diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-02-09 20:10:20 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-02-09 20:10:20 +0000 |
commit | 8b49abea142ce64bb1422a57b89333ba2d92d738 (patch) | |
tree | 6a6d98108960757882b744c1959f1326e81dc3a3 | |
parent | 22e927134713ee03e934293f25d64562f4c17f57 (diff) |
automatic update
-rw-r--r-- | data/CVE/2017.list | 2 | ||||
-rw-r--r-- | data/CVE/2018.list | 2 | ||||
-rw-r--r-- | data/CVE/2019.list | 4 | ||||
-rw-r--r-- | data/CVE/2021.list | 177 | ||||
-rw-r--r-- | data/CVE/2022.list | 254 |
5 files changed, 232 insertions, 207 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 74e57fa0ec..03a6f86f3e 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -46046,7 +46046,7 @@ CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/ NOT-FOR-US: Siemens CVE-2017-2681 (Specially crafted PROFINET DCP packets sent on a local Ethernet segmen ...) NOT-FOR-US: Siemens -CVE-2017-2680 (Specially crafted PROFINET DCP broadcast packets could cause a Denial- ...) +CVE-2017-2680 (Specially crafted PROFINET DCP broadcast packets could cause a denial ...) NOT-FOR-US: Siemens CVE-2017-2679 REJECTED diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 56278419d1..f3d518c49a 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -13566,7 +13566,7 @@ CVE-2018-16303 (PDF-XChange Editor through 7.0.326.1 allows remote attackers to NOT-FOR-US: PDF-XChange Editor CVE-2018-16302 (MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted fil ...) NOT-FOR-US: MediaComm Zip-n-Go -CVE-2018-16301 +CVE-2018-16301 (The command-line argument parser in tcpdump before 4.99.0 has a buffer ...) - tcpdump 4.99.0-1 NOTE: https://github.com/the-tcpdump-group/libpcap/issues/855 NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 1e5dd9cea9..546332f51d 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -18406,7 +18406,7 @@ CVE-2019-13935 (Improper Neutralization of Input During Web Page Generation ('Cr NOT-FOR-US: Siemens CVE-2019-13934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Siemens -CVE-2019-13933 (A vulnerability has been identified in SCALANCE X-200RNA switch family ...) +CVE-2019-13933 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...) NOT-FOR-US: Siemens CVE-2019-13932 (A vulnerability has been identified in XHQ (All versions < V6.0.0.2 ...) NOT-FOR-US: Siemens @@ -39067,7 +39067,7 @@ CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect Serv NOT-FOR-US: Siemens CVE-2019-6569 (The monitor barrier of the affected products insufficiently blocks dat ...) NOT-FOR-US: Scalance -CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC ET 200SP O ...) +CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC CP 1604, S ...) NOT-FOR-US: Siemens CVE-2019-6567 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 800bb47eb4..561924368a 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -722,8 +722,8 @@ CVE-2021-46362 RESERVED CVE-2021-46361 RESERVED -CVE-2021-46360 - RESERVED +CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and e ...) + TODO: check CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...) NOT-FOR-US: FISCO-BCOS CVE-2021-46358 @@ -734,8 +734,8 @@ CVE-2021-46356 RESERVED CVE-2021-46355 RESERVED -CVE-2021-46354 - RESERVED +CVE-2021-46354 (Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version ...) + TODO: check CVE-2021-46353 RESERVED CVE-2021-46352 @@ -1232,28 +1232,28 @@ CVE-2021-46163 (Kentico Xperience 13.0.44 allows XSS via an XML document to the NOT-FOR-US: Kentico Xperience CMS CVE-2021-46162 RESERVED -CVE-2021-46161 - RESERVED -CVE-2021-46160 - RESERVED -CVE-2021-46159 - RESERVED -CVE-2021-46158 - RESERVED -CVE-2021-46157 - RESERVED -CVE-2021-46156 - RESERVED -CVE-2021-46155 - RESERVED -CVE-2021-46154 - RESERVED -CVE-2021-46153 - RESERVED -CVE-2021-46152 - RESERVED -CVE-2021-46151 - RESERVED +CVE-2021-46161 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + TODO: check +CVE-2021-46160 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + TODO: check +CVE-2021-46159 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + TODO: check +CVE-2021-46158 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + TODO: check +CVE-2021-46157 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + TODO: check +CVE-2021-46156 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + TODO: check +CVE-2021-46155 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + TODO: check +CVE-2021-46154 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + TODO: check +CVE-2021-46153 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + TODO: check +CVE-2021-46152 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + TODO: check +CVE-2021-46151 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + TODO: check CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) NOT-FOR-US: MediaWiki extension CheckUser CVE-2021-46149 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) @@ -3443,10 +3443,10 @@ CVE-2021-45333 RESERVED CVE-2021-45332 RESERVED -CVE-2021-45331 - RESERVED -CVE-2021-45330 - RESERVED +CVE-2021-45331 (An Authentication Bypass vulnerability exists in Gitea before 1.5.0, w ...) + TODO: check +CVE-2021-45330 (An issue exsits in Gitea through 1.15.7, which could let a malicious u ...) + TODO: check CVE-2021-45329 (Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 ...) TODO: check CVE-2021-45328 (Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (' ...) @@ -3951,8 +3951,8 @@ CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ NOTE: https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20 (3.2.11) NOTE: https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277 (2.2.26) -CVE-2021-45106 - RESERVED +CVE-2021-45106 (A vulnerability has been identified in SICAM TOOLBOX II (All versions) ...) + TODO: check CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an attacker to ac ...) NOT-FOR-US: Emerson CVE-2021-44462 @@ -4564,10 +4564,10 @@ CVE-2021-44914 RESERVED CVE-2021-44913 RESERVED -CVE-2021-44912 - RESERVED -CVE-2021-44911 - RESERVED +CVE-2021-44912 (In XE 1.116, when uploading the Normal button, there is no restriction ...) + TODO: check +CVE-2021-44911 (XE before 1.11.6 is vulnerable to Unrestricted file upload via modules ...) + TODO: check CVE-2021-44910 RESERVED CVE-2021-44909 @@ -7096,12 +7096,12 @@ CVE-2021-3978 RESERVED CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During ...) NOT-FOR-US: invoiceninja -CVE-2021-44018 - RESERVED +CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...) + TODO: check CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) NOT-FOR-US: Siemens -CVE-2021-44016 - RESERVED +CVE-2021-44016 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...) + TODO: check CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) NOT-FOR-US: Siemens CVE-2021-44014 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) @@ -7132,8 +7132,8 @@ CVE-2021-44002 (A vulnerability has been identified in JT2Go (All versions < NOT-FOR-US: Siemens CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) NOT-FOR-US: Siemens -CVE-2021-44000 - RESERVED +CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...) + TODO: check CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...) - guacamole-client <unfixed> [stretch] - guacamole-client <not-affected> (SAML is not supported) @@ -13362,10 +13362,10 @@ CVE-2021-41444 RESERVED CVE-2021-41443 RESERVED -CVE-2021-41442 - RESERVED -CVE-2021-41441 - RESERVED +CVE-2021-41442 (An HTTP smuggling attack in the web application of D-Link DIR-X1860 be ...) + TODO: check +CVE-2021-41441 (A DoS attack in the web application of D-Link DIR-X1860 before v1.10WW ...) + TODO: check CVE-2021-41440 RESERVED CVE-2021-41439 @@ -13628,8 +13628,8 @@ CVE-2021-3815 (utils.js is vulnerable to Improperly Controlled Modification of O NOT-FOR-US: fabiocaccamo/utils.js CVE-2021-3814 RESERVED -CVE-2021-3813 - RESERVED +CVE-2021-3813 (Improper Privilege Management in GitHub repository chatwoot/chatwoot p ...) + TODO: check CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...) NOT-FOR-US: NETGEAR CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) @@ -14841,8 +14841,8 @@ CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite NOTE: https://github.com/aresch/rencode/pull/29 CVE-2021-40838 RESERVED -CVE-2021-40837 - RESERVED +CVE-2021-40837 (A vulnerability affecting F-Secure antivirus engine before Capricorn u ...) + TODO: check CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...) NOT-FOR-US: F-Secure CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...) @@ -16029,14 +16029,14 @@ CVE-2021-40365 RESERVED CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) NOT-FOR-US: Siemens -CVE-2021-40363 - RESERVED +CVE-2021-40363 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + TODO: check CVE-2021-40362 RESERVED CVE-2021-40361 RESERVED -CVE-2021-40360 - RESERVED +CVE-2021-40360 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + TODO: check CVE-2021-40359 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) NOT-FOR-US: Siemens CVE-2021-40358 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) @@ -22293,17 +22293,17 @@ CVE-2021-37860 (Mattermost 5.38 and earlier fails to sufficiently sanitize clipb CVE-2021-37859 (Fixed a bypass for a reflected cross-site scripting vulnerability affe ...) - mattermost-server <itp> (bug #823556) CVE-2021-37858 - RESERVED + REJECTED CVE-2021-37857 - RESERVED + REJECTED CVE-2021-37856 - RESERVED + REJECTED CVE-2021-37855 - RESERVED + REJECTED CVE-2021-37854 - RESERVED + REJECTED CVE-2021-37853 - RESERVED + REJECTED CVE-2021-37852 (ESET products for Windows allows untrusted process to impersonate the ...) TODO: check CVE-2021-37851 @@ -23843,10 +23843,10 @@ CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3 ( NOT-FOR-US: Siemens CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) NOT-FOR-US: Siemens -CVE-2021-37205 - RESERVED -CVE-2021-37204 - RESERVED +CVE-2021-37205 (A vulnerability has been identified in SIMATIC Drive Controller family ...) + TODO: check +CVE-2021-37204 (A vulnerability has been identified in SIMATIC Drive Controller family ...) + TODO: check CVE-2021-37203 (A vulnerability has been identified in NX 1980 Series (All versions &l ...) NOT-FOR-US: Siemens CVE-2021-37202 (A vulnerability has been identified in NX 1980 Series (All versions &l ...) @@ -23857,16 +23857,16 @@ CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions & NOT-FOR-US: Siemens CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All versions), ...) NOT-FOR-US: Siemens -CVE-2021-37198 (A vulnerability has been identified in COMOS (All versions < V10.4. ...) +CVE-2021-37198 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) NOT-FOR-US: Siemens -CVE-2021-37197 (A vulnerability has been identified in COMOS (All versions < V10.4. ...) +CVE-2021-37197 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) NOT-FOR-US: Siemens -CVE-2021-37196 (A vulnerability has been identified in COMOS (All versions < V10.4. ...) +CVE-2021-37196 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) NOT-FOR-US: Siemens -CVE-2021-37195 (A vulnerability has been identified in COMOS (All versions < V10.4. ...) +CVE-2021-37195 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) NOT-FOR-US: Siemens -CVE-2021-37194 - RESERVED +CVE-2021-37194 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) + TODO: check CVE-2021-37193 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2021-37192 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) @@ -23883,8 +23883,8 @@ CVE-2021-37187 (An issue was discovered on Digi TransPort devices through 2021-0 NOT-FOR-US: Digi TransPort devices CVE-2021-37186 (A vulnerability has been identified in LOGO! CMR2020 (All versions < ...) NOT-FOR-US: Siemens -CVE-2021-37185 - RESERVED +CVE-2021-37185 (A vulnerability has been identified in SIMATIC Drive Controller family ...) + TODO: check CVE-2021-37184 (A vulnerability has been identified in Industrial Edge Management (All ...) NOT-FOR-US: Siemens CVE-2021-37183 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) @@ -31555,6 +31555,7 @@ CVE-2021-33835 CVE-2021-33834 RESERVED CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based b ...) + {DLA-2915-1} - connman 1.36-2.2 (bug #989662) [buster] - connman 1.36-2.1~deb10u2 NOTE: https://www.openwall.com/lists/oss-security/2021/06/09/1 @@ -51282,8 +51283,8 @@ CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1. NOT-FOR-US: Node deep-override CVE-2021-25940 (In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insuffic ...) - arangodb <itp> (bug #761817) -CVE-2021-25939 - RESERVED +CVE-2021-25939 (In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature whi ...) + TODO: check CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...) - arangodb <itp> (bug #761817) CVE-2021-25937 @@ -65552,33 +65553,33 @@ CVE-2021-20017 (A post-authenticated command injection vulnerability in SonicWal CVE-2021-20016 (A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product a ...) NOT-FOR-US: SonicWall CVE-2021-20015 - RESERVED + REJECTED CVE-2021-20014 - RESERVED + REJECTED CVE-2021-20013 - RESERVED + REJECTED CVE-2021-20012 - RESERVED + REJECTED CVE-2021-20011 - RESERVED + REJECTED CVE-2021-20010 - RESERVED + REJECTED CVE-2021-20009 - RESERVED + REJECTED CVE-2021-20008 - RESERVED + REJECTED CVE-2021-20007 - RESERVED + REJECTED CVE-2021-20006 - RESERVED + REJECTED CVE-2021-20005 - RESERVED + REJECTED CVE-2021-20004 - RESERVED + REJECTED CVE-2021-20003 - RESERVED + REJECTED CVE-2021-20002 - RESERVED + REJECTED CVE-2021-20001 RESERVED - debian-edu-config 2.12.16 diff --git a/data/CVE/2022.list b/data/CVE/2022.list index dc62790e2d..ff445f6d8f 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,17 @@ +CVE-2022-24699 + RESERVED +CVE-2022-24698 + RESERVED +CVE-2022-24697 + RESERVED +CVE-2022-0551 + RESERVED +CVE-2022-0550 + RESERVED +CVE-2022-0549 + RESERVED +CVE-2022-0548 + RESERVED CVE-2022-24696 RESERVED CVE-2022-24695 @@ -80,14 +94,14 @@ CVE-2022-0541 RESERVED CVE-2022-0540 RESERVED -CVE-2022-0539 - RESERVED -CVE-2022-0538 - RESERVED +CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_c ...) + TODO: check +CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...) + TODO: check CVE-2022-0537 RESERVED -CVE-2022-0536 - RESERVED +CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM foll ...) + TODO: check CVE-2022-0535 RESERVED CVE-2022-0534 @@ -117,15 +131,15 @@ CVE-2022-24666 RESERVED CVE-2022-0528 RESERVED -CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in Maven org.webjars.npm:github-co ...) +CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...) TODO: check -CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in Maven org.webjars.npm:github-co ...) +CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...) TODO: check CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...) TODO: check -CVE-2022-0524 (Business Logic Errors in Rubygems typo prior to 9.2.7. ...) +CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify prior to 9. ...) TODO: check -CVE-2022-0523 (Expired Pointer Dereference in NPM radare2.js prior to 5.6.2. ...) +CVE-2022-0523 (Expired Pointer Dereference in GitHub repository radareorg/radare2 pri ...) TODO: check CVE-2022-0522 (Access of Memory Location Before Start of Buffer in NPM radare2.js pri ...) TODO: check @@ -135,7 +149,7 @@ CVE-2022-0520 (Use After Free in NPM radare2.js prior to 5.6.2. ...) TODO: check CVE-2022-0519 (Buffer Access with Incorrect Length Value in GitHub repository radareo ...) TODO: check -CVE-2022-0518 (Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.2. ...) +CVE-2022-0518 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) TODO: check CVE-2022-0517 RESERVED @@ -652,7 +666,7 @@ CVE-2022-0510 (Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimco NOT-FOR-US: pimcore CVE-2022-0509 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) NOT-FOR-US: pimcore -CVE-2022-0508 (Server-Side Request Forgery (SSRF) in NPM @peertube/embed-api prior to ...) +CVE-2022-0508 (Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/pee ...) TODO: check CVE-2022-0507 RESERVED @@ -3579,8 +3593,8 @@ CVE-2022-23380 RESERVED CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...) NOT-FOR-US: Emlog -CVE-2022-23378 - RESERVED +CVE-2022-23378 (A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 ver ...) + TODO: check CVE-2022-23377 RESERVED CVE-2022-23376 @@ -3733,8 +3747,8 @@ CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav pri NOT-FOR-US: Grav CMS CVE-2022-0267 RESERVED -CVE-2022-23312 - RESERVED +CVE-2022-23312 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) + TODO: check CVE-2022-23311 RESERVED CVE-2022-23310 @@ -3894,30 +3908,30 @@ CVE-2022-23282 RESERVED CVE-2022-23281 RESERVED -CVE-2022-23280 - RESERVED +CVE-2022-23280 (Microsoft Outlook for Mac Security Feature Bypass Vulnerability. ...) + TODO: check CVE-2022-23279 RESERVED CVE-2022-23278 RESERVED CVE-2022-23277 RESERVED -CVE-2022-23276 - RESERVED +CVE-2022-23276 (SQL Server for Linux Containers Elevation of Privilege Vulnerability. ...) + TODO: check CVE-2022-23275 RESERVED -CVE-2022-23274 - RESERVED -CVE-2022-23273 - RESERVED -CVE-2022-23272 - RESERVED -CVE-2022-23271 - RESERVED +CVE-2022-23274 (Microsoft Dynamics GP Remote Code Execution Vulnerability. ...) + TODO: check +CVE-2022-23273 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...) + TODO: check +CVE-2022-23272 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...) + TODO: check +CVE-2022-23271 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...) + TODO: check CVE-2022-23270 RESERVED -CVE-2022-23269 - RESERVED +CVE-2022-23269 (Microsoft Dynamics GP Spoofing Vulnerability. ...) + TODO: check CVE-2022-23268 RESERVED CVE-2022-23267 @@ -3942,16 +3956,16 @@ CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-23257 RESERVED -CVE-2022-23256 - RESERVED -CVE-2022-23255 - RESERVED -CVE-2022-23254 - RESERVED +CVE-2022-23256 (Azure Data Explorer Spoofing Vulnerability. ...) + TODO: check +CVE-2022-23255 (Microsoft OneDrive for Android Security Feature Bypass Vulnerability. ...) + TODO: check +CVE-2022-23254 (Microsoft Power BI Information Disclosure Vulnerability. ...) + TODO: check CVE-2022-23253 RESERVED -CVE-2022-23252 - RESERVED +CVE-2022-23252 (Microsoft Office Information Disclosure Vulnerability. ...) + TODO: check CVE-2022-23251 RESERVED CVE-2022-23250 @@ -4393,8 +4407,8 @@ CVE-2022-23106 (Jenkins Configuration as Code Plugin 1.55 and earlier used a non NOT-FOR-US: Jenkins plugin CVE-2022-23105 (Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the ...) NOT-FOR-US: Jenkins plugin -CVE-2022-23102 - RESERVED +CVE-2022-23102 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + TODO: check CVE-2022-21236 (An information disclosure vulnerability exists due to a web server mis ...) NOT-FOR-US: Reolink CVE-2022-21217 (An out-of-bounds write vulnerability exists in the device TestEmail fu ...) @@ -4440,6 +4454,7 @@ CVE-2022-23100 CVE-2022-23099 RESERVED CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...) + {DLA-2915-1} - connman <unfixed> (bug #1004935) [bullseye] - connman <no-dsa> (Minor issue) [buster] - connman <no-dsa> (Minor issue) @@ -4448,6 +4463,7 @@ CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c34313a196515c80fe78a2862ad78174b985be5 CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40. forw ...) + {DLA-2915-1} - connman <unfixed> (bug #1004935) [bullseye] - connman <no-dsa> (Minor issue) [buster] - connman <no-dsa> (Minor issue) @@ -4455,6 +4471,7 @@ CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40 NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950 CVE-2022-23096 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...) + {DLA-2915-1} - connman <unfixed> (bug #1004935) [bullseye] - connman <no-dsa> (Minor issue) [buster] - connman <no-dsa> (Minor issue) @@ -5298,12 +5315,14 @@ CVE-2022-22765 RESERVED CVE-2022-22764 RESERVED + {DSA-5069-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22764 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22764 CVE-2022-22763 RESERVED + {DSA-5069-1 DLA-2916-1} - firefox-esr 91.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22763 CVE-2022-22762 @@ -5312,18 +5331,21 @@ CVE-2022-22762 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22762 CVE-2022-22761 RESERVED + {DSA-5069-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22761 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22761 CVE-2022-22760 RESERVED + {DSA-5069-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22760 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22760 CVE-2022-22759 RESERVED + {DSA-5069-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22759 @@ -5339,6 +5361,7 @@ CVE-2022-22757 TODO: check if WebDriver enabled, if not demote severity to unimportant CVE-2022-22756 RESERVED + {DSA-5069-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22756 @@ -5349,6 +5372,7 @@ CVE-2022-22755 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22755 CVE-2022-22754 RESERVED + {DSA-5069-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22754 @@ -5509,7 +5533,7 @@ CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions sta - gitlab <unfixed> CVE-2022-0150 RESERVED -CVE-2022-0149 (The WooCommerce WordPress plugin before 2.7.1 was affected by a Reflec ...) +CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affe ...) NOT-FOR-US: WordPress plugin CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon ...) NOT-FOR-US: WordPress plugin @@ -5559,26 +5583,26 @@ CVE-2022-22720 RESERVED CVE-2022-22719 RESERVED -CVE-2022-22718 - RESERVED -CVE-2022-22717 - RESERVED -CVE-2022-22716 - RESERVED -CVE-2022-22715 - RESERVED +CVE-2022-22718 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...) + TODO: check +CVE-2022-22717 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...) + TODO: check +CVE-2022-22716 (Microsoft Excel Information Disclosure Vulnerability. ...) + TODO: check +CVE-2022-22715 (Named Pipe File System Elevation of Privilege Vulnerability. ...) + TODO: check CVE-2022-22714 RESERVED CVE-2022-22713 RESERVED -CVE-2022-22712 - RESERVED +CVE-2022-22712 (Windows Hyper-V Denial of Service Vulnerability. ...) + TODO: check CVE-2022-22711 RESERVED -CVE-2022-22710 - RESERVED -CVE-2022-22709 - RESERVED +CVE-2022-22710 (Windows Common Log File System Driver Denial of Service Vulnerability. ...) + TODO: check +CVE-2022-22709 (VP9 Video Extensions Remote Code Execution Vulnerability. ...) + TODO: check CVE-2022-21806 RESERVED CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. ...) @@ -7354,56 +7378,56 @@ CVE-2022-22007 RESERVED CVE-2022-22006 RESERVED -CVE-2022-22005 - RESERVED -CVE-2022-22004 - RESERVED -CVE-2022-22003 - RESERVED -CVE-2022-22002 - RESERVED -CVE-2022-22001 - RESERVED -CVE-2022-22000 - RESERVED -CVE-2022-21999 - RESERVED -CVE-2022-21998 - RESERVED -CVE-2022-21997 - RESERVED -CVE-2022-21996 - RESERVED -CVE-2022-21995 - RESERVED -CVE-2022-21994 - RESERVED -CVE-2022-21993 - RESERVED -CVE-2022-21992 - RESERVED -CVE-2022-21991 - RESERVED +CVE-2022-22005 (Microsoft SharePoint Server Remote Code Execution Vulnerability. ...) + TODO: check +CVE-2022-22004 (Microsoft Office ClickToRun Remote Code Execution Vulnerability. ...) + TODO: check +CVE-2022-22003 (Microsoft Office Graphics Remote Code Execution Vulnerability. ...) + TODO: check +CVE-2022-22002 (Windows User Account Profile Picture Denial of Service Vulnerability. ...) + TODO: check +CVE-2022-22001 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + TODO: check +CVE-2022-22000 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + TODO: check +CVE-2022-21999 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...) + TODO: check +CVE-2022-21998 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...) + TODO: check +CVE-2022-21997 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...) + TODO: check +CVE-2022-21996 (Win32k Elevation of Privilege Vulnerability. ...) + TODO: check +CVE-2022-21995 (Windows Hyper-V Remote Code Execution Vulnerability. ...) + TODO: check +CVE-2022-21994 (Windows DWM Core Library Elevation of Privilege Vulnerability. ...) + TODO: check +CVE-2022-21993 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) + TODO: check +CVE-2022-21992 (Windows Mobile Device Management Remote Code Execution Vulnerability. ...) + TODO: check +CVE-2022-21991 (Visual Studio Code Remote Development Extension Remote Code Execution ...) + TODO: check CVE-2022-21990 RESERVED -CVE-2022-21989 - RESERVED -CVE-2022-21988 - RESERVED -CVE-2022-21987 - RESERVED -CVE-2022-21986 - RESERVED -CVE-2022-21985 - RESERVED -CVE-2022-21984 - RESERVED +CVE-2022-21989 (Windows Kernel Elevation of Privilege Vulnerability. ...) + TODO: check +CVE-2022-21988 (Microsoft Office Visio Remote Code Execution Vulnerability. ...) + TODO: check +CVE-2022-21987 (Microsoft SharePoint Server Spoofing Vulnerability. ...) + TODO: check +CVE-2022-21986 (.NET Denial of Service Vulnerability. ...) + TODO: check +CVE-2022-21985 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) + TODO: check +CVE-2022-21984 (Windows DNS Server Remote Code Execution Vulnerability. ...) + TODO: check CVE-2022-21983 RESERVED CVE-2022-21982 RESERVED -CVE-2022-21981 - RESERVED +CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + TODO: check CVE-2022-21980 RESERVED CVE-2022-21979 @@ -7416,26 +7440,26 @@ CVE-2022-21976 RESERVED CVE-2022-21975 RESERVED -CVE-2022-21974 - RESERVED +CVE-2022-21974 (Roaming Security Rights Management Services Remote Code Execution Vuln ...) + TODO: check CVE-2022-21973 RESERVED CVE-2022-21972 RESERVED -CVE-2022-21971 - RESERVED +CVE-2022-21971 (Windows Runtime Remote Code Execution Vulnerability. ...) + TODO: check CVE-2022-21970 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21969 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...) NOT-FOR-US: Microsoft -CVE-2022-21968 - RESERVED +CVE-2022-21968 (Microsoft SharePoint Server Security Feature BypassVulnerability. ...) + TODO: check CVE-2022-21967 RESERVED CVE-2022-21966 RESERVED -CVE-2022-21965 - RESERVED +CVE-2022-21965 (Microsoft Teams Denial of Service Vulnerability. ...) + TODO: check CVE-2022-21964 (Remote Desktop Licensing Diagnoser Information Disclosure Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-21963 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) @@ -7450,8 +7474,8 @@ CVE-2022-21959 (Windows Resilient File System (ReFS) Remote Code Execution Vulne NOT-FOR-US: Microsoft CVE-2022-21958 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft -CVE-2022-21957 - RESERVED +CVE-2022-21957 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...) + TODO: check CVE-2022-21956 RESERVED CVE-2022-21955 @@ -7510,10 +7534,10 @@ CVE-2022-21929 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerabil NOT-FOR-US: Microsoft CVE-2022-21928 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft -CVE-2022-21927 - RESERVED -CVE-2022-21926 - RESERVED +CVE-2022-21927 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...) + TODO: check +CVE-2022-21926 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...) + TODO: check CVE-2022-21925 (Windows BackupKey Remote Protocol Security Feature Bypass Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-21924 (Workstation Service Remote Protocol Security Feature Bypass Vulnerabil ...) @@ -7676,8 +7700,8 @@ CVE-2022-21846 (Microsoft Exchange Server Remote Code Execution Vulnerability. T NOT-FOR-US: Microsoft CVE-2022-21845 RESERVED -CVE-2022-21844 - RESERVED +CVE-2022-21844 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...) + TODO: check CVE-2022-21843 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2022-21842 (Microsoft Word Remote Code Execution Vulnerability. ...) |