diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-02-18 20:10:22 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-02-18 20:10:22 +0000 |
commit | 73d764a4e1a413a9300a44cc54b6cc2aeacc892e (patch) | |
tree | f391fb96668f9e514913e203df12409a2e5ca832 /data/CVE/2022.list | |
parent | caea15e92f2cb1f3998d980c3fd15c8b33e50317 (diff) |
automatic update
Diffstat (limited to 'data/CVE/2022.list')
-rw-r--r-- | data/CVE/2022.list | 135 |
1 files changed, 88 insertions, 47 deletions
diff --git a/data/CVE/2022.list b/data/CVE/2022.list index bdd407bef7..1f02e3760e 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,7 +1,49 @@ -CVE-2022-25323 +CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...) + TODO: check +CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...) + TODO: check +CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for s ...) + TODO: check +CVE-2022-25334 + RESERVED +CVE-2022-25333 + RESERVED +CVE-2022-25332 + RESERVED +CVE-2022-25331 + RESERVED +CVE-2022-25330 + RESERVED +CVE-2022-25329 + RESERVED +CVE-2022-25328 + RESERVED +CVE-2022-25327 + RESERVED +CVE-2022-25326 + RESERVED +CVE-2022-23183 + RESERVED +CVE-2022-21179 + RESERVED +CVE-2022-0683 + RESERVED +CVE-2022-0682 + RESERVED +CVE-2022-0681 + RESERVED +CVE-2022-0680 RESERVED -CVE-2022-25322 +CVE-2022-0679 RESERVED +CVE-2022-0678 + RESERVED +CVE-2022-0677 + RESERVED +CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...) + TODO: check +CVE-2022-25322 (ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. ...) + TODO: check CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...) NOT-FOR-US: Cerebrate CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...) @@ -52,12 +94,12 @@ CVE-2022-21158 RESERVED CVE-2022-0674 RESERVED -CVE-2022-0673 - RESERVED -CVE-2022-0672 - RESERVED -CVE-2022-0671 - RESERVED +CVE-2022-0673 (A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoni ...) + TODO: check +CVE-2022-0672 (A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redi ...) + TODO: check +CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. Schema dow ...) + TODO: check CVE-2022-0670 RESERVED CVE-2022-0669 @@ -66,20 +108,20 @@ CVE-2022-0668 RESERVED CVE-2022-0667 RESERVED -CVE-2022-0666 - RESERVED +CVE-2022-0666 (CRLF Injection leads to Stack Trace Exposure due to lack of filtering ...) + TODO: check CVE-2022-0665 RESERVED -CVE-2022-0664 - RESERVED +CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker ...) + TODO: check CVE-2022-0663 RESERVED CVE-2022-0662 RESERVED CVE-2022-0661 RESERVED -CVE-2022-0660 - RESERVED +CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...) + TODO: check CVE-2022-0659 RESERVED CVE-2022-0658 @@ -92,10 +134,10 @@ CVE-2022-XXXX [Arbitrary File Write Vulnerability ] - libpgjava 42.3.3-1 NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8 NOTE: https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064 (REL42.3.3-rc1) -CVE-2022-25299 - RESERVED -CVE-2022-25298 - RESERVED +CVE-2022-25299 (This affects the package cesanta/mongoose before 7.6. The unsafe handl ...) + TODO: check +CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is possible ...) + TODO: check CVE-2022-25297 RESERVED CVE-2022-25296 @@ -234,8 +276,7 @@ CVE-2022-0648 RESERVED CVE-2022-0647 RESERVED -CVE-2022-0646 [mctp: serial: Cancel pending work from ndo_uninit handler] - RESERVED +CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Transpo ...) - linux <unfixed> NOTE: https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/ CVE-2022-0645 @@ -272,8 +313,8 @@ CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium b NOT-FOR-US: WordPress plugin CVE-2022-0632 RESERVED -CVE-2022-0631 - RESERVED +CVE-2022-0631 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...) + TODO: check CVE-2022-0630 RESERVED CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) @@ -956,8 +997,7 @@ CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3 [buster] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html -CVE-2022-0585 - RESERVED +CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6. ...) - wireshark <unfixed> [bullseye] - wireshark <no-dsa> (Minor issue) [buster] - wireshark <no-dsa> (Minor issue) @@ -1738,6 +1778,7 @@ CVE-2022-0544 RESERVED CVE-2022-0543 [sandbox escape] RESERVED + {DSA-5081-1} - redis <unfixed> (bug #1005787) NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce CVE-2022-0542 @@ -2273,7 +2314,7 @@ CVE-2022-24447 CVE-2022-24446 RESERVED CVE-2022-24445 - RESERVED + REJECTED CVE-2022-24444 RESERVED CVE-2022-24443 @@ -2831,8 +2872,8 @@ CVE-2022-0452 - chromium 98.0.4758.80-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-0451 - RESERVED +CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih includes aut ...) + TODO: check CVE-2022-0450 RESERVED CVE-2022-0449 @@ -3665,10 +3706,10 @@ CVE-2022-23984 RESERVED CVE-2022-23983 RESERVED -CVE-2022-23982 - RESERVED -CVE-2022-23981 - RESERVED +CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...) + TODO: check +CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...) + TODO: check CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Ye ...) NOT-FOR-US: WordPress plugin CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) @@ -4188,12 +4229,12 @@ CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6. NOT-FOR-US: TransmitMail CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...) NOT-FOR-US: TransmitMail -CVE-2022-21176 - RESERVED -CVE-2022-21143 - RESERVED -CVE-2022-21141 - RESERVED +CVE-2022-21176 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + TODO: check +CVE-2022-21143 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + TODO: check +CVE-2022-21141 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + TODO: check CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) - moodle <removed> CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) @@ -4617,8 +4658,8 @@ CVE-2022-23649 RESERVED CVE-2022-23648 RESERVED -CVE-2022-23647 - RESERVED +CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...) + TODO: check CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...) TODO: check CVE-2022-23645 @@ -7383,8 +7424,8 @@ CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5. - radare2 <unfixed> NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/ NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0) -CVE-2022-0138 - RESERVED +CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + TODO: check CVE-2022-0137 RESERVED CVE-2022-0136 @@ -8856,12 +8897,12 @@ CVE-2022-22153 (An Insufficient Algorithmic Complexity combined with an Allocati NOT-FOR-US: Juniper CVE-2022-22152 (A Protection Mechanism Failure vulnerability in the REST API of Junipe ...) NOT-FOR-US: Juniper -CVE-2022-21800 - RESERVED -CVE-2022-21215 - RESERVED -CVE-2022-21196 - RESERVED +CVE-2022-21800 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + TODO: check +CVE-2022-21215 (This vulnerability could allow an attacker to force the server to crea ...) + TODO: check +CVE-2022-21196 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + TODO: check CVE-2022-21155 RESERVED CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...) |