From 6c670ba6029812f9b9019dec0da21972da15cdb2 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 20 Jan 2022 20:10:16 +0000 Subject: automatic update --- data/CVE/list.2022 | 91 +++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 69 insertions(+), 22 deletions(-) (limited to 'data/CVE/list.2022') diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index fc6847329a..1b265fcf0c 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,49 @@ +CVE-2022-23792 + RESERVED +CVE-2022-23791 + RESERVED +CVE-2022-23790 + RESERVED +CVE-2022-23789 + RESERVED +CVE-2022-23788 + RESERVED +CVE-2022-23787 + RESERVED +CVE-2022-23786 + RESERVED +CVE-2022-23785 + RESERVED +CVE-2022-23784 + RESERVED +CVE-2022-23783 + RESERVED +CVE-2022-23782 + RESERVED +CVE-2022-23781 + RESERVED +CVE-2022-23780 + RESERVED +CVE-2022-21147 + RESERVED +CVE-2022-0323 + RESERVED +CVE-2022-0322 + RESERVED +CVE-2022-0321 + RESERVED +CVE-2022-0320 + RESERVED +CVE-2022-0319 + RESERVED +CVE-2022-0318 + RESERVED +CVE-2022-0317 + RESERVED +CVE-2022-0316 + RESERVED +CVE-2022-0315 + RESERVED CVE-2022-23779 RESERVED CVE-2022-23778 @@ -808,24 +854,24 @@ CVE-2022-0287 RESERVED CVE-2022-0286 RESERVED -CVE-2022-0285 - RESERVED +CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) + TODO: check CVE-2022-0284 RESERVED CVE-2022-0283 RESERVED -CVE-2022-0282 - RESERVED -CVE-2022-0281 - RESERVED +CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11. ...) + TODO: check +CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...) + TODO: check CVE-2022-0280 RESERVED CVE-2022-0279 RESERVED -CVE-2022-0278 - RESERVED -CVE-2022-0277 - RESERVED +CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) + TODO: check +CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...) + TODO: check CVE-2022-23436 RESERVED CVE-2022-23435 (decoding.c in android-gif-drawable before 1.2.24 does not limit the ma ...) @@ -1375,6 +1421,7 @@ CVE-2022-0229 CVE-2022-0228 RESERVED CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...) + {DSA-5050-1} - linux 5.15.15-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) @@ -1430,8 +1477,8 @@ CVE-2022-0221 RESERVED CVE-2022-0220 RESERVED -CVE-2022-0219 - RESERVED +CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...) + TODO: check CVE-2022-0218 RESERVED CVE-2022-0216 @@ -1673,10 +1720,10 @@ CVE-2022-23122 RESERVED CVE-2022-23121 RESERVED -CVE-2022-23120 - RESERVED -CVE-2022-23119 - RESERVED +CVE-2022-23120 (A code injection vulnerability in Trend Micro Deep Security and Cloud ...) + TODO: check +CVE-2022-23119 (A directory traversal vulnerability in Trend Micro Deep Security and C ...) + TODO: check CVE-2022-23118 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements fu ...) NOT-FOR-US: Jenkins plugin CVE-2022-23117 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...) @@ -1733,6 +1780,7 @@ CVE-2022-0186 RESERVED CVE-2022-0185 [vfs: fs_context: fix up param length parsing in legacy_parse_param] RESERVED + {DSA-5050-1} - linux 5.15.15-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) @@ -2395,8 +2443,8 @@ CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in wh ...) NOT-FOR-US: NVIDIA NeMo -CVE-2022-22820 - RESERVED +CVE-2022-22820 (Due to the lack of media file checks before rendering, it was possible ...) + TODO: check CVE-2022-22819 RESERVED CVE-2022-22818 @@ -2681,8 +2729,7 @@ CVE-2022-22735 RESERVED CVE-2022-22734 RESERVED -CVE-2022-22733 - RESERVED +CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Apache ShardingSphere ElasticJob-UI CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab @@ -5212,6 +5259,7 @@ CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior CVE-2022-21683 (Wagtail is a Django based content management system focused on flexibi ...) NOT-FOR-US: Wagtail CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution framework. ...) + {DSA-5049-1} - flatpak 1.12.3-1 NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx NOTE: https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a @@ -5284,8 +5332,7 @@ CVE-2022-21660 RESERVED CVE-2022-21659 RESERVED -CVE-2022-21658 [Race condition in the Rust standard library] - RESERVED +CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language designe ...) - rustc NOTE: https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658 NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/1 -- cgit v1.2.3