From f64ee9bc35e77c1c3427712c8c27a7dda449dd5e Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 27 Jan 2022 08:10:17 +0000 Subject: automatic update --- data/CVE/list.2021 | 212 ++++++++++++++++++++++++++++++++++++++++++++++++++--- data/CVE/list.2022 | 96 ++++++++++++++++++++---- 2 files changed, 284 insertions(+), 24 deletions(-) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index c824f23dd3..85b608f1a1 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,193 @@ +CVE-2021-46656 + RESERVED +CVE-2021-46655 + RESERVED +CVE-2021-46654 + RESERVED +CVE-2021-46653 + RESERVED +CVE-2021-46652 + RESERVED +CVE-2021-46651 + RESERVED +CVE-2021-46650 + RESERVED +CVE-2021-46649 + RESERVED +CVE-2021-46648 + RESERVED +CVE-2021-46647 + RESERVED +CVE-2021-46646 + RESERVED +CVE-2021-46645 + RESERVED +CVE-2021-46644 + RESERVED +CVE-2021-46643 + RESERVED +CVE-2021-46642 + RESERVED +CVE-2021-46641 + RESERVED +CVE-2021-46640 + RESERVED +CVE-2021-46639 + RESERVED +CVE-2021-46638 + RESERVED +CVE-2021-46637 + RESERVED +CVE-2021-46636 + RESERVED +CVE-2021-46635 + RESERVED +CVE-2021-46634 + RESERVED +CVE-2021-46633 + RESERVED +CVE-2021-46632 + RESERVED +CVE-2021-46631 + RESERVED +CVE-2021-46630 + RESERVED +CVE-2021-46629 + RESERVED +CVE-2021-46628 + RESERVED +CVE-2021-46627 + RESERVED +CVE-2021-46626 + RESERVED +CVE-2021-46625 + RESERVED +CVE-2021-46624 + RESERVED +CVE-2021-46623 + RESERVED +CVE-2021-46622 + RESERVED +CVE-2021-46621 + RESERVED +CVE-2021-46620 + RESERVED +CVE-2021-46619 + RESERVED +CVE-2021-46618 + RESERVED +CVE-2021-46617 + RESERVED +CVE-2021-46616 + RESERVED +CVE-2021-46615 + RESERVED +CVE-2021-46614 + RESERVED +CVE-2021-46613 + RESERVED +CVE-2021-46612 + RESERVED +CVE-2021-46611 + RESERVED +CVE-2021-46610 + RESERVED +CVE-2021-46609 + RESERVED +CVE-2021-46608 + RESERVED +CVE-2021-46607 + RESERVED +CVE-2021-46606 + RESERVED +CVE-2021-46605 + RESERVED +CVE-2021-46604 + RESERVED +CVE-2021-46603 + RESERVED +CVE-2021-46602 + RESERVED +CVE-2021-46601 + RESERVED +CVE-2021-46600 + RESERVED +CVE-2021-46599 + RESERVED +CVE-2021-46598 + RESERVED +CVE-2021-46597 + RESERVED +CVE-2021-46596 + RESERVED +CVE-2021-46595 + RESERVED +CVE-2021-46594 + RESERVED +CVE-2021-46593 + RESERVED +CVE-2021-46592 + RESERVED +CVE-2021-46591 + RESERVED +CVE-2021-46590 + RESERVED +CVE-2021-46589 + RESERVED +CVE-2021-46588 + RESERVED +CVE-2021-46587 + RESERVED +CVE-2021-46586 + RESERVED +CVE-2021-46585 + RESERVED +CVE-2021-46584 + RESERVED +CVE-2021-46583 + RESERVED +CVE-2021-46582 + RESERVED +CVE-2021-46581 + RESERVED +CVE-2021-46580 + RESERVED +CVE-2021-46579 + RESERVED +CVE-2021-46578 + RESERVED +CVE-2021-46577 + RESERVED +CVE-2021-46576 + RESERVED +CVE-2021-46575 + RESERVED +CVE-2021-46574 + RESERVED +CVE-2021-46573 + RESERVED +CVE-2021-46572 + RESERVED +CVE-2021-46571 + RESERVED +CVE-2021-46570 + RESERVED +CVE-2021-46569 + RESERVED +CVE-2021-46568 + RESERVED +CVE-2021-46567 + RESERVED +CVE-2021-46566 + RESERVED +CVE-2021-46565 + RESERVED +CVE-2021-46564 + RESERVED +CVE-2021-46563 + RESERVED +CVE-2021-46562 + RESERVED CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...) NOT-FOR-US: controller/org.controller/org.controller.js in the CVE Services API CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...) @@ -1490,7 +1680,7 @@ CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCI NOTE: Backport to 3.4: https://github.com/OSGeo/gdal/pull/4947 NOTE: https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017 (v3.4.1RC1) NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml -CVE-2021-45942 (OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_ ...) +CVE-2021-45942 (OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...) - openexr [buster] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416 @@ -13573,8 +13763,8 @@ CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser NOT-FOR-US: Snudown CVE-2021-41167 (modern-async is an open source JavaScript tooling library for asynchro ...) NOT-FOR-US: modern-async -CVE-2021-41166 - RESERVED +CVE-2021-41166 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...) + TODO: check CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ...) - ckeditor (bug #999909) [bullseye] - ckeditor (Minor issue) @@ -33479,8 +33669,8 @@ CVE-2021-32851 RESERVED CVE-2021-32850 RESERVED -CVE-2021-32849 - RESERVED +CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to version ...) + TODO: check CVE-2021-32848 RESERVED CVE-2021-32847 @@ -33493,12 +33683,12 @@ CVE-2021-32844 RESERVED CVE-2021-32843 RESERVED -CVE-2021-32842 - RESERVED -CVE-2021-32841 - RESERVED -CVE-2021-32840 - RESERVED +CVE-2021-32842 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...) + TODO: check +CVE-2021-32841 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...) + TODO: check +CVE-2021-32840 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior ...) + TODO: check CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sqlparse ...) - sqlparse 0.4.2-1 (bug #994841) [bullseye] - sqlparse (Minor issue) diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 5ff812ee74..4be70b98ee 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,73 @@ +CVE-2022-24035 + RESERVED +CVE-2022-24034 + RESERVED +CVE-2022-24033 + RESERVED +CVE-2022-24032 + RESERVED +CVE-2022-24031 + RESERVED +CVE-2022-24030 + RESERVED +CVE-2022-24029 + RESERVED +CVE-2022-24028 + RESERVED +CVE-2022-24027 + RESERVED +CVE-2022-24026 + RESERVED +CVE-2022-24025 + RESERVED +CVE-2022-24024 + RESERVED +CVE-2022-24023 + RESERVED +CVE-2022-24022 + RESERVED +CVE-2022-24021 + RESERVED +CVE-2022-24020 + RESERVED +CVE-2022-24019 + RESERVED +CVE-2022-24018 + RESERVED +CVE-2022-24017 + RESERVED +CVE-2022-24016 + RESERVED +CVE-2022-24015 + RESERVED +CVE-2022-24014 + RESERVED +CVE-2022-24013 + RESERVED +CVE-2022-24012 + RESERVED +CVE-2022-24011 + RESERVED +CVE-2022-24010 + RESERVED +CVE-2022-24009 + RESERVED +CVE-2022-24008 + RESERVED +CVE-2022-24007 + RESERVED +CVE-2022-24006 + RESERVED +CVE-2022-24005 + RESERVED +CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + TODO: check +CVE-2022-0386 + RESERVED +CVE-2022-0385 + RESERVED +CVE-2022-0384 + RESERVED CVE-2022-24004 RESERVED CVE-2022-24003 @@ -93,10 +163,10 @@ CVE-2022-23970 RESERVED CVE-2022-23969 RESERVED -CVE-2022-23968 (Xerox VersaLink devices through 2022-01-24 allow remote attackers to b ...) +CVE-2022-23968 (Xerox VersaLink devices on specific versions of firmware before 2022-0 ...) NOT-FOR-US: Xerox -CVE-2022-23967 - RESERVED +CVE-2022-23967 (In TightVNC 1.3.10, there is an integer signedness error and resultant ...) + TODO: check CVE-2022-23966 RESERVED CVE-2022-23965 @@ -141,8 +211,8 @@ CVE-2022-23948 RESERVED CVE-2022-0371 RESERVED -CVE-2022-0370 - RESERVED +CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + TODO: check CVE-2022-0369 RESERVED CVE-2022-23947 @@ -3094,8 +3164,8 @@ CVE-2022-22830 RESERVED CVE-2022-22829 RESERVED -CVE-2022-22828 - RESERVED +CVE-2022-22828 (An insecure direct object reference for the file-download URL in Synam ...) + TODO: check CVE-2022-0156 (vim is vulnerable to Use After Free ...) - vim [bullseye] - vim (Minor issue) @@ -5854,10 +5924,10 @@ CVE-2022-21725 RESERVED CVE-2022-21724 RESERVED -CVE-2022-21723 - RESERVED -CVE-2022-21722 - RESERVED +CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...) + TODO: check +CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...) + TODO: check CVE-2022-21721 RESERVED CVE-2022-21720 @@ -5943,8 +6013,8 @@ CVE-2022-21688 (OnionShare is an open source tool that lets you securely and ano NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v CVE-2022-21687 RESERVED -CVE-2022-21686 - RESERVED +CVE-2022-21686 (PrestaShop is an Open Source e-commerce platform. Starting with versio ...) + TODO: check CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...) TODO: check CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior to 2.7 ...) -- cgit v1.2.3