44391 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44390 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44389 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44388 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44387 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44386 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44385 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44384 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44383 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44382 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44381 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44380 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44379 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44378 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44377 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44376 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check CVE-2021-44375 RESERVED -CVE-2021-44374 - RESERVED -CVE-2021-44373 - RESERVED -CVE-2021-44372 - RESERVED -CVE-2021-44371 - RESERVED -CVE-2021-44370 - RESERVED -CVE-2021-44369 - RESERVED -CVE-2021-44368 - RESERVED -CVE-2021-44367 - RESERVED +CVE-2021-44374 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44373 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44372 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44371 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44370 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44369 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44368 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44367 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check CVE-2021-44366 RESERVED -CVE-2021-44365 - RESERVED -CVE-2021-44364 - RESERVED -CVE-2021-44363 - RESERVED -CVE-2021-44362 - RESERVED -CVE-2021-44361 - RESERVED -CVE-2021-44360 - RESERVED -CVE-2021-44359 - RESERVED -CVE-2021-44358 - RESERVED +CVE-2021-44365 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44364 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44363 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44362 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44361 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44360 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44359 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check +CVE-2021-44358 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + TODO: check CVE-2021-44357 RESERVED CVE-2021-44356 @@ -5981,8 +5980,7 @@ CVE-2021-44355 RESERVED CVE-2021-44354 RESERVED -CVE-2021-4034 - RESERVED +CVE-2021-4034 (A local privilege escalation vulnerability was found on polkit's pkexe ...) {DSA-5059-1 DLA-2899-1} - policykit-1 0.105-31.1 NOTE: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt @@ -15692,46 +15690,46 @@ CVE-2021-40425 RESERVED CVE-2021-40424 RESERVED -CVE-2021-40423 - RESERVED +CVE-2021-40423 (A denial of service vulnerability exists in the cgiserver.cgi API comm ...) + TODO: check CVE-2021-40422 RESERVED CVE-2021-40421 RESERVED CVE-2021-40420 RESERVED -CVE-2021-40419 - RESERVED +CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary of reol ...) + TODO: check CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...) NOT-FOR-US: DaVinci Resolve CVE-2021-40417 (When parsing a file that is submitted to the DPDecoder service as a jo ...) NOT-FOR-US: DaVinci Resolve -CVE-2021-40416 - RESERVED -CVE-2021-40415 - RESERVED -CVE-2021-40414 - RESERVED -CVE-2021-40413 - RESERVED -CVE-2021-40412 - RESERVED -CVE-2021-40411 - RESERVED -CVE-2021-40410 - RESERVED -CVE-2021-40409 - RESERVED -CVE-2021-40408 - RESERVED -CVE-2021-40407 - RESERVED -CVE-2021-40406 - RESERVED +CVE-2021-40416 (An incorrect default permission vulnerability exists in the cgiserver. ...) + TODO: check +CVE-2021-40415 (An incorrect default permission vulnerability exists in the cgiserver. ...) + TODO: check +CVE-2021-40414 (An incorrect default permission vulnerability exists in the cgiserver. ...) + TODO: check +CVE-2021-40413 (An incorrect default permission vulnerability exists in the cgiserver. ...) + TODO: check +CVE-2021-40412 (An OScommand injection vulnerability exists in the device network sett ...) + TODO: check +CVE-2021-40411 (An OS command injection vulnerability exists in the device network set ...) + TODO: check +CVE-2021-40410 (An OS command injection vulnerability exists in the device network set ...) + TODO: check +CVE-2021-40409 (An OS command injection vulnerability exists in the device network set ...) + TODO: check +CVE-2021-40408 (An OS command injection vulnerability exists in the device network set ...) + TODO: check +CVE-2021-40407 (An OS command injection vulnerability exists in the device network set ...) + TODO: check +CVE-2021-40406 (A denial of service vulnerability exists in the cgiserver.cgi session ...) + TODO: check CVE-2021-40405 RESERVED -CVE-2021-40404 - RESERVED +CVE-2021-40404 (An authentication bypass vulnerability exists in the cgiserver.cgi Log ...) + TODO: check CVE-2021-40403 RESERVED CVE-2021-40402 @@ -15744,10 +15742,10 @@ CVE-2021-40399 RESERVED CVE-2021-40398 RESERVED -CVE-2021-40397 - RESERVED -CVE-2021-40396 - RESERVED +CVE-2021-40397 (A privilege escalation vulnerability exists in the installation of Adv ...) + TODO: check +CVE-2021-40396 (A privilege escalation vulnerability exists in the installation of Adv ...) + TODO: check CVE-2021-40395 REJECTED CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...) @@ -15778,10 +15776,10 @@ CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format NOTE: https://github.com/gerbv/gerbv/issues/30 CVE-2021-40390 RESERVED -CVE-2021-40389 - RESERVED -CVE-2021-40388 - RESERVED +CVE-2021-40389 (A privilege escalation vulnerability exists in the installation of Adv ...) + TODO: check +CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ Manager Se ...) + TODO: check CVE-2021-40387 (An issue was discovered in the server software in Kaseya Unitrends Bac ...) NOT-FOR-US: Kaseya Unitrends Backup Software CVE-2021-40386 @@ -15897,12 +15895,12 @@ CVE-2021-40342 RESERVED CVE-2021-40341 RESERVED -CVE-2021-40340 - RESERVED -CVE-2021-40339 - RESERVED -CVE-2021-40338 - RESERVED +CVE-2021-40340 (Information Exposure vulnerability in Hitachi Energy LinkOne applicati ...) + TODO: check +CVE-2021-40339 (Configuration vulnerability in Hitachi Energy LinkOne application due ...) + TODO: check +CVE-2021-40338 (Hitachi Energy LinkOne product, has a vulnerability due to a web serve ...) + TODO: check CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...) NOT-FOR-US: Hitachi CVE-2021-40336 @@ -46957,8 +46955,8 @@ CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior c NOT-FOR-US: exacqVision Web Service CVE-2021-27655 RESERVED -CVE-2021-27654 - RESERVED +CVE-2021-27654 (Forgotten password reset functionality for local accounts can be used ...) + TODO: check CVE-2021-27653 (Misconfiguration of the Pega Chat Access Group portal in Pega platform ...) NOT-FOR-US: Pega CVE-2021-27652 @@ -55947,8 +55945,8 @@ CVE-2021-23865 RESERVED CVE-2021-23864 RESERVED -CVE-2021-23863 - RESERVED +CVE-2021-23863 (HTML code injection vulnerability in Android Application, Bosch Video ...) + TODO: check CVE-2021-23862 (A crafted configuration packet sent by an authenticated administrative ...) NOT-FOR-US: Bosch CVE-2021-23861 (By executing a special command, an user with administrative rights can ...) @@ -56215,8 +56213,8 @@ CVE-2021-23762 RESERVED CVE-2021-23761 RESERVED -CVE-2021-23760 - RESERVED +CVE-2021-23760 (The package keyget from 0.0.0 are vulnerable to Prototype Pollution vi ...) + TODO: check CVE-2021-23759 RESERVED CVE-2021-23758 (All versions of package ajaxpro.2 are vulnerable to Deserialization of ...) @@ -56624,8 +56622,8 @@ CVE-2021-23560 RESERVED CVE-2021-23559 RESERVED -CVE-2021-23558 - RESERVED +CVE-2021-23558 (The package bmoor before 0.10.1 are vulnerable to Prototype Pollution ...) + TODO: check CVE-2021-23557 RESERVED CVE-2021-23556 @@ -56775,8 +56773,8 @@ CVE-2021-23486 RESERVED CVE-2021-23485 RESERVED -CVE-2021-23484 - RESERVED +CVE-2021-23484 (The package zip-local before 0.3.5 are vulnerable to Arbitrary File Wr ...) + TODO: check CVE-2021-23483 RESERVED CVE-2021-23482 @@ -58302,48 +58300,48 @@ CVE-2021-22829 RESERVED CVE-2021-22828 RESERVED -CVE-2021-22827 - RESERVED -CVE-2021-22826 - RESERVED -CVE-2021-22825 - RESERVED +CVE-2021-22827 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...) + TODO: check +CVE-2021-22826 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...) + TODO: check +CVE-2021-22825 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) + TODO: check CVE-2021-22824 RESERVED CVE-2021-22823 RESERVED -CVE-2021-22822 - RESERVED -CVE-2021-22821 - RESERVED -CVE-2021-22820 - RESERVED -CVE-2021-22819 - RESERVED -CVE-2021-22818 - RESERVED +CVE-2021-22822 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...) + TODO: check +CVE-2021-22821 (A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that ...) + TODO: check +CVE-2021-22820 (A CWE-614 Insufficient Session Expiration vulnerability exists that co ...) + TODO: check +CVE-2021-22819 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...) + TODO: check +CVE-2021-22818 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...) + TODO: check CVE-2021-22817 RESERVED -CVE-2021-22816 - RESERVED -CVE-2021-22815 - RESERVED -CVE-2021-22814 - RESERVED -CVE-2021-22813 - RESERVED -CVE-2021-22812 - RESERVED -CVE-2021-22811 - RESERVED -CVE-2021-22810 - RESERVED -CVE-2021-22809 - RESERVED -CVE-2021-22808 - RESERVED -CVE-2021-22807 - RESERVED +CVE-2021-22816 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) + TODO: check +CVE-2021-22815 (A CWE-200: Information Exposure vulnerability exists which could cause ...) + TODO: check +CVE-2021-22814 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + TODO: check +CVE-2021-22813 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + TODO: check +CVE-2021-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + TODO: check +CVE-2021-22811 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + TODO: check +CVE-2021-22810 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + TODO: check +CVE-2021-22809 (A CWE-125:Out-of-Bounds Read vulnerability exists that could cause uni ...) + TODO: check +CVE-2021-22808 (A CWE-416: Use After Free vulnerability exists that could cause arbitr ...) + TODO: check +CVE-2021-22807 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause a ...) + TODO: check CVE-2021-22806 RESERVED CVE-2021-22805 @@ -58358,8 +58356,8 @@ CVE-2021-22801 RESERVED CVE-2021-22800 RESERVED -CVE-2021-22799 - RESERVED +CVE-2021-22799 (A CWE-331: Insufficient Entropy vulnerability exists that could cause ...) + TODO: check CVE-2021-22798 RESERVED CVE-2021-22797 @@ -58506,10 +58504,10 @@ CVE-2021-22727 (A CWE-331: Insufficient Entropy vulnerability exists in EVlink C NOT-FOR-US: Schneider Electric CVE-2021-22726 (A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in ...) NOT-FOR-US: Schneider Electric -CVE-2021-22725 - RESERVED -CVE-2021-22724 - RESERVED +CVE-2021-22725 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that ...) + TODO: check +CVE-2021-22724 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that ...) + TODO: check CVE-2021-22723 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) NOT-FOR-US: Schneider Electric CVE-2021-22722 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index f12a9b878e..88d0044070 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,25 @@ +CVE-2022-24120 + RESERVED +CVE-2022-24119 + RESERVED +CVE-2022-24118 + RESERVED +CVE-2022-24117 + RESERVED +CVE-2022-24116 + RESERVED +CVE-2022-24115 + RESERVED +CVE-2022-24114 + RESERVED +CVE-2022-24113 + RESERVED +CVE-2022-0409 + RESERVED +CVE-2022-0408 + RESERVED +CVE-2022-0407 + RESERVED CVE-2022-24112 RESERVED CVE-2022-0406 @@ -106,12 +128,12 @@ CVE-2022-24070 RESERVED CVE-2022-0396 RESERVED -CVE-2022-0395 - RESERVED +CVE-2022-0395 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + TODO: check CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat -CVE-2022-0393 - RESERVED +CVE-2022-0393 (Out-of-bounds Read in Conda vim prior to 8.2. ...) + TODO: check CVE-2022-24069 RESERVED CVE-2022-24064 @@ -180,8 +202,8 @@ CVE-2022-21798 RESERVED CVE-2022-21154 RESERVED -CVE-2022-0392 - RESERVED +CVE-2022-0392 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...) + TODO: check CVE-2022-0391 [urllib.parse does not sanitize URLs containing ASCII newline and tabs] RESERVED - python3.9 3.9.7-1 @@ -316,8 +338,8 @@ CVE-2022-23981 RESERVED CVE-2022-23980 RESERVED -CVE-2022-23979 - RESERVED +CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + TODO: check CVE-2022-23978 RESERVED CVE-2022-23977 @@ -579,12 +601,12 @@ CVE-2022-23891 RESERVED CVE-2022-23890 RESERVED -CVE-2022-23889 - RESERVED -CVE-2022-23888 - RESERVED -CVE-2022-23887 - RESERVED +CVE-2022-23889 (The comment function in YzmCMS v6.3 was discovered as being able to be ...) + TODO: check +CVE-2022-23888 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSR ...) + TODO: check +CVE-2022-23887 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CS ...) + TODO: check CVE-2022-23886 RESERVED CVE-2022-23885 @@ -629,8 +651,8 @@ CVE-2022-23866 RESERVED CVE-2022-23865 RESERVED -CVE-2022-0352 - RESERVED +CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6 ...) + TODO: check CVE-2022-0351 (Access of Memory Location Before Start of Buffer in Conda vim prior to ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) @@ -1018,8 +1040,8 @@ CVE-2022-23729 RESERVED CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...) NOT-FOR-US: LG -CVE-2022-23727 - RESERVED +CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS TVs. Due t ...) + TODO: check CVE-2022-23726 RESERVED CVE-2022-23725 @@ -1274,10 +1296,10 @@ CVE-2022-23601 RESERVED CVE-2022-23600 RESERVED -CVE-2022-23599 - RESERVED -CVE-2022-23598 - RESERVED +CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone 2.1 - 4.3 ...) + TODO: check +CVE-2022-23598 (laminas-form is a package for validating and displaying simple and com ...) + TODO: check CVE-2022-23597 RESERVED CVE-2022-23596 @@ -1568,8 +1590,8 @@ CVE-2022-0312 RESERVED CVE-2022-0299 RESERVED -CVE-2022-23456 - RESERVED +CVE-2022-23456 (Potential arbitrary file deletion vulnerability has been identified in ...) + TODO: check CVE-2022-23455 RESERVED CVE-2022-23454 @@ -2020,10 +2042,10 @@ CVE-2022-23313 RESERVED CVE-2022-22137 RESERVED -CVE-2022-21801 - RESERVED -CVE-2022-21796 - RESERVED +CVE-2022-21801 (A denial of service vulnerability exists in the netserver recv_command ...) + TODO: check +CVE-2022-21796 (A memory corruption vulnerability exists in the netserver parse_comman ...) + TODO: check CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...) NOT-FOR-US: Orchard CMS CVE-2022-0273 @@ -2467,8 +2489,8 @@ CVE-2022-23180 RESERVED CVE-2022-23179 RESERVED -CVE-2022-21199 - RESERVED +CVE-2022-21199 (An information disclosure vulnerability exists due to the hardcoded TL ...) + TODO: check CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket interface] RESERVED {DSA-5047-1} @@ -2677,12 +2699,12 @@ CVE-2022-23105 (Jenkins Active Directory Plugin 2.25 and earlier does not encryp NOT-FOR-US: Jenkins plugin CVE-2022-23102 RESERVED -CVE-2022-21236 - RESERVED -CVE-2022-21217 - RESERVED -CVE-2022-21134 - RESERVED +CVE-2022-21236 (An information disclosure vulnerability exists due to a web server mis ...) + TODO: check +CVE-2022-21217 (An out-of-bounds write vulnerability exists in the device TestEmail fu ...) + TODO: check +CVE-2022-21134 (A firmware update vulnerability exists in the &quot;update&quo ...) + TODO: check CVE-2022-0194 RESERVED CVE-2022-0193 @@ -2947,12 +2969,12 @@ CVE-2022-22996 RESERVED CVE-2022-22995 RESERVED -CVE-2022-22994 - RESERVED -CVE-2022-22993 - RESERVED -CVE-2022-22992 - RESERVED +CVE-2022-22994 (A remote code execution vulnerability was discovered on Western Digita ...) + TODO: check +CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital My Clou ...) + TODO: check +CVE-2022-22992 (A command injection remote code execution vulnerability was discovered ...) + TODO: check CVE-2022-22991 (A malicious user on the same LAN could use DNS spoofing followed by a ...) NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware CVE-2022-22990 (A limited authentication bypass vulnerability was discovered that coul ...) @@ -3073,8 +3095,8 @@ CVE-2022-22940 RESERVED CVE-2022-22939 RESERVED -CVE-2022-22938 - RESERVED +CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windo ...) + TODO: check CVE-2022-22937 RESERVED CVE-2022-22936 @@ -3486,10 +3508,10 @@ CVE-2022-22793 RESERVED CVE-2022-22792 RESERVED -CVE-2022-22791 - RESERVED -CVE-2022-22790 - RESERVED +CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code ...) + TODO: check +CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is an atta ...) + TODO: check CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover – An attacker ...) NOT-FOR-US: Charactell - FormStorm Enterprise CVE-2022-22788 @@ -6143,8 +6165,8 @@ CVE-2022-21723 (PJSIP is a free and open source multimedia communication library TODO: check CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...) TODO: check -CVE-2022-21721 - RESERVED +CVE-2022-21721 (Next.js is a React framework. Starting with version 12.0.0 and prior t ...) + TODO: check CVE-2022-21720 (GLPI is a free asset and IT management software package. Prior to vers ...) - glpi <removed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone |