From c2db1c6565ac621abfe6cb2f590c03d8b1a3d552 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 30 Nov 2022 08:10:16 +0000 Subject: automatic update --- data/CVE/list | 277 ++++++++++++++++++++++++++++++++++------------------------ 1 file changed, 162 insertions(+), 115 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 82bce94222..68adb72ead 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,51 @@ +CVE-2022-46344 + RESERVED +CVE-2022-46343 + RESERVED +CVE-2022-46342 + RESERVED +CVE-2022-46341 + RESERVED +CVE-2022-46340 + RESERVED +CVE-2022-46339 + RESERVED +CVE-2022-4224 + RESERVED +CVE-2022-4223 + RESERVED +CVE-2022-4222 (A vulnerability was found in SourceCodester Canteen Management System. ...) + TODO: check +CVE-2022-4221 + RESERVED +CVE-2022-4220 + RESERVED +CVE-2022-4219 + RESERVED +CVE-2022-4218 + RESERVED +CVE-2022-4217 + RESERVED +CVE-2022-4216 + RESERVED +CVE-2022-4215 + RESERVED +CVE-2022-4214 + RESERVED +CVE-2022-4213 + RESERVED +CVE-2022-4212 + RESERVED +CVE-2022-4211 + RESERVED +CVE-2022-4210 + RESERVED +CVE-2022-4209 + RESERVED +CVE-2022-4208 + RESERVED +CVE-2022-41985 + RESERVED CVE-2022-46337 RESERVED CVE-2022-46336 @@ -65,7 +113,7 @@ CVE-2022-4202 (A vulnerability, which was classified as problematic, was found i TODO: check details CVE-2021-46856 RESERVED -CVE-2022-46338 [g810 insecure device permissions] +CVE-2022-46338 (g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, ...) - g810-led 0.4.2-3 (bug #1024998) [bullseye] - g810-led (Minor issue) CVE-2022-46309 @@ -158,54 +206,54 @@ CVE-2022-4197 RESERVED CVE-2022-4196 RESERVED -CVE-2022-4195 - RESERVED -CVE-2022-4194 - RESERVED -CVE-2022-4193 - RESERVED -CVE-2022-4192 - RESERVED -CVE-2022-4191 - RESERVED -CVE-2022-4190 - RESERVED -CVE-2022-4189 - RESERVED -CVE-2022-4188 - RESERVED -CVE-2022-4187 - RESERVED -CVE-2022-4186 - RESERVED -CVE-2022-4185 - RESERVED -CVE-2022-4184 - RESERVED -CVE-2022-4183 - RESERVED -CVE-2022-4182 - RESERVED -CVE-2022-4181 - RESERVED -CVE-2022-4180 - RESERVED +CVE-2022-4195 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...) + TODO: check +CVE-2022-4194 (Use after free in Accessibility in Google Chrome prior to 108.0.5359.7 ...) + TODO: check +CVE-2022-4193 (Insufficient policy enforcement in File System API in Google Chrome pr ...) + TODO: check +CVE-2022-4192 (Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 ...) + TODO: check +CVE-2022-4191 (Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allo ...) + TODO: check +CVE-2022-4190 (Insufficient data validation in Directory in Google Chrome prior to 10 ...) + TODO: check +CVE-2022-4189 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) + TODO: check +CVE-2022-4188 (Insufficient validation of untrusted input in CORS in Google Chrome on ...) + TODO: check +CVE-2022-4187 (Insufficient policy enforcement in DevTools in Google Chrome on Window ...) + TODO: check +CVE-2022-4186 (Insufficient validation of untrusted input in Downloads in Google Chro ...) + TODO: check +CVE-2022-4185 (Inappropriate implementation in Navigation in Google Chrome on iOS pri ...) + TODO: check +CVE-2022-4184 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) + TODO: check +CVE-2022-4183 (Insufficient policy enforcement in Popup Blocker in Google Chrome prio ...) + TODO: check +CVE-2022-4182 (Inappropriate implementation in Fenced Frames in Google Chrome prior t ...) + TODO: check +CVE-2022-4181 (Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowe ...) + TODO: check +CVE-2022-4180 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed ...) + TODO: check CVE-2022-41795 RESERVED CVE-2022-41793 RESERVED -CVE-2022-4179 - RESERVED -CVE-2022-4178 - RESERVED -CVE-2022-4177 - RESERVED -CVE-2022-4176 - RESERVED -CVE-2022-4175 - RESERVED -CVE-2022-4174 - RESERVED +CVE-2022-4179 (Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowe ...) + TODO: check +CVE-2022-4178 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed ...) + TODO: check +CVE-2022-4177 (Use after free in Extensions in Google Chrome prior to 108.0.5359.71 a ...) + TODO: check +CVE-2022-4176 (Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS a ...) + TODO: check +CVE-2022-4175 (Use after free in Camera Capture in Google Chrome prior to 108.0.5359. ...) + TODO: check +CVE-2022-4174 (Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a ...) + TODO: check CVE-2022-4173 RESERVED CVE-2022-4172 (An integer overflow and buffer overflow issues were found in the ACPI ...) @@ -440,8 +488,8 @@ CVE-2022-46157 RESERVED CVE-2022-46156 RESERVED -CVE-2022-46155 - RESERVED +CVE-2022-46155 (Airtable.js is the JavaScript client for Airtable. Prior to version 0. ...) + TODO: check CVE-2022-46154 RESERVED CVE-2022-46153 @@ -1113,8 +1161,7 @@ CVE-2022-45871 RESERVED CVE-2022-45870 RESERVED -CVE-2022-45869 [KVM: x86/mmu: Fix race condition in direct_page_fault] - RESERVED +CVE-2022-45869 (A race condition in the x86 KVM subsystem in the Linux kernel through ...) - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) @@ -2223,26 +2270,26 @@ CVE-2022-45448 RESERVED CVE-2022-45447 RESERVED -CVE-2022-4036 - RESERVED -CVE-2022-4035 - RESERVED -CVE-2022-4034 - RESERVED -CVE-2022-4033 - RESERVED -CVE-2022-4032 - RESERVED -CVE-2022-4031 - RESERVED -CVE-2022-4030 - RESERVED -CVE-2022-4029 - RESERVED -CVE-2022-4028 - RESERVED -CVE-2022-4027 - RESERVED +CVE-2022-4036 (The Appointment Hour Booking plugin for WordPress is vulnerable to CAP ...) + TODO: check +CVE-2022-4035 (The Appointment Hour Booking plugin for WordPress is vulnerable to iFr ...) + TODO: check +CVE-2022-4034 (The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV ...) + TODO: check +CVE-2022-4033 (The Quiz and Survey Master plugin for WordPress is vulnerable to input ...) + TODO: check +CVE-2022-4032 (The Quiz and Survey Master plugin for WordPress is vulnerable to iFram ...) + TODO: check +CVE-2022-4031 (The Simple:Press plugin for WordPress is vulnerable to arbitrary file ...) + TODO: check +CVE-2022-4030 (The Simple:Press plugin for WordPress is vulnerable to Path Traversal ...) + TODO: check +CVE-2022-4029 (The Simple:Press plugin for WordPress is vulnerable to Reflected Cross ...) + TODO: check +CVE-2022-4028 (The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2022-4027 (The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check CVE-2022-4026 RESERVED CVE-2022-4025 @@ -2364,8 +2411,8 @@ CVE-2022-45113 RESERVED CVE-2022-43660 RESERVED -CVE-2022-3995 - RESERVED +CVE-2022-3995 (The TeraWallet plugin for WordPress is vulnerable to Insecure Direct O ...) + TODO: check CVE-2022-3994 RESERVED CVE-2023-21518 @@ -2836,8 +2883,8 @@ CVE-2022-45339 RESERVED CVE-2022-45338 RESERVED -CVE-2022-45337 - RESERVED +CVE-2022-45337 (Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow ...) + TODO: check CVE-2022-45336 RESERVED CVE-2022-45335 @@ -2846,16 +2893,16 @@ CVE-2022-45334 RESERVED CVE-2022-45333 RESERVED -CVE-2022-45332 - RESERVED +CVE-2022-45332 (LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow ...) + TODO: check CVE-2022-45331 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) NOT-FOR-US: AeroCMS CVE-2022-45330 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) NOT-FOR-US: AeroCMS CVE-2022-45329 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) NOT-FOR-US: AeroCMS -CVE-2022-45328 - RESERVED +CVE-2022-45328 (Church Management System v1.0 was discovered to contain a SQL injectio ...) + TODO: check CVE-2022-45327 RESERVED CVE-2022-45326 @@ -3116,8 +3163,8 @@ CVE-2022-3993 (Authentication Bypass by Primary Weakness in GitHub repository ka NOT-FOR-US: Kavita CVE-2022-3992 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Sanitization Management System -CVE-2022-3991 - RESERVED +CVE-2022-3991 (The Photospace Gallery plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check CVE-2022-3990 RESERVED CVE-2022-3989 @@ -3667,12 +3714,12 @@ CVE-2022-45046 RESERVED CVE-2022-3899 RESERVED -CVE-2022-3898 - RESERVED -CVE-2022-3897 - RESERVED -CVE-2022-3896 - RESERVED +CVE-2022-3898 (The WP Affiliate Platform plugin for WordPress is vulnerable to Cross- ...) + TODO: check +CVE-2022-3897 (The WP Affiliate Platform plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2022-3896 (The WP Affiliate Platform plugin for WordPress is vulnerable to Reflec ...) + TODO: check CVE-2022-3895 (Some UI elements of the Common User Interface Component are not proper ...) NOT-FOR-US: BlueSpice CVE-2022-3894 @@ -6699,8 +6746,8 @@ CVE-2022-44281 RESERVED CVE-2022-44280 (Automotive Shop Management System v1.0 is vulnerable to Delete any fil ...) NOT-FOR-US: Automotive Shop Management System -CVE-2022-44279 - RESERVED +CVE-2022-44279 (Garage Management System v1.0 is vulnerable to Cross Site Scripting (X ...) + TODO: check CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sanitization Management System CVE-2022-44277 @@ -7063,10 +7110,10 @@ CVE-2022-44099 RESERVED CVE-2022-44098 RESERVED -CVE-2022-44097 - RESERVED -CVE-2022-44096 - RESERVED +CVE-2022-44097 (Book Store Management System v1.0 was discovered to contain hardcoded ...) + TODO: check +CVE-2022-44096 (Sanitization Management System v1.0 was discovered to contain hardcode ...) + TODO: check CVE-2022-44095 RESERVED CVE-2022-44094 @@ -7313,8 +7360,8 @@ CVE-2022-43983 (Browsershot version 3.57.2 allows an external attacker to remote NOT-FOR-US: Browsershot CVE-2022-3752 RESERVED -CVE-2022-3751 - RESERVED +CVE-2022-3751 (SQL Injection in GitHub repository owncast/owncast prior to 0.0.13. ...) + TODO: check CVE-2022-43982 (In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with confi ...) - airflow (bug #819700) CVE-2022-43981 @@ -7331,8 +7378,8 @@ CVE-2022-3749 RESERVED CVE-2022-3748 RESERVED -CVE-2022-3747 - RESERVED +CVE-2022-3747 (The Becustom plugin for WordPress is vulnerable to Cross-Site Request ...) + TODO: check CVE-2022-3746 RESERVED CVE-2022-3745 @@ -14322,10 +14369,10 @@ CVE-2022-3386 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a NOT-FOR-US: Advantech R-SeeNet CVE-2022-3385 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack ...) NOT-FOR-US: Advantech R-SeeNet -CVE-2022-3384 - RESERVED -CVE-2022-3383 - RESERVED +CVE-2022-3384 (The Ultimate Member plugin for WordPress is vulnerable to Remote Code ...) + TODO: check +CVE-2022-3383 (The Ultimate Member plugin for WordPress is vulnerable to Remote Code ...) + TODO: check CVE-2022-3382 (HIWIN Robot System Software version 3.3.21.9869 does not properly addr ...) NOT-FOR-US: HIWIN Robot System Software CVE-2022-41983 (On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1. ...) @@ -14863,8 +14910,8 @@ CVE-2022-38355 RESERVED CVE-2022-38142 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) NOT-FOR-US: Delta Electronics -CVE-2022-3361 - RESERVED +CVE-2022-3361 (The Ultimate Member plugin for WordPress is vulnerable to directory tr ...) + TODO: check CVE-2022-3360 (The LearnPress WordPress plugin before 4.1.7.2 unserialises user input ...) NOT-FOR-US: WordPress plugin CVE-2022-3359 @@ -15824,10 +15871,10 @@ CVE-2022-41415 (Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain NOT-FOR-US: Acer CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled of Life ...) NOT-FOR-US: Liferay -CVE-2022-41413 - RESERVED -CVE-2022-41412 - RESERVED +CVE-2022-41413 (perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Req ...) + TODO: check +CVE-2022-41412 (An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior ...) + TODO: check CVE-2022-41411 RESERVED CVE-2022-41410 @@ -18623,8 +18670,8 @@ CVE-2022-40267 RESERVED CVE-2022-40266 (Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 ...) NOT-FOR-US: Mitsubishi -CVE-2022-40265 - RESERVED +CVE-2022-40265 (Improper Input Validation vulnerability in Mitsubishi Electric Corpora ...) + TODO: check CVE-2022-40264 RESERVED CVE-2022-40263 (BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcode ...) @@ -27607,16 +27654,16 @@ CVE-2022-36966 (Users with Node Management rights were able to view and edit all NOT-FOR-US: SolarWinds CVE-2022-36965 (Insufficient sanitization of inputs in QoE application input field cou ...) NOT-FOR-US: Solarwinds -CVE-2022-36964 - RESERVED +CVE-2022-36964 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) + TODO: check CVE-2022-36963 RESERVED -CVE-2022-36962 - RESERVED +CVE-2022-36962 (SolarWinds Platform was susceptible to Command Injection. This vulnera ...) + TODO: check CVE-2022-36961 (A vulnerable component of Orion Platform was vulnerable to SQL Injecti ...) NOT-FOR-US: Solarwinds -CVE-2022-36960 - RESERVED +CVE-2022-36960 (SolarWinds Platform was susceptible to Improper Input Validation. This ...) + TODO: check CVE-2022-36959 RESERVED CVE-2022-36958 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) @@ -113721,8 +113768,8 @@ CVE-2021-31695 RESERVED CVE-2021-31694 RESERVED -CVE-2021-31693 - RESERVED +CVE-2021-31693 (VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) c ...) + TODO: check CVE-2021-31692 RESERVED CVE-2021-31691 -- cgit v1.2.3