From c256aaee6efb4d35fc646fffbf7421e178d8f850 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 18 May 2022 08:10:14 +0000 Subject: automatic update --- data/CVE/list | 177 +++++++++++++++++++++++++++++++--------------------------- 1 file changed, 94 insertions(+), 83 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index b5a475018e..37287d2d3f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,21 @@ +CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...) + TODO: check +CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL p ...) + TODO: check +CVE-2022-30974 (compile in regexp.c in Artifex MuJS through 1.2.0 results in stack con ...) + TODO: check +CVE-2022-1775 + RESERVED +CVE-2022-1774 + RESERVED +CVE-2022-1773 + RESERVED +CVE-2022-1772 + RESERVED +CVE-2022-1771 + RESERVED +CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) gem throug ...) + TODO: check CVE-2022-30973 RESERVED CVE-2022-1770 @@ -744,7 +762,7 @@ CVE-2021-4228 CVE-2022-30689 (HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not cor ...) NOT-FOR-US: HashiCorp CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privilege esc ...) - {DSA-5137-1} + {DSA-5137-1 DLA-3013-1} - needrestart 3.6-1 (bug #1011154) NOTE: https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30 (v3.6) NOTE: https://www.openwall.com/lists/oss-security/2022/05/17/9 @@ -2544,12 +2562,12 @@ CVE-2022-30056 RESERVED CVE-2022-30055 (Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that ...) NOT-FOR-US: Prime95 -CVE-2022-30054 - RESERVED -CVE-2022-30053 - RESERVED -CVE-2022-30052 - RESERVED +CVE-2022-30054 (In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerab ...) + TODO: check +CVE-2022-30053 (In Toll Tax Management System 1.0, the id parameter appears to be vuln ...) + TODO: check +CVE-2022-30052 (In Home Clean Service System 1.0, the password parameter is vulnerable ...) + TODO: check CVE-2022-30051 RESERVED CVE-2022-30050 (Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via ...) @@ -2562,8 +2580,8 @@ CVE-2022-30047 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection v NOT-FOR-US: Mingsoft MCMS CVE-2022-30046 RESERVED -CVE-2022-30045 - RESERVED +CVE-2022-30045 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + TODO: check CVE-2022-30044 RESERVED CVE-2022-30043 @@ -4413,10 +4431,10 @@ CVE-2022-29438 RESERVED CVE-2022-29437 RESERVED -CVE-2022-29436 - RESERVED -CVE-2022-29435 - RESERVED +CVE-2022-29436 (Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokm ...) + TODO: check +CVE-2022-29435 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann' ...) + TODO: check CVE-2022-29434 RESERVED CVE-2022-29433 (Authenticated (contributor or higher role) Cross-Site Scripting (XSS) ...) @@ -4832,20 +4850,20 @@ CVE-2022-1364 [stretch] - chromium (see DSA 4562) CVE-2022-1363 RESERVED -CVE-2022-1362 - RESERVED -CVE-2022-1361 - RESERVED -CVE-2022-1360 - RESERVED -CVE-2022-1359 - RESERVED -CVE-2022-1358 - RESERVED -CVE-2022-1357 - RESERVED -CVE-2022-1356 - RESERVED +CVE-2022-1362 (The affected On-Premise cnMaestro is vulnerable inside a specific rout ...) + TODO: check +CVE-2022-1361 (The affected On-Premise cnMaestro is vulnerable to a pre-auth data exf ...) + TODO: check +CVE-2022-1360 (The affected On-Premise cnMaestro is vulnerable to execution of code o ...) + TODO: check +CVE-2022-1359 (The affected On-Premise cnMaestro is vulnerable to an arbitrary file-w ...) + TODO: check +CVE-2022-1358 (The affected On-Premise is vulnerable to data exfiltration through imp ...) + TODO: check +CVE-2022-1357 (The affected On-Premise cnMaestro allows an unauthenticated attacker t ...) + TODO: check +CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By default, a ...) + TODO: check CVE-2022-1355 RESERVED - tiff 4.3.0-8 (bug #1011160) @@ -5064,8 +5082,8 @@ CVE-2022-29176 (Rubygems is a package registry used to supply software for the R TODO: check CVE-2022-29175 REJECTED -CVE-2022-29174 - RESERVED +CVE-2022-29174 (countly-server is the server-side part of Countly, a product analytics ...) + TODO: check CVE-2022-29173 (go-tuf is a Go implementation of The Update Framework (TUF). go-tuf do ...) - golang-github-endophage-gotuf [stretch] - golang-github-endophage-gotuf (Vulnerable code not present) @@ -5092,8 +5110,7 @@ CVE-2022-29164 (Argo Workflows is an open source container-native workflow engin NOT-FOR-US: Argo Workflows CVE-2022-29163 RESERVED -CVE-2022-29162 - RESERVED +CVE-2022-29162 (runc is a CLI tool for spawning and running containers on Linux accord ...) - runc [stretch] - runc (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/05/12/1 @@ -6603,10 +6620,10 @@ CVE-2022-28619 RESERVED CVE-2022-28618 RESERVED -CVE-2022-28617 - RESERVED -CVE-2022-28616 - RESERVED +CVE-2022-28617 (A remote bypass security restrictions vulnerability was discovered in ...) + TODO: check +CVE-2022-28616 (A remote server-side request forgery (ssrf) vulnerability was discover ...) + TODO: check CVE-2022-28615 RESERVED CVE-2022-28614 @@ -7854,8 +7871,7 @@ CVE-2022-28194 (NVIDIA Jetson Linux Driver Package contains a vulnerability in t NOT-FOR-US: NVIDIA Jetson Linux Driver Package CVE-2022-28193 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...) NOT-FOR-US: NVIDIA Jetson Linux Driver Package -CVE-2022-28192 - RESERVED +CVE-2022-28192 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) - nvidia-graphics-drivers (bug #1011140) [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported) @@ -7869,8 +7885,7 @@ CVE-2022-28192 [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) - nvidia-graphics-drivers-tesla-510 (bug #1011147) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 -CVE-2022-28191 - RESERVED +CVE-2022-28191 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) - nvidia-graphics-drivers (bug #1011140) [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported) @@ -7880,18 +7895,17 @@ CVE-2022-28191 [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) - nvidia-graphics-drivers-tesla-510 (bug #1011147) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 -CVE-2022-28190 - RESERVED -CVE-2022-28189 - RESERVED -CVE-2022-28188 - RESERVED -CVE-2022-28187 - RESERVED -CVE-2022-28186 - RESERVED -CVE-2022-28185 - RESERVED +CVE-2022-28190 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + TODO: check +CVE-2022-28189 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + TODO: check +CVE-2022-28188 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + TODO: check +CVE-2022-28187 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + TODO: check +CVE-2022-28186 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + TODO: check +CVE-2022-28185 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers (bug #1011140) [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported) @@ -7910,8 +7924,7 @@ CVE-2022-28185 [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) - nvidia-graphics-drivers-tesla-510 (bug #1011147) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 -CVE-2022-28184 - RESERVED +CVE-2022-28184 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers (bug #1011140) [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported) @@ -7921,8 +7934,7 @@ CVE-2022-28184 [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) - nvidia-graphics-drivers-tesla-510 (bug #1011147) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 -CVE-2022-28183 - RESERVED +CVE-2022-28183 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers (bug #1011140) [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported) @@ -7932,10 +7944,9 @@ CVE-2022-28183 [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) - nvidia-graphics-drivers-tesla-510 (bug #1011147) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 -CVE-2022-28182 - RESERVED -CVE-2022-28181 - RESERVED +CVE-2022-28182 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + TODO: check +CVE-2022-28181 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers (bug #1011140) [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported) @@ -8257,8 +8268,8 @@ CVE-2022-1120 (Missing filtering in an error message in GitLab CE/EE affecting a - gitlab CVE-2022-1119 (The Simple File List WordPress plugin is vulnerable to Arbitrary File ...) NOT-FOR-US: WordPress plugin -CVE-2022-1118 - RESERVED +CVE-2022-1118 (Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbenc ...) + TODO: check CVE-2022-1117 RESERVED NOT-FOR-US: fapolicyd @@ -10674,8 +10685,8 @@ CVE-2022-0998 (An integer overflow flaw was found in the Linux kernel’s vi [stretch] - linux (ulnerable code not present) NOTE: https://git.kernel.org/linus/3ed21c1451a14d139e1ceb18f2fa70865ce3195a (5.16-rc6) NOTE: CONFIG_VHOST_VDPA not set in Debian -CVE-2022-0997 - RESERVED +CVE-2022-0997 (Improper file permissions in the CommandPost, Collector, and Sensor co ...) + TODO: check CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that allows expi ...) - 389-ds-base 2.0.15-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769 @@ -18734,20 +18745,20 @@ CVE-2022-24396 (The Simple Diagnostics Agent - versions 1.0 up to version 1.57, NOT-FOR-US: SAP CVE-2022-24395 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...) NOT-FOR-US: SAP -CVE-2022-24394 - RESERVED -CVE-2022-24393 - RESERVED -CVE-2022-24392 - RESERVED -CVE-2022-24391 - RESERVED -CVE-2022-24390 - RESERVED -CVE-2022-24389 - RESERVED -CVE-2022-24388 - RESERVED +CVE-2022-24394 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) + TODO: check +CVE-2022-24393 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) + TODO: check +CVE-2022-24392 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) + TODO: check +CVE-2022-24391 (Vulnerability in Fidelis Network and Deception CommandPost enables SQL ...) + TODO: check +CVE-2022-24390 (Vulnerability in rconfig “remote_text_file” enables an att ...) + TODO: check +CVE-2022-24389 (Vulnerability in rconfig “cert_utils” enables an attacker ...) + TODO: check +CVE-2022-24388 (Vulnerability in rconfig “date” enables an attacker with u ...) + TODO: check CVE-2022-24387 (With administrator or admin privileges the application can be tricked ...) NOT-FOR-US: SmarterTrack CVE-2022-24386 (Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterToo ...) @@ -18765,8 +18776,8 @@ CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remov NOTE: https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/ NOTE: https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4) NOTE: CONFIG_MMC_MOXART is not set in Debian. -CVE-2022-0486 - RESERVED +CVE-2022-0486 (Improper file permissions in the CommandPost, Collector, Sensor, and S ...) + TODO: check CVE-2022-0485 [nbdcopy: missing error handling may create corrupted destination image] RESERVED - libnbd 1.10.5-1 (bug #1005307) @@ -21567,8 +21578,8 @@ CVE-2022-23708 (A flaw was discovered in Elasticsearch 7.17.0’s upgrade as - elasticsearch CVE-2022-23707 (An XSS vulnerability was found in Kibana index patterns. Using this vu ...) - kibana (bug #700337) -CVE-2022-23706 - RESERVED +CVE-2022-23706 (A remote cross-site scripting (xss) vulnerability was discovered in HP ...) + TODO: check CVE-2022-23705 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...) NOT-FOR-US: HPE CVE-2022-23704 (A potential security vulnerability has been identified in Integrated L ...) @@ -59247,8 +59258,8 @@ CVE-2021-35251 (Sensitive information could be displayed when a detailed technic NOT-FOR-US: Solarwinds CVE-2021-35250 (A researcher reported a Directory Transversal Vulnerability in Serv-U ...) NOT-FOR-US: Serv-U -CVE-2021-35249 - RESERVED +CVE-2021-35249 (This broken access control vulnerability pertains specifically to a do ...) + TODO: check CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...) NOT-FOR-US: SolarWinds CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing characters ...) -- cgit v1.2.3