diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-05-19 20:10:31 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-05-19 20:10:31 +0000 |
commit | 5c3fc6d859c188b1d9a86d04296bcccaaf52bf44 (patch) | |
tree | ac178eff1fafbc8cc950aa5b75c0bb7b9803a97c | |
parent | 67e123af3032536d3eda22c2125fc8772d14f41d (diff) |
automatic update
-rw-r--r-- | data/CVE/list | 166 |
1 files changed, 111 insertions, 55 deletions
diff --git a/data/CVE/list b/data/CVE/list index 92bd2ee4cd..4fa832da5e 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,59 @@ +CVE-2022-31239 + RESERVED +CVE-2022-31238 + RESERVED +CVE-2022-31237 + RESERVED +CVE-2022-31236 + RESERVED +CVE-2022-31235 + RESERVED +CVE-2022-31234 + RESERVED +CVE-2022-31233 + RESERVED +CVE-2022-31232 + RESERVED +CVE-2022-31231 + RESERVED +CVE-2022-31230 + RESERVED +CVE-2022-31229 + RESERVED +CVE-2022-31228 + RESERVED +CVE-2022-31227 + RESERVED +CVE-2022-31226 + RESERVED +CVE-2022-31225 + RESERVED +CVE-2022-31224 + RESERVED +CVE-2022-31223 + RESERVED +CVE-2022-31222 + RESERVED +CVE-2022-31221 + RESERVED +CVE-2022-31220 + RESERVED +CVE-2022-31219 + RESERVED +CVE-2022-31218 + RESERVED +CVE-2022-31217 + RESERVED +CVE-2022-31216 + RESERVED +CVE-2022-1801 + RESERVED +CVE-2022-1800 + RESERVED +CVE-2022-1799 + RESERVED +CVE-2022-1798 + RESERVED CVE-2022-31215 RESERVED CVE-2022-31214 @@ -476,8 +532,8 @@ CVE-2022-30977 RESERVED CVE-2022-29496 RESERVED -CVE-2022-1796 - RESERVED +CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) + TODO: check CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. ...) - gpac <unfixed> NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc @@ -500,8 +556,8 @@ CVE-2022-1787 RESERVED CVE-2022-1786 RESERVED -CVE-2022-1785 - RESERVED +CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...) + TODO: check CVE-2022-1784 RESERVED CVE-2022-1783 @@ -822,8 +878,8 @@ CVE-2022-1732 RESERVED CVE-2022-1731 (Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to ...) NOT-FOR-US: Metasonic Doc WebClient -CVE-2022-1730 - RESERVED +CVE-2022-1730 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...) + TODO: check CVE-2022-1729 RESERVED CVE-2022-1728 (Allowing long password leads to denial of service in polonel/trudesk i ...) @@ -1432,10 +1488,10 @@ CVE-2022-30620 RESERVED CVE-2022-30619 RESERVED -CVE-2022-30618 - RESERVED -CVE-2022-30617 - RESERVED +CVE-2022-30618 (An authenticated user with access to the Strapi admin panel can view p ...) + TODO: check +CVE-2022-30617 (An authenticated user with access to the Strapi admin panel can view p ...) + TODO: check CVE-2022-29525 RESERVED CVE-2022-28704 @@ -3163,8 +3219,8 @@ CVE-2022-30020 RESERVED CVE-2022-30019 RESERVED -CVE-2022-30018 - RESERVED +CVE-2022-30018 (Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Prote ...) + TODO: check CVE-2022-30017 RESERVED CVE-2022-30016 @@ -4594,8 +4650,8 @@ CVE-2022-1425 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a co NOT-FOR-US: WordPress plugin CVE-2022-1424 RESERVED -CVE-2022-1423 - RESERVED +CVE-2022-1423 (Improper access control in the CI/CD cache mechanism in GitLab CE/EE a ...) + TODO: check CVE-2022-1422 RESERVED CVE-2022-1421 @@ -4706,14 +4762,14 @@ CVE-2022-29526 NOTE: Introduced by: https://github.com/golang/go/commit/60f78765022a59725121d3b800268adffe78bde3 (go1.15rc1) CVE-2022-1417 (Improper access control in GitLab CE/EE affecting all versions startin ...) TODO: check -CVE-2022-1416 - RESERVED +CVE-2022-1416 (Missing sanitization of data in Pipeline error messages in GitLab CE/E ...) + TODO: check CVE-2022-1415 RESERVED CVE-2022-1414 RESERVED -CVE-2022-1413 - RESERVED +CVE-2022-1413 (Missing input masking in GitLab CE/EE affecting all versions starting ...) + TODO: check CVE-2022-1412 RESERVED CVE-2022-1411 (Unrestructed file upload in GitHub repository yetiforcecompany/yetifor ...) @@ -4935,14 +4991,14 @@ CVE-2022-29451 (Cross-Site Request Forgery (CSRF) leading to Arbitrary File Uplo NOT-FOR-US: WordPress plugin CVE-2022-29450 RESERVED -CVE-2022-29449 - RESERVED +CVE-2022-29449 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...) + TODO: check CVE-2022-29448 RESERVED CVE-2022-29447 RESERVED -CVE-2022-29446 - RESERVED +CVE-2022-29446 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...) + TODO: check CVE-2022-29445 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...) NOT-FOR-US: WordPress plugin CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerabi ...) @@ -5712,6 +5768,7 @@ CVE-2022-29156 (drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel befor [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: Fixedy by: https://git.kernel.org/linus/8700af2cc18c919b2a83e74e0479038fd113c15d (5.17-rc6) CVE-2022-29155 (In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection ...) + {DSA-5140-1} - openldap 2.5.12+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9815 NOTE: https://git.openldap.org/openldap/openldap/-/commit/87df6c19915042430540931d199a39105544a134 (master) @@ -6287,8 +6344,8 @@ CVE-2022-28948 RESERVED CVE-2022-28947 RESERVED -CVE-2022-28946 - RESERVED +CVE-2022-28946 (An issue in the component ast/parser.go of Open Policy Agent v0.39.0 c ...) + TODO: check CVE-2022-28945 RESERVED CVE-2022-28944 @@ -6325,8 +6382,8 @@ CVE-2022-28929 (Hospital Management System v1.0 was discovered to contain a SQL NOT-FOR-US: kabirkhyrul/HMS CVE-2022-28928 RESERVED -CVE-2022-28927 - RESERVED +CVE-2022-28927 (A remote code execution (RCE) vulnerability in Subconverter v0.7.2 all ...) + TODO: check CVE-2022-28926 RESERVED CVE-2022-28925 @@ -8281,8 +8338,7 @@ CVE-2022-1184 RESERVED - linux <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070205 -CVE-2022-1183 - RESERVED +CVE-2022-1183 (On vulnerable configurations, the named daemon may, in some circumstan ...) - bind9 1:9.18.3-1 [bullseye] - bind9 <not-affected> (Vulnerable code not present) [buster] - bind9 <not-affected> (Vulnerable code not present) @@ -17088,8 +17144,8 @@ CVE-2021-46687 RESERVED CVE-2021-46270 (JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Contr ...) NOT-FOR-US: JFrog Artifactory -CVE-2021-45730 - RESERVED +CVE-2021-45730 (JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Con ...) + TODO: check CVE-2021-45721 RESERVED CVE-2021-45074 (JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken A ...) @@ -24541,12 +24597,12 @@ CVE-2022-22980 RESERVED CVE-2022-22979 RESERVED -CVE-2022-22978 - RESERVED +CVE-2022-22978 (In Spring Security versions 5.5.6 and 5.5.7 and older unsupported vers ...) + TODO: check CVE-2022-22977 RESERVED -CVE-2022-22976 - RESERVED +CVE-2022-22976 (Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, a ...) + TODO: check CVE-2022-22975 (An issue was discovered in the Pinniped Supervisor with either LADPIde ...) NOT-FOR-US: vmware-tanzu/pinniped CVE-2022-22974 @@ -43100,8 +43156,8 @@ CVE-2021-41940 RESERVED CVE-2021-41939 RESERVED -CVE-2021-41938 - RESERVED +CVE-2021-41938 (An issue was discovered in ShopXO CMS 2.2.0. After entering the manage ...) + TODO: check CVE-2021-41937 RESERVED CVE-2021-41936 @@ -54576,8 +54632,8 @@ CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to NOT-FOR-US: Zoho ManageEngine CVE-2021-37414 (Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get ...) NOT-FOR-US: Zoho ManageEngine -CVE-2021-37413 - RESERVED +CVE-2021-37413 (GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in t ...) + TODO: check CVE-2021-37412 (The TechRadar app 1.1 for Confluence Server allows XSS via the Title f ...) NOT-FOR-US: TechRadar app for Confluence Server CVE-2021-37411 @@ -65322,8 +65378,8 @@ CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering p NOT-FOR-US: Open Design Alliance CVE-2021-32935 RESERVED -CVE-2021-32934 - RESERVED +CVE-2021-32934 (The affected ThroughTek P2P products (SDKs using versions before 3.1.5 ...) + TODO: check CVE-2021-32933 (An attacker could leverage an API to pass along a malicious file that ...) NOT-FOR-US: Auvesy-MDT CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...) @@ -81692,10 +81748,10 @@ CVE-2021-26633 RESERVED CVE-2021-26632 RESERVED -CVE-2021-26631 - RESERVED -CVE-2021-26630 - RESERVED +CVE-2021-26631 (Improper input validation vulnerability in Mangboard commerce package ...) + TODO: check +CVE-2021-26630 (Improper input validation vulnerability in HANDY Groupware’s Act ...) + TODO: check CVE-2021-26629 (A path traversal vulnerability in XPLATFORM's runtime archive function ...) NOT-FOR-US: Tobesoft Xplatform CVE-2021-26628 (Insufficient script validation of the admin page enables XSS, which ca ...) @@ -97575,7 +97631,7 @@ CVE-2021-20773 (There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5 NOT-FOR-US: Cybozu CVE-2021-20772 (Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10 ...) NOT-FOR-US: Cybozu -CVE-2021-20771 (Cross-site scripting vulnerability in some functions of Group Mail of ...) +CVE-2021-20771 (Cross-site scripting vulnerability in some functions of E-Mail of Cybo ...) NOT-FOR-US: Cybozu CVE-2021-20770 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 t ...) NOT-FOR-US: Cybozu @@ -136428,16 +136484,16 @@ CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives NOT-FOR-US: Philips SureSigns CVE-2020-16236 (FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a ...) NOT-FOR-US: FPWIN Pro -CVE-2020-16235 - RESERVED +CVE-2020-16235 (Inadequate encryption may allow the credentials used by Emerson OpenEn ...) + TODO: check CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based buffer overf ...) NOT-FOR-US: PLC WinProladder CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...) NOT-FOR-US: CodeMeter CVE-2020-16232 (In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be cause ...) NOT-FOR-US: Yokogawa WideField3 -CVE-2020-16231 - RESERVED +CVE-2020-16231 (The affected Bachmann Electronic M-Base Controllers of version MSYS v1 ...) + TODO: check CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...) NOT-FOR-US: HMS Networks CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) @@ -136480,8 +136536,8 @@ CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A NOT-FOR-US: Advantech WebAccess CVE-2020-16210 (The affected product is vulnerable to reflected cross-site scripting, ...) NOT-FOR-US: N-Tron -CVE-2020-16209 - RESERVED +CVE-2020-16209 (A malicious attacker could exploit the interface of the Fieldcomm Grou ...) + TODO: check CVE-2020-16208 (The affected product is vulnerable to cross-site request forgery, whic ...) NOT-FOR-US: N-Tron CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multipl ...) @@ -140964,8 +141020,8 @@ CVE-2020-14498 (HMS Industrial Networks AB eCatcher all versions prior to 6.5.5. NOT-FOR-US: HMS Industrial Networks AB eCatche CVE-2020-14497 (Advantech iView, versions 5.6 and prior, contains multiple SQL injecti ...) NOT-FOR-US: Advantech -CVE-2020-14496 - RESERVED +CVE-2020-14496 (Successful exploitation of this vulnerability for multiple Mitsubishi ...) + TODO: check CVE-2020-14495 REJECTED CVE-2020-14494 (OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication ...) @@ -167940,8 +167996,8 @@ CVE-2020-4972 RESERVED CVE-2020-4971 RESERVED -CVE-2020-4970 - RESERVED +CVE-2020-4970 (IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5. ...) + TODO: check CVE-2020-4969 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...) NOT-FOR-US: IBM CVE-2020-4968 (IBM Security Identity Governance and Intelligence 5.2.6 uses weaker th ...) |