diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-02-15 08:10:15 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-02-15 08:10:15 +0000 |
commit | fcaf329dbf468a30f25cf031c154a81448714146 (patch) | |
tree | 20ba39a5ccb07bc67d5730688211f1f33ccd1b96 | |
parent | f488fc16c6dd9ac4a6bc62b5a1c45dc4a2693346 (diff) |
automatic update
-rw-r--r-- | data/CVE/2019.list | 6 | ||||
-rw-r--r-- | data/CVE/2021.list | 67 | ||||
-rw-r--r-- | data/CVE/2022.list | 139 |
3 files changed, 129 insertions, 83 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 4f82ecf12f..64af02bdef 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,5 @@ +CVE-2019-25057 (In Corda before 4.1, the meaning of serialized data can be modified vi ...) + TODO: check CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in the relea ...) NOT-FOR-US: Bromite CVE-2019-25055 (An issue was discovered in the libpulse-binding crate before 2.6.0 for ...) @@ -10733,8 +10735,8 @@ CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading spe NOTE: https://github.com/python-pillow/Pillow/commit/f228d0ccbf6bf9392d7fcd51356ef2cfda80c75a NOTE: https://github.com/python-pillow/Pillow/commit/b9693a51c99c260bd66d1affeeab4a226cf7e5a5 NOTE: https://github.com/python-pillow/Pillow/commit/cc16025e234b7a7a4dd3a86d2fdc0980698db9cc -CVE-2019-16864 - RESERVED +CVE-2019-16864 (CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP befor ...) + TODO: check CVE-2019-16863 (STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow a ...) NOT-FOR-US: STMicroelectronics CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x befor ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index d8da7a4268..1d1fec6dde 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -531,12 +531,12 @@ CVE-2021-46465 RESERVED CVE-2021-46464 RESERVED -CVE-2021-46463 - RESERVED -CVE-2021-46462 - RESERVED -CVE-2021-46461 - RESERVED +CVE-2021-46463 (njs through 0.7.1, used in NGINX, was discovered to contain a control ...) + TODO: check +CVE-2021-46462 (njs through 0.7.1, used in NGINX, was discovered to contain a segmenta ...) + TODO: check +CVE-2021-46461 (njs through 0.7.0, used in NGINX, was discovered to contain an out-of- ...) + TODO: check CVE-2021-46460 RESERVED CVE-2021-46459 (Victor CMS v1.0 was discovered to contain multiple SQL injection vulne ...) @@ -1283,8 +1283,8 @@ CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x befor NOT-FOR-US: MediaWiki extension MassEditRegex CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) NOT-FOR-US: MediaWiki extension WikiBaseMediainfo -CVE-2021-4201 - RESERVED +CVE-2021-4201 (Missing access control in ForgeRock Access Management 7.1.0 and earlie ...) + TODO: check CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...) NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...) @@ -3433,12 +3433,12 @@ CVE-2021-45350 RESERVED CVE-2021-45349 RESERVED -CVE-2021-45348 - RESERVED -CVE-2021-45347 - RESERVED -CVE-2021-45346 - RESERVED +CVE-2021-45348 (An Arbitrary File Deletion vulnerability exists in SourceCodester Atte ...) + TODO: check +CVE-2021-45347 (An Incorrect Access Control vulnerability exists in zzcms 8.2, which l ...) + TODO: check +CVE-2021-45346 (A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and ...) + TODO: check CVE-2021-45345 RESERVED CVE-2021-45344 @@ -3526,8 +3526,8 @@ CVE-2021-45312 RESERVED CVE-2021-45311 RESERVED -CVE-2021-45310 - RESERVED +CVE-2021-45310 (Sangoma Technologies Corporation Switchvox Version 102409 is affected ...) + TODO: check CVE-2021-45309 RESERVED CVE-2021-45308 @@ -4389,8 +4389,8 @@ CVE-2021-45007 RESERVED CVE-2021-45006 RESERVED -CVE-2021-45005 - RESERVED +CVE-2021-45005 (Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow w ...) + TODO: check CVE-2021-45004 RESERVED CVE-2021-45003 (Laundry Booking Management System 1.0 (Latest) and previous versions a ...) @@ -7330,18 +7330,18 @@ CVE-2021-43955 RESERVED CVE-2021-43954 RESERVED -CVE-2021-43953 - RESERVED -CVE-2021-43952 - RESERVED +CVE-2021-43953 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) + TODO: check +CVE-2021-43952 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) + TODO: check CVE-2021-43951 (Affected versions of Atlassian Jira Service Management Server and Data ...) NOT-FOR-US: Atlassian -CVE-2021-43950 - RESERVED +CVE-2021-43950 (Affected versions of Atlassian Jira Service Management Server and Data ...) + TODO: check CVE-2021-43949 (Affected versions of Atlassian Jira Service Management Server and Data ...) NOT-FOR-US: Atlassian -CVE-2021-43948 - RESERVED +CVE-2021-43948 (Affected versions of Atlassian Jira Service Management Server and Data ...) + TODO: check CVE-2021-43947 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) @@ -7354,10 +7354,10 @@ CVE-2021-43943 RESERVED CVE-2021-43942 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian -CVE-2021-43941 - RESERVED -CVE-2021-43940 - RESERVED +CVE-2021-43941 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + TODO: check +CVE-2021-43940 (Affected versions of Atlassian Confluence Server and Data Center allow ...) + TODO: check CVE-2021-43939 RESERVED CVE-2021-43938 @@ -9457,8 +9457,8 @@ CVE-2021-43108 RESERVED CVE-2021-43107 RESERVED -CVE-2021-43106 - RESERVED +CVE-2021-43106 (A Header Injection vulnerability exists in Compass Plus TranzWare Onli ...) + TODO: check CVE-2021-43105 RESERVED CVE-2021-43104 @@ -11060,6 +11060,7 @@ CVE-2021-42394 CVE-2021-42393 RESERVED CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...) + {DLA-2923-1} - h2database 2.1.210-1 (bug #1003894) NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6 NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ @@ -53525,7 +53526,7 @@ CVE-2021-25112 RESERVED CVE-2021-25111 RESERVED -CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allowed any logged in ...) +CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allows any logged in u ...) NOT-FOR-US: WordPress plugin CVE-2021-25109 (The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL I ...) NOT-FOR-US: WordPress plugin diff --git a/data/CVE/2022.list b/data/CVE/2022.list index e62eea2bf4..008454eaac 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,45 @@ +CVE-2022-25166 + RESERVED +CVE-2022-25165 + RESERVED +CVE-2022-25164 + RESERVED +CVE-2022-25163 + RESERVED +CVE-2022-25162 + RESERVED +CVE-2022-25161 + RESERVED +CVE-2022-25160 + RESERVED +CVE-2022-25159 + RESERVED +CVE-2022-25158 + RESERVED +CVE-2022-25157 + RESERVED +CVE-2022-25156 + RESERVED +CVE-2022-25155 + RESERVED +CVE-2022-25154 + RESERVED +CVE-2022-25153 + RESERVED +CVE-2022-25152 + RESERVED +CVE-2022-25151 + RESERVED +CVE-2022-25150 (In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, prog ...) + TODO: check +CVE-2022-25149 + RESERVED +CVE-2022-25148 + RESERVED +CVE-2022-0612 + RESERVED +CVE-2022-0611 + RESERVED CVE-2022-25147 RESERVED CVE-2022-0610 @@ -94,8 +136,8 @@ CVE-2022-25141 RESERVED CVE-2022-25140 RESERVED -CVE-2022-25139 - RESERVED +CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a heap use ...) + TODO: check CVE-2022-25138 RESERVED CVE-2022-25137 @@ -396,8 +438,8 @@ CVE-2022-24990 RESERVED CVE-2022-24989 RESERVED -CVE-2022-24988 - RESERVED +CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-b ...) + TODO: check CVE-2022-24987 RESERVED CVE-2022-24986 @@ -412,20 +454,20 @@ CVE-2022-24982 RESERVED CVE-2022-24981 RESERVED -CVE-2022-0586 - RESERVED +CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 ...) + TODO: check CVE-2022-0585 RESERVED CVE-2022-0584 RESERVED -CVE-2022-0583 - RESERVED -CVE-2022-0582 - RESERVED -CVE-2022-0581 - RESERVED -CVE-2022-0580 - RESERVED +CVE-2022-0583 (Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3 ...) + TODO: check +CVE-2022-0582 (Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to ...) + TODO: check +CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3. ...) + TODO: check +CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to 22.2.0 ...) + TODO: check CVE-2022-24980 RESERVED CVE-2022-24979 @@ -434,8 +476,8 @@ CVE-2022-24978 RESERVED CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...) NOT-FOR-US: ImpressCMS -CVE-2022-0579 - RESERVED +CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...) + TODO: check CVE-2022-0578 RESERVED CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with InspI ...) @@ -1013,10 +1055,10 @@ CVE-2022-24707 RESERVED CVE-2022-24706 RESERVED -CVE-2022-24705 - RESERVED -CVE-2022-24704 - RESERVED +CVE-2022-24705 (The rad_packet_recv function in radius/packet.c suffers from a memcpy ...) + TODO: check +CVE-2022-24704 (The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suf ...) + TODO: check CVE-2022-23922 RESERVED CVE-2022-23104 @@ -2477,8 +2519,8 @@ CVE-2022-24208 RESERVED CVE-2022-24207 RESERVED -CVE-2022-24206 - RESERVED +CVE-2022-24206 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) + TODO: check CVE-2022-24205 RESERVED CVE-2022-24204 @@ -3051,8 +3093,8 @@ CVE-2022-23994 (An Improper access control vulnerability in StBedtimeModeReceive NOT-FOR-US: Samsung CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_fi ...) NOT-FOR-US: pfSense -CVE-2022-23992 - RESERVED +CVE-2022-23992 (XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain ...) + TODO: check CVE-2022-23991 RESERVED CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro ...) @@ -3318,8 +3360,8 @@ CVE-2022-23904 RESERVED CVE-2022-23903 RESERVED -CVE-2022-23902 - RESERVED +CVE-2022-23902 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) + TODO: check CVE-2022-23901 RESERVED CVE-2022-23900 @@ -4040,10 +4082,10 @@ CVE-2022-23640 RESERVED CVE-2022-23639 RESERVED -CVE-2022-23638 - RESERVED -CVE-2022-23637 - RESERVED +CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...) + TODO: check +CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...) + TODO: check CVE-2022-23636 RESERVED CVE-2022-23635 @@ -4685,8 +4727,8 @@ CVE-2022-23412 RESERVED CVE-2022-23411 RESERVED -CVE-2022-23410 - RESERVED +CVE-2022-23410 (AXIS IP Utility prior to 4.17.0 allows for remote code execution and l ...) + TODO: check CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to ...) NOT-FOR-US: Craft CMS CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situatio ...) @@ -4723,12 +4765,12 @@ CVE-2022-23393 RESERVED CVE-2022-23392 RESERVED -CVE-2022-23391 - RESERVED -CVE-2022-23390 - RESERVED -CVE-2022-23389 - RESERVED +CVE-2022-23391 (A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attack ...) + TODO: check +CVE-2022-23390 (An issue in the getType function of BBS Forum v5.3 and below allows at ...) + TODO: check +CVE-2022-23389 (PublicCMS v4.0 was discovered to contain a remote code execution (RCE) ...) + TODO: check CVE-2022-23388 RESERVED CVE-2022-23387 @@ -4831,12 +4873,12 @@ CVE-2022-23339 RESERVED CVE-2022-23338 RESERVED -CVE-2022-23337 - RESERVED -CVE-2022-23336 - RESERVED -CVE-2022-23335 - RESERVED +CVE-2022-23337 (DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2022-23336 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability in ...) + TODO: check +CVE-2022-23335 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...) + TODO: check CVE-2022-23334 RESERVED CVE-2022-23333 @@ -5181,6 +5223,7 @@ CVE-2022-23224 CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...) NOT-FOR-US: Apache ShenYu Admin CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...) + {DLA-2923-1} - h2database 2.1.210-1 NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210 NOTE: Fixed by https://github.com/h2database/h2database/commit/eb75633d0dfa86341e6ef77a861665c4a0f16ab8 @@ -7809,8 +7852,8 @@ CVE-2022-22297 RESERVED CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0 is vul ...) NOT-FOR-US: Sourcecodester -CVE-2022-22295 - RESERVED +CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...) + TODO: check CVE-2022-22294 (A SQL injection vulnerability exists in ZFAKA<=1.43 which an attack ...) NOT-FOR-US: zfaka CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...) @@ -8900,8 +8943,8 @@ CVE-2022-21820 RESERVED CVE-2022-21819 RESERVED -CVE-2022-21818 - RESERVED +CVE-2022-21818 (NVIDIA License System contains a vulnerability in the installation scr ...) + TODO: check CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...) NOT-FOR-US: NVIDIA CVE-2022-21816 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) |