summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsecurity tracker role <sectracker@soriano.debian.org>2022-01-20 20:10:16 +0000
committersecurity tracker role <sectracker@soriano.debian.org>2022-01-20 20:10:16 +0000
commit9ef917156ea152cc7669583ab554c54ac1b3fabd (patch)
tree79c94cfa9e850a6b3311f00cf836e0bdbfc1868d
parentcf7dcbe6d4e52b10f3eff5749f058440382e3c28 (diff)
automatic update
-rw-r--r--data/CVE/2020.list2
-rw-r--r--data/CVE/2021.list80
-rw-r--r--data/CVE/2022.list91
3 files changed, 115 insertions, 58 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index c61037d125..03277a1258 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -60279,7 +60279,7 @@ CVE-2020-5677 (Reflected cross-site scripting vulnerability in GROWI v4.0.0 and
NOT-FOR-US: GROWI
CVE-2020-5676 (GROWI v4.1.3 and earlier allow remote attackers to obtain information ...)
NOT-FOR-US: GROWI
-CVE-2020-5675 (Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD ...)
+CVE-2020-5675 (Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT21 ...)
NOT-FOR-US: Mitsubishi
CVE-2020-5674 (Untrusted search path vulnerability in the installers of multiple SEIK ...)
NOT-FOR-US: SEIKO EPSON products
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 868b9d47a5..cf86047137 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -2208,21 +2208,22 @@ CVE-2021-45485 (In the IPv6 implementation in the Linux kernel before 5.13.3, ne
CVE-2021-45484 (In NetBSD through 9.2, the IPv6 fragment ID generation algorithm emplo ...)
NOT-FOR-US: NetBSD
CVE-2021-45483 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Fram ...)
- {DSA-4995-1 DSA-4996-1}
+ {DSA-4996-1 DSA-4995-1}
- webkit2gtk 2.34.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.34.1-1
CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Cont ...)
- {DSA-4975-1 DSA-4976-1}
+ {DSA-4976-1 DSA-4975-1}
- webkit2gtk 2.32.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.4-1
CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation in We ...)
- {DSA-4995-1 DSA-4996-1}
+ {DSA-4996-1 DSA-4995-1}
- webkit2gtk 2.34.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.34.1-1
CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...)
+ {DSA-5050-1}
- linux 5.15.15-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0
@@ -2274,6 +2275,7 @@ CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular e
CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...)
NOT-FOR-US: Moxa
CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...)
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...)
@@ -2330,6 +2332,7 @@ CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy]
NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1)
CVE-2021-4155
RESERVED
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813
NOTE: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16)
@@ -2481,8 +2484,8 @@ CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Valid
NOT-FOR-US: Nova 360 Cabinet
CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via ...)
NOT-FOR-US: Nova 360 Cabinet
-CVE-2021-45417
- RESERVED
+CVE-2021-45417 (AIDE before 0.17.4 allows local users to obtain root privileges via cr ...)
+ {DSA-5051-1}
- aide 0.17.4-1
NOTE: https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc (v0.17.4)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3
@@ -2918,8 +2921,7 @@ CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses t
NOT-FOR-US: Apache APISIX Dashboard
CVE-2021-45231 (A link following privilege escalation vulnerability in Trend Micro Ape ...)
NOT-FOR-US: Trend Micro
-CVE-2021-45230
- RESERVED
+CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific case ...)
- airflow <itp> (bug #819700)
CVE-2021-45229
RESERVED
@@ -3370,6 +3372,7 @@ CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel thro
NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2
NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1.
CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...)
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/
CVE-2021-45070
@@ -3994,8 +3997,8 @@ CVE-2021-44831
RESERVED
CVE-2021-44830
RESERVED
-CVE-2021-44829
- RESERVED
+CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html in AFI W ...)
+ TODO: check
CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 ...)
NOT-FOR-US: ARM
CVE-2021-44827
@@ -4267,16 +4270,16 @@ CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile]
- rainloop 1.14.0-1 (bug #962629)
[buster] - rainloop <no-dsa> (Minor issue)
NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872
-CVE-2021-44738
- RESERVED
-CVE-2021-44737
- RESERVED
-CVE-2021-44736
- RESERVED
-CVE-2021-44735
- RESERVED
-CVE-2021-44734
- RESERVED
+CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark devices t ...)
+ TODO: check
+CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices through 2021- ...)
+ TODO: check
+CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices allow unauth ...)
+ TODO: check
+CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark devices ...)
+ TODO: check
+CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...)
+ TODO: check
CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -5538,10 +5541,10 @@ CVE-2021-44247
RESERVED
CVE-2021-44246
RESERVED
-CVE-2021-44245
- RESERVED
-CVE-2021-44244
- RESERVED
+CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...)
+ TODO: check
+CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...)
+ TODO: check
CVE-2021-44243
RESERVED
CVE-2021-44242
@@ -5984,12 +5987,12 @@ CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plug
NOT-FOR-US: zrlog
CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...)
NOT-FOR-US: zrlog
-CVE-2021-44092
- RESERVED
-CVE-2021-44091
- RESERVED
-CVE-2021-44090
- RESERVED
+CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects Pharmacy Manage ...)
+ TODO: check
+CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Mu ...)
+ TODO: check
+CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online Reviewe ...)
+ TODO: check
CVE-2021-44089
RESERVED
CVE-2021-44088
@@ -6602,6 +6605,7 @@ CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that
NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v
NOTE: https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83
CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution framework. ...)
+ {DSA-5049-1}
- flatpak 1.12.3-1
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e
@@ -10951,8 +10955,8 @@ CVE-2021-3868
RESERVED
CVE-2021-3867
RESERVED
-CVE-2021-3866
- RESERVED
+CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip p ...)
+ TODO: check
CVE-2021-42060
RESERVED
CVE-2021-42059
@@ -16655,6 +16659,7 @@ CVE-2021-39686
RESERVED
CVE-2021-39685
RESERVED
+ {DSA-5050-1}
- linux 5.15.5-2
NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4
CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a possibl ...)
@@ -28818,8 +28823,8 @@ CVE-2021-34602
RESERVED
CVE-2021-34601
RESERVED
-CVE-2021-34600
- RESERVED
+CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...)
+ TODO: check
CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...)
NOT-FOR-US: CODESYS
CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...)
@@ -35050,8 +35055,8 @@ CVE-2021-32041
RESERVED
CVE-2021-32040
RESERVED
-CVE-2021-32039
- RESERVED
+CVE-2021-32039 (Users with appropriate file access may be able to access unencrypted u ...)
+ TODO: check
CVE-2021-32038
RESERVED
CVE-2021-32037 (An authorized user may trigger an invariant which may result in denial ...)
@@ -43536,18 +43541,23 @@ CVE-2021-28717
CVE-2021-28716
RESERVED
CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-392.html
CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-392.html
CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-391.html
CVE-2021-28712 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-391.html
CVE-2021-28711 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-391.html
CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For efficie ...)
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index fc6847329a..1b265fcf0c 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,3 +1,49 @@
+CVE-2022-23792
+ RESERVED
+CVE-2022-23791
+ RESERVED
+CVE-2022-23790
+ RESERVED
+CVE-2022-23789
+ RESERVED
+CVE-2022-23788
+ RESERVED
+CVE-2022-23787
+ RESERVED
+CVE-2022-23786
+ RESERVED
+CVE-2022-23785
+ RESERVED
+CVE-2022-23784
+ RESERVED
+CVE-2022-23783
+ RESERVED
+CVE-2022-23782
+ RESERVED
+CVE-2022-23781
+ RESERVED
+CVE-2022-23780
+ RESERVED
+CVE-2022-21147
+ RESERVED
+CVE-2022-0323
+ RESERVED
+CVE-2022-0322
+ RESERVED
+CVE-2022-0321
+ RESERVED
+CVE-2022-0320
+ RESERVED
+CVE-2022-0319
+ RESERVED
+CVE-2022-0318
+ RESERVED
+CVE-2022-0317
+ RESERVED
+CVE-2022-0316
+ RESERVED
+CVE-2022-0315
+ RESERVED
CVE-2022-23779
RESERVED
CVE-2022-23778
@@ -808,24 +854,24 @@ CVE-2022-0287
RESERVED
CVE-2022-0286
RESERVED
-CVE-2022-0285
- RESERVED
+CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
+ TODO: check
CVE-2022-0284
RESERVED
CVE-2022-0283
RESERVED
-CVE-2022-0282
- RESERVED
-CVE-2022-0281
- RESERVED
+CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11. ...)
+ TODO: check
+CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
+ TODO: check
CVE-2022-0280
RESERVED
CVE-2022-0279
RESERVED
-CVE-2022-0278
- RESERVED
-CVE-2022-0277
- RESERVED
+CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
+ TODO: check
+CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...)
+ TODO: check
CVE-2022-23436
RESERVED
CVE-2022-23435 (decoding.c in android-gif-drawable before 1.2.24 does not limit the ma ...)
@@ -1375,6 +1421,7 @@ CVE-2022-0229
CVE-2022-0228
RESERVED
CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...)
+ {DSA-5050-1}
- linux 5.15.15-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -1430,8 +1477,8 @@ CVE-2022-0221
RESERVED
CVE-2022-0220
RESERVED
-CVE-2022-0219
- RESERVED
+CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
+ TODO: check
CVE-2022-0218
RESERVED
CVE-2022-0216
@@ -1673,10 +1720,10 @@ CVE-2022-23122
RESERVED
CVE-2022-23121
RESERVED
-CVE-2022-23120
- RESERVED
-CVE-2022-23119
- RESERVED
+CVE-2022-23120 (A code injection vulnerability in Trend Micro Deep Security and Cloud ...)
+ TODO: check
+CVE-2022-23119 (A directory traversal vulnerability in Trend Micro Deep Security and C ...)
+ TODO: check
CVE-2022-23118 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements fu ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-23117 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...)
@@ -1733,6 +1780,7 @@ CVE-2022-0186
RESERVED
CVE-2022-0185 [vfs: fs_context: fix up param length parsing in legacy_parse_param]
RESERVED
+ {DSA-5050-1}
- linux 5.15.15-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -2395,8 +2443,8 @@ CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha
NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in wh ...)
NOT-FOR-US: NVIDIA NeMo
-CVE-2022-22820
- RESERVED
+CVE-2022-22820 (Due to the lack of media file checks before rendering, it was possible ...)
+ TODO: check
CVE-2022-22819
RESERVED
CVE-2022-22818
@@ -2681,8 +2729,7 @@ CVE-2022-22735
RESERVED
CVE-2022-22734
RESERVED
-CVE-2022-22733
- RESERVED
+CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: Apache ShardingSphere ElasticJob-UI
CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
@@ -5212,6 +5259,7 @@ CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior
CVE-2022-21683 (Wagtail is a Django based content management system focused on flexibi ...)
NOT-FOR-US: Wagtail
CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution framework. ...)
+ {DSA-5049-1}
- flatpak 1.12.3-1
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
NOTE: https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a
@@ -5284,8 +5332,7 @@ CVE-2022-21660
RESERVED
CVE-2022-21659
RESERVED
-CVE-2022-21658 [Race condition in the Rust standard library]
- RESERVED
+CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language designe ...)
- rustc <unfixed>
NOTE: https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658
NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/1

© 2014-2024 Faster IT GmbH | imprint | privacy policy