automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-03-22 08:10:17 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-03-22 08:10:17 +0000
commit: 5a8464da811a0e71c216f08872bd6e968ad3b3e1 (patch)
tree: 7240f79145ca4396ac722c30dd94d02590d71c70 /data
parent: 3cc49e160286892fb2cd6a976d2f974f8807a070 (diff)
1 files changed, 330 insertions, 42 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 09a9bb909e..c7d084af28 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,287 @@
+CVE-2022-27635
+	RESERVED
+CVE-2022-27626
+	RESERVED
+CVE-2022-27625
+	RESERVED
+CVE-2022-27624
+	RESERVED
+CVE-2022-27623
+	RESERVED
+CVE-2022-27622
+	RESERVED
+CVE-2022-27621
+	RESERVED
+CVE-2022-27620
+	RESERVED
+CVE-2022-27619
+	RESERVED
+CVE-2022-27618
+	RESERVED
+CVE-2022-27617
+	RESERVED
+CVE-2022-27616
+	RESERVED
+CVE-2022-27615
+	RESERVED
+CVE-2022-27614
+	RESERVED
+CVE-2022-27613
+	RESERVED
+CVE-2022-27612
+	RESERVED
+CVE-2022-27611
+	RESERVED
+CVE-2022-27610
+	RESERVED
+CVE-2022-27609
+	RESERVED
+CVE-2022-27608
+	RESERVED
+CVE-2022-27607 (Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom ...)
+	TODO: check
+CVE-2022-27606
+	RESERVED
+CVE-2022-27605
+	RESERVED
+CVE-2022-27604
+	RESERVED
+CVE-2022-27603
+	RESERVED
+CVE-2022-27602
+	RESERVED
+CVE-2022-27601
+	RESERVED
+CVE-2022-27600
+	RESERVED
+CVE-2022-27599
+	RESERVED
+CVE-2022-27598
+	RESERVED
+CVE-2022-27597
+	RESERVED
+CVE-2022-27596
+	RESERVED
+CVE-2022-27595
+	RESERVED
+CVE-2022-27594
+	RESERVED
+CVE-2022-27593
+	RESERVED
+CVE-2022-27592
+	RESERVED
+CVE-2022-27591
+	RESERVED
+CVE-2022-27590
+	RESERVED
+CVE-2022-27589
+	RESERVED
+CVE-2022-27588
+	RESERVED
+CVE-2022-27587
+	RESERVED
+CVE-2022-27586
+	RESERVED
+CVE-2022-27585
+	RESERVED
+CVE-2022-27584
+	RESERVED
+CVE-2022-27583
+	RESERVED
+CVE-2022-27582
+	RESERVED
+CVE-2022-27581
+	RESERVED
+CVE-2022-27580
+	RESERVED
+CVE-2022-27579
+	RESERVED
+CVE-2022-27578
+	RESERVED
+CVE-2022-27577
+	RESERVED
+CVE-2022-27576
+	RESERVED
+CVE-2022-27575
+	RESERVED
+CVE-2022-27574
+	RESERVED
+CVE-2022-27573
+	RESERVED
+CVE-2022-27572
+	RESERVED
+CVE-2022-27571
+	RESERVED
+CVE-2022-27570
+	RESERVED
+CVE-2022-27569
+	RESERVED
+CVE-2022-27568
+	RESERVED
+CVE-2022-27567
+	RESERVED
+CVE-2022-27566
+	RESERVED
+CVE-2022-27565
+	RESERVED
+CVE-2022-27564
+	RESERVED
+CVE-2022-27563
+	RESERVED
+CVE-2022-27562
+	RESERVED
+CVE-2022-27561
+	RESERVED
+CVE-2022-27560
+	RESERVED
+CVE-2022-27559
+	RESERVED
+CVE-2022-27558
+	RESERVED
+CVE-2022-27557
+	RESERVED
+CVE-2022-27556
+	RESERVED
+CVE-2022-27555
+	RESERVED
+CVE-2022-27554
+	RESERVED
+CVE-2022-27553
+	RESERVED
+CVE-2022-27552
+	RESERVED
+CVE-2022-27551
+	RESERVED
+CVE-2022-27550
+	RESERVED
+CVE-2022-27549
+	RESERVED
+CVE-2022-27548
+	RESERVED
+CVE-2022-27547
+	RESERVED
+CVE-2022-27546
+	RESERVED
+CVE-2022-27545
+	RESERVED
+CVE-2022-27544
+	RESERVED
+CVE-2022-27543
+	RESERVED
+CVE-2022-27542
+	RESERVED
+CVE-2022-27541
+	RESERVED
+CVE-2022-27540
+	RESERVED
+CVE-2022-27539
+	RESERVED
+CVE-2022-27538
+	RESERVED
+CVE-2022-27537
+	RESERVED
+CVE-2022-27536
+	RESERVED
+CVE-2022-27535
+	RESERVED
+CVE-2022-27534
+	RESERVED
+CVE-2022-27533
+	RESERVED
+CVE-2022-27532
+	RESERVED
+CVE-2022-27531
+	RESERVED
+CVE-2022-27530
+	RESERVED
+CVE-2022-27529
+	RESERVED
+CVE-2022-27528
+	RESERVED
+CVE-2022-27527
+	RESERVED
+CVE-2022-27526
+	RESERVED
+CVE-2022-27525
+	RESERVED
+CVE-2022-27524
+	RESERVED
+CVE-2022-27523
+	RESERVED
+CVE-2022-27522
+	RESERVED
+CVE-2022-27521
+	RESERVED
+CVE-2022-27520
+	RESERVED
+CVE-2022-27519
+	RESERVED
+CVE-2022-27518
+	RESERVED
+CVE-2022-27517
+	RESERVED
+CVE-2022-27516
+	RESERVED
+CVE-2022-27515
+	RESERVED
+CVE-2022-27514
+	RESERVED
+CVE-2022-27513
+	RESERVED
+CVE-2022-27512
+	RESERVED
+CVE-2022-27511
+	RESERVED
+CVE-2022-27510
+	RESERVED
+CVE-2022-27509
+	RESERVED
+CVE-2022-27508
+	RESERVED
+CVE-2022-27507
+	RESERVED
+CVE-2022-27506
+	RESERVED
+CVE-2022-27505
+	RESERVED
+CVE-2022-27504
+	RESERVED
+CVE-2022-27503
+	RESERVED
+CVE-2022-27502
+	RESERVED
+CVE-2022-27501
+	RESERVED
+CVE-2022-27500
+	RESERVED
+CVE-2022-27233
+	RESERVED
+CVE-2022-27229
+	RESERVED
+CVE-2022-27183
+	RESERVED
+CVE-2022-27180
+	RESERVED
+CVE-2022-26889
+	RESERVED
+CVE-2022-26888
+	RESERVED
+CVE-2022-26840
+	RESERVED
+CVE-2022-26070
+	RESERVED
+CVE-2022-26024
+	RESERVED
+CVE-2022-26017
+	RESERVED
+CVE-2022-25841
+	RESERVED
+CVE-2022-1040
+	RESERVED
+CVE-2022-1039
+	RESERVED
+CVE-2022-1038
+	RESERVED
 CVE-2022-27492
 	RESERVED
 CVE-2022-27491
@@ -316,8 +600,8 @@ CVE-2022-27335
 	RESERVED
 CVE-2022-27334
 	RESERVED
-CVE-2022-27333
-	RESERVED
+CVE-2022-27333 (idcCMS v1.10 was discovered to contain an issue which allows attackers ...)
+	TODO: check
 CVE-2022-27332
 	RESERVED
 CVE-2022-27331
@@ -1126,8 +1410,8 @@ CVE-2022-27092
 	RESERVED
 CVE-2022-27091
 	RESERVED
-CVE-2022-27090
-	RESERVED
+CVE-2022-27090 (Cscms Music Portal System v4.2 was discovered to contain a redirection ...)
+	TODO: check
 CVE-2022-27089
 	RESERVED
 CVE-2022-27088
@@ -3174,12 +3458,12 @@ CVE-2022-26287
 	RESERVED
 CVE-2022-26286
 	RESERVED
-CVE-2022-26285
-	RESERVED
-CVE-2022-26284
-	RESERVED
-CVE-2022-26283
-	RESERVED
+CVE-2022-26285 (Simple Subscription Website v1.0 was discovered to contain a SQL injec ...)
+	TODO: check
+CVE-2022-26284 (Simple Client Management System v1.0 was discovered to contain a SQL i ...)
+	TODO: check
+CVE-2022-26283 (Simple Subscription Website v1.0 was discovered to contain a SQL injec ...)
+	TODO: check
 CVE-2022-26282
 	RESERVED
 CVE-2022-26281
@@ -3376,10 +3660,10 @@ CVE-2022-26186
 	RESERVED
 CVE-2022-26185
 	RESERVED
-CVE-2022-26184
-	RESERVED
-CVE-2022-26183
-	RESERVED
+CVE-2022-26184 (Poetry v1.1.9 and below was discovered to contain an untrusted search  ...)
+	TODO: check
+CVE-2022-26183 (PNPM v6.15.1 and below was discovered to contain an untrusted search p ...)
+	TODO: check
 CVE-2022-26182
 	RESERVED
 CVE-2022-26181 (Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-bu ...)
@@ -3397,8 +3681,8 @@ CVE-2022-26176
 	RESERVED
 CVE-2022-26175
 	RESERVED
-CVE-2022-26174
-	RESERVED
+CVE-2022-26174 (A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 ...)
+	TODO: check
 CVE-2022-26173
 	RESERVED
 CVE-2022-26172
@@ -3652,8 +3936,8 @@ CVE-2022-0768 (Server-Side Request Forgery (SSRF) in GitHub repository rudloff/a
 	NOT-FOR-US: rudloff/alltube
 CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows remote authenticated administr ...)
 	NOT-FOR-US: MODX Revolution
-CVE-2022-26148
-	RESERVED
+CVE-2022-26148 (An issue was discovered in Grafana through 7.3.4, when integrated with ...)
+	TODO: check
 CVE-2022-26147
 	RESERVED
 CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an authenticated atta ...)
@@ -5855,8 +6139,8 @@ CVE-2022-0654 (Exposure of Sensitive Information to an Unauthorized Actor in Git
 	NOT-FOR-US: Node request-retry
 CVE-2022-0653 (The Profile Builder &#8211; User Profile &amp; User Registration Forms ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-0652
-	RESERVED
+CVE-2022-0652 (Confd log files contain local users', including root&#8217;s, SHA512cr ...)
+	TODO: check
 CVE-2022-0651 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0650
@@ -9703,8 +9987,8 @@ CVE-2022-24005
 	RESERVED
 CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
 	NOT-FOR-US: livehelperchat
-CVE-2022-0386
-	RESERVED
+CVE-2022-0386 (A post-auth SQL injection vulnerability in the Mail Manager potentiall ...)
+	TODO: check
 CVE-2022-0385 (The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and es ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0384 (The Video Conferencing with Zoom WordPress plugin before 3.8.17 does n ...)
@@ -10089,6 +10373,7 @@ CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. Th
 CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...)
 	NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23943 (Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server all ...)
+	{DLA-2960-1}
 	- apache2 2.4.53-1
 	[bullseye] - apache2 <no-dsa> (Minor issue)
 	[buster] - apache2 <no-dsa> (Minor issue)
@@ -12102,22 +12387,22 @@ CVE-2022-23354
 	RESERVED
 CVE-2022-23353
 	RESERVED
-CVE-2022-23352
-	RESERVED
+CVE-2022-23352 (An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial ...)
+	TODO: check
 CVE-2022-23351
 	RESERVED
-CVE-2022-23350
-	RESERVED
-CVE-2022-23349
-	RESERVED
-CVE-2022-23348
-	RESERVED
-CVE-2022-23347
-	RESERVED
-CVE-2022-23346
-	RESERVED
-CVE-2022-23345
-	RESERVED
+CVE-2022-23350 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cros ...)
+	TODO: check
+CVE-2022-23349 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cros ...)
+	TODO: check
+CVE-2022-23348 (BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak p ...)
+	TODO: check
+CVE-2022-23347 (BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable  ...)
+	TODO: check
+CVE-2022-23346 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorr ...)
+	TODO: check
+CVE-2022-23345 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorr ...)
+	TODO: check
 CVE-2022-23344
 	RESERVED
 CVE-2022-23343
@@ -12230,8 +12515,8 @@ CVE-2021-46392
 	RESERVED
 CVE-2021-46391
 	RESERVED
-CVE-2021-46390
-	RESERVED
+CVE-2021-46390 (An access control issue in the authentication module of Lexar_F35 v1.0 ...)
+	TODO: check
 CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...)
 	NOT-FOR-US: IIPImage High Resolution Streaming Image Server
 CVE-2021-46388
@@ -14711,18 +14996,21 @@ CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input vulnerabil
 CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2022-22721 (If LimitXMLRequestBody is set to allow request bodies larger than 350M ...)
+	{DLA-2960-1}
 	- apache2 2.4.53-1
 	[bullseye] - apache2 <no-dsa> (Minor issue)
 	[buster] - apache2 <no-dsa> (Minor issue)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721
 	NOTE: Fixed by: https://svn.apache.org/r1898693
 CVE-2022-22720 (Apache HTTP Server 2.4.52 and earlier fails to close inbound connectio ...)
+	{DLA-2960-1}
 	- apache2 2.4.53-1
 	[bullseye] - apache2 <no-dsa> (Minor issue)
 	[buster] - apache2 <no-dsa> (Minor issue)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720
 	NOTE: Fixed by: https://svn.apache.org/r1898692
 CVE-2022-22719 (A carefully crafted request body can cause a read to a random memory a ...)
+	{DLA-2960-1}
 	- apache2 2.4.53-1
 	[bullseye] - apache2 <no-dsa> (Minor issue)
 	[buster] - apache2 <no-dsa> (Minor issue)
@@ -34903,8 +35191,8 @@ CVE-2021-40664
 	RESERVED
 CVE-2021-40663
 	RESERVED
-CVE-2021-40662
-	RESERVED
+CVE-2021-40662 (A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows atta ...)
+	TODO: check
 CVE-2021-40661
 	RESERVED
 CVE-2021-40660
@@ -39589,8 +39877,8 @@ CVE-2021-38747
 	RESERVED
 CVE-2021-38746
 	RESERVED
-CVE-2021-38745
-	RESERVED
+CVE-2021-38745 (Chamilo LMS v1.11.14 was discovered to contain a zero click code injec ...)
+	TODO: check
 CVE-2021-38744
 	RESERVED
 CVE-2021-38743
author	security tracker role <sectracker@soriano.debian.org>	2022-03-22 08:10:17 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-03-22 08:10:17 +0000
commit	5a8464da811a0e71c216f08872bd6e968ad3b3e1 (patch)
tree	7240f79145ca4396ac722c30dd94d02590d71c70 /data
parent	3cc49e160286892fb2cd6a976d2f974f8807a070 (diff)