From e39db614a808c0ba670f31757f35c434df8aa797 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 26 Sep 2022 20:10:28 +0000 Subject: automatic update --- data/CVE/list | 401 ++++++++++++++++++++++++++++++---------------------------- 1 file changed, 205 insertions(+), 196 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 7e07ee8f04..5008f13e42 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,55 @@ +CVE-2022-41557 + RESERVED +CVE-2022-41556 + RESERVED +CVE-2022-40690 + RESERVED +CVE-2022-3322 + RESERVED +CVE-2022-3321 + RESERVED +CVE-2022-3320 + RESERVED +CVE-2022-3319 + RESERVED +CVE-2022-3318 + RESERVED +CVE-2022-3317 + RESERVED +CVE-2022-3316 + RESERVED +CVE-2022-3315 + RESERVED +CVE-2022-3314 + RESERVED +CVE-2022-3313 + RESERVED +CVE-2022-3312 + RESERVED +CVE-2022-3311 + RESERVED +CVE-2022-3310 + RESERVED +CVE-2022-3309 + RESERVED +CVE-2022-3308 + RESERVED +CVE-2022-3307 + RESERVED +CVE-2022-3306 + RESERVED +CVE-2022-3305 + RESERVED +CVE-2022-3304 + RESERVED +CVE-2022-3303 + RESERVED +CVE-2022-3302 + RESERVED +CVE-2022-3301 (Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdif ...) + TODO: check +CVE-2022-3300 + RESERVED CVE-2022-41553 RESERVED CVE-2022-41552 @@ -420,8 +472,8 @@ CVE-2022-41344 RESERVED CVE-2022-40984 RESERVED -CVE-2022-3299 - RESERVED +CVE-2022-3299 (A vulnerability was found in Open5GS up to 2.4.10. It has been declare ...) + TODO: check CVE-2022-3298 RESERVED CVE-2022-41343 (registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote f ...) @@ -444,8 +496,8 @@ CVE-2022-3296 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to - vim NOTE: https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 NOTE: https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be (v9.0.0577) -CVE-2022-3295 - RESERVED +CVE-2022-3295 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + TODO: check CVE-2022-3294 RESERVED CVE-2022-3293 @@ -474,8 +526,8 @@ CVE-2022-41327 RESERVED CVE-2022-3291 RESERVED -CVE-2022-3290 - RESERVED +CVE-2022-3290 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...) + TODO: check CVE-2022-3289 RESERVED CVE-2022-3288 @@ -537,8 +589,8 @@ CVE-2022-3274 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rd - rdiffweb (bug #969974) CVE-2022-3273 RESERVED -CVE-2022-3272 - RESERVED +CVE-2022-3272 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...) + TODO: check CVE-2022-3271 RESERVED CVE-2022-3270 @@ -1312,7 +1364,7 @@ CVE-2022-40969 RESERVED CVE-2022-40962 RESERVED - {DSA-5237-1} + {DSA-5237-1 DLA-3121-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 @@ -1325,7 +1377,7 @@ CVE-2022-40961 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40961 CVE-2022-40960 RESERVED - {DSA-5237-1} + {DSA-5237-1 DLA-3121-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 @@ -1334,7 +1386,7 @@ CVE-2022-40960 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40960 CVE-2022-40959 RESERVED - {DSA-5237-1} + {DSA-5237-1 DLA-3121-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 @@ -1343,7 +1395,7 @@ CVE-2022-40959 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40959 CVE-2022-40958 RESERVED - {DSA-5237-1} + {DSA-5237-1 DLA-3121-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 @@ -1352,7 +1404,7 @@ CVE-2022-40958 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40958 CVE-2022-40957 RESERVED - {DSA-5237-1} + {DSA-5237-1 DLA-3121-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 @@ -1361,7 +1413,7 @@ CVE-2022-40957 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40957 CVE-2022-40956 RESERVED - {DSA-5237-1} + {DSA-5237-1 DLA-3121-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 @@ -1447,16 +1499,16 @@ CVE-2022-40930 RESERVED CVE-2022-40929 RESERVED -CVE-2022-40928 - RESERVED -CVE-2022-40927 - RESERVED -CVE-2022-40926 - RESERVED -CVE-2022-40925 - RESERVED -CVE-2022-40924 - RESERVED +CVE-2022-40928 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-40927 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-40926 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-40925 (Zoo Management System v1.0 has an arbitrary file upload vulnerability ...) + TODO: check +CVE-2022-40924 (Zoo Management System v1.0 has an arbitrary file upload vulnerability ...) + TODO: check CVE-2022-40923 RESERVED CVE-2022-40922 @@ -1733,10 +1785,10 @@ CVE-2022-40787 RESERVED CVE-2022-40786 RESERVED -CVE-2022-40785 - RESERVED -CVE-2022-40784 - RESERVED +CVE-2022-40785 (Unsanitized input when setting a locale file leads to shell injection ...) + TODO: check +CVE-2022-40784 (Unlimited strcpy on user input when setting a locale file leads to sta ...) + TODO: check CVE-2022-40783 RESERVED CVE-2022-40782 @@ -2155,8 +2207,7 @@ CVE-2022-3206 RESERVED CVE-2022-3205 (An XSS exists in automation controller UI where the project name is su ...) NOT-FOR-US: Red Hat Ansible Automation Controller -CVE-2022-3204 - RESERVED +CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation ...) - unbound 1.16.3-1 [bullseye] - unbound (Minor issue) [buster] - unbound (Minor issue) @@ -2169,38 +2220,31 @@ CVE-2022-3202 (A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Jo [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/a53046291020ec41e09181396c1e829287b48d47 (5.18-rc1) -CVE-2022-3201 - RESERVED +CVE-2022-3201 (Insufficient validation of untrusted input in DevTools in Google Chrom ...) {DSA-5230-1} - chromium 105.0.5195.125-1 [buster] - chromium (see DSA 5046) -CVE-2022-3200 - RESERVED +CVE-2022-3200 (Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195 ...) {DSA-5230-1} - chromium 105.0.5195.125-1 [buster] - chromium (see DSA 5046) -CVE-2022-3199 - RESERVED +CVE-2022-3199 (Use after free in Frames in Google Chrome prior to 105.0.5195.125 allo ...) {DSA-5230-1} - chromium 105.0.5195.125-1 [buster] - chromium (see DSA 5046) -CVE-2022-3198 - RESERVED +CVE-2022-3198 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...) {DSA-5230-1} - chromium 105.0.5195.125-1 [buster] - chromium (see DSA 5046) -CVE-2022-3197 - RESERVED +CVE-2022-3197 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...) {DSA-5230-1} - chromium 105.0.5195.125-1 [buster] - chromium (see DSA 5046) -CVE-2022-3196 - RESERVED +CVE-2022-3196 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...) {DSA-5230-1} - chromium 105.0.5195.125-1 [buster] - chromium (see DSA 5046) -CVE-2022-3195 - RESERVED +CVE-2022-3195 (Out of bounds write in Storage in Google Chrome prior to 105.0.5195.12 ...) {DSA-5230-1} - chromium 105.0.5195.125-1 [buster] - chromium (see DSA 5046) @@ -2547,12 +2591,12 @@ CVE-2022-40487 RESERVED CVE-2022-40486 RESERVED -CVE-2022-40485 - RESERVED -CVE-2022-40484 - RESERVED -CVE-2022-40483 - RESERVED +CVE-2022-40485 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) + TODO: check +CVE-2022-40484 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) + TODO: check +CVE-2022-40483 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) + TODO: check CVE-2022-40482 RESERVED CVE-2022-40481 @@ -2714,12 +2758,12 @@ CVE-2022-40406 RESERVED CVE-2022-40405 RESERVED -CVE-2022-40404 - RESERVED -CVE-2022-40403 - RESERVED -CVE-2022-40402 - RESERVED +CVE-2022-40404 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) + TODO: check +CVE-2022-40403 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) + TODO: check +CVE-2022-40402 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) + TODO: check CVE-2022-40401 RESERVED CVE-2022-40400 @@ -3552,10 +3596,10 @@ CVE-2022-40046 RESERVED CVE-2022-40045 RESERVED -CVE-2022-40044 - RESERVED -CVE-2022-40043 - RESERVED +CVE-2022-40044 (Centreon v20.10.18 was discovered to contain a cross-site scripting (X ...) + TODO: check +CVE-2022-40043 (Centreon v20.10.18 was discovered to contain a SQL injection vulnerabi ...) + TODO: check CVE-2022-40042 RESERVED CVE-2022-40041 @@ -3728,8 +3772,8 @@ CVE-2022-39961 RESERVED CVE-2022-39960 (The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not ...) NOT-FOR-US: Atlassian -CVE-2022-3135 - RESERVED +CVE-2022-3135 (The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise a ...) + TODO: check CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. ...) - vim (bug #1019590) [bullseye] - vim (Minor issue) @@ -4094,8 +4138,8 @@ CVE-2022-36423 (OpenHarmony-v3.1.2 and prior versions have an incorrect configur NOT-FOR-US: OpenHarmony CVE-2022-3120 (A vulnerability classified as critical was found in SourceCodester Cli ...) NOT-FOR-US: SourceCodester Clinics Patient Management System -CVE-2022-3119 - RESERVED +CVE-2022-3119 (The OAuth client Single Sign On WordPress plugin before 3.0.4 does not ...) + TODO: check CVE-2022-3118 (A vulnerability was found in Sourcecodehero ERP System Project. It has ...) NOT-FOR-US: Sourcecodehero ERP System Project CVE-2022-39808 @@ -4146,8 +4190,8 @@ CVE-2022-3105 RESERVED CVE-2022-3104 RESERVED -CVE-2022-3103 - RESERVED +CVE-2022-3103 (off-by-one in io_uring module. ...) + TODO: check CVE-2022-3102 RESERVED CVE-2022-3101 @@ -5261,12 +5305,12 @@ CVE-2022-39247 RESERVED CVE-2022-39246 RESERVED -CVE-2022-39245 - RESERVED +CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...) + TODO: check CVE-2022-39244 RESERVED -CVE-2022-39243 - RESERVED +CVE-2022-39243 (NuProcess is an external process execution implementation for Java. In ...) + TODO: check CVE-2022-39242 (Frontier is an Ethereum compatibility layer for Substrate. Prior to co ...) TODO: check CVE-2022-39241 @@ -5313,8 +5357,8 @@ CVE-2022-39221 (McWebserver mod runs a simple HTTP server alongside the Minecraf NOT-FOR-US: McWebserver CVE-2022-39220 (SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are su ...) NOT-FOR-US: SFTPGo -CVE-2022-39219 - RESERVED +CVE-2022-39219 (Bifrost is a middleware package which can synchronize MySQL/MariaDB bi ...) + TODO: check CVE-2022-39218 (The JS Compute Runtime for Fastly's Compute@Edge platform provides the ...) NOT-FOR-US: Fastly CVE-2022-39217 (some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub ...) @@ -5368,8 +5412,8 @@ CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360. .. [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e NOTE: https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c (v9.0.0360) -CVE-2022-3098 - RESERVED +CVE-2022-3098 (The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF ...) + TODO: check CVE-2022-3097 RESERVED CVE-2022-3096 @@ -5682,15 +5726,14 @@ CVE-2022-3077 (A buffer overflow vulnerability was found in the Linux kernel Int [buster] - linux (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2123309 NOTE: https://git.kernel.org/linus/690b2549b19563ec5ad53e5c82f6a944d910086e (5.19-rc1) -CVE-2022-3076 - RESERVED -CVE-2022-3075 - RESERVED +CVE-2022-3076 (The CM Download Manager WordPress plugin before 2.8.6 allows high priv ...) + TODO: check +CVE-2022-3075 (Insufficient data validation in Mojo in Google Chrome prior to 105.0.5 ...) {DSA-5225-1} - chromium 105.0.5195.102-1 [buster] - chromium (see DSA 5046) -CVE-2022-3074 - RESERVED +CVE-2022-3074 (The Slider Hero WordPress plugin before 8.4.4 does not escape the slid ...) + TODO: check CVE-2022-3073 RESERVED CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...) @@ -5704,10 +5747,9 @@ CVE-2022-39079 RESERVED CVE-2022-39078 RESERVED -CVE-2022-3070 - RESERVED -CVE-2022-3071 - RESERVED +CVE-2022-3070 (The Generate PDF WordPress plugin before 3.6 does not sanitise and esc ...) + TODO: check +CVE-2022-3071 (Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prio ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) @@ -5772,8 +5814,8 @@ CVE-2022-39050 (An attacker who is logged into OTRS as an admin user may manipul CVE-2022-39049 (An attacker who is logged into OTRS as an admin user may manipulate th ...) NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out -CVE-2022-3069 - RESERVED +CVE-2022-3069 (The WordLift WordPress plugin before 3.37.2 does not sanitise and esca ...) + TODO: check CVE-2022-3068 (Improper Privilege Management in GitHub repository octoprint/octoprint ...) - octoprint (bug #718591) CVE-2022-39048 @@ -5794,8 +5836,8 @@ CVE-2022-3064 RESERVED CVE-2022-3063 REJECTED -CVE-2022-3062 - RESERVED +CVE-2022-3062 (The Simple File List WordPress plugin before 4.4.12 does not escape pa ...) + TODO: check CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace program coul ...) - linux 5.18.2-1 NOTE: https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5) @@ -5861,108 +5903,87 @@ CVE-2022-3060 RESERVED CVE-2022-3059 RESERVED -CVE-2022-3058 - RESERVED +CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3057 - RESERVED +CVE-2022-3057 (Inappropriate implementation in iframe Sandbox in Google Chrome prior ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3056 - RESERVED +CVE-2022-3056 (Insufficient policy enforcement in Content Security Policy in Google C ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3055 - RESERVED +CVE-2022-3055 (Use after free in Passwords in Google Chrome prior to 105.0.5195.52 al ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3054 - RESERVED +CVE-2022-3054 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3053 - RESERVED +CVE-2022-3053 (Inappropriate implementation in Pointer Lock in Google Chrome on Mac p ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3052 - RESERVED +CVE-2022-3052 (Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3051 - RESERVED +CVE-2022-3051 (Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacro ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3050 - RESERVED +CVE-2022-3050 (Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 1 ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3049 - RESERVED +CVE-2022-3049 (Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros pr ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3048 - RESERVED +CVE-2022-3048 (Inappropriate implementation in Chrome OS lockscreen in Google Chrome ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3047 - RESERVED +CVE-2022-3047 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3046 - RESERVED +CVE-2022-3046 (Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3045 - RESERVED +CVE-2022-3045 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3044 - RESERVED +CVE-2022-3044 (Inappropriate implementation in Site Isolation in Google Chrome prior ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3043 - RESERVED +CVE-2022-3043 (Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS p ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3042 - RESERVED +CVE-2022-3042 (Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105. ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3041 - RESERVED +CVE-2022-3041 (Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allow ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3040 - RESERVED +CVE-2022-3040 (Use after free in Layout in Google Chrome prior to 105.0.5195.52 allow ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3039 - RESERVED +CVE-2022-3039 (Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allow ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) -CVE-2022-3038 - RESERVED +CVE-2022-3038 (Use after free in Network Service in Google Chrome prior to 105.0.5195 ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) @@ -6058,8 +6079,8 @@ CVE-2022-38978 (The secure OS module has configuration defects. Successful explo NOT-FOR-US: Huawei CVE-2022-38977 RESERVED -CVE-2022-38970 - RESERVED +CVE-2022-38970 (ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access C ...) + TODO: check CVE-2022-38969 RESERVED CVE-2022-38968 @@ -6486,10 +6507,10 @@ CVE-2022-3027 (The CMS8000 device does not properly control or sanitize the SSID NOT-FOR-US: CMS8000 device CVE-2022-3026 (The WP Users Exporter plugin for WordPress is vulnerable to CSV Inject ...) NOT-FOR-US: WP Users Exporter plugin for WordPress -CVE-2022-3025 - RESERVED -CVE-2022-3024 - RESERVED +CVE-2022-3025 (The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not h ...) + TODO: check +CVE-2022-3024 (The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not hav ...) + TODO: check CVE-2022-3023 RESERVED CVE-2022-3022 @@ -6651,8 +6672,7 @@ CVE-2022-38753 RESERVED CVE-2022-2999 RESERVED -CVE-2022-2998 - RESERVED +CVE-2022-2998 (Use after free in Browser Creation in Google Chrome prior to 104.0.511 ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) @@ -6721,8 +6741,8 @@ CVE-2022-2989 (An incorrect handling of the supplementary groups in the Podman c NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121445 CVE-2022-2988 RESERVED -CVE-2022-2987 - RESERVED +CVE-2022-2987 (The Ldap WP Login / Active Directory Integration WordPress plugin befo ...) + TODO: check CVE-2022-2986 RESERVED - moodle @@ -7086,8 +7106,8 @@ CVE-2022-2928 RESERVED CVE-2022-2927 (Weak Password Requirements in GitHub repository notrinos/notrinoserp p ...) NOT-FOR-US: NotrinosERP -CVE-2022-2926 - RESERVED +CVE-2022-2926 (The Download Manager WordPress plugin before 3.2.55 does not validate ...) + TODO: check CVE-2022-38647 RESERVED CVE-2022-38646 @@ -7279,8 +7299,8 @@ CVE-2022-38555 (Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_ge NOT-FOR-US: Linksys CVE-2022-38554 RESERVED -CVE-2022-38553 - RESERVED +CVE-2022-38553 (Academy Learning Management System before v5.9.1 was discovered to con ...) + TODO: check CVE-2022-38552 RESERVED CVE-2022-38551 @@ -7583,8 +7603,8 @@ CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux kernel's NOTE: https://www.openwall.com/lists/oss-security/2022/08/26/1 CVE-2022-2904 RESERVED -CVE-2022-2903 - RESERVED +CVE-2022-2903 (The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialis ...) + TODO: check CVE-2022-2902 RESERVED CVE-2022-2901 (Improper Authorization in GitHub repository chatwoot/chatwoot prior to ...) @@ -7896,53 +7916,43 @@ CVE-2022-2862 (Use After Free in GitHub repository vim/vim prior to 9.0.0221. .. - vim 2:9.0.0229-1 NOTE: https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765 NOTE: https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494 (v9.0.0221) -CVE-2022-2861 - RESERVED +CVE-2022-2861 (Inappropriate implementation in Extensions API in Google Chrome prior ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) -CVE-2022-2860 - RESERVED +CVE-2022-2860 (Insufficient policy enforcement in Cookies in Google Chrome prior to 1 ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) -CVE-2022-2859 - RESERVED +CVE-2022-2859 (Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112 ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) -CVE-2022-2858 - RESERVED +CVE-2022-2858 (Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.10 ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) -CVE-2022-2857 - RESERVED +CVE-2022-2857 (Use after free in Blink in Google Chrome prior to 104.0.5112.101 allow ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) -CVE-2022-2856 - RESERVED +CVE-2022-2856 (Insufficient validation of untrusted input in Intents in Google Chrome ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) -CVE-2022-2855 - RESERVED +CVE-2022-2855 (Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allow ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) -CVE-2022-2854 - RESERVED +CVE-2022-2854 (Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) -CVE-2022-2853 - RESERVED +CVE-2022-2853 (Heap buffer overflow in Downloads in Google Chrome on Android prior to ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) -CVE-2022-2852 - RESERVED +CVE-2022-2852 (Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allow ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) @@ -13704,10 +13714,10 @@ CVE-2022-36161 (Orange Station 1.0 was discovered to contain a SQL injection vul NOT-FOR-US: Orange Station CVE-2022-36160 RESERVED -CVE-2022-36159 - RESERVED -CVE-2022-36158 - RESERVED +CVE-2022-36159 (Contec FXA3200 version 1.13 and under were discovered to contain a har ...) + TODO: check +CVE-2022-36158 (Contec FXA3200 version 1.13.00 and under suffers from Insecure Permiss ...) + TODO: check CVE-2022-36157 (XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Per ...) NOT-FOR-US: XXL-JOB CVE-2022-36156 @@ -14514,10 +14524,10 @@ CVE-2022-2407 (The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape NOT-FOR-US: WordPress plugin CVE-2022-2406 (The legacy Slack import feature in Mattermost version 6.7.0 and earlie ...) - mattermost-server (bug #823556) -CVE-2022-2405 - RESERVED -CVE-2022-2404 - RESERVED +CVE-2022-2405 (The WP Popup Builder WordPress plugin through 1.2.8 does not have auth ...) + TODO: check +CVE-2022-2404 (The WP Popup Builder WordPress plugin through 1.2.8 does not sanitise ...) + TODO: check CVE-2022-2403 (A credentials leak was found in the OpenShift Container Platform. The ...) NOT-FOR-US: OpenShift CVE-2022-35863 @@ -15646,7 +15656,7 @@ CVE-2022-2362 (The Download Manager WordPress plugin before 3.2.50 prioritizes g NOT-FOR-US: WordPress plugin CVE-2022-2361 (The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and ...) NOT-FOR-US: WordPress plugin -CVE-2022-35413 (WAPPLES through 6.0 has a hardcoded systemi account accessible via db/ ...) +CVE-2022-35413 (WAPPLES through 6.0 has a hardcoded systemi account. A threat actor co ...) NOT-FOR-US: Penta Security Systems Inc WAPPLES CVE-2022-35412 (Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinar ...) NOT-FOR-US: Digital Guardian Agent @@ -15700,8 +15710,8 @@ CVE-2022-35402 RESERVED CVE-2022-2353 (Prior to microweber/microweber v1.2.20, due to improper neutralization ...) NOT-FOR-US: microweber -CVE-2022-2352 - RESERVED +CVE-2022-2352 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not ...) + TODO: check CVE-2022-2351 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-2350 @@ -27832,8 +27842,8 @@ CVE-2022-1757 (The pagebar WordPress plugin before 2.70 does not have CSRF check NOT-FOR-US: WordPress plugin CVE-2022-1756 (The Newsletter WordPress plugin before 7.4.5 does not sanitize and esc ...) NOT-FOR-US: WordPress plugin -CVE-2022-1755 - RESERVED +CVE-2022-1755 (The SVG Support WordPress plugin before 2.5 does not properly handle S ...) + TODO: check CVE-2022-30972 (A cross-site request forgery (CSRF) vulnerability in Jenkins Storable ...) NOT-FOR-US: Jenkins plugin CVE-2022-30971 (Jenkins Storable Configs Plugin 1.0 and earlier does not configure its ...) @@ -29868,8 +29878,8 @@ CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable rando NOTE: https://gitlab.com/samba-team/samba/-/commit/9849e7440e30853c61a80ce1f11b7b244ed766fe (samba-4.17.0rc1) CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visi ...) NOT-FOR-US: WordPress plugin -CVE-2022-1613 - RESERVED +CVE-2022-1613 (The Restricted Site Access WordPress plugin before 7.3.2 prioritizes g ...) + TODO: check CVE-2022-1612 (The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not protect i ...) @@ -30701,8 +30711,8 @@ CVE-2022-30005 RESERVED CVE-2022-30004 RESERVED -CVE-2022-30003 - RESERVED +CVE-2022-30003 (Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Sit ...) + TODO: check CVE-2022-30002 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...) NOT-FOR-US: Sourcecodester Insurance Management System CVE-2022-30001 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...) @@ -34470,10 +34480,10 @@ CVE-2022-28724 RESERVED CVE-2022-28723 RESERVED -CVE-2022-28722 - RESERVED -CVE-2022-28721 - RESERVED +CVE-2022-28722 (Certain HP Print Products are potentially vulnerable to Buffer Overflo ...) + TODO: check +CVE-2022-28721 (Certain HP Print Products are potentially vulnerable to Remote Code Ex ...) + TODO: check CVE-2022-28720 RESERVED CVE-2022-28711 (A memory corruption vulnerability exists in the cgi.c unescape functio ...) @@ -57514,8 +57524,7 @@ CVE-2022-22060 RESERVED CVE-2022-22059 (Memory corruption due to out of bound read while parsing a video file ...) NOT-FOR-US: Snapdragon -CVE-2022-22058 - RESERVED +CVE-2022-22058 (Memory corruption due to use after free issue in kernel while processi ...) NOT-FOR-US: Qualcomm CVE-2022-22057 (Use after free in graphics fence due to a race condition while closing ...) NOT-FOR-US: Snapdragon @@ -72806,8 +72815,8 @@ CVE-2021-41439 REJECTED CVE-2021-41438 REJECTED -CVE-2021-41437 - RESERVED +CVE-2021-41437 (An HTTP response splitting attack in web application in ASUS RT-AX88U ...) + TODO: check CVE-2021-41436 (An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX ...) NOT-FOR-US: ASUS CVE-2021-41435 (A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapt ...) @@ -107031,8 +107040,8 @@ CVE-2021-28054 (An issue was discovered in Centreon-Web in Centreon Platform 20. - centreon-web (bug #913903) CVE-2021-28053 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...) - centreon-web (bug #913903) -CVE-2021-28052 - RESERVED +CVE-2021-28052 (A tenant administrator Hitachi Content Platform (HCP) may modify the c ...) + TODO: check CVE-2021-28051 RESERVED CVE-2021-28050 @@ -114934,8 +114943,8 @@ CVE-2021-24892 (Insecure Direct Object Reference in edit function of Advanced Fo NOT-FOR-US: WordPress plugin CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.4.8 does not s ...) NOT-FOR-US: WordPress plugin -CVE-2021-24890 - RESERVED +CVE-2021-24890 (The Scripts Organizer WordPress plugin before 3.0 does not have capabi ...) + TODO: check CVE-2021-24889 (The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not es ...) NOT-FOR-US: WordPress plugin CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise and esca ...) @@ -115408,7 +115417,7 @@ CVE-2021-24655 (The WP User Manager WordPress plugin before 2.6.3 does not ensur NOT-FOR-US: WordPress plugin CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly ...) NOT-FOR-US: WordPress plugin -CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitis ...) +CVE-2021-24653 (The Cookie Bar WordPress plugin before 1.8.9 doesn't properly sanitise ...) NOT-FOR-US: WordPress plugin CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) NOT-FOR-US: WordPress plugin -- cgit v1.2.3