diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-02-19 08:10:16 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-02-19 08:10:16 +0000 |
commit | 35c439eff859bf79f06cc32b6895e1845d910eaa (patch) | |
tree | 48d555dd2181b2cc2bbcdc580cedcc7c7e6dfb05 /data/CVE/2022.list | |
parent | c8691a439f3af79b22eb6b2900970a88d8183044 (diff) |
automatic update
Diffstat (limited to 'data/CVE/2022.list')
-rw-r--r-- | data/CVE/2022.list | 265 |
1 files changed, 159 insertions, 106 deletions
diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 4f2926b45c..091e69ca33 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,61 @@ +CVE-2022-25367 + RESERVED +CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, although it ...) + TODO: check +CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to move arbitr ...) + TODO: check +CVE-2022-25364 + RESERVED +CVE-2022-25363 + RESERVED +CVE-2022-25362 + RESERVED +CVE-2022-25361 + RESERVED +CVE-2022-25360 + RESERVED +CVE-2022-25359 + RESERVED +CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler of awf ...) + TODO: check +CVE-2022-25357 + RESERVED +CVE-2022-25356 + RESERVED +CVE-2022-25344 + RESERVED +CVE-2022-25343 + RESERVED +CVE-2022-25342 + RESERVED +CVE-2022-25341 + RESERVED +CVE-2022-25340 + RESERVED +CVE-2022-25339 + RESERVED +CVE-2022-25338 + RESERVED +CVE-2022-24914 + RESERVED +CVE-2022-24436 + RESERVED +CVE-2022-24378 + RESERVED +CVE-2022-24067 + RESERVED +CVE-2022-23403 + RESERVED +CVE-2022-23182 + RESERVED +CVE-2022-22139 + RESERVED +CVE-2022-21225 + RESERVED +CVE-2022-21198 + RESERVED +CVE-2022-21183 + RESERVED CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...) NOT-FOR-US: Ibexa CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...) @@ -235,8 +293,8 @@ CVE-2022-0649 RESERVED CVE-2022-25257 RESERVED -CVE-2022-25256 - RESERVED +CVE-2022-25256 (SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRend ...) + TODO: check CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...) - qt6-base <unfixed> - qtbase-opensource-src <unfixed> @@ -677,22 +735,22 @@ CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a he NOT-FOR-US: njs CVE-2022-25138 RESERVED -CVE-2022-25137 - RESERVED -CVE-2022-25136 - RESERVED -CVE-2022-25135 - RESERVED -CVE-2022-25134 - RESERVED -CVE-2022-25133 - RESERVED -CVE-2022-25132 - RESERVED -CVE-2022-25131 - RESERVED -CVE-2022-25130 - RESERVED +CVE-2022-25137 (A command injection vulnerability in the function recvSlaveUpgstatus o ...) + TODO: check +CVE-2022-25136 (A command injection vulnerability in the function meshSlaveUpdate of T ...) + TODO: check +CVE-2022-25135 (A command injection vulnerability in the function recv_mesh_info_sync ...) + TODO: check +CVE-2022-25134 (A command injection vulnerability in the function setUpgradeFW of TOTO ...) + TODO: check +CVE-2022-25133 (A command injection vulnerability in the function isAssocPriDevice of ...) + TODO: check +CVE-2022-25132 (A command injection vulnerability in the function meshSlaveDlfw of TOT ...) + TODO: check +CVE-2022-25131 (A command injection vulnerability in the function recvSlaveCloudCheckS ...) + TODO: check +CVE-2022-25130 (A command injection vulnerability in the function updateWifiInfo of TO ...) + TODO: check CVE-2022-25129 RESERVED CVE-2022-25128 @@ -1035,10 +1093,10 @@ CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 a NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to 22.2.0 ...) NOT-FOR-US: LibreNMS -CVE-2022-24980 - RESERVED -CVE-2022-24979 - RESERVED +CVE-2022-24980 (An issue was discovered in the Kitodo.Presentation (aka dif) extension ...) + TODO: check +CVE-2022-24979 (An issue was discovered in the Varnishcache extension before 2.0.1 for ...) + TODO: check CVE-2022-24978 RESERVED CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...) @@ -1089,8 +1147,8 @@ CVE-2022-24973 RESERVED CVE-2022-24972 RESERVED -CVE-2022-24971 - RESERVED +CVE-2022-24971 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check CVE-2022-24970 RESERVED CVE-2022-24969 @@ -1777,8 +1835,7 @@ CVE-2022-0545 RESERVED CVE-2022-0544 RESERVED -CVE-2022-0543 [sandbox escape] - RESERVED +CVE-2022-0543 (It was discovered, that redis, a persistent key-value database, due to ...) {DSA-5081-1} - redis <unfixed> (bug #1005787) NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce @@ -2536,40 +2593,40 @@ CVE-2022-24372 RESERVED CVE-2022-24371 RESERVED -CVE-2022-24370 - RESERVED -CVE-2022-24369 - RESERVED -CVE-2022-24368 - RESERVED -CVE-2022-24367 - RESERVED -CVE-2022-24366 - RESERVED -CVE-2022-24365 - RESERVED -CVE-2022-24364 - RESERVED -CVE-2022-24363 - RESERVED -CVE-2022-24362 - RESERVED -CVE-2022-24361 - RESERVED -CVE-2022-24360 - RESERVED -CVE-2022-24359 - RESERVED -CVE-2022-24358 - RESERVED -CVE-2022-24357 - RESERVED -CVE-2022-24356 - RESERVED -CVE-2022-24355 - RESERVED -CVE-2022-24354 - RESERVED +CVE-2022-24370 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2022-24369 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24368 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2022-24367 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24366 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24365 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24364 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24363 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24362 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24361 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24360 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24359 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24358 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24357 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24356 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24355 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check +CVE-2022-24354 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check CVE-2022-24353 RESERVED CVE-2022-24352 @@ -3341,8 +3398,8 @@ CVE-2022-24114 (Local privilege escalation due to race condition on application NOT-FOR-US: Acronis CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned to ch ...) NOT-FOR-US: Acronis -CVE-2022-0409 - RESERVED +CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist showdoc/s ...) + TODO: check CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) @@ -3478,65 +3535,61 @@ CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ... NOTE: https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 (v8.2.4233) CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...) NOT-FOR-US: Insyde -CVE-2022-24064 - RESERVED -CVE-2022-24063 - RESERVED -CVE-2022-24062 - RESERVED -CVE-2022-24061 - RESERVED -CVE-2022-24060 - RESERVED -CVE-2022-24059 - RESERVED -CVE-2022-24058 - RESERVED -CVE-2022-24057 - RESERVED -CVE-2022-24056 - RESERVED -CVE-2022-24055 - RESERVED +CVE-2022-24064 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24063 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24062 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24061 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2022-24060 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2022-24059 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24058 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24057 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24056 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24055 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check CVE-2022-24054 RESERVED CVE-2022-24053 RESERVED -CVE-2022-24052 - RESERVED +CVE-2022-24052 (This vulnerability allows local attackers to escalate privileges on af ...) - mariadb-10.6 <unfixed> - mariadb-10.5 <removed> - mariadb-10.3 <removed> NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/ -CVE-2022-24051 - RESERVED +CVE-2022-24051 (This vulnerability allows local attackers to escalate privileges on af ...) - mariadb-10.6 <unfixed> - mariadb-10.5 <removed> - mariadb-10.3 <removed> NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-318/ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/ -CVE-2022-24050 - RESERVED +CVE-2022-24050 (This vulnerability allows local attackers to escalate privileges on af ...) - mariadb-10.6 <unfixed> - mariadb-10.5 <removed> - mariadb-10.3 <removed> NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/ -CVE-2022-24049 - RESERVED -CVE-2022-24048 - RESERVED +CVE-2022-24049 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24048 (This vulnerability allows local attackers to escalate privileges on af ...) - mariadb-10.6 <unfixed> - mariadb-10.5 <removed> - mariadb-10.3 <removed> NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/ -CVE-2022-24047 - RESERVED -CVE-2022-24046 - RESERVED +CVE-2022-24047 (This vulnerability allows remote attackers to bypass authentication on ...) + TODO: check +CVE-2022-24046 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check CVE-2022-24045 RESERVED CVE-2022-24044 @@ -4653,24 +4706,24 @@ CVE-2022-23652 RESERVED CVE-2022-23651 RESERVED -CVE-2022-23650 - RESERVED -CVE-2022-23649 - RESERVED +CVE-2022-23650 (Netmaker is a platform for creating and managing virtual overlay netwo ...) + TODO: check +CVE-2022-23649 (Cosign provides container signing, verification, and storage in an OCI ...) + TODO: check CVE-2022-23648 RESERVED CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...) TODO: check CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...) TODO: check -CVE-2022-23645 - RESERVED +CVE-2022-23645 (swtpm is a libtpms-based TPM emulator with socket, character device, a ...) + TODO: check CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...) NOT-FOR-US: BookWyrm CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...) TODO: check -CVE-2022-23642 - RESERVED +CVE-2022-23642 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...) + TODO: check CVE-2022-23641 (Discourse is an open source discussion platform. In versions prior to ...) NOT-FOR-US: Discourse CVE-2022-23640 @@ -5807,8 +5860,8 @@ CVE-2022-23230 RESERVED CVE-2022-23229 RESERVED -CVE-2022-23228 - RESERVED +CVE-2022-23228 (Pexip Infinity before 27.0 has improper WebRTC input validation. An un ...) + TODO: check CVE-2022-23227 (NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to uploa ...) NOT-FOR-US: NUUO NVRmini2 CVE-2022-23226 |