From 241196660357db5d8c585a79e6ba03f61bac302c Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 22 Feb 2022 08:10:23 +0000 Subject: automatic update --- data/CVE/2021.list | 39 +++++++++++++------------- data/CVE/2022.list | 81 ++++++++++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 89 insertions(+), 31 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index dc9df2ac56..795cacc715 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -4324,8 +4324,7 @@ CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors ...) NOT-FOR-US: yetiforcecrm CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...) NOT-FOR-US: yetiforcecrm -CVE-2021-4115 [file descriptor leak allows an unprivileged user to cause a crash] - RESERVED +CVE-2021-4115 (There is a flaw in polkit which can allow an unprivileged user to caus ...) [experimental] - policykit-1 0.120-6 - policykit-1 0.105-32 (bug #1005784) [bullseye] - policykit-1 (Minor issue) @@ -5570,24 +5569,24 @@ CVE-2021-44579 RESERVED CVE-2021-44578 RESERVED -CVE-2021-44577 - RESERVED -CVE-2021-44576 - RESERVED -CVE-2021-44575 - RESERVED -CVE-2021-44574 - RESERVED -CVE-2021-44573 - RESERVED +CVE-2021-44577 (Two heap-overflow vulnerabilities exist in openSUSE libsolv through 13 ...) + TODO: check +CVE-2021-44576 (Two memory vulnerabilities exists in openSUSE libsolv through 13 Dec 2 ...) + TODO: check +CVE-2021-44575 (Two heap-overflow vulnerabilities exists in openSUSE libsolv through 1 ...) + TODO: check +CVE-2021-44574 (A heap-overflow vulnerability exists in openSUSE libsolv through 13 De ...) + TODO: check +CVE-2021-44573 (Two heap overflow vulnerabilities exist in oenSUSE libsolv through 13 ...) + TODO: check CVE-2021-44572 RESERVED -CVE-2021-44571 - RESERVED -CVE-2021-44570 - RESERVED -CVE-2021-44569 - RESERVED +CVE-2021-44571 (A heap overflow vulnerability exisfts in openSUSE libsolv through 13 D ...) + TODO: check +CVE-2021-44570 (Two heap-overflow vulnerabilities exists in openSUSE/libsolv through 1 ...) + TODO: check +CVE-2021-44569 (A heap-buffer openSUSE libsolv through 13 Dec 2020 exists in the solve ...) + TODO: check CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv th ...) - libsolv (unimportant) NOTE: https://github.com/openSUSE/libsolv/issues/425 @@ -23509,9 +23508,9 @@ CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerabl NOT-FOR-US: Zoho ManageEngine CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to a ...) NOT-FOR-US: Zoho ManageEngine -CVE-2021-37420 (ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoo ...) +CVE-2021-37420 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail ...) NOT-FOR-US: ManageEngine -CVE-2021-37419 (ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. ...) +CVE-2021-37419 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF ...) NOT-FOR-US: ManageEngine CVE-2021-37418 REJECTED diff --git a/data/CVE/2022.list b/data/CVE/2022.list index dd8f2c9fc6..6ffd890630 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,4 +1,64 @@ -CVE-2022-25636 [netfilter: nf_tables_offload: incorrect flow offload action array size] +CVE-2022-25643 + RESERVED +CVE-2022-25642 + RESERVED +CVE-2022-25641 + RESERVED +CVE-2022-25640 + RESERVED +CVE-2022-25639 + RESERVED +CVE-2022-25638 + RESERVED +CVE-2022-25637 + RESERVED +CVE-2022-25635 + RESERVED +CVE-2022-25634 + RESERVED +CVE-2022-25633 + RESERVED +CVE-2022-25632 + RESERVED +CVE-2022-25631 + RESERVED +CVE-2022-25630 + RESERVED +CVE-2022-25629 + RESERVED +CVE-2022-25628 + RESERVED +CVE-2022-25627 + RESERVED +CVE-2022-25626 + RESERVED +CVE-2022-25625 + RESERVED +CVE-2022-25624 + RESERVED +CVE-2022-25623 + RESERVED +CVE-2022-25325 + RESERVED +CVE-2022-25234 + RESERVED +CVE-2022-25230 + RESERVED +CVE-2022-21219 + RESERVED +CVE-2022-21124 + RESERVED +CVE-2022-0717 + RESERVED +CVE-2022-0716 + RESERVED +CVE-2022-0715 + RESERVED +CVE-2022-0714 + RESERVED +CVE-2022-0713 + RESERVED +CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 a ...) - linux [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) @@ -540,8 +600,8 @@ CVE-2022-0698 RESERVED CVE-2022-0697 RESERVED -CVE-2022-0696 - RESERVED +CVE-2022-0696 (NULL Pointer Dereference in Conda vim prior to 8.2. ...) + TODO: check CVE-2022-0695 RESERVED CVE-2022-25371 @@ -704,8 +764,8 @@ CVE-2022-25312 RESERVED CVE-2022-21132 RESERVED -CVE-2022-0676 - RESERVED +CVE-2022-0676 (Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.4. ...) + TODO: check CVE-2022-0675 RESERVED CVE-2022-25315 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in ...) @@ -2290,8 +2350,7 @@ CVE-2022-23922 RESERVED CVE-2022-23104 RESERVED -CVE-2022-0563 [partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline] - RESERVED +CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when compil ...) - util-linux (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151 NOTE: https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u @@ -2731,8 +2790,8 @@ CVE-2022-24566 RESERVED CVE-2022-24565 RESERVED -CVE-2022-24564 - RESERVED +CVE-2022-24564 (Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerabil ...) + TODO: check CVE-2022-24563 RESERVED CVE-2022-24562 @@ -9095,8 +9154,8 @@ CVE-2022-22310 (IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0. NOT-FOR-US: IBM CVE-2022-22309 RESERVED -CVE-2022-22308 - RESERVED +CVE-2022-22308 (IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI ...) + TODO: check CVE-2022-22307 RESERVED CVE-2022-0087 (keystone is vulnerable to Improper Neutralization of Input During Web ...) -- cgit v1.2.3