diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-02-17 20:10:19 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-02-17 20:10:19 +0000 |
commit | 69052c443ec9779d122f2496aa9d2721605b9191 (patch) | |
tree | ad23605f3d8c1cc639455f318134b22166c94181 | |
parent | c1e1b9983c58174de060064a29a7e12d2de457d5 (diff) |
automatic update
-rw-r--r-- | data/CVE/2020.list | 2 | ||||
-rw-r--r-- | data/CVE/2021.list | 18 | ||||
-rw-r--r-- | data/CVE/2022.list | 109 |
3 files changed, 92 insertions, 37 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 6d344184c7..60cebc2cb5 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -5469,7 +5469,7 @@ CVE-2020-28887 RESERVED CVE-2020-28886 RESERVED -CVE-2020-28885 (Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS ...) +CVE-2020-28885 (** DISPUTED ** Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is ...) NOT-FOR-US: Liferay CVE-2020-28884 (Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS ...) NOT-FOR-US: Liferay diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 38c2ec2713..054d916991 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -731,8 +731,8 @@ CVE-2021-46370 RESERVED CVE-2021-46369 RESERVED -CVE-2021-46368 - RESERVED +CVE-2021-46368 (TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path s ...) + TODO: check CVE-2021-46367 RESERVED CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...) @@ -1031,8 +1031,8 @@ CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in Sp TODO: check CVE-2021-46248 RESERVED -CVE-2021-46247 - RESERVED +CVE-2021-46247 (The use of a hard-coded cryptographic key significantly increases the ...) + TODO: check CVE-2021-46246 RESERVED CVE-2021-46245 @@ -4720,8 +4720,8 @@ CVE-2021-44870 RESERVED CVE-2021-44869 RESERVED -CVE-2021-44868 - RESERVED +CVE-2021-44868 (A problem was found in ming-soft MCMS v5.1. There is a sql injection v ...) + TODO: check CVE-2021-44867 RESERVED CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The ...) @@ -13172,7 +13172,7 @@ CVE-2021-41554 (** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815 NOT-FOR-US: ARCHIBUS Web Central CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...) NOT-FOR-US: ARCHIBUS Web Central -CVE-2021-41552 (CommScope URFboard SBG6950AC2 9.1.103AA23 devices allow Command Inject ...) +CVE-2021-41552 (CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injec ...) NOT-FOR-US: CommScope CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...) NOT-FOR-US: Leostream Connection Broker @@ -19407,8 +19407,8 @@ CVE-2021-39036 RESERVED CVE-2021-39035 RESERVED -CVE-2021-39034 - RESERVED +CVE-2021-39034 (IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by a ...) + TODO: check CVE-2021-39033 RESERVED CVE-2021-39032 (IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potential ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 6ae2ba13c6..42d97392e7 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,57 @@ +CVE-2022-25311 + RESERVED +CVE-2022-25310 + RESERVED +CVE-2022-25309 + RESERVED +CVE-2022-25308 + RESERVED +CVE-2022-25307 + RESERVED +CVE-2022-25306 + RESERVED +CVE-2022-25305 + RESERVED +CVE-2022-21158 + RESERVED +CVE-2022-0674 + RESERVED +CVE-2022-0673 + RESERVED +CVE-2022-0672 + RESERVED +CVE-2022-0671 + RESERVED +CVE-2022-0670 + RESERVED +CVE-2022-0669 + RESERVED +CVE-2022-0668 + RESERVED +CVE-2022-0667 + RESERVED +CVE-2022-0666 + RESERVED +CVE-2022-0665 + RESERVED +CVE-2022-0664 + RESERVED +CVE-2022-0663 + RESERVED +CVE-2022-0662 + RESERVED +CVE-2022-0661 + RESERVED +CVE-2022-0660 + RESERVED +CVE-2022-0659 + RESERVED +CVE-2022-0658 + RESERVED +CVE-2022-0657 + RESERVED +CVE-2022-0656 + RESERVED CVE-2022-XXXX [Arbitrary File Write Vulnerability ] - libpgjava 42.3.3-1 NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8 @@ -157,10 +211,10 @@ CVE-2022-0641 RESERVED CVE-2022-0640 RESERVED -CVE-2022-0639 - RESERVED -CVE-2022-0638 - RESERVED +CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) + TODO: check +CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...) + TODO: check CVE-2022-0637 RESERVED CVE-2022-0636 @@ -169,16 +223,16 @@ CVE-2022-0635 RESERVED CVE-2022-0634 RESERVED -CVE-2022-0633 - RESERVED +CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before ...) + TODO: check CVE-2022-0632 RESERVED CVE-2022-0631 RESERVED CVE-2022-0630 RESERVED -CVE-2022-0629 - RESERVED +CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) + TODO: check CVE-2022-0628 RESERVED CVE-2022-0627 @@ -189,7 +243,8 @@ CVE-2022-0625 RESERVED CVE-2022-0624 RESERVED -CVE-2022-25271 [Improper input validation - SA-CORE-2022-003] +CVE-2022-25271 (Drupal core's form API has a vulnerability where certain contributed o ...) + {DLA-2925-1} - drupal7 <removed> NOTE: https://www.drupal.org/sa-core-2022-003 NOTE: https://git.drupalcode.org/project/drupal/-/commit/43c757167380643b5f73287a63a8739731a5b712 @@ -1572,8 +1627,8 @@ CVE-2022-24685 CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.1 ...) - nomad <undetermined> NOTE: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562 -CVE-2022-24683 - RESERVED +CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and ...) + TODO: check CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...) NOT-FOR-US: Zimbra CVE-2022-24681 @@ -4539,8 +4594,8 @@ CVE-2022-23633 (Action Pack is a framework for handling and responding to web re NOTE: Followup: https://github.com/rails/rails/commit/f85b396e5a0019eb614e4ee436ea713089696833 (v6.0.4.6) NOTE: Fixed by: https://github.com/rails/rails/commit/ddaf5058350b3a72f59b7c3e0d713678354b9a08 (v5.2.6.1) NOTE: Followup: https://github.com/rails/rails/commit/676ad96fa5d9d0213babc32c9bad8190597a00d1 (v5.2.6.2) -CVE-2022-23632 - RESERVED +CVE-2022-23632 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...) + TODO: check CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be serialize ...) TODO: check CVE-2022-23630 (Gradle is a build tool with a focus on build automation and support fo ...) @@ -5344,10 +5399,10 @@ CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on NOT-FOR-US: XMPie CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...) NOT-FOR-US: XMPie uStore -CVE-2022-23319 - RESERVED -CVE-2022-23318 - RESERVED +CVE-2022-23319 (A segmentation fault during PCF file parsing in pcf2bdf versions >= ...) + TODO: check +CVE-2022-23318 (A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attac ...) + TODO: check CVE-2022-23317 (CobaltStrike <=4.5 HTTP(S) listener does not determine whether the ...) NOT-FOR-US: CobaltStrike CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...) @@ -6514,8 +6569,8 @@ CVE-2022-22914 RESERVED CVE-2022-22913 RESERVED -CVE-2022-22912 - RESERVED +CVE-2022-22912 (Prototype pollution vulnerability via .parse() in Plist before v3.0.4 ...) + TODO: check CVE-2022-22911 RESERVED CVE-2022-22910 @@ -6540,8 +6595,8 @@ CVE-2022-22901 (There is an Assertion in 'context_p->next_scanner_info_p-> TODO: check CVE-2022-22900 RESERVED -CVE-2022-22899 - RESERVED +CVE-2022-22899 (Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenti ...) + TODO: check CVE-2022-22898 RESERVED CVE-2022-22897 @@ -11533,8 +11588,8 @@ CVE-2022-20752 RESERVED CVE-2022-20751 RESERVED -CVE-2022-20750 - RESERVED +CVE-2022-20750 (A vulnerability in the checkpoint manager implementation of Cisco Redu ...) + TODO: check CVE-2022-20749 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20748 @@ -11720,8 +11775,8 @@ CVE-2022-20661 RESERVED CVE-2022-20660 (A vulnerability in the information storage architecture of several Cis ...) NOT-FOR-US: Cisco -CVE-2022-20659 - RESERVED +CVE-2022-20659 (A vulnerability in the web-based management interface of Cisco Prime I ...) + TODO: check CVE-2022-20658 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2022-20657 @@ -11732,8 +11787,8 @@ CVE-2022-20655 RESERVED CVE-2022-20654 RESERVED -CVE-2022-20653 - RESERVED +CVE-2022-20653 (A vulnerability in the DNS-based Authentication of Named Entities (DAN ...) + TODO: check CVE-2022-20652 RESERVED CVE-2022-20651 |