diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2022-02-09 08:10:18 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2022-02-09 08:10:18 +0000 |
| commit | 37c604278f1d02cb501e5e54beb409cc61e122e1 (patch) | |
| tree | 721a8fa72b5751f4d230caddaa213b0a5fde6720 /data | |
| parent | f7a7267ab4a157c46a7a699d6ca8a31d27aee802 (diff) | |
automatic update
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list.2021 | 34 | ||||
| -rw-r--r-- | data/CVE/list.2022 | 122 |
2 files changed, 108 insertions, 48 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index ecfaa0180f..a3dfc6a746 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1933,8 +1933,8 @@ CVE-2021-4191 RESERVED CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient pro ...) NOT-FOR-US: Netgear -CVE-2021-45919 - RESERVED +CVE-2021-45919 (Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. ...) + TODO: check CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...) - wireshark <unfixed> [bullseye] - wireshark <no-dsa> (Minor issue) @@ -3447,8 +3447,8 @@ CVE-2021-45331 RESERVED CVE-2021-45330 RESERVED -CVE-2021-45329 - RESERVED +CVE-2021-45329 (Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 ...) + TODO: check CVE-2021-45328 (Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (' ...) - gitea <removed> CVE-2021-45327 (Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on ...) @@ -8049,7 +8049,7 @@ CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds wit [bullseye] - npm <no-dsa> (Minor issue) [buster] - npm <no-dsa> (Minor issue) NOTE: https://github.com/npm/cli/issues/2701 -CVE-2021-43615 (SMM callout vulnerability allowing a possible attacker to hijack execu ...) +CVE-2021-43615 (An issue was discovered in HddPassword in Insyde InsydeH2O with kernel ...) NOT-FOR-US: Insyde CVE-2021-43614 RESERVED @@ -10658,7 +10658,7 @@ CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive e NOT-FOR-US: Rasa X CVE-2021-42555 (Pexip Infinity before 26.2 allows temporary remote Denial of Service ( ...) NOT-FOR-US: Pexip Infinity -CVE-2021-42554 (SMM memory corruption vulnerability allowing a possible attacker to wr ...) +CVE-2021-42554 (An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05. ...) NOT-FOR-US: Insyde CVE-2021-3892 REJECTED @@ -11688,7 +11688,7 @@ CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnera NOT-FOR-US: hardware vulnerability in DRAM devices (Blacksmith) NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf NOTE: https://comsec.ethz.ch/research/dram/blacksmith/ -CVE-2021-42113 (SMM callout vulnerability allowing a possible attacker to hijack execu ...) +CVE-2021-42113 (An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH ...) NOT-FOR-US: Insyde CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...) - limesurvey <itp> (bug #472802) @@ -11849,9 +11849,9 @@ CVE-2021-3867 CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip m ...) - zulip-server <itp> (bug #800052) NOTE: https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6 -CVE-2021-42060 (SMM callout vulnerability allowing a possible attacker to hijack execu ...) +CVE-2021-42060 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.4 ...) NOT-FOR-US: Insyde -CVE-2021-42059 (Stack overflow vulnerability that allows a local root user to access U ...) +CVE-2021-42059 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41 ...) NOT-FOR-US: Insyde CVE-2021-42058 RESERVED @@ -12361,15 +12361,15 @@ CVE-2021-41843 (An authenticated SQL injection issue in the calendar search func NOT-FOR-US: OpenEMR CVE-2021-41842 (An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08 ...) NOT-FOR-US: Insyde -CVE-2021-41841 (A vulnerability exists in SMM (System Management Mode) branch that reg ...) +CVE-2021-41841 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...) NOT-FOR-US: Insyde -CVE-2021-41840 (A vulnerability exists in SMM (System Management Mode) branch that reg ...) +CVE-2021-41840 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...) NOT-FOR-US: Insyde -CVE-2021-41839 (A vulnerability exists in SMM (System Management Mode) branch that reg ...) +CVE-2021-41839 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...) NOT-FOR-US: Insyde -CVE-2021-41838 (An unsafe pointer vulnerability exists in SMM (System Management Mode) ...) +CVE-2021-41838 (An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 ...) NOT-FOR-US: Insyde -CVE-2021-41837 (An unsafe pointer vulnerability exists in SMM (System Management Mode) ...) +CVE-2021-41837 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...) NOT-FOR-US: Insyde CVE-2021-41833 (Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to una ...) NOT-FOR-US: Zoho ManageEngine @@ -22302,8 +22302,8 @@ CVE-2021-37854 RESERVED CVE-2021-37853 RESERVED -CVE-2021-37852 - RESERVED +CVE-2021-37852 (ESET products for Windows allows untrusted process to impersonate the ...) + TODO: check CVE-2021-37851 RESERVED CVE-2021-37850 (ESET was made aware of a vulnerability in its consumer and business pr ...) @@ -32049,7 +32049,7 @@ CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when build NOT-FOR-US: isula-build CVE-2021-33628 RESERVED -CVE-2021-33627 (A vulnerability exists in SMM (System Management Mode) branch that reg ...) +CVE-2021-33627 (An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServ ...) NOT-FOR-US: Insyde CVE-2021-33626 (A vulnerability exists in SMM (System Management Mode) branch that reg ...) NOT-FOR-US: Insyde diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 544caab5fb..8cd1e68080 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,63 @@ +CVE-2022-24696 + RESERVED +CVE-2022-24695 + RESERVED +CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before ...) + TODO: check +CVE-2022-24693 + RESERVED +CVE-2022-24692 + RESERVED +CVE-2022-24691 + RESERVED +CVE-2022-24690 + RESERVED +CVE-2022-24689 + RESERVED +CVE-2022-24688 + RESERVED +CVE-2022-24687 + RESERVED +CVE-2022-24686 + RESERVED +CVE-2022-24685 + RESERVED +CVE-2022-24684 + RESERVED +CVE-2022-24683 + RESERVED +CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...) + TODO: check +CVE-2022-24681 + RESERVED +CVE-2022-24680 + RESERVED +CVE-2022-24679 + RESERVED +CVE-2022-24678 + RESERVED +CVE-2022-24677 (Admin.php in HYBBS2 through 2.3.2 allows remote code execution because ...) + TODO: check +CVE-2022-24676 (update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file ...) + TODO: check +CVE-2022-24675 + RESERVED +CVE-2022-24674 + RESERVED +CVE-2022-24673 + RESERVED +CVE-2022-24672 + RESERVED +CVE-2022-24383 + RESERVED +CVE-2022-21228 + RESERVED +CVE-2022-21214 + RESERVED +CVE-2022-21202 + RESERVED +CVE-2022-21168 + RESERVED CVE-2022-24671 RESERVED CVE-2022-24670 @@ -50,26 +110,26 @@ CVE-2022-24666 RESERVED CVE-2022-0528 RESERVED -CVE-2022-0527 - RESERVED -CVE-2022-0526 - RESERVED -CVE-2022-0525 - RESERVED -CVE-2022-0524 - RESERVED -CVE-2022-0523 - RESERVED -CVE-2022-0522 - RESERVED -CVE-2022-0521 - RESERVED -CVE-2022-0520 - RESERVED -CVE-2022-0519 - RESERVED -CVE-2022-0518 - RESERVED +CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in Maven org.webjars.npm:github-co ...) + TODO: check +CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in Maven org.webjars.npm:github-co ...) + TODO: check +CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...) + TODO: check +CVE-2022-0524 (Business Logic Errors in Rubygems typo prior to 9.2.7. ...) + TODO: check +CVE-2022-0523 (Expired Pointer Dereference in NPM radare2.js prior to 5.6.2. ...) + TODO: check +CVE-2022-0522 (Access of Memory Location Before Start of Buffer in NPM radare2.js pri ...) + TODO: check +CVE-2022-0521 (Access of Memory Location After End of Buffer in GitHub repository rad ...) + TODO: check +CVE-2022-0520 (Use After Free in NPM radare2.js prior to 5.6.2. ...) + TODO: check +CVE-2022-0519 (Buffer Access with Incorrect Length Value in GitHub repository radareo ...) + TODO: check +CVE-2022-0518 (Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.2. ...) + TODO: check CVE-2022-0517 RESERVED CVE-2022-0516 @@ -1748,7 +1808,7 @@ CVE-2022-24032 (Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to us NOT-FOR-US: Adenza AxiomSL ControllerView CVE-2022-24031 (An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kern ...) NOT-FOR-US: Insyde -CVE-2022-24030 (SMM memory corruption vulnerability allowing a possible attacker to wr ...) +CVE-2022-24030 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...) NOT-FOR-US: Insyde CVE-2022-24029 RESERVED @@ -2794,10 +2854,10 @@ CVE-2022-23629 RESERVED CVE-2022-23628 RESERVED -CVE-2022-23627 - RESERVED -CVE-2022-23626 - RESERVED +CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of idlin ...) + TODO: check +CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...) + TODO: check CVE-2022-23625 RESERVED CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScript. Fro ...) @@ -7912,8 +7972,8 @@ CVE-2022-21715 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack - codeigniter <itp> (bug #471583) CVE-2022-21714 RESERVED -CVE-2022-21713 - RESERVED +CVE-2022-21713 (Grafana is an open-source platform for monitoring and observability. A ...) + TODO: check CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...) - twisted <unfixed> NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx @@ -7944,10 +8004,10 @@ CVE-2022-21704 (log4js-node is a port of log4js to node.js. In affected versions NOTE: https://github.com/log4js-node/streamroller/pull/87 NOTE: https://github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q NOTE: https://github.com/log4js-node/log4js-node/blob/v6.4.0/CHANGELOG.md#640 -CVE-2022-21703 - RESERVED -CVE-2022-21702 - RESERVED +CVE-2022-21703 (Grafana is an open-source platform for monitoring and observability. A ...) + TODO: check +CVE-2022-21702 (Grafana is an open-source platform for monitoring and observability. I ...) + TODO: check CVE-2022-21701 (Istio is an open platform to connect, manage, and secure microservices ...) NOT-FOR-US: Istio CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed for build ...) |