diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2022-05-18 20:10:28 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2022-05-18 20:10:28 +0000 |
| commit | 3035f3139cbd57e0a7e1bd278807638d292886f9 (patch) | |
| tree | 084e217a56ca237ab5d75e39b11b96a40be96f93 | |
| parent | 7be16e1359d90daf662458cb253f8bccf15792a2 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/list | 732 |
1 files changed, 608 insertions, 124 deletions
diff --git a/data/CVE/list b/data/CVE/list index 919f171e48..61d296101e 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,487 @@ +CVE-2022-31198 + RESERVED +CVE-2022-31197 + RESERVED +CVE-2022-31196 + RESERVED +CVE-2022-31195 + RESERVED +CVE-2022-31194 + RESERVED +CVE-2022-31193 + RESERVED +CVE-2022-31192 + RESERVED +CVE-2022-31191 + RESERVED +CVE-2022-31190 + RESERVED +CVE-2022-31189 + RESERVED +CVE-2022-31188 + RESERVED +CVE-2022-31187 + RESERVED +CVE-2022-31186 + RESERVED +CVE-2022-31185 + RESERVED +CVE-2022-31184 + RESERVED +CVE-2022-31183 + RESERVED +CVE-2022-31182 + RESERVED +CVE-2022-31181 + RESERVED +CVE-2022-31180 + RESERVED +CVE-2022-31179 + RESERVED +CVE-2022-31178 + RESERVED +CVE-2022-31177 + RESERVED +CVE-2022-31176 + RESERVED +CVE-2022-31175 + RESERVED +CVE-2022-31174 + RESERVED +CVE-2022-31173 + RESERVED +CVE-2022-31172 + RESERVED +CVE-2022-31171 + RESERVED +CVE-2022-31170 + RESERVED +CVE-2022-31169 + RESERVED +CVE-2022-31168 + RESERVED +CVE-2022-31167 + RESERVED +CVE-2022-31166 + RESERVED +CVE-2022-31165 + RESERVED +CVE-2022-31164 + RESERVED +CVE-2022-31163 + RESERVED +CVE-2022-31162 + RESERVED +CVE-2022-31161 + RESERVED +CVE-2022-31160 + RESERVED +CVE-2022-31159 + RESERVED +CVE-2022-31158 + RESERVED +CVE-2022-31157 + RESERVED +CVE-2022-31156 + RESERVED +CVE-2022-31155 + RESERVED +CVE-2022-31154 + RESERVED +CVE-2022-31153 + RESERVED +CVE-2022-31152 + RESERVED +CVE-2022-31151 + RESERVED +CVE-2022-31150 + RESERVED +CVE-2022-31149 + RESERVED +CVE-2022-31148 + RESERVED +CVE-2022-31147 + RESERVED +CVE-2022-31146 + RESERVED +CVE-2022-31145 + RESERVED +CVE-2022-31144 + RESERVED +CVE-2022-31143 + RESERVED +CVE-2022-31142 + RESERVED +CVE-2022-31141 + RESERVED +CVE-2022-31140 + RESERVED +CVE-2022-31139 + RESERVED +CVE-2022-31138 + RESERVED +CVE-2022-31137 + RESERVED +CVE-2022-31136 + RESERVED +CVE-2022-31135 + RESERVED +CVE-2022-31134 + RESERVED +CVE-2022-31133 + RESERVED +CVE-2022-31132 + RESERVED +CVE-2022-31131 + RESERVED +CVE-2022-31130 + RESERVED +CVE-2022-31129 + RESERVED +CVE-2022-31128 + RESERVED +CVE-2022-31127 + RESERVED +CVE-2022-31126 + RESERVED +CVE-2022-31125 + RESERVED +CVE-2022-31124 + RESERVED +CVE-2022-31123 + RESERVED +CVE-2022-31122 + RESERVED +CVE-2022-31121 + RESERVED +CVE-2022-31120 + RESERVED +CVE-2022-31119 + RESERVED +CVE-2022-31118 + RESERVED +CVE-2022-31117 + RESERVED +CVE-2022-31116 + RESERVED +CVE-2022-31115 + RESERVED +CVE-2022-31114 + RESERVED +CVE-2022-31113 + RESERVED +CVE-2022-31112 + RESERVED +CVE-2022-31111 + RESERVED +CVE-2022-31110 + RESERVED +CVE-2022-31109 + RESERVED +CVE-2022-31108 + RESERVED +CVE-2022-31107 + RESERVED +CVE-2022-31106 + RESERVED +CVE-2022-31105 + RESERVED +CVE-2022-31104 + RESERVED +CVE-2022-31103 + RESERVED +CVE-2022-31102 + RESERVED +CVE-2022-31101 + RESERVED +CVE-2022-31100 + RESERVED +CVE-2022-31099 + RESERVED +CVE-2022-31098 + RESERVED +CVE-2022-31097 + RESERVED +CVE-2022-31096 + RESERVED +CVE-2022-31095 + RESERVED +CVE-2022-31094 + RESERVED +CVE-2022-31093 + RESERVED +CVE-2022-31092 + RESERVED +CVE-2022-31091 + RESERVED +CVE-2022-31090 + RESERVED +CVE-2022-31089 + RESERVED +CVE-2022-31088 + RESERVED +CVE-2022-31087 + RESERVED +CVE-2022-31086 + RESERVED +CVE-2022-31085 + RESERVED +CVE-2022-31084 + RESERVED +CVE-2022-31083 + RESERVED +CVE-2022-31082 + RESERVED +CVE-2022-31081 + RESERVED +CVE-2022-31080 + RESERVED +CVE-2022-31079 + RESERVED +CVE-2022-31078 + RESERVED +CVE-2022-31077 + RESERVED +CVE-2022-31076 + RESERVED +CVE-2022-31075 + RESERVED +CVE-2022-31074 + RESERVED +CVE-2022-31073 + RESERVED +CVE-2022-31072 + RESERVED +CVE-2022-31071 + RESERVED +CVE-2022-31070 + RESERVED +CVE-2022-31069 + RESERVED +CVE-2022-31068 + RESERVED +CVE-2022-31067 + RESERVED +CVE-2022-31066 + RESERVED +CVE-2022-31065 + RESERVED +CVE-2022-31064 + RESERVED +CVE-2022-31063 + RESERVED +CVE-2022-31062 + RESERVED +CVE-2022-31061 + RESERVED +CVE-2022-31060 + RESERVED +CVE-2022-31059 + RESERVED +CVE-2022-31058 + RESERVED +CVE-2022-31057 + RESERVED +CVE-2022-31056 + RESERVED +CVE-2022-31055 + RESERVED +CVE-2022-31054 + RESERVED +CVE-2022-31053 + RESERVED +CVE-2022-31052 + RESERVED +CVE-2022-31051 + RESERVED +CVE-2022-31050 + RESERVED +CVE-2022-31049 + RESERVED +CVE-2022-31048 + RESERVED +CVE-2022-31047 + RESERVED +CVE-2022-31046 + RESERVED +CVE-2022-31045 + RESERVED +CVE-2022-31044 + RESERVED +CVE-2022-31043 + RESERVED +CVE-2022-31042 + RESERVED +CVE-2022-31041 + RESERVED +CVE-2022-31040 + RESERVED +CVE-2022-31039 + RESERVED +CVE-2022-31038 + RESERVED +CVE-2022-31037 + RESERVED +CVE-2022-31036 + RESERVED +CVE-2022-31035 + RESERVED +CVE-2022-31034 + RESERVED +CVE-2022-31033 + RESERVED +CVE-2022-31032 + RESERVED +CVE-2022-31031 + RESERVED +CVE-2022-31030 + RESERVED +CVE-2022-31029 + RESERVED +CVE-2022-31028 + RESERVED +CVE-2022-31027 + RESERVED +CVE-2022-31026 + RESERVED +CVE-2022-31025 + RESERVED +CVE-2022-31024 + RESERVED +CVE-2022-31023 + RESERVED +CVE-2022-31022 + RESERVED +CVE-2022-31021 + RESERVED +CVE-2022-31020 + RESERVED +CVE-2022-31019 + RESERVED +CVE-2022-31018 + RESERVED +CVE-2022-31017 + RESERVED +CVE-2022-31016 + RESERVED +CVE-2022-31015 + RESERVED +CVE-2022-31014 + RESERVED +CVE-2022-31013 + RESERVED +CVE-2022-31012 + RESERVED +CVE-2022-31011 + RESERVED +CVE-2022-31010 + RESERVED +CVE-2022-31009 + RESERVED +CVE-2022-31008 + RESERVED +CVE-2022-31007 + RESERVED +CVE-2022-31006 + RESERVED +CVE-2022-31005 + RESERVED +CVE-2022-31004 + RESERVED +CVE-2022-31003 + RESERVED +CVE-2022-31002 + RESERVED +CVE-2022-31001 + RESERVED +CVE-2022-31000 + RESERVED +CVE-2022-30999 + RESERVED +CVE-2022-30996 + RESERVED +CVE-2022-30995 + RESERVED +CVE-2022-30994 + RESERVED +CVE-2022-30993 + RESERVED +CVE-2022-30992 + RESERVED +CVE-2022-30991 + RESERVED +CVE-2022-30990 + RESERVED +CVE-2022-30989 + RESERVED +CVE-2022-30988 + RESERVED +CVE-2022-30987 + RESERVED +CVE-2022-30986 + RESERVED +CVE-2022-30985 + RESERVED +CVE-2022-30984 + RESERVED +CVE-2022-30983 + RESERVED +CVE-2022-30982 + RESERVED +CVE-2022-30981 + RESERVED +CVE-2022-30980 + RESERVED +CVE-2022-30979 + RESERVED +CVE-2022-30978 + RESERVED +CVE-2022-30977 + RESERVED +CVE-2022-29496 + RESERVED +CVE-2022-1796 + RESERVED +CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. ...) + TODO: check +CVE-2022-1794 + RESERVED +CVE-2022-1793 + RESERVED +CVE-2022-1792 + RESERVED +CVE-2022-1791 + RESERVED +CVE-2022-1790 + RESERVED +CVE-2022-1789 + RESERVED +CVE-2022-1788 + RESERVED +CVE-2022-1787 + RESERVED +CVE-2022-1786 + RESERVED +CVE-2022-1785 + RESERVED +CVE-2022-1784 + RESERVED +CVE-2022-1783 + RESERVED +CVE-2022-1782 (Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para ...) + TODO: check +CVE-2022-1781 + RESERVED +CVE-2022-1780 + RESERVED +CVE-2022-1779 + RESERVED +CVE-2022-1778 + RESERVED +CVE-2022-1777 + RESERVED +CVE-2022-1776 + RESERVED CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...) - gpac <unfixed> NOTE: https://github.com/gpac/gpac/issues/2179 @@ -24,15 +508,15 @@ CVE-2022-30973 RESERVED CVE-2022-1770 RESERVED -CVE-2022-1769 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...) +CVE-2022-1769 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. ...) - vim <unfixed> (unimportant) NOTE: https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c NOTE: https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4 (v8.2.4974) NOTE: Crash in CLI tool, no security impact CVE-2022-1768 RESERVED -CVE-2022-1767 - RESERVED +CVE-2022-1767 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) + TODO: check CVE-2022-1766 RESERVED CVE-2022-1765 @@ -279,17 +763,16 @@ CVE-2022-1736 NOTE: default (https://wiki.ubuntu.com/Security/Features#ports) and the fact that the user NOTE: service was enabled by default (and not automatically enabled anymore since 42.1.1-2) TODO: check, if we want to threat this as unimportant severity issue -CVE-2022-1735 (Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) +CVE-2022-1735 (Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969 ...) - vim <unfixed> (unimportant) NOTE: https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9 NOTE: https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97 (v8.2.4969) NOTE: Crash in CLI tool, no security impact -CVE-2022-1734 - RESERVED +CVE-2022-1734 (A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in driver ...) - linux <unfixed> (unimportant) NOTE: https://git.kernel.org/linus/d270453a0d9ec10bb8a802a142fb1b3601a83098 (5.18-rc6) NOTE: Support for Marvell NFC devices (CONFIG_NFC_MRVL) not enabled -CVE-2022-1733 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) +CVE-2022-1733 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ...) - vim <unfixed> (unimportant) NOTE: https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a NOTE: https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813 (v8.2.4968) @@ -304,8 +787,8 @@ CVE-2022-1729 RESERVED CVE-2022-1728 (Allowing long password leads to denial of service in polonel/trudesk i ...) NOT-FOR-US: Trudesk -CVE-2022-1727 - RESERVED +CVE-2022-1727 (Improper Input Validation in GitHub repository jgraph/drawio prior to ...) + TODO: check CVE-2022-1726 (Bootstrap Tables XSS vulnerability with Table Export plug-in when expo ...) TODO: check CVE-2022-1725 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.495 ...) @@ -1014,16 +1497,16 @@ CVE-2022-XXXX [RUSTSEC-2022-0019] CVE-2022-XXXX [RUSTSEC-2022-0020] - rust-crossbeam <unfixed> NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0020.html -CVE-2022-30600 - RESERVED -CVE-2022-30599 - RESERVED -CVE-2022-30598 - RESERVED -CVE-2022-30597 - RESERVED -CVE-2022-30596 - RESERVED +CVE-2022-30600 (A flaw was found in moodle where logic used to count failed login atte ...) + TODO: check +CVE-2022-30599 (A flaw was found in moodle where an SQL injection risk was identified ...) + TODO: check +CVE-2022-30598 (A flaw was found in moodle where global search results could include a ...) + TODO: check +CVE-2022-30597 (A flaw was found in moodle where the description user field was not hi ...) + TODO: check +CVE-2022-30596 (A flaw was found in moodle where ID numbers displayed when bulk alloca ...) + TODO: check CVE-2022-30595 RESERVED CVE-2022-30593 @@ -2449,8 +2932,8 @@ CVE-2022-30113 RESERVED CVE-2022-30112 RESERVED -CVE-2022-30111 - RESERVED +CVE-2022-30111 (Due to the use of an insecure algorithm for rolling codes in MCK Smart ...) + TODO: check CVE-2022-30110 (The file preview functionality in Jirafeau < 4.4.0, which is enable ...) TODO: check CVE-2022-30109 @@ -2461,8 +2944,8 @@ CVE-2022-30107 RESERVED CVE-2022-30106 RESERVED -CVE-2022-30105 - RESERVED +CVE-2022-30105 (In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden ...) + TODO: check CVE-2022-30104 RESERVED CVE-2022-30103 @@ -2544,8 +3027,8 @@ CVE-2022-30067 (GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Thro NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/8cd6d05232795ac31076013db1c6be3dc67e8e09 (gimp-2-10) CVE-2022-30066 RESERVED -CVE-2022-30065 - RESERVED +CVE-2022-30065 (A use-after-free in Busybox 1.35-x's awk applet leads to denial of ser ...) + TODO: check CVE-2022-30064 RESERVED CVE-2022-30063 (ftcms <=2.1 was discovered to be vulnerable to code execution attac ...) @@ -2802,7 +3285,7 @@ CVE-2022-29952 RESERVED CVE-2022-29951 RESERVED -CVE-2022-29950 (Experian Hunter 1.16 allows remote authenticated users to modify assum ...) +CVE-2022-29950 (** DISPUTED ** Experian Hunter 1.16 allows remote authenticated users ...) NOT-FOR-US: Experian Hunter CVE-2022-29949 RESERVED @@ -3030,8 +3513,8 @@ CVE-2022-29873 (A vulnerability has been identified in SICAM P850 (All versions NOT-FOR-US: Siemens CVE-2022-29872 (A vulnerability has been identified in SICAM P850 (All versions < V ...) NOT-FOR-US: Siemens -CVE-2022-29518 - RESERVED +CVE-2022-29518 (Screen Creator Advance2, HMI GC-A2 series, and Real time remote monito ...) + TODO: check CVE-2022-29513 RESERVED CVE-2022-29484 @@ -3194,8 +3677,8 @@ CVE-2022-29824 (In libxml2 before 2.9.14, several buffer handling functions in b - libxml2 2.9.14+dfsg-1 (bug #1010526) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master) -CVE-2022-29516 - RESERVED +CVE-2022-29516 (The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 35 ...) + TODO: check CVE-2022-29823 RESERVED CVE-2022-29822 @@ -3797,24 +4280,24 @@ CVE-2022-29648 RESERVED CVE-2022-29647 RESERVED -CVE-2022-29646 - RESERVED -CVE-2022-29645 - RESERVED -CVE-2022-29644 - RESERVED -CVE-2022-29643 - RESERVED -CVE-2022-29642 - RESERVED -CVE-2022-29641 - RESERVED -CVE-2022-29640 - RESERVED -CVE-2022-29639 - RESERVED -CVE-2022-29638 - RESERVED +CVE-2022-29646 (An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and ...) + TODO: check +CVE-2022-29645 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + TODO: check +CVE-2022-29644 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + TODO: check +CVE-2022-29643 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + TODO: check +CVE-2022-29642 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + TODO: check +CVE-2022-29641 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + TODO: check +CVE-2022-29640 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + TODO: check +CVE-2022-29639 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + TODO: check +CVE-2022-29638 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + TODO: check CVE-2022-29637 RESERVED CVE-2022-29636 @@ -3999,12 +4482,12 @@ CVE-2022-1434 (The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorre NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d56a74a96828985db7354a55227a511615f732b (openssl-3.0.3) CVE-2022-1433 (An issue has been discovered in GitLab affecting all versions starting ...) TODO: check -CVE-2022-1432 - RESERVED +CVE-2022-1432 (Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/oc ...) + TODO: check CVE-2022-1431 (An issue has been discovered in GitLab affecting all versions starting ...) TODO: check -CVE-2022-1430 - RESERVED +CVE-2022-1430 (Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octopr ...) + TODO: check CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository pimcore/pi ...) NOT-FOR-US: pimcore CVE-2022-1428 (An issue has been discovered in GitLab affecting all versions before 1 ...) @@ -4417,8 +4900,8 @@ CVE-2022-29447 RESERVED CVE-2022-29446 RESERVED -CVE-2022-29445 - RESERVED +CVE-2022-29445 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...) + TODO: check CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: WordPress plugin CVE-2022-29443 @@ -4497,10 +4980,10 @@ CVE-2022-29407 RESERVED CVE-2022-29406 RESERVED -CVE-2022-28717 - RESERVED -CVE-2022-27632 - RESERVED +CVE-2022-28717 (Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C ...) + TODO: check +CVE-2022-27632 (Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT ...) + TODO: check CVE-2022-1387 RESERVED CVE-2022-1386 (The Fusion Builder WordPress plugin before 3.6.2, used in the Avada th ...) @@ -5736,14 +6219,14 @@ CVE-2022-28960 RESERVED CVE-2022-28959 RESERVED -CVE-2022-28958 - RESERVED +CVE-2022-28958 (D-Link DIR816L_FW206b01 was discovered to contain a remote code execut ...) + TODO: check CVE-2022-28957 RESERVED -CVE-2022-28956 - RESERVED -CVE-2022-28955 - RESERVED +CVE-2022-28956 (An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows ...) + TODO: check +CVE-2022-28955 (An access control issue in D-Link DIR816L_FW206b01 allows unauthentica ...) + TODO: check CVE-2022-28954 RESERVED CVE-2022-28953 @@ -5804,14 +6287,14 @@ CVE-2022-28926 RESERVED CVE-2022-28925 RESERVED -CVE-2022-28924 - RESERVED +CVE-2022-28924 (An information disclosure vulnerability in UniverSIS-Students before v ...) + TODO: check CVE-2022-28923 RESERVED CVE-2022-28922 RESERVED -CVE-2022-28921 - RESERVED +CVE-2022-28921 (A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEn ...) + TODO: check CVE-2022-28920 (Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting ...) NOT-FOR-US: Baidu Tieba CVE-2022-28919 (HTMLCreator release_stable_2020-07-29 was discovered to contain a cros ...) @@ -5820,8 +6303,8 @@ CVE-2022-28919 (HTMLCreator release_stable_2020-07-29 was discovered to contain NOTE: https://github.com/splitbrain/dokuwiki/commit/d3233986baa7dfe44490b805ae2e4296fad59401 CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletio ...) NOT-FOR-US: GreenCMS -CVE-2022-28917 - RESERVED +CVE-2022-28917 (Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow ...) + TODO: check CVE-2022-28916 RESERVED CVE-2022-28915 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injec ...) @@ -8693,8 +9176,8 @@ CVE-2022-27949 RESERVED CVE-2022-27948 (** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow attacke ...) NOT-FOR-US: Tesla -CVE-2022-1110 - RESERVED +CVE-2022-1110 (A buffer overflow vulnerability in Lenovo Smart Standby Driver prior t ...) + TODO: check CVE-2022-1109 RESERVED CVE-2022-1108 (A potential vulnerability due to improper buffer validation in the SMI ...) @@ -12244,8 +12727,8 @@ CVE-2022-0885 RESERVED CVE-2022-0884 (The Profile Builder WordPress plugin before 3.6.8 does not sanitise an ...) NOT-FOR-US: WordPress plugin -CVE-2022-0883 - RESERVED +CVE-2022-0883 (SLM has an issue with Windows Unquoted/Trusted Service Paths Security ...) + TODO: check CVE-2022-0882 (A bug exists where an attacker can read the kernel log through exposed ...) NOT-FOR-US: Google fuchsia CVE-2022-0881 (Insecure Storage of Sensitive Information in GitHub repository chocobo ...) @@ -15106,8 +15589,8 @@ CVE-2022-25619 (Improper Neutralization of Special Elements used in a Command (' NOT-FOR-US: Profelis IT Consultancy SambaBox CVE-2022-25618 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin -CVE-2022-25617 - RESERVED +CVE-2022-25617 (Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets pl ...) + TODO: check CVE-2022-25616 RESERVED CVE-2022-25615 (Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom ...) @@ -16439,10 +16922,10 @@ CVE-2022-25164 RESERVED CVE-2022-25163 RESERVED -CVE-2022-25162 - RESERVED -CVE-2022-25161 - RESERVED +CVE-2022-25162 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC ...) + TODO: check +CVE-2022-25161 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC ...) + TODO: check CVE-2022-25160 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...) NOT-FOR-US: Mitsubishi CVE-2022-25159 (Authentication Bypass by Capture-replay vulnerability in Mitsubishi El ...) @@ -23782,10 +24265,10 @@ CVE-2022-23070 RESERVED CVE-2022-23069 RESERVED -CVE-2022-23068 - RESERVED -CVE-2022-23067 - RESERVED +CVE-2022-23068 (ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection wh ...) + TODO: check +CVE-2022-23067 (ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via ...) + TODO: check CVE-2022-23066 (In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Ca ...) NOT-FOR-US: Solana rBPF CVE-2022-23065 (In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS ...) @@ -24836,14 +25319,14 @@ CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover – An at NOT-FOR-US: Charactell - FormStorm Enterprise CVE-2022-22788 RESERVED -CVE-2022-22787 - RESERVED -CVE-2022-22786 - RESERVED -CVE-2022-22785 - RESERVED -CVE-2022-22784 - RESERVED +CVE-2022-22787 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...) + TODO: check +CVE-2022-22786 (The Zoom Client for Meetings for Windows before version 5.10.0 and Zoo ...) + TODO: check +CVE-2022-22785 (The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Wind ...) + TODO: check +CVE-2022-22784 (The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Wind ...) + TODO: check CVE-2022-22783 (A vulnerability in Zoom On-Premise Meeting Connector Controller versio ...) NOT-FOR-US: Zoom CVE-2022-22782 (The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom ...) @@ -24854,12 +25337,12 @@ CVE-2022-22780 (The Zoom Client for Meetings chat functionality was susceptible NOT-FOR-US: Zoom CVE-2022-22779 (The Keybase Clients for macOS and Windows before version 5.9.0 fails t ...) NOT-FOR-US: Keybase on MacOS & Windows -CVE-2022-22778 - RESERVED -CVE-2022-22777 - RESERVED -CVE-2022-22776 - RESERVED +CVE-2022-22778 (The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnec ...) + TODO: check +CVE-2022-22777 (The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnec ...) + TODO: check +CVE-2022-22776 (The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnec ...) + TODO: check CVE-2022-22775 (The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Ente ...) TODO: check CVE-2022-22774 (The DOM XML parser and SAX XML parser components of TIBCO Software Inc ...) @@ -33909,8 +34392,8 @@ CVE-2021-3971 (A potential vulnerability by a driver used during older manufactu NOT-FOR-US: Lenovo CVE-2021-3970 (A potential vulnerability in LenovoVariable SMI Handler due to insuffi ...) NOT-FOR-US: Lenovo -CVE-2021-3969 - RESERVED +CVE-2021-3969 (A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMC ...) + TODO: check CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim 2:8.2.3995-1 (bug #1001900) [bullseye] - vim <no-dsa> (Minor issue) @@ -36011,8 +36494,8 @@ CVE-2021-43584 RESERVED CVE-2021-43583 RESERVED -CVE-2021-3956 - RESERVED +CVE-2021-3956 (A read-only authentication bypass vulnerability was reported in the Th ...) + TODO: check CVE-2021-3955 RESERVED CVE-2021-3954 @@ -37024,8 +37507,8 @@ CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of Man - mantis <removed> CVE-2021-3923 RESERVED -CVE-2021-3922 - RESERVED +CVE-2021-3922 (A race condition vulnerability was reported in IMController, a softwar ...) + TODO: check CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...) - linux 5.14.16-1 [bullseye] - linux 5.10.84-1 @@ -39040,16 +39523,16 @@ CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) .. NOT-FOR-US: firefly-iii CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: firefly-iii -CVE-2021-42852 - RESERVED -CVE-2021-42851 - RESERVED -CVE-2021-42850 - RESERVED -CVE-2021-42849 - RESERVED -CVE-2021-42848 - RESERVED +CVE-2021-42852 (A command injection vulnerability was reported in some Lenovo Personal ...) + TODO: check +CVE-2021-42851 (A vulnerability was reported in some Lenovo Personal Cloud Storage dev ...) + TODO: check +CVE-2021-42850 (A weak default administrator password for the web interface and serial ...) + TODO: check +CVE-2021-42849 (A weak default password for the serial port was reported in some Lenov ...) + TODO: check +CVE-2021-42848 (An information disclosure vulnerability was reported in some Lenovo Pe ...) + TODO: check CVE-2021-3899 RESERVED CVE-2021-3898 (Versions of Motorola Ready For and Motorola Device Help Android applic ...) @@ -39456,16 +39939,16 @@ CVE-2021-42706 (This vulnerability could allow an attacker to disclose informati NOT-FOR-US: Advantech CVE-2021-42705 (PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buf ...) NOT-FOR-US: PLC Editor -CVE-2021-42704 - RESERVED +CVE-2021-42704 (Inkscape version 0.19 is vulnerable to an out-of-bounds write, which m ...) + TODO: check CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...) NOT-FOR-US: Advantech -CVE-2021-42702 - RESERVED +CVE-2021-42702 (Inkscape version 0.19 can access an uninitialized pointer, which may a ...) + TODO: check CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...) NOT-FOR-US: AzeoTech -CVE-2021-42700 - RESERVED +CVE-2021-42700 (Inkscape 0.19 is vulnerable to an out-of-bounds read, which may allow ...) + TODO: check CVE-2021-42699 (The affected product is vulnerable to cookie information being transmi ...) NOT-FOR-US: AzeoTech CVE-2021-42698 (Project files are stored memory objects in the form of binary serializ ...) @@ -42551,8 +43034,8 @@ CVE-2021-41948 (A cross-site scripting (XSS) vulnerability exists in the "contac NOT-FOR-US: Subrion CMS plugin CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visu ...) NOT-FOR-US: Subrion CMS -CVE-2021-41946 - RESERVED +CVE-2021-41946 (In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting ...) + TODO: check CVE-2021-41945 (Encode OSS httpx <=1.0.0.beta0 is affected by improper input valida ...) - httpx <unfixed> (bug #1010336) NOTE: https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571 @@ -78979,8 +79462,8 @@ CVE-2021-27550 (Polaris Office v9.102.66 is affected by a divide-by-zero error i NOT-FOR-US: Polaris Office CVE-2021-27549 (** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipb ...) NOT-FOR-US: Genymotion Desktop -CVE-2021-27548 - RESERVED +CVE-2021-27548 (There is a Null Pointer Dereference vulnerability in the XFAScanner::s ...) + TODO: check CVE-2021-27547 RESERVED CVE-2021-27546 @@ -157528,6 +158011,7 @@ CVE-2020-8661 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory CVE-2020-8660 (CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could ha ...) - envoyproxy <itp> (bug #987544) CVE-2020-8659 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...) + {DLA-3014-1} - envoyproxy <itp> (bug #987544) CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp- ...) NOT-FOR-US: BestWebSoft Htaccess plugin for WordPress |