diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-01-21 20:10:27 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-01-21 20:10:27 +0000 |
commit | 285102aa5e8ac43f35fda2f1c34364aec1784040 (patch) | |
tree | 0060eb67b0d7e9e399b2097f640a23962a290045 /data/CVE/list.2022 | |
parent | 077a083b181c08a4411fbb3847e8521044d47d48 (diff) |
automatic update
Diffstat (limited to 'data/CVE/list.2022')
-rw-r--r-- | data/CVE/list.2022 | 119 |
1 files changed, 97 insertions, 22 deletions
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index f6db88cfdf..778c5acaa5 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,75 @@ +CVE-2022-23834 + RESERVED +CVE-2022-23833 + RESERVED +CVE-2022-23832 + RESERVED +CVE-2022-23831 + RESERVED +CVE-2022-23830 + RESERVED +CVE-2022-23829 + RESERVED +CVE-2022-23828 + RESERVED +CVE-2022-23827 + RESERVED +CVE-2022-23826 + RESERVED +CVE-2022-23825 + RESERVED +CVE-2022-23824 + RESERVED +CVE-2022-23823 + RESERVED +CVE-2022-23822 + RESERVED +CVE-2022-23821 + RESERVED +CVE-2022-23820 + RESERVED +CVE-2022-23819 + RESERVED +CVE-2022-23818 + RESERVED +CVE-2022-23817 + RESERVED +CVE-2022-23816 + RESERVED +CVE-2022-23815 + RESERVED +CVE-2022-23814 + RESERVED +CVE-2022-23813 + RESERVED +CVE-2022-22146 + RESERVED +CVE-2022-21193 + RESERVED +CVE-2022-21176 + RESERVED +CVE-2022-21143 + RESERVED +CVE-2022-21141 + RESERVED +CVE-2022-0335 + RESERVED +CVE-2022-0334 + RESERVED +CVE-2022-0333 + RESERVED +CVE-2022-0332 + RESERVED +CVE-2022-0331 + RESERVED +CVE-2022-0330 + RESERVED +CVE-2022-0329 (Code Injection in PyPi loguru prior to and including 0.5.3. ...) + TODO: check +CVE-2022-0328 + RESERVED +CVE-2022-0327 + RESERVED CVE-2022-23809 RESERVED CVE-2022-23808 @@ -66,18 +138,18 @@ CVE-2022-23780 RESERVED CVE-2022-21147 RESERVED -CVE-2022-0323 - RESERVED +CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template Engine ...) + TODO: check CVE-2022-0322 RESERVED CVE-2022-0321 RESERVED CVE-2022-0320 RESERVED -CVE-2022-0319 - RESERVED -CVE-2022-0318 - RESERVED +CVE-2022-0319 (Out-of-bounds Read in Conda vim prior to 8.2. ...) + TODO: check +CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...) + TODO: check CVE-2022-0317 RESERVED CVE-2022-0316 @@ -186,8 +258,8 @@ CVE-2022-23730 RESERVED CVE-2022-23729 RESERVED -CVE-2022-23728 - RESERVED +CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...) + TODO: check CVE-2022-23727 RESERVED CVE-2022-23726 @@ -1162,7 +1234,7 @@ CVE-2022-21801 RESERVED CVE-2022-21796 RESERVED -CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NPM cypress-orchardcore prior t ...) +CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...) NOT-FOR-US: Orchard CMS CVE-2022-0273 RESERVED @@ -1257,7 +1329,7 @@ CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelper NOT-FOR-US: livehelperchat CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab <unfixed> -CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/or ...) +CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...) TODO: check CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...) - apache-log4j1.2 <unfixed> @@ -1436,8 +1508,8 @@ CVE-2022-23223 RESERVED CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...) TODO: check -CVE-2022-23220 [usbview polkit policy local root exploit] - RESERVED +CVE-2022-23220 (USBView 2.1 before 2.2 allows some local users (e.g., ones logged in v ...) + {DSA-5052-1} - usbview 2.0-21-g6fe2f4f-2.1 [stretch] - usbview <not-affected> (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/01/21/1 @@ -1740,14 +1812,14 @@ CVE-2022-23131 (In the case of instances where the SAML SSO authentication is en - zabbix <undetermined> NOTE: https://support.zabbix.com/browse/ZBX-20350 TODO: check, possibly only affecting 5.4.0 onwards -CVE-2022-23130 - RESERVED -CVE-2022-23129 - RESERVED -CVE-2022-23128 - RESERVED -CVE-2022-23127 - RESERVED +CVE-2022-23130 (Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versi ...) + TODO: check +CVE-2022-23129 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric M ...) + TODO: check +CVE-2022-23128 (Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Elect ...) + TODO: check +CVE-2022-23127 (Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 v ...) + TODO: check CVE-2022-23126 RESERVED CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) @@ -2498,14 +2570,17 @@ CVE-2022-22819 CVE-2022-22818 RESERVED CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitra ...) + {DSA-5053-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval NOTE: https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11 (9.0.0) CVE-2022-22816 (path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read d ...) + {DSA-5053-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling NOTE: https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c (9.0.0) CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly initializes I ...) + {DSA-5053-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling NOTE: https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c (9.0.0) @@ -4760,8 +4835,8 @@ CVE-2022-21935 RESERVED CVE-2022-21934 RESERVED -CVE-2022-21933 - RESERVED +CVE-2022-21933 (ASUS VivoMini/Mini PC device has an improper input validation vulnerab ...) + TODO: check CVE-2022-21932 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21931 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...) |