diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-01-18 20:10:28 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-01-18 20:10:28 +0000 |
commit | e916105151056d73f5183752ec61b031e6c0ce7f (patch) | |
tree | 825a2bae06ce0e98d04656ed5f2c1ad338ace92d /data/CVE | |
parent | c2f68c9cdf802b40a08e6cad5c1d86d6eb3575eb (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/list.2018 | 1 | ||||
-rw-r--r-- | data/CVE/list.2020 | 8 | ||||
-rw-r--r-- | data/CVE/list.2021 | 365 | ||||
-rw-r--r-- | data/CVE/list.2022 | 286 |
4 files changed, 517 insertions, 143 deletions
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index b2321b7e4b..ea034eadde 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -6433,6 +6433,7 @@ CVE-2018-19050 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword la CVE-2018-19049 RESERVED CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c i ...) + {DLA-2887-1} - lighttpd 1.4.52-1 (bug #913528) [jessie] - lighttpd <no-dsa> (Minor issue) NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 2ea3078b23..28d30179db 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -39202,14 +39202,14 @@ CVE-2020-14112 RESERVED CVE-2020-14111 RESERVED -CVE-2020-14110 - RESERVED +CVE-2020-14110 (AX3600 router sensitive information leaked.There is an unauthorized in ...) + TODO: check CVE-2020-14109 (There is command injection in the meshd program in the routing system, ...) NOT-FOR-US: Xiaomi CVE-2020-14108 RESERVED -CVE-2020-14107 - RESERVED +CVE-2020-14107 (A stack overflow in the HTTP server of Cast can be exploited to make t ...) + TODO: check CVE-2020-14106 (The application in the mobile phone can unauthorized access to the lis ...) NOT-FOR-US: Xiaomi CVE-2020-14105 (The application in the mobile phone can read the SNO information of th ...) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 249d5bcb3a..7875af9985 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,193 @@ +CVE-2021-46399 + RESERVED +CVE-2021-46398 + RESERVED +CVE-2021-46397 + RESERVED +CVE-2021-46396 + RESERVED +CVE-2021-46395 + RESERVED +CVE-2021-46394 + RESERVED +CVE-2021-46393 + RESERVED +CVE-2021-46392 + RESERVED +CVE-2021-46391 + RESERVED +CVE-2021-46390 + RESERVED +CVE-2021-46389 + RESERVED +CVE-2021-46388 + RESERVED +CVE-2021-46387 + RESERVED +CVE-2021-46386 + RESERVED +CVE-2021-46385 + RESERVED +CVE-2021-46384 + RESERVED +CVE-2021-46383 + RESERVED +CVE-2021-46382 + RESERVED +CVE-2021-46381 + RESERVED +CVE-2021-46380 + RESERVED +CVE-2021-46379 + RESERVED +CVE-2021-46378 + RESERVED +CVE-2021-46377 + RESERVED +CVE-2021-46376 + RESERVED +CVE-2021-46375 + RESERVED +CVE-2021-46374 + RESERVED +CVE-2021-46373 + RESERVED +CVE-2021-46372 + RESERVED +CVE-2021-46371 + RESERVED +CVE-2021-46370 + RESERVED +CVE-2021-46369 + RESERVED +CVE-2021-46368 + RESERVED +CVE-2021-46367 + RESERVED +CVE-2021-46366 + RESERVED +CVE-2021-46365 + RESERVED +CVE-2021-46364 + RESERVED +CVE-2021-46363 + RESERVED +CVE-2021-46362 + RESERVED +CVE-2021-46361 + RESERVED +CVE-2021-46360 + RESERVED +CVE-2021-46359 + RESERVED +CVE-2021-46358 + RESERVED +CVE-2021-46357 + RESERVED +CVE-2021-46356 + RESERVED +CVE-2021-46355 + RESERVED +CVE-2021-46354 + RESERVED +CVE-2021-46353 + RESERVED +CVE-2021-46352 + RESERVED +CVE-2021-46351 + RESERVED +CVE-2021-46350 + RESERVED +CVE-2021-46349 + RESERVED +CVE-2021-46348 + RESERVED +CVE-2021-46347 + RESERVED +CVE-2021-46346 + RESERVED +CVE-2021-46345 + RESERVED +CVE-2021-46344 + RESERVED +CVE-2021-46343 + RESERVED +CVE-2021-46342 + RESERVED +CVE-2021-46341 + RESERVED +CVE-2021-46340 + RESERVED +CVE-2021-46339 + RESERVED +CVE-2021-46338 + RESERVED +CVE-2021-46337 + RESERVED +CVE-2021-46336 + RESERVED +CVE-2021-46335 + RESERVED +CVE-2021-46334 + RESERVED +CVE-2021-46333 + RESERVED +CVE-2021-46332 + RESERVED +CVE-2021-46331 + RESERVED +CVE-2021-46330 + RESERVED +CVE-2021-46329 + RESERVED +CVE-2021-46328 + RESERVED +CVE-2021-46327 + RESERVED +CVE-2021-46326 + RESERVED +CVE-2021-46325 + RESERVED +CVE-2021-46324 + RESERVED +CVE-2021-46323 + RESERVED +CVE-2021-46322 + RESERVED +CVE-2021-46321 + RESERVED +CVE-2021-46320 + RESERVED +CVE-2021-46319 + RESERVED +CVE-2021-46318 + RESERVED +CVE-2021-46317 + RESERVED +CVE-2021-46316 + RESERVED +CVE-2021-46315 + RESERVED +CVE-2021-46314 + RESERVED +CVE-2021-46313 + RESERVED +CVE-2021-46312 + RESERVED +CVE-2021-46311 + RESERVED +CVE-2021-46310 + RESERVED +CVE-2021-46309 + RESERVED +CVE-2021-46308 + RESERVED +CVE-2021-46307 + RESERVED +CVE-2021-46306 + RESERVED +CVE-2021-46305 + RESERVED CVE-2021-46304 RESERVED CVE-2021-46303 @@ -699,10 +889,10 @@ CVE-2021-46015 RESERVED CVE-2021-46014 RESERVED -CVE-2021-46013 - RESERVED +CVE-2021-46013 (An unrestricted file upload vulnerability exists in Sourcecodester Fre ...) + TODO: check CVE-2021-46012 - RESERVED + REJECTED CVE-2021-46011 RESERVED CVE-2021-46010 @@ -715,8 +905,8 @@ CVE-2021-46007 RESERVED CVE-2021-46006 RESERVED -CVE-2021-46005 - RESERVED +CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross ...) + TODO: check CVE-2021-46004 RESERVED CVE-2021-46003 @@ -2193,8 +2383,8 @@ CVE-2021-4147 [deadlock and crash in libxl driver] NOTE: https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5 NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340 -CVE-2021-4146 - RESERVED +CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...) + TODO: check CVE-2021-4145 [NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c] RESERVED - qemu 1:6.2+dfsg-1 @@ -2324,8 +2514,8 @@ CVE-2021-45396 RESERVED CVE-2021-45395 RESERVED -CVE-2021-45394 - RESERVED +CVE-2021-45394 (An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can ...) + TODO: check CVE-2021-45393 RESERVED CVE-2021-45392 @@ -3739,12 +3929,12 @@ CVE-2021-44842 RESERVED CVE-2021-44841 RESERVED -CVE-2021-44840 - RESERVED +CVE-2021-44840 (An issue was discovered in Delta RM 1.2. Using an privileged account, ...) + TODO: check CVE-2021-44839 RESERVED -CVE-2021-44838 - RESERVED +CVE-2021-44838 (An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax ...) + TODO: check CVE-2021-44837 RESERVED CVE-2021-44836 @@ -3985,8 +4175,7 @@ CVE-2021-4085 RESERVED CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) NOT-FOR-US: Pimcore -CVE-2021-4083 - RESERVED +CVE-2021-4083 (A read-after-free memory flaw was found in the Linux kernel's garbage ...) - linux 5.15.5-2 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/054aa8d439b9185d4f5eb9a90282d1ce74772969 (5.16-rc4) @@ -3996,8 +4185,8 @@ CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During NOT-FOR-US: Pimcore CVE-2021-44758 RESERVED -CVE-2021-44757 - RESERVED +CVE-2021-44757 (Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Centr ...) + TODO: check CVE-2021-44756 RESERVED CVE-2021-44755 @@ -4243,8 +4432,8 @@ CVE-2021-44675 (Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 i NOT-FOR-US: Zoho ManageEngine CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF) ...) NOT-FOR-US: snipe-it -CVE-2021-4074 - RESERVED +CVE-2021-4074 (The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site S ...) + TODO: check CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...) NOT-FOR-US: WordPress plugin CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During Web Page ...) @@ -4631,8 +4820,8 @@ CVE-2021-44540 (A vulnerability was found in Privoxy which was fixed in get_url_ [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb07592c0912cf938a50fcd009fa29a0a (v_3_0_33) -CVE-2021-43353 - RESERVED +CVE-2021-43353 (The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Reque ...) + TODO: check CVE-2021-41836 (The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-4050 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) @@ -5465,8 +5654,8 @@ CVE-2021-44219 (Gin-Vue-Admin before 2.4.6 mishandles a SQL database. ...) NOT-FOR-US: Gin-Vue-Admin CVE-2021-44218 RESERVED -CVE-2021-44217 - RESERVED +CVE-2021-44217 (In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting ...) + TODO: check CVE-2021-44216 RESERVED CVE-2021-44215 @@ -11356,12 +11545,12 @@ CVE-2021-41811 RESERVED CVE-2021-41810 RESERVED -CVE-2021-41809 - RESERVED -CVE-2021-41808 - RESERVED -CVE-2021-41807 - RESERVED +CVE-2021-41809 (SSRF vulnerability in M-Files Server products with versions before 22. ...) + TODO: check +CVE-2021-41808 (In M-Files Server product with versions before 21.11.10775.0, enabling ...) + TODO: check +CVE-2021-41807 (Lack of rate limiting in M-Files Server and M-Files Web products with ...) + TODO: check CVE-2021-41806 RESERVED CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ...) @@ -11979,10 +12168,10 @@ CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.8 NOT-FOR-US: ARCHIBUS Web Central CVE-2021-41552 RESERVED -CVE-2021-41551 - RESERVED -CVE-2021-41550 - RESERVED +CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...) + TODO: check +CVE-2021-41550 (Leostream Connection Broker 9.0.40.17 allows administrator to upload a ...) + TODO: check CVE-2021-41549 RESERVED CVE-2021-41548 @@ -15873,8 +16062,7 @@ CVE-2021-39948 RESERVED CVE-2021-39947 RESERVED -CVE-2021-39946 - RESERVED +CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions 14.3 to ...) - gitlab <unfixed> CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all versions ...) - gitlab <unfixed> @@ -15882,8 +16070,7 @@ CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versi - gitlab <unfixed> CVE-2021-39943 RESERVED -CVE-2021-39942 - RESERVED +CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...) - gitlab <unfixed> CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...) - gitlab <unfixed> @@ -15921,8 +16108,7 @@ CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark [buster] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-13.html -CVE-2021-39927 - RESERVED +CVE-2021-39927 (Server side request forgery protections in GitLab CE/EE versions betwe ...) - gitlab <unfixed> CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 ...) {DSA-5019-1} @@ -16022,8 +16208,8 @@ CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebindi - gitlab <unfixed> CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...) - gitlab <unfixed> -CVE-2021-39892 - RESERVED +CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower privileged ...) + TODO: check CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...) - gitlab <unfixed> CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...) @@ -18663,12 +18849,12 @@ CVE-2021-38787 RESERVED CVE-2021-38786 RESERVED -CVE-2021-38785 - RESERVED -CVE-2021-38784 - RESERVED -CVE-2021-38783 - RESERVED +CVE-2021-38785 (There is a NULL pointer deference in the Allwinner R818 SoC Android Q ...) + TODO: check +CVE-2021-38784 (There is a NULL pointer dereference in the syscall open_exec function ...) + TODO: check +CVE-2021-38783 (There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK ...) + TODO: check CVE-2021-38782 RESERVED CVE-2021-38781 @@ -18857,14 +19043,14 @@ CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint - consul <unfixed> NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 NOTE: https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15) -CVE-2021-38697 - RESERVED -CVE-2021-38696 - RESERVED -CVE-2021-38695 - RESERVED -CVE-2021-38694 - RESERVED +CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted Fi ...) + TODO: check +CVE-2021-38696 (SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerabi ...) + TODO: check +CVE-2021-38695 (SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scr ...) + TODO: check +CVE-2021-38694 (SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. ...) + TODO: check CVE-2021-38693 RESERVED CVE-2021-38692 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) @@ -21090,14 +21276,14 @@ CVE-2021-37869 RESERVED CVE-2021-37868 RESERVED -CVE-2021-37867 - RESERVED -CVE-2021-37866 - RESERVED -CVE-2021-37865 - RESERVED -CVE-2021-37864 - RESERVED +CVE-2021-37867 (Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ...) + TODO: check +CVE-2021-37866 (Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ...) + TODO: check +CVE-2021-37865 (Mattermost 6.2 and earlier fails to sufficiently process a specificall ...) + TODO: check +CVE-2021-37864 (Mattermost 6.1 and earlier fails to sufficiently validate permissions ...) + TODO: check CVE-2021-37863 (Mattermost 6.0 and earlier fails to sufficiently validate parameters d ...) TODO: check CVE-2021-37862 (Mattermost 6.0 and earlier fails to sufficiently validate the email ad ...) @@ -27165,7 +27351,7 @@ CVE-2021-35249 RESERVED CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...) NOT-FOR-US: SolarWinds -CVE-2021-35247 (Serv-U web login screen was allowing characters that were not sanitize ...) +CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing characters ...) NOT-FOR-US: SolarWinds CVE-2021-35246 RESERVED @@ -29089,18 +29275,18 @@ CVE-2021-34408 (The Zoom Client for Meetings for Windows in all versions before NOT-FOR-US: Zoom Client for Meetings for Windows CVE-2021-34407 REJECTED -CVE-2021-34406 - RESERVED -CVE-2021-34405 - RESERVED -CVE-2021-34404 - RESERVED -CVE-2021-34403 - RESERVED -CVE-2021-34402 - RESERVED -CVE-2021-34401 - RESERVED +CVE-2021-34406 (NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a ...) + TODO: check +CVE-2021-34405 (NVIDIA Linux distributions contain a vulnerability in TrustZone’ ...) + TODO: check +CVE-2021-34404 (Android images for T210 provided by NVIDIA contain a vulnerability in ...) + TODO: check +CVE-2021-34403 (NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, whi ...) + TODO: check +CVE-2021-34402 (NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, w ...) + TODO: check +CVE-2021-34401 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVG ...) + TODO: check CVE-2021-34400 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) NOT-FOR-US: NVIDIA CVE-2021-34399 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) @@ -30017,10 +30203,10 @@ CVE-2021-33967 RESERVED CVE-2021-33966 RESERVED -CVE-2021-33965 - RESERVED -CVE-2021-33964 - RESERVED +CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) + TODO: check +CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) + TODO: check CVE-2021-33963 (China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router web interface CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS comman ...) @@ -35593,7 +35779,8 @@ CVE-2021-31773 RESERVED CVE-2021-31772 RESERVED -CVE-2021-31771 (** DISPUTED ** Splinterware System Scheduler Professional version 5.30 ...) +CVE-2021-31771 + REJECTED NOT-FOR-US: Splinterware CVE-2021-31770 RESERVED @@ -40555,8 +40742,8 @@ CVE-2021-29874 RESERVED CVE-2021-29873 (IBM Flash System 900 could allow an authenticated attacker to obtain s ...) NOT-FOR-US: IBM -CVE-2021-29872 - RESERVED +CVE-2021-29872 (IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation S ...) + TODO: check CVE-2021-29871 RESERVED CVE-2021-29870 @@ -41081,8 +41268,8 @@ CVE-2021-29634 RESERVED CVE-2021-29633 RESERVED -CVE-2021-29632 - RESERVED +CVE-2021-29632 (In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before ...) + TODO: check CVE-2021-29631 (In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before ...) NOT-FOR-US: FreeBSD CVE-2021-29630 (In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before ...) @@ -42144,8 +42331,8 @@ CVE-2021-29217 RESERVED CVE-2021-29216 RESERVED -CVE-2021-29215 - RESERVED +CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric that may ...) + TODO: check CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...) NOT-FOR-US: HPE CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...) @@ -57799,8 +57986,8 @@ CVE-2021-22568 (When using the dart pub publish command to publish a package to TODO: check CVE-2021-22567 (Bidirectional Unicode text can be interpreted and compiled differently ...) TODO: check -CVE-2021-22566 - RESERVED +CVE-2021-22566 (An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead ...) + TODO: check CVE-2021-22565 (An attacker could prematurely expire a verification code, making it un ...) TODO: check CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger than an i ...) diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 88007a9c4d..6ba5d9c897 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,197 @@ +CVE-2022-23398 + RESERVED +CVE-2022-23397 + RESERVED +CVE-2022-23396 + RESERVED +CVE-2022-23395 + RESERVED +CVE-2022-23394 + RESERVED +CVE-2022-23393 + RESERVED +CVE-2022-23392 + RESERVED +CVE-2022-23391 + RESERVED +CVE-2022-23390 + RESERVED +CVE-2022-23389 + RESERVED +CVE-2022-23388 + RESERVED +CVE-2022-23387 + RESERVED +CVE-2022-23386 + RESERVED +CVE-2022-23385 + RESERVED +CVE-2022-23384 + RESERVED +CVE-2022-23383 + RESERVED +CVE-2022-23382 + RESERVED +CVE-2022-23381 + RESERVED +CVE-2022-23380 + RESERVED +CVE-2022-23379 + RESERVED +CVE-2022-23378 + RESERVED +CVE-2022-23377 + RESERVED +CVE-2022-23376 + RESERVED +CVE-2022-23375 + RESERVED +CVE-2022-23374 + RESERVED +CVE-2022-23373 + RESERVED +CVE-2022-23372 + RESERVED +CVE-2022-23371 + RESERVED +CVE-2022-23370 + RESERVED +CVE-2022-23369 + RESERVED +CVE-2022-23368 + RESERVED +CVE-2022-23367 + RESERVED +CVE-2022-23366 + RESERVED +CVE-2022-23365 + RESERVED +CVE-2022-23364 + RESERVED +CVE-2022-23363 + RESERVED +CVE-2022-23362 + RESERVED +CVE-2022-23361 + RESERVED +CVE-2022-23360 + RESERVED +CVE-2022-23359 + RESERVED +CVE-2022-23358 + RESERVED +CVE-2022-23357 + RESERVED +CVE-2022-23356 + RESERVED +CVE-2022-23355 + RESERVED +CVE-2022-23354 + RESERVED +CVE-2022-23353 + RESERVED +CVE-2022-23352 + RESERVED +CVE-2022-23351 + RESERVED +CVE-2022-23350 + RESERVED +CVE-2022-23349 + RESERVED +CVE-2022-23348 + RESERVED +CVE-2022-23347 + RESERVED +CVE-2022-23346 + RESERVED +CVE-2022-23345 + RESERVED +CVE-2022-23344 + RESERVED +CVE-2022-23343 + RESERVED +CVE-2022-23342 + RESERVED +CVE-2022-23341 + RESERVED +CVE-2022-23340 + RESERVED +CVE-2022-23339 + RESERVED +CVE-2022-23338 + RESERVED +CVE-2022-23337 + RESERVED +CVE-2022-23336 + RESERVED +CVE-2022-23335 + RESERVED +CVE-2022-23334 + RESERVED +CVE-2022-23333 + RESERVED +CVE-2022-23332 + RESERVED +CVE-2022-23331 + RESERVED +CVE-2022-23330 + RESERVED +CVE-2022-23329 + RESERVED +CVE-2022-23328 + RESERVED +CVE-2022-23327 + RESERVED +CVE-2022-23326 + RESERVED +CVE-2022-23325 + RESERVED +CVE-2022-23324 + RESERVED +CVE-2022-23323 + RESERVED +CVE-2022-23322 + RESERVED +CVE-2022-23321 + RESERVED +CVE-2022-23320 + RESERVED +CVE-2022-23319 + RESERVED +CVE-2022-23318 + RESERVED +CVE-2022-23317 + RESERVED +CVE-2022-23316 + RESERVED +CVE-2022-23315 + RESERVED +CVE-2022-23314 + RESERVED +CVE-2022-23313 + RESERVED +CVE-2022-22137 + RESERVED +CVE-2022-21801 + RESERVED +CVE-2022-21796 + RESERVED +CVE-2022-0274 + RESERVED +CVE-2022-0273 + RESERVED +CVE-2022-0272 + RESERVED +CVE-2022-0271 + RESERVED +CVE-2022-0270 + RESERVED +CVE-2022-0269 + RESERVED +CVE-2022-0268 + RESERVED +CVE-2022-0267 + RESERVED CVE-2022-23312 RESERVED CVE-2022-23311 @@ -12,20 +206,20 @@ CVE-2022-0266 RESERVED CVE-2022-0265 RESERVED -CVE-2022-23307 - RESERVED +CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...) + TODO: check CVE-2022-23306 RESERVED -CVE-2022-23305 - RESERVED -CVE-2022-0263 - RESERVED -CVE-2022-0262 - RESERVED -CVE-2022-0261 - RESERVED -CVE-2022-0260 - RESERVED +CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...) + TODO: check +CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...) + TODO: check +CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) + TODO: check +CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) + TODO: check +CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + TODO: check CVE-2022-0259 RESERVED CVE-2022-0258 (pimcore is vulnerable to Improper Neutralization of Special Elements u ...) @@ -71,12 +265,12 @@ CVE-2022-0264 [bpf: Fix kernel address leakage in atomic fetch] NOTE: https://git.kernel.org/linus/7d3baf0afa3aa9102d6a521a8e4c41888bb79882 (5.16-rc6) CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/ ...) NOT-FOR-US: livehelperchat -CVE-2022-0244 - RESERVED +CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check CVE-2022-0243 RESERVED -CVE-2022-23302 - RESERVED +CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...) + TODO: check CVE-2022-22142 RESERVED CVE-2022-21805 @@ -255,18 +449,18 @@ CVE-2022-23220 RESERVED CVE-2022-0237 RESERVED -CVE-2022-0236 - RESERVED +CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium versions) ...) + TODO: check CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to an Un ...) - node-fetch <unfixed> NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ TODO: check fixing commit CVE-2022-0234 RESERVED -CVE-2022-0233 - RESERVED -CVE-2022-0232 - RESERVED +CVE-2022-0233 (The ProfileGrid – User Profiles, Memberships, Groups and Communi ...) + TODO: check +CVE-2022-0232 (The User Registration, Login & Landing Pages WordPress plugin is v ...) + TODO: check CVE-2022-0231 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: livehelperchat CVE-2022-0230 @@ -335,8 +529,8 @@ CVE-2022-0218 RESERVED CVE-2022-0216 RESERVED -CVE-2022-0215 - RESERVED +CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...) + TODO: check CVE-2022-0214 RESERVED CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...) @@ -411,8 +605,8 @@ CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch NOTE: https://hg.prosody.im/0.11/raw-rev/783056b4e448 NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/3 -CVE-2022-0210 - RESERVED +CVE-2022-0210 (The Random Banner WordPress plugin is vulnerable to Stored Cross-Site ...) + TODO: check CVE-2022-0209 RESERVED CVE-2022-0208 @@ -683,8 +877,8 @@ CVE-2022-23085 RESERVED CVE-2022-23084 RESERVED -CVE-2022-23083 - RESERVED +CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transf ...) + TODO: check CVE-2022-23082 RESERVED CVE-2022-23081 @@ -1175,8 +1369,7 @@ CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read ...) - radare2 <unfixed> NOTE: https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5 NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c -CVE-2022-0172 - RESERVED +CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab <unfixed> CVE-2022-0171 RESERVED @@ -1583,16 +1776,13 @@ CVE-2022-22734 RESERVED CVE-2022-22733 RESERVED -CVE-2022-0154 - RESERVED +CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab <unfixed> CVE-2022-0153 RESERVED -CVE-2022-0152 - RESERVED +CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab <unfixed> -CVE-2022-0151 - RESERVED +CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab <unfixed> CVE-2022-0150 RESERVED @@ -1722,10 +1912,10 @@ CVE-2022-22693 RESERVED CVE-2022-22692 RESERVED -CVE-2022-22691 - RESERVED -CVE-2022-22690 - RESERVED +CVE-2022-22691 (The password reset component deployed within Umbraco uses the hostname ...) + TODO: check +CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...) + TODO: check CVE-2022-22689 RESERVED CVE-2022-22688 @@ -1768,11 +1958,9 @@ CVE-2022-0127 RESERVED CVE-2022-0126 RESERVED -CVE-2022-0125 - RESERVED +CVE-2022-0125 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab <unfixed> -CVE-2022-0124 - RESERVED +CVE-2022-0124 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - gitlab <unfixed> CVE-2022-0123 RESERVED @@ -2232,15 +2420,13 @@ CVE-2022-0095 RESERVED CVE-2022-0094 RESERVED -CVE-2022-0093 - RESERVED +CVE-2022-0093 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - gitlab <unfixed> CVE-2022-0092 RESERVED CVE-2022-0091 RESERVED -CVE-2022-0090 - RESERVED +CVE-2022-0090 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - gitlab <unfixed> CVE-2022-0089 RESERVED @@ -4130,8 +4316,8 @@ CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to c TODO: check CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior to 2.7 ...) NOT-FOR-US: Discourse -CVE-2022-21683 - RESERVED +CVE-2022-21683 (Wagtail is a Django based content management system focused on flexibi ...) + TODO: check CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution framework. ...) - flatpak 1.12.3-1 NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx |