diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-03-22 20:10:16 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-03-22 20:10:16 +0000 |
commit | 417749a0f807da4765c58771cbea12df5cd365b0 (patch) | |
tree | eee36c748a4c48fb7d38ee39d15a161c2081f565 /data | |
parent | f44277beff5add62f5ff59b8265d0b333901c596 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 123 |
1 files changed, 90 insertions, 33 deletions
diff --git a/data/CVE/list b/data/CVE/list index 28a4ff7905..e51ab3e431 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,61 @@ +CVE-2022-27653 + RESERVED +CVE-2022-27652 + RESERVED +CVE-2022-27651 + RESERVED +CVE-2022-27650 + RESERVED +CVE-2022-27649 + RESERVED +CVE-2022-27648 + RESERVED +CVE-2022-27647 + RESERVED +CVE-2022-27646 + RESERVED +CVE-2022-27645 + RESERVED +CVE-2022-27644 + RESERVED +CVE-2022-27643 + RESERVED +CVE-2022-27642 + RESERVED +CVE-2022-27641 + RESERVED +CVE-2022-27640 + RESERVED +CVE-2022-1055 + RESERVED +CVE-2022-1054 + RESERVED +CVE-2022-1053 + RESERVED +CVE-2022-1052 + RESERVED +CVE-2022-1051 + RESERVED +CVE-2022-1050 + RESERVED +CVE-2022-1049 + RESERVED +CVE-2022-1048 + RESERVED +CVE-2022-1047 + RESERVED +CVE-2022-1046 + RESERVED +CVE-2022-1045 + RESERVED +CVE-2022-1044 + RESERVED +CVE-2022-1043 + RESERVED +CVE-2022-1042 + RESERVED +CVE-2022-1041 + RESERVED CVE-2022-27635 RESERVED CVE-2022-27626 @@ -768,14 +826,14 @@ CVE-2022-25959 RESERVED CVE-2022-1037 RESERVED -CVE-2022-1036 - RESERVED +CVE-2022-1036 (Able to create an account with long password leads to memory corruptio ...) + TODO: check CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...) - gpac <unfixed> NOTE: https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b NOTE: https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243 -CVE-2022-1034 - RESERVED +CVE-2022-1034 (There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10. ...) + TODO: check CVE-2022-1033 RESERVED CVE-2022-1032 @@ -907,8 +965,8 @@ CVE-2022-1001 RESERVED CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager prior ...) TODO: check -CVE-2022-27228 - RESERVED +CVE-2022-27228 (In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site ...) + TODO: check CVE-2022-27227 RESERVED CVE-2022-27226 (A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 ...) @@ -3143,7 +3201,7 @@ CVE-2022-0845 (Code Injection in GitHub repository pytorchlightning/pytorch-ligh NOT-FOR-US: pytorchlightning CVE-2022-26387 RESERVED - {DSA-5106-1 DSA-5097-1 DLA-2942-1} + {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} - firefox 98.0-1 - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 @@ -3152,7 +3210,7 @@ CVE-2022-26387 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26387 CVE-2022-26386 RESERVED - {DSA-5106-1 DSA-5097-1 DLA-2942-1} + {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386 @@ -3163,7 +3221,7 @@ CVE-2022-26385 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26385 CVE-2022-26384 RESERVED - {DSA-5106-1 DSA-5097-1 DLA-2942-1} + {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} - firefox 98.0-1 - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 @@ -3172,7 +3230,7 @@ CVE-2022-26384 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384 CVE-2022-26383 RESERVED - {DSA-5106-1 DSA-5097-1 DLA-2942-1} + {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} - firefox 98.0-1 - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 @@ -3185,7 +3243,7 @@ CVE-2022-26382 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26382 CVE-2022-26381 RESERVED - {DSA-5106-1 DSA-5097-1 DLA-2942-1} + {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} - firefox 98.0-1 - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 @@ -3508,8 +3566,8 @@ CVE-2022-26262 RESERVED CVE-2022-26261 RESERVED -CVE-2022-26260 - RESERVED +CVE-2022-26260 (Simple-Plist v1.3.0 was discovered to contain a prototype pollution vu ...) + TODO: check CVE-2022-26259 RESERVED CVE-2022-26258 @@ -5435,8 +5493,8 @@ CVE-2022-25519 RESERVED CVE-2022-25518 RESERVED -CVE-2022-25517 - RESERVED +CVE-2022-25517 (MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerab ...) + TODO: check CVE-2022-25516 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...) - libstb <unfixed> (unimportant) NOTE: https://github.com/nothings/stb/issues/1287 @@ -5513,8 +5571,8 @@ CVE-2022-25486 (CuppaCMS v1.0 was discovered to contain a local file inclusion v NOT-FOR-US: CuppaCMS CVE-2022-25485 (CuppaCMS v1.0 was discovered to contain a local file inclusion via the ...) NOT-FOR-US: CuppaCMS -CVE-2022-25484 - RESERVED +CVE-2022-25484 (tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in pac ...) + TODO: check CVE-2022-25483 RESERVED CVE-2022-25482 @@ -6008,8 +6066,7 @@ CVE-2022-0669 RESERVED CVE-2022-0668 RESERVED -CVE-2022-0667 [Assertion failure on delayed DS lookup] - RESERVED +CVE-2022-0667 (When the vulnerability is triggered the BIND process will exit. BIND 9 ...) - bind9 1:9.18.1-1 [bullseye] - bind9 <not-affected> (Vulnerable code introduced later) [buster] - bind9 <not-affected> (Vulnerable code introduced later) @@ -7505,8 +7562,8 @@ CVE-2022-24776 RESERVED CVE-2022-24775 (guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8 ...) TODO: check -CVE-2022-24774 - RESERVED +CVE-2022-24774 (CycloneDX BOM Repository Server is a bill of materials (BOM) repositor ...) + TODO: check CVE-2022-24773 (Forge (also called `node-forge`) is a native implementation of Transpo ...) - node-node-forge <unfixed> NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr @@ -7533,8 +7590,8 @@ CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. NOTE: https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b (v8.0.0) CVE-2022-24765 RESERVED -CVE-2022-24764 - RESERVED +CVE-2022-24764 (PJSIP is a free and open source multimedia communication library writt ...) + TODO: check CVE-2022-24763 RESERVED CVE-2022-24762 (sysend.js is a library that allows a user to send messages between pag ...) @@ -17322,10 +17379,10 @@ CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross NOT-FOR-US: NUUO Network Video Recorder NVRsolo CVE-2021-45811 RESERVED -CVE-2021-45810 - RESERVED -CVE-2021-45809 - RESERVED +CVE-2021-45810 (Multiple versions of GlobalProtect-openconnect are affected by incorre ...) + TODO: check +CVE-2021-45809 (Multiple versions of GlobalProtect-openconnect are affected by incorre ...) + TODO: check CVE-2021-45808 (jpress v4.2.0 allows users to register an account by default. With the ...) NOT-FOR-US: jpress CVE-2021-45807 (jpress v4.2.0 is vulnerable to command execution via io.jpress.web.adm ...) @@ -23657,8 +23714,8 @@ CVE-2022-21720 (GLPI is a free asset and IT management software package. Prior t CVE-2022-21719 (GLPI is a free asset and IT management software package. All GLPI vers ...) - glpi <removed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone -CVE-2022-21718 - RESERVED +CVE-2022-21718 (Electron is a framework for writing cross-platform desktop application ...) + TODO: check CVE-2022-21717 RESERVED CVE-2022-21716 (Twisted is an event-based framework for internet applications, support ...) @@ -25485,8 +25542,8 @@ CVE-2021-43652 RESERVED CVE-2021-43651 RESERVED -CVE-2021-43650 - RESERVED +CVE-2021-43650 (WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter u ...) + TODO: check CVE-2021-43649 RESERVED CVE-2021-43648 @@ -32580,8 +32637,8 @@ CVE-2021-41738 RESERVED CVE-2021-41737 RESERVED -CVE-2021-41736 - RESERVED +CVE-2021-41736 (Faust v2.35.0 was discovered to contain a heap-buffer overflow in the ...) + TODO: check CVE-2021-41735 RESERVED CVE-2021-41734 |