diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-01-06 20:10:20 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-01-06 20:10:20 +0000 |
commit | 01fae168e9664c10eeccdd1f56b7bea093a183c5 (patch) | |
tree | c4079be5dbb91366257e9bd93a27a3a6e01f21e4 /data/CVE | |
parent | f7c88fe3bd1e04195872118e5f697de11c7a5397 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/list.2020 | 1 | ||||
-rw-r--r-- | data/CVE/list.2021 | 126 | ||||
-rw-r--r-- | data/CVE/list.2022 | 64 |
3 files changed, 121 insertions, 70 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 544f7e7fc1..031e4a7efa 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -5016,6 +5016,7 @@ CVE-2020-29051 RESERVED CVE-2020-29050 [arbitrary file reads by scattered file snippets] RESERVED + {DSA-5036-1} - sphinxsearch 2.2.11-3 NOTE: Backported for sphinxsearch from: https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035 NOTE: and https://github.com/manticoresoftware/manticoresearch/commit/6e597ff61e1e910559f6ed541ff32520085af6aa diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 3a9d8030e9..ff5e3942fe 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,5 @@ +CVE-2021-4201 + RESERVED CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...) NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...) @@ -158,34 +160,34 @@ CVE-2021-46082 RESERVED CVE-2021-46081 RESERVED -CVE-2021-46080 - RESERVED -CVE-2021-46079 - RESERVED -CVE-2021-46078 - RESERVED +CVE-2021-46080 (A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Se ...) + TODO: check +CVE-2021-46079 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...) + TODO: check +CVE-2021-46078 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...) + TODO: check CVE-2021-46077 RESERVED -CVE-2021-46076 - RESERVED -CVE-2021-46075 - RESERVED -CVE-2021-46074 - RESERVED -CVE-2021-46073 - RESERVED -CVE-2021-46072 - RESERVED -CVE-2021-46071 - RESERVED -CVE-2021-46070 - RESERVED -CVE-2021-46069 - RESERVED -CVE-2021-46068 - RESERVED -CVE-2021-46067 - RESERVED +CVE-2021-46076 (Sourcecodester Vehicle Service Management System 1.0 is vulnerable to ...) + TODO: check +CVE-2021-46075 (A Privilege Escalation vulnerability exists in Sourcecodester Vehicle ...) + TODO: check +CVE-2021-46074 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) + TODO: check +CVE-2021-46073 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) + TODO: check +CVE-2021-46072 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + TODO: check +CVE-2021-46071 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + TODO: check +CVE-2021-46070 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + TODO: check +CVE-2021-46069 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + TODO: check +CVE-2021-46068 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + TODO: check +CVE-2021-46067 (In Vehicle Service Management System 1.0 an attacker can steal the coo ...) + TODO: check CVE-2021-46066 RESERVED CVE-2021-46065 @@ -566,8 +568,8 @@ CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive infor NOT-FOR-US: Netgear CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw d ...) NOT-FOR-US: Bitmask Riseup VPN -CVE-2021-4194 - RESERVED +CVE-2021-4194 (bookstack is vulnerable to Improper Access Control ...) + TODO: check CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...) - vim 2:8.2.3995-1 [bullseye] - vim <no-dsa> (Minor issue) @@ -1018,10 +1020,10 @@ CVE-2021-45747 RESERVED CVE-2021-45746 RESERVED -CVE-2021-45745 - RESERVED -CVE-2021-45744 - RESERVED +CVE-2021-45745 (A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.1 ...) + TODO: check +CVE-2021-45744 (A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.1 ...) + TODO: check CVE-2021-45743 RESERVED CVE-2021-45742 @@ -1718,14 +1720,11 @@ CVE-2021-4152 RESERVED CVE-2021-4151 RESERVED -CVE-2021-45458 - RESERVED +CVE-2021-45458 (Apache Kylin provides encryption classes PasswordPlaceholderConfigurer ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) -CVE-2021-45457 - RESERVED +CVE-2021-45457 (In Apache Kylin, Cross-origin requests with credentials are allowed to ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) -CVE-2021-45456 - RESERVED +CVE-2021-45456 (Apache kylin checks the legitimacy of the project before executing som ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-45455 RESERVED @@ -3170,8 +3169,8 @@ CVE-2021-44880 RESERVED CVE-2021-44879 RESERVED -CVE-2021-44878 - RESERVED +CVE-2021-44878 (Pac4j v5.1 and earlier allows (by default) clients to accept and succe ...) + TODO: check CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...) NOT-FOR-US: Dalmark Systems Systeam CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...) @@ -3940,10 +3939,10 @@ CVE-2021-44593 RESERVED CVE-2021-44592 RESERVED -CVE-2021-44591 - RESERVED -CVE-2021-44590 - RESERVED +CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...) + TODO: check +CVE-2021-44590 (In libming 0.4.8, a memory exhaustion vulnerability exist in the funct ...) + TODO: check CVE-2021-44589 RESERVED CVE-2021-44588 @@ -3954,8 +3953,8 @@ CVE-2021-44586 RESERVED CVE-2021-44585 RESERVED -CVE-2021-44584 - RESERVED +CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog version ...) + TODO: check CVE-2021-44583 RESERVED CVE-2021-44582 @@ -3994,8 +3993,8 @@ CVE-2021-44566 RESERVED CVE-2021-44565 RESERVED -CVE-2021-44564 - RESERVED +CVE-2021-44564 (A security vulnerability originally reported in the SYNC2101 product, ...) + TODO: check CVE-2021-44563 RESERVED CVE-2021-44562 @@ -4582,8 +4581,8 @@ CVE-2021-44353 RESERVED CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V ...) NOT-FOR-US: Tenda -CVE-2021-44351 - RESERVED +CVE-2021-44351 (An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /na ...) + TODO: check CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via ...) NOT-FOR-US: ThinkPHP5 CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...) @@ -7877,8 +7876,7 @@ CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5 [buster] - linux <not-affected> (Vulnerable code introduced later) [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 (5.15-rc6) -CVE-2021-43045 - RESERVED +CVE-2021-43045 (A vulnerability in the .NET SDK of Apache Avro allows an attacker to a ...) NOT-FOR-US: Apache Avro CVE-2021-3913 RESERVED @@ -22885,8 +22883,7 @@ CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1 -CVE-2021-36774 - RESERVED +CVE-2021-36774 (Apache Kylin allows users to read data from other database systems usi ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...) - ublock-origin 1.37.0+dfsg-1 (bug #991386) @@ -23007,14 +23004,11 @@ CVE-2021-3645 (merge is vulnerable to Improperly Controlled Modification of Obje CVE-2021-3644 RESERVED - wildfly <itp> (bug #752018) -CVE-2021-36739 - RESERVED +CVE-2021-36739 (The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCB ...) NOT-FOR-US: Apache Pluto MVCBean JSP portlet -CVE-2021-36738 - RESERVED +CVE-2021-36738 (The input fields in the JSP version of the Apache Pluto Applicant MVCB ...) NOT-FOR-US: Apache Pluto Applicant MVCBean CDI portlet -CVE-2021-36737 - RESERVED +CVE-2021-36737 (The input fields of the Apache Pluto UrlTestPortlet are vulnerable to ...) NOT-FOR-US: Apache Pluto UrlTestPortlet CVE-2021-36736 RESERVED @@ -35429,8 +35423,7 @@ CVE-2021-23169 (A heap-buffer overflow was found in the copyIntoFrameBuffer func NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ae6d203892cc9311917a7f4f05354ef792b3e58e CVE-2021-31524 RESERVED -CVE-2021-31522 - RESERVED +CVE-2021-31522 (Kylin can receive user input and load any class through Class.forName( ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr version ...) NOT-FOR-US: Zephyr, different from src:zephyr @@ -42462,12 +42455,10 @@ CVE-2021-28717 RESERVED CVE-2021-28716 RESERVED -CVE-2021-28715 - RESERVED +CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of kernel me ...) - linux <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-392.html -CVE-2021-28714 - RESERVED +CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of kernel me ...) - linux <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-392.html CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...) @@ -44879,8 +44870,7 @@ CVE-2021-27740 RESERVED CVE-2021-27739 RESERVED -CVE-2021-27738 - RESERVED +CVE-2021-27738 (All request mappings in `StreamingCoordinatorController.java` handling ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-27737 (Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on th ...) - trafficserver <not-affected> (Only affects 9.x) diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 928f11e0e6..ed28990233 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,63 @@ +CVE-2022-22728 + RESERVED +CVE-2022-22727 + RESERVED +CVE-2022-22726 + RESERVED +CVE-2022-22725 + RESERVED +CVE-2022-22724 + RESERVED +CVE-2022-22723 + RESERVED +CVE-2022-22722 + RESERVED +CVE-2022-22721 + RESERVED +CVE-2022-22720 + RESERVED +CVE-2022-22719 + RESERVED +CVE-2022-22718 + RESERVED +CVE-2022-22717 + RESERVED +CVE-2022-22716 + RESERVED +CVE-2022-22715 + RESERVED +CVE-2022-22714 + RESERVED +CVE-2022-22713 + RESERVED +CVE-2022-22712 + RESERVED +CVE-2022-22711 + RESERVED +CVE-2022-22710 + RESERVED +CVE-2022-22709 + RESERVED +CVE-2022-21806 + RESERVED +CVE-2022-0139 + RESERVED +CVE-2022-0138 + RESERVED +CVE-2022-0137 + RESERVED +CVE-2022-0136 + RESERVED +CVE-2022-0135 + RESERVED +CVE-2022-0134 + RESERVED +CVE-2022-0133 + RESERVED +CVE-2022-0132 + RESERVED +CVE-2022-0131 + RESERVED CVE-2022-22708 RESERVED CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...) @@ -67,8 +127,8 @@ CVE-2022-22678 RESERVED CVE-2022-0129 RESERVED -CVE-2022-0128 - RESERVED +CVE-2022-0128 (vim is vulnerable to Out-of-bounds Read ...) + TODO: check CVE-2022-0127 RESERVED CVE-2022-0126 |