From 7d151558ef36947c4bd09680c0938bf4f1646d0e Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 18 Feb 2022 20:10:22 +0000 Subject: automatic update --- data/CVE/list.2016 | 5 +- data/CVE/list.2020 | 20 ++++---- data/CVE/list.2021 | 86 ++++++++++++++++------------------ data/CVE/list.2022 | 135 ++++++++++++++++++++++++++++++++++------------------- 4 files changed, 138 insertions(+), 108 deletions(-) diff --git a/data/CVE/list.2016 b/data/CVE/list.2016 index b045c03cb4..f8b7f0c111 100644 --- a/data/CVE/list.2016 +++ b/data/CVE/list.2016 @@ -25811,7 +25811,7 @@ CVE-2016-2410 (A Qualcomm video kernel driver in Android 6.x before 2016-04-01 a NOT-FOR-US: Android CVE-2016-2409 (A Texas Instruments (TI) haptic kernel driver in Android 6.x before 20 ...) NOT-FOR-US: Android -CVE-2016-2408 (An unspecified client-side component in Pulse Secure Desktop Client be ...) +CVE-2016-2408 (Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service b ...) NOT-FOR-US: Pulse Secure Desktop Client CVE-2016-2407 REJECTED @@ -26872,8 +26872,7 @@ CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 alwa - samba 2:4.5.2+dfsg-2 NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch -CVE-2016-2124 [SMB1 client connections can be downgraded to plaintext authentication] - RESERVED +CVE-2016-2124 (A flaw was found in the way samba implemented SMB1 authentication. An ...) {DSA-5003-1} - samba 2:4.13.14+dfsg-1 [buster] - samba (Minor issue) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 60cebc2cb5..e7adfd5490 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -12992,8 +12992,7 @@ CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI emulation - qemu 1:5.2+dfsg-1 (bug #975276) [buster] - qemu (Fix along in future DSA) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6 (v5.2.0-rc0) -CVE-2020-25722 [AD DC UPN vs samAccountName not checked] - RESERVED +CVE-2020-25722 (Multiple flaws were found in the way samba AD DC implemented access an ...) {DSA-5003-1} - samba 2:4.13.14+dfsg-1 [buster] - samba (Intrusive backport; affects Samba as AD DC) @@ -13010,24 +13009,21 @@ CVE-2020-25721 [[Kerberos acceptors need easy access to stable AD identifiers (e NOTE: https://www.samba.org/samba/security/CVE-2020-25721.html CVE-2020-25720 RESERVED -CVE-2020-25719 [AD DC Username based races when no PAC is given] - RESERVED +CVE-2020-25719 (A flaw was found in the way Samba, as an Active Directory Domain Contr ...) {DSA-5003-1} - samba 2:4.13.14+dfsg-1 [buster] - samba (Intrusive backport; affects Samba as AD DC) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14561 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725 NOTE: https://www.samba.org/samba/security/CVE-2020-25719.html -CVE-2020-25718 [An RODC can issue (forge) administrator tickets to other servers] - RESERVED +CVE-2020-25718 (A flaw was found in the way samba, as an Active Directory Domain Contr ...) {DSA-5003-1} - samba 2:4.13.14+dfsg-1 [buster] - samba (Intrusive backport; affects Samba as AD DC) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14558 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725 NOTE: https://www.samba.org/samba/security/CVE-2020-25718.html -CVE-2020-25717 [A user on the domain can become root on domain members] - RESERVED +CVE-2020-25717 (A flaw was found in the way Samba maps domain users to local users. An ...) {DSA-5015-1 DSA-5003-1} - samba 2:4.13.14+dfsg-1 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14556 @@ -53954,8 +53950,8 @@ CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0. NOTE: https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190 CVE-2020-8243 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web int ...) NOT-FOR-US: Pulse Connect Secure -CVE-2020-8242 - RESERVED +CVE-2020-8242 (Unsanitized user input in ExpressionEngine <= 5.4.0 control panel m ...) + TODO: check CVE-2020-8241 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could al ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8240 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a ...) @@ -54338,8 +54334,8 @@ CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that re NOT-FOR-US: Bitdefender CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...) NOT-FOR-US: Bitdefender -CVE-2020-8107 - RESERVED +CVE-2020-8107 (A Process Control vulnerability in ProductAgentUI.exe as used in Bitde ...) + TODO: check CVE-2020-8106 REJECTED CVE-2020-8105 (OS Command Injection vulnerability in the wirelessConnect handler of A ...) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 167a2b1ead..c4a8c3e782 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,5 @@ +CVE-2021-4221 + RESERVED CVE-2021-46699 RESERVED CVE-2021-4220 @@ -723,8 +725,8 @@ CVE-2021-46374 RESERVED CVE-2021-46373 RESERVED -CVE-2021-46372 - RESERVED +CVE-2021-46372 (Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. Wh ...) + TODO: check CVE-2021-46371 (antd-admin 5.5.0 is affected by an incorrect access control vulnerabil ...) NOT-FOR-US: antd-admin CVE-2021-46370 @@ -1598,10 +1600,10 @@ CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unli - gpac NOTE: https://github.com/gpac/gpac/issues/2000 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f -CVE-2021-46037 - RESERVED -CVE-2021-46036 - RESERVED +CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...) + TODO: check +CVE-2021-46036 (An arbitrary file upload vulnerability in the component /ms/file/uploa ...) + TODO: check CVE-2021-46035 RESERVED CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...) @@ -3230,7 +3232,7 @@ CVE-2021-45446 CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...) NOT-FOR-US: Unisys CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...) - {DSA-5078-1} + {DSA-5078-1 DLA-2926-1} - zsh 5.8.1-1 NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/ NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/ @@ -3333,8 +3335,8 @@ CVE-2021-45402 (The check_alu_op() function in kernel/bpf/verifier.c in the Linu NOTE: https://git.kernel.org/linus/3cf2b61eb06765e27fec6799292d9fb46d0b7e60 NOTE: https://git.kernel.org/linus/b1a7288dedc6caf9023f2676b4f5ed34cf0d4029 NOTE: https://git.kernel.org/linus/e572ff80f05c33cd0cb4860f864f5c9c044280b6 -CVE-2021-45401 - RESERVED +CVE-2021-45401 (A Command injection vulnerability exists in Tenda AC10U AC1200 Smart D ...) + TODO: check CVE-2021-45400 RESERVED CVE-2021-45399 @@ -3411,7 +3413,7 @@ CVE-2021-45366 RESERVED CVE-2021-45365 RESERVED -CVE-2021-45364 (A Code Execution vulnerability exists in Statamic Version through 3.2. ...) +CVE-2021-45364 (** DISPUTED ** A Code Execution vulnerability exists in Statamic Versi ...) NOT-FOR-US: Statamic CVE-2021-45363 RESERVED @@ -4493,8 +4495,8 @@ CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting ( NOT-FOR-US: MiniCMS CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...) NOT-FOR-US: Taocms -CVE-2021-44968 - RESERVED +CVE-2021-44968 (A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 ...) + TODO: check CVE-2021-44967 RESERVED CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...) @@ -4983,8 +4985,7 @@ CVE-2021-4095 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2031194 CVE-2021-4094 RESERVED -CVE-2021-4093 - RESERVED +CVE-2021-4093 (A flaw was found in the KVM's AMD code for supporting the Secure Encry ...) - linux 5.14.16-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) @@ -4993,14 +4994,12 @@ CVE-2021-4093 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584 CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: yetiforcecrm -CVE-2021-4091 [double-free of the virtual attribute context in persistent search] - RESERVED +CVE-2021-4091 (A double-free was found in the way 389-ds-base handles virtual attribu ...) - 389-ds-base [stretch] - 389-ds-base (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307 NOTE: Introduced by: https://github.com/389ds/389-ds-base/commit/74c666b83e3e1789c2ef3f7935c327bd7555193e (389-ds-base-1.3.6.4) -CVE-2021-4090 [Overflow of bmval[bmlen-1] in nfsd4_decode_bitmap function] - RESERVED +CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw was found in the NFSD in the ...) - linux 5.15.5-1 [bullseye] - linux (Vulnerable code introduced later) [buster] - linux (Vulnerable code introduced later) @@ -5156,9 +5155,11 @@ CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12 NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12) CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine binary when ...) + {DSA-5080-1} - snapd NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2 CVE-2021-44730 (snapd 2.54.2 did not properly validate the location of the snap-confin ...) + {DSA-5080-1} - snapd NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2 CVE-2021-44729 @@ -8243,11 +8244,9 @@ CVE-2021-26248 (Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who i NOT-FOR-US: Philips CVE-2021-3949 RESERVED -CVE-2021-3948 - RESERVED +CVE-2021-3948 (An incorrect default permissions vulnerability was found in the mig-co ...) NOT-FOR-US: Migration Toolkit for Containers -CVE-2021-3947 [NVME: Arbitrary Memory Read] - RESERVED +CVE-2021-3947 (A stack-buffer-overflow was found in QEMU in the NVME component. The f ...) - qemu 1:6.2+dfsg-1 [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) @@ -8778,8 +8777,7 @@ CVE-2021-43401 RESERVED CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: snipe-it -CVE-2021-3930 [off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c] - RESERVED +CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEMU. It ...) - qemu 1:6.2+dfsg-1 [bullseye] - qemu (Minor issue) [buster] - qemu (Minor issue) @@ -19451,8 +19449,8 @@ CVE-2021-39028 RESERVED CVE-2021-39027 RESERVED -CVE-2021-39026 - RESERVED +CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...) + TODO: check CVE-2021-39025 RESERVED CVE-2021-39024 @@ -19633,8 +19631,8 @@ CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an a NOT-FOR-US: IBM CVE-2021-38936 RESERVED -CVE-2021-38935 - RESERVED +CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users should ...) + TODO: check CVE-2021-38934 RESERVED CVE-2021-38933 @@ -24083,8 +24081,7 @@ CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 NOT-FOR-US: Sonatype CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authentication at ...) NOT-FOR-US: CyberArk Identity -CVE-2021-3657 [multiple buffer overflows in isync/mbsync] - RESERVED +CVE-2021-3657 (A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate ...) - isync 1.4.4-1 [bullseye] - isync 1.3.0-2.2+deb11u1 [buster] - isync (Minor issue) @@ -39637,8 +39634,8 @@ CVE-2021-30652 (A race condition was addressed with additional validation. This NOT-FOR-US: Apple CVE-2021-30651 RESERVED -CVE-2021-30650 - RESERVED +CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...) + TODO: check CVE-2021-30649 RESERVED CVE-2021-30648 (The Symantec Advanced Secure Gateway (ASG) and ProxySG web management ...) @@ -49703,10 +49700,10 @@ CVE-2021-26621 RESERVED CVE-2021-26620 RESERVED -CVE-2021-26619 - RESERVED -CVE-2021-26618 - RESERVED +CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary files was ...) + TODO: check +CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...) + TODO: check CVE-2021-26617 RESERVED CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...) @@ -61311,6 +61308,7 @@ CVE-2021-21709 RESERVED CVE-2021-21708 RESERVED + {DSA-5082-1} - php8.1 - php7.4 - php7.3 @@ -61318,6 +61316,7 @@ CVE-2021-21708 NOTE: Fixed in 8.1.3, 7.4.28 NOTE: PHP Bug: https://bugs.php.net/81708 CVE-2021-21707 (In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ...) + {DSA-5082-1} - php8.1 8.1.0-1 - php8.0 - php7.4 7.4.26-1 @@ -64610,8 +64609,7 @@ CVE-2021-20326 (A user authorized to performing a specific type of find query ma - mongodb [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) NOTE: https://jira.mongodb.org/browse/SERVER-53929 -CVE-2021-20325 - RESERVED +CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of ...) - apache2 (Red Hat RHEL 8 specifc regression of CVE-2021-40438 and CVE-2021-26691) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2017321 CVE-2021-20324 @@ -64620,20 +64618,17 @@ CVE-2021-20324 CVE-2021-20323 RESERVED NOT-FOR-US: Keycloak -CVE-2021-20322 [new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies] - RESERVED +CVE-2021-20322 (A flaw in the processing of received ICMP errors (ICMP fragment needed ...) {DLA-2843-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230 -CVE-2021-20321 - RESERVED +CVE-2021-20321 (A race condition accessing file object in the Linux kernel OverlayFS s ...) {DLA-2843-1} - linux 5.14.12-1 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/a295aef603e109a47af355477326bd41151765b6 (5.15-rc5) -CVE-2021-20320 - RESERVED +CVE-2021-20320 (A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf ...) - linux 5.14.9-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 @@ -64655,8 +64650,7 @@ CVE-2021-20316 [buster] - samba (Minor issue; no backport to older versions, mitigations exists) NOTE: https://www.samba.org/samba/security/CVE-2021-20316.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14842 -CVE-2021-20315 [locking protection bypass allow unauthorized user to kill existing applications or start new ones] - RESERVED +CVE-2021-20315 (A locking protection bypass flaw was found in some versions of gnome-s ...) - gnome-shell NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006285 TODO: check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index bdd407bef7..1f02e3760e 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,7 +1,49 @@ -CVE-2022-25323 +CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...) + TODO: check +CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...) + TODO: check +CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for s ...) + TODO: check +CVE-2022-25334 + RESERVED +CVE-2022-25333 + RESERVED +CVE-2022-25332 + RESERVED +CVE-2022-25331 + RESERVED +CVE-2022-25330 + RESERVED +CVE-2022-25329 + RESERVED +CVE-2022-25328 + RESERVED +CVE-2022-25327 + RESERVED +CVE-2022-25326 + RESERVED +CVE-2022-23183 + RESERVED +CVE-2022-21179 + RESERVED +CVE-2022-0683 + RESERVED +CVE-2022-0682 + RESERVED +CVE-2022-0681 + RESERVED +CVE-2022-0680 RESERVED -CVE-2022-25322 +CVE-2022-0679 RESERVED +CVE-2022-0678 + RESERVED +CVE-2022-0677 + RESERVED +CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...) + TODO: check +CVE-2022-25322 (ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. ...) + TODO: check CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...) NOT-FOR-US: Cerebrate CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...) @@ -52,12 +94,12 @@ CVE-2022-21158 RESERVED CVE-2022-0674 RESERVED -CVE-2022-0673 - RESERVED -CVE-2022-0672 - RESERVED -CVE-2022-0671 - RESERVED +CVE-2022-0673 (A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoni ...) + TODO: check +CVE-2022-0672 (A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redi ...) + TODO: check +CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. Schema dow ...) + TODO: check CVE-2022-0670 RESERVED CVE-2022-0669 @@ -66,20 +108,20 @@ CVE-2022-0668 RESERVED CVE-2022-0667 RESERVED -CVE-2022-0666 - RESERVED +CVE-2022-0666 (CRLF Injection leads to Stack Trace Exposure due to lack of filtering ...) + TODO: check CVE-2022-0665 RESERVED -CVE-2022-0664 - RESERVED +CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker ...) + TODO: check CVE-2022-0663 RESERVED CVE-2022-0662 RESERVED CVE-2022-0661 RESERVED -CVE-2022-0660 - RESERVED +CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...) + TODO: check CVE-2022-0659 RESERVED CVE-2022-0658 @@ -92,10 +134,10 @@ CVE-2022-XXXX [Arbitrary File Write Vulnerability ] - libpgjava 42.3.3-1 NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8 NOTE: https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064 (REL42.3.3-rc1) -CVE-2022-25299 - RESERVED -CVE-2022-25298 - RESERVED +CVE-2022-25299 (This affects the package cesanta/mongoose before 7.6. The unsafe handl ...) + TODO: check +CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is possible ...) + TODO: check CVE-2022-25297 RESERVED CVE-2022-25296 @@ -234,8 +276,7 @@ CVE-2022-0648 RESERVED CVE-2022-0647 RESERVED -CVE-2022-0646 [mctp: serial: Cancel pending work from ndo_uninit handler] - RESERVED +CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Transpo ...) - linux NOTE: https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/ CVE-2022-0645 @@ -272,8 +313,8 @@ CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium b NOT-FOR-US: WordPress plugin CVE-2022-0632 RESERVED -CVE-2022-0631 - RESERVED +CVE-2022-0631 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...) + TODO: check CVE-2022-0630 RESERVED CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) @@ -956,8 +997,7 @@ CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3 [buster] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html -CVE-2022-0585 - RESERVED +CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6. ...) - wireshark [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) @@ -1738,6 +1778,7 @@ CVE-2022-0544 RESERVED CVE-2022-0543 [sandbox escape] RESERVED + {DSA-5081-1} - redis (bug #1005787) NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce CVE-2022-0542 @@ -2273,7 +2314,7 @@ CVE-2022-24447 CVE-2022-24446 RESERVED CVE-2022-24445 - RESERVED + REJECTED CVE-2022-24444 RESERVED CVE-2022-24443 @@ -2831,8 +2872,8 @@ CVE-2022-0452 - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0451 - RESERVED +CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih includes aut ...) + TODO: check CVE-2022-0450 RESERVED CVE-2022-0449 @@ -3665,10 +3706,10 @@ CVE-2022-23984 RESERVED CVE-2022-23983 RESERVED -CVE-2022-23982 - RESERVED -CVE-2022-23981 - RESERVED +CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...) + TODO: check +CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...) + TODO: check CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Ye ...) NOT-FOR-US: WordPress plugin CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) @@ -4188,12 +4229,12 @@ CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6. NOT-FOR-US: TransmitMail CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...) NOT-FOR-US: TransmitMail -CVE-2022-21176 - RESERVED -CVE-2022-21143 - RESERVED -CVE-2022-21141 - RESERVED +CVE-2022-21176 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + TODO: check +CVE-2022-21143 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + TODO: check +CVE-2022-21141 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + TODO: check CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) - moodle CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) @@ -4617,8 +4658,8 @@ CVE-2022-23649 RESERVED CVE-2022-23648 RESERVED -CVE-2022-23647 - RESERVED +CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...) + TODO: check CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...) TODO: check CVE-2022-23645 @@ -7383,8 +7424,8 @@ CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5. - radare2 NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/ NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0) -CVE-2022-0138 - RESERVED +CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + TODO: check CVE-2022-0137 RESERVED CVE-2022-0136 @@ -8856,12 +8897,12 @@ CVE-2022-22153 (An Insufficient Algorithmic Complexity combined with an Allocati NOT-FOR-US: Juniper CVE-2022-22152 (A Protection Mechanism Failure vulnerability in the REST API of Junipe ...) NOT-FOR-US: Juniper -CVE-2022-21800 - RESERVED -CVE-2022-21215 - RESERVED -CVE-2022-21196 - RESERVED +CVE-2022-21800 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + TODO: check +CVE-2022-21215 (This vulnerability could allow an attacker to force the server to crea ...) + TODO: check +CVE-2022-21196 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + TODO: check CVE-2022-21155 RESERVED CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...) -- cgit v1.2.3