From 9ef917156ea152cc7669583ab554c54ac1b3fabd Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 20 Jan 2022 20:10:16 +0000 Subject: automatic update --- data/CVE/2020.list | 2 +- data/CVE/2021.list | 80 ++++++++++++++++++++++++++--------------------- data/CVE/2022.list | 91 +++++++++++++++++++++++++++++++++++++++++------------- 3 files changed, 115 insertions(+), 58 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index c61037d125..03277a1258 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -60279,7 +60279,7 @@ CVE-2020-5677 (Reflected cross-site scripting vulnerability in GROWI v4.0.0 and NOT-FOR-US: GROWI CVE-2020-5676 (GROWI v4.1.3 and earlier allow remote attackers to obtain information ...) NOT-FOR-US: GROWI -CVE-2020-5675 (Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD ...) +CVE-2020-5675 (Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT21 ...) NOT-FOR-US: Mitsubishi CVE-2020-5674 (Untrusted search path vulnerability in the installers of multiple SEIK ...) NOT-FOR-US: SEIKO EPSON products diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 868b9d47a5..cf86047137 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -2208,21 +2208,22 @@ CVE-2021-45485 (In the IPv6 implementation in the Linux kernel before 5.13.3, ne CVE-2021-45484 (In NetBSD through 9.2, the IPv6 fragment ID generation algorithm emplo ...) NOT-FOR-US: NetBSD CVE-2021-45483 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Fram ...) - {DSA-4995-1 DSA-4996-1} + {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Cont ...) - {DSA-4975-1 DSA-4976-1} + {DSA-4976-1 DSA-4975-1} - webkit2gtk 2.32.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.4-1 CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation in We ...) - {DSA-4995-1 DSA-4996-1} + {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...) + {DSA-5050-1} - linux 5.15.15-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0 @@ -2274,6 +2275,7 @@ CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular e CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...) NOT-FOR-US: Moxa CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...) + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235 CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...) @@ -2330,6 +2332,7 @@ CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy] NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1) CVE-2021-4155 RESERVED + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813 NOTE: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16) @@ -2481,8 +2484,8 @@ CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Valid NOT-FOR-US: Nova 360 Cabinet CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via ...) NOT-FOR-US: Nova 360 Cabinet -CVE-2021-45417 - RESERVED +CVE-2021-45417 (AIDE before 0.17.4 allows local users to obtain root privileges via cr ...) + {DSA-5051-1} - aide 0.17.4-1 NOTE: https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc (v0.17.4) NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3 @@ -2918,8 +2921,7 @@ CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses t NOT-FOR-US: Apache APISIX Dashboard CVE-2021-45231 (A link following privilege escalation vulnerability in Trend Micro Ape ...) NOT-FOR-US: Trend Micro -CVE-2021-45230 - RESERVED +CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific case ...) - airflow (bug #819700) CVE-2021-45229 RESERVED @@ -3370,6 +3372,7 @@ CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel thro NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2 NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1. CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...) + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/ CVE-2021-45070 @@ -3994,8 +3997,8 @@ CVE-2021-44831 RESERVED CVE-2021-44830 RESERVED -CVE-2021-44829 - RESERVED +CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html in AFI W ...) + TODO: check CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 ...) NOT-FOR-US: ARM CVE-2021-44827 @@ -4267,16 +4270,16 @@ CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile] - rainloop 1.14.0-1 (bug #962629) [buster] - rainloop (Minor issue) NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872 -CVE-2021-44738 - RESERVED -CVE-2021-44737 - RESERVED -CVE-2021-44736 - RESERVED -CVE-2021-44735 - RESERVED -CVE-2021-44734 - RESERVED +CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark devices t ...) + TODO: check +CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices through 2021- ...) + TODO: check +CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices allow unauth ...) + TODO: check +CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark devices ...) + TODO: check +CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...) + TODO: check CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...) - linux [stretch] - linux (Vulnerable code not present) @@ -5538,10 +5541,10 @@ CVE-2021-44247 RESERVED CVE-2021-44246 RESERVED -CVE-2021-44245 - RESERVED -CVE-2021-44244 - RESERVED +CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...) + TODO: check +CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...) + TODO: check CVE-2021-44243 RESERVED CVE-2021-44242 @@ -5984,12 +5987,12 @@ CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plug NOT-FOR-US: zrlog CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...) NOT-FOR-US: zrlog -CVE-2021-44092 - RESERVED -CVE-2021-44091 - RESERVED -CVE-2021-44090 - RESERVED +CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects Pharmacy Manage ...) + TODO: check +CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Mu ...) + TODO: check +CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online Reviewe ...) + TODO: check CVE-2021-44089 RESERVED CVE-2021-44088 @@ -6602,6 +6605,7 @@ CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v NOTE: https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83 CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution framework. ...) + {DSA-5049-1} - flatpak 1.12.3-1 NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e @@ -10951,8 +10955,8 @@ CVE-2021-3868 RESERVED CVE-2021-3867 RESERVED -CVE-2021-3866 - RESERVED +CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip p ...) + TODO: check CVE-2021-42060 RESERVED CVE-2021-42059 @@ -16655,6 +16659,7 @@ CVE-2021-39686 RESERVED CVE-2021-39685 RESERVED + {DSA-5050-1} - linux 5.15.5-2 NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4 CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a possibl ...) @@ -28818,8 +28823,8 @@ CVE-2021-34602 RESERVED CVE-2021-34601 RESERVED -CVE-2021-34600 - RESERVED +CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...) + TODO: check CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...) NOT-FOR-US: CODESYS CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...) @@ -35050,8 +35055,8 @@ CVE-2021-32041 RESERVED CVE-2021-32040 RESERVED -CVE-2021-32039 - RESERVED +CVE-2021-32039 (Users with appropriate file access may be able to access unencrypted u ...) + TODO: check CVE-2021-32038 RESERVED CVE-2021-32037 (An authorized user may trigger an invariant which may result in denial ...) @@ -43536,18 +43541,23 @@ CVE-2021-28717 CVE-2021-28716 RESERVED CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of kernel me ...) + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-392.html CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of kernel me ...) + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-392.html CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...) + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-391.html CVE-2021-28712 (Rogue backends can cause DoS of guests via high frequency events T[his ...) + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-391.html CVE-2021-28711 (Rogue backends can cause DoS of guests via high frequency events T[his ...) + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-391.html CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For efficie ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index fc6847329a..1b265fcf0c 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,49 @@ +CVE-2022-23792 + RESERVED +CVE-2022-23791 + RESERVED +CVE-2022-23790 + RESERVED +CVE-2022-23789 + RESERVED +CVE-2022-23788 + RESERVED +CVE-2022-23787 + RESERVED +CVE-2022-23786 + RESERVED +CVE-2022-23785 + RESERVED +CVE-2022-23784 + RESERVED +CVE-2022-23783 + RESERVED +CVE-2022-23782 + RESERVED +CVE-2022-23781 + RESERVED +CVE-2022-23780 + RESERVED +CVE-2022-21147 + RESERVED +CVE-2022-0323 + RESERVED +CVE-2022-0322 + RESERVED +CVE-2022-0321 + RESERVED +CVE-2022-0320 + RESERVED +CVE-2022-0319 + RESERVED +CVE-2022-0318 + RESERVED +CVE-2022-0317 + RESERVED +CVE-2022-0316 + RESERVED +CVE-2022-0315 + RESERVED CVE-2022-23779 RESERVED CVE-2022-23778 @@ -808,24 +854,24 @@ CVE-2022-0287 RESERVED CVE-2022-0286 RESERVED -CVE-2022-0285 - RESERVED +CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) + TODO: check CVE-2022-0284 RESERVED CVE-2022-0283 RESERVED -CVE-2022-0282 - RESERVED -CVE-2022-0281 - RESERVED +CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11. ...) + TODO: check +CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...) + TODO: check CVE-2022-0280 RESERVED CVE-2022-0279 RESERVED -CVE-2022-0278 - RESERVED -CVE-2022-0277 - RESERVED +CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) + TODO: check +CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...) + TODO: check CVE-2022-23436 RESERVED CVE-2022-23435 (decoding.c in android-gif-drawable before 1.2.24 does not limit the ma ...) @@ -1375,6 +1421,7 @@ CVE-2022-0229 CVE-2022-0228 RESERVED CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...) + {DSA-5050-1} - linux 5.15.15-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) @@ -1430,8 +1477,8 @@ CVE-2022-0221 RESERVED CVE-2022-0220 RESERVED -CVE-2022-0219 - RESERVED +CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...) + TODO: check CVE-2022-0218 RESERVED CVE-2022-0216 @@ -1673,10 +1720,10 @@ CVE-2022-23122 RESERVED CVE-2022-23121 RESERVED -CVE-2022-23120 - RESERVED -CVE-2022-23119 - RESERVED +CVE-2022-23120 (A code injection vulnerability in Trend Micro Deep Security and Cloud ...) + TODO: check +CVE-2022-23119 (A directory traversal vulnerability in Trend Micro Deep Security and C ...) + TODO: check CVE-2022-23118 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements fu ...) NOT-FOR-US: Jenkins plugin CVE-2022-23117 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...) @@ -1733,6 +1780,7 @@ CVE-2022-0186 RESERVED CVE-2022-0185 [vfs: fs_context: fix up param length parsing in legacy_parse_param] RESERVED + {DSA-5050-1} - linux 5.15.15-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) @@ -2395,8 +2443,8 @@ CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in wh ...) NOT-FOR-US: NVIDIA NeMo -CVE-2022-22820 - RESERVED +CVE-2022-22820 (Due to the lack of media file checks before rendering, it was possible ...) + TODO: check CVE-2022-22819 RESERVED CVE-2022-22818 @@ -2681,8 +2729,7 @@ CVE-2022-22735 RESERVED CVE-2022-22734 RESERVED -CVE-2022-22733 - RESERVED +CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Apache ShardingSphere ElasticJob-UI CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab @@ -5212,6 +5259,7 @@ CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior CVE-2022-21683 (Wagtail is a Django based content management system focused on flexibi ...) NOT-FOR-US: Wagtail CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution framework. ...) + {DSA-5049-1} - flatpak 1.12.3-1 NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx NOTE: https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a @@ -5284,8 +5332,7 @@ CVE-2022-21660 RESERVED CVE-2022-21659 RESERVED -CVE-2022-21658 [Race condition in the Rust standard library] - RESERVED +CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language designe ...) - rustc NOTE: https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658 NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/1 -- cgit v1.2.3