diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-03-17 20:10:15 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-03-17 20:10:15 +0000 |
commit | d6ecaf9d85d320efc7c8e24aec810faa669d4174 (patch) | |
tree | ce519b86bb0095a2f7440fa9c394e3e6e06cb613 /data | |
parent | 3582978708b910a161a937576b8b6b8b304ff070 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 162 |
1 files changed, 100 insertions, 62 deletions
diff --git a/data/CVE/list b/data/CVE/list index fb60768f9a..562eafa7b6 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,41 @@ +CVE-2022-27172 + RESERVED +CVE-2022-1017 + RESERVED +CVE-2022-1016 + RESERVED +CVE-2022-1015 + RESERVED +CVE-2022-1014 + RESERVED +CVE-2022-1013 + RESERVED +CVE-2022-1012 + RESERVED +CVE-2022-1011 + RESERVED +CVE-2022-1010 + RESERVED +CVE-2022-1009 + RESERVED +CVE-2022-1008 + RESERVED +CVE-2022-1007 + RESERVED +CVE-2022-1006 + RESERVED +CVE-2022-1005 + RESERVED +CVE-2022-1004 + RESERVED +CVE-2022-1003 + RESERVED +CVE-2022-1002 + RESERVED +CVE-2022-1001 + RESERVED +CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager prior ...) + TODO: check CVE-2022-27228 RESERVED CVE-2022-27227 @@ -266,16 +304,16 @@ CVE-2022-27167 RESERVED CVE-2022-27166 RESERVED -CVE-2022-26511 - RESERVED +CVE-2022-26511 (WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening ...) + TODO: check CVE-2022-26510 RESERVED CVE-2022-26303 RESERVED CVE-2022-26082 RESERVED -CVE-2022-26081 - RESERVED +CVE-2022-26081 (The installer of WPS Office Version 10.8.0.5745 insecurely load shcore ...) + TODO: check CVE-2022-26077 RESERVED CVE-2022-26067 @@ -284,10 +322,10 @@ CVE-2022-26043 RESERVED CVE-2022-26026 RESERVED -CVE-2022-25969 - RESERVED -CVE-2022-25949 - RESERVED +CVE-2022-25969 (The installer of WPS Office Version 10.8.0.6186 insecurely load VERSIO ...) + TODO: check +CVE-2022-25949 (The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Ve ...) + TODO: check CVE-2022-0970 (Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav ...) TODO: check CVE-2022-0969 @@ -1835,8 +1873,8 @@ CVE-2022-26528 RESERVED CVE-2022-26527 RESERVED -CVE-2022-26526 - RESERVED +CVE-2022-26526 (Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 ...) + TODO: check CVE-2022-26525 RESERVED CVE-2022-26524 @@ -1871,8 +1909,8 @@ CVE-2022-26505 (A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1 NOTE: https://www.openwall.com/lists/oss-security/2022/03/03/1 CVE-2022-26504 RESERVED -CVE-2022-26503 - RESERVED +CVE-2022-26503 (Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, ...) + TODO: check CVE-2022-26502 RESERVED CVE-2022-26501 @@ -2980,7 +3018,7 @@ CVE-2022-0780 CVE-2022-0779 RESERVED CVE-2022-0778 (The BN_mod_sqrt() function, which computes a modular square root, cont ...) - {DSA-5103-1} + {DSA-5103-1 DLA-2953-1 DLA-2952-1} - openssl 1.1.1n-1 - openssl1.0 <removed> NOTE: https://www.openssl.org/news/secadv/20220315.txt @@ -3483,8 +3521,8 @@ CVE-2022-25764 RESERVED CVE-2022-25761 RESERVED -CVE-2022-25760 - RESERVED +CVE-2022-25760 (All versions of package accesslog are vulnerable to Arbitrary Code Inj ...) + TODO: check CVE-2022-25759 RESERVED CVE-2022-25758 @@ -3499,12 +3537,12 @@ CVE-2022-25645 RESERVED CVE-2022-25644 RESERVED -CVE-2022-25354 - RESERVED +CVE-2022-25354 (The package set-in before 2.0.3 are vulnerable to Prototype Pollution ...) + TODO: check CVE-2022-25353 RESERVED -CVE-2022-25352 - RESERVED +CVE-2022-25352 (The package libnested before 1.5.2 are vulnerable to Prototype Polluti ...) + TODO: check CVE-2022-25351 RESERVED CVE-2022-25350 @@ -3623,8 +3661,8 @@ CVE-2022-21223 RESERVED CVE-2022-21222 RESERVED -CVE-2022-21221 - RESERVED +CVE-2022-21221 (The package github.com/valyala/fasthttp before 1.34.0 are vulnerable t ...) + TODO: check CVE-2022-21213 RESERVED CVE-2022-21211 @@ -3684,10 +3722,10 @@ CVE-2022-0751 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0750 RESERVED -CVE-2022-0749 - RESERVED -CVE-2022-0748 - RESERVED +CVE-2022-0749 (This affects all versions of package SinGooCMS.Utility. The socket cli ...) + TODO: check +CVE-2022-0748 (The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Ex ...) + TODO: check CVE-2022-0747 RESERVED CVE-2022-0746 (Business Logic Errors in GitHub repository dolibarr/dolibarr prior to ...) @@ -4884,8 +4922,8 @@ CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, althou NOT-FOR-US: Cryptomator CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to move arbitr ...) NOT-FOR-US: Docker Desktop -CVE-2022-25364 - RESERVED +CVE-2022-25364 (In Gradle Enterprise before 2021.4.2, the default built-in build cache ...) + TODO: check CVE-2022-25363 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...) NOT-FOR-US: WatchGuard CVE-2022-25362 @@ -5117,8 +5155,8 @@ CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is pos NOT-FOR-US: webcc CVE-2022-25297 (This affects the package drogonframework/drogon before 1.7.5. The unsa ...) NOT-FOR-US: drogon -CVE-2022-25296 - RESERVED +CVE-2022-25296 (The package bodymen from 0.0.0 are vulnerable to Prototype Pollution v ...) + TODO: check CVE-2022-25295 RESERVED CVE-2022-25294 (Proofpoint Insider Threat Management Agent for Windows relies on an in ...) @@ -6592,12 +6630,12 @@ CVE-2022-24763 RESERVED CVE-2022-24762 (sysend.js is a library that allows a user to send messages between pag ...) TODO: check -CVE-2022-24761 - RESERVED +CVE-2022-24761 (Waitress is a Web Server Gateway Interface server for Python 2 and 3. ...) + TODO: check CVE-2022-24760 (Parse Server is an open source http web server backend. In versions pr ...) TODO: check -CVE-2022-24759 - RESERVED +CVE-2022-24759 (`@chainsafe/libp2p-noise` contains TypeScript implementation of noise ...) + TODO: check CVE-2022-24758 RESERVED CVE-2022-24757 @@ -16368,14 +16406,14 @@ CVE-2021-45796 RESERVED CVE-2021-45795 RESERVED -CVE-2021-45794 - RESERVED -CVE-2021-45793 - RESERVED -CVE-2021-45792 - RESERVED -CVE-2021-45791 - RESERVED +CVE-2021-45794 (Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/sys ...) + TODO: check +CVE-2021-45793 (Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.ph ...) + TODO: check +CVE-2021-45792 (Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admi ...) + TODO: check +CVE-2021-45791 (Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bib ...) + TODO: check CVE-2021-45790 (An arbitrary file upload vulnerability was found in Metersphere v1.15. ...) NOT-FOR-US: Metersphere CVE-2021-45789 (An arbitrary file read vulnerability was found in Metersphere v1.15.4, ...) @@ -19595,12 +19633,12 @@ CVE-2021-44910 RESERVED CVE-2021-44909 RESERVED -CVE-2021-44908 - RESERVED +CVE-2021-44908 (SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via c ...) + TODO: check CVE-2021-44907 RESERVED -CVE-2021-44906 - RESERVED +CVE-2021-44906 (Minimist <=1.2.5 is vulnerable to Prototype Pollution via file inde ...) + TODO: check CVE-2021-44905 RESERVED CVE-2021-44904 @@ -21531,14 +21569,14 @@ CVE-2021-44264 RESERVED CVE-2021-44263 (Gurock TestRail before 7.2.4 mishandles HTML escaping. ...) NOT-FOR-US: Gurock TestRail -CVE-2021-44262 - RESERVED -CVE-2021-44261 - RESERVED -CVE-2021-44260 - RESERVED -CVE-2021-44259 - RESERVED +CVE-2021-44262 (A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, vers ...) + TODO: check +CVE-2021-44261 (A vulnerability is in the 'BRS_top.html' page of the Netgear W104, ver ...) + TODO: check +CVE-2021-44260 (A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, ...) + TODO: check +CVE-2021-44259 (A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, versio ...) + TODO: check CVE-2021-44258 RESERVED CVE-2021-44257 @@ -76482,8 +76520,8 @@ CVE-2021-23773 RESERVED CVE-2021-23772 (This affects all versions of package github.com/kataras/iris; all vers ...) NOT-FOR-US: iris Go web framework -CVE-2021-23771 - RESERVED +CVE-2021-23771 (This affects all versions of package notevil; all versions of package ...) + TODO: check CVE-2021-23770 RESERVED CVE-2021-23769 @@ -76765,8 +76803,8 @@ CVE-2021-23634 RESERVED CVE-2021-23633 RESERVED -CVE-2021-23632 - RESERVED +CVE-2021-23632 (All versions of package git are vulnerable to Remote Code Execution (R ...) + TODO: check CVE-2021-23631 (This affects all versions of package convert-svg-core; all versions of ...) NOT-FOR-US: Node convert-svg CVE-2021-23630 @@ -76919,8 +76957,8 @@ CVE-2021-23558 (The package bmoor before 0.10.1 are vulnerable to Prototype Poll NOT-FOR-US: Node bmoor CVE-2021-23557 RESERVED -CVE-2021-23556 - RESERVED +CVE-2021-23556 (The package guake before 3.8.5 are vulnerable to Exposed Dangerous Met ...) + TODO: check CVE-2021-23555 (The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via dire ...) NOT-FOR-US: Node vm2 CVE-2021-23554 @@ -125884,8 +125922,8 @@ CVE-2020-15593 (SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC NOT-FOR-US: SteelCentral Aternity Agent CVE-2020-15592 (SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privil ...) NOT-FOR-US: SteelCentral Aternity Agent -CVE-2020-15591 - RESERVED +CVE-2020-15591 (fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 a ...) + TODO: check CVE-2020-15590 (A vulnerability in the Private Internet Access (PIA) VPN Client for Li ...) NOT-FOR-US: Private Internet Access client for Linux CVE-2020-15589 (A design issue was discovered in GetInternetRequestHandle, InternetSen ...) @@ -221806,7 +221844,7 @@ CVE-2019-1552 (OpenSSL has internal defaults for a directory tree where it can f - openssl1.0 <not-affected> (Windows-specific) NOTE: https://www.openssl.org/news/secadv/20190730.txt CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring procedure u ...) - {DSA-4855-1 DSA-4594-1} + {DSA-4855-1 DSA-4594-1 DLA-2952-1} - openssl 1.1.1e-1 (low; bug #947949) [jessie] - openssl <not-affected> (Affected modules are not present in Jessie) - openssl1.0 <removed> (low) |