From e5fe68d3794651f7dae115e26af3a68cfe41ff6e Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 23 Sep 2022 20:10:30 +0000 Subject: automatic update --- data/CVE/list | 765 ++++++++++++++++++++++++++++++---------------------------- 1 file changed, 398 insertions(+), 367 deletions(-) (limited to 'data/CVE/list') diff --git a/data/CVE/list b/data/CVE/list index ec9797ad23..fb79cc859a 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,43 @@ +CVE-2022-41336 + RESERVED +CVE-2022-41335 + RESERVED +CVE-2022-41334 + RESERVED +CVE-2022-41333 + RESERVED +CVE-2022-41332 + RESERVED +CVE-2022-41331 + RESERVED +CVE-2022-41330 + RESERVED +CVE-2022-41329 + RESERVED +CVE-2022-41328 + RESERVED +CVE-2022-41327 + RESERVED +CVE-2022-3291 + RESERVED +CVE-2022-3290 + RESERVED +CVE-2022-3289 + RESERVED +CVE-2022-3288 + RESERVED +CVE-2022-3287 + RESERVED +CVE-2022-3286 + RESERVED +CVE-2022-3285 + RESERVED +CVE-2022-3284 + RESERVED +CVE-2022-3283 + RESERVED +CVE-2022-3282 + RESERVED CVE-2022-41326 RESERVED CVE-2022-41325 @@ -42,8 +82,8 @@ CVE-2022-3271 RESERVED CVE-2022-3270 RESERVED -CVE-2022-3269 - RESERVED +CVE-2022-3269 (Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. ...) + TODO: check CVE-2022-3268 (Weak Password Requirements in GitHub repository ikus060/minarca prior ...) NOT-FOR-US: minarca CVE-2022-3267 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) @@ -198,8 +238,8 @@ CVE-2022-41221 RESERVED CVE-2022-40224 RESERVED -CVE-2022-3263 - RESERVED +CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version 6.7 has ...) + TODO: check CVE-2022-3262 RESERVED NOT-FOR-US: OpenShift @@ -211,8 +251,8 @@ CVE-2022-3259 RESERVED CVE-2022-3258 RESERVED -CVE-2022-3257 - RESERVED +CVE-2022-3257 (Mattermost version 7.1.x and earlier fails to sufficiently process a s ...) + TODO: check CVE-2022-3256 (Use After Free in GitHub repository vim/vim prior to 9.0.0530. ...) - vim NOTE: https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3 @@ -797,8 +837,8 @@ CVE-2022-40985 RESERVED CVE-2022-40980 (A potential unathenticated file deletion vulnerabilty on Trend Micro M ...) NOT-FOR-US: Trend Micro -CVE-2022-40979 - RESERVED +CVE-2022-40979 (In JetBrains TeamCity before 2022.04.4 environmental variables of "pas ...) + TODO: check CVE-2022-40978 (The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerabl ...) NOT-FOR-US: installer of JetBrains IntelliJ IDEA CVE-2022-40977 @@ -809,6 +849,7 @@ CVE-2022-40969 RESERVED CVE-2022-40962 RESERVED + {DSA-5237-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 @@ -821,6 +862,7 @@ CVE-2022-40961 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40961 CVE-2022-40960 RESERVED + {DSA-5237-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 @@ -829,6 +871,7 @@ CVE-2022-40960 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40960 CVE-2022-40959 RESERVED + {DSA-5237-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 @@ -837,6 +880,7 @@ CVE-2022-40959 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40959 CVE-2022-40958 RESERVED + {DSA-5237-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 @@ -845,6 +889,7 @@ CVE-2022-40958 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40958 CVE-2022-40957 RESERVED + {DSA-5237-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 @@ -853,6 +898,7 @@ CVE-2022-40957 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40957 CVE-2022-40956 RESERVED + {DSA-5237-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 @@ -1056,26 +1102,26 @@ CVE-2022-40871 RESERVED CVE-2022-40870 RESERVED -CVE-2022-40869 - RESERVED -CVE-2022-40868 - RESERVED -CVE-2022-40867 - RESERVED -CVE-2022-40866 - RESERVED -CVE-2022-40865 - RESERVED -CVE-2022-40864 - RESERVED +CVE-2022-40869 (Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulner ...) + TODO: check +CVE-2022-40868 (Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_ ...) + TODO: check +CVE-2022-40867 (Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_ ...) + TODO: check +CVE-2022-40866 (Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_ ...) + TODO: check +CVE-2022-40865 (Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnera ...) + TODO: check +CVE-2022-40864 (Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulner ...) + TODO: check CVE-2022-40863 RESERVED -CVE-2022-40862 - RESERVED -CVE-2022-40861 - RESERVED -CVE-2022-40860 - RESERVED +CVE-2022-40862 (Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulner ...) + TODO: check +CVE-2022-40861 (Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability ...) + TODO: check +CVE-2022-40860 (Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability ...) + TODO: check CVE-2022-40859 RESERVED CVE-2022-40858 @@ -1084,16 +1130,16 @@ CVE-2022-40857 RESERVED CVE-2022-40856 RESERVED -CVE-2022-40855 - RESERVED -CVE-2022-40854 - RESERVED -CVE-2022-40853 - RESERVED +CVE-2022-40855 (Tenda W20E router V15.11.0.6 contains a stack overflow in the function ...) + TODO: check +CVE-2022-40854 (Tenda AC18 router contained a stack overflow vulnerability in /goform/ ...) + TODO: check +CVE-2022-40853 (Tenda AC15 router V15.03.05.19 contains a stack overflow via the list ...) + TODO: check CVE-2022-40852 RESERVED -CVE-2022-40851 - RESERVED +CVE-2022-40851 (Tenda AC15 V15.03.05.19 contained a stack overflow via the function fr ...) + TODO: check CVE-2022-40850 RESERVED CVE-2022-40849 @@ -1269,8 +1315,8 @@ CVE-2022-40765 RESERVED CVE-2022-40764 RESERVED -CVE-2022-3236 - RESERVED +CVE-2022-3236 (A code injection vulnerability in the User Portal and Webadmin allows ...) + TODO: check CVE-2022-40763 RESERVED CVE-2022-3235 (Use After Free in GitHub repository vim/vim prior to 9.0.0490. ...) @@ -1310,8 +1356,8 @@ CVE-2022-40750 RESERVED CVE-2022-40749 RESERVED -CVE-2022-40748 - RESERVED +CVE-2022-40748 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + TODO: check CVE-2022-40747 RESERVED CVE-2022-40746 @@ -1405,8 +1451,8 @@ CVE-2022-40718 RESERVED CVE-2022-40717 RESERVED -CVE-2022-40716 - RESERVED +CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13. ...) + TODO: check CVE-2022-40715 (An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Trave ...) NOT-FOR-US: NOKIA CVE-2022-40714 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists u ...) @@ -1463,34 +1509,34 @@ CVE-2022-40676 RESERVED CVE-2022-40675 RESERVED -CVE-2022-40672 - RESERVED -CVE-2022-40671 - RESERVED +CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + TODO: check +CVE-2022-40671 (Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – ...) + TODO: check CVE-2022-40632 RESERVED CVE-2022-40312 RESERVED -CVE-2022-40310 - RESERVED +CVE-2022-40310 (Authenticated (subscriber+) Race Condition vulnerability in Rate my Po ...) + TODO: check CVE-2022-40223 RESERVED CVE-2022-40219 (Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Swit ...) NOT-FOR-US: WordPress plugin CVE-2022-40217 (Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in Xpl ...) NOT-FOR-US: WordPress plugin -CVE-2022-40215 - RESERVED -CVE-2022-40213 - RESERVED +CVE-2022-40215 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) + TODO: check +CVE-2022-40213 (Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS ...) + TODO: check CVE-2022-40211 RESERVED CVE-2022-40206 RESERVED CVE-2022-40205 RESERVED -CVE-2022-40193 - RESERVED +CVE-2022-40193 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awe ...) + TODO: check CVE-2022-40131 RESERVED CVE-2022-38974 @@ -1499,24 +1545,24 @@ CVE-2022-38468 RESERVED CVE-2022-38461 RESERVED -CVE-2022-38454 - RESERVED +CVE-2022-38454 (Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Opt ...) + TODO: check CVE-2022-38104 RESERVED -CVE-2022-38079 - RESERVED +CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugi ...) + TODO: check CVE-2022-38074 RESERVED CVE-2022-38073 (Multiple Authenticated (custom specific plugin role) Persistent Cross- ...) NOT-FOR-US: WordPress plugin CVE-2022-36424 RESERVED -CVE-2022-36417 - RESERVED +CVE-2022-36417 (Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forg ...) + TODO: check CVE-2022-36404 RESERVED -CVE-2022-35238 - RESERVED +CVE-2022-35238 (Unauthenticated Plugin Settings Change vulnerability in Awesome Filter ...) + TODO: check CVE-2022-33978 RESERVED CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and classifi ...) @@ -1698,12 +1744,12 @@ CVE-2022-3194 CVE-2022-3193 RESERVED NOT-FOR-US: ovirt-engine -CVE-2022-40630 - RESERVED -CVE-2022-40629 - RESERVED -CVE-2022-40628 - RESERVED +CVE-2022-40630 (This vulnerability exists in Tacitine Firewall, all versions of EN6200 ...) + TODO: check +CVE-2022-40629 (This vulnerability exists in Tacitine Firewall, all versions of EN6200 ...) + TODO: check +CVE-2022-40628 (This vulnerability exists in Tacitine Firewall, all versions of EN6200 ...) + TODO: check CVE-2022-40627 RESERVED CVE-2022-40626 (An unauthenticated user can create a link with reflected Javascript co ...) @@ -2293,10 +2339,10 @@ CVE-2022-40361 RESERVED CVE-2022-40360 RESERVED -CVE-2022-40359 - RESERVED -CVE-2022-40358 - RESERVED +CVE-2022-40359 (Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via craf ...) + TODO: check +CVE-2022-40358 (An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause ...) + TODO: check CVE-2022-40357 (A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Sid ...) NOT-FOR-US: Z-BlogPHP CVE-2022-40356 @@ -2608,26 +2654,26 @@ CVE-2022-40198 RESERVED CVE-2022-40197 RESERVED -CVE-2022-40195 - RESERVED -CVE-2022-40194 - RESERVED +CVE-2022-40195 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + TODO: check +CVE-2022-40194 (Unauthenticated Sensitive Information Disclosure vulnerability in Cust ...) + TODO: check CVE-2022-40191 (Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2022-40189 RESERVED -CVE-2022-40132 - RESERVED +CVE-2022-40132 (Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Po ...) + TODO: check CVE-2022-38976 RESERVED -CVE-2022-38704 - RESERVED -CVE-2022-38703 - RESERVED -CVE-2022-38470 - RESERVED -CVE-2022-38460 - RESERVED +CVE-2022-38704 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plu ...) + TODO: check +CVE-2022-38703 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + TODO: check +CVE-2022-38470 (Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews fo ...) + TODO: check +CVE-2022-38460 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) + TODO: check CVE-2022-38144 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpFor ...) NOT-FOR-US: WordPress plugin CVE-2022-38140 @@ -2638,28 +2684,28 @@ CVE-2022-38137 RESERVED CVE-2022-38135 (Broken Access Control vulnerability in Dean Oakley's Photospace Galler ...) NOT-FOR-US: WordPress plugin -CVE-2022-38134 - RESERVED +CVE-2022-38134 (Authenticated (subscriber+) Broken Access Control vulnerability in Cus ...) + TODO: check CVE-2022-38098 RESERVED -CVE-2022-38095 - RESERVED +CVE-2022-38095 (Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced ...) + TODO: check CVE-2022-38086 RESERVED -CVE-2022-38085 - RESERVED +CVE-2022-38085 (Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam p ...) + TODO: check CVE-2022-38077 RESERVED -CVE-2022-37342 - RESERVED +CVE-2022-37342 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + TODO: check CVE-2022-36790 RESERVED -CVE-2022-36388 - RESERVED +CVE-2022-36388 (Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket ...) + TODO: check CVE-2022-36356 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin -CVE-2022-36340 - RESERVED +CVE-2022-36340 (Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOpt ...) + TODO: check CVE-2022-36299 RESERVED CVE-2022-36295 @@ -2674,8 +2720,7 @@ CVE-2022-3164 RESERVED CVE-2022-3163 RESERVED -CVE-2022-40188 - RESERVED +CVE-2022-40188 (Knot Resolver before 5.5.3 allows remote attackers to cause a denial o ...) - knot-resolver 5.5.3-1 [bullseye] - knot-resolver (Minor issue) NOTE: https://github.com/CZ-NIC/knot-resolver/commit/f6577a20e493c7fbdac124d7544bf1846b084185 (v5.5.3) @@ -2846,8 +2891,8 @@ CVE-2022-3146 NOT-FOR-US: tripleo-ansible CVE-2022-3145 RESERVED -CVE-2022-3144 - RESERVED +CVE-2022-3144 (The Wordfence Security – Firewall & Malware Scan plugin for ...) + TODO: check CVE-2022-3143 RESERVED NOT-FOR-US: WildFly Elytron @@ -2915,22 +2960,22 @@ CVE-2022-40109 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vuln NOT-FOR-US: TOTOLINK CVE-2022-40108 RESERVED -CVE-2022-40107 - RESERVED -CVE-2022-40106 - RESERVED -CVE-2022-40105 - RESERVED -CVE-2022-40104 - RESERVED -CVE-2022-40103 - RESERVED -CVE-2022-40102 - RESERVED -CVE-2022-40101 - RESERVED -CVE-2022-40100 - RESERVED +CVE-2022-40107 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) + TODO: check +CVE-2022-40106 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) + TODO: check +CVE-2022-40105 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) + TODO: check +CVE-2022-40104 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) + TODO: check +CVE-2022-40103 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) + TODO: check +CVE-2022-40102 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) + TODO: check +CVE-2022-40101 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) + TODO: check +CVE-2022-40100 (Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection ...) + TODO: check CVE-2022-40099 RESERVED CVE-2022-40098 @@ -2943,12 +2988,12 @@ CVE-2022-40095 RESERVED CVE-2022-40094 RESERVED -CVE-2022-40093 - RESERVED -CVE-2022-40092 - RESERVED -CVE-2022-40091 - RESERVED +CVE-2022-40093 (Online Tours & Travels Management System v1.0 was discovered to co ...) + TODO: check +CVE-2022-40092 (Online Tours & Travels Management System v1.0 was discovered to co ...) + TODO: check +CVE-2022-40091 (Online Tours & Travels Management System v1.0 was discovered to co ...) + TODO: check CVE-2022-40090 RESERVED CVE-2022-40089 (A remote file inclusion (RFI) vulnerability in Simple College Website ...) @@ -4762,10 +4807,10 @@ CVE-2022-39241 RESERVED CVE-2022-39240 RESERVED -CVE-2022-39239 - RESERVED -CVE-2022-39238 - RESERVED +CVE-2022-39239 (netlify-ipx is an on-Demand image optimization for Netlify using ipx. ...) + TODO: check +CVE-2022-39238 (Arvados is an open source platform for managing and analyzing biomedic ...) + TODO: check CVE-2022-39237 RESERVED CVE-2022-39236 @@ -4778,10 +4823,10 @@ CVE-2022-39233 RESERVED CVE-2022-39232 RESERVED -CVE-2022-39231 - RESERVED -CVE-2022-39230 - RESERVED +CVE-2022-39231 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2022-39230 (fhir-works-on-aws-authz-smart is an implementation of the authorizatio ...) + TODO: check CVE-2022-39229 RESERVED CVE-2022-39228 @@ -5615,8 +5660,8 @@ CVE-2022-38938 RESERVED CVE-2022-38937 RESERVED -CVE-2022-38936 - RESERVED +CVE-2022-38936 (An issue has been found in PBC through 2022-8-27. A SEGV issue detecte ...) + TODO: check CVE-2022-38935 RESERVED CVE-2022-38934 @@ -6223,8 +6268,8 @@ CVE-2022-38744 RESERVED CVE-2022-38743 RESERVED -CVE-2022-38742 - RESERVED +CVE-2022-38742 (Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is ...) + TODO: check CVE-2022-38741 RESERVED CVE-2022-38740 @@ -6346,14 +6391,14 @@ CVE-2022-35273 (OS command injection vulnerability in GUI setting page of Centre NOT-FOR-US: CentreCOM AR260S CVE-2022-34869 (Undocumented hidden command that can be executed from the telnet funct ...) NOT-FOR-US: CentreCOM AR260S -CVE-2022-2973 - RESERVED -CVE-2022-2972 - RESERVED -CVE-2022-2971 - RESERVED -CVE-2022-2970 - RESERVED +CVE-2022-2973 (MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior ...) + TODO: check +CVE-2022-2972 (MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior ...) + TODO: check +CVE-2022-2971 (MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior ...) + TODO: check +CVE-2022-2970 (MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior ...) + TODO: check CVE-2022-2969 RESERVED CVE-2022-2968 @@ -6549,8 +6594,8 @@ CVE-2022-2938 (A flaw was found in the Linux kernel's implementation of Pressure [bullseye] - linux 5.10.103-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a06247c6804f1a7c86a2e5398a4c1f1db1471848 (5.17-rc2) -CVE-2022-2937 - RESERVED +CVE-2022-2937 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...) + TODO: check CVE-2022-2936 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...) NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress CVE-2022-2935 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...) @@ -7106,10 +7151,10 @@ CVE-2022-38441 RESERVED CVE-2022-38440 RESERVED -CVE-2022-38439 - RESERVED -CVE-2022-38438 - RESERVED +CVE-2022-38439 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + TODO: check +CVE-2022-38438 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + TODO: check CVE-2022-38437 RESERVED CVE-2022-38436 @@ -7587,13 +7632,13 @@ CVE-2022-38344 RESERVED CVE-2022-38343 RESERVED -CVE-2022-38342 (Safe Software FME Server v2022.0.1.1 and below was discovered to conta ...) +CVE-2022-38342 (Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discover ...) NOT-FOR-US: Safe Software FME Server -CVE-2022-38341 (Safe Software FME Server v2022.0.1.1 and below does not employ server- ...) +CVE-2022-38341 (Safe Software FME Server v2021.2.5 and below does not employ server-si ...) NOT-FOR-US: Safe Software FME Server -CVE-2022-38340 (Safe Software FME Server v2022.0.1.1 and below was discovered to conta ...) +CVE-2022-38340 (Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discover ...) NOT-FOR-US: Safe Software FME Server -CVE-2022-38339 (Safe Software FME Server v2022.0.1.1 and below contains a cross-site s ...) +CVE-2022-38339 (Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a c ...) NOT-FOR-US: Safe Software FME Server CVE-2022-38338 RESERVED @@ -8046,8 +8091,8 @@ CVE-2022-38082 RESERVED CVE-2022-2786 RESERVED -CVE-2022-2785 - RESERVED +CVE-2022-2785 (There exists an arbitrary memory read within the Linux Kernel BPF - Co ...) + TODO: check CVE-2022-2784 RESERVED CVE-2022-2783 @@ -8290,8 +8335,8 @@ CVE-2022-38067 (Unauthenticated Event Deletion vulnerability in Totalsoft Event NOT-FOR-US: WordPress plugin CVE-2022-38062 RESERVED -CVE-2022-38061 - RESERVED +CVE-2022-38061 (Authenticated (author+) CSV Injection vulnerability in Export Post Inf ...) + TODO: check CVE-2022-38059 (Cross-Site Request Forgery (CSRF) vulnerability in Alexey Trofimov's A ...) NOT-FOR-US: WordPress plugin CVE-2022-38058 (Authenticated (subscriber+) Plugin Setting change vulnerability in WP ...) @@ -8314,24 +8359,24 @@ CVE-2022-37402 RESERVED CVE-2022-37344 (Missing Access Control vulnerability in PHP Crafts Accommodation Syste ...) NOT-FOR-US: WordPress plugin -CVE-2022-37339 - RESERVED -CVE-2022-37338 - RESERVED +CVE-2022-37339 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) + TODO: check +CVE-2022-37338 (Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS ...) + TODO: check CVE-2022-37335 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) NOT-FOR-US: WordPress plugin -CVE-2022-37330 - RESERVED -CVE-2022-37328 - RESERVED -CVE-2022-36798 - RESERVED +CVE-2022-37330 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) + TODO: check +CVE-2022-37328 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) + TODO: check +CVE-2022-36798 (Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Me ...) + TODO: check CVE-2022-36796 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2022-36793 (Unauthenticated Plugin Settings Change & Data Deletion vulnerabili ...) NOT-FOR-US: WordPress plugin -CVE-2022-36791 - RESERVED +CVE-2022-36791 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) + TODO: check CVE-2022-36428 RESERVED CVE-2022-36427 (Missing Access Control vulnerability in About Rentals. Inc. About Rent ...) @@ -11077,8 +11122,7 @@ CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation P NOT-FOR-US: Red Hat Ansible Automation Platform CVE-2022-2567 (The Form Builder CP WordPress plugin before 1.2.32 does not sanitise a ...) NOT-FOR-US: WordPress plugin -CVE-2022-2566 - RESERVED +CVE-2022-2566 (A heap out-of-bounds memory write exists in FFMPEG since version 5.1. ...) - ffmpeg 7:5.1.1-1 [bullseye] - ffmpeg (Minor issue, wait until it lands in 4.3.x) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126833 @@ -11220,8 +11264,8 @@ CVE-2022-36946 (nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux ker NOTE: Fixed by: https://git.kernel.org/linus/99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164 CVE-2022-36945 (The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicle ...) NOT-FOR-US: Remote Keyless Entry (RKE) receiving unit on Mazda vehicles -CVE-2022-36944 - RESERVED +CVE-2022-36944 (Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR ...) + TODO: check CVE-2022-36797 RESERVED CVE-2022-36794 @@ -12626,8 +12670,8 @@ CVE-2022-36359 (An issue was discovered in the HTTP FileResponse class in Django NOTE: Introduced by: https://github.com/django/django/commit/a177f854c34718e473bcd0a2dc6c4fd935c8e327 CVE-2022-36342 RESERVED -CVE-2022-36338 - RESERVED +CVE-2022-36338 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + TODO: check CVE-2022-36337 RESERVED CVE-2022-36336 (A link following vulnerability in the scanning function of Trend Micro ...) @@ -13840,8 +13884,8 @@ CVE-2022-35895 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 thro NOT-FOR-US: Insyde CVE-2022-35894 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde -CVE-2022-35893 - RESERVED +CVE-2022-35893 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + TODO: check CVE-2022-35892 RESERVED CVE-2022-35891 @@ -14279,8 +14323,8 @@ CVE-2022-35723 RESERVED CVE-2022-35722 RESERVED -CVE-2022-35721 - RESERVED +CVE-2022-35721 (IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-si ...) + TODO: check CVE-2022-35720 RESERVED CVE-2022-35719 @@ -15187,8 +15231,7 @@ CVE-2022-2349 RESERVED CVE-2022-2348 RESERVED -CVE-2022-2347 [Unchecked Download Size and Direction in U-Boot USB DFU] - RESERVED +CVE-2022-2347 (There exists an unchecked length field in UBoot. The U-Boot DFU implem ...) - u-boot (bug #1014959) [bullseye] - u-boot (Minor issue) [buster] - u-boot (Minor issue) @@ -15522,8 +15565,8 @@ CVE-2022-35259 RESERVED CVE-2022-35258 RESERVED -CVE-2022-35257 - RESERVED +CVE-2022-35257 (A local privilege escalation vulnerability in UI Desktop for Windows ( ...) + TODO: check CVE-2022-35256 [HTTP Request Smuggling Due to Incorrect Parsing of Header Fields] RESERVED - nodejs @@ -15535,28 +15578,27 @@ CVE-2022-35255 [Weak randomness in WebCrypto keygen] NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#weak-randomness-in-webcrypto-keygen-high-cve-2022-35255 CVE-2022-35254 RESERVED -CVE-2022-35253 - RESERVED -CVE-2022-35252 - RESERVED +CVE-2022-35253 (A vulnerability exists in Hyperledger Fabric <2.4 could allow an at ...) + TODO: check +CVE-2022-35252 (When curl is used to retrieve and parse cookies from a HTTP(S) server, ...) - curl 7.85.0-1 (bug #1018831) [bullseye] - curl 7.74.0-1.3+deb11u3 NOTE: https://curl.se/docs/CVE-2022-35252.html NOTE: Fixed by: https://github.com/curl/curl/commit/8dfc93e573ca740544a2d79ebb0ed786592c65c3 (curl-7_85_0) NOTE: https://www.openwall.com/lists/oss-security/2022/08/31/2 NOTE: https://daniel.haxx.se/blog/2022/09/05/a-bug-that-was-23-years-old-or-not/ -CVE-2022-35251 - RESERVED -CVE-2022-35250 - RESERVED -CVE-2022-35249 - RESERVED -CVE-2022-35248 - RESERVED -CVE-2022-35247 - RESERVED -CVE-2022-35246 - RESERVED +CVE-2022-35251 (A cross-site scripting vulnerability exists in Rocket.chat <v5 due ...) + TODO: check +CVE-2022-35250 (A privilege escalation vulnerability exists in Rocket.chat <v5 whic ...) + TODO: check +CVE-2022-35249 (A information disclosure vulnerability exists in Rocket.Chat <v5 wh ...) + TODO: check +CVE-2022-35248 (A improper authentication vulnerability exists in Rocket.Chat <v5, ...) + TODO: check +CVE-2022-35247 (A information disclosure vulnerability exists in Rocket.chat <v5, & ...) + TODO: check +CVE-2022-35246 (A NoSQL-Injection information disclosure vulnerability vulnerability e ...) + TODO: check CVE-2022-34866 (Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box ve ...) NOT-FOR-US: Passage Drive CVE-2022-32765 @@ -15927,24 +15969,24 @@ CVE-2022-35101 (SWFTools commit 772e55a2 was discovered to contain a segmentatio CVE-2022-35100 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/182 -CVE-2022-35099 - RESERVED -CVE-2022-35098 - RESERVED -CVE-2022-35097 - RESERVED -CVE-2022-35096 - RESERVED -CVE-2022-35095 - RESERVED -CVE-2022-35094 - RESERVED -CVE-2022-35093 - RESERVED -CVE-2022-35092 - RESERVED -CVE-2022-35091 - RESERVED +CVE-2022-35099 (SWFTools commit 772e55a2 was discovered to contain a stack overflow vi ...) + TODO: check +CVE-2022-35098 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) + TODO: check +CVE-2022-35097 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) + TODO: check +CVE-2022-35096 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) + TODO: check +CVE-2022-35095 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) + TODO: check +CVE-2022-35094 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) + TODO: check +CVE-2022-35093 (SWFTools commit 772e55a2 was discovered to contain a global buffer ove ...) + TODO: check +CVE-2022-35092 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) + TODO: check +CVE-2022-35091 (SWFTools commit 772e55a2 was discovered to contain a floating point ex ...) + TODO: check CVE-2022-35090 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/181 @@ -18111,8 +18153,8 @@ CVE-2022-34350 RESERVED CVE-2022-34349 RESERVED -CVE-2022-34348 - RESERVED +CVE-2022-34348 (IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML Ex ...) + TODO: check CVE-2022-2190 RESERVED CVE-2022-2189 (The WP Video Lightbox WordPress plugin before 1.9.5 does not escape th ...) @@ -20000,14 +20042,11 @@ CVE-2022-33685 (Unprotected dynamic receiver in Wearable Manager Service prior t NOT-FOR-US: Samsung CVE-2022-33684 RESERVED -CVE-2022-33683 - RESERVED +CVE-2022-33683 (Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Clie ...) NOT-FOR-US: Apache Pulsar -CVE-2022-33682 - RESERVED +CVE-2022-33682 (TLS hostname verification cannot be enabled in the Pulsar Broker's Jav ...) NOT-FOR-US: Apache Pulsar -CVE-2022-33681 - RESERVED +CVE-2022-33681 (Delayed TLS hostname verification in the Pulsar Java Client and the Pu ...) NOT-FOR-US: Apache Pulsar CVE-2022-33680 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft @@ -21485,8 +21524,8 @@ CVE-2022-2072 (The Name Directory WordPress plugin before 1.25.3 does not saniti NOT-FOR-US: WordPress plugin CVE-2022-2071 (The Name Directory WordPress plugin before 1.25.4 does not have CSRF c ...) NOT-FOR-US: WordPress plugin -CVE-2022-2070 - RESERVED +CVE-2022-2070 (In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to over ...) + TODO: check CVE-2022-2069 RESERVED CVE-2022-2068 (In addition to the c_rehash shell command injection identified in CVE- ...) @@ -21860,32 +21899,32 @@ CVE-2022-32855 RESERVED CVE-2022-32854 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple -CVE-2022-32853 - RESERVED -CVE-2022-32852 - RESERVED -CVE-2022-32851 - RESERVED +CVE-2022-32853 (An out-of-bounds read issue was addressed with improved input validati ...) + TODO: check +CVE-2022-32852 (An out-of-bounds read issue was addressed with improved input validati ...) + TODO: check +CVE-2022-32851 (An out-of-bounds read issue was addressed with improved input validati ...) + TODO: check CVE-2022-32850 RESERVED -CVE-2022-32849 - RESERVED -CVE-2022-32848 - RESERVED -CVE-2022-32847 - RESERVED +CVE-2022-32849 (An information disclosure issue was addressed by removing the vulnerab ...) + TODO: check +CVE-2022-32848 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2022-32847 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check CVE-2022-32846 RESERVED -CVE-2022-32845 - RESERVED +CVE-2022-32845 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check CVE-2022-32844 RESERVED -CVE-2022-32843 - RESERVED -CVE-2022-32842 - RESERVED -CVE-2022-32841 - RESERVED +CVE-2022-32843 (An out-of-bounds write issue was addressed with improved bounds checki ...) + TODO: check +CVE-2022-32842 (An out-of-bounds read issue was addressed with improved input validati ...) + TODO: check +CVE-2022-32841 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check CVE-2022-32840 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32839 (The issue was addressed with improved bounds checks. This issue is fix ...) @@ -21902,48 +21941,47 @@ CVE-2022-32834 (An access issue was addressed with improvements to the sandbox. NOT-FOR-US: Apple CVE-2022-32833 RESERVED -CVE-2022-32832 - RESERVED -CVE-2022-32831 - RESERVED +CVE-2022-32832 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2022-32831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + TODO: check CVE-2022-32830 RESERVED -CVE-2022-32829 - RESERVED -CVE-2022-32828 - RESERVED +CVE-2022-32829 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2022-32828 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check CVE-2022-32827 RESERVED -CVE-2022-32826 - RESERVED -CVE-2022-32825 - RESERVED +CVE-2022-32826 (An authorization issue was addressed with improved state management. T ...) + TODO: check +CVE-2022-32825 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check CVE-2022-32824 RESERVED -CVE-2022-32823 - RESERVED +CVE-2022-32823 (A memory initialization issue was addressed with improved memory handl ...) + TODO: check CVE-2022-32822 RESERVED -CVE-2022-32821 - RESERVED -CVE-2022-32820 - RESERVED -CVE-2022-32819 - RESERVED -CVE-2022-32818 - RESERVED -CVE-2022-32817 - RESERVED -CVE-2022-32816 [A UI spoofing issue was addressed with improved UI handling] - RESERVED +CVE-2022-32821 (A memory corruption issue was addressed with improved validation. This ...) + TODO: check +CVE-2022-32820 (An out-of-bounds write issue was addressed with improved input validat ...) + TODO: check +CVE-2022-32819 (A logic issue was addressed with improved state management. This issue ...) + TODO: check +CVE-2022-32818 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2022-32817 (An out-of-bounds read issue was addressed with improved bounds checkin ...) + TODO: check +CVE-2022-32816 (The issue was addressed with improved UI handling. This issue is fixed ...) {DSA-5211-1 DSA-5210-1 DLA-3073-1} - webkit2gtk 2.36.6-1 - wpewebkit 2.36.6-1 NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2 -CVE-2022-32815 - RESERVED -CVE-2022-32814 - RESERVED +CVE-2022-32815 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2022-32814 (A type confusion issue was addressed with improved state handling. Thi ...) + TODO: check CVE-2022-32813 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32812 (The issue was addressed with improved memory handling. This issue is f ...) @@ -21956,38 +21994,37 @@ CVE-2022-32809 RESERVED CVE-2022-32808 RESERVED -CVE-2022-32807 - RESERVED +CVE-2022-32807 (This issue was addressed with improved file handling. This issue is fi ...) + TODO: check CVE-2022-32806 RESERVED -CVE-2022-32805 - RESERVED +CVE-2022-32805 (The issue was addressed with improved handling of caches. This issue i ...) + TODO: check CVE-2022-32804 RESERVED CVE-2022-32803 RESERVED CVE-2022-32802 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple -CVE-2022-32801 - RESERVED -CVE-2022-32800 - RESERVED -CVE-2022-32799 - RESERVED -CVE-2022-32798 - RESERVED -CVE-2022-32797 - RESERVED -CVE-2022-32796 - RESERVED +CVE-2022-32801 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2022-32800 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2022-32799 (An out-of-bounds read issue was addressed with improved bounds checkin ...) + TODO: check +CVE-2022-32798 (An out-of-bounds write issue was addressed with improved input validat ...) + TODO: check +CVE-2022-32797 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2022-32796 (A memory corruption issue was addressed with improved state management ...) + TODO: check CVE-2022-32795 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32794 RESERVED CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with improved bound ...) NOT-FOR-US: Apple -CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input validation] - RESERVED +CVE-2022-32792 (An out-of-bounds write issue was addressed with improved input validat ...) {DSA-5211-1 DSA-5210-1 DLA-3073-1} - webkit2gtk 2.36.6-1 - wpewebkit 2.36.6-1 @@ -21995,26 +22032,26 @@ CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input v NOTE: https://starlabs.sg/blog/2022/09-step-by-step-walkthrough-of-cve-2022-32792/ CVE-2022-32791 RESERVED -CVE-2022-32790 - RESERVED -CVE-2022-32789 - RESERVED +CVE-2022-32790 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2022-32789 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check CVE-2022-32788 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple -CVE-2022-32787 - RESERVED -CVE-2022-32786 - RESERVED -CVE-2022-32785 - RESERVED +CVE-2022-32787 (An out-of-bounds write issue was addressed with improved bounds checki ...) + TODO: check +CVE-2022-32786 (An issue in the handling of environment variables was addressed with i ...) + TODO: check +CVE-2022-32785 (A null pointer dereference was addressed with improved validation. Thi ...) + TODO: check CVE-2022-32784 RESERVED -CVE-2022-32783 - RESERVED -CVE-2022-32782 - RESERVED -CVE-2022-32781 - RESERVED +CVE-2022-32783 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2022-32782 (This issue was addressed by enabling hardened runtime. This issue is f ...) + TODO: check +CVE-2022-32781 (This issue was addressed by enabling hardened runtime. This issue is f ...) + TODO: check CVE-2022-32780 RESERVED CVE-2022-32779 @@ -22564,8 +22601,8 @@ CVE-2022-2027 (Improper Neutralization of Formula Elements in a CSV File in GitH NOT-FOR-US: kromitgmbh/titra CVE-2022-2026 (Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/ti ...) NOT-FOR-US: kromitgmbh/titra -CVE-2022-2025 - RESERVED +CVE-2022-2025 (an attacker with knowledge of user/pass of Grandstream GSD3710 in its ...) + TODO: check CVE-2017-20051 (A vulnerability was found in InnoSetup Installer. It has been declared ...) NOT-FOR-US: InnoSetup CVE-2022-32548 (An issue was discovered on certain DrayTek Vigor routers before July 2 ...) @@ -23533,14 +23570,14 @@ CVE-2022-1977 (The Import Export All WordPress Images, Users & Post Types Wo NOT-FOR-US: WordPress plugin CVE-2022-32230 (Microsoft Windows SMBv3 suffers from a null pointer dereference in ver ...) NOT-FOR-US: Microsoft -CVE-2022-32229 - RESERVED -CVE-2022-32228 - RESERVED -CVE-2022-32227 - RESERVED -CVE-2022-32226 - RESERVED +CVE-2022-32229 (A information disclosure vulnerability exists in Rockert.Chat <v5 d ...) + TODO: check +CVE-2022-32228 (An information disclosure vulnerability exists in Rocket.Chat <v5, ...) + TODO: check +CVE-2022-32227 (A cleartext transmission of sensitive information exists in Rocket.Cha ...) + TODO: check +CVE-2022-32226 (An improper access control vulnerability exists in Rocket.Chat <v5, ...) + TODO: check CVE-2022-32225 (A reflected DOM-Based XSS vulnerability has been discovered in the Hel ...) NOT-FOR-US: Veeam CVE-2022-32224 @@ -23560,14 +23597,14 @@ CVE-2022-32222 (A cryptographic vulnerability exists on Node.js on linux in vers NOTE: https://github.com/nodejs/node/commit/a5fc2deb43f85dc2195a1fe1683b9c2e7443b001 CVE-2022-32221 RESERVED -CVE-2022-32220 - RESERVED -CVE-2022-32219 - RESERVED -CVE-2022-32218 - RESERVED -CVE-2022-32217 - RESERVED +CVE-2022-32220 (An information disclosure vulnerability exists in Rocket.Chat <v5 d ...) + TODO: check +CVE-2022-32219 (An information disclosure vulnerability exists in Rocket.Chat <v4.7 ...) + TODO: check +CVE-2022-32218 (An information disclosure vulnerability exists in Rocket.Chat <v5, ...) + TODO: check +CVE-2022-32217 (A cleartext storage of sensitive information exists in Rocket.Chat < ...) + TODO: check CVE-2022-32216 RESERVED CVE-2022-32215 (The llhttp parser in the http module in Node v17.6.0 does not correctl ...) @@ -23598,8 +23635,8 @@ CVE-2022-32212 (A OS Command Injection vulnerability exists in Node.js versions NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-ip-addresses-high-cve-2022-32212 NOTE: https://github.com/nodejs/node/commit/48c5aa5cab718d04473fa2761d532657c84b8131 (v14.x) NOTE: https://github.com/nodejs/node/commit/1aa5036c31ac2a9b2a2528af454675ad412f1464 (main) -CVE-2022-32211 - RESERVED +CVE-2022-32211 (A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v ...) + TODO: check CVE-2022-32210 (`Undici.ProxyAgent` never verifies the remote server's certificate, an ...) - node-undici 5.6.1+dfsg1+~cs18.9.16-1 NOTE: https://github.com/advisories/GHSA-pgw7-wx7w-2w33 @@ -29887,8 +29924,8 @@ CVE-2019-25060 (The WPGraphQL WordPress plugin before 0.3.5 doesn't properly res NOT-FOR-US: WordPress plugin CVE-2022-30125 RESERVED -CVE-2022-30124 - RESERVED +CVE-2022-30124 (An improper authentication vulnerability exists in Rocket.Chat Mobile ...) + TODO: check CVE-2022-30123 [Possible shell escape sequence injection vulnerability in Rack] RESERVED {DLA-3095-1} @@ -29902,8 +29939,8 @@ CVE-2022-30122 [Denial of Service Vulnerability in Rack Multipart Parsing] - ruby-rack 2.2.4-1 NOTE: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk NOTE: https://github.com/advisories/GHSA-hxqx-xwvh-44m2 -CVE-2022-30121 - RESERVED +CVE-2022-30121 (The “LANDesk(R) Management Agent” service exposes a socket ...) + TODO: check CVE-2022-30120 (XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. Whe ...) NOT-FOR-US: Concrete CMS CVE-2022-30119 (XSS in /dashboard/reports/logs/view - old browsers only. When using In ...) @@ -33563,8 +33600,8 @@ CVE-2022-28888 (Spryker Commerce OS 1.4.2 allows Remote Command Execution. ...) NOT-FOR-US: Spryker Commerce OS CVE-2022-28887 RESERVED -CVE-2022-28886 - RESERVED +CVE-2022-28886 (A Denial-of-Service vulnerability was discovered in the F-Secure and W ...) + TODO: check CVE-2022-28885 (A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd ...) NOT-FOR-US: WithSecure CVE-2022-28884 (A Denial-of-Service vulnerability was discovered in the F-Secure and W ...) @@ -35964,8 +36001,8 @@ CVE-2022-1123 (The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) W NOT-FOR-US: WordPress plugin CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., ...) NOT-FOR-US: Firebase PHP-JWT -CVE-2020-36521 - RESERVED +CVE-2020-36521 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check CVE-2022-28128 (Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and ear ...) NOT-FOR-US: AttacheCase CVE-2022-27496 (Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and ...) @@ -37603,8 +37640,8 @@ CVE-2022-1039 (The weak password on the web user interface can be exploited via NOT-FOR-US: Red Lion CVE-2022-1038 RESERVED -CVE-2022-27492 - RESERVED +CVE-2022-27492 (An integer underflow in WhatsApp could have caused remote code executi ...) + TODO: check CVE-2022-27491 (A improper verification of source of a communication channel in Fortin ...) NOT-FOR-US: FortiGuard CVE-2022-27490 @@ -39953,8 +39990,8 @@ CVE-2022-26709 NOTE: https://webkitgtk.org/security/WSA-2022-0005.html CVE-2022-26708 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple -CVE-2022-26707 - RESERVED +CVE-2022-26707 (An issue in the handling of environment variables was addressed with i ...) + TODO: check CVE-2022-26706 (An access issue was addressed with additional sandbox restrictions on ...) NOT-FOR-US: Apple CVE-2022-26705 @@ -39967,8 +40004,7 @@ CVE-2022-26702 (A use after free issue was addressed with improved memory manage NOT-FOR-US: Apple CVE-2022-26701 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple -CVE-2022-26700 - RESERVED +CVE-2022-26700 (A memory corruption issue was addressed with improved state management ...) {DSA-5155-1 DSA-5154-1} - webkit2gtk 2.36.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -41722,8 +41758,8 @@ CVE-2022-26114 (An improper neutralization of input during web page generation v NOT-FOR-US: FortiGuard CVE-2022-26113 (An execution with unnecessary privileges vulnerability [CWE-250] in Fo ...) NOT-FOR-US: Fortinet -CVE-2022-26112 - RESERVED +CVE-2022-26112 (In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and ...) + TODO: check CVE-2022-26042 (An OS command injection vulnerability exists in the daretools binary f ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26007 (An OS command injection vulnerability exists in the console factory fu ...) @@ -47273,8 +47309,7 @@ CVE-2022-24282 (A vulnerability has been identified in SINEC NMS (All versions). NOT-FOR-US: Siemens CVE-2022-24281 (A vulnerability has been identified in SINEC NMS (All versions). A pri ...) NOT-FOR-US: Siemens -CVE-2022-24280 - RESERVED +CVE-2022-24280 (Improper Input Validation vulnerability in Proxy component of Apache P ...) NOT-FOR-US: Apache Pulsar CVE-2022-24277 RESERVED @@ -51566,8 +51601,8 @@ CVE-2022-23146 RESERVED CVE-2022-23145 RESERVED -CVE-2022-23144 - RESERVED +CVE-2022-23144 (There is a broken access control vulnerability in ZTE ZXvSTB product. ...) + TODO: check CVE-2022-23143 RESERVED CVE-2022-23142 (ZXEN CG200 has a DoS vulnerability. An attacker could construct and se ...) @@ -53552,8 +53587,7 @@ CVE-2022-22639 (A logic issue was addressed with improved state management. This NOT-FOR-US: Apple CVE-2022-22638 (A null pointer dereference was addressed with improved validation. Thi ...) NOT-FOR-US: Apple -CVE-2022-22637 [A logic issue was addressed with improved state management] - RESERVED +CVE-2022-22637 (A logic issue was addressed with improved state management. This issue ...) {DSA-5061-1 DSA-5060-1} - webkit2gtk 2.34.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -53573,15 +53607,13 @@ CVE-2022-22631 (An out-of-bounds write issue was addressed with improved bounds NOT-FOR-US: Apple CVE-2022-22630 RESERVED -CVE-2022-22629 [A buffer overflow issue was addressed with improved memory handling] - RESERVED +CVE-2022-22629 (A buffer overflow issue was addressed with improved memory handling. T ...) {DSA-5116-1 DSA-5115-1} - webkit2gtk 2.36.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.36.0-2 NOTE: https://webkitgtk.org/security/WSA-2022-0004.html -CVE-2022-22628 [A use after free issue was addressed with improved memory management] - RESERVED +CVE-2022-22628 (A use after free issue was addressed with improved memory management. ...) {DSA-5116-1 DSA-5115-1} - webkit2gtk 2.36.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -53593,8 +53625,7 @@ CVE-2022-22626 (An out-of-bounds read was addressed with improved bounds checkin NOT-FOR-US: Apple CVE-2022-22625 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple -CVE-2022-22624 [A use after free issue was addressed with improved memory management] - RESERVED +CVE-2022-22624 (A use after free issue was addressed with improved memory management. ...) {DSA-5116-1 DSA-5115-1} - webkit2gtk 2.36.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -53630,8 +53661,8 @@ CVE-2022-22612 (A memory consumption issue was addressed with improved memory ha NOT-FOR-US: Apple CVE-2022-22611 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple -CVE-2022-22610 - RESERVED +CVE-2022-22610 (A memory corruption issue was addressed with improved state management ...) + TODO: check CVE-2022-22609 (The issue was addressed with additional permissions checks. This issue ...) NOT-FOR-US: Apple CVE-2022-22608 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) @@ -54202,8 +54233,8 @@ CVE-2022-22425 RESERVED CVE-2022-22424 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain s ...) NOT-FOR-US: IBM -CVE-2022-22423 - RESERVED +CVE-2022-22423 (IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7. ...) + TODO: check CVE-2022-22422 RESERVED CVE-2022-22421 @@ -58680,8 +58711,8 @@ CVE-2021-45037 RESERVED CVE-2021-45036 RESERVED -CVE-2021-45035 - RESERVED +CVE-2021-45035 (Velneo vClient on its 28.1.3 version, does not correctly check the cer ...) + TODO: check CVE-2021-45034 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...) NOT-FOR-US: Siemens CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...) @@ -73875,8 +73906,8 @@ CVE-2021-3784 RESERVED CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...) NOT-FOR-US: yourls -CVE-2021-3782 - RESERVED +CVE-2021-3782 (An internal reference count is held on the buffer pool, incremented ev ...) + TODO: check CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was ...) {DSA-4972-1} - ghostscript 9.53.3~dfsg-8 (bug #994011) @@ -127594,7 +127625,7 @@ CVE-2021-20079 (Nessus versions 8.13.2 and earlier were found to contain a privi NOT-FOR-US: Nessus CVE-2021-20078 (Manage Engine OpManager builds below 125346 are vulnerable to a remote ...) NOT-FOR-US: Manage Engine OpManager -CVE-2021-20077 (Nessus versions 8.13.2 and earlier were found to contain a privilege e ...) +CVE-2021-20077 (Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently ...) NOT-FOR-US: Nessus Agent CVE-2021-20076 (Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were fou ...) NOT-FOR-US: Tenable -- cgit v1.2.3