diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2022-02-20 20:10:19 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2022-02-20 20:10:19 +0000 |
| commit | 5dc31fe35f593a747e1d438adf8ecbd5e806667c (patch) | |
| tree | 714c5ee6b43f60ec7e721aca969195ec8f772293 | |
| parent | 598df42e2831bdee06464cbabb92ef7bf8b91515 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/list.2016 | 2 | ||||
| -rw-r--r-- | data/CVE/list.2021 | 16 | ||||
| -rw-r--r-- | data/CVE/list.2022 | 42 |
3 files changed, 37 insertions, 23 deletions
diff --git a/data/CVE/list.2016 b/data/CVE/list.2016 index 8a75a71ddd..d7e669870d 100644 --- a/data/CVE/list.2016 +++ b/data/CVE/list.2016 @@ -14745,7 +14745,7 @@ CVE-2016-1000103 REJECTED CVE-2016-1000102 REJECTED -CVE-2016-1000027 (Pivotal Spring Framework 4.1.4 suffers from a potential remote code ex ...) +CVE-2016-1000027 (Pivotal Spring Framework through 5.3.16 suffers from a potential remot ...) - libspring-java 4.2.7-1 (unimportant) NOTE: https://www.tenable.com/security/research/tra-2016-20 NOTE: This is not a vulnerability in Spring itself, just how applications are using it diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index f77420f909..6a355340cd 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -4161,12 +4161,12 @@ CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x b NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 CVE-2021-45084 RESERVED -CVE-2021-45083 - RESERVED -CVE-2021-45082 (An issue was discovered in Cobbler through 3.3.0. In the templar.py fi ...) +CVE-2021-45083 (An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler ...) + TODO: check +CVE-2021-45082 (An issue was discovered in Cobbler before 3.3.1. In the templar.py fil ...) - cobbler <removed> -CVE-2021-45081 - RESERVED +CVE-2021-45081 (An issue was discovered in Cobbler through 3.3.1. Routines in several ...) + TODO: check CVE-2021-45080 RESERVED CVE-2021-45079 (In strongSwan before 5.9.5, a malicious responder can send an EAP-Succ ...) @@ -4418,8 +4418,8 @@ CVE-2021-45009 RESERVED CVE-2021-45008 RESERVED -CVE-2021-45007 - RESERVED +CVE-2021-45007 (Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulne ...) + TODO: check CVE-2021-45006 RESERVED CVE-2021-45005 (Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow w ...) @@ -8282,7 +8282,7 @@ CVE-2021-43574 (** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail - atmailopen <removed> CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices before 2 ...) NOT-FOR-US: Realtek -CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (ecdsa-pyth ...) +CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (aka starkb ...) NOT-FOR-US: Stark bank libraries CVE-2021-43571 (The verify function in the Stark Bank Node.js ECDSA library (ecdsa-nod ...) NOT-FOR-US: Stark bank libraries diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 626e4a9b6d..ef4fdecf37 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,17 @@ +CVE-2022-25371 + RESERVED +CVE-2022-25370 + RESERVED +CVE-2022-25355 + RESERVED +CVE-2022-0694 + RESERVED +CVE-2022-0693 + RESERVED +CVE-2022-0692 + RESERVED +CVE-2022-0691 + RESERVED CVE-2022-25369 RESERVED CVE-2022-25368 @@ -6,14 +20,14 @@ CVE-2022-0690 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/mi NOT-FOR-US: microweber CVE-2022-0689 (Use multiple time the one-time coupon in Packagist microweber/microweb ...) NOT-FOR-US: microweber -CVE-2022-0688 - RESERVED +CVE-2022-0688 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...) + TODO: check CVE-2022-0687 RESERVED -CVE-2022-0686 - RESERVED -CVE-2022-0685 - RESERVED +CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) + TODO: check +CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) + TODO: check CVE-2022-0684 RESERVED CVE-2022-25367 @@ -4211,8 +4225,8 @@ CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ... NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/ NOTE: Document best practices for security: https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa NOTE: loguru documents security considerations and best practices to follow -CVE-2022-23848 - RESERVED +CVE-2022-23848 (In Alluxio before 2.7.3, the logserver does not validate the input str ...) + TODO: check CVE-2022-23847 RESERVED CVE-2022-23846 @@ -6440,10 +6454,10 @@ CVE-2022-23056 RESERVED CVE-2022-23055 RESERVED -CVE-2022-23054 - RESERVED -CVE-2022-23053 - RESERVED +CVE-2022-23054 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...) + TODO: check +CVE-2022-23053 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...) + TODO: check CVE-2022-23052 RESERVED CVE-2022-23051 @@ -9005,8 +9019,8 @@ CVE-2022-22128 RESERVED CVE-2022-22127 RESERVED -CVE-2022-22126 - RESERVED +CVE-2022-22126 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...) + TODO: check CVE-2022-22125 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...) NOT-FOR-US: Halo CVE-2022-22124 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...) |