From b855a931074fda7249c45646e9cf061ca6c58fd1 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 18 Jan 2022 08:10:19 +0000 Subject: automatic update --- data/CVE/list | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) (limited to 'data/CVE') diff --git a/data/CVE/list b/data/CVE/list index 0eef9f801e..b69f515e34 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,17 @@ +CVE-2022-23312 + RESERVED +CVE-2022-23311 + RESERVED +CVE-2022-23310 + RESERVED +CVE-2022-23309 + RESERVED +CVE-2022-23308 + RESERVED +CVE-2022-0266 + RESERVED +CVE-2022-0265 + RESERVED CVE-2022-23307 RESERVED CVE-2022-23306 @@ -55,8 +69,8 @@ CVE-2022-0264 [bpf: Fix kernel address leakage in atomic fetch] [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7d3baf0afa3aa9102d6a521a8e4c41888bb79882 (5.16-rc6) -CVE-2022-0245 - RESERVED +CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/ ...) + TODO: check CVE-2022-0244 RESERVED CVE-2022-0243 @@ -2033,8 +2047,8 @@ CVE-2022-22705 RESERVED CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes a ...) NOT-FOR-US: zabbix-agent2 package for Alpine -CVE-2022-22703 - RESERVED +CVE-2022-22703 (In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cl ...) + TODO: check CVE-2022-22702 (PartKeepr versions up to v1.4.0, in the functionality to upload attach ...) NOT-FOR-US: PartKeepr CVE-2022-22701 (PartKeepr versions up to v1.4.0, loads attachments using a URL while c ...) @@ -3610,7 +3624,8 @@ CVE-2021-45947 (Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (calle NOT-FOR-US: wasm3 CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...) NOT-FOR-US: wasm3 -CVE-2021-45945 (** DISPUTED ** uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds ...) +CVE-2021-45945 + REJECTED NOT-FOR-US: uWebSockets CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...) {DSA-5038-1 DLA-2879-1} @@ -17230,8 +17245,7 @@ CVE-2021-42359 (WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘ad NOT-FOR-US: WP DSGVO Tools (GDPR) CVE-2021-42358 (The Contact Form With Captcha WordPress plugin is vulnerable to Cross- ...) NOT-FOR-US: WordPress plugin -CVE-2021-42357 - RESERVED +CVE-2021-42357 (When using Apache Knox SSO prior to 1.6.1, a request could be crafted ...) NOT-FOR-US: Apache Knox CVE-2021-42356 RESERVED @@ -32931,7 +32945,7 @@ CVE-2020-36407 (libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecode NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24811 NOTE: https://github.com/AOMediaCodec/libavif/commit/0a8e7244d494ae98e9756355dfbfb6697ded2ff9 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libavif/OSV-2020-1597.yaml -CVE-2020-36406 (uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in u ...) +CVE-2020-36406 (** DISPUTED ** uWebSockets 18.11.0 and 18.12.0 has a stack-based buffe ...) NOT-FOR-US: uWebSockets CVE-2020-36405 (Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::get ...) NOT-FOR-US: keystone engine -- cgit v1.2.3