automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-02-15 08:10:15 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-02-15 08:10:15 +0000
commit: fcaf329dbf468a30f25cf031c154a81448714146 (patch)
tree: 20ba39a5ccb07bc67d5730688211f1f33ccd1b96
parent: f488fc16c6dd9ac4a6bc62b5a1c45dc4a2693346 (diff)
3 files changed, 129 insertions, 83 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 4f82ecf12f..64af02bdef 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,5 @@
+CVE-2019-25057 (In Corda before 4.1, the meaning of serialized data can be modified vi ...)
+	TODO: check
 CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in the relea ...)
 	NOT-FOR-US: Bromite
 CVE-2019-25055 (An issue was discovered in the libpulse-binding crate before 2.6.0 for ...)
@@ -10733,8 +10735,8 @@ CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading spe
 	NOTE: https://github.com/python-pillow/Pillow/commit/f228d0ccbf6bf9392d7fcd51356ef2cfda80c75a
 	NOTE: https://github.com/python-pillow/Pillow/commit/b9693a51c99c260bd66d1affeeab4a226cf7e5a5
 	NOTE: https://github.com/python-pillow/Pillow/commit/cc16025e234b7a7a4dd3a86d2fdc0980698db9cc
-CVE-2019-16864
-	RESERVED
+CVE-2019-16864 (CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP befor ...)
+	TODO: check
 CVE-2019-16863 (STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow a ...)
 	NOT-FOR-US: STMicroelectronics
 CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x befor ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index d8da7a4268..1d1fec6dde 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -531,12 +531,12 @@ CVE-2021-46465
 	RESERVED
 CVE-2021-46464
 	RESERVED
-CVE-2021-46463
-	RESERVED
-CVE-2021-46462
-	RESERVED
-CVE-2021-46461
-	RESERVED
+CVE-2021-46463 (njs through 0.7.1, used in NGINX, was discovered to contain a control  ...)
+	TODO: check
+CVE-2021-46462 (njs through 0.7.1, used in NGINX, was discovered to contain a segmenta ...)
+	TODO: check
+CVE-2021-46461 (njs through 0.7.0, used in NGINX, was discovered to contain an out-of- ...)
+	TODO: check
 CVE-2021-46460
 	RESERVED
 CVE-2021-46459 (Victor CMS v1.0 was discovered to contain multiple SQL injection vulne ...)
@@ -1283,8 +1283,8 @@ CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x befor
 	NOT-FOR-US: MediaWiki extension MassEditRegex
 CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
 	NOT-FOR-US: MediaWiki extension WikiBaseMediainfo
-CVE-2021-4201
-	RESERVED
+CVE-2021-4201 (Missing access control in ForgeRock Access Management 7.1.0 and earlie ...)
+	TODO: check
 CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...)
 	NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles
 CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...)
@@ -3433,12 +3433,12 @@ CVE-2021-45350
 	RESERVED
 CVE-2021-45349
 	RESERVED
-CVE-2021-45348
-	RESERVED
-CVE-2021-45347
-	RESERVED
-CVE-2021-45346
-	RESERVED
+CVE-2021-45348 (An Arbitrary File Deletion vulnerability exists in SourceCodester Atte ...)
+	TODO: check
+CVE-2021-45347 (An Incorrect Access Control vulnerability exists in zzcms 8.2, which l ...)
+	TODO: check
+CVE-2021-45346 (A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and ...)
+	TODO: check
 CVE-2021-45345
 	RESERVED
 CVE-2021-45344
@@ -3526,8 +3526,8 @@ CVE-2021-45312
 	RESERVED
 CVE-2021-45311
 	RESERVED
-CVE-2021-45310
-	RESERVED
+CVE-2021-45310 (Sangoma Technologies Corporation Switchvox Version 102409 is affected  ...)
+	TODO: check
 CVE-2021-45309
 	RESERVED
 CVE-2021-45308
@@ -4389,8 +4389,8 @@ CVE-2021-45007
 	RESERVED
 CVE-2021-45006
 	RESERVED
-CVE-2021-45005
-	RESERVED
+CVE-2021-45005 (Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow w ...)
+	TODO: check
 CVE-2021-45004
 	RESERVED
 CVE-2021-45003 (Laundry Booking Management System 1.0 (Latest) and previous versions a ...)
@@ -7330,18 +7330,18 @@ CVE-2021-43955
 	RESERVED
 CVE-2021-43954
 	RESERVED
-CVE-2021-43953
-	RESERVED
-CVE-2021-43952
-	RESERVED
+CVE-2021-43953 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+	TODO: check
+CVE-2021-43952 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+	TODO: check
 CVE-2021-43951 (Affected versions of Atlassian Jira Service Management Server and Data ...)
 	NOT-FOR-US: Atlassian
-CVE-2021-43950
-	RESERVED
+CVE-2021-43950 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+	TODO: check
 CVE-2021-43949 (Affected versions of Atlassian Jira Service Management Server and Data ...)
 	NOT-FOR-US: Atlassian
-CVE-2021-43948
-	RESERVED
+CVE-2021-43948 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+	TODO: check
 CVE-2021-43947 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
@@ -7354,10 +7354,10 @@ CVE-2021-43943
 	RESERVED
 CVE-2021-43942 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
 	NOT-FOR-US: Atlassian
-CVE-2021-43941
-	RESERVED
-CVE-2021-43940
-	RESERVED
+CVE-2021-43941 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+	TODO: check
+CVE-2021-43940 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
+	TODO: check
 CVE-2021-43939
 	RESERVED
 CVE-2021-43938
@@ -9457,8 +9457,8 @@ CVE-2021-43108
 	RESERVED
 CVE-2021-43107
 	RESERVED
-CVE-2021-43106
-	RESERVED
+CVE-2021-43106 (A Header Injection vulnerability exists in Compass Plus TranzWare Onli ...)
+	TODO: check
 CVE-2021-43105
 	RESERVED
 CVE-2021-43104
@@ -11060,6 +11060,7 @@ CVE-2021-42394
 CVE-2021-42393
 	RESERVED
 CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...)
+	{DLA-2923-1}
 	- h2database 2.1.210-1 (bug #1003894)
 	NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
 	NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
@@ -53525,7 +53526,7 @@ CVE-2021-25112
 	RESERVED
 CVE-2021-25111
 	RESERVED
-CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allowed any logged in  ...)
+CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allows any logged in u ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25109 (The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL I ...)
 	NOT-FOR-US: WordPress plugin
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index e62eea2bf4..008454eaac 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,3 +1,45 @@
+CVE-2022-25166
+	RESERVED
+CVE-2022-25165
+	RESERVED
+CVE-2022-25164
+	RESERVED
+CVE-2022-25163
+	RESERVED
+CVE-2022-25162
+	RESERVED
+CVE-2022-25161
+	RESERVED
+CVE-2022-25160
+	RESERVED
+CVE-2022-25159
+	RESERVED
+CVE-2022-25158
+	RESERVED
+CVE-2022-25157
+	RESERVED
+CVE-2022-25156
+	RESERVED
+CVE-2022-25155
+	RESERVED
+CVE-2022-25154
+	RESERVED
+CVE-2022-25153
+	RESERVED
+CVE-2022-25152
+	RESERVED
+CVE-2022-25151
+	RESERVED
+CVE-2022-25150 (In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, prog ...)
+	TODO: check
+CVE-2022-25149
+	RESERVED
+CVE-2022-25148
+	RESERVED
+CVE-2022-0612
+	RESERVED
+CVE-2022-0611
+	RESERVED
 CVE-2022-25147
 	RESERVED
 CVE-2022-0610
@@ -94,8 +136,8 @@ CVE-2022-25141
 	RESERVED
 CVE-2022-25140
 	RESERVED
-CVE-2022-25139
-	RESERVED
+CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a heap use ...)
+	TODO: check
 CVE-2022-25138
 	RESERVED
 CVE-2022-25137
@@ -396,8 +438,8 @@ CVE-2022-24990
 	RESERVED
 CVE-2022-24989
 	RESERVED
-CVE-2022-24988
-	RESERVED
+CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-b ...)
+	TODO: check
 CVE-2022-24987
 	RESERVED
 CVE-2022-24986
@@ -412,20 +454,20 @@ CVE-2022-24982
 	RESERVED
 CVE-2022-24981
 	RESERVED
-CVE-2022-0586
-	RESERVED
+CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1  ...)
+	TODO: check
 CVE-2022-0585
 	RESERVED
 CVE-2022-0584
 	RESERVED
-CVE-2022-0583
-	RESERVED
-CVE-2022-0582
-	RESERVED
-CVE-2022-0581
-	RESERVED
-CVE-2022-0580
-	RESERVED
+CVE-2022-0583 (Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3 ...)
+	TODO: check
+CVE-2022-0582 (Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to ...)
+	TODO: check
+CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3. ...)
+	TODO: check
+CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to 22.2.0 ...)
+	TODO: check
 CVE-2022-24980
 	RESERVED
 CVE-2022-24979
@@ -434,8 +476,8 @@ CVE-2022-24978
 	RESERVED
 CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...)
 	NOT-FOR-US: ImpressCMS
-CVE-2022-0579
-	RESERVED
+CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...)
+	TODO: check
 CVE-2022-0578
 	RESERVED
 CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with InspI ...)
@@ -1013,10 +1055,10 @@ CVE-2022-24707
 	RESERVED
 CVE-2022-24706
 	RESERVED
-CVE-2022-24705
-	RESERVED
-CVE-2022-24704
-	RESERVED
+CVE-2022-24705 (The rad_packet_recv function in radius/packet.c suffers from a memcpy  ...)
+	TODO: check
+CVE-2022-24704 (The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suf ...)
+	TODO: check
 CVE-2022-23922
 	RESERVED
 CVE-2022-23104
@@ -2477,8 +2519,8 @@ CVE-2022-24208
 	RESERVED
 CVE-2022-24207
 	RESERVED
-CVE-2022-24206
-	RESERVED
+CVE-2022-24206 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...)
+	TODO: check
 CVE-2022-24205
 	RESERVED
 CVE-2022-24204
@@ -3051,8 +3093,8 @@ CVE-2022-23994 (An Improper access control vulnerability in StBedtimeModeReceive
 	NOT-FOR-US: Samsung
 CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_fi ...)
 	NOT-FOR-US: pfSense
-CVE-2022-23992
-	RESERVED
+CVE-2022-23992 (XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain ...)
+	TODO: check
 CVE-2022-23991
 	RESERVED
 CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro ...)
@@ -3318,8 +3360,8 @@ CVE-2022-23904
 	RESERVED
 CVE-2022-23903
 	RESERVED
-CVE-2022-23902
-	RESERVED
+CVE-2022-23902 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...)
+	TODO: check
 CVE-2022-23901
 	RESERVED
 CVE-2022-23900
@@ -4040,10 +4082,10 @@ CVE-2022-23640
 	RESERVED
 CVE-2022-23639
 	RESERVED
-CVE-2022-23638
-	RESERVED
-CVE-2022-23637
-	RESERVED
+CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...)
+	TODO: check
+CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...)
+	TODO: check
 CVE-2022-23636
 	RESERVED
 CVE-2022-23635
@@ -4685,8 +4727,8 @@ CVE-2022-23412
 	RESERVED
 CVE-2022-23411
 	RESERVED
-CVE-2022-23410
-	RESERVED
+CVE-2022-23410 (AXIS IP Utility prior to 4.17.0 allows for remote code execution and l ...)
+	TODO: check
 CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to  ...)
 	NOT-FOR-US: Craft CMS
 CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situatio ...)
@@ -4723,12 +4765,12 @@ CVE-2022-23393
 	RESERVED
 CVE-2022-23392
 	RESERVED
-CVE-2022-23391
-	RESERVED
-CVE-2022-23390
-	RESERVED
-CVE-2022-23389
-	RESERVED
+CVE-2022-23391 (A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attack ...)
+	TODO: check
+CVE-2022-23390 (An issue in the getType function of BBS Forum v5.3 and below allows at ...)
+	TODO: check
+CVE-2022-23389 (PublicCMS v4.0 was discovered to contain a remote code execution (RCE) ...)
+	TODO: check
 CVE-2022-23388
 	RESERVED
 CVE-2022-23387
@@ -4831,12 +4873,12 @@ CVE-2022-23339
 	RESERVED
 CVE-2022-23338
 	RESERVED
-CVE-2022-23337
-	RESERVED
-CVE-2022-23336
-	RESERVED
-CVE-2022-23335
-	RESERVED
+CVE-2022-23337 (DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerabilit ...)
+	TODO: check
+CVE-2022-23336 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability in  ...)
+	TODO: check
+CVE-2022-23335 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
 CVE-2022-23334
 	RESERVED
 CVE-2022-23333
@@ -5181,6 +5223,7 @@ CVE-2022-23224
 CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...)
 	NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
+	{DLA-2923-1}
 	- h2database 2.1.210-1
 	NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210
 	NOTE: Fixed by https://github.com/h2database/h2database/commit/eb75633d0dfa86341e6ef77a861665c4a0f16ab8
@@ -7809,8 +7852,8 @@ CVE-2022-22297
 	RESERVED
 CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0 is vul ...)
 	NOT-FOR-US: Sourcecodester
-CVE-2022-22295
-	RESERVED
+CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
 CVE-2022-22294 (A SQL injection vulnerability exists in ZFAKA&lt;=1.43 which an attack ...)
 	NOT-FOR-US: zfaka
 CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...)
@@ -8900,8 +8943,8 @@ CVE-2022-21820
 	RESERVED
 CVE-2022-21819
 	RESERVED
-CVE-2022-21818
-	RESERVED
+CVE-2022-21818 (NVIDIA License System contains a vulnerability in the installation scr ...)
+	TODO: check
 CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...)
 	NOT-FOR-US: NVIDIA
 CVE-2022-21816 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
author	security tracker role <sectracker@soriano.debian.org>	2022-02-15 08:10:15 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-02-15 08:10:15 +0000
commit	fcaf329dbf468a30f25cf031c154a81448714146 (patch)
tree	20ba39a5ccb07bc67d5730688211f1f33ccd1b96
parent	f488fc16c6dd9ac4a6bc62b5a1c45dc4a2693346 (diff)