From 2080260371585e63d7d3f7619ab74b33fb54dc7a Mon Sep 17 00:00:00 2001 From: security tracker role Date: Sat, 12 Feb 2022 08:10:12 +0000 Subject: automatic update --- data/CVE/list.2021 | 48 ++++++++--------- data/CVE/list.2022 | 150 +++++++++++++++++++---------------------------------- 2 files changed, 75 insertions(+), 123 deletions(-) (limited to 'data') diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 76b87ade27..f29027c6c6 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -715,18 +715,18 @@ CVE-2021-46368 RESERVED CVE-2021-46367 RESERVED -CVE-2021-46366 - RESERVED -CVE-2021-46365 - RESERVED -CVE-2021-46364 - RESERVED -CVE-2021-46363 - RESERVED -CVE-2021-46362 - RESERVED -CVE-2021-46361 - RESERVED +CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...) + TODO: check +CVE-2021-46365 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...) + TODO: check +CVE-2021-46364 (A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and be ...) + TODO: check +CVE-2021-46363 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...) + TODO: check +CVE-2021-46362 (A Server-Side Template Injection (SSTI) vulnerability in the Registrat ...) + TODO: check +CVE-2021-46361 (An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allo ...) + TODO: check CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and e ...) NOT-FOR-US: Composr-CMS CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...) @@ -4876,32 +4876,27 @@ CVE-2021-44797 RESERVED CVE-2021-44796 RESERVED -CVE-2021-4102 - RESERVED +CVE-2021-4102 (Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2021-4101 - RESERVED +CVE-2021-4101 (Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.466 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2021-4100 - RESERVED +CVE-2021-4100 (Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.11 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2021-4099 - RESERVED +CVE-2021-4099 (Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2021-4098 - RESERVED +CVE-2021-4098 (Insufficient data validation in Mojo in Google Chrome prior to 96.0.46 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) @@ -56891,8 +56886,8 @@ CVE-2021-23557 RESERVED CVE-2021-23556 RESERVED -CVE-2021-23555 - RESERVED +CVE-2021-23555 (The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via dire ...) + TODO: check CVE-2021-23554 RESERVED CVE-2021-23553 @@ -65602,9 +65597,8 @@ CVE-2021-20003 REJECTED CVE-2021-20002 REJECTED -CVE-2021-20001 - RESERVED - {DSA-5072-1} +CVE-2021-20001 (It was discovered, that debian-edu-config, a set of configuration file ...) + {DSA-5072-1 DLA-2918-1} - debian-edu-config 2.12.16 NOTE: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5 CVE-2021-2485 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 266aa231e7..d9385f93c1 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,7 @@ +CVE-2022-0570 + RESERVED +CVE-2022-0569 + RESERVED CVE-2022-24975 (The --mirror documentation for Git through 2.35.1 does not mention the ...) - git (unimportant) NOTE: https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/ @@ -3548,10 +3552,9 @@ CVE-2022-23636 RESERVED CVE-2022-23635 RESERVED -CVE-2022-23634 - RESERVED -CVE-2022-23633 - RESERVED +CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` ...) + TODO: check +CVE-2022-23633 (Action Pack is a framework for handling and responding to web requests ...) - rails NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/5 NOTE: Fixed by: https://github.com/rails/rails/commit/07d9600172a18b45791c89e95a642e13fc367545 (v6.1.4.5) @@ -3986,50 +3989,42 @@ CVE-2022-23438 CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...) - libxerces2-java NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/3 -CVE-2022-0311 - RESERVED +CVE-2022-0311 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0310 - RESERVED +CVE-2022-0310 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0309 - RESERVED +CVE-2022-0309 (Inappropriate implementation in Autofill in Google Chrome prior to 97. ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0308 - RESERVED +CVE-2022-0308 (Use after free in Data Transfer in Google Chrome on Chrome OS prior to ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0307 - RESERVED +CVE-2022-0307 (Use after free in Optimization Guide in Google Chrome prior to 97.0.46 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0306 - RESERVED +CVE-2022-0306 (Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0305 - RESERVED +CVE-2022-0305 (Inappropriate implementation in Service Worker API in Google Chrome pr ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0304 - RESERVED +CVE-2022-0304 (Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 all ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) @@ -4040,80 +4035,67 @@ CVE-2022-0303 - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0302 - RESERVED +CVE-2022-0302 (Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allow ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0301 - RESERVED +CVE-2022-0301 (Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.9 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0300 - RESERVED +CVE-2022-0300 (Use after free in Text Input Method Editor in Google Chrome on Android ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0298 - RESERVED +CVE-2022-0298 (Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 al ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0297 - RESERVED +CVE-2022-0297 (Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowe ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0296 - RESERVED +CVE-2022-0296 (Use after free in Printing in Google Chrome prior to 97.0.4692.99 allo ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0295 - RESERVED +CVE-2022-0295 (Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allow ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0294 - RESERVED +CVE-2022-0294 (Inappropriate implementation in Push messaging in Google Chrome prior ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0293 - RESERVED +CVE-2022-0293 (Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0292 - RESERVED +CVE-2022-0292 (Inappropriate implementation in Fenced Frames in Google Chrome prior t ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0291 - RESERVED +CVE-2022-0291 (Inappropriate implementation in Storage in Google Chrome prior to 97.0 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0290 - RESERVED +CVE-2022-0290 (Use after free in Site isolation in Google Chrome prior to 97.0.4692.9 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0289 - RESERVED +CVE-2022-0289 (Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) @@ -5982,8 +5964,8 @@ CVE-2022-22767 RESERVED CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products. If explo ...) NOT-FOR-US: BD Pyxis -CVE-2022-22765 - RESERVED +CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded credent ...) + TODO: check CVE-2022-22764 RESERVED {DSA-5069-1 DLA-2916-1} @@ -6702,148 +6684,124 @@ CVE-2022-22528 (SAP Adaptive Server Enterprise (ASE) - version 16.0, installatio NOT-FOR-US: SAP CVE-2022-22527 RESERVED -CVE-2022-0120 - RESERVED +CVE-2022-0120 (Inappropriate implementation in Passwords in Google Chrome prior to 97 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0119 RESERVED -CVE-2022-0118 - RESERVED +CVE-2022-0118 (Inappropriate implementation in WebShare in Google Chrome prior to 97. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0117 - RESERVED +CVE-2022-0117 (Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0116 - RESERVED +CVE-2022-0116 (Inappropriate implementation in Compositing in Google Chrome prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0115 - RESERVED +CVE-2022-0115 (Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0114 - RESERVED +CVE-2022-0114 (Out of bounds memory access in Blink Serial API in Google Chrome prior ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0113 - RESERVED +CVE-2022-0113 (Inappropriate implementation in Blink in Google Chrome prior to 97.0.4 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0112 - RESERVED +CVE-2022-0112 (Incorrect security UI in Browser UI in Google Chrome prior to 97.0.469 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0111 - RESERVED +CVE-2022-0111 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0110 - RESERVED +CVE-2022-0110 (Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0109 - RESERVED +CVE-2022-0109 (Inappropriate implementation in Autofill in Google Chrome prior to 97. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0108 - RESERVED +CVE-2022-0108 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0107 - RESERVED +CVE-2022-0107 (Use after free in File Manager API in Google Chrome on Chrome OS prior ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0106 - RESERVED +CVE-2022-0106 (Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0105 - RESERVED +CVE-2022-0105 (Use after free in PDF Accessibility in Google Chrome prior to 97.0.469 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0104 - RESERVED +CVE-2022-0104 (Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0103 - RESERVED +CVE-2022-0103 (Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0102 - RESERVED +CVE-2022-0102 (Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0101 - RESERVED +CVE-2022-0101 (Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0100 - RESERVED +CVE-2022-0100 (Heap buffer overflow in Media streams API in Google Chrome prior to 97 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0099 - RESERVED +CVE-2022-0099 (Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allow ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0098 - RESERVED +CVE-2022-0098 (Use after free in Screen Capture in Google Chrome on Chrome OS prior t ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0097 - RESERVED +CVE-2022-0097 (Inappropriate implementation in DevTools in Google Chrome prior to 97. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0096 - RESERVED +CVE-2022-0096 (Use after free in Storage in Google Chrome prior to 97.0.4692.71 allow ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) -- cgit v1.2.3