automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-02-16 20:10:23 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-02-16 20:10:23 +0000
commit: ba60c32a49a504ac5418a91e72eab963195253ef (patch)
tree: 3926db2eedd52c5416e5fbcd20617650dbe69e5f
parent: db79df2e3edb33a8d9972ddf8c2c82a72389a569 (diff)
4 files changed, 213 insertions, 140 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 9faef3abdf..3ca375306a 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -44241,10 +44241,10 @@ CVE-2019-4354
 	RESERVED
 CVE-2019-4353
 	RESERVED
-CVE-2019-4352
-	RESERVED
-CVE-2019-4351
-	RESERVED
+CVE-2019-4352 (IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of th ...)
+	TODO: check
+CVE-2019-4351 (IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive info ...)
+	TODO: check
 CVE-2019-4350
 	RESERVED
 CVE-2019-4349 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 application ...)
@@ -44363,8 +44363,8 @@ CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an
 	NOT-FOR-US: IBM
 CVE-2019-4292 (IBM Security Guardium 10.5 could allow a remote attacker to upload arb ...)
 	NOT-FOR-US: IBM
-CVE-2019-4291
-	RESERVED
+CVE-2019-4291 (IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse enginee ...)
+	TODO: check
 CVE-2019-4290
 	RESERVED
 CVE-2019-4289
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index c064221daf..9586b3dc9c 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -57070,18 +57070,18 @@ CVE-2020-6924
 	RESERVED
 CVE-2020-6923
 	RESERVED
-CVE-2020-6922
-	RESERVED
-CVE-2020-6921
-	RESERVED
-CVE-2020-6920
-	RESERVED
-CVE-2020-6919
-	RESERVED
-CVE-2020-6918
-	RESERVED
-CVE-2020-6917
-	RESERVED
+CVE-2020-6922 (Potential security vulnerabilities including compromise of integrity,  ...)
+	TODO: check
+CVE-2020-6921 (Potential security vulnerabilities including compromise of integrity,  ...)
+	TODO: check
+CVE-2020-6920 (Potential security vulnerabilities including compromise of integrity,  ...)
+	TODO: check
+CVE-2020-6919 (Potential security vulnerabilities including compromise of integrity,  ...)
+	TODO: check
+CVE-2020-6918 (Potential security vulnerabilities including compromise of integrity,  ...)
+	TODO: check
+CVE-2020-6917 (Potential security vulnerabilities including compromise of integrity,  ...)
+	TODO: check
 CVE-2020-6916
 	RESERVED
 CVE-2020-6915
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index f0bd9c9362..f26728059c 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,5 +1,5 @@
 CVE-2021-4220
-	RESERVED
+	REJECTED
 CVE-2021-4219
 	RESERVED
 CVE-2021-46687
@@ -689,8 +689,8 @@ CVE-2021-46390
 	RESERVED
 CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...)
 	NOT-FOR-US: IIPImage High Resolution Streaming Image Server
-CVE-2021-46388
-	RESERVED
+CVE-2021-46388 (WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affec ...)
+	TODO: check
 CVE-2021-46387
 	RESERVED
 CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS &lt;=5.2.5 is affected by: File U ...)
@@ -3228,6 +3228,7 @@ CVE-2021-45446
 CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...)
 	NOT-FOR-US: Unisys
 CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...)
+	{DSA-5078-1}
 	- zsh 5.8.1-1
 	NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/
 	NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/
@@ -3350,8 +3351,8 @@ CVE-2021-45393
 	RESERVED
 CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
 	NOT-FOR-US: Tenda
-CVE-2021-45391
-	RESERVED
+CVE-2021-45391 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
+	TODO: check
 CVE-2021-45390
 	RESERVED
 CVE-2021-45389 (StarWind SAN &amp; NAS build 1578 and StarWind Command Center Build 68 ...)
@@ -4024,8 +4025,8 @@ CVE-2021-4135
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6)
 	NOTE: CONFIG_NETDEVSIM is not set in Debian
-CVE-2021-4134
-	RESERVED
+CVE-2021-4134 (The Fancy Product Designer WordPress plugin is vulnerable to SQL Injec ...)
+	TODO: check
 CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...)
 	NOT-FOR-US: Keycloak
 CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
@@ -4820,8 +4821,8 @@ CVE-2021-44834
 	RESERVED
 CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During  ...)
 	NOT-FOR-US: yetiforcecrm
-CVE-2021-4106
-	RESERVED
+CVE-2021-4106 (A vulnerability in Snow Inventory Java Scanner allows an attacker to r ...)
+	TODO: check
 CVE-2021-4105
 	RESERVED
 CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...)
@@ -14985,8 +14986,7 @@ CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During W
 	NOT-FOR-US: yourls
 CVE-2021-3782
 	RESERVED
-CVE-2021-3781 [Include device specifier strings in access validation]
-	RESERVED
+CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was  ...)
 	{DSA-4972-1}
 	- ghostscript 9.53.3~dfsg-8 (bug #994011)
 	[buster] - ghostscript <not-affected> (Vulnerable code introduced later)
@@ -15691,8 +15691,7 @@ CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: ShowDoc
 CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version a ...)
 	NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch
-CVE-2021-3773
-	RESERVED
+CVE-2021-3773 (A flaw in netfilter could allow a network-connected attacker to infer  ...)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3
 	NOTE: https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html
 	TODO: fill in tracking details
@@ -16137,8 +16136,7 @@ CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into
 	- cfrpki 1.3.0-1 (bug #994572)
 	NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9
 	NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422
-CVE-2021-3760
-	RESERVED
+CVE-2021-3760 (A flaw was found in the Linux kernel. A use-after-free vulnerability i ...)
 	{DLA-2843-1}
 	- linux 5.14.16-1 (unimportant)
 	[bullseye] - linux 5.10.84-1
@@ -16218,14 +16216,12 @@ CVE-2021-3755
 	REJECTED
 CVE-2021-3754
 	RESERVED
-CVE-2021-3753
-	RESERVED
+CVE-2021-3753 (A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c ...)
 	{DSA-4978-1 DLA-2843-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7
-CVE-2021-3752
-	RESERVED
+CVE-2021-3752 (A use-after-free flaw was found in the Linux kernel&#8217;s Bluetooth  ...)
 	- linux 5.15.3-1
 	[bullseye] - linux 5.10.84-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4
@@ -18628,16 +18624,16 @@ CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability,
 	NOT-FOR-US: Jamf Pro
 CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the  ...)
 	NOT-FOR-US: MISP
-CVE-2021-39301
-	RESERVED
-CVE-2021-39300
-	RESERVED
-CVE-2021-39299
-	RESERVED
-CVE-2021-39298
-	RESERVED
-CVE-2021-39297
-	RESERVED
+CVE-2021-39301 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+	TODO: check
+CVE-2021-39300 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+	TODO: check
+CVE-2021-39299 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+	TODO: check
+CVE-2021-39298 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+	TODO: check
+CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+	TODO: check
 CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...)
 	NOT-FOR-US: OpenBMC
 CVE-2021-39295
@@ -25007,7 +25003,7 @@ CVE-2021-36742 (A improper input validation vulnerability in Trend Micro Apex On
 CVE-2021-36741 (An improper input validation vulnerability in Trend Micro Apex One, Ap ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-3648
-	RESERVED
+	REJECTED
 	- binutils <unfixed> (unimportant)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100968
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935
@@ -31733,8 +31729,7 @@ CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in ges
 	NOT-FOR-US: Cartadis Gespage
 CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.exe a ...)
 	NOT-FOR-US: Bitdefender
-CVE-2021-3578 [possible remote code execution in isync/mbsync]
-	RESERVED
+CVE-2021-3578 (A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecke ...)
 	- isync 1.3.0-2.2 (bug #989564)
 	[buster] - isync 1.3.0-2.2~deb10u1
 	[stretch] - isync <no-dsa> (Minor issue)
@@ -32553,8 +32548,7 @@ CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed
 	NOTE: https://sourceforge.net/p/mcj/tickets/116/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
 	NOTE: Depends on CVE-2019-19797 fix
-CVE-2021-3560 [local privilege escalation using polkit_system_bus_name_get_creds_sync()]
-	RESERVED
+CVE-2021-3560 (It was found that polkit could be tricked into bypassing the credentia ...)
 	- policykit-1 0.105-31 (bug #989429)
 	[buster] - policykit-1 <not-affected> (Vulnerable code introduced later)
 	[stretch] - policykit-1 <not-affected> (Vulnerable code introduced later)
@@ -33167,8 +33161,7 @@ CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices A
 CVE-2021-3558
 	RESERVED
 	- moodle <removed>
-CVE-2021-3557
-	RESERVED
+CVE-2021-3557 (A flaw was found in argocd. Any unprivileged user is able to deploy ar ...)
 	NOT-FOR-US: Argo CD
 CVE-2021-3556
 	REJECTED
@@ -33867,8 +33860,7 @@ CVE-2021-32927
 	RESERVED
 CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...)
 	NOT-FOR-US: Rockwell Automation
-CVE-2021-3551
-	RESERVED
+CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn command, when  ...)
 	- dogtag-pki 10.10.6-1 (bug #991665)
 	[bullseye] - dogtag-pki <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959971
@@ -49413,8 +49405,8 @@ CVE-2021-26728
 	RESERVED
 CVE-2021-26727
 	RESERVED
-CVE-2021-26726
-	RESERVED
+CVE-2021-26726 (A remote code execution vulnerability affecting a Valmet DNA service l ...)
+	TODO: check
 CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...)
 	NOT-FOR-US: Nozomi Networks Guardian
 CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...)
@@ -56721,8 +56713,8 @@ CVE-2021-23684
 	RESERVED
 CVE-2021-23683
 	RESERVED
-CVE-2021-23682
-	RESERVED
+CVE-2021-23682 (This affects the package litespeed.js before 0.3.12; the package appwr ...)
+	TODO: check
 CVE-2021-23681
 	RESERVED
 CVE-2021-23680
@@ -60355,8 +60347,8 @@ CVE-2021-22052
 	RESERVED
 CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...)
 	NOT-FOR-US: Spring Cloud Gateway
-CVE-2021-22050
-	RESERVED
+CVE-2021-22050 (ESXi contains a slow HTTP POST denial-of-service vulnerability in rhtt ...)
+	TODO: check
 CVE-2021-22049 (The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Requ ...)
 	NOT-FOR-US: VMware
 CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...)
@@ -60369,14 +60361,14 @@ CVE-2021-22045 (VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before
 	NOT-FOR-US: VMware
 CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEA ...)
 	NOT-FOR-US: Spring Cloud OpenFeign
-CVE-2021-22043
-	RESERVED
-CVE-2021-22042
-	RESERVED
-CVE-2021-22041
-	RESERVED
-CVE-2021-22040
-	RESERVED
+CVE-2021-22043 (VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerabilit ...)
+	TODO: check
+CVE-2021-22042 (VMware ESXi contains an unauthorized access vulnerability due to VMX h ...)
+	TODO: check
+CVE-2021-22041 (VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerabil ...)
+	TODO: check
+CVE-2021-22040 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...)
+	TODO: check
 CVE-2021-22039
 	RESERVED
 CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary  ...)
@@ -60545,8 +60537,8 @@ CVE-2021-21968 (A file write vulnerability exists in the OTA update task functio
 	NOT-FOR-US: Sealevel Systems
 CVE-2021-21967
 	RESERVED
-CVE-2021-21966
-	RESERVED
+CVE-2021-21966 (An information disclosure vulnerability exists in the HTTP Server /pin ...)
+	TODO: check
 CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...)
 	NOT-FOR-US: Sealevel Systems
 CVE-2021-21964 (A denial of service vulnerability exists in the Modbus configuration f ...)
@@ -60561,8 +60553,8 @@ CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the L
 	NOT-FOR-US: Sealevel Systems
 CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of Sealevel Syste ...)
 	NOT-FOR-US: Sealevel Systems
-CVE-2021-21958
-	RESERVED
+CVE-2021-21958 (A heap-based buffer overflow vulnerability exists in the Hword HwordAp ...)
+	TODO: check
 CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...)
 	NOT-FOR-US: Dream Report ODS Remote Connector
 CVE-2021-21956
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 180564c1b4..17a3013011 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,3 +1,85 @@
+CVE-2022-25257
+	RESERVED
+CVE-2022-25256
+	RESERVED
+CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...)
+	TODO: check
+CVE-2022-25254
+	RESERVED
+CVE-2022-25253
+	RESERVED
+CVE-2022-25252
+	RESERVED
+CVE-2022-25251
+	RESERVED
+CVE-2022-25250
+	RESERVED
+CVE-2022-25249
+	RESERVED
+CVE-2022-25248
+	RESERVED
+CVE-2022-25247
+	RESERVED
+CVE-2022-25246
+	RESERVED
+CVE-2022-24374
+	RESERVED
+CVE-2022-23916
+	RESERVED
+CVE-2022-23810
+	RESERVED
+CVE-2022-21142
+	RESERVED
+CVE-2022-0648
+	RESERVED
+CVE-2022-0647
+	RESERVED
+CVE-2022-0646
+	RESERVED
+CVE-2022-0645
+	RESERVED
+CVE-2022-0644
+	RESERVED
+CVE-2022-0643
+	RESERVED
+CVE-2022-0642
+	RESERVED
+CVE-2022-0641
+	RESERVED
+CVE-2022-0640
+	RESERVED
+CVE-2022-0639
+	RESERVED
+CVE-2022-0638
+	RESERVED
+CVE-2022-0637
+	RESERVED
+CVE-2022-0636
+	RESERVED
+CVE-2022-0635
+	RESERVED
+CVE-2022-0634
+	RESERVED
+CVE-2022-0633
+	RESERVED
+CVE-2022-0632
+	RESERVED
+CVE-2022-0631
+	RESERVED
+CVE-2022-0630
+	RESERVED
+CVE-2022-0629
+	RESERVED
+CVE-2022-0628
+	RESERVED
+CVE-2022-0627
+	RESERVED
+CVE-2022-0626
+	RESERVED
+CVE-2022-0625
+	RESERVED
+CVE-2022-0624
+	RESERVED
 CVE-2022-XXXX [Improper input validation - SA-CORE-2022-003]
 	- drupal7 <removed>
 	[stretch] - drupal7 7.52-2+deb9u18
@@ -97,8 +179,7 @@ CVE-2022-21159
 	RESERVED
 CVE-2022-0618
 	RESERVED
-CVE-2022-0617 [Null pointer dereference can be triggered when write to an ICB inode]
-	RESERVED
+CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file system fu ...)
 	- linux 5.16.7-1
 	NOTE: https://git.kernel.org/linus/7fc3b7c2981bbd1047916ade327beccb90994eee
 	NOTE: https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f
@@ -106,10 +187,10 @@ CVE-2022-0616
 	RESERVED
 CVE-2022-0615
 	RESERVED
-CVE-2022-0614
-	RESERVED
-CVE-2022-0613
-	RESERVED
+CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. ...)
+	TODO: check
+CVE-2022-0613 (Authorization Bypass Through User-Controlled Key in NPM urijs prior to ...)
+	TODO: check
 CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-25211 (A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier a ...)
@@ -1304,8 +1385,8 @@ CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function wi
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
 CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
 	NOT-FOR-US: microweber
-CVE-2022-0559
-	RESERVED
+CVE-2022-0559 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. ...)
+	TODO: check
 CVE-2022-0558 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
 	NOT-FOR-US: microweber
 CVE-2022-0557 (OS Command Injection in Packagist microweber/microweber prior to 1.2.1 ...)
@@ -1511,12 +1592,12 @@ CVE-2022-0516 [KVM: s390: Return error on SIDA memop on normal guest]
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/2c212e1baedcd782b2535a3f86bc491977677c0e
 	NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/2
-CVE-2022-24665
-	RESERVED
-CVE-2022-24664
-	RESERVED
-CVE-2022-24663
-	RESERVED
+CVE-2022-24665 (PHP Everywhere &lt;= 2.0.3 included functionality that allowed executi ...)
+	TODO: check
+CVE-2022-24664 (PHP Everywhere &lt;= 2.0.3 included functionality that allowed executi ...)
+	TODO: check
+CVE-2022-24663 (PHP Everywhere &lt;= 2.0.3 included functionality that allowed executi ...)
+	TODO: check
 CVE-2022-24662
 	RESERVED
 CVE-2022-24661
@@ -2016,8 +2097,8 @@ CVE-2022-0515
 	RESERVED
 CVE-2022-0514
 	RESERVED
-CVE-2022-0513
-	RESERVED
+CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due  ...)
+	TODO: check
 CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
 	TODO: check
 CVE-2022-0511
@@ -3071,8 +3152,8 @@ CVE-2022-24088
 	RESERVED
 CVE-2022-24087
 	RESERVED
-CVE-2022-24086
-	RESERVED
+CVE-2022-24086 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...)
+	TODO: check
 CVE-2022-24085
 	RESERVED
 CVE-2022-24084
@@ -3922,10 +4003,10 @@ CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17
 	NOTE: https://github.com/golang/go/commit/e16331902340c02bdf1831b5508df2307b871ef6 (go1.17.7)
 CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in  ...)
 	NOT-FOR-US: Trend Micro
-CVE-2022-23804
-	RESERVED
-CVE-2022-23803
-	RESERVED
+CVE-2022-23804 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+	TODO: check
+CVE-2022-23803 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+	TODO: check
 CVE-2022-23802
 	RESERVED
 CVE-2022-23801
@@ -4302,8 +4383,8 @@ CVE-2022-23646
 	RESERVED
 CVE-2022-23645
 	RESERVED
-CVE-2022-23644
-	RESERVED
+CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...)
+	TODO: check
 CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...)
 	TODO: check
 CVE-2022-23642
@@ -5063,8 +5144,8 @@ CVE-2022-23360
 	RESERVED
 CVE-2022-23359
 	RESERVED
-CVE-2022-23358
-	RESERVED
+CVE-2022-23358 (EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In ...)
+	TODO: check
 CVE-2022-23357 (mozilo2.0 was discovered to be vulnerable to directory traversal attac ...)
 	TODO: check
 CVE-2022-23356
@@ -5572,44 +5653,44 @@ CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, a
 	NOT-FOR-US: Apache Traffic Control
 CVE-2022-23205
 	RESERVED
-CVE-2022-23204
-	RESERVED
-CVE-2022-23203
-	RESERVED
-CVE-2022-23202
-	RESERVED
+CVE-2022-23204 (Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of ...)
+	TODO: check
+CVE-2022-23203 (Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) a ...)
+	TODO: check
+CVE-2022-23202 (Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affecte ...)
+	TODO: check
 CVE-2022-23201
 	RESERVED
-CVE-2022-23200
-	RESERVED
-CVE-2022-23199
-	RESERVED
-CVE-2022-23198
-	RESERVED
-CVE-2022-23197
-	RESERVED
-CVE-2022-23196
-	RESERVED
-CVE-2022-23195
-	RESERVED
-CVE-2022-23194
-	RESERVED
-CVE-2022-23193
-	RESERVED
-CVE-2022-23192
-	RESERVED
-CVE-2022-23191
-	RESERVED
-CVE-2022-23190
-	RESERVED
-CVE-2022-23189
-	RESERVED
-CVE-2022-23188
-	RESERVED
+CVE-2022-23200 (Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earl ...)
+	TODO: check
+CVE-2022-23199 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+	TODO: check
+CVE-2022-23198 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+	TODO: check
+CVE-2022-23197 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+	TODO: check
+CVE-2022-23196 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+	TODO: check
+CVE-2022-23195 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+	TODO: check
+CVE-2022-23194 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+	TODO: check
+CVE-2022-23193 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+	TODO: check
+CVE-2022-23192 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+	TODO: check
+CVE-2022-23191 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+	TODO: check
+CVE-2022-23190 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+	TODO: check
+CVE-2022-23189 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+	TODO: check
+CVE-2022-23188 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+	TODO: check
 CVE-2022-23187
 	RESERVED
-CVE-2022-23186
-	RESERVED
+CVE-2022-23186 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+	TODO: check
 CVE-2022-23185
 	RESERVED
 CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...)
@@ -6240,8 +6321,8 @@ CVE-2022-22947
 	RESERVED
 CVE-2022-22946
 	RESERVED
-CVE-2022-22945
-	RESERVED
+CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability. A malici ...)
+	TODO: check
 CVE-2022-22944
 	RESERVED
 CVE-2022-22943
@@ -6457,8 +6538,8 @@ CVE-2022-22855
 	RESERVED
 CVE-2022-22854 (An access control issue in hprms/admin/?page=user/list of Hospital Pat ...)
 	NOT-FOR-US: Hospital Patient Record Management System
-CVE-2022-22853
-	RESERVED
+CVE-2022-22853 (A stored cross-site scripting (XSS) vulnerability in Hospital Patient  ...)
+	TODO: check
 CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
 	NOT-FOR-US: Sourcecodtester
 CVE-2022-22851 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
@@ -6692,8 +6773,8 @@ CVE-2022-22794
 	RESERVED
 CVE-2022-22793
 	RESERVED
-CVE-2022-22792
-	RESERVED
+CVE-2022-22792 (MobiSoft - MobiPlus User Take Over and Improper Handling of url Parame ...)
+	TODO: check
 CVE-2022-22791 (SYNEL - eharmony Authenticated Blind &amp; Stored XSS. Inject JS code  ...)
 	NOT-FOR-US: SYNEL
 CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is an atta ...)
author	security tracker role <sectracker@soriano.debian.org>	2022-02-16 20:10:23 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-02-16 20:10:23 +0000
commit	ba60c32a49a504ac5418a91e72eab963195253ef (patch)
tree	3926db2eedd52c5416e5fbcd20617650dbe69e5f
parent	db79df2e3edb33a8d9972ddf8c2c82a72389a569 (diff)