automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-02-09 20:10:20 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-02-09 20:10:20 +0000
commit: 32b0b2fcd70b1e748d21744e000b1782f8bc4b6a (patch)
tree: 456ea2cc1c34171184a8e1ef71a97e14c90f2391
parent: 60de59ac66069458f8c8b5525469f0905d42048c (diff)
5 files changed, 232 insertions, 207 deletions
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index 74e57fa0ec..03a6f86f3e 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -46046,7 +46046,7 @@ CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS &lt; V1.2 on port 8080/
 	NOT-FOR-US: Siemens
 CVE-2017-2681 (Specially crafted PROFINET DCP packets sent on a local Ethernet segmen ...)
 	NOT-FOR-US: Siemens
-CVE-2017-2680 (Specially crafted PROFINET DCP broadcast packets could cause a Denial- ...)
+CVE-2017-2680 (Specially crafted PROFINET DCP broadcast packets could cause a denial  ...)
 	NOT-FOR-US: Siemens
 CVE-2017-2679
 	REJECTED
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index 56278419d1..f3d518c49a 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -13566,7 +13566,7 @@ CVE-2018-16303 (PDF-XChange Editor through 7.0.326.1 allows remote attackers to
 	NOT-FOR-US: PDF-XChange Editor
 CVE-2018-16302 (MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted fil ...)
 	NOT-FOR-US: MediaComm Zip-n-Go
-CVE-2018-16301
+CVE-2018-16301 (The command-line argument parser in tcpdump before 4.99.0 has a buffer ...)
 	- tcpdump 4.99.0-1
 	NOTE: https://github.com/the-tcpdump-group/libpcap/issues/855
 	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index 1e5dd9cea9..546332f51d 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -18406,7 +18406,7 @@ CVE-2019-13935 (Improper Neutralization of Input During Web Page Generation ('Cr
 	NOT-FOR-US: Siemens
 CVE-2019-13934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: Siemens
-CVE-2019-13933 (A vulnerability has been identified in SCALANCE X-200RNA switch family ...)
+CVE-2019-13933 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...)
 	NOT-FOR-US: Siemens
 CVE-2019-13932 (A vulnerability has been identified in XHQ (All versions &lt; V6.0.0.2 ...)
 	NOT-FOR-US: Siemens
@@ -39067,7 +39067,7 @@ CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect Serv
 	NOT-FOR-US: Siemens
 CVE-2019-6569 (The monitor barrier of the affected products insufficiently blocks dat ...)
 	NOT-FOR-US: Scalance
-CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC ET 200SP O ...)
+CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC CP 1604, S ...)
 	NOT-FOR-US: Siemens
 CVE-2019-6567 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
 	NOT-FOR-US: Siemens
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 800bb47eb4..561924368a 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -722,8 +722,8 @@ CVE-2021-46362
 	RESERVED
 CVE-2021-46361
 	RESERVED
-CVE-2021-46360
-	RESERVED
+CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and e ...)
+	TODO: check
 CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...)
 	NOT-FOR-US: FISCO-BCOS
 CVE-2021-46358
@@ -734,8 +734,8 @@ CVE-2021-46356
 	RESERVED
 CVE-2021-46355
 	RESERVED
-CVE-2021-46354
-	RESERVED
+CVE-2021-46354 (Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version ...)
+	TODO: check
 CVE-2021-46353
 	RESERVED
 CVE-2021-46352
@@ -1232,28 +1232,28 @@ CVE-2021-46163 (Kentico Xperience 13.0.44 allows XSS via an XML document to the
 	NOT-FOR-US: Kentico Xperience CMS
 CVE-2021-46162
 	RESERVED
-CVE-2021-46161
-	RESERVED
-CVE-2021-46160
-	RESERVED
-CVE-2021-46159
-	RESERVED
-CVE-2021-46158
-	RESERVED
-CVE-2021-46157
-	RESERVED
-CVE-2021-46156
-	RESERVED
-CVE-2021-46155
-	RESERVED
-CVE-2021-46154
-	RESERVED
-CVE-2021-46153
-	RESERVED
-CVE-2021-46152
-	RESERVED
-CVE-2021-46151
-	RESERVED
+CVE-2021-46161 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+	TODO: check
+CVE-2021-46160 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+	TODO: check
+CVE-2021-46159 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+	TODO: check
+CVE-2021-46158 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+	TODO: check
+CVE-2021-46157 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+	TODO: check
+CVE-2021-46156 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+	TODO: check
+CVE-2021-46155 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+	TODO: check
+CVE-2021-46154 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+	TODO: check
+CVE-2021-46153 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+	TODO: check
+CVE-2021-46152 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+	TODO: check
+CVE-2021-46151 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+	TODO: check
 CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
 	NOT-FOR-US: MediaWiki extension CheckUser
 CVE-2021-46149 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
@@ -3443,10 +3443,10 @@ CVE-2021-45333
 	RESERVED
 CVE-2021-45332
 	RESERVED
-CVE-2021-45331
-	RESERVED
-CVE-2021-45330
-	RESERVED
+CVE-2021-45331 (An Authentication Bypass vulnerability exists in Gitea before 1.5.0, w ...)
+	TODO: check
+CVE-2021-45330 (An issue exsits in Gitea through 1.15.7, which could let a malicious u ...)
+	TODO: check
 CVE-2021-45329 (Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1  ...)
 	TODO: check
 CVE-2021-45328 (Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (' ...)
@@ -3951,8 +3951,8 @@ CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before
 	NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
 	NOTE: https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20 (3.2.11)
 	NOTE: https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277 (2.2.26)
-CVE-2021-45106
-	RESERVED
+CVE-2021-45106 (A vulnerability has been identified in SICAM TOOLBOX II (All versions) ...)
+	TODO: check
 CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an attacker to ac ...)
 	NOT-FOR-US: Emerson
 CVE-2021-44462
@@ -4564,10 +4564,10 @@ CVE-2021-44914
 	RESERVED
 CVE-2021-44913
 	RESERVED
-CVE-2021-44912
-	RESERVED
-CVE-2021-44911
-	RESERVED
+CVE-2021-44912 (In XE 1.116, when uploading the Normal button, there is no restriction ...)
+	TODO: check
+CVE-2021-44911 (XE before 1.11.6 is vulnerable to Unrestricted file upload via modules ...)
+	TODO: check
 CVE-2021-44910
 	RESERVED
 CVE-2021-44909
@@ -7096,12 +7096,12 @@ CVE-2021-3978
 	RESERVED
 CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During  ...)
 	NOT-FOR-US: invoiceninja
-CVE-2021-44018
-	RESERVED
+CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+	TODO: check
 CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
 	NOT-FOR-US: Siemens
-CVE-2021-44016
-	RESERVED
+CVE-2021-44016 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+	TODO: check
 CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
 	NOT-FOR-US: Siemens
 CVE-2021-44014 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
@@ -7132,8 +7132,8 @@ CVE-2021-44002 (A vulnerability has been identified in JT2Go (All versions &lt;
 	NOT-FOR-US: Siemens
 CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
 	NOT-FOR-US: Siemens
-CVE-2021-44000
-	RESERVED
+CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+	TODO: check
 CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...)
 	- guacamole-client <unfixed>
 	[stretch] - guacamole-client <not-affected> (SAML is not supported)
@@ -13362,10 +13362,10 @@ CVE-2021-41444
 	RESERVED
 CVE-2021-41443
 	RESERVED
-CVE-2021-41442
-	RESERVED
-CVE-2021-41441
-	RESERVED
+CVE-2021-41442 (An HTTP smuggling attack in the web application of D-Link DIR-X1860 be ...)
+	TODO: check
+CVE-2021-41441 (A DoS attack in the web application of D-Link DIR-X1860 before v1.10WW ...)
+	TODO: check
 CVE-2021-41440
 	RESERVED
 CVE-2021-41439
@@ -13628,8 +13628,8 @@ CVE-2021-3815 (utils.js is vulnerable to Improperly Controlled Modification of O
 	NOT-FOR-US: fabiocaccamo/utils.js
 CVE-2021-3814
 	RESERVED
-CVE-2021-3813
-	RESERVED
+CVE-2021-3813 (Improper Privilege Management in GitHub repository chatwoot/chatwoot p ...)
+	TODO: check
 CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...)
 	NOT-FOR-US: NETGEAR
 CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
@@ -14841,8 +14841,8 @@ CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite
 	NOTE: https://github.com/aresch/rencode/pull/29
 CVE-2021-40838
 	RESERVED
-CVE-2021-40837
-	RESERVED
+CVE-2021-40837 (A vulnerability affecting F-Secure antivirus engine before Capricorn u ...)
+	TODO: check
 CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
 	NOT-FOR-US: F-Secure
 CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...)
@@ -16029,14 +16029,14 @@ CVE-2021-40365
 	RESERVED
 CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier  ...)
 	NOT-FOR-US: Siemens
-CVE-2021-40363
-	RESERVED
+CVE-2021-40363 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier  ...)
+	TODO: check
 CVE-2021-40362
 	RESERVED
 CVE-2021-40361
 	RESERVED
-CVE-2021-40360
-	RESERVED
+CVE-2021-40360 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier  ...)
+	TODO: check
 CVE-2021-40359 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier  ...)
 	NOT-FOR-US: Siemens
 CVE-2021-40358 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier  ...)
@@ -22293,17 +22293,17 @@ CVE-2021-37860 (Mattermost 5.38 and earlier fails to sufficiently sanitize clipb
 CVE-2021-37859 (Fixed a bypass for a reflected cross-site scripting vulnerability affe ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2021-37858
-	RESERVED
+	REJECTED
 CVE-2021-37857
-	RESERVED
+	REJECTED
 CVE-2021-37856
-	RESERVED
+	REJECTED
 CVE-2021-37855
-	RESERVED
+	REJECTED
 CVE-2021-37854
-	RESERVED
+	REJECTED
 CVE-2021-37853
-	RESERVED
+	REJECTED
 CVE-2021-37852 (ESET products for Windows allows untrusted process to impersonate the  ...)
 	TODO: check
 CVE-2021-37851
@@ -23843,10 +23843,10 @@ CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3 (
 	NOT-FOR-US: Siemens
 CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...)
 	NOT-FOR-US: Siemens
-CVE-2021-37205
-	RESERVED
-CVE-2021-37204
-	RESERVED
+CVE-2021-37205 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+	TODO: check
+CVE-2021-37204 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+	TODO: check
 CVE-2021-37203 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
 	NOT-FOR-US: Siemens
 CVE-2021-37202 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
@@ -23857,16 +23857,16 @@ CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions &
 	NOT-FOR-US: Siemens
 CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All versions),  ...)
 	NOT-FOR-US: Siemens
-CVE-2021-37198 (A vulnerability has been identified in COMOS (All versions &lt; V10.4. ...)
+CVE-2021-37198 (A vulnerability has been identified in COMOS V10.2 (All versions only  ...)
 	NOT-FOR-US: Siemens
-CVE-2021-37197 (A vulnerability has been identified in COMOS (All versions &lt; V10.4. ...)
+CVE-2021-37197 (A vulnerability has been identified in COMOS V10.2 (All versions only  ...)
 	NOT-FOR-US: Siemens
-CVE-2021-37196 (A vulnerability has been identified in COMOS (All versions &lt; V10.4. ...)
+CVE-2021-37196 (A vulnerability has been identified in COMOS V10.2 (All versions only  ...)
 	NOT-FOR-US: Siemens
-CVE-2021-37195 (A vulnerability has been identified in COMOS (All versions &lt; V10.4. ...)
+CVE-2021-37195 (A vulnerability has been identified in COMOS V10.2 (All versions only  ...)
 	NOT-FOR-US: Siemens
-CVE-2021-37194
-	RESERVED
+CVE-2021-37194 (A vulnerability has been identified in COMOS V10.2 (All versions only  ...)
+	TODO: check
 CVE-2021-37193 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
 	NOT-FOR-US: Siemens
 CVE-2021-37192 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -23883,8 +23883,8 @@ CVE-2021-37187 (An issue was discovered on Digi TransPort devices through 2021-0
 	NOT-FOR-US: Digi TransPort devices
 CVE-2021-37186 (A vulnerability has been identified in LOGO! CMR2020 (All versions &lt ...)
 	NOT-FOR-US: Siemens
-CVE-2021-37185
-	RESERVED
+CVE-2021-37185 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+	TODO: check
 CVE-2021-37184 (A vulnerability has been identified in Industrial Edge Management (All ...)
 	NOT-FOR-US: Siemens
 CVE-2021-37183 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -31555,6 +31555,7 @@ CVE-2021-33835
 CVE-2021-33834
 	RESERVED
 CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based b ...)
+	{DLA-2915-1}
 	- connman 1.36-2.2 (bug #989662)
 	[buster] - connman 1.36-2.1~deb10u2
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/09/1
@@ -51282,8 +51283,8 @@ CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.
 	NOT-FOR-US: Node deep-override
 CVE-2021-25940 (In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insuffic ...)
 	- arangodb <itp> (bug #761817)
-CVE-2021-25939
-	RESERVED
+CVE-2021-25939 (In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature whi ...)
+	TODO: check
 CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...)
 	- arangodb <itp> (bug #761817)
 CVE-2021-25937
@@ -65552,33 +65553,33 @@ CVE-2021-20017 (A post-authenticated command injection vulnerability in SonicWal
 CVE-2021-20016 (A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product a ...)
 	NOT-FOR-US: SonicWall
 CVE-2021-20015
-	RESERVED
+	REJECTED
 CVE-2021-20014
-	RESERVED
+	REJECTED
 CVE-2021-20013
-	RESERVED
+	REJECTED
 CVE-2021-20012
-	RESERVED
+	REJECTED
 CVE-2021-20011
-	RESERVED
+	REJECTED
 CVE-2021-20010
-	RESERVED
+	REJECTED
 CVE-2021-20009
-	RESERVED
+	REJECTED
 CVE-2021-20008
-	RESERVED
+	REJECTED
 CVE-2021-20007
-	RESERVED
+	REJECTED
 CVE-2021-20006
-	RESERVED
+	REJECTED
 CVE-2021-20005
-	RESERVED
+	REJECTED
 CVE-2021-20004
-	RESERVED
+	REJECTED
 CVE-2021-20003
-	RESERVED
+	REJECTED
 CVE-2021-20002
-	RESERVED
+	REJECTED
 CVE-2021-20001
 	RESERVED
 	- debian-edu-config 2.12.16
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index dc62790e2d..ff445f6d8f 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -1,3 +1,17 @@
+CVE-2022-24699
+	RESERVED
+CVE-2022-24698
+	RESERVED
+CVE-2022-24697
+	RESERVED
+CVE-2022-0551
+	RESERVED
+CVE-2022-0550
+	RESERVED
+CVE-2022-0549
+	RESERVED
+CVE-2022-0548
+	RESERVED
 CVE-2022-24696
 	RESERVED
 CVE-2022-24695
@@ -80,14 +94,14 @@ CVE-2022-0541
 	RESERVED
 CVE-2022-0540
 	RESERVED
-CVE-2022-0539
-	RESERVED
-CVE-2022-0538
-	RESERVED
+CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_c ...)
+	TODO: check
+CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...)
+	TODO: check
 CVE-2022-0537
 	RESERVED
-CVE-2022-0536
-	RESERVED
+CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM foll ...)
+	TODO: check
 CVE-2022-0535
 	RESERVED
 CVE-2022-0534
@@ -117,15 +131,15 @@ CVE-2022-24666
 	RESERVED
 CVE-2022-0528
 	RESERVED
-CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in Maven org.webjars.npm:github-co ...)
+CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
 	TODO: check
-CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in Maven org.webjars.npm:github-co ...)
+CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
 	TODO: check
 CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
 	TODO: check
-CVE-2022-0524 (Business Logic Errors in Rubygems typo prior to 9.2.7. ...)
+CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify prior to 9. ...)
 	TODO: check
-CVE-2022-0523 (Expired Pointer Dereference in NPM radare2.js prior to 5.6.2. ...)
+CVE-2022-0523 (Expired Pointer Dereference in GitHub repository radareorg/radare2 pri ...)
 	TODO: check
 CVE-2022-0522 (Access of Memory Location Before Start of Buffer in NPM radare2.js pri ...)
 	TODO: check
@@ -135,7 +149,7 @@ CVE-2022-0520 (Use After Free in NPM radare2.js prior to 5.6.2. ...)
 	TODO: check
 CVE-2022-0519 (Buffer Access with Incorrect Length Value in GitHub repository radareo ...)
 	TODO: check
-CVE-2022-0518 (Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.2. ...)
+CVE-2022-0518 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
 	TODO: check
 CVE-2022-0517
 	RESERVED
@@ -652,7 +666,7 @@ CVE-2022-0510 (Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimco
 	NOT-FOR-US: pimcore
 CVE-2022-0509 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
 	NOT-FOR-US: pimcore
-CVE-2022-0508 (Server-Side Request Forgery (SSRF) in NPM @peertube/embed-api prior to ...)
+CVE-2022-0508 (Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/pee ...)
 	TODO: check
 CVE-2022-0507
 	RESERVED
@@ -3579,8 +3593,8 @@ CVE-2022-23380
 	RESERVED
 CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...)
 	NOT-FOR-US: Emlog
-CVE-2022-23378
-	RESERVED
+CVE-2022-23378 (A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 ver ...)
+	TODO: check
 CVE-2022-23377
 	RESERVED
 CVE-2022-23376
@@ -3733,8 +3747,8 @@ CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav pri
 	NOT-FOR-US: Grav CMS
 CVE-2022-0267
 	RESERVED
-CVE-2022-23312
-	RESERVED
+CVE-2022-23312 (A vulnerability has been identified in Spectrum Power 4 (All versions  ...)
+	TODO: check
 CVE-2022-23311
 	RESERVED
 CVE-2022-23310
@@ -3894,30 +3908,30 @@ CVE-2022-23282
 	RESERVED
 CVE-2022-23281
 	RESERVED
-CVE-2022-23280
-	RESERVED
+CVE-2022-23280 (Microsoft Outlook for Mac Security Feature Bypass Vulnerability. ...)
+	TODO: check
 CVE-2022-23279
 	RESERVED
 CVE-2022-23278
 	RESERVED
 CVE-2022-23277
 	RESERVED
-CVE-2022-23276
-	RESERVED
+CVE-2022-23276 (SQL Server for Linux Containers Elevation of Privilege Vulnerability. ...)
+	TODO: check
 CVE-2022-23275
 	RESERVED
-CVE-2022-23274
-	RESERVED
-CVE-2022-23273
-	RESERVED
-CVE-2022-23272
-	RESERVED
-CVE-2022-23271
-	RESERVED
+CVE-2022-23274 (Microsoft Dynamics GP Remote Code Execution Vulnerability. ...)
+	TODO: check
+CVE-2022-23273 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...)
+	TODO: check
+CVE-2022-23272 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...)
+	TODO: check
+CVE-2022-23271 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...)
+	TODO: check
 CVE-2022-23270
 	RESERVED
-CVE-2022-23269
-	RESERVED
+CVE-2022-23269 (Microsoft Dynamics GP Spoofing Vulnerability. ...)
+	TODO: check
 CVE-2022-23268
 	RESERVED
 CVE-2022-23267
@@ -3942,16 +3956,16 @@ CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-23257
 	RESERVED
-CVE-2022-23256
-	RESERVED
-CVE-2022-23255
-	RESERVED
-CVE-2022-23254
-	RESERVED
+CVE-2022-23256 (Azure Data Explorer Spoofing Vulnerability. ...)
+	TODO: check
+CVE-2022-23255 (Microsoft OneDrive for Android Security Feature Bypass Vulnerability. ...)
+	TODO: check
+CVE-2022-23254 (Microsoft Power BI Information Disclosure Vulnerability. ...)
+	TODO: check
 CVE-2022-23253
 	RESERVED
-CVE-2022-23252
-	RESERVED
+CVE-2022-23252 (Microsoft Office Information Disclosure Vulnerability. ...)
+	TODO: check
 CVE-2022-23251
 	RESERVED
 CVE-2022-23250
@@ -4393,8 +4407,8 @@ CVE-2022-23106 (Jenkins Configuration as Code Plugin 1.55 and earlier used a non
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-23105 (Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-23102
-	RESERVED
+CVE-2022-23102 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+	TODO: check
 CVE-2022-21236 (An information disclosure vulnerability exists due to a web server mis ...)
 	NOT-FOR-US: Reolink
 CVE-2022-21217 (An out-of-bounds write vulnerability exists in the device TestEmail fu ...)
@@ -4440,6 +4454,7 @@ CVE-2022-23100
 CVE-2022-23099
 	RESERVED
 CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40. The  ...)
+	{DLA-2915-1}
 	- connman <unfixed> (bug #1004935)
 	[bullseye] - connman <no-dsa> (Minor issue)
 	[buster] - connman <no-dsa> (Minor issue)
@@ -4448,6 +4463,7 @@ CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c34313a196515c80fe78a2862ad78174b985be5
 CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40. forw ...)
+	{DLA-2915-1}
 	- connman <unfixed> (bug #1004935)
 	[bullseye] - connman <no-dsa> (Minor issue)
 	[buster] - connman <no-dsa> (Minor issue)
@@ -4455,6 +4471,7 @@ CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40
 	NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950
 CVE-2022-23096 (An issue was discovered in the DNS proxy in Connman through 1.40. The  ...)
+	{DLA-2915-1}
 	- connman <unfixed> (bug #1004935)
 	[bullseye] - connman <no-dsa> (Minor issue)
 	[buster] - connman <no-dsa> (Minor issue)
@@ -5298,12 +5315,14 @@ CVE-2022-22765
 	RESERVED
 CVE-2022-22764
 	RESERVED
+	{DSA-5069-1 DLA-2916-1}
 	- firefox 97.0-1
 	- firefox-esr 91.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22764
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22764
 CVE-2022-22763
 	RESERVED
+	{DSA-5069-1 DLA-2916-1}
 	- firefox-esr 91.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22763
 CVE-2022-22762
@@ -5312,18 +5331,21 @@ CVE-2022-22762
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22762
 CVE-2022-22761
 	RESERVED
+	{DSA-5069-1 DLA-2916-1}
 	- firefox 97.0-1
 	- firefox-esr 91.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22761
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22761
 CVE-2022-22760
 	RESERVED
+	{DSA-5069-1 DLA-2916-1}
 	- firefox 97.0-1
 	- firefox-esr 91.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22760
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22760
 CVE-2022-22759
 	RESERVED
+	{DSA-5069-1 DLA-2916-1}
 	- firefox 97.0-1
 	- firefox-esr 91.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22759
@@ -5339,6 +5361,7 @@ CVE-2022-22757
 	TODO: check if WebDriver enabled, if not demote severity to unimportant
 CVE-2022-22756
 	RESERVED
+	{DSA-5069-1 DLA-2916-1}
 	- firefox 97.0-1
 	- firefox-esr 91.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22756
@@ -5349,6 +5372,7 @@ CVE-2022-22755
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22755
 CVE-2022-22754
 	RESERVED
+	{DSA-5069-1 DLA-2916-1}
 	- firefox 97.0-1
 	- firefox-esr 91.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22754
@@ -5509,7 +5533,7 @@ CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions sta
 	- gitlab <unfixed>
 CVE-2022-0150
 	RESERVED
-CVE-2022-0149 (The WooCommerce WordPress plugin before 2.7.1 was affected by a Reflec ...)
+CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon  ...)
 	NOT-FOR-US: WordPress plugin
@@ -5559,26 +5583,26 @@ CVE-2022-22720
 	RESERVED
 CVE-2022-22719
 	RESERVED
-CVE-2022-22718
-	RESERVED
-CVE-2022-22717
-	RESERVED
-CVE-2022-22716
-	RESERVED
-CVE-2022-22715
-	RESERVED
+CVE-2022-22718 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+	TODO: check
+CVE-2022-22717 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+	TODO: check
+CVE-2022-22716 (Microsoft Excel Information Disclosure Vulnerability. ...)
+	TODO: check
+CVE-2022-22715 (Named Pipe File System Elevation of Privilege Vulnerability. ...)
+	TODO: check
 CVE-2022-22714
 	RESERVED
 CVE-2022-22713
 	RESERVED
-CVE-2022-22712
-	RESERVED
+CVE-2022-22712 (Windows Hyper-V Denial of Service Vulnerability. ...)
+	TODO: check
 CVE-2022-22711
 	RESERVED
-CVE-2022-22710
-	RESERVED
-CVE-2022-22709
-	RESERVED
+CVE-2022-22710 (Windows Common Log File System Driver Denial of Service Vulnerability. ...)
+	TODO: check
+CVE-2022-22709 (VP9 Video Extensions Remote Code Execution Vulnerability. ...)
+	TODO: check
 CVE-2022-21806
 	RESERVED
 CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. ...)
@@ -7354,56 +7378,56 @@ CVE-2022-22007
 	RESERVED
 CVE-2022-22006
 	RESERVED
-CVE-2022-22005
-	RESERVED
-CVE-2022-22004
-	RESERVED
-CVE-2022-22003
-	RESERVED
-CVE-2022-22002
-	RESERVED
-CVE-2022-22001
-	RESERVED
-CVE-2022-22000
-	RESERVED
-CVE-2022-21999
-	RESERVED
-CVE-2022-21998
-	RESERVED
-CVE-2022-21997
-	RESERVED
-CVE-2022-21996
-	RESERVED
-CVE-2022-21995
-	RESERVED
-CVE-2022-21994
-	RESERVED
-CVE-2022-21993
-	RESERVED
-CVE-2022-21992
-	RESERVED
-CVE-2022-21991
-	RESERVED
+CVE-2022-22005 (Microsoft SharePoint Server Remote Code Execution Vulnerability. ...)
+	TODO: check
+CVE-2022-22004 (Microsoft Office ClickToRun Remote Code Execution Vulnerability. ...)
+	TODO: check
+CVE-2022-22003 (Microsoft Office Graphics Remote Code Execution Vulnerability. ...)
+	TODO: check
+CVE-2022-22002 (Windows User Account Profile Picture Denial of Service Vulnerability. ...)
+	TODO: check
+CVE-2022-22001 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+	TODO: check
+CVE-2022-22000 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+	TODO: check
+CVE-2022-21999 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+	TODO: check
+CVE-2022-21998 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...)
+	TODO: check
+CVE-2022-21997 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+	TODO: check
+CVE-2022-21996 (Win32k Elevation of Privilege Vulnerability. ...)
+	TODO: check
+CVE-2022-21995 (Windows Hyper-V Remote Code Execution Vulnerability. ...)
+	TODO: check
+CVE-2022-21994 (Windows DWM Core Library Elevation of Privilege Vulnerability. ...)
+	TODO: check
+CVE-2022-21993 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+	TODO: check
+CVE-2022-21992 (Windows Mobile Device Management Remote Code Execution Vulnerability. ...)
+	TODO: check
+CVE-2022-21991 (Visual Studio Code Remote Development Extension Remote Code Execution  ...)
+	TODO: check
 CVE-2022-21990
 	RESERVED
-CVE-2022-21989
-	RESERVED
-CVE-2022-21988
-	RESERVED
-CVE-2022-21987
-	RESERVED
-CVE-2022-21986
-	RESERVED
-CVE-2022-21985
-	RESERVED
-CVE-2022-21984
-	RESERVED
+CVE-2022-21989 (Windows Kernel Elevation of Privilege Vulnerability. ...)
+	TODO: check
+CVE-2022-21988 (Microsoft Office Visio Remote Code Execution Vulnerability. ...)
+	TODO: check
+CVE-2022-21987 (Microsoft SharePoint Server Spoofing Vulnerability. ...)
+	TODO: check
+CVE-2022-21986 (.NET Denial of Service Vulnerability. ...)
+	TODO: check
+CVE-2022-21985 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+	TODO: check
+CVE-2022-21984 (Windows DNS Server Remote Code Execution Vulnerability. ...)
+	TODO: check
 CVE-2022-21983
 	RESERVED
 CVE-2022-21982
 	RESERVED
-CVE-2022-21981
-	RESERVED
+CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+	TODO: check
 CVE-2022-21980
 	RESERVED
 CVE-2022-21979
@@ -7416,26 +7440,26 @@ CVE-2022-21976
 	RESERVED
 CVE-2022-21975
 	RESERVED
-CVE-2022-21974
-	RESERVED
+CVE-2022-21974 (Roaming Security Rights Management Services Remote Code Execution Vuln ...)
+	TODO: check
 CVE-2022-21973
 	RESERVED
 CVE-2022-21972
 	RESERVED
-CVE-2022-21971
-	RESERVED
+CVE-2022-21971 (Windows Runtime Remote Code Execution Vulnerability. ...)
+	TODO: check
 CVE-2022-21970 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.  ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-21969 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...)
 	NOT-FOR-US: Microsoft
-CVE-2022-21968
-	RESERVED
+CVE-2022-21968 (Microsoft SharePoint Server Security Feature BypassVulnerability. ...)
+	TODO: check
 CVE-2022-21967
 	RESERVED
 CVE-2022-21966
 	RESERVED
-CVE-2022-21965
-	RESERVED
+CVE-2022-21965 (Microsoft Teams Denial of Service Vulnerability. ...)
+	TODO: check
 CVE-2022-21964 (Remote Desktop Licensing Diagnoser Information Disclosure Vulnerabilit ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-21963 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
@@ -7450,8 +7474,8 @@ CVE-2022-21959 (Windows Resilient File System (ReFS) Remote Code Execution Vulne
 	NOT-FOR-US: Microsoft
 CVE-2022-21958 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
 	NOT-FOR-US: Microsoft
-CVE-2022-21957
-	RESERVED
+CVE-2022-21957 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
+	TODO: check
 CVE-2022-21956
 	RESERVED
 CVE-2022-21955
@@ -7510,10 +7534,10 @@ CVE-2022-21929 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerabil
 	NOT-FOR-US: Microsoft
 CVE-2022-21928 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
 	NOT-FOR-US: Microsoft
-CVE-2022-21927
-	RESERVED
-CVE-2022-21926
-	RESERVED
+CVE-2022-21927 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+	TODO: check
+CVE-2022-21926 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+	TODO: check
 CVE-2022-21925 (Windows BackupKey Remote Protocol Security Feature Bypass Vulnerabilit ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-21924 (Workstation Service Remote Protocol Security Feature Bypass Vulnerabil ...)
@@ -7676,8 +7700,8 @@ CVE-2022-21846 (Microsoft Exchange Server Remote Code Execution Vulnerability. T
 	NOT-FOR-US: Microsoft
 CVE-2022-21845
 	RESERVED
-CVE-2022-21844
-	RESERVED
+CVE-2022-21844 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+	TODO: check
 CVE-2022-21843 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is  ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-21842 (Microsoft Word Remote Code Execution Vulnerability. ...)
author	security tracker role <sectracker@soriano.debian.org>	2022-02-09 20:10:20 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-02-09 20:10:20 +0000
commit	32b0b2fcd70b1e748d21744e000b1782f8bc4b6a (patch)
tree	456ea2cc1c34171184a8e1ef71a97e14c90f2391
parent	60de59ac66069458f8c8b5525469f0905d42048c (diff)