From 285102aa5e8ac43f35fda2f1c34364aec1784040 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 21 Jan 2022 20:10:27 +0000 Subject: automatic update --- data/CVE/list.2020 | 30 ++++++------ data/CVE/list.2021 | 138 +++++++++++++++++++++++++++-------------------------- data/CVE/list.2022 | 119 ++++++++++++++++++++++++++++++++++++--------- 3 files changed, 182 insertions(+), 105 deletions(-) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index e3037f3bdd..9ff4c7ac43 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -17396,7 +17396,7 @@ CVE-2020-23906 (FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be84216c53a4ed81573c82320e9c4a20e9b349d9 (n4.3.1) CVE-2020-23905 RESERVED -CVE-2020-23904 (A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers t ...) +CVE-2020-23904 (** DISPUTED ** A stack buffer overflow in speexenc.c of Speex v1.2 all ...) - speex [bullseye] - speex (Minor issue) [buster] - speex (Minor issue) @@ -25983,14 +25983,14 @@ CVE-2020-19863 RESERVED CVE-2020-19862 RESERVED -CVE-2020-19861 - RESERVED -CVE-2020-19860 - RESERVED +CVE-2020-19861 (When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt ...) + TODO: check +CVE-2020-19860 (When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_ ...) + TODO: check CVE-2020-19859 RESERVED -CVE-2020-19858 - RESERVED +CVE-2020-19858 (Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerabilit ...) + TODO: check CVE-2020-19857 RESERVED CVE-2020-19856 @@ -62058,16 +62058,16 @@ CVE-2020-4881 (IBM Planning Analytics 2.0 could allow a remote attacker to obtai NOT-FOR-US: IBM CVE-2020-4880 RESERVED -CVE-2020-4879 - RESERVED +CVE-2020-4879 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote ...) + TODO: check CVE-2020-4878 RESERVED -CVE-2020-4877 - RESERVED -CVE-2020-4876 - RESERVED -CVE-2020-4875 - RESERVED +CVE-2020-4877 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable t ...) + TODO: check +CVE-2020-4876 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an X ...) + TODO: check +CVE-2020-4875 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an X ...) + TODO: check CVE-2020-4874 RESERVED CVE-2020-4873 (IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive ...) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 215a1faa61..9d91971c3a 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,7 @@ +CVE-2021-46403 + RESERVED +CVE-2021-4208 + RESERVED CVE-2021-46402 RESERVED CVE-2021-46401 @@ -184,12 +188,12 @@ CVE-2021-46311 RESERVED CVE-2021-46310 RESERVED -CVE-2021-46309 - RESERVED -CVE-2021-46308 - RESERVED -CVE-2021-46307 - RESERVED +CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...) + TODO: check +CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...) + TODO: check +CVE-2021-46307 (An SQL Injection vulnerability exists in Projectworlds Online Examinat ...) + TODO: check CVE-2021-46306 RESERVED CVE-2021-46305 @@ -410,14 +414,14 @@ CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read v NOT-FOR-US: Taocms CVE-2021-46202 RESERVED -CVE-2021-46201 - RESERVED -CVE-2021-46200 - RESERVED +CVE-2021-46201 (An SQL Injection vulnerability exists in Sourcecodester Online Resort ...) + TODO: check +CVE-2021-46200 (An SQL Injection vulnerability exists in Sourcecodester Simple Music C ...) + TODO: check CVE-2021-46199 RESERVED -CVE-2021-46198 - RESERVED +CVE-2021-46198 (An SQL Injection vulnerability exists in Sourceodester Courier Managem ...) + TODO: check CVE-2021-46197 RESERVED CVE-2021-46196 @@ -2294,7 +2298,7 @@ CVE-2021-4159 RESERVED CVE-2021-45464 RESERVED -CVE-2021-45463 (GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allo ...) +CVE-2021-45463 (load_cache in GEGL before 0.4.34 allows shell expansion when a pathnam ...) - gegl 1:0.4.34-1 (bug #1002661) [bullseye] - gegl (Minor issue) [buster] - gegl (Minor issue) @@ -4632,8 +4636,8 @@ CVE-2021-44595 RESERVED CVE-2021-44594 RESERVED -CVE-2021-44593 - RESERVED +CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...) + TODO: check CVE-2021-44592 RESERVED CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...) @@ -5088,8 +5092,8 @@ CVE-2021-23223 RESERVED CVE-2021-23179 RESERVED -CVE-2021-44464 - RESERVED +CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...) + TODO: check CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...) NOT-FOR-US: mySCADA myPRO CVE-2021-44451 @@ -5136,30 +5140,30 @@ CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All version NOT-FOR-US: Siemens CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions < ...) NOT-FOR-US: Siemens -CVE-2021-43355 - RESERVED -CVE-2021-41835 - RESERVED +CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + TODO: check +CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...) + TODO: check CVE-2021-4035 RESERVED -CVE-2021-33848 - RESERVED -CVE-2021-33846 - RESERVED -CVE-2021-33843 - RESERVED -CVE-2021-31562 - RESERVED -CVE-2021-23236 - RESERVED -CVE-2021-23233 - RESERVED -CVE-2021-23207 - RESERVED -CVE-2021-23196 - RESERVED -CVE-2021-23195 - RESERVED +CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + TODO: check +CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + TODO: check +CVE-2021-33843 (Fresenius Kabi Agilia Link + version 3.0 has a default configuration p ...) + TODO: check +CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 ...) + TODO: check +CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device. ...) + TODO: check +CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can ...) + TODO: check +CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...) + TODO: check +CVE-2021-23196 (The web application on Agilia Link+ version 3.0 implements authenticat ...) + TODO: check +CVE-2021-23195 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + TODO: check CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...) NOT-FOR-US: Serva CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...) @@ -5563,8 +5567,7 @@ CVE-2021-44237 RESERVED CVE-2021-44236 RESERVED -CVE-2021-4032 [kvm: mishandling of memory error during VCPU construction can lead to DoS] - RESERVED +CVE-2021-4032 (A vulnerability was found in the Linux kernel's KVM subsystem in arch/ ...) - linux (Vulnerable code introduced in 5.15-rc1; fixed in 5.15-rc7) NOTE: https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7) CVE-2021-4031 @@ -5728,8 +5731,8 @@ CVE-2021-44197 RESERVED CVE-2021-44196 RESERVED -CVE-2021-4016 - RESERVED +CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...) + TODO: check CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: firefly-iii CVE-2021-4014 @@ -6015,8 +6018,7 @@ CVE-2021-44081 RESERVED CVE-2021-44080 RESERVED -CVE-2021-4001 [race condition when the EBPF map is frozen] - RESERVED +CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier between ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code introduced later) @@ -13888,8 +13890,8 @@ CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Esca NOT-FOR-US: Auerswald COMpact 5500R devices CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...) NOT-FOR-US: Auerswald -CVE-2021-40855 - RESERVED +CVE-2021-40855 (The EU Technical Specifications for Digital COVID Certificates before ...) + TODO: check CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...) NOT-FOR-US: AnyDesk CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...) @@ -14266,16 +14268,16 @@ CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 R NOT-FOR-US: Adobe CVE-2021-40696 RESERVED -CVE-2021-40695 - RESERVED -CVE-2021-40694 - RESERVED -CVE-2021-40693 - RESERVED -CVE-2021-40692 - RESERVED -CVE-2021-40691 - RESERVED +CVE-2021-40695 (It was possible for a student to view their quiz grade before it had b ...) + TODO: check +CVE-2021-40694 (Insufficient escaping of the LaTeX preamble made it possible for site ...) + TODO: check +CVE-2021-40693 (An authentication bypass risk was identified in the external database ...) + TODO: check +CVE-2021-40692 (Insufficient capability checks made it possible for teachers to downlo ...) + TODO: check +CVE-2021-40691 (A session hijack risk was identified in the Shibboleth authentication ...) + TODO: check CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) {DSA-5010-1 DLA-2767-1} - libxml-security-java 2.1.7-1 (bug #994569) @@ -14495,8 +14497,8 @@ CVE-2021-40597 RESERVED CVE-2021-40596 RESERVED -CVE-2021-40595 - RESERVED +CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management ...) + TODO: check CVE-2021-40594 RESERVED CVE-2021-40593 @@ -15396,8 +15398,8 @@ CVE-2021-40249 RESERVED CVE-2021-40248 RESERVED -CVE-2021-40247 - RESERVED +CVE-2021-40247 (SQL injection vulnerability in Sourcecodester Budget and Expense Track ...) + TODO: check CVE-2021-40246 RESERVED CVE-2021-40245 @@ -27922,10 +27924,10 @@ CVE-2021-35006 RESERVED CVE-2021-35005 RESERVED -CVE-2021-35004 - RESERVED -CVE-2021-35003 - RESERVED +CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check CVE-2021-35002 RESERVED CVE-2021-35001 @@ -30242,8 +30244,8 @@ CVE-2021-33968 RESERVED CVE-2021-33967 RESERVED -CVE-2021-33966 - RESERVED +CVE-2021-33966 (Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows auth ...) + TODO: check CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) @@ -32224,7 +32226,7 @@ CVE-2021-33180 (Improper neutralization of special elements used in an SQL comma NOT-FOR-US: Synology CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...) NOT-FOR-US: Nagios XI -CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...) +CVE-2021-33178 (The Manage Backgrounds functionality within NagVis versions prior to 1 ...) - nagvis 1:1.9.29-1 [bullseye] - nagvis (Minor issue) [buster] - nagvis (Minor issue) diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index f6db88cfdf..778c5acaa5 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,75 @@ +CVE-2022-23834 + RESERVED +CVE-2022-23833 + RESERVED +CVE-2022-23832 + RESERVED +CVE-2022-23831 + RESERVED +CVE-2022-23830 + RESERVED +CVE-2022-23829 + RESERVED +CVE-2022-23828 + RESERVED +CVE-2022-23827 + RESERVED +CVE-2022-23826 + RESERVED +CVE-2022-23825 + RESERVED +CVE-2022-23824 + RESERVED +CVE-2022-23823 + RESERVED +CVE-2022-23822 + RESERVED +CVE-2022-23821 + RESERVED +CVE-2022-23820 + RESERVED +CVE-2022-23819 + RESERVED +CVE-2022-23818 + RESERVED +CVE-2022-23817 + RESERVED +CVE-2022-23816 + RESERVED +CVE-2022-23815 + RESERVED +CVE-2022-23814 + RESERVED +CVE-2022-23813 + RESERVED +CVE-2022-22146 + RESERVED +CVE-2022-21193 + RESERVED +CVE-2022-21176 + RESERVED +CVE-2022-21143 + RESERVED +CVE-2022-21141 + RESERVED +CVE-2022-0335 + RESERVED +CVE-2022-0334 + RESERVED +CVE-2022-0333 + RESERVED +CVE-2022-0332 + RESERVED +CVE-2022-0331 + RESERVED +CVE-2022-0330 + RESERVED +CVE-2022-0329 (Code Injection in PyPi loguru prior to and including 0.5.3. ...) + TODO: check +CVE-2022-0328 + RESERVED +CVE-2022-0327 + RESERVED CVE-2022-23809 RESERVED CVE-2022-23808 @@ -66,18 +138,18 @@ CVE-2022-23780 RESERVED CVE-2022-21147 RESERVED -CVE-2022-0323 - RESERVED +CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template Engine ...) + TODO: check CVE-2022-0322 RESERVED CVE-2022-0321 RESERVED CVE-2022-0320 RESERVED -CVE-2022-0319 - RESERVED -CVE-2022-0318 - RESERVED +CVE-2022-0319 (Out-of-bounds Read in Conda vim prior to 8.2. ...) + TODO: check +CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...) + TODO: check CVE-2022-0317 RESERVED CVE-2022-0316 @@ -186,8 +258,8 @@ CVE-2022-23730 RESERVED CVE-2022-23729 RESERVED -CVE-2022-23728 - RESERVED +CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...) + TODO: check CVE-2022-23727 RESERVED CVE-2022-23726 @@ -1162,7 +1234,7 @@ CVE-2022-21801 RESERVED CVE-2022-21796 RESERVED -CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NPM cypress-orchardcore prior t ...) +CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...) NOT-FOR-US: Orchard CMS CVE-2022-0273 RESERVED @@ -1257,7 +1329,7 @@ CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelper NOT-FOR-US: livehelperchat CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab -CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/or ...) +CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...) TODO: check CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...) - apache-log4j1.2 @@ -1436,8 +1508,8 @@ CVE-2022-23223 RESERVED CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...) TODO: check -CVE-2022-23220 [usbview polkit policy local root exploit] - RESERVED +CVE-2022-23220 (USBView 2.1 before 2.2 allows some local users (e.g., ones logged in v ...) + {DSA-5052-1} - usbview 2.0-21-g6fe2f4f-2.1 [stretch] - usbview (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/01/21/1 @@ -1740,14 +1812,14 @@ CVE-2022-23131 (In the case of instances where the SAML SSO authentication is en - zabbix NOTE: https://support.zabbix.com/browse/ZBX-20350 TODO: check, possibly only affecting 5.4.0 onwards -CVE-2022-23130 - RESERVED -CVE-2022-23129 - RESERVED -CVE-2022-23128 - RESERVED -CVE-2022-23127 - RESERVED +CVE-2022-23130 (Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versi ...) + TODO: check +CVE-2022-23129 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric M ...) + TODO: check +CVE-2022-23128 (Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Elect ...) + TODO: check +CVE-2022-23127 (Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 v ...) + TODO: check CVE-2022-23126 RESERVED CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) @@ -2498,14 +2570,17 @@ CVE-2022-22819 CVE-2022-22818 RESERVED CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitra ...) + {DSA-5053-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval NOTE: https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11 (9.0.0) CVE-2022-22816 (path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read d ...) + {DSA-5053-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling NOTE: https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c (9.0.0) CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly initializes I ...) + {DSA-5053-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling NOTE: https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c (9.0.0) @@ -4760,8 +4835,8 @@ CVE-2022-21935 RESERVED CVE-2022-21934 RESERVED -CVE-2022-21933 - RESERVED +CVE-2022-21933 (ASUS VivoMini/Mini PC device has an improper input validation vulnerab ...) + TODO: check CVE-2022-21932 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21931 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...) -- cgit v1.2.3