From c0ae76afa7211269d067adaf9199d618e887d271 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 23 Sep 2022 08:10:16 +0000 Subject: automatic update --- data/CVE/list | 99 ++++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 64 insertions(+), 35 deletions(-) (limited to 'data/CVE/list') diff --git a/data/CVE/list b/data/CVE/list index 6733ef3da9..682fc269b3 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,31 @@ +CVE-2022-41326 + RESERVED +CVE-2022-41325 + RESERVED +CVE-2022-41324 + RESERVED +CVE-2022-41323 + RESERVED +CVE-2022-41321 + RESERVED +CVE-2022-41320 (Veritas System Recovery (VSR) versions 18 and 21 store a network desti ...) + TODO: check +CVE-2022-41319 (A Reflected Cross-Site Scripting (XSS) vulnerability affects the Verit ...) + TODO: check +CVE-2022-41316 + RESERVED +CVE-2022-3281 + RESERVED +CVE-2022-3280 + RESERVED +CVE-2022-3279 + RESERVED +CVE-2022-3278 + RESERVED +CVE-2022-3277 + RESERVED +CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in t ...) + TODO: check CVE-2022-3276 RESERVED CVE-2022-3275 @@ -20,16 +48,18 @@ CVE-2022-3267 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rd - rdiffweb (bug #969974) CVE-2022-3266 RESERVED -CVE-2022-41322 +CVE-2022-41322 (In Kitty before 0.26.2, insufficient validation in the desktop notific ...) - kitty NOTE: https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f (v0.26.2) CVE-2022-41318 [Buffer Over Read in SSPI and SMB Authentication] + RESERVED - squid - squid3 NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/2 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch (5.7) CVE-2022-41317 [Exposure of Sensitive Information in Cache Manager] + RESERVED - squid - squid3 NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/1 @@ -2407,8 +2437,8 @@ CVE-2022-40299 (In Singular before 4.3.1, a predictable /tmp pathname is used (e NOTE: https://github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c (Release-4-3-1) NOTE: https://github.com/Singular/Singular/issues/1137 NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1) -CVE-2022-40298 - RESERVED +CVE-2022-40298 (Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited p ...) + TODO: check CVE-2022-40297 (UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be use ...) NOT-FOR-US: UBports Ubuntu Touch CVE-2022-40296 @@ -2917,12 +2947,12 @@ CVE-2022-40091 RESERVED CVE-2022-40090 RESERVED -CVE-2022-40089 - RESERVED -CVE-2022-40088 - RESERVED -CVE-2022-40087 - RESERVED +CVE-2022-40089 (A remote file inclusion (RFI) vulnerability in Simple College Website ...) + TODO: check +CVE-2022-40088 (Simple College Website v1.0 was discovered to contain a reflected cros ...) + TODO: check +CVE-2022-40087 (Simple College Website v1.0 was discovered to contain an arbitrary fil ...) + TODO: check CVE-2022-40086 RESERVED CVE-2022-40085 @@ -4752,12 +4782,12 @@ CVE-2022-39229 RESERVED CVE-2022-39228 RESERVED -CVE-2022-39227 - RESERVED +CVE-2022-39227 (python-jwt is a module for generating and verifying JSON Web Tokens. V ...) + TODO: check CVE-2022-39226 RESERVED -CVE-2022-39225 - RESERVED +CVE-2022-39225 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check CVE-2022-39224 (Arr-pm is an RPM reader/writer library written in Ruby. Versions prior ...) TODO: check CVE-2022-39223 @@ -6691,8 +6721,8 @@ CVE-2022-38575 RESERVED CVE-2022-38574 RESERVED -CVE-2022-38573 - RESERVED +CVE-2022-38573 (10-Strike Network Inventory Explorer v9.3 was discovered to contain a ...) + TODO: check CVE-2022-38572 RESERVED CVE-2022-38571 (Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow i ...) @@ -10434,14 +10464,14 @@ CVE-2022-37237 (An attacker can send malicious RTMP requests to make the ZLMedia NOT-FOR-US: ZLMediaKit CVE-2022-37236 RESERVED -CVE-2022-37235 - RESERVED +CVE-2022-37235 (Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1. ...) + TODO: check CVE-2022-37234 (Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1. ...) NOT-FOR-US: Netgear CVE-2022-37233 RESERVED -CVE-2022-37232 - RESERVED +CVE-2022-37232 (Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buff ...) + TODO: check CVE-2022-37231 RESERVED CVE-2022-37230 @@ -11237,8 +11267,8 @@ CVE-2022-36936 RESERVED CVE-2022-36935 RESERVED -CVE-2022-36934 - RESERVED +CVE-2022-36934 (An integer overflow in WhatsApp could result in remote code execution ...) + TODO: check CVE-2022-36933 RESERVED CVE-2022-36932 @@ -13677,8 +13707,7 @@ CVE-2022-35953 (BookWyrm is a social network for tracking your reading, talking NOT-FOR-US: BookWyrm CVE-2022-35952 (TensorFlow is an open source platform for machine learning. The `Unbat ...) - tensorflow (bug #804612) -CVE-2022-35951 [Fix heap overflow vulnerability in XAUTOCLAIM] - RESERVED +CVE-2022-35951 (Redis is an in-memory database that persists on disk. Versions 7.0.0 a ...) - redis (bug #1020512) [bullseye] - redis (Vulnerable code not present) [buster] - redis (Vulnerable code not present) @@ -24301,8 +24330,8 @@ CVE-2022-31939 RESERVED CVE-2022-31938 RESERVED -CVE-2022-31937 - RESERVED +CVE-2022-31937 (Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to con ...) + TODO: check CVE-2022-31936 RESERVED CVE-2022-31935 @@ -28953,8 +28982,8 @@ CVE-2022-30428 (In ginadmin through 05-10-2022, the incoming path value is not f NOT-FOR-US: ginadmin CVE-2022-30427 (In ginadmin through 05-10-2022 the incoming path value is not filtered ...) NOT-FOR-US: ginadmin -CVE-2022-30426 - RESERVED +CVE-2022-30426 (There is a stack buffer overflow vulnerability, which could lead to ar ...) + TODO: check CVE-2022-30425 (Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2022-30424 @@ -33283,7 +33312,7 @@ CVE-2022-28981 (Path traversal vulnerability in the Hypermedia REST APIs module NOT-FOR-US: Liferay CVE-2022-28980 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal ...) NOT-FOR-US: Liferay -CVE-2022-28979 (Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP v7.3 before servi ...) +CVE-2022-28979 (Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pa ...) NOT-FOR-US: Liferay CVE-2022-28978 (Stored cross-site scripting (XSS) vulnerability in the Site module's u ...) NOT-FOR-US: Liferay @@ -44405,7 +44434,7 @@ CVE-2021-41834 (JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulner NOT-FOR-US: JFrog Artifactory CVE-2021-23163 (JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable t ...) NOT-FOR-US: JFrog Artifactory -CVE-2022-25146 (The Remote App module in Liferay Portal through v7.4.3.8 and Liferay D ...) +CVE-2022-25146 (The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 throug ...) NOT-FOR-US: Liferay CVE-2022-25145 RESERVED @@ -50124,8 +50153,8 @@ CVE-2022-23460 (Jsonxx or Json++ is a JSON parser, writer and reader written in CVE-2022-23459 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...) TODO: check - numerous jsonxx repositories exist on github NOTE: https://github.com/advisories/GHSA-8662-6hf9-cr47 -CVE-2022-23458 - RESERVED +CVE-2022-23458 (Toast UI Grid is a component to display and edit data. Versions prior ...) + TODO: check CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...) - libowasp-esapi-java 2.4.0.0-1 (bug #1010339) [bullseye] - libowasp-esapi-java (Minor issue) @@ -71284,8 +71313,8 @@ CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, NOTE: https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871 CVE-2021-41804 RESERVED -CVE-2021-41803 - RESERVED +CVE-2021-41803 (HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properl ...) + TODO: check CVE-2021-41802 (HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a ...) NOT-FOR-US: HashiCorp Vault CVE-2021-41801 (The ReplaceText extension through 1.41 for MediaWiki has Incorrect Acc ...) @@ -107098,8 +107127,8 @@ CVE-2021-27776 RESERVED CVE-2021-27775 RESERVED -CVE-2021-27774 - RESERVED +CVE-2021-27774 (User input included in error response, which could be used in a phishi ...) + TODO: check CVE-2021-27773 (This vulnerability allows users to execute a clickjacking attack in th ...) NOT-FOR-US: HCL CVE-2021-27772 (Users are able to read group conversations without actively taking par ...) -- cgit v1.2.3