diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-02-14 20:10:18 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-02-14 20:10:18 +0000 |
commit | cd6ce9bf22073ce8638c908d1ec56bb73b1b9834 (patch) | |
tree | 82a246d1088586ca793e86ed2a991edeee05c05b | |
parent | 4b8a900cbbb3fc179693a1b1a33a14be003e2997 (diff) |
automatic update
-rw-r--r-- | data/CVE/2021.list | 83 | ||||
-rw-r--r-- | data/CVE/2022.list | 134 |
2 files changed, 141 insertions, 76 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 1db56758f5..219163a48c 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,17 @@ +CVE-2021-46687 + RESERVED +CVE-2021-46270 + RESERVED +CVE-2021-45730 + RESERVED +CVE-2021-45721 + RESERVED +CVE-2021-45074 + RESERVED +CVE-2021-41834 + RESERVED +CVE-2021-23163 + RESERVED CVE-2021-22590 RESERVED CVE-2021-46681 @@ -705,8 +719,8 @@ CVE-2021-46373 RESERVED CVE-2021-46372 RESERVED -CVE-2021-46371 - RESERVED +CVE-2021-46371 (antd-admin 5.5.0 is affected by an incorrect access control vulnerabil ...) + TODO: check CVE-2021-46370 RESERVED CVE-2021-46369 @@ -3260,10 +3274,10 @@ CVE-2021-45423 RESERVED CVE-2021-45422 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...) NOT-FOR-US: Reprise License Manager -CVE-2021-45421 - RESERVED -CVE-2021-45420 - RESERVED +CVE-2021-45421 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...) + TODO: check +CVE-2021-45420 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...) + TODO: check CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Validation. ...) NOT-FOR-US: Nova 360 Cabinet CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via ...) @@ -3327,8 +3341,8 @@ CVE-2021-45394 (An issue was discovered in Spipu HTML2PDF before 5.2.4. Attacker NOT-FOR-US: PHP HTML2PDF CVE-2021-45393 RESERVED -CVE-2021-45392 - RESERVED +CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...) + TODO: check CVE-2021-45391 RESERVED CVE-2021-45390 @@ -8444,6 +8458,7 @@ CVE-2021-3937 CVE-2021-3936 RESERVED CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-in-th ...) + {DLA-2922-1} - pgbouncer 1.16.1-1 [bullseye] - pgbouncer <no-dsa> (Minor issue; can be fixed via point release) [buster] - pgbouncer <no-dsa> (Minor issue; can be fixed via point release) @@ -19268,10 +19283,10 @@ CVE-2021-39082 RESERVED CVE-2021-39081 RESERVED -CVE-2021-39080 - RESERVED -CVE-2021-39079 - RESERVED +CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for Android appli ...) + TODO: check +CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to version ...) + TODO: check CVE-2021-39078 RESERVED CVE-2021-39077 @@ -53496,8 +53511,8 @@ CVE-2021-25117 RESERVED CVE-2021-25116 RESERVED -CVE-2021-25115 - RESERVED +CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable ...) + TODO: check CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2021-25113 @@ -53506,14 +53521,14 @@ CVE-2021-25112 RESERVED CVE-2021-25111 RESERVED -CVE-2021-25110 - RESERVED -CVE-2021-25109 - RESERVED +CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allowed any logged in ...) + TODO: check +CVE-2021-25109 (The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL I ...) + TODO: check CVE-2021-25108 (The IP2Location Country Blocker WordPress plugin before 2.26.6 does no ...) NOT-FOR-US: WordPress plugin -CVE-2021-25107 - RESERVED +CVE-2021-25107 (The Form Store to DB WordPress plugin before 1.1.1 does not sanitise a ...) + TODO: check CVE-2021-25106 (The Privacy Policy Generator, Terms & Conditions Generator WordPre ...) NOT-FOR-US: WordPress plugin CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape some of ...) @@ -53626,8 +53641,8 @@ CVE-2021-25052 (The Button Generator WordPress plugin before 2.3.3 within the wo NOT-FOR-US: WordPress plugin CVE-2021-25051 (The Modal Window WordPress plugin before 5.2.2 within the wow-company ...) NOT-FOR-US: WordPress plugin -CVE-2021-25050 - RESERVED +CVE-2021-25050 (The Remove Footer Credit WordPress plugin before 1.0.11 does properly ...) + TODO: check CVE-2021-25049 (The Mobile Events Manager WordPress plugin before 1.4.4 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2021-25048 @@ -53660,8 +53675,8 @@ CVE-2021-25035 (The Backup and Staging by WP Time Capsule WordPress plugin befor NOT-FOR-US: WordPress plugin CVE-2021-25034 RESERVED -CVE-2021-25033 - RESERVED +CVE-2021-25033 (The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not ...) + TODO: check CVE-2021-25032 (The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPr ...) NOT-FOR-US: WordPress plugin CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Co ...) @@ -53690,16 +53705,16 @@ CVE-2021-25020 (The CAOS | Host Google Analytics Locally WordPress plugin before NOT-FOR-US: WordPress plugin CVE-2021-25019 RESERVED -CVE-2021-25018 - RESERVED +CVE-2021-25018 (The PPOM for WooCommerce WordPress plugin before 24.0 does not have au ...) + TODO: check CVE-2021-25017 (The Tutor LMS WordPress plugin before 1.9.12 does not escape the searc ...) NOT-FOR-US: WordPress plugin CVE-2021-25016 (The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2021-25015 (The myCred WordPress plugin before 2.4 does not sanitise and escape th ...) NOT-FOR-US: WordPress plugin -CVE-2021-25014 - RESERVED +CVE-2021-25014 (The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation ...) + TODO: check CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have authorisation a ...) NOT-FOR-US: WordPress plugin CVE-2021-25012 @@ -53918,8 +53933,8 @@ CVE-2021-24906 (The Protect WP Admin WordPress plugin before 3.6.2 does not chec NOT-FOR-US: WordPress plugin CVE-2021-24905 RESERVED -CVE-2021-24904 - RESERVED +CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does not impl ...) + TODO: check CVE-2021-24903 RESERVED CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress plugin be ...) @@ -53978,8 +53993,8 @@ CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin befor NOT-FOR-US: WordPress plugin CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.3 ...) NOT-FOR-US: WordPress plugin -CVE-2021-24874 - RESERVED +CVE-2021-24874 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...) + TODO: check CVE-2021-24873 (The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2021-24872 (The Get Custom Field Values WordPress plugin before 4.0 allows users w ...) @@ -54834,8 +54849,8 @@ CVE-2021-24448 (The User Registration & User Profile – Profile Builder NOT-FOR-US: WordPress plugin CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not validate its ta ...) NOT-FOR-US: WordPress plugin -CVE-2021-24446 - RESERVED +CVE-2021-24446 (The Remove Footer Credit WordPress plugin before 1.0.6 does not have C ...) + TODO: check CVE-2021-24445 (The My Site Audit WordPress plugin through 1.2.4 does not sanitise or ...) NOT-FOR-US: WordPress plugin CVE-2021-24444 (The TaxoPress – Create and Manage Taxonomies, Tags, Categories W ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 34b8e26502..838191dd74 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,53 @@ +CVE-2022-25147 + RESERVED +CVE-2022-0610 + RESERVED +CVE-2022-0609 + RESERVED +CVE-2022-0608 + RESERVED +CVE-2022-0607 + RESERVED +CVE-2022-0606 + RESERVED +CVE-2022-0605 + RESERVED +CVE-2022-0604 + RESERVED +CVE-2022-0603 + RESERVED +CVE-2022-0602 + RESERVED +CVE-2022-0601 + RESERVED +CVE-2022-0600 + RESERVED +CVE-2022-0599 + RESERVED +CVE-2022-0598 + RESERVED +CVE-2022-0597 + RESERVED +CVE-2022-0596 + RESERVED +CVE-2022-0595 + RESERVED +CVE-2022-0594 + RESERVED +CVE-2022-0593 + RESERVED +CVE-2022-0592 + RESERVED +CVE-2022-0591 + RESERVED +CVE-2022-0590 + RESERVED +CVE-2022-0589 + RESERVED +CVE-2022-0588 + RESERVED +CVE-2022-0587 + RESERVED CVE-2022-25146 RESERVED CVE-2022-25145 @@ -373,13 +423,13 @@ CVE-2022-0574 RESERVED CVE-2022-0573 RESERVED -CVE-2022-0572 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...) +CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf NOTE: https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f (v8.2.4359) -CVE-2022-0571 (Cross-site Scripting (XSS) - Reflected in Homebrew phoronixtestsuite p ...) +CVE-2022-0571 (Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-t ...) TODO: check CVE-2022-0570 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...) - mruby <not-affected> (Vulnerable code introduced later) @@ -973,7 +1023,7 @@ CVE-2022-0556 RESERVED CVE-2022-0555 RESERVED -CVE-2022-0554 (Use of Out-of-range Pointer Offset in Conda vim prior to 8.2. ...) +CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) @@ -1017,8 +1067,8 @@ CVE-2022-24688 RESERVED CVE-2022-24687 RESERVED -CVE-2022-24686 - RESERVED +CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...) + TODO: check CVE-2022-24685 RESERVED CVE-2022-24684 @@ -1660,8 +1710,8 @@ CVE-2022-0514 RESERVED CVE-2022-0513 RESERVED -CVE-2022-0512 - RESERVED +CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) + TODO: check CVE-2022-0511 RESERVED - firefox 97.0-1 @@ -2170,7 +2220,7 @@ CVE-2022-0445 RESERVED CVE-2022-0444 RESERVED -CVE-2022-0443 (Use After Free in Conda vim prior to 8.2. ...) +CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) @@ -2550,7 +2600,7 @@ CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p NOTE: https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6 (5.6.0) CVE-2022-0418 RESERVED -CVE-2022-0417 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...) +CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) @@ -2630,7 +2680,7 @@ CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to [buster] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d NOTE: https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31 (v8.2.4247) -CVE-2022-0407 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...) +CVE-2022-0407 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) @@ -2842,7 +2892,7 @@ CVE-2022-21798 RESERVED CVE-2022-21154 RESERVED -CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) +CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) @@ -4684,8 +4734,8 @@ CVE-2022-23369 RESERVED CVE-2022-23368 RESERVED -CVE-2022-23367 - RESERVED +CVE-2022-23367 (Fulusso v1.1 was discovered to contain a DOM-based cross-site scriptin ...) + TODO: check CVE-2022-23366 (HMS v1.0 was discovered to contain a SQL injection vulnerability via p ...) NOT-FOR-US: HMS (Hospital Managment System) CVE-2022-23365 (HMS v1.0 was discovered to contain a SQL injection vulnerability via d ...) @@ -5194,16 +5244,16 @@ CVE-2022-0216 RESERVED CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...) NOT-FOR-US: WordPress plugin -CVE-2022-0214 - RESERVED +CVE-2022-0214 (The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoloa ...) + TODO: check CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed NOTE: Fixed by: https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 (v8.2.4074) -CVE-2022-0212 - RESERVED +CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise a ...) + TODO: check CVE-2022-0211 RESERVED CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...) @@ -5283,13 +5333,13 @@ CVE-2022-0210 (The Random Banner WordPress plugin is vulnerable to Stored Cross- NOT-FOR-US: WordPress plugin CVE-2022-0209 RESERVED -CVE-2022-0208 - RESERVED +CVE-2022-0208 (The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise ...) + TODO: check CVE-2022-0207 RESERVED - vdsm <itp> (bug #668538) -CVE-2022-0206 - RESERVED +CVE-2022-0206 (The NewStatPress WordPress plugin before 1.3.6 does not properly escap ...) + TODO: check CVE-2022-0205 RESERVED CVE-2022-0204 [Heap overflow vulnerability in the implementation of the gatt protocol] @@ -5305,10 +5355,10 @@ CVE-2022-0203 (Improper Access Control in GitHub repository crater-invoice/crate NOT-FOR-US: Crater CVE-2022-0202 RESERVED -CVE-2022-0201 - RESERVED -CVE-2022-0200 - RESERVED +CVE-2022-0201 (The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalin ...) + TODO: check +CVE-2022-0200 (Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise ...) + TODO: check CVE-2022-0199 RESERVED CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. ...) @@ -5490,18 +5540,18 @@ CVE-2022-21134 (A firmware update vulnerability exists in the &quot;update&a NOT-FOR-US: Reolink CVE-2022-0194 RESERVED -CVE-2022-0193 - RESERVED +CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s para ...) + TODO: check CVE-2022-0192 RESERVED CVE-2022-0191 RESERVED -CVE-2022-0190 - RESERVED +CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...) + TODO: check CVE-2022-0189 RESERVED -CVE-2022-0188 - RESERVED +CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not logge ...) + TODO: check CVE-2022-0187 RESERVED CVE-2022-0186 @@ -6093,8 +6143,8 @@ CVE-2022-22856 RESERVED CVE-2022-22855 RESERVED -CVE-2022-22854 - RESERVED +CVE-2022-22854 (An access control issue in hprms/admin/?page=user/list of Hospital Pat ...) + TODO: check CVE-2022-22853 RESERVED CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) @@ -6107,8 +6157,8 @@ CVE-2022-22849 RESERVED CVE-2022-22149 RESERVED -CVE-2022-0176 - RESERVED +CVE-2022-0176 (The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 ...) + TODO: check CVE-2022-0175 [memory initialization issue in vrend_resource_alloc_buffer() can lead to info leak] RESERVED - virglrenderer <unfixed> @@ -6388,7 +6438,7 @@ CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded c NOT-FOR-US: BD Viper LT system CVE-2022-22764 RESERVED - {DSA-5074-1 DSA-5069-1 DLA-2916-1} + {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 @@ -6397,7 +6447,7 @@ CVE-2022-22764 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22764 CVE-2022-22763 RESERVED - {DSA-5074-1 DSA-5069-1 DLA-2916-1} + {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22763 @@ -6408,7 +6458,7 @@ CVE-2022-22762 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22762 CVE-2022-22761 RESERVED - {DSA-5074-1 DSA-5069-1 DLA-2916-1} + {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 @@ -6417,7 +6467,7 @@ CVE-2022-22761 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22761 CVE-2022-22760 RESERVED - {DSA-5074-1 DSA-5069-1 DLA-2916-1} + {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 @@ -6426,7 +6476,7 @@ CVE-2022-22760 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22760 CVE-2022-22759 RESERVED - {DSA-5074-1 DSA-5069-1 DLA-2916-1} + {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 @@ -6444,7 +6494,7 @@ CVE-2022-22757 TODO: check if WebDriver enabled, if not demote severity to unimportant CVE-2022-22756 RESERVED - {DSA-5074-1 DSA-5069-1 DLA-2916-1} + {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 @@ -6457,7 +6507,7 @@ CVE-2022-22755 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22755 CVE-2022-22754 RESERVED - {DSA-5074-1 DSA-5069-1 DLA-2916-1} + {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 |