diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2022-11-29 08:10:24 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2022-11-29 08:10:24 +0000 |
| commit | 79b3ae110968e0b65c1cc9aa43c743492f120941 (patch) | |
| tree | 6a9b6d4b645e93771ca3e921ffb02e93c0daa373 | |
| parent | 09c86d39b8f2b9ff01563e65329588e27fa4b8d0 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/list | 311 |
1 files changed, 227 insertions, 84 deletions
diff --git a/data/CVE/list b/data/CVE/list index cddd05ceff..2c52bc1f03 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,149 @@ +CVE-2022-46309 + RESERVED +CVE-2022-46308 + RESERVED +CVE-2022-46307 + RESERVED +CVE-2022-46306 + RESERVED +CVE-2022-46305 + RESERVED +CVE-2022-46304 + RESERVED +CVE-2022-46295 + RESERVED +CVE-2022-46294 + RESERVED +CVE-2022-46293 + RESERVED +CVE-2022-46292 + RESERVED +CVE-2022-46291 + RESERVED +CVE-2022-46290 + RESERVED +CVE-2022-46289 + RESERVED +CVE-2022-46280 + RESERVED +CVE-2022-46278 + RESERVED +CVE-2022-46277 + RESERVED +CVE-2022-46276 + RESERVED +CVE-2022-46275 + RESERVED +CVE-2022-46274 + RESERVED +CVE-2022-46273 + RESERVED +CVE-2022-46272 + RESERVED +CVE-2022-46271 + RESERVED +CVE-2022-46270 + RESERVED +CVE-2022-46269 + RESERVED +CVE-2022-46268 + RESERVED +CVE-2022-46267 + RESERVED +CVE-2022-46266 + RESERVED +CVE-2022-45445 + RESERVED +CVE-2022-45346 + RESERVED +CVE-2022-45119 + RESERVED +CVE-2022-44615 + RESERVED +CVE-2022-44453 + RESERVED +CVE-2022-44451 + RESERVED +CVE-2022-43664 + RESERVED +CVE-2022-43663 + RESERVED +CVE-2022-43503 + RESERVED +CVE-2022-43467 + RESERVED +CVE-2022-42885 + RESERVED +CVE-2022-42489 + RESERVED +CVE-2022-4201 + RESERVED +CVE-2022-4200 + RESERVED +CVE-2022-4199 + RESERVED +CVE-2022-4198 + RESERVED +CVE-2022-4197 + RESERVED +CVE-2022-4196 + RESERVED +CVE-2022-4195 + RESERVED +CVE-2022-4194 + RESERVED +CVE-2022-4193 + RESERVED +CVE-2022-4192 + RESERVED +CVE-2022-4191 + RESERVED +CVE-2022-4190 + RESERVED +CVE-2022-4189 + RESERVED +CVE-2022-4188 + RESERVED +CVE-2022-4187 + RESERVED +CVE-2022-4186 + RESERVED +CVE-2022-4185 + RESERVED +CVE-2022-4184 + RESERVED +CVE-2022-4183 + RESERVED +CVE-2022-4182 + RESERVED +CVE-2022-4181 + RESERVED +CVE-2022-4180 + RESERVED +CVE-2022-41795 + RESERVED +CVE-2022-41793 + RESERVED +CVE-2022-4179 + RESERVED +CVE-2022-4178 + RESERVED +CVE-2022-4177 + RESERVED +CVE-2022-4176 + RESERVED +CVE-2022-4175 + RESERVED +CVE-2022-4174 + RESERVED +CVE-2022-4173 + RESERVED +CVE-2022-4172 + RESERVED +CVE-2022-40973 + RESERVED +CVE-2022-37331 + RESERVED CVE-2022-46265 RESERVED CVE-2022-46264 @@ -234,8 +380,8 @@ CVE-2022-46149 RESERVED CVE-2022-46148 RESERVED -CVE-2022-46147 - RESERVED +CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style problem, wher ...) + TODO: check CVE-2022-46146 RESERVED CVE-2022-46145 @@ -746,8 +892,8 @@ CVE-2022-45923 RESERVED CVE-2022-45922 RESERVED -CVE-2022-45921 - RESERVED +CVE-2022-45921 (FusionAuth before 1.41.3 allows a file outside of the application root ...) + TODO: check CVE-2022-45920 RESERVED CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In drivers ...) @@ -1055,18 +1201,15 @@ CVE-2022-4131 RESERVED CVE-2022-4130 RESERVED -CVE-2022-4129 - RESERVED +CVE-2022-4129 (A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2T ...) - linux <unfixed> NOTE: https://lore.kernel.org/all/20221114191619.124659-1-jakub@cloudflare.com/t -CVE-2022-4128 - RESERVED +CVE-2022-4128 (A NULL pointer dereference issue was discovered in the Linux kernel in ...) - linux 5.18.14-1 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5c835bb142d4013c2ab24bff5ae9f6709a39cbcf (5.19-rc7) -CVE-2022-4127 - RESERVED +CVE-2022-4127 (A NULL pointer dereference issue was discovered in the Linux kernel in ...) - linux <not-affected> (Vulnerable code only in 5.19-rcX versions) NOTE: https://git.kernel.org/linus/d785a773bed966a75ca1f11d108ae1897189975b (5.19-rc6) CVE-2022-4126 @@ -2073,8 +2216,8 @@ CVE-2021-4241 (A vulnerability, which was classified as problematic, was found i NOT-FOR-US: phpservermon CVE-2021-4240 (A vulnerability, which was classified as problematic, was found in php ...) NOT-FOR-US: phpservermon -CVE-2022-45442 - RESERVED +CVE-2022-45442 (Sinatra is a domain-specific language for creating web applications in ...) + TODO: check CVE-2022-45441 RESERVED CVE-2022-45440 @@ -2622,8 +2765,8 @@ CVE-2022-45331 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnera NOT-FOR-US: AeroCMS CVE-2022-45330 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) NOT-FOR-US: AeroCMS -CVE-2022-45329 - RESERVED +CVE-2022-45329 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) + TODO: check CVE-2022-45328 RESERVED CVE-2022-45327 @@ -2666,20 +2809,20 @@ CVE-2022-45309 RESERVED CVE-2022-45308 RESERVED -CVE-2022-45307 - RESERVED -CVE-2022-45306 - RESERVED -CVE-2022-45305 - RESERVED -CVE-2022-45304 - RESERVED +CVE-2022-45307 (Insecure permissions in Chocolatey PHP package v8.1.12 and below grant ...) + TODO: check +CVE-2022-45306 (Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.21 ...) + TODO: check +CVE-2022-45305 (Insecure permissions in Chocolatey Python3 package v3.11.0 and below g ...) + TODO: check +CVE-2022-45304 (Insecure permissions in Chocolatey Cmder package v1.3.20 and below gra ...) + TODO: check CVE-2022-45303 RESERVED CVE-2022-45302 RESERVED -CVE-2022-45301 - RESERVED +CVE-2022-45301 (Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below gra ...) + TODO: check CVE-2022-45300 RESERVED CVE-2022-45299 @@ -2832,14 +2975,14 @@ CVE-2022-45226 RESERVED CVE-2022-45225 (Book Store Management System v1.0 was discovered to contain a cross-si ...) NOT-FOR-US: Book Store Management System -CVE-2022-45224 - RESERVED -CVE-2022-45223 - RESERVED +CVE-2022-45224 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...) + TODO: check +CVE-2022-45223 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...) + TODO: check CVE-2022-45222 RESERVED -CVE-2022-45221 - RESERVED +CVE-2022-45221 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...) + TODO: check CVE-2022-45220 RESERVED CVE-2022-45219 @@ -2852,8 +2995,8 @@ CVE-2022-45216 RESERVED CVE-2022-45215 RESERVED -CVE-2022-45214 - RESERVED +CVE-2022-45214 (A cross-site scripting (XSS) vulnerability in Sanitization Management ...) + TODO: check CVE-2022-45213 RESERVED CVE-2022-45212 @@ -2872,12 +3015,12 @@ CVE-2022-45206 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vuln NOT-FOR-US: Jeecg-boot CVE-2022-45205 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Jeecg-boot -CVE-2022-45204 - RESERVED +CVE-2022-45204 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a mem ...) + TODO: check CVE-2022-45203 RESERVED -CVE-2022-45202 - RESERVED +CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a sta ...) + TODO: check CVE-2022-45201 RESERVED CVE-2022-45200 @@ -3724,8 +3867,8 @@ CVE-2022-44939 RESERVED CVE-2022-44938 RESERVED -CVE-2022-44937 - RESERVED +CVE-2022-44937 (Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery ...) + TODO: check CVE-2022-44936 RESERVED CVE-2022-44935 @@ -6949,10 +7092,10 @@ CVE-2022-44040 RESERVED CVE-2022-44039 RESERVED -CVE-2022-44038 - RESERVED -CVE-2022-44037 - RESERVED +CVE-2022-44038 (Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remo ...) + TODO: check +CVE-2022-44037 (An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) ...) + TODO: check CVE-2022-44036 RESERVED CVE-2022-44035 @@ -10667,8 +10810,8 @@ CVE-2022-43328 (Canteen Management System v1.0 was discovered to contain a SQL i NOT-FOR-US: Canteen Management System CVE-2022-43327 RESERVED -CVE-2022-43326 - RESERVED +CVE-2022-43326 (An Insecure Direct Object Reference (IDOR) vulnerability in the passwo ...) + TODO: check CVE-2022-43325 RESERVED CVE-2022-43324 @@ -13827,8 +13970,8 @@ CVE-2022-42111 (A Cross-site scripting (XSS) vulnerability in the Sharing module NOT-FOR-US: Liferay CVE-2022-42110 (A Cross-site scripting (XSS) vulnerability in the Announcements module ...) NOT-FOR-US: Liferay -CVE-2022-42109 - RESERVED +CVE-2022-42109 (Online-shopping-system-advanced 1.0 was discovered to contain a SQL in ...) + TODO: check CVE-2022-42108 RESERVED CVE-2022-42107 @@ -13845,10 +13988,10 @@ CVE-2022-42102 RESERVED CVE-2022-42101 RESERVED -CVE-2022-42100 - RESERVED -CVE-2022-42099 - RESERVED +CVE-2022-42100 (KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that all ...) + TODO: check +CVE-2022-42099 (KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that all ...) + TODO: check CVE-2022-42098 (KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection ...) NOT-FOR-US: KLiK SocialMediaWebsite CVE-2022-42097 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) @@ -14140,8 +14283,8 @@ CVE-2022-41967 RESERVED CVE-2022-41966 RESERVED -CVE-2022-41965 - RESERVED +CVE-2022-41965 (Opencast is a free, open-source platform to support the management of ...) + TODO: check CVE-2022-41964 RESERVED CVE-2022-41963 @@ -14890,10 +15033,10 @@ CVE-2022-3348 (Just like in the previous report, an attacker could steal the acc NOT-FOR-US: ToolJet CVE-2021-46841 RESERVED -CVE-2022-41676 - RESERVED -CVE-2022-41675 - RESERVED +CVE-2022-41676 (Raiden MAILD Mail Server website mail field has insufficient filtering ...) + TODO: check +CVE-2022-41675 (A remote attacker with general user privilege can inject malicious cod ...) + TODO: check CVE-2022-41674 (An issue was discovered in the Linux kernel before 5.19.16. Attackers ...) {DSA-5257-1 DLA-3173-1} - linux 6.0.2-1 @@ -15157,8 +15300,8 @@ CVE-2021-46839 (The HW_KEYMASTER module has a vulnerability of missing bounds ch NOT-FOR-US: Huawei CVE-2020-36605 (Incorrect Default Permissions vulnerability in Hitachi Infrastructure ...) NOT-FOR-US: Hitachi -CVE-2022-41568 - RESERVED +CVE-2022-41568 (LINE client for iOS before 12.17.0 might be crashed by sharing an inva ...) + TODO: check CVE-2022-41567 RESERVED CVE-2022-41566 @@ -17060,8 +17203,8 @@ CVE-2022-40801 RESERVED CVE-2022-40800 RESERVED -CVE-2022-40799 - RESERVED +CVE-2022-40799 (Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.6 ...) + TODO: check CVE-2022-40798 (OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a req ...) NOT-FOR-US: OcoMon CVE-2022-40797 (Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, be ...) @@ -18517,8 +18660,8 @@ CVE-2022-38460 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) v NOT-FOR-US: WordPress plugin CVE-2022-38144 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpFor ...) NOT-FOR-US: WordPress plugin -CVE-2022-38140 - RESERVED +CVE-2022-38140 (Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly S ...) + TODO: check CVE-2022-38139 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Stati ...) NOT-FOR-US: WordPress plugin CVE-2022-38137 (Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin &l ...) @@ -21049,8 +21192,8 @@ CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson NOT-FOR-US: Red Lion Controls Crimson CVE-2022-3089 RESERVED -CVE-2022-3088 - RESERVED +CVE-2022-3088 (UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Imag ...) + TODO: check CVE-2022-3087 RESERVED CVE-2022-3086 @@ -22214,8 +22357,8 @@ CVE-2022-38755 (A vulnerability has been identified in Micro Focus Filr in versi NOT-FOR-US: Micro Focus CVE-2022-38754 RESERVED -CVE-2022-38753 - RESERVED +CVE-2022-38753 (This update resolves a multi-factor authentication bypass attack ...) + TODO: check CVE-2022-2999 RESERVED CVE-2022-2998 (Use after free in Browser Creation in Google Chrome prior to 104.0.511 ...) @@ -29455,10 +29598,10 @@ CVE-2022-36139 (SWFMill commit 53d7690 was discovered to contain a heap-buffer o NOTE: https://github.com/djcsdy/swfmill/issues/56 CVE-2022-36138 RESERVED -CVE-2022-36137 - RESERVED -CVE-2022-36136 - RESERVED +CVE-2022-36137 (ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers t ...) + TODO: check +CVE-2022-36136 (ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers t ...) + TODO: check CVE-2022-36135 RESERVED CVE-2022-36134 @@ -32953,8 +33096,8 @@ CVE-2022-34837 (Storing Passwords in a Recoverable Format vulnerability in ABB Z NOT-FOR-US: ABB Zenon CVE-2022-34836 (Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the use ...) NOT-FOR-US: ABB Zenon -CVE-2022-34654 - RESERVED +CVE-2022-34654 (Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notifi ...) + TODO: check CVE-2022-34650 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2022-34487 (Unauthenticated Arbitrary Option Update vulnerability in biplob018's S ...) @@ -37962,10 +38105,10 @@ CVE-2022-32969 (MetaMask before 10.11.3 might allow an attacker to access a user NOT-FOR-US: MetaTask CVE-2022-32968 RESERVED -CVE-2022-32967 - RESERVED -CVE-2022-32966 - RESERVED +CVE-2022-32967 (RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An un ...) + TODO: check +CVE-2022-32966 (RTL8168FP-CG Dash remote management function has missing authorization ...) + TODO: check CVE-2022-32965 (OMICARD EDM has a hard-coded machine key. An unauthenticated remote at ...) NOT-FOR-US: OMICARD EDM CVE-2022-32964 (OMICARD EDM’s API function has insufficient validation for user ...) @@ -63934,14 +64077,14 @@ CVE-2022-24191 (In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function NOTE: https://github.com/michaelrsweet/htmldoc/commit/fb0334a51300988e9b83b9870d4063e86002b077 (v1.9.15) NOTE: https://github.com/michaelrsweet/htmldoc/issues/470 NOTE: Hang in CLI tool, no security impact -CVE-2022-24190 - RESERVED -CVE-2022-24189 - RESERVED -CVE-2022-24188 - RESERVED -CVE-2022-24187 - RESERVED +CVE-2022-24190 (The /device/acceptBind end-point for Ourphoto App version 1.4.1 does n ...) + TODO: check +CVE-2022-24189 (The user_token authorization header on the Ourphoto App version 1.4.1 ...) + TODO: check +CVE-2022-24188 (The /device/signin end-point for the Ourphoto App version 1.4.1 disclo ...) + TODO: check +CVE-2022-24187 (The user_id and device_id on the Ourphoto App version 1.4.1 /device/* ...) + TODO: check CVE-2022-24186 RESERVED CVE-2022-24185 |