diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-01-21 20:10:27 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-01-21 20:10:27 +0000 |
commit | dc5f576e0030abb7017d2c0b14b8f736726518ab (patch) | |
tree | a360d6fd5c7ad850c3bea8fc1d7b84023caf7aed /data | |
parent | 7d52c41e15c7e5ec9fedbd6f999482c3b5359579 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 287 |
1 files changed, 182 insertions, 105 deletions
diff --git a/data/CVE/list b/data/CVE/list index 37c3024785..1d19a570e7 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,79 @@ +CVE-2022-23834 + RESERVED +CVE-2022-23833 + RESERVED +CVE-2022-23832 + RESERVED +CVE-2022-23831 + RESERVED +CVE-2022-23830 + RESERVED +CVE-2022-23829 + RESERVED +CVE-2022-23828 + RESERVED +CVE-2022-23827 + RESERVED +CVE-2022-23826 + RESERVED +CVE-2022-23825 + RESERVED +CVE-2022-23824 + RESERVED +CVE-2022-23823 + RESERVED +CVE-2022-23822 + RESERVED +CVE-2022-23821 + RESERVED +CVE-2022-23820 + RESERVED +CVE-2022-23819 + RESERVED +CVE-2022-23818 + RESERVED +CVE-2022-23817 + RESERVED +CVE-2022-23816 + RESERVED +CVE-2022-23815 + RESERVED +CVE-2022-23814 + RESERVED +CVE-2022-23813 + RESERVED +CVE-2022-22146 + RESERVED +CVE-2022-21193 + RESERVED +CVE-2022-21176 + RESERVED +CVE-2022-21143 + RESERVED +CVE-2022-21141 + RESERVED +CVE-2022-0335 + RESERVED +CVE-2022-0334 + RESERVED +CVE-2022-0333 + RESERVED +CVE-2022-0332 + RESERVED +CVE-2022-0331 + RESERVED +CVE-2022-0330 + RESERVED +CVE-2022-0329 (Code Injection in PyPi loguru prior to and including 0.5.3. ...) + TODO: check +CVE-2022-0328 + RESERVED +CVE-2022-0327 + RESERVED +CVE-2021-46403 + RESERVED +CVE-2021-4208 + RESERVED CVE-2022-23809 RESERVED CVE-2022-23808 @@ -68,18 +144,18 @@ CVE-2022-23780 RESERVED CVE-2022-21147 RESERVED -CVE-2022-0323 - RESERVED +CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template Engine ...) + TODO: check CVE-2022-0322 RESERVED CVE-2022-0321 RESERVED CVE-2022-0320 RESERVED -CVE-2022-0319 - RESERVED -CVE-2022-0318 - RESERVED +CVE-2022-0319 (Out-of-bounds Read in Conda vim prior to 8.2. ...) + TODO: check +CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...) + TODO: check CVE-2022-0317 RESERVED CVE-2022-0316 @@ -188,8 +264,8 @@ CVE-2022-23730 RESERVED CVE-2022-23729 RESERVED -CVE-2022-23728 - RESERVED +CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...) + TODO: check CVE-2022-23727 RESERVED CVE-2022-23726 @@ -1168,7 +1244,7 @@ CVE-2022-21801 RESERVED CVE-2022-21796 RESERVED -CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NPM cypress-orchardcore prior t ...) +CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...) NOT-FOR-US: Orchard CMS CVE-2022-0273 RESERVED @@ -1364,12 +1440,12 @@ CVE-2021-46311 RESERVED CVE-2021-46310 RESERVED -CVE-2021-46309 - RESERVED -CVE-2021-46308 - RESERVED -CVE-2021-46307 - RESERVED +CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...) + TODO: check +CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...) + TODO: check +CVE-2021-46307 (An SQL Injection vulnerability exists in Projectworlds Online Examinat ...) + TODO: check CVE-2021-46306 RESERVED CVE-2021-46305 @@ -1453,7 +1529,7 @@ CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelper NOT-FOR-US: livehelperchat CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab <unfixed> -CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/or ...) +CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...) TODO: check CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...) - apache-log4j1.2 <unfixed> @@ -1632,8 +1708,8 @@ CVE-2022-23223 RESERVED CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...) TODO: check -CVE-2022-23220 [usbview polkit policy local root exploit] - RESERVED +CVE-2022-23220 (USBView 2.1 before 2.2 allows some local users (e.g., ones logged in v ...) + {DSA-5052-1} - usbview 2.0-21-g6fe2f4f-2.1 [stretch] - usbview <not-affected> (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/01/21/1 @@ -2004,14 +2080,14 @@ CVE-2022-23131 (In the case of instances where the SAML SSO authentication is en - zabbix <undetermined> NOTE: https://support.zabbix.com/browse/ZBX-20350 TODO: check, possibly only affecting 5.4.0 onwards -CVE-2022-23130 - RESERVED -CVE-2022-23129 - RESERVED -CVE-2022-23128 - RESERVED -CVE-2022-23127 - RESERVED +CVE-2022-23130 (Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versi ...) + TODO: check +CVE-2022-23129 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric M ...) + TODO: check +CVE-2022-23128 (Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Elect ...) + TODO: check +CVE-2022-23127 (Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 v ...) + TODO: check CVE-2022-23126 RESERVED CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) @@ -2812,14 +2888,14 @@ CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read v NOT-FOR-US: Taocms CVE-2021-46202 RESERVED -CVE-2021-46201 - RESERVED -CVE-2021-46200 - RESERVED +CVE-2021-46201 (An SQL Injection vulnerability exists in Sourcecodester Online Resort ...) + TODO: check +CVE-2021-46200 (An SQL Injection vulnerability exists in Sourcecodester Simple Music C ...) + TODO: check CVE-2021-46199 RESERVED -CVE-2021-46198 - RESERVED +CVE-2021-46198 (An SQL Injection vulnerability exists in Sourceodester Courier Managem ...) + TODO: check CVE-2021-46197 RESERVED CVE-2021-46196 @@ -3012,14 +3088,17 @@ CVE-2022-22819 CVE-2022-22818 RESERVED CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitra ...) + {DSA-5053-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval NOTE: https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11 (9.0.0) CVE-2022-22816 (path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read d ...) + {DSA-5053-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling NOTE: https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c (9.0.0) CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly initializes I ...) + {DSA-5053-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling NOTE: https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c (9.0.0) @@ -6449,7 +6528,7 @@ CVE-2021-4159 RESERVED CVE-2021-45464 RESERVED -CVE-2021-45463 (GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allo ...) +CVE-2021-45463 (load_cache in GEGL before 0.4.34 allows shell expansion when a pathnam ...) - gegl 1:0.4.34-1 (bug #1002661) [bullseye] - gegl <no-dsa> (Minor issue) [buster] - gegl <no-dsa> (Minor issue) @@ -8269,8 +8348,8 @@ CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross NOT-FOR-US: DIAEnergie CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross- ...) NOT-FOR-US: DIAEnergie -CVE-2022-21933 - RESERVED +CVE-2022-21933 (ASUS VivoMini/Mini PC device has an improper input validation vulnerab ...) + TODO: check CVE-2022-21932 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21931 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...) @@ -9725,8 +9804,8 @@ CVE-2021-44595 RESERVED CVE-2021-44594 RESERVED -CVE-2021-44593 - RESERVED +CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...) + TODO: check CVE-2021-44592 RESERVED CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...) @@ -10211,8 +10290,8 @@ CVE-2021-23223 RESERVED CVE-2021-23179 RESERVED -CVE-2021-44464 - RESERVED +CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...) + TODO: check CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...) NOT-FOR-US: mySCADA myPRO CVE-2021-44451 @@ -10259,30 +10338,30 @@ CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All version NOT-FOR-US: Siemens CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions < ...) NOT-FOR-US: Siemens -CVE-2021-43355 - RESERVED -CVE-2021-41835 - RESERVED +CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + TODO: check +CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...) + TODO: check CVE-2021-4035 RESERVED -CVE-2021-33848 - RESERVED -CVE-2021-33846 - RESERVED -CVE-2021-33843 - RESERVED -CVE-2021-31562 - RESERVED -CVE-2021-23236 - RESERVED -CVE-2021-23233 - RESERVED -CVE-2021-23207 - RESERVED -CVE-2021-23196 - RESERVED -CVE-2021-23195 - RESERVED +CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + TODO: check +CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + TODO: check +CVE-2021-33843 (Fresenius Kabi Agilia Link + version 3.0 has a default configuration p ...) + TODO: check +CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 ...) + TODO: check +CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device. ...) + TODO: check +CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can ...) + TODO: check +CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...) + TODO: check +CVE-2021-23196 (The web application on Agilia Link+ version 3.0 implements authenticat ...) + TODO: check +CVE-2021-23195 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + TODO: check CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...) NOT-FOR-US: Serva CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...) @@ -10688,8 +10767,7 @@ CVE-2021-44237 RESERVED CVE-2021-44236 RESERVED -CVE-2021-4032 [kvm: mishandling of memory error during VCPU construction can lead to DoS] - RESERVED +CVE-2021-4032 (A vulnerability was found in the Linux kernel's KVM subsystem in arch/ ...) - linux <not-affected> (Vulnerable code introduced in 5.15-rc1; fixed in 5.15-rc7) NOTE: https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7) CVE-2021-4031 @@ -10953,8 +11031,8 @@ CVE-2021-44197 RESERVED CVE-2021-44196 RESERVED -CVE-2021-4016 - RESERVED +CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...) + TODO: check CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: firefly-iii CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...) @@ -11250,8 +11328,7 @@ CVE-2021-44081 RESERVED CVE-2021-44080 RESERVED -CVE-2021-4001 [race condition when the EBPF map is frozen] - RESERVED +CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier between ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux <not-affected> (Vulnerable code introduced later) @@ -22572,8 +22649,8 @@ CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Esca NOT-FOR-US: Auerswald COMpact 5500R devices CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...) NOT-FOR-US: Auerswald -CVE-2021-40855 - RESERVED +CVE-2021-40855 (The EU Technical Specifications for Digital COVID Certificates before ...) + TODO: check CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...) NOT-FOR-US: AnyDesk CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...) @@ -22950,16 +23027,16 @@ CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 R NOT-FOR-US: Adobe CVE-2021-40696 RESERVED -CVE-2021-40695 - RESERVED -CVE-2021-40694 - RESERVED -CVE-2021-40693 - RESERVED -CVE-2021-40692 - RESERVED -CVE-2021-40691 - RESERVED +CVE-2021-40695 (It was possible for a student to view their quiz grade before it had b ...) + TODO: check +CVE-2021-40694 (Insufficient escaping of the LaTeX preamble made it possible for site ...) + TODO: check +CVE-2021-40693 (An authentication bypass risk was identified in the external database ...) + TODO: check +CVE-2021-40692 (Insufficient capability checks made it possible for teachers to downlo ...) + TODO: check +CVE-2021-40691 (A session hijack risk was identified in the Shibboleth authentication ...) + TODO: check CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) {DSA-5010-1 DLA-2767-1} - libxml-security-java 2.1.7-1 (bug #994569) @@ -23179,8 +23256,8 @@ CVE-2021-40597 RESERVED CVE-2021-40596 RESERVED -CVE-2021-40595 - RESERVED +CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management ...) + TODO: check CVE-2021-40594 RESERVED CVE-2021-40593 @@ -24080,8 +24157,8 @@ CVE-2021-40249 RESERVED CVE-2021-40248 RESERVED -CVE-2021-40247 - RESERVED +CVE-2021-40247 (SQL injection vulnerability in Sourcecodester Budget and Expense Track ...) + TODO: check CVE-2021-40246 RESERVED CVE-2021-40245 @@ -36897,10 +36974,10 @@ CVE-2021-35006 RESERVED CVE-2021-35005 RESERVED -CVE-2021-35004 - RESERVED -CVE-2021-35003 - RESERVED +CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check CVE-2021-35002 RESERVED CVE-2021-35001 @@ -39229,8 +39306,8 @@ CVE-2021-33968 RESERVED CVE-2021-33967 RESERVED -CVE-2021-33966 - RESERVED +CVE-2021-33966 (Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows auth ...) + TODO: check CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) @@ -41288,7 +41365,7 @@ CVE-2021-33180 (Improper neutralization of special elements used in an SQL comma NOT-FOR-US: Synology CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...) NOT-FOR-US: Nagios XI -CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...) +CVE-2021-33178 (The Manage Backgrounds functionality within NagVis versions prior to 1 ...) - nagvis 1:1.9.29-1 [bullseye] - nagvis <no-dsa> (Minor issue) [buster] - nagvis <no-dsa> (Minor issue) @@ -96236,7 +96313,7 @@ CVE-2020-23906 (FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be84216c53a4ed81573c82320e9c4a20e9b349d9 (n4.3.1) CVE-2020-23905 RESERVED -CVE-2020-23904 (A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers t ...) +CVE-2020-23904 (** DISPUTED ** A stack buffer overflow in speexenc.c of Speex v1.2 all ...) - speex <unfixed> [bullseye] - speex <no-dsa> (Minor issue) [buster] - speex <no-dsa> (Minor issue) @@ -104823,14 +104900,14 @@ CVE-2020-19863 RESERVED CVE-2020-19862 RESERVED -CVE-2020-19861 - RESERVED -CVE-2020-19860 - RESERVED +CVE-2020-19861 (When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt ...) + TODO: check +CVE-2020-19860 (When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_ ...) + TODO: check CVE-2020-19859 RESERVED -CVE-2020-19858 - RESERVED +CVE-2020-19858 (Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerabilit ...) + TODO: check CVE-2020-19857 RESERVED CVE-2020-19856 @@ -144161,16 +144238,16 @@ CVE-2020-4881 (IBM Planning Analytics 2.0 could allow a remote attacker to obtai NOT-FOR-US: IBM CVE-2020-4880 RESERVED -CVE-2020-4879 - RESERVED +CVE-2020-4879 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote ...) + TODO: check CVE-2020-4878 RESERVED -CVE-2020-4877 - RESERVED -CVE-2020-4876 - RESERVED -CVE-2020-4875 - RESERVED +CVE-2020-4877 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable t ...) + TODO: check +CVE-2020-4876 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an X ...) + TODO: check +CVE-2020-4875 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an X ...) + TODO: check CVE-2020-4874 RESERVED CVE-2020-4873 (IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive ...) |