summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsecurity tracker role <sectracker@soriano.debian.org>2021-11-26 20:10:19 +0000
committersecurity tracker role <sectracker@soriano.debian.org>2021-11-26 20:10:19 +0000
commit97b34b0695501c95c8b924393346f835047a4441 (patch)
treeb1978c22a14d4b1918280e560ceaecf0b56fef57
parentc9d70213434870ccb0ba612bb1d7ef48e28418d9 (diff)
automatic update
Diffstat
-rw-r--r--data/CVE/2015.list3
-rw-r--r--data/CVE/2020.list4
-rw-r--r--data/CVE/2021.list68
-rw-r--r--data/CVE/2022.list100
4 files changed, 142 insertions, 33 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 18c2cc332a..037bae9728 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -12570,7 +12570,8 @@ CVE-2015-5203 (Double free vulnerability in the jasper_image_stop_load function
[wheezy] - jasper <no-dsa> (Minor issue)
[squeeze] - jasper <no-dsa> (Minor issue)
NOTE: Analysis/More information/Fixing commits: https://bugzilla.redhat.com/show_bug.cgi?id=1254242#c11
-CVE-2015-5202 (Red Hat Satellite 6 allows remote authenticated users with privileged ...)
+CVE-2015-5202
+ REJECTED
NOT-FOR-US: Satellite6
CVE-2015-5201 (VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka ...)
NOT-FOR-US: Red Hat vdms
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 7ab4818ffb..cbe9849006 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -54758,8 +54758,8 @@ CVE-2020-7883
RESERVED
CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can see th ...)
NOT-FOR-US: anySign
-CVE-2020-7881
- RESERVED
+CVE-2020-7881 (The vulnerability function is enabled when the streamer service relate ...)
+ TODO: check
CVE-2020-7880
RESERVED
CVE-2020-7879
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 2d6903232d..917bd13037 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,11 @@
+CVE-2021-44230
+ RESERVED
+CVE-2021-44229
+ RESERVED
+CVE-2021-44228
+ RESERVED
+CVE-2021-4024
+ RESERVED
CVE-2021-44227
RESERVED
CVE-2021-44226
@@ -1043,8 +1051,8 @@ CVE-2021-43787
RESERVED
CVE-2021-43786
RESERVED
-CVE-2021-43785
- RESERVED
+CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker componen ...)
+ TODO: check
CVE-2021-43784
RESERVED
CVE-2021-43783
@@ -1061,8 +1069,8 @@ CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes. GLP
NOT-FOR-US: GLPI plugin
CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...)
NOT-FOR-US: Redash
-CVE-2021-43776
- RESERVED
+CVE-2021-43776 (Backstage is an open platform for building developer portals. In affec ...)
+ TODO: check
CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment trackin ...)
NOT-FOR-US: Aim
CVE-2021-3967
@@ -6852,8 +6860,8 @@ CVE-2021-41281 (Synapse is a package for Matrix homeservers written in Python 3/
NOTE: https://github.com/matrix-org/synapse/commit/91f2bd0907f1d05af67166846988e49644eb650c
CVE-2021-41280 (Sharetribe Go is a source available marketplace software. In affected ...)
NOT-FOR-US: Sharetribe Go
-CVE-2021-41279
- RESERVED
+CVE-2021-41279 (BaserCMS is an open source content management system with a focus on J ...)
+ TODO: check
CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing necessary ...)
NOT-FOR-US: EdgeX
CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...)
@@ -6942,8 +6950,8 @@ CVE-2021-41245
RESERVED
CVE-2021-41244 (Grafana is an open-source platform for monitoring and observability. I ...)
- grafana <removed>
-CVE-2021-41243
- RESERVED
+CVE-2021-41243 (There is a Potential Zip Slip Vulnerability and OS Command Injection V ...)
+ TODO: check
CVE-2021-41242
RESERVED
CVE-2021-41241
@@ -7915,8 +7923,8 @@ CVE-2021-40835
RESERVED
CVE-2021-40834
RESERVED
-CVE-2021-40833
- RESERVED
+CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
+ TODO: check
CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
NOT-FOR-US: F-Secure
CVE-2021-40831 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a ...)
@@ -8599,7 +8607,7 @@ CVE-2021-40533
CVE-2021-40532 (Telegram Web K Alpha before 0.7.2 mishandles the characters in a docum ...)
NOT-FOR-US: tweb
NOTE: https://github.com/morethanwords/tweb
-CVE-2021-40531 (Sketch before 75 mishandles external library feeds. ...)
+CVE-2021-40531 (An issue discovered in sketch before version 75,that allows for librar ...)
NOT-FOR-US: Sketch collaborative design (Mac or Web app)
NOTE: sketch.com, not the sketch package in Debian.
CVE-2021-40530 (The ElGamal implementation in Crypto++ through 8.5 allows plaintext re ...)
@@ -13006,10 +13014,10 @@ CVE-2021-38688
RESERVED
CVE-2021-38687
RESERVED
-CVE-2021-38686
- RESERVED
-CVE-2021-38685
- RESERVED
+CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...)
+ TODO: check
+CVE-2021-38685 (A command injection vulnerability has been reported to affect QNAP dev ...)
+ TODO: check
CVE-2021-38684 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
NOT-FOR-US: QNAP
CVE-2021-38683
@@ -17276,8 +17284,8 @@ CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Appl
NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices
CVE-2021-36920
RESERVED
-CVE-2021-36919
- RESERVED
+CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabil ...)
+ TODO: check
CVE-2021-36918
RESERVED
CVE-2021-36917 (WordPress Hide My WP plugin (versions &lt;= 6.2.3) can be deactivated ...)
@@ -17428,8 +17436,8 @@ CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnera
NOT-FOR-US: WordPress plugin
CVE-2021-36844
RESERVED
-CVE-2021-36843
- RESERVED
+CVE-2021-36843 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability discover ...)
+ TODO: check
CVE-2021-36842
RESERVED
CVE-2021-36841 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH ...)
@@ -17500,8 +17508,8 @@ CVE-2021-36809
RESERVED
CVE-2021-36808 (A local attacker could bypass the app password using a race condition ...)
NOT-FOR-US: Sophos
-CVE-2021-36807
- RESERVED
+CVE-2021-36807 (An authenticated user could potentially execute code via an SQLi vulne ...)
+ TODO: check
CVE-2021-36806
RESERVED
CVE-2021-36805 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...)
@@ -20392,8 +20400,8 @@ CVE-2021-35535 (Insecure Boot Image vulnerability in Hitachi Energy Relion Relio
NOT-FOR-US: Hitachi
CVE-2021-35534 (Insufficient security control vulnerability in internal database acces ...)
NOT-FOR-US: Hitachi
-CVE-2021-35533
- RESERVED
+CVE-2021-35533 (Improper Input Validation vulnerability in the APDU parser in the Bidi ...)
+ TODO: check
CVE-2021-35532
RESERVED
CVE-2021-35531
@@ -42040,16 +42048,16 @@ CVE-2021-26617
RESERVED
CVE-2021-26616
RESERVED
-CVE-2021-26615
- RESERVED
+CVE-2021-26615 (ARK library allows attackers to execute remote code via the parameter( ...)
+ TODO: check
CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...)
NOT-FOR-US: IpTime C200 camera
CVE-2021-26613
RESERVED
CVE-2021-26612
RESERVED
-CVE-2021-26611
- RESERVED
+CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnera ...)
+ TODO: check
CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform an integ ...)
NOT-FOR-US: godomall5
CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A SQL-Inject ...)
@@ -43695,7 +43703,7 @@ CVE-2021-25971 (In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Un
NOT-FOR-US: Camaleon CMS
CVE-2021-25970 (Camaleon CMS 0.1.7 to 2.6.0 doesn&#8217;t terminate the active session ...)
NOT-FOR-US: Camaleon CMS
-CVE-2021-25969 (In &#8220;Camaleon CMS&#8221; application, versions 0.0.1 to 2.6.0 are ...)
+CVE-2021-25969 (In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to ...)
NOT-FOR-US: Camaleon CMS
CVE-2021-25968 (In &#8220;OpenCMS&#8221;, versions 10.5.0 to 11.0.2 are affected by a ...)
NOT-FOR-US: OpenCMS
@@ -45510,8 +45518,8 @@ CVE-2021-25271 (A local attacker could read or write arbitrary files with admini
NOT-FOR-US: HitmanPro
CVE-2021-25270 (A local attacker could execute arbitrary code with administrator privi ...)
NOT-FOR-US: HitmanPro
-CVE-2021-25269
- RESERVED
+CVE-2021-25269 (A local administrator could prevent the HMPA service from starting des ...)
+ TODO: check
CVE-2021-25268
RESERVED
CVE-2021-25267
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 475dec0f4e..24adba79a0 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,3 +1,103 @@
+CVE-2022-21792
+ RESERVED
+CVE-2022-21791
+ RESERVED
+CVE-2022-21790
+ RESERVED
+CVE-2022-21789
+ RESERVED
+CVE-2022-21788
+ RESERVED
+CVE-2022-21787
+ RESERVED
+CVE-2022-21786
+ RESERVED
+CVE-2022-21785
+ RESERVED
+CVE-2022-21784
+ RESERVED
+CVE-2022-21783
+ RESERVED
+CVE-2022-21782
+ RESERVED
+CVE-2022-21781
+ RESERVED
+CVE-2022-21780
+ RESERVED
+CVE-2022-21779
+ RESERVED
+CVE-2022-21778
+ RESERVED
+CVE-2022-21777
+ RESERVED
+CVE-2022-21776
+ RESERVED
+CVE-2022-21775
+ RESERVED
+CVE-2022-21774
+ RESERVED
+CVE-2022-21773
+ RESERVED
+CVE-2022-21772
+ RESERVED
+CVE-2022-21771
+ RESERVED
+CVE-2022-21770
+ RESERVED
+CVE-2022-21769
+ RESERVED
+CVE-2022-21768
+ RESERVED
+CVE-2022-21767
+ RESERVED
+CVE-2022-21766
+ RESERVED
+CVE-2022-21765
+ RESERVED
+CVE-2022-21764
+ RESERVED
+CVE-2022-21763
+ RESERVED
+CVE-2022-21762
+ RESERVED
+CVE-2022-21761
+ RESERVED
+CVE-2022-21760
+ RESERVED
+CVE-2022-21759
+ RESERVED
+CVE-2022-21758
+ RESERVED
+CVE-2022-21757
+ RESERVED
+CVE-2022-21756
+ RESERVED
+CVE-2022-21755
+ RESERVED
+CVE-2022-21754
+ RESERVED
+CVE-2022-21753
+ RESERVED
+CVE-2022-21752
+ RESERVED
+CVE-2022-21751
+ RESERVED
+CVE-2022-21750
+ RESERVED
+CVE-2022-21749
+ RESERVED
+CVE-2022-21748
+ RESERVED
+CVE-2022-21747
+ RESERVED
+CVE-2022-21746
+ RESERVED
+CVE-2022-21745
+ RESERVED
+CVE-2022-21744
+ RESERVED
+CVE-2022-21743
+ RESERVED
CVE-2022-0009
RESERVED
CVE-2022-0008

© 2014-2024 Faster IT GmbH | imprint | privacy policy