From 04f8df032d56d9e0b16d04cc80a4c15532693061 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Sun, 20 Feb 2022 20:10:19 +0000 Subject: automatic update --- data/CVE/2016.list | 2 +- data/CVE/2021.list | 16 ++++++++-------- data/CVE/2022.list | 42 ++++++++++++++++++++++++++++-------------- 3 files changed, 37 insertions(+), 23 deletions(-) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 8a75a71ddd..d7e669870d 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -14745,7 +14745,7 @@ CVE-2016-1000103 REJECTED CVE-2016-1000102 REJECTED -CVE-2016-1000027 (Pivotal Spring Framework 4.1.4 suffers from a potential remote code ex ...) +CVE-2016-1000027 (Pivotal Spring Framework through 5.3.16 suffers from a potential remot ...) - libspring-java 4.2.7-1 (unimportant) NOTE: https://www.tenable.com/security/research/tra-2016-20 NOTE: This is not a vulnerability in Spring itself, just how applications are using it diff --git a/data/CVE/2021.list b/data/CVE/2021.list index f77420f909..6a355340cd 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -4161,12 +4161,12 @@ CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x b NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 CVE-2021-45084 RESERVED -CVE-2021-45083 - RESERVED -CVE-2021-45082 (An issue was discovered in Cobbler through 3.3.0. In the templar.py fi ...) +CVE-2021-45083 (An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler ...) + TODO: check +CVE-2021-45082 (An issue was discovered in Cobbler before 3.3.1. In the templar.py fil ...) - cobbler -CVE-2021-45081 - RESERVED +CVE-2021-45081 (An issue was discovered in Cobbler through 3.3.1. Routines in several ...) + TODO: check CVE-2021-45080 RESERVED CVE-2021-45079 (In strongSwan before 5.9.5, a malicious responder can send an EAP-Succ ...) @@ -4418,8 +4418,8 @@ CVE-2021-45009 RESERVED CVE-2021-45008 RESERVED -CVE-2021-45007 - RESERVED +CVE-2021-45007 (Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulne ...) + TODO: check CVE-2021-45006 RESERVED CVE-2021-45005 (Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow w ...) @@ -8282,7 +8282,7 @@ CVE-2021-43574 (** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail - atmailopen CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices before 2 ...) NOT-FOR-US: Realtek -CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (ecdsa-pyth ...) +CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (aka starkb ...) NOT-FOR-US: Stark bank libraries CVE-2021-43571 (The verify function in the Stark Bank Node.js ECDSA library (ecdsa-nod ...) NOT-FOR-US: Stark bank libraries diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 626e4a9b6d..ef4fdecf37 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,17 @@ +CVE-2022-25371 + RESERVED +CVE-2022-25370 + RESERVED +CVE-2022-25355 + RESERVED +CVE-2022-0694 + RESERVED +CVE-2022-0693 + RESERVED +CVE-2022-0692 + RESERVED +CVE-2022-0691 + RESERVED CVE-2022-25369 RESERVED CVE-2022-25368 @@ -6,14 +20,14 @@ CVE-2022-0690 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/mi NOT-FOR-US: microweber CVE-2022-0689 (Use multiple time the one-time coupon in Packagist microweber/microweb ...) NOT-FOR-US: microweber -CVE-2022-0688 - RESERVED +CVE-2022-0688 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...) + TODO: check CVE-2022-0687 RESERVED -CVE-2022-0686 - RESERVED -CVE-2022-0685 - RESERVED +CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) + TODO: check +CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) + TODO: check CVE-2022-0684 RESERVED CVE-2022-25367 @@ -4211,8 +4225,8 @@ CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ... NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/ NOTE: Document best practices for security: https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa NOTE: loguru documents security considerations and best practices to follow -CVE-2022-23848 - RESERVED +CVE-2022-23848 (In Alluxio before 2.7.3, the logserver does not validate the input str ...) + TODO: check CVE-2022-23847 RESERVED CVE-2022-23846 @@ -6440,10 +6454,10 @@ CVE-2022-23056 RESERVED CVE-2022-23055 RESERVED -CVE-2022-23054 - RESERVED -CVE-2022-23053 - RESERVED +CVE-2022-23054 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...) + TODO: check +CVE-2022-23053 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...) + TODO: check CVE-2022-23052 RESERVED CVE-2022-23051 @@ -9005,8 +9019,8 @@ CVE-2022-22128 RESERVED CVE-2022-22127 RESERVED -CVE-2022-22126 - RESERVED +CVE-2022-22126 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...) + TODO: check CVE-2022-22125 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...) NOT-FOR-US: Halo CVE-2022-22124 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...) -- cgit v1.2.3