diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-02-15 20:11:23 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-02-15 20:11:23 +0000 |
commit | 22b9756a0fa4198cc89e67a190090111b5ce23c1 (patch) | |
tree | 47ba00784932e43368e4bb71aa689b8a1f9c14d3 /data/CVE/2022.list | |
parent | b5644d1085ba94ff017c0faec12e2cf3e68746bb (diff) |
automatic update
Diffstat (limited to 'data/CVE/2022.list')
-rw-r--r-- | data/CVE/2022.list | 186 |
1 files changed, 107 insertions, 79 deletions
diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 62801885b2..8c3a3ef778 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,78 +1,106 @@ -CVE-2022-25212 +CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XM ...) + TODO: check +CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier use ...) + TODO: check +CVE-2022-25169 + RESERVED +CVE-2022-25168 + RESERVED +CVE-2022-25167 + RESERVED +CVE-2022-24435 + RESERVED +CVE-2022-23986 + RESERVED +CVE-2022-21159 + RESERVED +CVE-2022-0618 + RESERVED +CVE-2022-0617 + RESERVED +CVE-2022-0616 + RESERVED +CVE-2022-0615 + RESERVED +CVE-2022-0614 + RESERVED +CVE-2022-0613 + RESERVED +CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25211 +CVE-2022-25211 (A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier a ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25210 +CVE-2022-25210 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25208 +CVE-2022-25208 (A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and ear ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25207 +CVE-2022-25207 (A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sina ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25206 +CVE-2022-25206 (A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows at ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25205 +CVE-2022-25205 (A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25204 +CVE-2022-25204 (Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25203 +CVE-2022-25203 (Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25202 +CVE-2022-25202 (Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25201 +CVE-2022-25201 (Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and ear ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25200 +CVE-2022-25200 (A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25199 +CVE-2022-25199 (A missing permission check in Jenkins SCP publisher Plugin 1.8 and ear ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25198 +CVE-2022-25198 (A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publi ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25197 +CVE-2022-25197 (Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implement ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25196 +CVE-2022-25196 (Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25195 +CVE-2022-25195 (A missing permission check in Jenkins autonomiq Plugin 1.15 and earlie ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25194 +CVE-2022-25194 (A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25193 +CVE-2022-25193 (Missing permission checks in Jenkins Snow Commander Plugin 2.0 and ear ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25192 +CVE-2022-25192 (A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Comm ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25191 +CVE-2022-25191 (Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25190 +CVE-2022-25190 (A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25189 +CVE-2022-25189 (Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not esca ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25188 +CVE-2022-25188 (Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appNa ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25187 +CVE-2022-25187 (Jenkins Support Core Plugin 2.79 and earlier does not redact some sens ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25186 +CVE-2022-25186 (Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functional ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25185 +CVE-2022-25185 (Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25184 +CVE-2022-25184 (Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25183 +CVE-2022-25183 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25182 +CVE-2022-25182 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25181 +CVE-2022-25181 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25180 +CVE-2022-25180 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier include ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25179 +CVE-2022-25179 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier fol ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25178 +CVE-2022-25178 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25177 +CVE-2022-25177 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25176 +CVE-2022-25176 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25174 +CVE-2022-25174 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) NOT-FOR-US: Jenkins plugin -CVE-2022-25173 +CVE-2022-25173 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses th ...) NOT-FOR-US: Jenkins plugin CVE-2022-25166 RESERVED @@ -176,10 +204,10 @@ CVE-2022-0599 RESERVED CVE-2022-0598 RESERVED -CVE-2022-0597 - RESERVED -CVE-2022-0596 - RESERVED +CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...) + TODO: check +CVE-2022-0596 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...) + TODO: check CVE-2022-0595 RESERVED CVE-2022-0594 @@ -192,12 +220,12 @@ CVE-2022-0591 RESERVED CVE-2022-0590 RESERVED -CVE-2022-0589 - RESERVED -CVE-2022-0588 - RESERVED -CVE-2022-0587 - RESERVED +CVE-2022-0589 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...) + TODO: check +CVE-2022-0588 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...) + TODO: check +CVE-2022-0587 (Improper Authorization in Packagist librenms/librenms prior to 22.2.0. ...) + TODO: check CVE-2022-25146 RESERVED CVE-2022-25145 @@ -1243,8 +1271,8 @@ CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.1 NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559 CVE-2022-24685 RESERVED -CVE-2022-24684 - RESERVED +CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.1 ...) + TODO: check CVE-2022-24683 RESERVED CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...) @@ -1532,18 +1560,18 @@ CVE-2022-24592 RESERVED CVE-2022-24591 RESERVED -CVE-2022-24590 - RESERVED -CVE-2022-24589 - RESERVED -CVE-2022-24588 - RESERVED -CVE-2022-24587 - RESERVED -CVE-2022-24586 - RESERVED -CVE-2022-24585 - RESERVED +CVE-2022-24590 (A stored cross-site scripting (XSS) vulnerability in the Add Link func ...) + TODO: check +CVE-2022-24589 (Burden v3.0 was discovered to contain a stored cross-site scripting (X ...) + TODO: check +CVE-2022-24588 (Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS ...) + TODO: check +CVE-2022-24587 (A stored cross-site scripting (XSS) vulnerability in the component cor ...) + TODO: check +CVE-2022-24586 (A stored cross-site scripting (XSS) vulnerability in the component /co ...) + TODO: check +CVE-2022-24585 (A stored cross-site scripting (XSS) vulnerability in the component /co ...) + TODO: check CVE-2022-24584 RESERVED CVE-2022-24583 @@ -2571,10 +2599,10 @@ CVE-2022-24229 RESERVED CVE-2022-24228 RESERVED -CVE-2022-24227 - RESERVED -CVE-2022-24226 - RESERVED +CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows at ...) + TODO: check +CVE-2022-24226 (Hospital Management System v4.0 was discovered to contain a blind SQL ...) + TODO: check CVE-2022-24225 RESERVED CVE-2022-24224 @@ -4175,8 +4203,8 @@ CVE-2022-23641 RESERVED CVE-2022-23640 RESERVED -CVE-2022-23639 - RESERVED +CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, scoped t ...) + TODO: check CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...) TODO: check CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...) @@ -4268,8 +4296,8 @@ CVE-2022-23606 RESERVED CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol. In versio ...) NOT-FOR-US: Wire webapp -CVE-2022-23604 - RESERVED +CVE-2022-23604 (x26-Cogs is a repository of cogs made by Twentysix for the Red Discord ...) + TODO: check CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...) NOT-FOR-US: iTunesRPC-Remastered CVE-2022-23602 (Nimforum is a lightweight alternative to Discourse written in Nim. In ...) @@ -4874,8 +4902,8 @@ CVE-2022-23386 RESERVED CVE-2022-23385 RESERVED -CVE-2022-23384 - RESERVED +CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin ...) + TODO: check CVE-2022-23383 RESERVED CVE-2022-23382 @@ -5008,8 +5036,8 @@ CVE-2022-23319 RESERVED CVE-2022-23318 RESERVED -CVE-2022-23317 - RESERVED +CVE-2022-23317 (CobaltStrike <=4.5 HTTP(S) listener does not determine whether the ...) + TODO: check CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...) NOT-FOR-US: taocms CVE-2022-23315 (MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnera ...) @@ -5318,7 +5346,7 @@ CVE-2022-23224 CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...) NOT-FOR-US: Apache ShenYu Admin CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...) - {DLA-2923-1} + {DSA-5076-1 DLA-2923-1} - h2database 2.1.210-1 NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210 NOTE: Fixed by https://github.com/h2database/h2database/commit/eb75633d0dfa86341e6ef77a861665c4a0f16ab8 @@ -6599,8 +6627,8 @@ CVE-2022-22772 RESERVED CVE-2022-22771 RESERVED -CVE-2022-22770 - RESERVED +CVE-2022-22770 (The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe cont ...) + TODO: check CVE-2022-22769 (The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX ...) NOT-FOR-US: TIBCO CVE-2022-22768 @@ -9369,8 +9397,8 @@ CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive NOTE: Fixed by: https://github.com/ipython/ipython/commit/1ec91ebf328bdf3450130de4b4604c79dc1e19d9 NOTE: Testcase: https://github.com/ipython/ipython/commit/56665dfcf7df8690da46aab1278df8e47b14fe3b NOTE: https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699 -CVE-2022-21698 - RESERVED +CVE-2022-21698 (client_golang is the instrumentation library for Go applications in Pr ...) + TODO: check CVE-2022-21697 (Jupyter Server Proxy is a Jupyter notebook server extension to proxy w ...) TODO: check CVE-2022-21696 (OnionShare is an open source tool that lets you securely and anonymous ...) |