From b361259ee645e28648a3c98463ac9c1a6634c14b Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 26 Jan 2022 08:10:15 +0000 Subject: automatic update --- data/CVE/list.2017 | 1 + data/CVE/list.2018 | 1 + data/CVE/list.2019 | 2 + data/CVE/list.2021 | 74 +++++++++++---------- data/CVE/list.2022 | 188 ++++++++++++++++++++++++++++++++++------------------- 5 files changed, 163 insertions(+), 103 deletions(-) diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index 8a4542f206..5f7292f72d 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -6867,6 +6867,7 @@ CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that coul NOTE: For src:wayland originally fixed in 1.14.0-2 but the 1.15.0-1 upload NOTE: did not merge in the 1.14.0-2 upload. CVE-2017-16611 (In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker ...) + {DLA-2901-1} - libxfont 1:2.0.3-1 (low; bug #883929) [jessie] - libxfont (Minor issue) [wheezy] - libxfont (Minor issue) diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index 2dacee44e8..888cddd21e 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -29645,6 +29645,7 @@ CVE-2018-10196 (NULL pointer dereference vulnerability in the rebuild_vlists fun NOTE: https://gitlab.com/graphviz/graphviz/issues/1367 NOTE: https://issuetracker.google.com/issues/77810342 CVE-2018-10195 (lrzsz before version 0.12.21~rc can leak information to the receiving ...) + {DLA-2900-1} - lrzsz 0.12.21-10 (low; bug #897010) [jessie] - lrzsz (Minor issue) [wheezy] - lrzsz (Minor issue) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index b9f6177b1e..e5699237c4 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -1,3 +1,5 @@ +CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in the relea ...) + TODO: check CVE-2019-25055 (An issue was discovered in the libpulse-binding crate before 2.6.0 for ...) NOT-FOR-US: Rust crate libpulse-binding CVE-2019-25054 (An issue was discovered in the pnet crate before 0.27.2 for Rust. Ther ...) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index e1043a5227..09b42eeb47 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,7 @@ +CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...) + TODO: check +CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...) + TODO: check CVE-2021-4215 RESERVED CVE-2021-4214 @@ -607,8 +611,8 @@ CVE-2021-46285 RESERVED CVE-2021-46284 RESERVED -CVE-2021-45729 - RESERVED +CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...) + TODO: check CVE-2021-44779 RESERVED CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...) @@ -2799,8 +2803,7 @@ CVE-2021-4147 [deadlock and crash in libxl driver] NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340 CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...) NOT-FOR-US: pimcore -CVE-2021-4145 [NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c] - RESERVED +CVE-2021-4145 (A NULL pointer dereference issue was found in the block mirror layer o ...) - qemu 1:6.2+dfsg-1 [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) @@ -3588,8 +3591,7 @@ CVE-2021-4135 NOTE: CONFIG_NETDEVSIM is not set in Debian CVE-2021-4134 RESERVED -CVE-2021-4133 - RESERVED +CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...) NOT-FOR-US: Keycloak CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) NOT-FOR-US: livehelperchat @@ -7201,8 +7203,8 @@ CVE-2021-43801 (Mercurius is a GraphQL adapter for Fastify. Any users from Mercu NOT-FOR-US: Mercurius CVE-2021-43800 (Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, dire ...) NOT-FOR-US: Wiki.js -CVE-2021-43799 - RESERVED +CVE-2021-43799 (Zulip is an open-source team collaboration tool. Zulip Server installs ...) + TODO: check CVE-2021-43798 (Grafana is an open-source platform for monitoring and observability. G ...) - grafana CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...) @@ -8521,8 +8523,8 @@ CVE-2021-43300 RESERVED CVE-2021-43299 RESERVED -CVE-2021-43298 - RESERVED +CVE-2021-43298 (The code that performs password matching when using 'Basic' HTTP authe ...) + TODO: check CVE-2021-43297 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 a ...) NOT-FOR-US: Apache Dubbo CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Restricte ...) @@ -12523,8 +12525,8 @@ CVE-2021-41600 RESERVED CVE-2021-41599 RESERVED -CVE-2021-41598 - RESERVED +CVE-2021-41598 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...) + TODO: check CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote ...) NOT-FOR-US: SuiteCRM CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...) @@ -15637,8 +15639,8 @@ CVE-2021-40339 RESERVED CVE-2021-40338 RESERVED -CVE-2021-40337 - RESERVED +CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...) + TODO: check CVE-2021-40336 RESERVED CVE-2021-40335 @@ -16037,8 +16039,8 @@ CVE-2021-40169 RESERVED CVE-2021-40168 RESERVED -CVE-2021-40167 - RESERVED +CVE-2021-40167 (A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017 ...) + TODO: check CVE-2021-40166 RESERVED CVE-2021-40165 @@ -16053,10 +16055,10 @@ CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution thr NOT-FOR-US: Autodesk CVE-2021-40160 (A maliciously crafted PDF file prior to 9.0.7 may be forced to read be ...) NOT-FOR-US: Autodesk -CVE-2021-40159 - RESERVED -CVE-2021-40158 - RESERVED +CVE-2021-40159 (An Information Disclosure vulnerability for JT files in Autodesk Inven ...) + TODO: check +CVE-2021-40158 (A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2 ...) + TODO: check CVE-2021-40157 (A user may be tricked into opening a malicious FBX file which may expl ...) NOT-FOR-US: Autodesk CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...) @@ -21016,8 +21018,8 @@ CVE-2021-38131 RESERVED CVE-2021-38130 RESERVED -CVE-2021-38129 - RESERVED +CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...) + TODO: check CVE-2021-38128 RESERVED CVE-2021-38127 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) @@ -25308,12 +25310,12 @@ CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authen NOT-FOR-US: Dell CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior contain a Ser ...) NOT-FOR-US: EMC -CVE-2021-36348 - RESERVED -CVE-2021-36347 - RESERVED -CVE-2021-36346 - RESERVED +CVE-2021-36348 (iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnera ...) + TODO: check +CVE-2021-36347 (iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82. ...) + TODO: check +CVE-2021-36346 (Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service v ...) + TODO: check CVE-2021-36345 RESERVED CVE-2021-36344 @@ -25412,12 +25414,12 @@ CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky crypt NOT-FOR-US: EMC CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search ...) NOT-FOR-US: SupportAssist Client (Dell) -CVE-2021-36296 - RESERVED -CVE-2021-36295 - RESERVED -CVE-2021-36294 - RESERVED +CVE-2021-36296 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) + TODO: check +CVE-2021-36295 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) + TODO: check +CVE-2021-36294 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) + TODO: check CVE-2021-36293 RESERVED CVE-2021-36292 @@ -25426,8 +25428,8 @@ CVE-2021-36291 RESERVED CVE-2021-36290 RESERVED -CVE-2021-36289 - RESERVED +CVE-2021-36289 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensi ...) + TODO: check CVE-2021-36288 RESERVED CVE-2021-36287 diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index b2fe6dc545..94a08782e3 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,61 @@ +CVE-2022-23973 + RESERVED +CVE-2022-23972 + RESERVED +CVE-2022-23971 + RESERVED +CVE-2022-23970 + RESERVED +CVE-2022-23969 + RESERVED +CVE-2022-23968 (Xerox VersaLink devices through 2022-01-24 allow remote attackers to b ...) + TODO: check +CVE-2022-23967 + RESERVED +CVE-2022-23966 + RESERVED +CVE-2022-23965 + RESERVED +CVE-2022-23964 + RESERVED +CVE-2022-23963 + RESERVED +CVE-2022-23962 + RESERVED +CVE-2022-23961 + RESERVED +CVE-2022-23960 + RESERVED +CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 ...) + TODO: check +CVE-2022-23958 + RESERVED +CVE-2022-23957 + RESERVED +CVE-2022-23956 + RESERVED +CVE-2022-23955 + RESERVED +CVE-2022-23954 + RESERVED +CVE-2022-23953 + RESERVED +CVE-2022-23952 + RESERVED +CVE-2022-23951 + RESERVED +CVE-2022-23950 + RESERVED +CVE-2022-23949 + RESERVED +CVE-2022-23948 + RESERVED +CVE-2022-0371 + RESERVED +CVE-2022-0370 + RESERVED +CVE-2022-0369 + RESERVED CVE-2022-23947 RESERVED CVE-2022-23946 @@ -91,8 +149,8 @@ CVE-2022-21201 RESERVED CVE-2022-21178 RESERVED -CVE-2022-0355 - RESERVED +CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in NPM hiep ...) + TODO: check CVE-2022-0354 RESERVED CVE-2022-0353 @@ -345,17 +403,13 @@ CVE-2022-21143 RESERVED CVE-2022-21141 RESERVED -CVE-2022-0335 - RESERVED +CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) - moodle -CVE-2022-0334 - RESERVED +CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) - moodle -CVE-2022-0333 - RESERVED +CVE-2022-0333 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) - moodle -CVE-2022-0332 - RESERVED +CVE-2022-0332 (A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injectio ...) - moodle CVE-2022-0331 RESERVED @@ -1589,8 +1643,8 @@ CVE-2022-0272 RESERVED CVE-2022-0271 RESERVED -CVE-2022-0270 - RESERVED +CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes im ...) + TODO: check CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm ...) TODO: check CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to ...) @@ -1784,8 +1838,8 @@ CVE-2022-23260 RESERVED CVE-2022-23259 RESERVED -CVE-2022-23258 - RESERVED +CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability. ...) + TODO: check CVE-2022-23257 RESERVED CVE-2022-23256 @@ -2425,56 +2479,56 @@ CVE-2022-23033 (arm: guest_physmap_remove_page not removing the p2m mappings The [buster] - xen (Vulnerable code introduced later) [stretch] - xen (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-393.html -CVE-2022-23032 - RESERVED -CVE-2022-23031 - RESERVED -CVE-2022-23030 - RESERVED -CVE-2022-23029 - RESERVED -CVE-2022-23028 - RESERVED -CVE-2022-23027 - RESERVED -CVE-2022-23026 - RESERVED -CVE-2022-23025 - RESERVED -CVE-2022-23024 - RESERVED -CVE-2022-23023 - RESERVED -CVE-2022-23022 - RESERVED -CVE-2022-23021 - RESERVED -CVE-2022-23020 - RESERVED -CVE-2022-23019 - RESERVED -CVE-2022-23018 - RESERVED -CVE-2022-23017 - RESERVED -CVE-2022-23016 - RESERVED -CVE-2022-23015 - RESERVED -CVE-2022-23014 - RESERVED -CVE-2022-23013 - RESERVED -CVE-2022-23012 - RESERVED -CVE-2022-23011 - RESERVED -CVE-2022-23010 - RESERVED -CVE-2022-23009 - RESERVED -CVE-2022-23008 - RESERVED +CVE-2022-23032 (In all versions before 7.2.1.4, when proxy settings are configured in ...) + TODO: check +CVE-2022-23031 (On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15 ...) + TODO: check +CVE-2022-23030 (On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before ...) + TODO: check +CVE-2022-23029 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...) + TODO: check +CVE-2022-23028 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x ...) + TODO: check +CVE-2022-23027 (On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1. ...) + TODO: check +CVE-2022-23026 (On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x ...) + TODO: check +CVE-2022-23025 (On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x b ...) + TODO: check +CVE-2022-23024 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1 ...) + TODO: check +CVE-2022-23023 (On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x ...) + TODO: check +CVE-2022-23022 (On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is config ...) + TODO: check +CVE-2022-23021 (On BIG-IP version 16.1.x before 16.1.2, when any of the following conf ...) + TODO: check +CVE-2022-23020 (On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' se ...) + TODO: check +CVE-2022-23019 (On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x ...) + TODO: check +CVE-2022-23018 (On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14 ...) + TODO: check +CVE-2022-23017 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...) + TODO: check +CVE-2022-23016 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...) + TODO: check +CVE-2022-23015 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14. ...) + TODO: check +CVE-2022-23014 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...) + TODO: check +CVE-2022-23013 (On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1 ...) + TODO: check +CVE-2022-23012 (On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, ...) + TODO: check +CVE-2022-23011 (On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 ...) + TODO: check +CVE-2022-23010 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x ...) + TODO: check +CVE-2022-23009 (On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated ad ...) + TODO: check +CVE-2022-23008 (On NGINX Controller API Management versions 3.18.0-3.19.0, an authenti ...) + TODO: check CVE-2022-23007 RESERVED CVE-2022-23006 @@ -3029,8 +3083,8 @@ CVE-2022-22791 RESERVED CVE-2022-22790 RESERVED -CVE-2022-22789 - RESERVED +CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover – An attacker ...) + TODO: check CVE-2022-22788 RESERVED CVE-2022-22787 @@ -3135,7 +3189,7 @@ CVE-2022-22748 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22748 CVE-2022-22747 RESERVED - {DSA-5045-1 DSA-5044-1 DLA-2898-1 DLA-2881-1 DLA-2880-1} + {DSA-5062-1 DSA-5045-1 DSA-5044-1 DLA-2898-1 DLA-2881-1 DLA-2880-1} - nss 2:3.73-1 - firefox 96.0-1 - firefox-esr 91.5.0esr-1 -- cgit v1.2.3