diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-02-07 20:10:16 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-02-07 20:10:16 +0000 |
commit | 2c13bbe52b6bb716eaf8c7f72dd54586913267d3 (patch) | |
tree | c2f486fbff9652ab314bdc833328c394c90e0d6b | |
parent | 42d03332c0ee79089aae8ac533c7e39a00ced918 (diff) |
automatic update
-rw-r--r-- | data/CVE/2007.list | 2 | ||||
-rw-r--r-- | data/CVE/2013.list | 6 | ||||
-rw-r--r-- | data/CVE/2018.list | 4 | ||||
-rw-r--r-- | data/CVE/2020.list | 15 | ||||
-rw-r--r-- | data/CVE/2021.list | 338 | ||||
-rw-r--r-- | data/CVE/2022.list | 914 |
6 files changed, 902 insertions, 377 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 0f12a169a0..cb506c55d4 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1,3 +1,5 @@ +CVE-2007-20001 (StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustio ...) + TODO: check CVE-2007-6763 (SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, w ...) NOT-FOR-US: SAS Drug Development (SDD) CVE-2007-6762 (In the Linux kernel before 2.6.20, there is an off-by-one bug in net/n ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 76f7731096..b4c250c8aa 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1,5 +1,7 @@ -CVE-2013-20003 - RESERVED +CVE-2013-20004 (StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak. ...) + TODO: check +CVE-2013-20003 (Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (usin ...) + TODO: check CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary PHP cod ...) NOT-FOR-US: Elemin CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 65b80da9ba..e390923cbc 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,7 +1,7 @@ CVE-2018-25030 RESERVED -CVE-2018-25029 - RESERVED +CVE-2018-25029 (The Z-Wave specification requires that S2 security can be downgraded t ...) + TODO: check CVE-2018-25028 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...) NOT-FOR-US: Rust crate libpulse-binding CVE-2018-25027 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index e2abaf891b..bd0b17aaf4 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -42098,10 +42098,10 @@ CVE-2020-12968 REJECTED CVE-2020-12967 (The lack of nested page table protection in the AMD SEV/SEV-ES feature ...) NOT-FOR-US: AMD -CVE-2020-12966 - RESERVED -CVE-2020-12965 - RESERVED +CVE-2020-12966 (AMD EPYC™ Processors contain an information disclosure vulnerabi ...) + TODO: check +CVE-2020-12965 (When combined with specific software sequences, AMD CPUs may transient ...) + TODO: check CVE-2020-12964 (A potential privilege escalation/denial of service issue exists in the ...) NOT-FOR-US: Intel / AMD CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Graphics D ...) @@ -42254,8 +42254,7 @@ CVE-2020-12893 (Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in E NOT-FOR-US: Intel / AMD CVE-2020-12892 (An untrusted search path in AMD Radeon settings Installer may lead to ...) NOT-FOR-US: Intel / AMD -CVE-2020-12891 - RESERVED +CVE-2020-12891 (AMD Radeon Software may be vulnerable to DLL Hijacking through path va ...) NOT-FOR-US: AMD CVE-2020-12890 (Improper handling of pointers in the System Management Mode (SMM) hand ...) NOT-FOR-US: AMD @@ -55654,8 +55653,8 @@ CVE-2020-7536 (A CWE-754:Improper Check for Unusual or Exceptional Conditions vu NOT-FOR-US: Modicon CVE-2020-7535 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Modicon -CVE-2020-7534 - RESERVED +CVE-2020-7534 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on t ...) + TODO: check CVE-2020-7533 (A CWE-255: Credentials Management vulnerability exists in Web Server o ...) NOT-FOR-US: Modicon CVE-2020-7532 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index a98df70273..30c7217b88 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,4 +1,12 @@ -CVE-2021-46671 [information leak] +CVE-2021-46675 + RESERVED +CVE-2021-46674 + RESERVED +CVE-2021-46673 + RESERVED +CVE-2021-46672 + RESERVED +CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array, and co ...) - atftp 0.7.git20210915-1 (bug #1004974) [bullseye] - atftp <no-dsa> (Minor issue) [buster] - atftp <no-dsa> (Minor issue) @@ -625,7 +633,7 @@ CVE-2021-46400 RESERVED CVE-2021-46399 RESERVED -CVE-2021-46398 (A Cross-Site Request Forgery (CSRF) vulnerability exists in Filebrowse ...) +CVE-2021-46398 (A Cross-Site Request Forgery vulnerability exists in Filebrowser < ...) TODO: check CVE-2021-46397 RESERVED @@ -643,8 +651,8 @@ CVE-2021-46391 RESERVED CVE-2021-46390 RESERVED -CVE-2021-46389 - RESERVED +CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...) + TODO: check CVE-2021-46388 RESERVED CVE-2021-46387 @@ -703,8 +711,8 @@ CVE-2021-46361 RESERVED CVE-2021-46360 RESERVED -CVE-2021-46359 - RESERVED +CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...) + TODO: check CVE-2021-46358 RESERVED CVE-2021-46357 @@ -905,8 +913,8 @@ CVE-2021-46284 RESERVED CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...) NOT-FOR-US: WordPress plugin -CVE-2021-44779 - RESERVED +CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] ...) + TODO: check CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...) NOT-FOR-US: WordPress plugin CVE-2021-44760 @@ -1725,7 +1733,7 @@ CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or mor NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/0adcb34c49bee5b19bd29b16a578c510c23597ea (R_2_4_3) CVE-2021-45959 REJECTED -CVE-2021-45958 (UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buffer ove ...) +CVE-2021-45958 (** DISPUTED ** UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-b ...) - ujson <unfixed> (bug #1005140) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009 NOTE: https://github.com/ultrajson/ultrajson/issues/501 @@ -3077,8 +3085,7 @@ CVE-2021-4155 NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/1 CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js ...) NOT-FOR-US: Node windows -CVE-2021-4154 [cgroup: verify that source is a string] - RESERVED +CVE-2021-4154 (A use-after-free flaw was found in cgroup1_parse_param in kernel/cgrou ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux <not-affected> (Vulnerable code not present) @@ -3197,8 +3204,8 @@ CVE-2021-45431 RESERVED CVE-2021-45430 RESERVED -CVE-2021-45429 - RESERVED +CVE-2021-45429 (A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 6 ...) + TODO: check CVE-2021-45428 (TLR-2005KSH is affected by an incorrect access control vulnerability. ...) NOT-FOR-US: TLR-2005KSH CVE-2021-45427 (Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated ar ...) @@ -3242,8 +3249,8 @@ CVE-2021-45410 RESERVED CVE-2021-45409 RESERVED -CVE-2021-45408 - RESERVED +CVE-2021-45408 (Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, ...) + TODO: check CVE-2021-45407 RESERVED CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to ...) @@ -3555,7 +3562,7 @@ CVE-2021-45270 RESERVED CVE-2021-45269 RESERVED -CVE-2021-45268 (A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop C ...) +CVE-2021-45268 (** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability exist ...) NOT-FOR-US: Backdrop CMS CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...) - gpac <unfixed> @@ -5718,8 +5725,8 @@ CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the clie [experimental] - openssl 3.0.1-1 - openssl <not-affected> (Vulnerable code not present) NOTE: https://www.openssl.org/news/secadv/20211214.txt -CVE-2021-4043 - RESERVED +CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0 ...) + TODO: check CVE-2021-4042 RESERVED CVE-2021-4041 [Improper shell escaping in ansible-runner] @@ -6478,12 +6485,12 @@ CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During NOT-FOR-US: snipe-it CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: ShowDoc -CVE-2021-44206 - RESERVED -CVE-2021-44205 - RESERVED -CVE-2021-44204 - RESERVED +CVE-2021-44206 (Local privilege escalation due to DLL hijacking vulnerability in Acron ...) + TODO: check +CVE-2021-44205 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...) + TODO: check +CVE-2021-44204 (Local privilege escalation via named pipe due to improper access contr ...) + TODO: check CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...) NOT-FOR-US: Acronis CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...) @@ -7290,16 +7297,16 @@ CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but NOT-FOR-US: Distributed Data Systems CVE-2021-43930 RESERVED -CVE-2021-43929 - RESERVED -CVE-2021-43928 - RESERVED -CVE-2021-43927 - RESERVED -CVE-2021-43926 - RESERVED -CVE-2021-43925 - RESERVED +CVE-2021-43929 (Improper neutralization of special elements in output used by a downst ...) + TODO: check +CVE-2021-43928 (Improper neutralization of special elements used in an OS command ('OS ...) + TODO: check +CVE-2021-43927 (Improper neutralization of special elements used in an SQL command ('S ...) + TODO: check +CVE-2021-43926 (Improper neutralization of special elements used in an SQL command ('S ...) + TODO: check +CVE-2021-43925 (Improper neutralization of special elements used in an SQL command ('S ...) + TODO: check CVE-2021-43924 RESERVED CVE-2021-43923 @@ -7490,8 +7497,8 @@ CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block NOT-FOR-US: jsx-slack CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...) NOT-FOR-US: Wiki.js -CVE-2021-43841 - RESERVED +CVE-2021-43841 (XWiki is a generic wiki platform offering runtime services for applica ...) + TODO: check CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In ...) TODO: check CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In Cronos nodes ...) @@ -7956,8 +7963,8 @@ CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Ha NOT-FOR-US: Amazon CVE-2021-43636 RESERVED -CVE-2021-43635 - RESERVED +CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4. ...) + TODO: check CVE-2021-43634 RESERVED CVE-2021-43633 @@ -10003,8 +10010,8 @@ CVE-2021-42835 (An issue was discovered in Plex Media Server through 1.24.4.5081 NOT-FOR-US: Plex Media Server CVE-2021-42834 RESERVED -CVE-2021-42833 - RESERVED +CVE-2021-42833 (A Use of Hardcoded Credentials vulnerability exists in AquaView versio ...) + TODO: check CVE-2021-42832 RESERVED CVE-2021-42831 @@ -12406,8 +12413,7 @@ CVE-2021-41817 (Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS ( NOTE: Followups to mimic previous behaviour: NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2) NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2) -CVE-2021-41816 [Buffer Overrun in CGI.escape_html] - RESERVED +CVE-2021-41816 (CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integ ...) {DSA-5067-1} - ruby3.0 <unfixed> (bug #1002995) - ruby2.7 2.7.5-1 @@ -13192,7 +13198,7 @@ CVE-2021-41498 (Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in t NOTE: https://github.com/belangeo/pyo/commit/017702c73332a8560c8554a36250a6da587a2418 (1.0.4) CVE-2021-41497 (Null pointer reference in CMS_Conservative_increment_obj in RaRe-Techn ...) NOT-FOR-US: RaRe-Technologies bounter -CVE-2021-41496 (Buffer overflow in the array_from_pyobj function of fortranobject.c in ...) +CVE-2021-41496 (** DISPUTED ** Buffer overflow in the array_from_pyobj function of for ...) - numpy <unfixed> [bullseye] - numpy <no-dsa> (Minor issue) NOTE: https://github.com/numpy/numpy/issues/19000 @@ -15852,8 +15858,8 @@ CVE-2021-40422 RESERVED CVE-2021-40421 RESERVED -CVE-2021-40420 - RESERVED +CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + TODO: check CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary of reol ...) NOT-FOR-US: Reolink CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...) @@ -15886,12 +15892,12 @@ CVE-2021-40405 RESERVED CVE-2021-40404 (An authentication bypass vulnerability exists in the cgiserver.cgi Log ...) NOT-FOR-US: Reolink -CVE-2021-40403 - RESERVED +CVE-2021-40403 (An information disclosure vulnerability exists in the pick-and-place r ...) + TODO: check CVE-2021-40402 RESERVED -CVE-2021-40401 - RESERVED +CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture definiti ...) + TODO: check CVE-2021-40400 RESERVED CVE-2021-40399 @@ -18581,8 +18587,8 @@ CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser f NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021970.html CVE-2021-39281 RESERVED -CVE-2021-39280 - RESERVED +CVE-2021-39280 (Certain Korenix JetWave devices allow authenticated users to execute a ...) + TODO: check CVE-2021-39279 (Certain MOXA devices allow Authenticated Command Injection via /forms/ ...) NOT-FOR-US: MOXA CVE-2021-39278 (Certain MOXA devices allow reflected XSS via the Config Import menu. T ...) @@ -19295,8 +19301,8 @@ CVE-2021-39023 RESERVED CVE-2021-39022 RESERVED -CVE-2021-39021 - RESERVED +CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...) + TODO: check CVE-2021-39020 RESERVED CVE-2021-39019 @@ -19417,8 +19423,8 @@ CVE-2021-38962 RESERVED CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerab ...) NOT-FOR-US: IBM -CVE-2021-38960 - RESERVED +CVE-2021-38960 (IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated use ...) + TODO: check CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...) NOT-FOR-US: IBM CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service ...) @@ -21328,8 +21334,8 @@ CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mish [buster] - btrbk 0.27.1-1+deb10u1 NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2) NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1) -CVE-2021-38172 - RESERVED +CVE-2021-38172 (perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially ...) + TODO: check CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...) {DSA-4998-1 DSA-4990-1 DLA-2818-1} - ffmpeg 7:4.4.1-1 @@ -21438,8 +21444,8 @@ CVE-2021-38132 RESERVED CVE-2021-38131 RESERVED -CVE-2021-38130 - RESERVED +CVE-2021-38130 (A potential Information leakage vulnerability has been identified in v ...) + TODO: check CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...) NOT-FOR-US: Micro Focus CVE-2021-38128 @@ -26172,11 +26178,9 @@ CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows NOT-FOR-US: gRPC Swift CVE-2021-36153 (Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1. ...) NOT-FOR-US: gRPC Swift -CVE-2021-36152 - RESERVED +CVE-2021-36152 (Apache Gobblin trusts all certificates used for LDAP connections in Go ...) NOT-FOR-US: Apache Gobblin -CVE-2021-36151 - RESERVED +CVE-2021-36151 (In Apache Gobblin, the Hadoop token is written to a temp file that is ...) NOT-FOR-US: Apache Gobblin CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the generated cert ...) NOT-FOR-US: OpenShift @@ -32502,7 +32506,7 @@ CVE-2021-33432 RESERVED CVE-2021-33431 RESERVED -CVE-2021-33430 (A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_N ...) +CVE-2021-33430 (** DISPUTED ** A Buffer Overflow vulnerability exists in NumPy 1.9.x i ...) - numpy 1:1.21.4-2 [bullseye] - numpy <no-dsa> (Minor issue) NOTE: https://github.com/numpy/numpy/issues/18939 @@ -34271,8 +34275,8 @@ CVE-2021-32734 (Nextcloud Server is a Nextcloud package that handles data storag - nextcloud-server <itp> (bug #941708) CVE-2021-32733 (Nextcloud Text is a collaborative document editing application that us ...) NOT-FOR-US: Nextcloud Text -CVE-2021-32732 - RESERVED +CVE-2021-32732 (### Impact It's possible to know if a user has or not an account in a ...) + TODO: check CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...) @@ -36011,8 +36015,8 @@ CVE-2021-32037 (An authorized user may trigger an invariant which may result in - mongodb <removed> [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html) NOTE: https://jira.mongodb.org/browse/SERVER-59071 -CVE-2021-32036 - RESERVED +CVE-2021-32036 (An authenticated user without any specific authorizations may be able ...) + TODO: check CVE-2021-32035 RESERVED CVE-2021-32034 @@ -41067,7 +41071,7 @@ CVE-2021-30123 (FFmpeg <=4.3 contains a buffer overflow vulnerability in liba NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 CVE-2021-30122 RESERVED -CVE-2021-30121 (Local file inclusion exists in Kaseya VSA before 9.5.6. ...) +CVE-2021-30121 (Authenticated local file inclusion in Kaseya VSA < v9.5.6 ...) NOT-FOR-US: Kaseya CVE-2021-30120 (Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requiremen ...) NOT-FOR-US: Kaseya @@ -42942,18 +42946,18 @@ CVE-2021-29400 (A cross-site request forgery (CSRF) vulnerability in the My SMTP NOT-FOR-US: My SMTP Contact plugin for GetSimple CMS CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to inadequate filt ...) NOT-FOR-US: XMB -CVE-2021-29398 - RESERVED -CVE-2021-29397 - RESERVED -CVE-2021-29396 - RESERVED -CVE-2021-29395 - RESERVED -CVE-2021-29394 - RESERVED -CVE-2021-29393 - RESERVED +CVE-2021-29398 (Directory traversal in /northstar/Common/NorthFileManager/fileManagerO ...) + TODO: check +CVE-2021-29397 (Cleartext Transmission of Sensitive Information in /northstar/Admin/lo ...) + TODO: check +CVE-2021-29396 (Systemic Insecure Permissions in Northstar Technologies Inc NorthStar ...) + TODO: check +CVE-2021-29395 (Directory travesal in /northstar/filemanager/download.jsp in Northstar ...) + TODO: check +CVE-2021-29394 (Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar ...) + TODO: check +CVE-2021-29393 (Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar T ...) + TODO: check CVE-2021-29392 RESERVED CVE-2021-29391 @@ -43348,10 +43352,10 @@ CVE-2021-29221 (A local privilege escalation vulnerability was discovered in Erl - erlang <not-affected> (Windows-specific) CVE-2021-29220 RESERVED -CVE-2021-29219 - RESERVED -CVE-2021-29218 - RESERVED +CVE-2021-29219 (A potential local buffer overflow vulnerability has been identified in ...) + TODO: check +CVE-2021-29218 (A local unquoted search path security vulnerability has been identifie ...) + TODO: check CVE-2021-29217 RESERVED CVE-2021-29216 @@ -45135,8 +45139,8 @@ CVE-2021-28505 RESERVED CVE-2021-28504 RESERVED -CVE-2021-28503 - RESERVED +CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may skip re ...) + TODO: check CVE-2021-28502 RESERVED CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the incorrec ...) @@ -49901,13 +49905,13 @@ CVE-2021-26476 (EPrints 3.4.2 allows remote attackers to execute OS commands via NOT-FOR-US: EPrints CVE-2021-26475 (EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal ...) NOT-FOR-US: EPrints -CVE-2021-26474 (Vembu BDR Suite before 4.2.0 allows Unauthenticated SSRF via a GET req ...) +CVE-2021-26474 (Various Vembu products allow an attacker to execute a (non-blind) http ...) NOT-FOR-US: Vembu BDR Suite -CVE-2021-26473 (Vembu BDR Suite before 4.2.0 allows Unauthenticated file write via a G ...) +CVE-2021-26473 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http ...) NOT-FOR-US: Vembu BDR Suite -CVE-2021-26472 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execut ...) +CVE-2021-26472 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed ...) NOT-FOR-US: Vembu BDR Suite -CVE-2021-26471 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execut ...) +CVE-2021-26471 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http ...) NOT-FOR-US: Vembu BDR Suite CVE-2021-26470 RESERVED @@ -53385,8 +53389,8 @@ CVE-2021-25116 RESERVED CVE-2021-25115 RESERVED -CVE-2021-25114 - RESERVED +CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...) + TODO: check CVE-2021-25113 RESERVED CVE-2021-25112 @@ -53397,18 +53401,18 @@ CVE-2021-25110 RESERVED CVE-2021-25109 RESERVED -CVE-2021-25108 - RESERVED +CVE-2021-25108 (The IP2Location Country Blocker WordPress plugin before 2.26.6 does no ...) + TODO: check CVE-2021-25107 RESERVED -CVE-2021-25106 - RESERVED -CVE-2021-25105 - RESERVED +CVE-2021-25106 (The Privacy Policy Generator, Terms & Conditions Generator WordPre ...) + TODO: check +CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape some of ...) + TODO: check CVE-2021-25104 RESERVED -CVE-2021-25103 - RESERVED +CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before 2.9.7 ...) + TODO: check CVE-2021-25102 RESERVED CVE-2021-25101 @@ -53421,10 +53425,10 @@ CVE-2021-25098 RESERVED CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper authori ...) NOT-FOR-US: WordPress plugin -CVE-2021-25096 - RESERVED -CVE-2021-25095 - RESERVED +CVE-2021-25096 (The IP2Location Country Blocker WordPress plugin before 2.26.5 bans ca ...) + TODO: check +CVE-2021-25095 (The IP2Location Country Blocker WordPress plugin before 2.26.5 does no ...) + TODO: check CVE-2021-25094 RESERVED CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have authorisa ...) @@ -53445,8 +53449,8 @@ CVE-2021-25086 RESERVED CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin -CVE-2021-25084 - RESERVED +CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron ...) + TODO: check CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...) NOT-FOR-US: WordPress plugin CVE-2021-25082 @@ -53459,8 +53463,8 @@ CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does not NOT-FOR-US: WordPress plugin CVE-2021-25078 (The Affiliates Manager WordPress plugin before 2.9.0 does not validate ...) NOT-FOR-US: WordPress plugin -CVE-2021-25077 - RESERVED +CVE-2021-25077 (The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does n ...) + TODO: check CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2021-25075 @@ -53555,8 +53559,8 @@ CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects, Lightb NOT-FOR-US: WordPress plugin CVE-2021-25030 (The Events Made Easy WordPress plugin before 2.2.36 does not sanitise ...) NOT-FOR-US: WordPress plugin -CVE-2021-25029 - RESERVED +CVE-2021-25029 (The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does ...) + TODO: check CVE-2021-25028 (The Event Tickets WordPress plugin before 5.2.2 does not validate the ...) NOT-FOR-US: WordPress plugin CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does ...) @@ -53605,8 +53609,8 @@ CVE-2021-25006 RESERVED CVE-2021-25005 (The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and e ...) NOT-FOR-US: WordPress plugin -CVE-2021-25004 - RESERVED +CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with ...) + TODO: check CVE-2021-25003 RESERVED CVE-2021-25002 @@ -53627,8 +53631,8 @@ CVE-2021-24995 RESERVED CVE-2021-24994 RESERVED -CVE-2021-24993 - RESERVED +CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26 does not h ...) + TODO: check CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does ...) NOT-FOR-US: WordPress plugin CVE-2021-24991 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...) @@ -53719,8 +53723,8 @@ CVE-2021-24949 (The "WP Search Filters" widget of The Plus Addons for Elementor NOT-FOR-US: WordPress plugin CVE-2021-24948 (The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does ...) NOT-FOR-US: WordPress plugin -CVE-2021-24947 - RESERVED +CVE-2021-24947 (The RVM WordPress plugin before 6.4.2 does not have proper authorisati ...) + TODO: check CVE-2021-24946 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-24945 (The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 ...) @@ -53757,8 +53761,8 @@ CVE-2021-24930 (The WordPress Online Booking and Scheduling Plugin WordPress plu NOT-FOR-US: WordPress plugin CVE-2021-24929 RESERVED -CVE-2021-24928 - RESERVED +CVE-2021-24928 (The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does ...) + TODO: check CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2021-24926 (The Domain Check WordPress plugin before 1.0.17 does not sanitise and ...) @@ -53853,12 +53857,12 @@ CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not san NOT-FOR-US: WordPress plugin CVE-2021-24881 RESERVED -CVE-2021-24880 - RESERVED -CVE-2021-24879 - RESERVED -CVE-2021-24878 - RESERVED +CVE-2021-24880 (The SupportCandy WordPress plugin before 2.2.7 does not validate and e ...) + TODO: check +CVE-2021-24879 (The SupportCandy WordPress plugin before 2.2.7 does not have CSRF chec ...) + TODO: check +CVE-2021-24878 (The SupportCandy WordPress plugin before 2.2.7 does not sanitise and e ...) + TODO: check CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...) NOT-FOR-US: WordPress plugin CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...) @@ -53927,16 +53931,16 @@ CVE-2021-24845 (The Improved Include Page WordPress plugin through 1.2 allows pa NOT-FOR-US: WordPress plugin CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...) NOT-FOR-US: WordPress plugin -CVE-2021-24843 - RESERVED +CVE-2021-24843 (The SupportCandy WordPress plugin before 2.2.7 does not have CRSF chec ...) + TODO: check CVE-2021-24842 (The Bulk Datetime Change WordPress plugin before 1.12 does not enforce ...) NOT-FOR-US: WordPress plugin CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...) NOT-FOR-US: WordPress theme -CVE-2021-24839 - RESERVED +CVE-2021-24839 (The SupportCandy WordPress plugin before 2.2.5 does not have authorisa ...) + TODO: check CVE-2021-24838 (The AnyComment WordPress plugin through 0.2.17 has an API endpoint whi ...) NOT-FOR-US: WordPress plugin CVE-2021-24837 @@ -54277,7 +54281,7 @@ CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape some NOT-FOR-US: WordPress plugin CVE-2021-24669 (The MAZ Loader – Preloader Builder for WordPress plugin before 1 ...) NOT-FOR-US: WordPress plugin -CVE-2021-24668 (The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce c ...) +CVE-2021-24668 (The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce ch ...) NOT-FOR-US: WordPress plugin CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered in : S ...) NOT-FOR-US: FortiGuard @@ -54927,7 +54931,7 @@ CVE-2021-24345 (The page lists-management feature of the Sendit WP Newsletter Wo NOT-FOR-US: WordPress plugin CVE-2021-24344 (The Easy Preloader WordPress plugin through 1.0.0 does not sanitise it ...) NOT-FOR-US: WordPress plugin -CVE-2021-24343 (The iFlyChat - WordPress Chat plugin through 4.6.4 does not sanitise i ...) +CVE-2021-24343 (The iFlyChat WordPress plugin before 4.7.0 does not sanitise its APP I ...) NOT-FOR-US: WordPress plugin CVE-2021-24342 (The JNews WordPress theme before 8.0.6 did not sanitise the cat_id par ...) NOT-FOR-US: WordPress theme @@ -56917,8 +56921,8 @@ CVE-2021-23509 (This affects the package json-ptr before 3.0.0. A type confusion NOT-FOR-US: Node json-ptr CVE-2021-23508 RESERVED -CVE-2021-23507 - RESERVED +CVE-2021-23507 (The package object-path-set before 1.0.2 are vulnerable to Prototype P ...) + TODO: check CVE-2021-23506 RESERVED CVE-2021-23505 @@ -56937,8 +56941,8 @@ CVE-2021-23499 RESERVED CVE-2021-23498 RESERVED -CVE-2021-23497 - RESERVED +CVE-2021-23497 (This affects the package @strikeentco/set before 1.0.2. It allows an a ...) + TODO: check CVE-2021-23496 RESERVED CVE-2021-23495 @@ -56992,8 +56996,8 @@ CVE-2021-23472 (This affects versions before 1.19.1 of package bootstrap-table. NOTE: URL in CVE has moved. https://github.com/wenzhixin/bootstrap-table/pull/5941 CVE-2021-23471 RESERVED -CVE-2021-23470 - RESERVED +CVE-2021-23470 (This affects the package putil-merge before 3.8.0. The merge() functio ...) + TODO: check CVE-2021-23469 RESERVED CVE-2021-23468 @@ -59624,16 +59628,16 @@ CVE-2021-22290 RESERVED CVE-2021-22289 RESERVED -CVE-2021-22288 - RESERVED +CVE-2021-22288 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...) + TODO: check CVE-2021-22287 RESERVED -CVE-2021-22286 - RESERVED -CVE-2021-22285 - RESERVED -CVE-2021-22284 - RESERVED +CVE-2021-22286 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...) + TODO: check +CVE-2021-22285 (Improper Handling of Exceptional Conditions, Improper Check for Unusua ...) + TODO: check +CVE-2021-22284 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) + TODO: check CVE-2021-22283 RESERVED CVE-2021-22282 @@ -60364,32 +60368,32 @@ CVE-2021-3009 RESERVED CVE-2021-3008 RESERVED -CVE-2021-21971 - RESERVED -CVE-2021-21970 - RESERVED -CVE-2021-21969 - RESERVED -CVE-2021-21968 - RESERVED +CVE-2021-21971 (An out-of-bounds write vulnerability exists in the URL_decode function ...) + TODO: check +CVE-2021-21970 (An out-of-bounds write vulnerability exists in the HandleSeaCloudMessa ...) + TODO: check +CVE-2021-21969 (An out-of-bounds write vulnerability exists in the HandleSeaCloudMessa ...) + TODO: check +CVE-2021-21968 (A file write vulnerability exists in the OTA update task functionality ...) + TODO: check CVE-2021-21967 RESERVED CVE-2021-21966 RESERVED -CVE-2021-21965 - RESERVED -CVE-2021-21964 - RESERVED -CVE-2021-21963 - RESERVED -CVE-2021-21962 - RESERVED -CVE-2021-21961 - RESERVED -CVE-2021-21960 - RESERVED -CVE-2021-21959 - RESERVED +CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...) + TODO: check +CVE-2021-21964 (A denial of service vulnerability exists in the Modbus configuration f ...) + TODO: check +CVE-2021-21963 (An information disclosure vulnerability exists in the Web Server funct ...) + TODO: check +CVE-2021-21962 (A heap-based buffer overflow vulnerability exists in the OTA Update u- ...) + TODO: check +CVE-2021-21961 (A stack-based buffer overflow vulnerability exists in the NBNS functio ...) + TODO: check +CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the LLMNR f ...) + TODO: check +CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of Sealevel Syste ...) + TODO: check CVE-2021-21958 RESERVED CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index dc3fd87fe4..8f65f7dec8 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,13 +1,535 @@ -CVE-2022-24408 +CVE-2022-24665 + RESERVED +CVE-2022-24664 + RESERVED +CVE-2022-24663 + RESERVED +CVE-2022-24662 + RESERVED +CVE-2022-24661 + RESERVED +CVE-2022-24660 + RESERVED +CVE-2022-24659 + RESERVED +CVE-2022-24658 + RESERVED +CVE-2022-24657 + RESERVED +CVE-2022-24656 + RESERVED +CVE-2022-24655 + RESERVED +CVE-2022-24654 + RESERVED +CVE-2022-24653 + RESERVED +CVE-2022-24652 + RESERVED +CVE-2022-24651 + RESERVED +CVE-2022-24650 + RESERVED +CVE-2022-24649 + RESERVED +CVE-2022-24648 + RESERVED +CVE-2022-24647 + RESERVED +CVE-2022-24646 + RESERVED +CVE-2022-24645 + RESERVED +CVE-2022-24644 + RESERVED +CVE-2022-24643 + RESERVED +CVE-2022-24642 + RESERVED +CVE-2022-24641 + RESERVED +CVE-2022-24640 + RESERVED +CVE-2022-24639 + RESERVED +CVE-2022-24638 + RESERVED +CVE-2022-24637 + RESERVED +CVE-2022-24636 + RESERVED +CVE-2022-24635 + RESERVED +CVE-2022-24634 + RESERVED +CVE-2022-24633 + RESERVED +CVE-2022-24632 + RESERVED +CVE-2022-24631 + RESERVED +CVE-2022-24630 + RESERVED +CVE-2022-24629 + RESERVED +CVE-2022-24628 + RESERVED +CVE-2022-24627 + RESERVED +CVE-2022-24626 + RESERVED +CVE-2022-24625 + RESERVED +CVE-2022-24624 + RESERVED +CVE-2022-24623 + RESERVED +CVE-2022-24622 + RESERVED +CVE-2022-24621 + RESERVED +CVE-2022-24620 + RESERVED +CVE-2022-24619 + RESERVED +CVE-2022-24618 + RESERVED +CVE-2022-24617 + RESERVED +CVE-2022-24616 + RESERVED +CVE-2022-24615 + RESERVED +CVE-2022-24614 + RESERVED +CVE-2022-24613 + RESERVED +CVE-2022-24612 + RESERVED +CVE-2022-24611 + RESERVED +CVE-2022-24610 + RESERVED +CVE-2022-24609 + RESERVED +CVE-2022-24608 + RESERVED +CVE-2022-24607 + RESERVED +CVE-2022-24606 + RESERVED +CVE-2022-24605 + RESERVED +CVE-2022-24604 + RESERVED +CVE-2022-24603 + RESERVED +CVE-2022-24602 + RESERVED +CVE-2022-24601 + RESERVED +CVE-2022-24600 + RESERVED +CVE-2022-24599 + RESERVED +CVE-2022-24598 + RESERVED +CVE-2022-24597 + RESERVED +CVE-2022-24596 + RESERVED +CVE-2022-24595 + RESERVED +CVE-2022-24594 + RESERVED +CVE-2022-24593 + RESERVED +CVE-2022-24592 + RESERVED +CVE-2022-24591 + RESERVED +CVE-2022-24590 + RESERVED +CVE-2022-24589 + RESERVED +CVE-2022-24588 + RESERVED +CVE-2022-24587 + RESERVED +CVE-2022-24586 + RESERVED +CVE-2022-24585 + RESERVED +CVE-2022-24584 + RESERVED +CVE-2022-24583 + RESERVED +CVE-2022-24582 + RESERVED +CVE-2022-24581 + RESERVED +CVE-2022-24580 + RESERVED +CVE-2022-24579 + RESERVED +CVE-2022-24578 + RESERVED +CVE-2022-24577 + RESERVED +CVE-2022-24576 + RESERVED +CVE-2022-24575 + RESERVED +CVE-2022-24574 + RESERVED +CVE-2022-24573 + RESERVED +CVE-2022-24572 + RESERVED +CVE-2022-24571 + RESERVED +CVE-2022-24570 + RESERVED +CVE-2022-24569 + RESERVED +CVE-2022-24568 + RESERVED +CVE-2022-24567 + RESERVED +CVE-2022-24566 + RESERVED +CVE-2022-24565 + RESERVED +CVE-2022-24564 + RESERVED +CVE-2022-24563 + RESERVED +CVE-2022-24562 + RESERVED +CVE-2022-24561 + RESERVED +CVE-2022-24560 + RESERVED +CVE-2022-24559 + RESERVED +CVE-2022-24558 + RESERVED +CVE-2022-24557 + RESERVED +CVE-2022-24556 + RESERVED +CVE-2022-24555 + RESERVED +CVE-2022-24554 + RESERVED +CVE-2022-24553 + RESERVED +CVE-2022-24552 (StarWind SAN and NAS before 0.2 build 1685 allows remote code executio ...) + TODO: check +CVE-2022-24551 (StarWind SAN and NAS before 0.2 build 1685 allows users to reset other ...) + TODO: check +CVE-2022-24550 + RESERVED +CVE-2022-24549 + RESERVED +CVE-2022-24548 + RESERVED +CVE-2022-24547 + RESERVED +CVE-2022-24546 + RESERVED +CVE-2022-24545 + RESERVED +CVE-2022-24544 + RESERVED +CVE-2022-24543 + RESERVED +CVE-2022-24542 + RESERVED +CVE-2022-24541 + RESERVED +CVE-2022-24540 + RESERVED +CVE-2022-24539 + RESERVED +CVE-2022-24538 + RESERVED +CVE-2022-24537 + RESERVED +CVE-2022-24536 + RESERVED +CVE-2022-24535 + RESERVED +CVE-2022-24534 + RESERVED +CVE-2022-24533 + RESERVED +CVE-2022-24532 + RESERVED +CVE-2022-24531 + RESERVED +CVE-2022-24530 + RESERVED +CVE-2022-24529 + RESERVED +CVE-2022-24528 + RESERVED +CVE-2022-24527 + RESERVED +CVE-2022-24526 + RESERVED +CVE-2022-24525 + RESERVED +CVE-2022-24524 + RESERVED +CVE-2022-24523 + RESERVED +CVE-2022-24522 + RESERVED +CVE-2022-24521 + RESERVED +CVE-2022-24520 + RESERVED +CVE-2022-24519 + RESERVED +CVE-2022-24518 + RESERVED +CVE-2022-24517 + RESERVED +CVE-2022-24516 + RESERVED +CVE-2022-24515 + RESERVED +CVE-2022-24514 + RESERVED +CVE-2022-24513 + RESERVED +CVE-2022-24512 + RESERVED +CVE-2022-24511 + RESERVED +CVE-2022-24510 + RESERVED +CVE-2022-24509 + RESERVED +CVE-2022-24508 + RESERVED +CVE-2022-24507 + RESERVED +CVE-2022-24506 + RESERVED +CVE-2022-24505 + RESERVED +CVE-2022-24504 + RESERVED +CVE-2022-24503 + RESERVED +CVE-2022-24502 + RESERVED +CVE-2022-24501 + RESERVED +CVE-2022-24500 + RESERVED +CVE-2022-24499 + RESERVED +CVE-2022-24498 + RESERVED +CVE-2022-24497 + RESERVED +CVE-2022-24496 + RESERVED +CVE-2022-24495 + RESERVED +CVE-2022-24494 + RESERVED +CVE-2022-24493 + RESERVED +CVE-2022-24492 + RESERVED +CVE-2022-24491 + RESERVED +CVE-2022-24490 + RESERVED +CVE-2022-24489 + RESERVED +CVE-2022-24488 + RESERVED +CVE-2022-24487 + RESERVED +CVE-2022-24486 + RESERVED +CVE-2022-24485 + RESERVED +CVE-2022-24484 + RESERVED +CVE-2022-24483 + RESERVED +CVE-2022-24482 + RESERVED +CVE-2022-24481 + RESERVED +CVE-2022-24480 + RESERVED +CVE-2022-24479 + RESERVED +CVE-2022-24478 + RESERVED +CVE-2022-24477 + RESERVED +CVE-2022-24476 + RESERVED +CVE-2022-24475 + RESERVED +CVE-2022-24474 + RESERVED +CVE-2022-24473 + RESERVED +CVE-2022-24472 + RESERVED +CVE-2022-24471 + RESERVED +CVE-2022-24470 + RESERVED +CVE-2022-24469 + RESERVED +CVE-2022-24468 + RESERVED +CVE-2022-24467 + RESERVED +CVE-2022-24466 + RESERVED +CVE-2022-24465 + RESERVED +CVE-2022-24464 + RESERVED +CVE-2022-24463 + RESERVED +CVE-2022-24462 + RESERVED +CVE-2022-24461 + RESERVED +CVE-2022-24460 + RESERVED +CVE-2022-24459 + RESERVED +CVE-2022-24458 + RESERVED +CVE-2022-24457 + RESERVED +CVE-2022-24456 + RESERVED +CVE-2022-24455 + RESERVED +CVE-2022-24454 + RESERVED +CVE-2022-24453 + RESERVED +CVE-2022-24452 + RESERVED +CVE-2022-24451 + RESERVED +CVE-2022-24450 + RESERVED +CVE-2022-24449 + RESERVED +CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.1 ...) + TODO: check +CVE-2022-24447 + RESERVED +CVE-2022-24446 + RESERVED +CVE-2022-24445 + RESERVED +CVE-2022-24444 + RESERVED +CVE-2022-24443 + RESERVED +CVE-2022-24442 + RESERVED +CVE-2022-24428 + RESERVED +CVE-2022-24427 + RESERVED +CVE-2022-24426 RESERVED -CVE-2022-0501 +CVE-2022-24425 RESERVED +CVE-2022-24424 + RESERVED +CVE-2022-24423 + RESERVED +CVE-2022-24422 + RESERVED +CVE-2022-24421 + RESERVED +CVE-2022-24420 + RESERVED +CVE-2022-24419 + RESERVED +CVE-2022-24418 + RESERVED +CVE-2022-24417 + RESERVED +CVE-2022-24416 + RESERVED +CVE-2022-24415 + RESERVED +CVE-2022-24414 + RESERVED +CVE-2022-24413 + RESERVED +CVE-2022-24412 + RESERVED +CVE-2022-24411 + RESERVED +CVE-2022-24410 + RESERVED +CVE-2022-24409 + RESERVED +CVE-2022-24380 + RESERVED +CVE-2022-22147 + RESERVED +CVE-2022-21130 + RESERVED +CVE-2022-0515 + RESERVED +CVE-2022-0514 + RESERVED +CVE-2022-0513 + RESERVED +CVE-2022-0512 + RESERVED +CVE-2022-0511 + RESERVED +CVE-2022-0510 + RESERVED +CVE-2022-0509 + RESERVED +CVE-2022-0508 + RESERVED +CVE-2022-0507 + RESERVED +CVE-2022-0506 + RESERVED +CVE-2022-0505 + RESERVED +CVE-2022-0504 + RESERVED +CVE-2022-0503 + RESERVED +CVE-2022-0502 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + TODO: check +CVE-2022-24408 + RESERVED +CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstal ...) + TODO: check CVE-2022-0500 RESERVED CVE-2022-0499 RESERVED CVE-2022-0498 - RESERVED + REJECTED CVE-2022-0497 RESERVED CVE-2022-0496 @@ -101,8 +623,7 @@ CVE-2022-24384 RESERVED CVE-2022-21241 RESERVED -CVE-2022-0487 [Use after free in moxart_remove] - RESERVED +CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in ...) - linux <unfixed> NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1194516 NOTE: https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/ @@ -110,8 +631,8 @@ CVE-2022-0486 RESERVED CVE-2022-0485 RESERVED -CVE-2022-0484 - RESERVED +CVE-2022-0484 (Lack of validation of URLs causes Mirantis Container Cloud Lens Extens ...) + TODO: check CVE-2022-0483 RESERVED CVE-2022-0482 @@ -164,8 +685,8 @@ CVE-2022-24350 RESERVED CVE-2022-24349 RESERVED -CVE-2022-24348 - RESERVED +CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal ...) + TODO: check CVE-2022-24347 RESERVED CVE-2022-24346 @@ -232,8 +753,8 @@ CVE-2022-21194 RESERVED CVE-2022-21177 RESERVED -CVE-2022-0481 - RESERVED +CVE-2022-0481 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...) + TODO: check CVE-2022-24324 RESERVED CVE-2022-24323 @@ -278,10 +799,10 @@ CVE-2022-0476 RESERVED CVE-2022-0475 RESERVED -CVE-2022-0474 - RESERVED -CVE-2022-0473 - RESERVED +CVE-2022-0474 (Full list of recipients from customer users in a contact field could b ...) + TODO: check +CVE-2022-0473 (OTRS administrators can configure dynamic field and inject malicious J ...) + TODO: check CVE-2022-24308 RESERVED CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access cont ...) @@ -302,8 +823,8 @@ CVE-2022-24295 RESERVED CVE-2022-22986 RESERVED -CVE-2022-0472 - RESERVED +CVE-2022-0472 (Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/ ...) + TODO: check CVE-2022-0471 RESERVED CVE-2022-24294 @@ -461,8 +982,8 @@ CVE-2022-24284 RESERVED CVE-2022-24283 RESERVED -CVE-2022-0437 - RESERVED +CVE-2022-0437 (Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14. ...) + TODO: check CVE-2022-0436 RESERVED CVE-2022-24282 @@ -538,14 +1059,14 @@ CVE-2022-24264 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnera NOT-FOR-US: Cuppa CMS CVE-2022-24263 (Hospital Management System v4.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Hospital Management System -CVE-2022-24262 - RESERVED +CVE-2022-24262 (The config restore function of Voipmonitor GUI before v24.96 does not ...) + TODO: check CVE-2022-24261 RESERVED -CVE-2022-24260 - RESERVED -CVE-2022-24259 - RESERVED +CVE-2022-24260 (A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows ...) + TODO: check +CVE-2022-24259 (An incorrect check in the component cdr.php of Voipmonitor GUI before ...) + TODO: check CVE-2022-24258 RESERVED CVE-2022-24257 @@ -564,8 +1085,8 @@ CVE-2022-24251 RESERVED CVE-2022-24250 RESERVED -CVE-2022-24249 - RESERVED +CVE-2022-24249 (A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the ...) + TODO: check CVE-2022-24248 RESERVED CVE-2022-24247 @@ -821,6 +1342,7 @@ CVE-2022-0416 CVE-2022-0415 RESERVED CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows attacke ...) + {DLA-2913-1} - xterm 370-2 (bug #1004689) [bullseye] - xterm <no-dsa> (Minor issue) [buster] - xterm <no-dsa> (Minor issue) @@ -828,8 +1350,7 @@ CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows a NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/2 NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/3 NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d -CVE-2022-24129 - RESERVED +CVE-2022-24129 (The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allow ...) NOT-FOR-US: Shibboleth identity provider OIDC OP plugin CVE-2022-24128 RESERVED @@ -876,12 +1397,12 @@ CVE-2022-24117 RESERVED CVE-2022-24116 RESERVED -CVE-2022-24115 - RESERVED -CVE-2022-24114 - RESERVED -CVE-2022-24113 - RESERVED +CVE-2022-24115 (Local privilege escalation due to unrestricted loading of unsigned lib ...) + TODO: check +CVE-2022-24114 (Local privilege escalation due to race condition on application startu ...) + TODO: check +CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned to ch ...) + TODO: check CVE-2022-0409 RESERVED CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) @@ -1079,8 +1600,8 @@ CVE-2022-24036 RESERVED CVE-2022-23921 RESERVED -CVE-2022-22987 - RESERVED +CVE-2022-22987 (The affected product has a hardcoded private key available inside the ...) + TODO: check CVE-2022-21798 RESERVED CVE-2022-21154 @@ -1232,8 +1753,8 @@ CVE-2022-23982 RESERVED CVE-2022-23981 RESERVED -CVE-2022-23980 - RESERVED +CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Ye ...) + TODO: check CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-23978 @@ -1254,10 +1775,10 @@ CVE-2022-0382 [net ticp:fix a kernel-infoleak in __tipc_sendmsg()] RESERVED - linux 5.15.15-1 NOTE: Fixed by: https://git.kernel.org/linus/d6d86830705f173fca6087a3e67ceaf68db80523 -CVE-2022-0381 - RESERVED -CVE-2022-0380 - RESERVED +CVE-2022-0381 (The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Si ...) + TODO: check +CVE-2022-0380 (The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Sc ...) + TODO: check CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) NOT-FOR-US: microweber CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) @@ -1336,10 +1857,10 @@ CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelpe NOT-FOR-US: livehelperchat CVE-2022-0369 RESERVED -CVE-2022-23947 - RESERVED -CVE-2022-23946 - RESERVED +CVE-2022-23947 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) + TODO: check +CVE-2022-23946 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) + TODO: check CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. This iss ...) NOT-FOR-US: Apache ShenYu Admin CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...) @@ -1360,8 +1881,8 @@ CVE-2022-0367 RESERVED CVE-2022-0366 (An authenticated and authorized agent user could potentially gain admi ...) NOT-FOR-US: Sophos -CVE-2022-0365 - RESERVED +CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command inje ...) + TODO: check CVE-2022-0364 RESERVED CVE-2022-0363 @@ -1452,8 +1973,8 @@ CVE-2022-0354 RESERVED CVE-2022-0353 RESERVED -CVE-2022-23913 - RESERVED +CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker coul ...) + TODO: check CVE-2022-23912 RESERVED CVE-2022-23911 @@ -1659,7 +2180,7 @@ CVE-2022-23839 RESERVED CVE-2022-23838 RESERVED -CVE-2022-23837 (In api.rb in Sidekiq before 6.4.0, there is no limit on the number of ...) +CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the ...) - ruby-sidekiq <unfixed> (bug #1004193) NOTE: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 (v6.4.0) CVE-2022-23836 @@ -1773,8 +2294,8 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 b NOTE: 2FA support is not packaged in Debian CVE-2022-23806 RESERVED -CVE-2022-23805 - RESERVED +CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in ...) + TODO: check CVE-2022-23804 RESERVED CVE-2022-23803 @@ -1859,8 +2380,8 @@ CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...) [buster] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08 NOTE: https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc (v8.2.4151) -CVE-2022-0317 - RESERVED +CVE-2022-0317 (An improper input validation vulnerability in go-attestation before 0. ...) + TODO: check CVE-2022-0316 RESERVED CVE-2022-0315 @@ -2195,18 +2716,18 @@ CVE-2022-23616 RESERVED CVE-2022-23615 RESERVED -CVE-2022-23614 - RESERVED +CVE-2022-23614 (Twig is an open source template language for PHP. When in a sandbox mo ...) + TODO: check CVE-2022-23613 RESERVED CVE-2022-23612 RESERVED -CVE-2022-23611 - RESERVED +CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...) + TODO: check CVE-2022-23610 RESERVED -CVE-2022-23609 - RESERVED +CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...) + TODO: check CVE-2022-23608 RESERVED CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top of Twi ...) @@ -2215,8 +2736,8 @@ CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top NOTE: https://github.com/twisted/treq/commit/1da6022cc880bbcff59321abe02bf8498b89efb2 (release-22.1.0) CVE-2022-23606 RESERVED -CVE-2022-23605 - RESERVED +CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol. In versio ...) + TODO: check CVE-2022-23604 RESERVED CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...) @@ -2227,8 +2748,8 @@ CVE-2022-23601 (Symfony is a PHP framework for web and console applications and - symfony <not-affected> (Vulnerable code not present; no Debian released version contained the vulnerable code) NOTE: https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms NOTE: https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50 -CVE-2022-23600 - RESERVED +CVE-2022-23600 (fleet is an open source device management, built on osquery. Versions ...) + TODO: check CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone 2.1 - 4.3 ...) NOT-FOR-US: Plone CVE-2022-23598 (laminas-form is a package for validating and displaying simple and com ...) @@ -2237,84 +2758,84 @@ CVE-2022-23597 (Element Desktop is a Matrix client for desktop platforms with El NOT-FOR-US: Element Desktop CVE-2022-23596 (Junrar is an open source java RAR archive library. In affected version ...) NOT-FOR-US: Junrar -CVE-2022-23595 - RESERVED -CVE-2022-23594 - RESERVED -CVE-2022-23593 - RESERVED -CVE-2022-23592 - RESERVED -CVE-2022-23591 - RESERVED -CVE-2022-23590 - RESERVED -CVE-2022-23589 - RESERVED -CVE-2022-23588 - RESERVED -CVE-2022-23587 - RESERVED -CVE-2022-23586 - RESERVED -CVE-2022-23585 - RESERVED -CVE-2022-23584 - RESERVED -CVE-2022-23583 - RESERVED -CVE-2022-23582 - RESERVED -CVE-2022-23581 - RESERVED -CVE-2022-23580 - RESERVED -CVE-2022-23579 - RESERVED -CVE-2022-23578 - RESERVED -CVE-2022-23577 - RESERVED -CVE-2022-23576 - RESERVED -CVE-2022-23575 - RESERVED -CVE-2022-23574 - RESERVED -CVE-2022-23573 - RESERVED -CVE-2022-23572 - RESERVED -CVE-2022-23571 - RESERVED -CVE-2022-23570 - RESERVED +CVE-2022-23595 (Tensorflow is an Open Source Machine Learning Framework. When building ...) + TODO: check +CVE-2022-23594 (Tensorflow is an Open Source Machine Learning Framework. The TFG diale ...) + TODO: check +CVE-2022-23593 (Tensorflow is an Open Source Machine Learning Framework. The `simplify ...) + TODO: check +CVE-2022-23592 (Tensorflow is an Open Source Machine Learning Framework. TensorFlow's ...) + TODO: check +CVE-2022-23591 (Tensorflow is an Open Source Machine Learning Framework. The `GraphDef ...) + TODO: check +CVE-2022-23590 (Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` ...) + TODO: check +CVE-2022-23589 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...) + TODO: check +CVE-2022-23588 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) + TODO: check +CVE-2022-23587 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...) + TODO: check +CVE-2022-23586 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) + TODO: check +CVE-2022-23585 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) + TODO: check +CVE-2022-23584 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) + TODO: check +CVE-2022-23583 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) + TODO: check +CVE-2022-23582 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) + TODO: check +CVE-2022-23581 (Tensorflow is an Open Source Machine Learning Framework. The Grappler ...) + TODO: check +CVE-2022-23580 (Tensorflow is an Open Source Machine Learning Framework. During shape ...) + TODO: check +CVE-2022-23579 (Tensorflow is an Open Source Machine Learning Framework. The Grappler ...) + TODO: check +CVE-2022-23578 (Tensorflow is an Open Source Machine Learning Framework. If a graph no ...) + TODO: check +CVE-2022-23577 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + TODO: check +CVE-2022-23576 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + TODO: check +CVE-2022-23575 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + TODO: check +CVE-2022-23574 (Tensorflow is an Open Source Machine Learning Framework. There is a ty ...) + TODO: check +CVE-2022-23573 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + TODO: check +CVE-2022-23572 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...) + TODO: check +CVE-2022-23571 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) + TODO: check +CVE-2022-23570 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) + TODO: check CVE-2022-23569 (Tensorflow is an Open Source Machine Learning Framework. Multiple oper ...) - tensorflow <itp> (bug #804612) CVE-2022-23568 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow <itp> (bug #804612) CVE-2022-23567 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow <itp> (bug #804612) -CVE-2022-23566 - RESERVED -CVE-2022-23565 - RESERVED -CVE-2022-23564 - RESERVED -CVE-2022-23563 - RESERVED -CVE-2022-23562 - RESERVED -CVE-2022-23561 - RESERVED -CVE-2022-23560 - RESERVED -CVE-2022-23559 - RESERVED -CVE-2022-23558 - RESERVED -CVE-2022-23557 - RESERVED +CVE-2022-23566 (Tensorflow is an Open Source Machine Learning Framework. TensorFlow is ...) + TODO: check +CVE-2022-23565 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) + TODO: check +CVE-2022-23564 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) + TODO: check +CVE-2022-23563 (Tensorflow is an Open Source Machine Learning Framework. In multiple p ...) + TODO: check +CVE-2022-23562 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + TODO: check +CVE-2022-23561 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) + TODO: check +CVE-2022-23560 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) + TODO: check +CVE-2022-23559 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) + TODO: check +CVE-2022-23558 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) + TODO: check +CVE-2022-23557 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) + TODO: check CVE-2022-23556 RESERVED CVE-2022-23555 @@ -2851,8 +3372,8 @@ CVE-2022-23381 RESERVED CVE-2022-23380 RESERVED -CVE-2022-23379 - RESERVED +CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...) + TODO: check CVE-2022-23378 RESERVED CVE-2022-23377 @@ -2949,10 +3470,10 @@ CVE-2022-23332 RESERVED CVE-2022-23331 RESERVED -CVE-2022-23330 - RESERVED -CVE-2022-23329 - RESERVED +CVE-2022-23330 (A remote code execution (RCE) vulnerability in HelloWorldAddonControll ...) + TODO: check +CVE-2022-23329 (A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJ ...) + TODO: check CVE-2022-23328 RESERVED CVE-2022-23327 @@ -2969,8 +3490,8 @@ CVE-2022-23322 RESERVED CVE-2022-23321 RESERVED -CVE-2022-23320 - RESERVED +CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...) + TODO: check CVE-2022-23319 RESERVED CVE-2022-23318 @@ -3089,8 +3610,7 @@ CVE-2022-23303 (The implementations of SAE in hostapd before 2.10 and wpa_suppli [stretch] - wpa <not-affected> (CVE-2019-9494 was not applied and is marked as ignored) NOTE: https://w1.fi/security/2022-1/ NOTE: Issue exists because of an incomplete fix for CVE-2019-9494 -CVE-2022-0264 [bpf: Fix kernel address leakage in atomic fetch] - RESERVED +CVE-2022-0264 (A vulnerability was found in the Linux kernel's eBPF verifier when han ...) - linux 5.15.5-2 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) @@ -3200,12 +3720,12 @@ CVE-2022-23265 RESERVED CVE-2022-23264 RESERVED -CVE-2022-23263 - RESERVED -CVE-2022-23262 - RESERVED -CVE-2022-23261 - RESERVED +CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + TODO: check +CVE-2022-23262 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + TODO: check +CVE-2022-23261 (Microsoft Edge (Chromium-based) Tampering Vulnerability. ...) + TODO: check CVE-2022-23260 RESERVED CVE-2022-23259 @@ -3356,8 +3876,8 @@ CVE-2022-23208 RESERVED CVE-2022-23207 RESERVED -CVE-2022-0227 - RESERVED +CVE-2022-0227 (Business Logic Errors in GitHub repository silverstripe/silverstripe-f ...) + TODO: check CVE-2022-0226 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: livehelperchat CVE-2022-0225 @@ -3375,8 +3895,8 @@ CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR Word NOT-FOR-US: WordPress plugin CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...) NOT-FOR-US: jadx -CVE-2022-0218 - RESERVED +CVE-2022-0218 (The WP HTML Mail WordPress plugin is vulnerable to unauthorized access ...) + TODO: check CVE-2022-0216 RESERVED CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...) @@ -3393,8 +3913,7 @@ CVE-2022-0212 RESERVED CVE-2022-0211 RESERVED -CVE-2022-23206 - RESERVED +CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...) NOT-FOR-US: Apache Traffic Control CVE-2022-23205 RESERVED @@ -3438,8 +3957,8 @@ CVE-2022-23186 RESERVED CVE-2022-23185 RESERVED -CVE-2022-23184 - RESERVED +CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...) + TODO: check CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use ...) - tomcat9 <unfixed> - tomcat8 <removed> @@ -4078,8 +4597,8 @@ CVE-2022-22941 RESERVED CVE-2022-22940 RESERVED -CVE-2022-22939 - RESERVED +CVE-2022-22939 (VMware Cloud Foundation contains an information disclosure vulnerabili ...) + TODO: check CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windo ...) NOT-FOR-US: VMware CVE-2022-22937 @@ -4094,8 +4613,7 @@ CVE-2022-22933 RESERVED CVE-2022-22932 (Apache Karaf obr:* commands and run goal on the karaf-maven-plugin hav ...) - apache-karaf <itp> (bug #881297) -CVE-2022-22931 - RESERVED +CVE-2022-22931 (Fix of CVE-2021-40525 do not prepend delimiters upon valid directory v ...) NOT-FOR-US: Apache James CVE-2022-22930 (A remote code execution (RCE) vulnerability in the Template Management ...) NOT-FOR-US: MCMS @@ -4383,12 +4901,12 @@ CVE-2022-22835 RESERVED CVE-2022-22834 RESERVED -CVE-2022-22833 - RESERVED -CVE-2022-22832 - RESERVED -CVE-2022-22831 - RESERVED +CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obta ...) + TODO: check +CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2. Authorization data i ...) + TODO: check +CVE-2022-22831 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add ...) + TODO: check CVE-2022-22830 RESERVED CVE-2022-22829 @@ -4488,8 +5006,8 @@ CVE-2022-22806 RESERVED CVE-2022-22805 RESERVED -CVE-2022-22804 - RESERVED +CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + TODO: check CVE-2022-22803 RESERVED CVE-2022-22802 @@ -4742,10 +5260,10 @@ CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions sta - gitlab <unfixed> CVE-2022-0150 RESERVED -CVE-2022-0149 - RESERVED -CVE-2022-0148 - RESERVED +CVE-2022-0149 (The WooCommerce WordPress plugin before 2.7.1 was affected by a Reflec ...) + TODO: check +CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon ...) + TODO: check CVE-2022-0147 RESERVED CVE-2022-0146 @@ -4774,18 +5292,18 @@ CVE-2022-0140 RESERVED CVE-2022-22728 RESERVED -CVE-2022-22727 - RESERVED -CVE-2022-22726 - RESERVED -CVE-2022-22725 - RESERVED -CVE-2022-22724 - RESERVED -CVE-2022-22723 - RESERVED -CVE-2022-22722 - RESERVED +CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) + TODO: check +CVE-2022-22726 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) + TODO: check +CVE-2022-22725 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + TODO: check +CVE-2022-22724 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists that ...) + TODO: check +CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + TODO: check +CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...) + TODO: check CVE-2022-22721 RESERVED CVE-2022-22720 @@ -4879,8 +5397,8 @@ CVE-2022-22691 (The password reset component deployed within Umbraco uses the ho NOT-FOR-US: Umbraco CMS CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...) NOT-FOR-US: Umbraco CMS -CVE-2022-22689 - RESERVED +CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, an ...) + TODO: check CVE-2022-22688 RESERVED CVE-2022-22687 @@ -4897,12 +5415,12 @@ CVE-2022-22682 RESERVED CVE-2022-22681 RESERVED -CVE-2022-22680 - RESERVED -CVE-2022-22679 - RESERVED -CVE-2022-22150 - RESERVED +CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) + TODO: check +CVE-2022-22679 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + TODO: check +CVE-2022-22150 (A memory corruption vulnerability exists in the JavaScript engine of F ...) + TODO: check CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remo ...) NOT-FOR-US: Tenable CVE-2022-22678 |