diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-11-26 20:10:19 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-11-26 20:10:19 +0000 |
commit | 97b34b0695501c95c8b924393346f835047a4441 (patch) | |
tree | b1978c22a14d4b1918280e560ceaecf0b56fef57 | |
parent | c9d70213434870ccb0ba612bb1d7ef48e28418d9 (diff) |
automatic update
-rw-r--r-- | data/CVE/2015.list | 3 | ||||
-rw-r--r-- | data/CVE/2020.list | 4 | ||||
-rw-r--r-- | data/CVE/2021.list | 68 | ||||
-rw-r--r-- | data/CVE/2022.list | 100 |
4 files changed, 142 insertions, 33 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 18c2cc332a..037bae9728 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -12570,7 +12570,8 @@ CVE-2015-5203 (Double free vulnerability in the jasper_image_stop_load function [wheezy] - jasper <no-dsa> (Minor issue) [squeeze] - jasper <no-dsa> (Minor issue) NOTE: Analysis/More information/Fixing commits: https://bugzilla.redhat.com/show_bug.cgi?id=1254242#c11 -CVE-2015-5202 (Red Hat Satellite 6 allows remote authenticated users with privileged ...) +CVE-2015-5202 + REJECTED NOT-FOR-US: Satellite6 CVE-2015-5201 (VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka ...) NOT-FOR-US: Red Hat vdms diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 7ab4818ffb..cbe9849006 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -54758,8 +54758,8 @@ CVE-2020-7883 RESERVED CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can see th ...) NOT-FOR-US: anySign -CVE-2020-7881 - RESERVED +CVE-2020-7881 (The vulnerability function is enabled when the streamer service relate ...) + TODO: check CVE-2020-7880 RESERVED CVE-2020-7879 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 2d6903232d..917bd13037 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,11 @@ +CVE-2021-44230 + RESERVED +CVE-2021-44229 + RESERVED +CVE-2021-44228 + RESERVED +CVE-2021-4024 + RESERVED CVE-2021-44227 RESERVED CVE-2021-44226 @@ -1043,8 +1051,8 @@ CVE-2021-43787 RESERVED CVE-2021-43786 RESERVED -CVE-2021-43785 - RESERVED +CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker componen ...) + TODO: check CVE-2021-43784 RESERVED CVE-2021-43783 @@ -1061,8 +1069,8 @@ CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes. GLP NOT-FOR-US: GLPI plugin CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...) NOT-FOR-US: Redash -CVE-2021-43776 - RESERVED +CVE-2021-43776 (Backstage is an open platform for building developer portals. In affec ...) + TODO: check CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment trackin ...) NOT-FOR-US: Aim CVE-2021-3967 @@ -6852,8 +6860,8 @@ CVE-2021-41281 (Synapse is a package for Matrix homeservers written in Python 3/ NOTE: https://github.com/matrix-org/synapse/commit/91f2bd0907f1d05af67166846988e49644eb650c CVE-2021-41280 (Sharetribe Go is a source available marketplace software. In affected ...) NOT-FOR-US: Sharetribe Go -CVE-2021-41279 - RESERVED +CVE-2021-41279 (BaserCMS is an open source content management system with a focus on J ...) + TODO: check CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing necessary ...) NOT-FOR-US: EdgeX CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...) @@ -6942,8 +6950,8 @@ CVE-2021-41245 RESERVED CVE-2021-41244 (Grafana is an open-source platform for monitoring and observability. I ...) - grafana <removed> -CVE-2021-41243 - RESERVED +CVE-2021-41243 (There is a Potential Zip Slip Vulnerability and OS Command Injection V ...) + TODO: check CVE-2021-41242 RESERVED CVE-2021-41241 @@ -7915,8 +7923,8 @@ CVE-2021-40835 RESERVED CVE-2021-40834 RESERVED -CVE-2021-40833 - RESERVED +CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...) + TODO: check CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) NOT-FOR-US: F-Secure CVE-2021-40831 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a ...) @@ -8599,7 +8607,7 @@ CVE-2021-40533 CVE-2021-40532 (Telegram Web K Alpha before 0.7.2 mishandles the characters in a docum ...) NOT-FOR-US: tweb NOTE: https://github.com/morethanwords/tweb -CVE-2021-40531 (Sketch before 75 mishandles external library feeds. ...) +CVE-2021-40531 (An issue discovered in sketch before version 75,that allows for librar ...) NOT-FOR-US: Sketch collaborative design (Mac or Web app) NOTE: sketch.com, not the sketch package in Debian. CVE-2021-40530 (The ElGamal implementation in Crypto++ through 8.5 allows plaintext re ...) @@ -13006,10 +13014,10 @@ CVE-2021-38688 RESERVED CVE-2021-38687 RESERVED -CVE-2021-38686 - RESERVED -CVE-2021-38685 - RESERVED +CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...) + TODO: check +CVE-2021-38685 (A command injection vulnerability has been reported to affect QNAP dev ...) + TODO: check CVE-2021-38684 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-38683 @@ -17276,8 +17284,8 @@ CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Appl NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices CVE-2021-36920 RESERVED -CVE-2021-36919 - RESERVED +CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabil ...) + TODO: check CVE-2021-36918 RESERVED CVE-2021-36917 (WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated ...) @@ -17428,8 +17436,8 @@ CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnera NOT-FOR-US: WordPress plugin CVE-2021-36844 RESERVED -CVE-2021-36843 - RESERVED +CVE-2021-36843 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability discover ...) + TODO: check CVE-2021-36842 RESERVED CVE-2021-36841 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH ...) @@ -17500,8 +17508,8 @@ CVE-2021-36809 RESERVED CVE-2021-36808 (A local attacker could bypass the app password using a race condition ...) NOT-FOR-US: Sophos -CVE-2021-36807 - RESERVED +CVE-2021-36807 (An authenticated user could potentially execute code via an SQLi vulne ...) + TODO: check CVE-2021-36806 RESERVED CVE-2021-36805 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...) @@ -20392,8 +20400,8 @@ CVE-2021-35535 (Insecure Boot Image vulnerability in Hitachi Energy Relion Relio NOT-FOR-US: Hitachi CVE-2021-35534 (Insufficient security control vulnerability in internal database acces ...) NOT-FOR-US: Hitachi -CVE-2021-35533 - RESERVED +CVE-2021-35533 (Improper Input Validation vulnerability in the APDU parser in the Bidi ...) + TODO: check CVE-2021-35532 RESERVED CVE-2021-35531 @@ -42040,16 +42048,16 @@ CVE-2021-26617 RESERVED CVE-2021-26616 RESERVED -CVE-2021-26615 - RESERVED +CVE-2021-26615 (ARK library allows attackers to execute remote code via the parameter( ...) + TODO: check CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...) NOT-FOR-US: IpTime C200 camera CVE-2021-26613 RESERVED CVE-2021-26612 RESERVED -CVE-2021-26611 - RESERVED +CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnera ...) + TODO: check CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform an integ ...) NOT-FOR-US: godomall5 CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A SQL-Inject ...) @@ -43695,7 +43703,7 @@ CVE-2021-25971 (In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Un NOT-FOR-US: Camaleon CMS CVE-2021-25970 (Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session ...) NOT-FOR-US: Camaleon CMS -CVE-2021-25969 (In “Camaleon CMS” application, versions 0.0.1 to 2.6.0 are ...) +CVE-2021-25969 (In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to ...) NOT-FOR-US: Camaleon CMS CVE-2021-25968 (In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a ...) NOT-FOR-US: OpenCMS @@ -45510,8 +45518,8 @@ CVE-2021-25271 (A local attacker could read or write arbitrary files with admini NOT-FOR-US: HitmanPro CVE-2021-25270 (A local attacker could execute arbitrary code with administrator privi ...) NOT-FOR-US: HitmanPro -CVE-2021-25269 - RESERVED +CVE-2021-25269 (A local administrator could prevent the HMPA service from starting des ...) + TODO: check CVE-2021-25268 RESERVED CVE-2021-25267 diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 475dec0f4e..24adba79a0 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,103 @@ +CVE-2022-21792 + RESERVED +CVE-2022-21791 + RESERVED +CVE-2022-21790 + RESERVED +CVE-2022-21789 + RESERVED +CVE-2022-21788 + RESERVED +CVE-2022-21787 + RESERVED +CVE-2022-21786 + RESERVED +CVE-2022-21785 + RESERVED +CVE-2022-21784 + RESERVED +CVE-2022-21783 + RESERVED +CVE-2022-21782 + RESERVED +CVE-2022-21781 + RESERVED +CVE-2022-21780 + RESERVED +CVE-2022-21779 + RESERVED +CVE-2022-21778 + RESERVED +CVE-2022-21777 + RESERVED +CVE-2022-21776 + RESERVED +CVE-2022-21775 + RESERVED +CVE-2022-21774 + RESERVED +CVE-2022-21773 + RESERVED +CVE-2022-21772 + RESERVED +CVE-2022-21771 + RESERVED +CVE-2022-21770 + RESERVED +CVE-2022-21769 + RESERVED +CVE-2022-21768 + RESERVED +CVE-2022-21767 + RESERVED +CVE-2022-21766 + RESERVED +CVE-2022-21765 + RESERVED +CVE-2022-21764 + RESERVED +CVE-2022-21763 + RESERVED +CVE-2022-21762 + RESERVED +CVE-2022-21761 + RESERVED +CVE-2022-21760 + RESERVED +CVE-2022-21759 + RESERVED +CVE-2022-21758 + RESERVED +CVE-2022-21757 + RESERVED +CVE-2022-21756 + RESERVED +CVE-2022-21755 + RESERVED +CVE-2022-21754 + RESERVED +CVE-2022-21753 + RESERVED +CVE-2022-21752 + RESERVED +CVE-2022-21751 + RESERVED +CVE-2022-21750 + RESERVED +CVE-2022-21749 + RESERVED +CVE-2022-21748 + RESERVED +CVE-2022-21747 + RESERVED +CVE-2022-21746 + RESERVED +CVE-2022-21745 + RESERVED +CVE-2022-21744 + RESERVED +CVE-2022-21743 + RESERVED CVE-2022-0009 RESERVED CVE-2022-0008 |