From 6eaca7e3f41afd72afe37f6fb66dd126d5219280 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 22 Jun 2022 20:10:30 +0000 Subject: automatic update --- data/CVE/list | 504 +++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 326 insertions(+), 178 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 57051cebc7..a5aeac1d95 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,145 @@ +CVE-2022-34327 + RESERVED +CVE-2022-34326 + RESERVED +CVE-2022-34325 + RESERVED +CVE-2022-34324 + RESERVED +CVE-2022-34323 + RESERVED +CVE-2022-34322 + RESERVED +CVE-2022-34321 + RESERVED +CVE-2022-34320 + RESERVED +CVE-2022-34319 + RESERVED +CVE-2022-34318 + RESERVED +CVE-2022-34317 + RESERVED +CVE-2022-34316 + RESERVED +CVE-2022-34315 + RESERVED +CVE-2022-34314 + RESERVED +CVE-2022-34313 + RESERVED +CVE-2022-34312 + RESERVED +CVE-2022-34311 + RESERVED +CVE-2022-34310 + RESERVED +CVE-2022-34309 + RESERVED +CVE-2022-34308 + RESERVED +CVE-2022-34307 + RESERVED +CVE-2022-34306 + RESERVED +CVE-2022-34305 + RESERVED +CVE-2022-34304 + RESERVED +CVE-2022-34303 + RESERVED +CVE-2022-34302 + RESERVED +CVE-2022-34301 + RESERVED +CVE-2022-34300 (In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::D ...) + TODO: check +CVE-2022-34299 (There is a heap-based buffer over-read in libdwarf 0.4.0. This issue i ...) + TODO: check +CVE-2022-34298 (The NT auth module in OpenAM before 14.6.6 allows a "replace Samba use ...) + TODO: check +CVE-2022-34297 + RESERVED +CVE-2022-34296 (In Zalando Skipper before 0.13.218, a query predicate could be bypasse ...) + TODO: check +CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...) + TODO: check +CVE-2022-34294 + RESERVED +CVE-2022-34293 + RESERVED +CVE-2022-34292 + RESERVED +CVE-2022-34291 + RESERVED +CVE-2022-34290 + RESERVED +CVE-2022-34289 + RESERVED +CVE-2022-34288 + RESERVED +CVE-2022-34287 + RESERVED +CVE-2022-34286 + RESERVED +CVE-2022-34285 + RESERVED +CVE-2022-34284 + RESERVED +CVE-2022-34283 + RESERVED +CVE-2022-34282 + RESERVED +CVE-2022-34281 + RESERVED +CVE-2022-34280 + RESERVED +CVE-2022-34279 + RESERVED +CVE-2022-34278 + RESERVED +CVE-2022-34277 + RESERVED +CVE-2022-34276 + RESERVED +CVE-2022-34275 + RESERVED +CVE-2022-34274 + RESERVED +CVE-2022-34273 + RESERVED +CVE-2022-34272 + RESERVED +CVE-2022-34271 + RESERVED +CVE-2022-2180 + RESERVED +CVE-2022-2179 + RESERVED +CVE-2022-2178 + RESERVED +CVE-2022-2177 + RESERVED +CVE-2022-2176 + RESERVED +CVE-2022-2175 + RESERVED +CVE-2022-2174 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) + TODO: check +CVE-2022-2173 + RESERVED +CVE-2022-2172 + RESERVED +CVE-2022-2171 + RESERVED +CVE-2022-2170 + RESERVED +CVE-2022-2169 + RESERVED +CVE-2022-2168 + RESERVED +CVE-2022-2167 + RESERVED CVE-2022-34270 RESERVED CVE-2022-34269 @@ -112,94 +254,94 @@ CVE-2022-34215 RESERVED CVE-2022-34214 RESERVED -CVE-2022-34213 - RESERVED -CVE-2022-34212 - RESERVED -CVE-2022-34211 - RESERVED -CVE-2022-34210 - RESERVED -CVE-2022-34209 - RESERVED -CVE-2022-34208 - RESERVED -CVE-2022-34207 - RESERVED -CVE-2022-34206 - RESERVED -CVE-2022-34205 - RESERVED -CVE-2022-34204 - RESERVED -CVE-2022-34203 - RESERVED -CVE-2022-34202 - RESERVED -CVE-2022-34201 - RESERVED -CVE-2022-34200 - RESERVED -CVE-2022-34199 - RESERVED -CVE-2022-34198 - RESERVED -CVE-2022-34197 - RESERVED -CVE-2022-34196 - RESERVED -CVE-2022-34195 - RESERVED -CVE-2022-34194 - RESERVED -CVE-2022-34193 - RESERVED -CVE-2022-34192 - RESERVED -CVE-2022-34191 - RESERVED -CVE-2022-34190 - RESERVED -CVE-2022-34189 - RESERVED -CVE-2022-34188 - RESERVED -CVE-2022-34187 - RESERVED -CVE-2022-34186 - RESERVED -CVE-2022-34185 - RESERVED -CVE-2022-34184 - RESERVED -CVE-2022-34183 - RESERVED -CVE-2022-34182 - RESERVED -CVE-2022-34181 - RESERVED -CVE-2022-34180 - RESERVED -CVE-2022-34179 - RESERVED -CVE-2022-34178 - RESERVED -CVE-2022-34177 - RESERVED -CVE-2022-34176 - RESERVED -CVE-2022-34175 - RESERVED -CVE-2022-34174 - RESERVED -CVE-2022-34173 - RESERVED -CVE-2022-34172 - RESERVED -CVE-2022-34171 - RESERVED -CVE-2022-34170 - RESERVED +CVE-2022-34213 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier ...) + TODO: check +CVE-2022-34212 (A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 ...) + TODO: check +CVE-2022-34211 (A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize ...) + TODO: check +CVE-2022-34210 (A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earli ...) + TODO: check +CVE-2022-34209 (A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix ...) + TODO: check +CVE-2022-34208 (A missing permission check in Jenkins Beaker builder Plugin 1.10 and e ...) + TODO: check +CVE-2022-34207 (A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker bu ...) + TODO: check +CVE-2022-34206 (A missing permission check in Jenkins Jianliao Notification Plugin 1.1 ...) + TODO: check +CVE-2022-34205 (A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao ...) + TODO: check +CVE-2022-34204 (A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier al ...) + TODO: check +CVE-2022-34203 (A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Pl ...) + TODO: check +CVE-2022-34202 (Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypte ...) + TODO: check +CVE-2022-34201 (A missing permission check in Jenkins Convertigo Mobile Platform Plugi ...) + TODO: check +CVE-2022-34200 (A cross-site request forgery (CSRF) vulnerability in Jenkins Convertig ...) + TODO: check +CVE-2022-34199 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passw ...) + TODO: check +CVE-2022-34198 (Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escap ...) + TODO: check +CVE-2022-34197 (Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the na ...) + TODO: check +CVE-2022-34196 (Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape t ...) + TODO: check +CVE-2022-34195 (Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape ...) + TODO: check +CVE-2022-34194 (Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape th ...) + TODO: check +CVE-2022-34193 (Jenkins Package Version Plugin 1.0.1 and earlier does not escape the n ...) + TODO: check +CVE-2022-34192 (Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the n ...) + TODO: check +CVE-2022-34191 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and ea ...) + TODO: check +CVE-2022-34190 (Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and ear ...) + TODO: check +CVE-2022-34189 (Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape th ...) + TODO: check +CVE-2022-34188 (Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the ...) + TODO: check +CVE-2022-34187 (Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not es ...) + TODO: check +CVE-2022-34186 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier doe ...) + TODO: check +CVE-2022-34185 (Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the na ...) + TODO: check +CVE-2022-34184 (Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not e ...) + TODO: check +CVE-2022-34183 (Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape ...) + TODO: check +CVE-2022-34182 (Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not ...) + TODO: check +CVE-2022-34181 (Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controll ...) + TODO: check +CVE-2022-34180 (Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not corr ...) + TODO: check +CVE-2022-34179 (Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specif ...) + TODO: check +CVE-2022-34178 (Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link ...) + TODO: check +CVE-2022-34177 (Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier a ...) + TODO: check +CVE-2022-34176 (Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape ...) + TODO: check +CVE-2022-34175 (Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some ...) + TODO: check +CVE-2022-34174 (In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable t ...) + TODO: check +CVE-2022-34173 (In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the bui ...) + TODO: check +CVE-2022-34172 (In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons une ...) + TODO: check +CVE-2022-34171 (In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 throug ...) + TODO: check +CVE-2022-34170 (In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 throug ...) + TODO: check CVE-2022-2166 RESERVED CVE-2022-34169 @@ -214,31 +356,37 @@ CVE-2022-33208 RESERVED CVE-2022-2165 RESERVED + {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2164 RESERVED + {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2163 RESERVED + {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2162 RESERVED + {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2161 RESERVED + {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2160 RESERVED + {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) @@ -246,16 +394,19 @@ CVE-2022-2159 RESERVED CVE-2022-2158 RESERVED + {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2157 RESERVED + {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2156 RESERVED + {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) @@ -683,7 +834,7 @@ CVE-2022-33989 RESERVED CVE-2022-33988 RESERVED -CVE-2022-33987 (The got package before 12.1.0 for Node.js allows a redirect to a UNIX ...) +CVE-2022-33987 (The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allow ...) - node-got (bug #1013264) [bullseye] - node-got (Minor issue) [buster] - node-got (Minor issue) @@ -2735,8 +2886,8 @@ CVE-2022-33107 RESERVED CVE-2022-33106 RESERVED -CVE-2022-33105 - RESERVED +CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the component s ...) + TODO: check CVE-2022-33104 RESERVED CVE-2022-33103 @@ -2805,14 +2956,14 @@ CVE-2022-33072 RESERVED CVE-2022-33071 RESERVED -CVE-2022-33070 - RESERVED -CVE-2022-33069 - RESERVED -CVE-2022-33068 - RESERVED -CVE-2022-33067 - RESERVED +CVE-2022-33070 (Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shif ...) + TODO: check +CVE-2022-33069 (Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder ...) + TODO: check +CVE-2022-33068 (An integer overflow in the component hb-ot-shape-fallback.cc of Harfbu ...) + TODO: check +CVE-2022-33067 (Lrzip v0.651 was discovered to contain multiple invalid arithmetic shi ...) + TODO: check CVE-2022-33066 RESERVED CVE-2022-33065 @@ -2877,28 +3028,28 @@ CVE-2022-33036 RESERVED CVE-2022-33035 RESERVED -CVE-2022-33034 - RESERVED -CVE-2022-33033 - RESERVED -CVE-2022-33032 - RESERVED +CVE-2022-33034 (LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-33033 (LibreDWG v0.12.4.4608 was discovered to contain a double-free via the ...) + TODO: check +CVE-2022-33032 (LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow ...) + TODO: check CVE-2022-33031 RESERVED CVE-2022-33030 RESERVED CVE-2022-33029 RESERVED -CVE-2022-33028 - RESERVED -CVE-2022-33027 - RESERVED -CVE-2022-33026 - RESERVED -CVE-2022-33025 - RESERVED -CVE-2022-33024 - RESERVED +CVE-2022-33028 (LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow ...) + TODO: check +CVE-2022-33027 (LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free ...) + TODO: check +CVE-2022-33026 (LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow ...) + TODO: check +CVE-2022-33025 (LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free ...) + TODO: check +CVE-2022-33024 (There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_ ...) + TODO: check CVE-2022-33023 RESERVED CVE-2022-33022 @@ -3945,12 +4096,12 @@ CVE-2022-32556 RESERVED CVE-2022-32555 RESERVED -CVE-2022-32554 - RESERVED -CVE-2022-32553 - RESERVED -CVE-2022-32552 - RESERVED +CVE-2022-32554 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...) + TODO: check +CVE-2022-32553 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...) + TODO: check +CVE-2022-32552 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...) + TODO: check CVE-2022-30944 RESERVED CVE-2022-30601 @@ -3975,8 +4126,7 @@ CVE-2022-32551 RESERVED CVE-2022-32550 (An issue was discovered in AgileBits 1Password, involving the method v ...) NOT-FOR-US: AgileBits 1Password -CVE-2022-32549 - RESERVED +CVE-2022-32549 (Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 ...) NOT-FOR-US: Apache Sling CVE-2022-32289 RESERVED @@ -4082,12 +4232,12 @@ CVE-2017-20047 (A vulnerability classified as problematic was found in AXIS P120 NOT-FOR-US: AXIS CVE-2017-20046 (A vulnerability classified as problematic has been found in AXIS P1204 ...) NOT-FOR-US: AXIS -CVE-2022-32536 - RESERVED -CVE-2022-32535 - RESERVED -CVE-2022-32534 - RESERVED +CVE-2022-32536 (The user access rights validation in the web server of the Bosch Ether ...) + TODO: check +CVE-2022-32535 (The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 run ...) + TODO: check +CVE-2022-32534 (The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and ...) + TODO: check CVE-2022-32533 RESERVED CVE-2022-32532 @@ -4812,7 +4962,7 @@ CVE-2022-32285 (A vulnerability has been identified in Mendix SAML Module (Mendi CVE-2022-32279 RESERVED CVE-2022-32278 (XFCE 4.16 allows attackers to execute arbitrary code because xdg-open ...) - {DSA-5164-1} + {DSA-5164-1 DLA-3056-1} - exo 4.16.4-1 (bug #1013129) NOTE: https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f (exo-4.16.4) CVE-2022-32277 @@ -5172,8 +5322,8 @@ CVE-2022-32161 RESERVED CVE-2022-32160 RESERVED -CVE-2022-32159 - RESERVED +CVE-2022-32159 (In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are ...) + TODO: check CVE-2022-1963 RESERVED CVE-2021-4233 @@ -6062,8 +6212,8 @@ CVE-2022-31789 RESERVED CVE-2022-31788 (IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccess ...) NOT-FOR-US: IdeaLMS -CVE-2022-31787 - RESERVED +CVE-2022-31787 (IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO ...) + TODO: check CVE-2022-31786 (IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaL ...) NOT-FOR-US: IdeaLMS CVE-2022-31785 @@ -7306,8 +7456,8 @@ CVE-2022-31397 RESERVED CVE-2022-31396 RESERVED -CVE-2022-31395 - RESERVED +CVE-2022-31395 (Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware ...) + TODO: check CVE-2022-31394 RESERVED CVE-2022-31393 (Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forger ...) @@ -7372,10 +7522,10 @@ CVE-2022-31364 RESERVED CVE-2022-31363 RESERVED -CVE-2022-31362 - RESERVED -CVE-2022-31361 - RESERVED +CVE-2022-31362 (** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and be ...) + TODO: check +CVE-2022-31361 (** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and be ...) + TODO: check CVE-2022-31360 RESERVED CVE-2022-31359 @@ -7522,7 +7672,7 @@ CVE-2022-31291 (An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allow NOTE: https://github.com/COVESA/dlt-daemon/commit/6a3bd901d825c7206797e36ea98e10a218f5aad2 CVE-2022-31290 RESERVED -CVE-2022-31289 (https://ossindex.sonatype.org/ Sonatype Nexus Repository Manager OSS 3 ...) +CVE-2022-31289 (** DISPUTED ** https://ossindex.sonatype.org/ Sonatype Nexus Repositor ...) NOT-FOR-US: Sonatype Nexus Repository Manager OSS CVE-2022-31288 RESERVED @@ -7683,8 +7833,7 @@ CVE-2022-31250 RESERVED CVE-2022-31249 RESERVED -CVE-2022-31248 - RESERVED +CVE-2022-31248 (A Observable Response Discrepancy vulnerability in spacewalk-java of S ...) NOT-FOR-US: Uyuni CVE-2022-31247 RESERVED @@ -7780,6 +7929,7 @@ CVE-2022-1798 CVE-2022-31215 (In certain Goverlan products, the Windows Firewall is temporarily turn ...) NOT-FOR-US: Goverlan CVE-2022-31214 (A Privilege Context Switching issue was discovered in join.c in Fireja ...) + {DSA-5167-1} - firejail 0.9.68-4 (bug #1012510) NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/10 NOTE: https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50 (0.9.70) @@ -12746,8 +12896,7 @@ CVE-2022-1418 (The Social Stickers WordPress plugin through 2.2.9 does not have NOT-FOR-US: WordPress plugin CVE-2022-29527 (Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable ...) NOT-FOR-US: Amazon AWS amazon-ssm-agent -CVE-2022-29526 - RESERVED +CVE-2022-29526 (Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Ass ...) - golang-1.18 1.18.2-1 - golang-1.17 1.17.10-1 - golang-1.15 @@ -27423,7 +27572,7 @@ CVE-2022-24425 RESERVED CVE-2022-24424 (Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vul ...) NOT-FOR-US: EMC -CVE-2022-24423 (Dell EMC iDRAC8 versions 2.81.81 and earlier contain a denial of servi ...) +CVE-2022-24423 (Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service v ...) NOT-FOR-US: EMC CVE-2022-24422 (Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, con ...) NOT-FOR-US: Dell @@ -32649,16 +32798,16 @@ CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster File NOT-FOR-US: NetMaster CVE-2022-23082 (In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path trave ...) NOT-FOR-US: WhiteSource CureKit -CVE-2022-23081 - RESERVED -CVE-2022-23080 - RESERVED -CVE-2022-23079 - RESERVED -CVE-2022-23078 - RESERVED -CVE-2022-23077 - RESERVED +CVE-2022-23081 (In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are ...) + TODO: check +CVE-2022-23080 (In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to ser ...) + TODO: check +CVE-2022-23079 (In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host he ...) + TODO: check +CVE-2022-23078 (In habitica versions v4.119.0 through v4.232.2 are vulnerable to open ...) + TODO: check +CVE-2022-23077 (In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM X ...) + TODO: check CVE-2022-23076 RESERVED CVE-2022-23075 @@ -32695,14 +32844,14 @@ CVE-2022-23060 (A Stored Cross Site Scripting (XSS) vulnerability exists in Shop NOT-FOR-US: Shopizer CVE-2022-23059 (A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer v ...) NOT-FOR-US: Shopizer -CVE-2022-23058 - RESERVED -CVE-2022-23057 - RESERVED -CVE-2022-23056 - RESERVED -CVE-2022-23055 - RESERVED +CVE-2022-23058 (ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulne ...) + TODO: check +CVE-2022-23057 (In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-S ...) + TODO: check +CVE-2022-23056 (In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable t ...) + TODO: check +CVE-2022-23055 (In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Mi ...) + TODO: check CVE-2022-23054 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...) NOT-FOR-US: Openmct CVE-2022-23053 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...) @@ -32899,8 +33048,8 @@ CVE-2022-22982 RESERVED CVE-2022-22981 RESERVED -CVE-2022-22980 - RESERVED +CVE-2022-22980 (A Spring Data MongoDB application is vulnerable to SpEL Injection when ...) + TODO: check CVE-2022-22979 (In Spring Cloud Function versions prior to 3.2.6, it is possible for a ...) TODO: check CVE-2022-22978 (In Spring Security versions 5.5.6 and 5.6.3 and older unsupported vers ...) @@ -32933,8 +33082,8 @@ CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and [buster] - libspring-java (Minor issue) [stretch] - libspring-java (EOL'd for stretch) NOTE: https://tanzu.vmware.com/security/cve-2022-22968 -CVE-2022-22967 - RESERVED +CVE-2022-22967 (An issue was discovered in SaltStack Salt in versions before 3002.9, 3 ...) + TODO: check CVE-2022-22966 (An authenticated, high privileged malicious actor with network access ...) NOT-FOR-US: VMware CVE-2022-22965 (A Spring MVC or Spring WebFlux application running on JDK 9+ may be vu ...) @@ -38930,8 +39079,7 @@ CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect acces NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1) CVE-2022-21953 RESERVED -CVE-2022-21952 - RESERVED +CVE-2022-21952 (An Uncontrolled Resource Consumption vulnerability in spacewalk-java o ...) NOT-FOR-US: Uyuni CVE-2022-21951 (A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, ...) NOT-FOR-US: Rancher @@ -46991,8 +47139,8 @@ CVE-2022-20653 (A vulnerability in the DNS-based Authentication of Named Entitie NOT-FOR-US: Cisco CVE-2022-20652 RESERVED -CVE-2022-20651 - RESERVED +CVE-2022-20651 (A vulnerability in the logging component of Cisco Adaptive Security De ...) + TODO: check CVE-2022-20650 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) NOT-FOR-US: Cisco CVE-2022-20649 @@ -90343,12 +90491,12 @@ CVE-2021-26640 RESERVED CVE-2021-26639 RESERVED -CVE-2021-26638 - RESERVED -CVE-2021-26637 - RESERVED -CVE-2021-26636 - RESERVED +CVE-2021-26638 (Improper Authentication vulnerability in S&D smarthome(smartcare) ...) + TODO: check +CVE-2021-26637 (There is no account authentication and permission check logic in the f ...) + TODO: check +CVE-2021-26636 (Stored XSS and SQL injection vulnerability in MaxBoard could lead to o ...) + TODO: check CVE-2021-26635 (In the code that verifies the file size in the ark library, it is poss ...) TODO: check CVE-2021-26634 (SQL injection and file upload attacks are possible due to insufficient ...) -- cgit v1.2.3