From ba60c32a49a504ac5418a91e72eab963195253ef Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 16 Feb 2022 20:10:23 +0000 Subject: automatic update --- data/CVE/2019.list | 12 +-- data/CVE/2020.list | 24 +++--- data/CVE/2021.list | 104 ++++++++++++-------------- data/CVE/2022.list | 213 ++++++++++++++++++++++++++++++++++++----------------- 4 files changed, 213 insertions(+), 140 deletions(-) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 9faef3abdf..3ca375306a 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -44241,10 +44241,10 @@ CVE-2019-4354 RESERVED CVE-2019-4353 RESERVED -CVE-2019-4352 - RESERVED -CVE-2019-4351 - RESERVED +CVE-2019-4352 (IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of th ...) + TODO: check +CVE-2019-4351 (IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive info ...) + TODO: check CVE-2019-4350 RESERVED CVE-2019-4349 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 application ...) @@ -44363,8 +44363,8 @@ CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an NOT-FOR-US: IBM CVE-2019-4292 (IBM Security Guardium 10.5 could allow a remote attacker to upload arb ...) NOT-FOR-US: IBM -CVE-2019-4291 - RESERVED +CVE-2019-4291 (IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse enginee ...) + TODO: check CVE-2019-4290 RESERVED CVE-2019-4289 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index c064221daf..9586b3dc9c 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -57070,18 +57070,18 @@ CVE-2020-6924 RESERVED CVE-2020-6923 RESERVED -CVE-2020-6922 - RESERVED -CVE-2020-6921 - RESERVED -CVE-2020-6920 - RESERVED -CVE-2020-6919 - RESERVED -CVE-2020-6918 - RESERVED -CVE-2020-6917 - RESERVED +CVE-2020-6922 (Potential security vulnerabilities including compromise of integrity, ...) + TODO: check +CVE-2020-6921 (Potential security vulnerabilities including compromise of integrity, ...) + TODO: check +CVE-2020-6920 (Potential security vulnerabilities including compromise of integrity, ...) + TODO: check +CVE-2020-6919 (Potential security vulnerabilities including compromise of integrity, ...) + TODO: check +CVE-2020-6918 (Potential security vulnerabilities including compromise of integrity, ...) + TODO: check +CVE-2020-6917 (Potential security vulnerabilities including compromise of integrity, ...) + TODO: check CVE-2020-6916 RESERVED CVE-2020-6915 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index f0bd9c9362..f26728059c 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,5 +1,5 @@ CVE-2021-4220 - RESERVED + REJECTED CVE-2021-4219 RESERVED CVE-2021-46687 @@ -689,8 +689,8 @@ CVE-2021-46390 RESERVED CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...) NOT-FOR-US: IIPImage High Resolution Streaming Image Server -CVE-2021-46388 - RESERVED +CVE-2021-46388 (WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affec ...) + TODO: check CVE-2021-46387 RESERVED CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File U ...) @@ -3228,6 +3228,7 @@ CVE-2021-45446 CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...) NOT-FOR-US: Unisys CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...) + {DSA-5078-1} - zsh 5.8.1-1 NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/ NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/ @@ -3350,8 +3351,8 @@ CVE-2021-45393 RESERVED CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...) NOT-FOR-US: Tenda -CVE-2021-45391 - RESERVED +CVE-2021-45391 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...) + TODO: check CVE-2021-45390 RESERVED CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Build 68 ...) @@ -4024,8 +4025,8 @@ CVE-2021-4135 [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6) NOTE: CONFIG_NETDEVSIM is not set in Debian -CVE-2021-4134 - RESERVED +CVE-2021-4134 (The Fancy Product Designer WordPress plugin is vulnerable to SQL Injec ...) + TODO: check CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...) NOT-FOR-US: Keycloak CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) @@ -4820,8 +4821,8 @@ CVE-2021-44834 RESERVED CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...) NOT-FOR-US: yetiforcecrm -CVE-2021-4106 - RESERVED +CVE-2021-4106 (A vulnerability in Snow Inventory Java Scanner allows an attacker to r ...) + TODO: check CVE-2021-4105 RESERVED CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...) @@ -14985,8 +14986,7 @@ CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During W NOT-FOR-US: yourls CVE-2021-3782 RESERVED -CVE-2021-3781 [Include device specifier strings in access validation] - RESERVED +CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was ...) {DSA-4972-1} - ghostscript 9.53.3~dfsg-8 (bug #994011) [buster] - ghostscript (Vulnerable code introduced later) @@ -15691,8 +15691,7 @@ CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: ShowDoc CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version a ...) NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch -CVE-2021-3773 - RESERVED +CVE-2021-3773 (A flaw in netfilter could allow a network-connected attacker to infer ...) NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3 NOTE: https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html TODO: fill in tracking details @@ -16137,8 +16136,7 @@ CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into - cfrpki 1.3.0-1 (bug #994572) NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9 NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422 -CVE-2021-3760 - RESERVED +CVE-2021-3760 (A flaw was found in the Linux kernel. A use-after-free vulnerability i ...) {DLA-2843-1} - linux 5.14.16-1 (unimportant) [bullseye] - linux 5.10.84-1 @@ -16218,14 +16216,12 @@ CVE-2021-3755 REJECTED CVE-2021-3754 RESERVED -CVE-2021-3753 - RESERVED +CVE-2021-3753 (A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c ...) {DSA-4978-1 DLA-2843-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7 -CVE-2021-3752 - RESERVED +CVE-2021-3752 (A use-after-free flaw was found in the Linux kernel’s Bluetooth ...) - linux 5.15.3-1 [bullseye] - linux 5.10.84-1 NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4 @@ -18628,16 +18624,16 @@ CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, NOT-FOR-US: Jamf Pro CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...) NOT-FOR-US: MISP -CVE-2021-39301 - RESERVED -CVE-2021-39300 - RESERVED -CVE-2021-39299 - RESERVED -CVE-2021-39298 - RESERVED -CVE-2021-39297 - RESERVED +CVE-2021-39301 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + TODO: check +CVE-2021-39300 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + TODO: check +CVE-2021-39299 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + TODO: check +CVE-2021-39298 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + TODO: check +CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + TODO: check CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...) NOT-FOR-US: OpenBMC CVE-2021-39295 @@ -25007,7 +25003,7 @@ CVE-2021-36742 (A improper input validation vulnerability in Trend Micro Apex On CVE-2021-36741 (An improper input validation vulnerability in Trend Micro Apex One, Ap ...) NOT-FOR-US: Trend Micro CVE-2021-3648 - RESERVED + REJECTED - binutils (unimportant) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100968 NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935 @@ -31733,8 +31729,7 @@ CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in ges NOT-FOR-US: Cartadis Gespage CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.exe a ...) NOT-FOR-US: Bitdefender -CVE-2021-3578 [possible remote code execution in isync/mbsync] - RESERVED +CVE-2021-3578 (A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecke ...) - isync 1.3.0-2.2 (bug #989564) [buster] - isync 1.3.0-2.2~deb10u1 [stretch] - isync (Minor issue) @@ -32553,8 +32548,7 @@ CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed NOTE: https://sourceforge.net/p/mcj/tickets/116/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/ NOTE: Depends on CVE-2019-19797 fix -CVE-2021-3560 [local privilege escalation using polkit_system_bus_name_get_creds_sync()] - RESERVED +CVE-2021-3560 (It was found that polkit could be tricked into bypassing the credentia ...) - policykit-1 0.105-31 (bug #989429) [buster] - policykit-1 (Vulnerable code introduced later) [stretch] - policykit-1 (Vulnerable code introduced later) @@ -33167,8 +33161,7 @@ CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices A CVE-2021-3558 RESERVED - moodle -CVE-2021-3557 - RESERVED +CVE-2021-3557 (A flaw was found in argocd. Any unprivileged user is able to deploy ar ...) NOT-FOR-US: Argo CD CVE-2021-3556 REJECTED @@ -33867,8 +33860,7 @@ CVE-2021-32927 RESERVED CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...) NOT-FOR-US: Rockwell Automation -CVE-2021-3551 - RESERVED +CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn command, when ...) - dogtag-pki 10.10.6-1 (bug #991665) [bullseye] - dogtag-pki (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959971 @@ -49413,8 +49405,8 @@ CVE-2021-26728 RESERVED CVE-2021-26727 RESERVED -CVE-2021-26726 - RESERVED +CVE-2021-26726 (A remote code execution vulnerability affecting a Valmet DNA service l ...) + TODO: check CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...) NOT-FOR-US: Nozomi Networks Guardian CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...) @@ -56721,8 +56713,8 @@ CVE-2021-23684 RESERVED CVE-2021-23683 RESERVED -CVE-2021-23682 - RESERVED +CVE-2021-23682 (This affects the package litespeed.js before 0.3.12; the package appwr ...) + TODO: check CVE-2021-23681 RESERVED CVE-2021-23680 @@ -60355,8 +60347,8 @@ CVE-2021-22052 RESERVED CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...) NOT-FOR-US: Spring Cloud Gateway -CVE-2021-22050 - RESERVED +CVE-2021-22050 (ESXi contains a slow HTTP POST denial-of-service vulnerability in rhtt ...) + TODO: check CVE-2021-22049 (The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Requ ...) NOT-FOR-US: VMware CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...) @@ -60369,14 +60361,14 @@ CVE-2021-22045 (VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before NOT-FOR-US: VMware CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEA ...) NOT-FOR-US: Spring Cloud OpenFeign -CVE-2021-22043 - RESERVED -CVE-2021-22042 - RESERVED -CVE-2021-22041 - RESERVED -CVE-2021-22040 - RESERVED +CVE-2021-22043 (VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerabilit ...) + TODO: check +CVE-2021-22042 (VMware ESXi contains an unauthorized access vulnerability due to VMX h ...) + TODO: check +CVE-2021-22041 (VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerabil ...) + TODO: check +CVE-2021-22040 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...) + TODO: check CVE-2021-22039 RESERVED CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary ...) @@ -60545,8 +60537,8 @@ CVE-2021-21968 (A file write vulnerability exists in the OTA update task functio NOT-FOR-US: Sealevel Systems CVE-2021-21967 RESERVED -CVE-2021-21966 - RESERVED +CVE-2021-21966 (An information disclosure vulnerability exists in the HTTP Server /pin ...) + TODO: check CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...) NOT-FOR-US: Sealevel Systems CVE-2021-21964 (A denial of service vulnerability exists in the Modbus configuration f ...) @@ -60561,8 +60553,8 @@ CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the L NOT-FOR-US: Sealevel Systems CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of Sealevel Syste ...) NOT-FOR-US: Sealevel Systems -CVE-2021-21958 - RESERVED +CVE-2021-21958 (A heap-based buffer overflow vulnerability exists in the Hword HwordAp ...) + TODO: check CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...) NOT-FOR-US: Dream Report ODS Remote Connector CVE-2021-21956 diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 180564c1b4..17a3013011 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,85 @@ +CVE-2022-25257 + RESERVED +CVE-2022-25256 + RESERVED +CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...) + TODO: check +CVE-2022-25254 + RESERVED +CVE-2022-25253 + RESERVED +CVE-2022-25252 + RESERVED +CVE-2022-25251 + RESERVED +CVE-2022-25250 + RESERVED +CVE-2022-25249 + RESERVED +CVE-2022-25248 + RESERVED +CVE-2022-25247 + RESERVED +CVE-2022-25246 + RESERVED +CVE-2022-24374 + RESERVED +CVE-2022-23916 + RESERVED +CVE-2022-23810 + RESERVED +CVE-2022-21142 + RESERVED +CVE-2022-0648 + RESERVED +CVE-2022-0647 + RESERVED +CVE-2022-0646 + RESERVED +CVE-2022-0645 + RESERVED +CVE-2022-0644 + RESERVED +CVE-2022-0643 + RESERVED +CVE-2022-0642 + RESERVED +CVE-2022-0641 + RESERVED +CVE-2022-0640 + RESERVED +CVE-2022-0639 + RESERVED +CVE-2022-0638 + RESERVED +CVE-2022-0637 + RESERVED +CVE-2022-0636 + RESERVED +CVE-2022-0635 + RESERVED +CVE-2022-0634 + RESERVED +CVE-2022-0633 + RESERVED +CVE-2022-0632 + RESERVED +CVE-2022-0631 + RESERVED +CVE-2022-0630 + RESERVED +CVE-2022-0629 + RESERVED +CVE-2022-0628 + RESERVED +CVE-2022-0627 + RESERVED +CVE-2022-0626 + RESERVED +CVE-2022-0625 + RESERVED +CVE-2022-0624 + RESERVED CVE-2022-XXXX [Improper input validation - SA-CORE-2022-003] - drupal7 [stretch] - drupal7 7.52-2+deb9u18 @@ -97,8 +179,7 @@ CVE-2022-21159 RESERVED CVE-2022-0618 RESERVED -CVE-2022-0617 [Null pointer dereference can be triggered when write to an ICB inode] - RESERVED +CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file system fu ...) - linux 5.16.7-1 NOTE: https://git.kernel.org/linus/7fc3b7c2981bbd1047916ade327beccb90994eee NOTE: https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f @@ -106,10 +187,10 @@ CVE-2022-0616 RESERVED CVE-2022-0615 RESERVED -CVE-2022-0614 - RESERVED -CVE-2022-0613 - RESERVED +CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. ...) + TODO: check +CVE-2022-0613 (Authorization Bypass Through User-Controlled Key in NPM urijs prior to ...) + TODO: check CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...) NOT-FOR-US: Jenkins plugin CVE-2022-25211 (A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier a ...) @@ -1304,8 +1385,8 @@ CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function wi NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...) NOT-FOR-US: microweber -CVE-2022-0559 - RESERVED +CVE-2022-0559 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. ...) + TODO: check CVE-2022-0558 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) NOT-FOR-US: microweber CVE-2022-0557 (OS Command Injection in Packagist microweber/microweber prior to 1.2.1 ...) @@ -1511,12 +1592,12 @@ CVE-2022-0516 [KVM: s390: Return error on SIDA memop on normal guest] [stretch] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/2c212e1baedcd782b2535a3f86bc491977677c0e NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/2 -CVE-2022-24665 - RESERVED -CVE-2022-24664 - RESERVED -CVE-2022-24663 - RESERVED +CVE-2022-24665 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...) + TODO: check +CVE-2022-24664 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...) + TODO: check +CVE-2022-24663 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...) + TODO: check CVE-2022-24662 RESERVED CVE-2022-24661 @@ -2016,8 +2097,8 @@ CVE-2022-0515 RESERVED CVE-2022-0514 RESERVED -CVE-2022-0513 - RESERVED +CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) + TODO: check CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) TODO: check CVE-2022-0511 @@ -3071,8 +3152,8 @@ CVE-2022-24088 RESERVED CVE-2022-24087 RESERVED -CVE-2022-24086 - RESERVED +CVE-2022-24086 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...) + TODO: check CVE-2022-24085 RESERVED CVE-2022-24084 @@ -3922,10 +4003,10 @@ CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17 NOTE: https://github.com/golang/go/commit/e16331902340c02bdf1831b5508df2307b871ef6 (go1.17.7) CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in ...) NOT-FOR-US: Trend Micro -CVE-2022-23804 - RESERVED -CVE-2022-23803 - RESERVED +CVE-2022-23804 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) + TODO: check +CVE-2022-23803 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) + TODO: check CVE-2022-23802 RESERVED CVE-2022-23801 @@ -4302,8 +4383,8 @@ CVE-2022-23646 RESERVED CVE-2022-23645 RESERVED -CVE-2022-23644 - RESERVED +CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...) + TODO: check CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...) TODO: check CVE-2022-23642 @@ -5063,8 +5144,8 @@ CVE-2022-23360 RESERVED CVE-2022-23359 RESERVED -CVE-2022-23358 - RESERVED +CVE-2022-23358 (EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In ...) + TODO: check CVE-2022-23357 (mozilo2.0 was discovered to be vulnerable to directory traversal attac ...) TODO: check CVE-2022-23356 @@ -5572,44 +5653,44 @@ CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, a NOT-FOR-US: Apache Traffic Control CVE-2022-23205 RESERVED -CVE-2022-23204 - RESERVED -CVE-2022-23203 - RESERVED -CVE-2022-23202 - RESERVED +CVE-2022-23204 (Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of ...) + TODO: check +CVE-2022-23203 (Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) a ...) + TODO: check +CVE-2022-23202 (Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affecte ...) + TODO: check CVE-2022-23201 RESERVED -CVE-2022-23200 - RESERVED -CVE-2022-23199 - RESERVED -CVE-2022-23198 - RESERVED -CVE-2022-23197 - RESERVED -CVE-2022-23196 - RESERVED -CVE-2022-23195 - RESERVED -CVE-2022-23194 - RESERVED -CVE-2022-23193 - RESERVED -CVE-2022-23192 - RESERVED -CVE-2022-23191 - RESERVED -CVE-2022-23190 - RESERVED -CVE-2022-23189 - RESERVED -CVE-2022-23188 - RESERVED +CVE-2022-23200 (Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earl ...) + TODO: check +CVE-2022-23199 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + TODO: check +CVE-2022-23198 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + TODO: check +CVE-2022-23197 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + TODO: check +CVE-2022-23196 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + TODO: check +CVE-2022-23195 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + TODO: check +CVE-2022-23194 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + TODO: check +CVE-2022-23193 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + TODO: check +CVE-2022-23192 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + TODO: check +CVE-2022-23191 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + TODO: check +CVE-2022-23190 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + TODO: check +CVE-2022-23189 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + TODO: check +CVE-2022-23188 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + TODO: check CVE-2022-23187 RESERVED -CVE-2022-23186 - RESERVED +CVE-2022-23186 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + TODO: check CVE-2022-23185 RESERVED CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...) @@ -6240,8 +6321,8 @@ CVE-2022-22947 RESERVED CVE-2022-22946 RESERVED -CVE-2022-22945 - RESERVED +CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability. A malici ...) + TODO: check CVE-2022-22944 RESERVED CVE-2022-22943 @@ -6457,8 +6538,8 @@ CVE-2022-22855 RESERVED CVE-2022-22854 (An access control issue in hprms/admin/?page=user/list of Hospital Pat ...) NOT-FOR-US: Hospital Patient Record Management System -CVE-2022-22853 - RESERVED +CVE-2022-22853 (A stored cross-site scripting (XSS) vulnerability in Hospital Patient ...) + TODO: check CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) NOT-FOR-US: Sourcecodtester CVE-2022-22851 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) @@ -6692,8 +6773,8 @@ CVE-2022-22794 RESERVED CVE-2022-22793 RESERVED -CVE-2022-22792 - RESERVED +CVE-2022-22792 (MobiSoft - MobiPlus User Take Over and Improper Handling of url Parame ...) + TODO: check CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code ...) NOT-FOR-US: SYNEL CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is an atta ...) -- cgit v1.2.3