diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-02-10 08:10:10 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-02-10 08:10:10 +0000 |
commit | 07d03276937eb257bca4306c7a33bef5110a80ba (patch) | |
tree | c69bcfcc7e1b14eb32fa51157e114d76d5cbee7f /data | |
parent | 5d3facfa8733748693dac2874fac70287e6db17b (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list.2020 | 4 | ||||
-rw-r--r-- | data/CVE/list.2021 | 321 | ||||
-rw-r--r-- | data/CVE/list.2022 | 404 |
3 files changed, 370 insertions, 359 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index ac7f8fc503..39f7e557f7 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -42059,8 +42059,8 @@ CVE-2020-12990 REJECTED CVE-2020-12989 REJECTED -CVE-2020-12988 - REJECTED +CVE-2020-12988 (A potential denial of service (DoS) vulnerability exists in the integr ...) + TODO: check CVE-2020-12987 (A heap information leak/kernel pool address disclosure vulnerability i ...) NOT-FOR-US: AMD CVE-2020-12986 (An insufficient pointer validation vulnerability in the AMD Graphics D ...) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index cc96db0fb2..e45a6417d8 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -3551,8 +3551,8 @@ CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, NOTE: https://github.com/gpac/gpac/commit/9bbce9634cba1128aa4b96d590be578ae3ce80b3 CVE-2021-45287 RESERVED -CVE-2021-45286 - RESERVED +CVE-2021-45286 (Directory Traversal vulnerability exists in ZZCMS 2021 via the skin pa ...) + TODO: check CVE-2021-45285 RESERVED CVE-2021-45284 @@ -5042,8 +5042,8 @@ CVE-2021-44545 RESERVED CVE-2021-44457 RESERVED -CVE-2021-44454 - RESERVED +CVE-2021-44454 (Improper input validation in a third-party component for Intel(R) Quar ...) + TODO: check CVE-2021-43351 RESERVED CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerous Typ ...) @@ -5056,8 +5056,8 @@ CVE-2021-23188 RESERVED CVE-2021-23168 RESERVED -CVE-2021-23152 - RESERVED +CVE-2021-23152 (Improper access control in the Intel(R) Advisor software before versio ...) + TODO: check CVE-2021-23145 RESERVED CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile] @@ -15177,7 +15177,7 @@ CVE-2021-40698 CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-40696 - RESERVED + REJECTED CVE-2021-40695 (It was possible for a student to view their quiz grade before it had b ...) - moodle <removed> CVE-2021-40694 (Insufficient escaping of the LaTeX preamble made it possible for site ...) @@ -16849,10 +16849,10 @@ CVE-2021-40047 RESERVED CVE-2021-40046 RESERVED -CVE-2021-40045 - RESERVED -CVE-2021-40044 - RESERVED +CVE-2021-40045 (There is a vulnerability of signature verification mechanism failure i ...) + TODO: check +CVE-2021-40044 (There is a permission verification vulnerability in the Bluetooth modu ...) + TODO: check CVE-2021-40043 RESERVED CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huawei pro ...) @@ -16909,8 +16909,8 @@ CVE-2021-40017 RESERVED CVE-2021-40016 RESERVED -CVE-2021-40015 - RESERVED +CVE-2021-40015 (There is a race condition vulnerability in the binder driver subsystem ...) + TODO: check CVE-2021-40014 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...) NOT-FOR-US: Huawei CVE-2021-40013 @@ -16945,20 +16945,20 @@ CVE-2021-39999 RESERVED CVE-2021-39998 (There is Vulnerability of APIs being concurrently called for multiple ...) NOT-FOR-US: Huawei -CVE-2021-39997 - RESERVED +CVE-2021-39997 (There is a vulnerability of unstrict input parameter verification in t ...) + TODO: check CVE-2021-39996 (There is a Heap-based buffer overflow vulnerability with the NFC modul ...) NOT-FOR-US: Huawei CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware management. ...) NOT-FOR-US: Huawei -CVE-2021-39994 - RESERVED +CVE-2021-39994 (There is an arbitrary address access vulnerability with the product li ...) + TODO: check CVE-2021-39993 (There is an Integer overflow vulnerability with ACPU in smartphones. S ...) NOT-FOR-US: Huawei -CVE-2021-39992 - RESERVED -CVE-2021-39991 - RESERVED +CVE-2021-39992 (There is an improper security permission configuration vulnerability o ...) + TODO: check +CVE-2021-39991 (There is an unauthorized rewriting vulnerability with the memory acces ...) + TODO: check CVE-2021-39990 (The screen lock module has a Stack-based Buffer Overflow vulnerability ...) NOT-FOR-US: Huawei CVE-2021-39989 (The HwNearbyMain module has a Exposure of Sensitive Information to an ...) @@ -16967,8 +16967,8 @@ CVE-2021-39988 (The HwNearbyMain module has a NULL Pointer Dereference vulnerabi NOT-FOR-US: Huawei CVE-2021-39987 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...) NOT-FOR-US: Huawei -CVE-2021-39986 - RESERVED +CVE-2021-39986 (There is an unauthorized rewriting vulnerability with the memory acces ...) + TODO: check CVE-2021-39985 (The HwNearbyMain module has a Improper Validation of Array Index vulne ...) NOT-FOR-US: Huawei CVE-2021-39984 (Huawei idap module has a Out-of-bounds Read vulnerability.Successful e ...) @@ -17053,8 +17053,8 @@ CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all ve - gitlab <unfixed> CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab <unfixed> -CVE-2021-39943 - RESERVED +CVE-2021-39943 (An authorization logic error in the External Status Check API in GitLa ...) + TODO: check CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...) - gitlab <unfixed> CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...) @@ -24078,8 +24078,8 @@ CVE-2021-37117 (There is a Service logic vulnerability in Smartphone.Successful NOT-FOR-US: Huawei CVE-2021-37116 (PCManager has a Weaknesses Introduced During Design vulnerability .Suc ...) NOT-FOR-US: Huawei -CVE-2021-37115 - RESERVED +CVE-2021-37115 (There is an unauthorized rewriting vulnerability with the memory acces ...) + TODO: check CVE-2021-37114 (There is an Out-of-bounds read vulnerability in Smartphone.Successful ...) NOT-FOR-US: Huawei CVE-2021-37113 (There is a Privilege escalation vulnerability with the file system com ...) @@ -24090,12 +24090,12 @@ CVE-2021-37111 (There is a Memory leakage vulnerability in Smartphone.Successful NOT-FOR-US: Huawei CVE-2021-37110 (There is a Timing design defects in Smartphone.Successful exploitation ...) NOT-FOR-US: Huawei -CVE-2021-37109 - RESERVED +CVE-2021-37109 (There is a security protection bypass vulnerability with the modem.Suc ...) + TODO: check CVE-2021-37108 RESERVED -CVE-2021-37107 - RESERVED +CVE-2021-37107 (There is an improper memory access permission configuration on ACPU.Su ...) + TODO: check CVE-2021-37106 (There is a command injection vulnerability in CMA service module of Fu ...) NOT-FOR-US: FusionCompute (Huawei) CVE-2021-37105 (There is an improper file upload control vulnerability in FusionComput ...) @@ -25889,8 +25889,8 @@ CVE-2021-36304 RESERVED CVE-2021-36303 RESERVED -CVE-2021-36302 - RESERVED +CVE-2021-36302 (All Dell EMC Integrated System for Microsoft Azure Stack Hub versions ...) + TODO: check CVE-2021-36301 (Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version ...) NOT-FOR-US: Dell CVE-2021-36300 (iDRAC9 versions prior to 5.00.00.00 contain an improper input validati ...) @@ -33241,8 +33241,8 @@ CVE-2021-33168 RESERVED CVE-2021-33167 RESERVED -CVE-2021-33166 - RESERVED +CVE-2021-33166 (Incorrect default permissions for the Intel(R) RXT for Chromebook appl ...) + TODO: check CVE-2021-33165 RESERVED CVE-2021-33164 @@ -33263,8 +33263,8 @@ CVE-2021-33157 RESERVED CVE-2021-33156 RESERVED -CVE-2021-33155 - RESERVED +CVE-2021-33155 (Improper input validation in firmware for some Intel(R) Wireless Bluet ...) + TODO: check CVE-2021-33154 RESERVED CVE-2021-33153 @@ -33279,8 +33279,8 @@ CVE-2021-33149 RESERVED CVE-2021-33148 RESERVED -CVE-2021-33147 - RESERVED +CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library before ve ...) + TODO: check CVE-2021-33146 RESERVED CVE-2021-33145 @@ -33295,12 +33295,12 @@ CVE-2021-33141 RESERVED CVE-2021-33140 RESERVED -CVE-2021-33139 - RESERVED +CVE-2021-33139 (Improper conditions check in firmware for some Intel(R) Wireless Bluet ...) + TODO: check CVE-2021-33138 RESERVED -CVE-2021-33137 - RESERVED +CVE-2021-33137 (Out-of-bounds write in the Intel(R) Kernelflinger project may allow an ...) + TODO: check CVE-2021-33136 RESERVED CVE-2021-33135 @@ -33315,8 +33315,8 @@ CVE-2021-33131 RESERVED CVE-2021-33130 RESERVED -CVE-2021-33129 - RESERVED +CVE-2021-33129 (Incorrect default permissions in the software installer for the Intel( ...) + TODO: check CVE-2021-33128 RESERVED CVE-2021-33127 @@ -33333,40 +33333,38 @@ CVE-2021-33122 RESERVED CVE-2021-33121 RESERVED -CVE-2021-33120 - RESERVED +CVE-2021-33120 (Out of bounds read under complex microarchitectural condition in memor ...) - intel-microcode <unfixed> NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00589.html -CVE-2021-33119 - RESERVED +CVE-2021-33119 (Improper access control in the Intel(R) RealSense(TM) DCM before versi ...) + TODO: check CVE-2021-33118 (Improper access control in the software installer for the Intel(R) Ser ...) NOT-FOR-US: Intel CVE-2021-33117 RESERVED CVE-2021-33116 RESERVED -CVE-2021-33115 - RESERVED -CVE-2021-33114 - RESERVED -CVE-2021-33113 - RESERVED +CVE-2021-33115 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in UE ...) + TODO: check +CVE-2021-33114 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...) + TODO: check +CVE-2021-33113 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...) + TODO: check CVE-2021-33112 RESERVED CVE-2021-33111 RESERVED -CVE-2021-33110 - RESERVED +CVE-2021-33110 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...) + TODO: check CVE-2021-33109 RESERVED CVE-2021-33108 RESERVED -CVE-2021-33107 - RESERVED +CVE-2021-33107 (Insufficiently protected credentials in USB provisioning for Intel(R) ...) + TODO: check CVE-2021-33106 (Integer overflow in the Safestring library maintained by Intel(R) may ...) NOT-FOR-US: Intel -CVE-2021-33105 - RESERVED +CVE-2021-33105 (Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM ...) NOT-FOR-US: Intel CVE-2021-33104 RESERVED @@ -33374,8 +33372,8 @@ CVE-2021-33103 RESERVED CVE-2021-33102 RESERVED -CVE-2021-33101 - RESERVED +CVE-2021-33101 (Uncontrolled search path in the Intel(R) GPA software before version 2 ...) + TODO: check CVE-2021-33100 RESERVED CVE-2021-33099 @@ -33387,8 +33385,8 @@ CVE-2021-33098 (Improper input validation in the Intel(R) Ethernet ixgbe driver NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00555.html CVE-2021-33097 (Time-of-check time-of-use vulnerability in the Crypto API Toolkit for ...) NOT-FOR-US: Intel -CVE-2021-33096 - RESERVED +CVE-2021-33096 (Improper isolation of shared resources in network on chip for the Inte ...) + TODO: check CVE-2021-33095 (Unquoted search path in the installer for the Intel(R) NUC M15 Laptop ...) NOT-FOR-US: Intel CVE-2021-33094 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...) @@ -33443,8 +33441,8 @@ CVE-2021-33070 RESERVED CVE-2021-33069 RESERVED -CVE-2021-33068 - RESERVED +CVE-2021-33068 (Null pointer dereference in subsystem for Intel(R) AMT before versions ...) + TODO: check CVE-2021-33067 RESERVED CVE-2021-33066 @@ -33457,8 +33455,8 @@ CVE-2021-33063 (Uncontrolled search path in the Intel(R) RealSense(TM) D400 Seri NOT-FOR-US: Intel CVE-2021-33062 (Incorrect default permissions in the software installer for the Intel( ...) NOT-FOR-US: Intel -CVE-2021-33061 - RESERVED +CVE-2021-33061 (Insufficient control flow management for the Intel(R) 82599 Ethernet C ...) + TODO: check CVE-2021-33060 RESERVED CVE-2021-33059 (Improper input validation in the Intel(R) Administrative Tools for Int ...) @@ -49562,14 +49560,14 @@ CVE-2021-26618 RESERVED CVE-2021-26617 RESERVED -CVE-2021-26616 - RESERVED +CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...) + TODO: check CVE-2021-26615 (ARK library allows attackers to execute remote code via the parameter( ...) NOT-FOR-US: ARK library CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...) NOT-FOR-US: IpTime C200 camera -CVE-2021-26613 - RESERVED +CVE-2021-26613 (improper input validation vulnerability in nexacro permits copying fil ...) + TODO: check CVE-2021-26612 (An improper input validation leading to arbitrary file creation was di ...) NOT-FOR-US: Tobesoft Nexacro CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnera ...) @@ -58171,8 +58169,8 @@ CVE-2021-22956 (An uncontrolled resource consumption vulnerability exists in Cit NOT-FOR-US: Citrix CVE-2021-22955 (A unauthenticated denial of service vulnerability exists in Citrix ADC ...) NOT-FOR-US: Citrix -CVE-2021-22954 - RESERVED +CVE-2021-22954 (A cross-site request forgery vulnerability exists in Concrete CMS < ...) + TODO: check CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to c ...) NOT-FOR-US: Concrete CMS CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and earlier pe ...) @@ -58568,8 +58566,8 @@ CVE-2021-22819 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames NOT-FOR-US: Schneider Electric CVE-2021-22818 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...) NOT-FOR-US: Schneider Electric -CVE-2021-22817 - RESERVED +CVE-2021-22817 (A CWE-276: Incorrect Default Permissions vulnerability exists that cou ...) + TODO: check CVE-2021-22816 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Schneider Electric CVE-2021-22815 (A CWE-200: Information Exposure vulnerability exists which could cause ...) @@ -70440,52 +70438,52 @@ CVE-2021-0185 RESERVED CVE-2021-0184 RESERVED -CVE-2021-0183 - RESERVED +CVE-2021-0183 (Improper Validation of Specified Index, Position, or Offset in Input i ...) + TODO: check CVE-2021-0182 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...) NOT-FOR-US: Intel Hardware Accelerated Execution Manager CVE-2021-0181 RESERVED CVE-2021-0180 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...) NOT-FOR-US: Intel Hardware Accelerated Execution Manager -CVE-2021-0179 - RESERVED -CVE-2021-0178 - RESERVED -CVE-2021-0177 - RESERVED -CVE-2021-0176 - RESERVED -CVE-2021-0175 - RESERVED -CVE-2021-0174 - RESERVED -CVE-2021-0173 - RESERVED -CVE-2021-0172 - RESERVED -CVE-2021-0171 - RESERVED -CVE-2021-0170 - RESERVED -CVE-2021-0169 - RESERVED -CVE-2021-0168 - RESERVED -CVE-2021-0167 - RESERVED -CVE-2021-0166 - RESERVED -CVE-2021-0165 - RESERVED -CVE-2021-0164 - RESERVED -CVE-2021-0163 - RESERVED -CVE-2021-0162 - RESERVED -CVE-2021-0161 - RESERVED +CVE-2021-0179 (Improper Use of Validation Framework in software for Intel(R) PROSet/W ...) + TODO: check +CVE-2021-0178 (Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...) + TODO: check +CVE-2021-0177 (Improper Validation of Consistency within input in software for Intel( ...) + TODO: check +CVE-2021-0176 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) + TODO: check +CVE-2021-0175 (Improper Validation of Specified Index, Position, or Offset in Input i ...) + TODO: check +CVE-2021-0174 (Improper Use of Validation Framework in firmware for some Intel(R) PRO ...) + TODO: check +CVE-2021-0173 (Improper Validation of Consistency within input in firmware for some I ...) + TODO: check +CVE-2021-0172 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) + TODO: check +CVE-2021-0171 (Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...) + TODO: check +CVE-2021-0170 (Exposure of Sensitive Information to an Unauthorized Actor in firmware ...) + TODO: check +CVE-2021-0169 (Uncontrolled Search Path Element in software for Intel(R) PROSet/Wirel ...) + TODO: check +CVE-2021-0168 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) + TODO: check +CVE-2021-0167 (Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...) + TODO: check +CVE-2021-0166 (Exposure of Sensitive Information to an Unauthorized Actor in firmware ...) + TODO: check +CVE-2021-0165 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...) + TODO: check +CVE-2021-0164 (Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi ...) + TODO: check +CVE-2021-0163 (Improper Validation of Consistency within input in software for Intel( ...) + TODO: check +CVE-2021-0162 (Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...) + TODO: check +CVE-2021-0161 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...) + TODO: check CVE-2021-0160 (Uncontrolled search path in some Intel(R) NUC Pro Chassis Element Aver ...) NOT-FOR-US: Intel CVE-2021-0159 @@ -70494,8 +70492,8 @@ CVE-2021-0158 (Improper input validation in the BIOS firmware for some Intel(R) NOT-FOR-US: Intel CVE-2021-0157 (Insufficient control flow management in the BIOS firmware for some Int ...) NOT-FOR-US: Intel -CVE-2021-0156 - RESERVED +CVE-2021-0156 (Improper input validation in the firmware for some Intel(R) Processors ...) + TODO: check CVE-2021-0155 RESERVED CVE-2021-0154 @@ -70512,14 +70510,14 @@ CVE-2021-0149 RESERVED CVE-2021-0148 (Insertion of information into log file in firmware for some Intel(R) S ...) NOT-FOR-US: Intel -CVE-2021-0147 - RESERVED +CVE-2021-0147 (Improper locking in the Power Management Controller (PMC) for some Int ...) + TODO: check CVE-2021-0146 (Hardware allows activation of test or debug logic at runtime for some ...) - intel-microcode <unfixed> NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207 -CVE-2021-0145 - RESERVED +CVE-2021-0145 (Improper initialization of shared resources in some Intel(R) Processor ...) + TODO: check CVE-2021-0144 (Insecure default variable initialization for the Intel BSSA DFT featur ...) NOT-FOR-US: Intel CVE-2021-0143 (Improper permissions in the installer for the Intel(R) Brand Verificat ...) @@ -70560,17 +70558,16 @@ CVE-2021-0129 (Improper access control in BlueZ may allow an authenticated user NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html CVE-2021-0128 RESERVED -CVE-2021-0127 - RESERVED +CVE-2021-0127 (Insufficient control flow management in some Intel(R) Processors may a ...) - intel-microcode <unfixed> NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207 CVE-2021-0126 RESERVED -CVE-2021-0125 - RESERVED -CVE-2021-0124 - RESERVED +CVE-2021-0125 (Improper initialization in the firmware for some Intel(R) Processors m ...) + TODO: check +CVE-2021-0124 (Improper access control in the firmware for some Intel(R) Processors m ...) + TODO: check CVE-2021-0123 RESERVED CVE-2021-0122 @@ -70579,48 +70576,48 @@ CVE-2021-0121 (Improper access control in the installer for some Intel(R) Iris(R NOT-FOR-US: Intel CVE-2021-0120 (Improper initialization in the installer for some Intel(R) Graphics DC ...) NOT-FOR-US: Intel -CVE-2021-0119 - RESERVED -CVE-2021-0118 - RESERVED -CVE-2021-0117 - RESERVED -CVE-2021-0116 - RESERVED -CVE-2021-0115 - RESERVED -CVE-2021-0114 (Insecure default variable initialization for the Intel BSSA DFT featur ...) +CVE-2021-0119 (Improper initialization in the firmware for some Intel(R) Processors m ...) + TODO: check +CVE-2021-0118 (Out-of-bounds read in the firmware for some Intel(R) Processors may al ...) + TODO: check +CVE-2021-0117 (Pointer issues in the firmware for some Intel(R) Processors may allow ...) + TODO: check +CVE-2021-0116 (Out-of-bounds write in the firmware for some Intel(R) Processors may a ...) + TODO: check +CVE-2021-0115 (Buffer overflow in the firmware for some Intel(R) Processors may allow ...) + TODO: check +CVE-2021-0114 (Unchecked return value in the firmware for some Intel(R) Processors ma ...) NOT-FOR-US: Intel CVE-2021-0113 (Out of bounds write in the BMC firmware for Intel(R) Server Board M10J ...) NOT-FOR-US: Intel CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows before ...) NOT-FOR-US: Intel -CVE-2021-0111 - RESERVED +CVE-2021-0111 (NULL pointer dereference in the firmware for some Intel(R) Processors ...) + TODO: check CVE-2021-0110 (Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH D ...) NOT-FOR-US: Intel CVE-2021-0109 (Insecure inherited permissions for the Intel(R) SOC driver package for ...) NOT-FOR-US: Intel CVE-2021-0108 (Uncontrolled search path in the Intel Unite(R) Client for Windows befo ...) NOT-FOR-US: Intel -CVE-2021-0107 - RESERVED +CVE-2021-0107 (Unchecked return value in the firmware for some Intel(R) Processors ma ...) + TODO: check CVE-2021-0106 (Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent ...) NOT-FOR-US: Intel CVE-2021-0105 (Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi d ...) NOT-FOR-US: Intel CVE-2021-0104 (Uncontrolled search path element in the installer for the Intel(R) Rap ...) NOT-FOR-US: Intel -CVE-2021-0103 - RESERVED +CVE-2021-0103 (Insufficient control flow management in the firmware for some Intel(R) ...) + TODO: check CVE-2021-0102 (Insecure inherited permissions in the Intel Unite(R) Client for Window ...) NOT-FOR-US: Intel CVE-2021-0101 (Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB ...) NOT-FOR-US: Intel CVE-2021-0100 (Incorrect default permissions in the installer for the Intel(R) SSD Da ...) NOT-FOR-US: Intel -CVE-2021-0099 - RESERVED +CVE-2021-0099 (Insufficient control flow management in the firmware for some Intel(R) ...) + TODO: check CVE-2021-0098 (Improper access control in the Intel Unite(R) Client for Windows befor ...) NOT-FOR-US: Intel CVE-2021-0097 (Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB ...) @@ -70631,12 +70628,12 @@ CVE-2021-0095 (Improper initialization in the firmware for some Intel(R) Process NOT-FOR-US: Intel CVE-2021-0094 (Improper link resolution before file access in Intel(R) DSA before ver ...) NOT-FOR-US: Intel -CVE-2021-0093 - RESERVED -CVE-2021-0092 - RESERVED -CVE-2021-0091 - RESERVED +CVE-2021-0093 (Incorrect default permissions in the firmware for some Intel(R) Proces ...) + TODO: check +CVE-2021-0092 (Improper access control in the firmware for some Intel(R) Processors m ...) + TODO: check +CVE-2021-0091 (Improper access control in the firmware for some Intel(R) Processors m ...) + TODO: check CVE-2021-0090 (Uncontrolled search path element in Intel(R) DSA before version 20.11. ...) NOT-FOR-US: Intel CVE-2021-0089 (Observable response discrepancy in some Intel(R) Processors may allow ...) @@ -70672,16 +70669,16 @@ CVE-2021-0078 (Improper input validation in software for some Intel(R) PROSet/Wi NOT-FOR-US: Intel CVE-2021-0077 (Insecure inherited permissions in the installer for the Intel(R) VTune ...) NOT-FOR-US: Intel -CVE-2021-0076 - RESERVED +CVE-2021-0076 (Improper Validation of Specified Index, Position, or Offset in Input i ...) + TODO: check CVE-2021-0075 (Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi ...) NOT-FOR-US: Intel CVE-2021-0074 (Improper permissions in the installer for the Intel(R) Computing Impro ...) NOT-FOR-US: Intel CVE-2021-0073 (Insufficient control flow management in Intel(R) DSA before version 20 ...) NOT-FOR-US: Intel -CVE-2021-0072 - RESERVED +CVE-2021-0072 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) + TODO: check CVE-2021-0071 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) NOT-FOR-US: Intel CVE-2021-0070 (Improper input validation in the BMC firmware for Intel(R) Server Boar ...) @@ -70692,8 +70689,8 @@ CVE-2021-0068 RESERVED CVE-2021-0067 (&nbsp;Improper access control in system firmware for some Intel(R) ...) NOT-FOR-US: Intel -CVE-2021-0066 - RESERVED +CVE-2021-0066 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...) + TODO: check CVE-2021-0065 (Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi sof ...) NOT-FOR-US: Intel CVE-2021-0064 (Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi so ...) @@ -70704,8 +70701,8 @@ CVE-2021-0062 (Improper input validation in some Intel(R) Graphics Drivers befor NOT-FOR-US: Intel drivers for Windows CVE-2021-0061 (Improper initialization in some Intel(R) Graphics Driver before versio ...) NOT-FOR-US: Intel drivers for Windows -CVE-2021-0060 - RESERVED +CVE-2021-0060 (Insufficient compartmentalization in HECI subsystem for the Intel(R) S ...) + TODO: check CVE-2021-0059 RESERVED CVE-2021-0058 (Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Drive ...) diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 9425ef268f..28f2332407 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,21 @@ +CVE-2022-24703 + RESERVED +CVE-2022-24702 + RESERVED +CVE-2022-24701 + RESERVED +CVE-2022-24700 + RESERVED +CVE-2022-0556 + RESERVED +CVE-2022-0555 + RESERVED +CVE-2022-0554 + RESERVED +CVE-2022-0553 + RESERVED +CVE-2022-0552 + RESERVED CVE-2022-24699 RESERVED CVE-2022-24698 @@ -104,31 +122,28 @@ CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM TODO: check CVE-2022-0535 RESERVED -CVE-2022-0534 - RESERVED +CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the stack ou ...) + TODO: check CVE-2022-0533 RESERVED -CVE-2022-0532 - RESERVED +CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18 ...) NOT-FOR-US: cri-o CVE-2022-0531 RESERVED -CVE-2022-0530 - RESERVED +CVE-2022-0530 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...) - unzip <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051395 TODO: clarify details -CVE-2022-0529 - RESERVED +CVE-2022-0529 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...) - unzip <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051402 TODO: clarify details -CVE-2022-24668 - RESERVED -CVE-2022-24667 - RESERVED -CVE-2022-24666 - RESERVED +CVE-2022-24668 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) + TODO: check +CVE-2022-24667 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) + TODO: check +CVE-2022-24666 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) + TODO: check CVE-2022-0528 RESERVED CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...) @@ -941,30 +956,30 @@ CVE-2022-24323 RESERVED CVE-2022-24322 RESERVED -CVE-2022-24321 - RESERVED -CVE-2022-24320 - RESERVED -CVE-2022-24319 - RESERVED -CVE-2022-24318 - RESERVED -CVE-2022-24317 - RESERVED -CVE-2022-24316 - RESERVED -CVE-2022-24315 - RESERVED -CVE-2022-24314 - RESERVED -CVE-2022-24313 - RESERVED -CVE-2022-24312 - RESERVED -CVE-2022-24311 - RESERVED -CVE-2022-24310 - RESERVED +CVE-2022-24321 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) + TODO: check +CVE-2022-24320 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...) + TODO: check +CVE-2022-24319 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...) + TODO: check +CVE-2022-24318 (A CWE-326: Inadequate Encryption Strength vulnerability exists that co ...) + TODO: check +CVE-2022-24317 (A CWE-862: Missing Authorization vulnerability exists that could cause ...) + TODO: check +CVE-2022-24316 (A CWE-665: Improper Initialization vulnerability exists that could cau ...) + TODO: check +CVE-2022-24315 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause de ...) + TODO: check +CVE-2022-24314 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause me ...) + TODO: check +CVE-2022-24313 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + TODO: check +CVE-2022-24312 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + TODO: check +CVE-2022-24311 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + TODO: check +CVE-2022-24310 (A CWE-190: Integer Overflow or Wraparound vulnerability exists that co ...) + TODO: check CVE-2022-24309 RESERVED CVE-2022-0480 @@ -1504,7 +1519,7 @@ CVE-2022-24145 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack over NOT-FOR-US: Tenda routers CVE-2022-24144 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...) NOT-FOR-US: Tenda routers -CVE-2022-24143 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) +CVE-2022-24143 (Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to con ...) NOT-FOR-US: Tenda routers CVE-2022-24142 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers @@ -1835,8 +1850,7 @@ CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to [buster] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126 NOTE: https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a (v8.2.4218) -CVE-2022-0391 [urllib.parse does not sanitize URLs containing ASCII newline and tabs] - RESERVED +CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse modul ...) - python3.9 3.9.7-1 [bullseye] - python3.9 <no-dsa> (Minor issue) - python3.7 <removed> @@ -2919,14 +2933,14 @@ CVE-2022-23633 RESERVED CVE-2022-23632 RESERVED -CVE-2022-23631 - RESERVED +CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be serialize ...) + TODO: check CVE-2022-23630 RESERVED CVE-2022-23629 RESERVED -CVE-2022-23628 - RESERVED +CVE-2022-23628 (OPA is an open source, general-purpose policy engine. Under certain co ...) + TODO: check CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of idlin ...) NOT-FOR-US: ArchiSteamFarm CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...) @@ -2937,22 +2951,22 @@ CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScrip NOT-FOR-US: Frourio-express CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio users who u ...) NOT-FOR-US: Frourio -CVE-2022-23622 - RESERVED -CVE-2022-23621 - RESERVED -CVE-2022-23620 - RESERVED -CVE-2022-23619 - RESERVED -CVE-2022-23618 - RESERVED -CVE-2022-23617 - RESERVED -CVE-2022-23616 - RESERVED -CVE-2022-23615 - RESERVED +CVE-2022-23622 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2022-23621 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2022-23620 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2022-23619 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2022-23618 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2022-23617 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2022-23616 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2022-23615 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check CVE-2022-23614 (Twig is an open source template language for PHP. When in a sandbox mo ...) - php-twig 3.3.8-1 NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v @@ -4604,12 +4618,12 @@ CVE-2022-23051 RESERVED CVE-2022-23050 RESERVED -CVE-2022-23049 - RESERVED -CVE-2022-23048 - RESERVED -CVE-2022-23047 - RESERVED +CVE-2022-23049 (Exponent CMS 2.6.0patch2 allows an authenticated user to inject persis ...) + TODO: check +CVE-2022-23048 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload ...) + TODO: check +CVE-2022-23047 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject ...) + TODO: check CVE-2022-23046 (PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL senten ...) NOT-FOR-US: PhpIPAM CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent ...) @@ -5099,8 +5113,8 @@ CVE-2022-0164 RESERVED CVE-2022-0163 RESERVED -CVE-2022-0162 - RESERVED +CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 ...) + TODO: check CVE-2022-0161 RESERVED CVE-2022-0160 @@ -5243,20 +5257,20 @@ CVE-2022-0155 (follow-redirects is vulnerable to Exposure of Private Personal In NOTE: https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406 NOTE: https://github.com/follow-redirects/follow-redirects/issues/183 NOTE: https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 (v1.14.7) -CVE-2022-22813 - RESERVED -CVE-2022-22812 - RESERVED -CVE-2022-22811 - RESERVED -CVE-2022-22810 - RESERVED -CVE-2022-22809 - RESERVED -CVE-2022-22808 - RESERVED -CVE-2022-22807 - RESERVED +CVE-2022-22813 (A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an a ...) + TODO: check +CVE-2022-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + TODO: check +CVE-2022-22811 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that ...) + TODO: check +CVE-2022-22810 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...) + TODO: check +CVE-2022-22809 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) + TODO: check +CVE-2022-22808 (A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulne ...) + TODO: check +CVE-2022-22807 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...) + TODO: check CVE-2022-22806 RESERVED CVE-2022-22805 @@ -5309,10 +5323,10 @@ CVE-2022-22782 RESERVED CVE-2022-22781 RESERVED -CVE-2022-22780 - RESERVED -CVE-2022-22779 - RESERVED +CVE-2022-22780 (The Zoom Client for Meetings chat functionality was susceptible to Zip ...) + TODO: check +CVE-2022-22779 (The Keybase Clients for macOS and Windows before version 5.9.0 fails t ...) + TODO: check CVE-2022-22778 RESERVED CVE-2022-22777 @@ -5981,10 +5995,10 @@ CVE-2022-0122 (forge is vulnerable to URL Redirection to Untrusted Site ...) NOT-FOR-US: forge CVE-2022-0121 (hoppscotch is vulnerable to Exposure of Sensitive Information to an Un ...) NOT-FOR-US: hoppscotch -CVE-2022-22567 - RESERVED -CVE-2022-22566 - RESERVED +CVE-2022-22567 (Select Dell Client Commercial and Consumer platforms are vulnerable to ...) + TODO: check +CVE-2022-22566 (Select Dell Client Commercial and Consumer platforms contain a pre-boo ...) + TODO: check CVE-2022-22565 RESERVED CVE-2022-22564 @@ -6023,44 +6037,44 @@ CVE-2022-22548 RESERVED CVE-2022-22547 RESERVED -CVE-2022-22546 - RESERVED -CVE-2022-22545 - RESERVED -CVE-2022-22544 - RESERVED -CVE-2022-22543 - RESERVED -CVE-2022-22542 - RESERVED +CVE-2022-22546 (Due to improper HTML encoding in input control summary, an authorized ...) + TODO: check +CVE-2022-22545 (A high privileged user who has access to transaction SM59 can read con ...) + TODO: check +CVE-2022-22544 (Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720 ...) + TODO: check +CVE-2022-22543 (SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform ( ...) + TODO: check +CVE-2022-22542 (S/4HANA Supplier Factsheet exposes the private address and bank detail ...) + TODO: check CVE-2022-22541 RESERVED -CVE-2022-22540 - RESERVED -CVE-2022-22539 - RESERVED -CVE-2022-22538 - RESERVED -CVE-2022-22537 - RESERVED -CVE-2022-22536 - RESERVED -CVE-2022-22535 - RESERVED -CVE-2022-22534 - RESERVED -CVE-2022-22533 - RESERVED -CVE-2022-22532 - RESERVED +CVE-2022-22540 (SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731 ...) + TODO: check +CVE-2022-22539 (When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) receiv ...) + TODO: check +CVE-2022-22538 (When a user opens a manipulated Adobe Illustrator file format (.ai, ai ...) + TODO: check +CVE-2022-22537 (When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3 ...) + TODO: check +CVE-2022-22536 (SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Serve ...) + TODO: check +CVE-2022-22535 (SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necess ...) + TODO: check +CVE-2022-22534 (Due to insufficient encoding of user input, SAP NetWeaver allows an un ...) + TODO: check +CVE-2022-22533 (Due to improper error handling in SAP NetWeaver Application Server Jav ...) + TODO: check +CVE-2022-22532 (In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7. ...) + TODO: check CVE-2022-22531 (The F0743 Create Single Payment application of SAP S/4HANA - versions ...) NOT-FOR-US: SAP CVE-2022-22530 (The F0743 Create Single Payment application of SAP S/4HANA - versions ...) NOT-FOR-US: SAP CVE-2022-22529 (SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficie ...) NOT-FOR-US: SAP -CVE-2022-22528 - RESERVED +CVE-2022-22528 (SAP Adaptive Server Enterprise (ASE) - version 16.0, installation make ...) + TODO: check CVE-2022-22527 RESERVED CVE-2022-0120 @@ -7768,8 +7782,8 @@ CVE-2022-21827 RESERVED CVE-2022-21826 RESERVED -CVE-2022-21825 - RESERVED +CVE-2022-21825 (An Improper Access Control vulnerability exists in Citrix Workspace Ap ...) + TODO: check CVE-2022-21823 (A insecure storage of sensitive information vulnerability exists in Iv ...) NOT-FOR-US: Ivanti CVE-2022-21822 @@ -7834,8 +7848,8 @@ CVE-2022-21239 RESERVED CVE-2022-21229 RESERVED -CVE-2022-21226 - RESERVED +CVE-2022-21226 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...) + TODO: check CVE-2022-21206 RESERVED CVE-2022-21188 @@ -7852,8 +7866,8 @@ CVE-2022-21162 RESERVED CVE-2022-21161 RESERVED -CVE-2022-21156 - RESERVED +CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer and Col ...) + TODO: check CVE-2022-21152 RESERVED CVE-2022-21150 @@ -7872,8 +7886,8 @@ CVE-2022-21240 RESERVED CVE-2022-21237 RESERVED -CVE-2022-21218 - RESERVED +CVE-2022-21218 (Uncaught exception in the Intel(R) Trace Analyzer and Collector before ...) + TODO: check CVE-2022-21212 RESERVED CVE-2022-21197 @@ -7886,8 +7900,8 @@ CVE-2022-21140 RESERVED CVE-2022-21139 RESERVED -CVE-2022-21133 - RESERVED +CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...) + TODO: check CVE-2022-21792 RESERVED CVE-2022-21791 @@ -8241,8 +8255,8 @@ CVE-2022-21661 (WordPress is a free and open-source content management system wr NOTE: https://github.com/WordPress/wordpress-develop/commit/17efac8c8ec64555eff5cf51a3eff81e06317214 NOTE: https://hackerone.com/reports/1378209 NOTE: https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection -CVE-2022-21660 - RESERVED +CVE-2022-21660 (Gin-vue-admin is a backstage management system based on vue and gin. I ...) + TODO: check CVE-2022-21659 (Flask-AppBuilder is an application development framework, built on top ...) TODO: check CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language designe ...) @@ -9141,16 +9155,16 @@ CVE-2022-21242 (Vulnerability in the Primavera Portfolio Management product of O NOT-FOR-US: Oracle CVE-2022-21216 RESERVED -CVE-2022-21204 - RESERVED +CVE-2022-21204 (Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before ...) + TODO: check CVE-2022-21200 RESERVED -CVE-2022-21174 - RESERVED -CVE-2022-21157 - RESERVED -CVE-2022-21153 - RESERVED +CVE-2022-21174 (Improper access control in a third-party component of Intel(R) Quartus ...) + TODO: check +CVE-2022-21157 (Improper access control in the Intel(R) Smart Campus Android applicati ...) + TODO: check +CVE-2022-21153 (Improper access control in the Intel(R) Capital Global Summit Android ...) + TODO: check CVE-2022-21151 RESERVED CVE-2022-21138 @@ -9159,14 +9173,14 @@ CVE-2022-21136 RESERVED CVE-2022-21131 RESERVED -CVE-2022-21220 - RESERVED +CVE-2022-21220 (Improper restriction of XML external entity for Intel(R) Quartus(R) Pr ...) + TODO: check CVE-2022-21207 RESERVED -CVE-2022-21205 - RESERVED -CVE-2022-21203 - RESERVED +CVE-2022-21205 (Improper restriction of XML external entity reference in DSP Builder P ...) + TODO: check +CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R) Quart ...) + TODO: check CVE-2022-21181 RESERVED CVE-2022-21180 @@ -11344,52 +11358,52 @@ CVE-2022-20048 RESERVED CVE-2022-20047 RESERVED -CVE-2022-20046 - RESERVED -CVE-2022-20045 - RESERVED -CVE-2022-20044 - RESERVED -CVE-2022-20043 - RESERVED -CVE-2022-20042 - RESERVED -CVE-2022-20041 - RESERVED -CVE-2022-20040 - RESERVED -CVE-2022-20039 - RESERVED -CVE-2022-20038 - RESERVED -CVE-2022-20037 - RESERVED -CVE-2022-20036 - RESERVED -CVE-2022-20035 - RESERVED -CVE-2022-20034 - RESERVED -CVE-2022-20033 - RESERVED -CVE-2022-20032 - RESERVED -CVE-2022-20031 - RESERVED -CVE-2022-20030 - RESERVED -CVE-2022-20029 - RESERVED -CVE-2022-20028 - RESERVED -CVE-2022-20027 - RESERVED -CVE-2022-20026 - RESERVED -CVE-2022-20025 - RESERVED -CVE-2022-20024 - RESERVED +CVE-2022-20046 (In Bluetooth, there is a possible memory corruption due to a logic err ...) + TODO: check +CVE-2022-20045 (In Bluetooth, there is a possible service crash due to a use after fre ...) + TODO: check +CVE-2022-20044 (In Bluetooth, there is a possible service crash due to a use after fre ...) + TODO: check +CVE-2022-20043 (In Bluetooth, there is a possible escalation of privilege due to a mis ...) + TODO: check +CVE-2022-20042 (In Bluetooth, there is a possible information disclosure due to incorr ...) + TODO: check +CVE-2022-20041 (In Bluetooth, there is a possible escalation of privilege due to a mis ...) + TODO: check +CVE-2022-20040 (In power_hal_manager_service, there is a possible permission bypass du ...) + TODO: check +CVE-2022-20039 (In ccu driver, there is a possible memory corruption due to an integer ...) + TODO: check +CVE-2022-20038 (In ccu driver, there is a possible memory corruption due to an incorre ...) + TODO: check +CVE-2022-20037 (In ion driver, there is a possible information disclosure due to an in ...) + TODO: check +CVE-2022-20036 (In ion driver, there is a possible information disclosure due to an in ...) + TODO: check +CVE-2022-20035 (In vcu driver, there is a possible information disclosure due to a use ...) + TODO: check +CVE-2022-20034 (In Preloader XFLASH, there is a possible escalation of privilege due t ...) + TODO: check +CVE-2022-20033 (In camera driver, there is a possible out of bounds read due to an inc ...) + TODO: check +CVE-2022-20032 (In vow driver, there is a possible memory corruption due to a race con ...) + TODO: check +CVE-2022-20031 (In fb driver, there is a possible memory corruption due to a use after ...) + TODO: check +CVE-2022-20030 (In vow driver, there is a possible out of bounds write due to a stack- ...) + TODO: check +CVE-2022-20029 (In cmdq driver, there is a possible out of bounds read due to an incor ...) + TODO: check +CVE-2022-20028 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + TODO: check +CVE-2022-20027 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + TODO: check +CVE-2022-20026 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + TODO: check +CVE-2022-20025 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + TODO: check +CVE-2022-20024 (In system service, there is a possible permission bypass due to a miss ...) + TODO: check CVE-2022-20023 (In Bluetooth, there is a possible application crash due to bluetooth f ...) NOT-FOR-US: MediaTek CVE-2022-20022 (In Bluetooth, there is a possible link disconnection due to bluetooth ...) @@ -11402,8 +11416,8 @@ CVE-2022-20019 (In libMtkOmxGsmDec, there is a possible information disclosure d NOT-FOR-US: MediaTek CVE-2022-20018 (In seninf driver, there is a possible information disclosure due to un ...) NOT-FOR-US: MediaTek -CVE-2022-20017 - RESERVED +CVE-2022-20017 (In ion driver, there is a possible information disclosure due to an in ...) + TODO: check CVE-2022-20016 (In vow driver, there is a possible memory corruption due to improper l ...) NOT-FOR-US: MediaTek CVE-2022-20015 (In kd_camera_hw driver, there is a possible information disclosure due ...) |