diff options
| author | Jeremiah C. Foster <jeremiah@jeremiahfoster.com> | 2022-01-24 15:17:24 -0500 |
|---|---|---|
| committer | Jeremiah C. Foster <jeremiah@jeremiahfoster.com> | 2022-01-24 15:17:24 -0500 |
| commit | f6ec7f6c03bed10a471f7ac63c64ec345d2687c9 (patch) | |
| tree | e8aebe9bc707e1aeb5d3274778a1719ad7d9913d | |
| parent | 046fa0740db89209969d76d899c9a1e718b8b8e4 (diff) | |
| parent | 3e2f91c090c13c59f4e6fb5c2e4cb2524ba2fed9 (diff) | |
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
| -rw-r--r-- | data/CVE/list.2021 | 517 | ||||
| -rw-r--r-- | data/CVE/list.2022 | 152 |
2 files changed, 559 insertions, 110 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 90530c3bbc..314f6dc75d 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,313 @@ +CVE-2021-46558 + RESERVED +CVE-2021-46557 + RESERVED +CVE-2021-46556 + RESERVED +CVE-2021-46555 + RESERVED +CVE-2021-46554 + RESERVED +CVE-2021-46553 + RESERVED +CVE-2021-46552 + RESERVED +CVE-2021-46551 + RESERVED +CVE-2021-46550 + RESERVED +CVE-2021-46549 + RESERVED +CVE-2021-46548 + RESERVED +CVE-2021-46547 + RESERVED +CVE-2021-46546 + RESERVED +CVE-2021-46545 + RESERVED +CVE-2021-46544 + RESERVED +CVE-2021-46543 + RESERVED +CVE-2021-46542 + RESERVED +CVE-2021-46541 + RESERVED +CVE-2021-46540 + RESERVED +CVE-2021-46539 + RESERVED +CVE-2021-46538 + RESERVED +CVE-2021-46537 + RESERVED +CVE-2021-46536 + RESERVED +CVE-2021-46535 + RESERVED +CVE-2021-46534 + RESERVED +CVE-2021-46533 + RESERVED +CVE-2021-46532 + RESERVED +CVE-2021-46531 + RESERVED +CVE-2021-46530 + RESERVED +CVE-2021-46529 + RESERVED +CVE-2021-46528 + RESERVED +CVE-2021-46527 + RESERVED +CVE-2021-46526 + RESERVED +CVE-2021-46525 + RESERVED +CVE-2021-46524 + RESERVED +CVE-2021-46523 + RESERVED +CVE-2021-46522 + RESERVED +CVE-2021-46521 + RESERVED +CVE-2021-46520 + RESERVED +CVE-2021-46519 + RESERVED +CVE-2021-46518 + RESERVED +CVE-2021-46517 + RESERVED +CVE-2021-46516 + RESERVED +CVE-2021-46515 + RESERVED +CVE-2021-46514 + RESERVED +CVE-2021-46513 + RESERVED +CVE-2021-46512 + RESERVED +CVE-2021-46511 + RESERVED +CVE-2021-46510 + RESERVED +CVE-2021-46509 + RESERVED +CVE-2021-46508 + RESERVED +CVE-2021-46507 + RESERVED +CVE-2021-46506 + RESERVED +CVE-2021-46505 + RESERVED +CVE-2021-46504 + RESERVED +CVE-2021-46503 + RESERVED +CVE-2021-46502 + RESERVED +CVE-2021-46501 + RESERVED +CVE-2021-46500 + RESERVED +CVE-2021-46499 + RESERVED +CVE-2021-46498 + RESERVED +CVE-2021-46497 + RESERVED +CVE-2021-46496 + RESERVED +CVE-2021-46495 + RESERVED +CVE-2021-46494 + RESERVED +CVE-2021-46493 + RESERVED +CVE-2021-46492 + RESERVED +CVE-2021-46491 + RESERVED +CVE-2021-46490 + RESERVED +CVE-2021-46489 + RESERVED +CVE-2021-46488 + RESERVED +CVE-2021-46487 + RESERVED +CVE-2021-46486 + RESERVED +CVE-2021-46485 + RESERVED +CVE-2021-46484 + RESERVED +CVE-2021-46483 + RESERVED +CVE-2021-46482 + RESERVED +CVE-2021-46481 + RESERVED +CVE-2021-46480 + RESERVED +CVE-2021-46479 + RESERVED +CVE-2021-46478 + RESERVED +CVE-2021-46477 + RESERVED +CVE-2021-46476 + RESERVED +CVE-2021-46475 + RESERVED +CVE-2021-46474 + RESERVED +CVE-2021-46473 + RESERVED +CVE-2021-46472 + RESERVED +CVE-2021-46471 + RESERVED +CVE-2021-46470 + RESERVED +CVE-2021-46469 + RESERVED +CVE-2021-46468 + RESERVED +CVE-2021-46467 + RESERVED +CVE-2021-46466 + RESERVED +CVE-2021-46465 + RESERVED +CVE-2021-46464 + RESERVED +CVE-2021-46463 + RESERVED +CVE-2021-46462 + RESERVED +CVE-2021-46461 + RESERVED +CVE-2021-46460 + RESERVED +CVE-2021-46459 + RESERVED +CVE-2021-46458 + RESERVED +CVE-2021-46457 + RESERVED +CVE-2021-46456 + RESERVED +CVE-2021-46455 + RESERVED +CVE-2021-46454 + RESERVED +CVE-2021-46453 + RESERVED +CVE-2021-46452 + RESERVED +CVE-2021-46451 (An SQL Injection vulnerabilty exists in Sourcecodester Online Project ...) + TODO: check +CVE-2021-46450 + RESERVED +CVE-2021-46449 + RESERVED +CVE-2021-46448 + RESERVED +CVE-2021-46447 + RESERVED +CVE-2021-46446 + RESERVED +CVE-2021-46445 + RESERVED +CVE-2021-46444 + RESERVED +CVE-2021-46443 + RESERVED +CVE-2021-46442 + RESERVED +CVE-2021-46441 + RESERVED +CVE-2021-46440 + RESERVED +CVE-2021-46439 + RESERVED +CVE-2021-46438 + RESERVED +CVE-2021-46437 + RESERVED +CVE-2021-46436 + RESERVED +CVE-2021-46435 + RESERVED +CVE-2021-46434 + RESERVED +CVE-2021-46433 + RESERVED +CVE-2021-46432 + RESERVED +CVE-2021-46431 + RESERVED +CVE-2021-46430 + RESERVED +CVE-2021-46429 + RESERVED +CVE-2021-46428 + RESERVED +CVE-2021-46427 + RESERVED +CVE-2021-46426 + RESERVED +CVE-2021-46425 + RESERVED +CVE-2021-46424 + RESERVED +CVE-2021-46423 + RESERVED +CVE-2021-46422 + RESERVED +CVE-2021-46421 + RESERVED +CVE-2021-46420 + RESERVED +CVE-2021-46419 + RESERVED +CVE-2021-46418 + RESERVED +CVE-2021-46417 + RESERVED +CVE-2021-46416 + RESERVED +CVE-2021-46415 + RESERVED +CVE-2021-46414 + RESERVED +CVE-2021-46413 + RESERVED +CVE-2021-46412 + RESERVED +CVE-2021-46411 + RESERVED +CVE-2021-46410 + RESERVED +CVE-2021-46409 + RESERVED +CVE-2021-46408 + RESERVED +CVE-2021-46407 + RESERVED +CVE-2021-46406 + RESERVED +CVE-2021-46405 + RESERVED +CVE-2021-46404 + RESERVED CVE-2021-4209 RESERVED CVE-2021-XXXX [ItemStack meta injection vulnerability] @@ -1199,7 +1509,7 @@ CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertib NOTE: https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81 (2.9.1) TODO: check correctness of commit, might not affect any Debian released version CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-o ...) - {DLA-2885-1} + {DLA-2895-1 DLA-2885-1} - qtsvg-opensource-src 5.15.2-4 (bug #1002991) [bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue) [buster] - qtsvg-opensource-src <no-dsa> (Minor issue) @@ -3397,6 +3707,7 @@ CVE-2021-45080 RESERVED CVE-2021-45079 RESERVED + {DSA-5056-1} - strongswan <unfixed> NOTE: https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html NOTE: Patches: https://download.strongswan.org/security/CVE-2021-45079/ @@ -3682,8 +3993,8 @@ CVE-2021-44983 RESERVED CVE-2021-44982 RESERVED -CVE-2021-44981 - RESERVED +CVE-2021-44981 (In QuickBox Pro v2.5.8 and below, the config.php file has a variable w ...) + TODO: check CVE-2021-44980 RESERVED CVE-2021-44979 @@ -4262,8 +4573,8 @@ CVE-2021-23148 RESERVED CVE-2021-44759 RESERVED -CVE-2021-4088 - RESERVED +CVE-2021-4088 (SQL injection vulnerability in Data Loss Protection (DLP) ePO extensio ...) + TODO: check CVE-2021-4087 RESERVED CVE-2021-4086 @@ -6140,6 +6451,7 @@ CVE-2021-44079 (In the wazuh-slack active response script in Wazuh 4.2.x before NOT-FOR-US: Wazuh CVE-2021-3996 RESERVED + {DSA-5055-1} - util-linux 2.37.3-1 [buster] - util-linux <not-affected> (Vulnerable code introduced later) [stretch] - util-linux <not-affected> (Vulnerable code introduced later) @@ -6149,6 +6461,7 @@ CVE-2021-3996 NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2 CVE-2021-3995 RESERVED + {DSA-5055-1} - util-linux 2.37.3-1 [buster] - util-linux <not-affected> (Vulnerable code introduced later) [stretch] - util-linux <not-affected> (Vulnerable code introduced later) @@ -7874,8 +8187,8 @@ CVE-2021-43422 RESERVED CVE-2021-43421 RESERVED -CVE-2021-43420 - RESERVED +CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester Online Paym ...) + TODO: check CVE-2021-43419 RESERVED CVE-2021-43418 @@ -8609,7 +8922,7 @@ CVE-2021-43115 CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publis ...) {DSA-5033-1} - fort-validator 1.5.2-1 -CVE-2021-43113 (iTextPDF in iText before 7.1.17 allows command injection via a Compare ...) +CVE-2021-43113 (iTextPDF in iText 7 and up to 7.1.17 allows command injection via a Co ...) NOT-FOR-US: iText CVE-2021-43112 RESERVED @@ -10773,8 +11086,8 @@ CVE-2021-42170 RESERVED CVE-2021-42169 (The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite ...) NOT-FOR-US: Dynamic Tax Bracket in PHP using SQLite Free Source Code -CVE-2021-42168 - RESERVED +CVE-2021-42168 (Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sha ...) + TODO: check CVE-2021-42167 RESERVED CVE-2021-42166 @@ -11367,12 +11680,12 @@ CVE-2021-41932 RESERVED CVE-2021-41931 (The Company's Recruitment Management System in id=2 of the parameter f ...) NOT-FOR-US: Company's Recruitment Management System -CVE-2021-41930 - RESERVED -CVE-2021-41929 - RESERVED -CVE-2021-41928 - RESERVED +CVE-2021-41930 (Cross site scripting (XSS) vulnerability in Sourcecodester Online Covi ...) + TODO: check +CVE-2021-41929 (Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Mana ...) + TODO: check +CVE-2021-41928 (SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website ...) + TODO: check CVE-2021-41927 RESERVED CVE-2021-41926 @@ -12038,12 +12351,12 @@ CVE-2021-41662 RESERVED CVE-2021-41661 RESERVED -CVE-2021-41660 - RESERVED -CVE-2021-41659 - RESERVED -CVE-2021-41658 - RESERVED +CVE-2021-41660 (SQL injection vulnerability in Sourcecodester Patient Appointment Sche ...) + TODO: check +CVE-2021-41659 (SQL injection vulnerability in Sourcecodester Banking System v1 by ore ...) + TODO: check +CVE-2021-41658 (Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading ...) + TODO: check CVE-2021-41657 RESERVED CVE-2021-41656 @@ -12488,10 +12801,10 @@ CVE-2021-41474 RESERVED CVE-2021-41473 RESERVED -CVE-2021-41472 - RESERVED -CVE-2021-41471 - RESERVED +CVE-2021-41472 (SQL injection vulnerability in Sourcecodester Simple Membership System ...) + TODO: check +CVE-2021-41471 (SQL injection vulnerability in Sourcecodester South Gate Inn Online Re ...) + TODO: check CVE-2021-41470 RESERVED CVE-2021-41469 @@ -13846,12 +14159,12 @@ CVE-2021-40911 RESERVED CVE-2021-40910 RESERVED -CVE-2021-40909 - RESERVED -CVE-2021-40908 - RESERVED -CVE-2021-40907 - RESERVED +CVE-2021-40909 (Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD wi ...) + TODO: check +CVE-2021-40908 (SQL injection vulnerability in Login.php in Sourcecodester Purchase Or ...) + TODO: check +CVE-2021-40907 (SQL injection vulnerability in Sourcecodester Storage Unit Rental Mana ...) + TODO: check CVE-2021-40906 RESERVED CVE-2021-40905 @@ -14593,8 +14906,8 @@ CVE-2021-40598 RESERVED CVE-2021-40597 RESERVED -CVE-2021-40596 - RESERVED +CVE-2021-40596 (SQL injection vulnerability in Login.php in sourcecodester Online Lear ...) + TODO: check CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management ...) NOT-FOR-US: Sourcecodester CVE-2021-40594 @@ -28060,8 +28373,8 @@ CVE-2021-35007 RESERVED CVE-2021-35006 RESERVED -CVE-2021-35005 - RESERVED +CVE-2021-35005 (This vulnerability allows local attackers to disclose sensitive inform ...) + TODO: check CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -36368,7 +36681,7 @@ CVE-2021-31591 RESERVED CVE-2021-31590 (PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtok ...) NOT-FOR-US: PwnDoc -CVE-2021-31589 (BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an ...) +CVE-2021-31589 (A cross-site scripting (XSS) vulnerability has been reported and confi ...) NOT-FOR-US: BeyondTrust CVE-2021-31588 RESERVED @@ -40776,7 +41089,7 @@ CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4 NOTE: https://github.com/Exiv2/exiv2/commit/cac151ec052d44da3dc779e9e4028e581acb128a CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file] RESERVED - {DLA-2885-1} + {DLA-2895-1 DLA-2885-1} - qtsvg-opensource-src 5.15.2-3 (bug #986798) [buster] - qtsvg-opensource-src <no-dsa> (Minor issue) - qt4-x11 <removed> @@ -52637,28 +52950,28 @@ CVE-2021-25085 RESERVED CVE-2021-25084 RESERVED -CVE-2021-25083 - RESERVED +CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...) + TODO: check CVE-2021-25082 RESERVED CVE-2021-25081 RESERVED -CVE-2021-25080 - RESERVED -CVE-2021-25079 - RESERVED -CVE-2021-25078 - RESERVED +CVE-2021-25080 (The Contact Form Entries WordPress plugin before 1.1.7 does not valida ...) + TODO: check +CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does not saniti ...) + TODO: check +CVE-2021-25078 (The Affiliates Manager WordPress plugin before 2.9.0 does not validate ...) + TODO: check CVE-2021-25077 RESERVED -CVE-2021-25076 - RESERVED +CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not validate ...) + TODO: check CVE-2021-25075 RESERVED -CVE-2021-25074 - RESERVED -CVE-2021-25073 - RESERVED +CVE-2021-25074 (The WebP Converter for Media WordPress plugin before 4.0.3 contains a ...) + TODO: check +CVE-2021-25073 (The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in v ...) + TODO: check CVE-2021-25072 RESERVED CVE-2021-25071 @@ -52679,8 +52992,8 @@ CVE-2021-25064 RESERVED CVE-2021-25063 RESERVED -CVE-2021-25062 - RESERVED +CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 doe ...) + TODO: check CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was affected by a ...) NOT-FOR-US: WordPress plugin CVE-2021-25060 @@ -52705,16 +53018,16 @@ CVE-2021-25051 (The Modal Window WordPress plugin before 5.2.2 within the wow-co NOT-FOR-US: WordPress plugin CVE-2021-25050 RESERVED -CVE-2021-25049 - RESERVED +CVE-2021-25049 (The Mobile Events Manager WordPress plugin before 1.4.4 does not sanit ...) + TODO: check CVE-2021-25048 RESERVED CVE-2021-25047 (The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affecte ...) NOT-FOR-US: WordPress plugin CVE-2021-25046 (The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed a ...) NOT-FOR-US: WordPress plugin -CVE-2021-25045 - RESERVED +CVE-2021-25045 (The Asgaros Forum WordPress plugin before 1.15.15 does not validate or ...) + TODO: check CVE-2021-25044 RESERVED CVE-2021-25043 (The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape ...) @@ -52733,22 +53046,22 @@ CVE-2021-25037 (The All in One SEO WordPress plugin before 4.1.5.3 is affected b NOT-FOR-US: WordPress plugin CVE-2021-25036 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Pr ...) NOT-FOR-US: WordPress plugin -CVE-2021-25035 - RESERVED +CVE-2021-25035 (The Backup and Staging by WP Time Capsule WordPress plugin before 1.22 ...) + TODO: check CVE-2021-25034 RESERVED CVE-2021-25033 RESERVED CVE-2021-25032 (The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPr ...) NOT-FOR-US: WordPress plugin -CVE-2021-25031 - RESERVED +CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Co ...) + TODO: check CVE-2021-25030 (The Events Made Easy WordPress plugin before 2.2.36 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2021-25029 RESERVED -CVE-2021-25028 - RESERVED +CVE-2021-25028 (The Event Tickets WordPress plugin before 5.2.2 does not validate the ...) + TODO: check CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does ...) NOT-FOR-US: WordPress plugin CVE-2021-25026 @@ -52769,16 +53082,16 @@ CVE-2021-25019 RESERVED CVE-2021-25018 RESERVED -CVE-2021-25017 - RESERVED +CVE-2021-25017 (The Tutor LMS WordPress plugin before 1.9.12 does not escape the searc ...) + TODO: check CVE-2021-25016 (The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin ...) NOT-FOR-US: WordPress plugin -CVE-2021-25015 - RESERVED +CVE-2021-25015 (The myCred WordPress plugin before 2.4 does not sanitise and escape th ...) + TODO: check CVE-2021-25014 RESERVED -CVE-2021-25013 - RESERVED +CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have authorisation a ...) + TODO: check CVE-2021-25012 RESERVED CVE-2021-25011 @@ -52787,8 +53100,8 @@ CVE-2021-25010 RESERVED CVE-2021-25009 RESERVED -CVE-2021-25008 - RESERVED +CVE-2021-25008 (The Code Snippets WordPress plugin before 2.14.3 does not escape the s ...) + TODO: check CVE-2021-25007 RESERVED CVE-2021-25006 @@ -52825,16 +53138,16 @@ CVE-2021-24991 (The WooCommerce PDF Invoices & Packing Slips WordPress plugi NOT-FOR-US: WordPress plugin CVE-2021-24990 RESERVED -CVE-2021-24989 - RESERVED +CVE-2021-24989 (The Accept Donations with PayPal WordPress plugin before 1.3.4 does no ...) + TODO: check CVE-2021-24988 (The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2021-24987 RESERVED CVE-2021-24986 RESERVED -CVE-2021-24985 - RESERVED +CVE-2021-24985 (The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sa ...) + TODO: check CVE-2021-24984 (The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does ...) NOT-FOR-US: WordPress plugin CVE-2021-24983 @@ -52851,12 +53164,12 @@ CVE-2021-24978 RESERVED CVE-2021-24977 RESERVED -CVE-2021-24976 - RESERVED +CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and ...) + TODO: check CVE-2021-24975 RESERVED -CVE-2021-24974 - RESERVED +CVE-2021-24974 (The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 do ...) + TODO: check CVE-2021-24973 (The Site Reviews WordPress plugin before 5.17.3 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2021-24972 (The Pixel Cat WordPress plugin before 2.6.3 does not escape some of it ...) @@ -52867,14 +53180,14 @@ CVE-2021-24970 (The All-in-One Video Gallery WordPress plugin before 2.5.0 does NOT-FOR-US: WordPress plugin CVE-2021-24969 (The WordPress Download Manager WordPress plugin before 3.2.22 does not ...) NOT-FOR-US: WordPress plugin -CVE-2021-24968 - RESERVED +CVE-2021-24968 (The Ultimate FAQ WordPress plugin before 2.1.2 does not have capabilit ...) + TODO: check CVE-2021-24967 (The Contact Form & Lead Form Elementor Builder WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2021-24966 RESERVED -CVE-2021-24965 - RESERVED +CVE-2021-24965 (The Five Star Restaurant Reservations WordPress plugin before 2.4.8 do ...) + TODO: check CVE-2021-24964 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly ve ...) NOT-FOR-US: WordPress plugin CVE-2021-24963 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the ...) @@ -52931,8 +53244,8 @@ CVE-2021-24938 (The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and NOT-FOR-US: WordPress plugin CVE-2021-24937 RESERVED -CVE-2021-24936 - RESERVED +CVE-2021-24936 (The WP Extra File Types WordPress plugin before 0.5.1 does not have CS ...) + TODO: check CVE-2021-24935 (The WP Google Fonts WordPress plugin before 3.1.5 does not escape the ...) NOT-FOR-US: WordPress plugin CVE-2021-24934 @@ -52957,8 +53270,8 @@ CVE-2021-24925 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 do NOT-FOR-US: WordPress plugin CVE-2021-24924 (The Email Log WordPress plugin before 2.4.8 does not escape the d para ...) NOT-FOR-US: WordPress plugin -CVE-2021-24923 - RESERVED +CVE-2021-24923 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...) + TODO: check CVE-2021-24922 (The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check w ...) NOT-FOR-US: WordPress plugin CVE-2021-24921 @@ -52991,8 +53304,8 @@ CVE-2021-24908 (The Check & Log Email WordPress plugin before 1.0.4 does not NOT-FOR-US: WordPress plugin CVE-2021-24907 (The Contact Form, Drag and Drop Form Builder for WordPress plugin befo ...) NOT-FOR-US: WordPress plugin -CVE-2021-24906 - RESERVED +CVE-2021-24906 (The Protect WP Admin WordPress plugin before 3.6.2 does not check for ...) + TODO: check CVE-2021-24905 RESERVED CVE-2021-24904 @@ -53073,8 +53386,8 @@ CVE-2021-24867 RESERVED CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not properly san ...) NOT-FOR-US: WordPress plugin -CVE-2021-24865 - RESERVED +CVE-2021-24865 (The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 d ...) + TODO: check CVE-2021-24864 RESERVED CVE-2021-24863 (The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Prot ...) @@ -53087,8 +53400,8 @@ CVE-2021-24860 (The BSK PDF Manager WordPress plugin before 3.1.2 does not valid NOT-FOR-US: WordPress plugin CVE-2021-24859 (The User Meta Shortcodes WordPress plugin through 0.5 registers a shor ...) NOT-FOR-US: WordPress plugin -CVE-2021-24858 - RESERVED +CVE-2021-24858 (The Cookie Notification Plugin for WordPress plugin before 1.0.9 does ...) + TODO: check CVE-2021-24857 (The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded us ...) NOT-FOR-US: WordPress plugin CVE-2021-24856 (The Shared Files WordPress plugin before 1.6.61 does not sanitise and ...) @@ -53337,8 +53650,8 @@ CVE-2021-24735 (The Compact WP Audio Player WordPress plugin before 1.9.7 does n NOT-FOR-US: WordPress plugin CVE-2021-24734 (The Compact WP Audio Player WordPress plugin before 1.9.7 does not esc ...) NOT-FOR-US: WordPress plugin -CVE-2021-24733 - RESERVED +CVE-2021-24733 (The WP Post Page Clone WordPress plugin before 1.2 allows users with a ...) + TODO: check CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plu ...) NOT-FOR-US: WordPress plugin CVE-2021-24731 (The Registration Forms – User profile, Content Restriction, Spam ...) @@ -53411,12 +53724,12 @@ CVE-2021-24698 (The Simple Download Monitor WordPress plugin before 3.9.6 allows NOT-FOR-US: WordPress plugin CVE-2021-24697 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...) NOT-FOR-US: WordPress plugin -CVE-2021-24696 - RESERVED +CVE-2021-24696 (The Simple Download Monitor WordPress plugin before 3.9.9 does not enf ...) + TODO: check CVE-2021-24695 (The Simple Download Monitor WordPress plugin before 3.9.6 saves logs i ...) NOT-FOR-US: WordPress plugin -CVE-2021-24694 - RESERVED +CVE-2021-24694 (The Simple Download Monitor WordPress plugin before 3.9.11 could allow ...) + TODO: check CVE-2021-24693 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...) NOT-FOR-US: WordPress plugin CVE-2021-24692 @@ -53957,8 +54270,8 @@ CVE-2021-24425 (The Floating Notification Bar, Sticky Menu on Scroll, and Sticky NOT-FOR-US: WordPress plugin CVE-2021-24424 (The WP Reset – Most Advanced WordPress Reset Tool WordPress plug ...) NOT-FOR-US: Wordpress plugin -CVE-2021-24423 - RESERVED +CVE-2021-24423 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 ...) + TODO: check CVE-2021-24422 RESERVED CVE-2021-24421 (The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or esc ...) diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 57d5cb4418..3dda8091a4 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,123 @@ +CVE-2022-23913 + RESERVED +CVE-2022-23912 + RESERVED +CVE-2022-23911 + RESERVED +CVE-2022-23910 + RESERVED +CVE-2022-23909 + RESERVED +CVE-2022-23908 + RESERVED +CVE-2022-23907 + RESERVED +CVE-2022-23906 + RESERVED +CVE-2022-23905 + RESERVED +CVE-2022-23904 + RESERVED +CVE-2022-23903 + RESERVED +CVE-2022-23902 + RESERVED +CVE-2022-23901 + RESERVED +CVE-2022-23900 + RESERVED +CVE-2022-23899 + RESERVED +CVE-2022-23898 + RESERVED +CVE-2022-23897 + RESERVED +CVE-2022-23896 + RESERVED +CVE-2022-23895 + RESERVED +CVE-2022-23894 + RESERVED +CVE-2022-23893 + RESERVED +CVE-2022-23892 + RESERVED +CVE-2022-23891 + RESERVED +CVE-2022-23890 + RESERVED +CVE-2022-23889 + RESERVED +CVE-2022-23888 + RESERVED +CVE-2022-23887 + RESERVED +CVE-2022-23886 + RESERVED +CVE-2022-23885 + RESERVED +CVE-2022-23884 + RESERVED +CVE-2022-23883 + RESERVED +CVE-2022-23882 + RESERVED +CVE-2022-23881 + RESERVED +CVE-2022-23880 + RESERVED +CVE-2022-23879 + RESERVED +CVE-2022-23878 + RESERVED +CVE-2022-23877 + RESERVED +CVE-2022-23876 + RESERVED +CVE-2022-23875 + RESERVED +CVE-2022-23874 + RESERVED +CVE-2022-23873 + RESERVED +CVE-2022-23872 + RESERVED +CVE-2022-23871 + RESERVED +CVE-2022-23870 + RESERVED +CVE-2022-23869 + RESERVED +CVE-2022-23868 + RESERVED +CVE-2022-23867 + RESERVED +CVE-2022-23866 + RESERVED +CVE-2022-23865 + RESERVED +CVE-2022-0352 + RESERVED +CVE-2022-0351 + RESERVED +CVE-2022-0350 + RESERVED +CVE-2022-0349 + RESERVED +CVE-2022-0348 + RESERVED +CVE-2022-0347 + RESERVED +CVE-2022-0346 + RESERVED +CVE-2022-0345 + RESERVED +CVE-2022-0344 + RESERVED +CVE-2022-0343 + RESERVED +CVE-2022-0342 + RESERVED CVE-2022-23864 RESERVED CVE-2022-23863 @@ -943,8 +1063,8 @@ CVE-2022-23439 RESERVED CVE-2022-23438 RESERVED -CVE-2022-23437 - RESERVED +CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...) + TODO: check CVE-2022-0311 RESERVED {DSA-5054-1} @@ -1364,8 +1484,8 @@ CVE-2022-0271 RESERVED CVE-2022-0270 RESERVED -CVE-2022-0269 - RESERVED +CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm ...) + TODO: check CVE-2022-0268 RESERVED CVE-2022-0267 @@ -1947,8 +2067,8 @@ CVE-2022-23128 (Incomplete List of Disallowed Inputs vulnerability in Mitsubishi NOT-FOR-US: Mitsubishi CVE-2022-23127 (Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 v ...) NOT-FOR-US: Mitsubishi -CVE-2022-23126 - RESERVED +CVE-2022-23126 (TeslaMate before 1.25.1 (when using the default Docker configuration) ...) + TODO: check CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) NOT-FOR-US: corenlp CVE-2022-0197 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...) @@ -4116,8 +4236,8 @@ CVE-2022-22298 RESERVED CVE-2022-22297 RESERVED -CVE-2022-22296 - RESERVED +CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0 is vul ...) + TODO: check CVE-2022-22295 RESERVED CVE-2022-22294 @@ -5482,6 +5602,7 @@ CVE-2022-21701 (Istio is an open platform to connect, manage, and secure microse CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed for build ...) TODO: check CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive comput ...) + {DLA-2896-1} - ipython <unfixed> (bug #1004122) NOTE: https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x NOTE: Fixed by: https://github.com/ipython/ipython/commit/1ec91ebf328bdf3450130de4b4604c79dc1e19d9 @@ -6194,9 +6315,11 @@ CVE-2022-21367 (Vulnerability in the MySQL Server product of Oracle MySQL (compo - mysql-5.7 <removed> - mysql-8.0 <unfixed> CVE-2022-21366 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21365 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-8 <unfixed> - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 @@ -6209,6 +6332,7 @@ CVE-2022-21362 (Vulnerability in the MySQL Server product of Oracle MySQL (compo CVE-2022-21361 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21360 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-8 <unfixed> - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 @@ -6250,10 +6374,12 @@ CVE-2022-21343 CVE-2022-21342 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 <unfixed> CVE-2022-21341 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-8 <unfixed> - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21340 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-8 <unfixed> - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 @@ -6326,6 +6452,7 @@ CVE-2022-21307 (Vulnerability in the MySQL Cluster product of Oracle MySQL (comp CVE-2022-21306 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21305 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-8 <unfixed> - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 @@ -6342,6 +6469,7 @@ CVE-2022-21301 (Vulnerability in the MySQL Server product of Oracle MySQL (compo CVE-2022-21300 (Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack prod ...) NOT-FOR-US: Oracle CVE-2022-21299 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-8 <unfixed> - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 @@ -6350,22 +6478,26 @@ CVE-2022-21298 (Vulnerability in the Oracle Solaris product of Oracle Systems (c CVE-2022-21297 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 <unfixed> CVE-2022-21296 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-8 <unfixed> - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21295 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox <not-affected> (Windows-specific) CVE-2022-21294 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-8 <unfixed> - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21293 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-8 <unfixed> - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21292 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21291 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-8 <unfixed> - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 @@ -6384,9 +6516,11 @@ CVE-2022-21285 (Vulnerability in the MySQL Cluster product of Oracle MySQL (comp CVE-2022-21284 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21283 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21282 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-8 <unfixed> - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 @@ -6399,6 +6533,7 @@ CVE-2022-21279 (Vulnerability in the MySQL Cluster product of Oracle MySQL (comp CVE-2022-21278 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 <unfixed> CVE-2022-21277 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21276 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) @@ -6460,6 +6595,7 @@ CVE-2022-21250 (Vulnerability in the Oracle Trade Management product of Oracle E CVE-2022-21249 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 <unfixed> CVE-2022-21248 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5057-1} - openjdk-8 <unfixed> - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 |