From 235f0bffb9d5712463b04197c32742098a5308f2 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 4 Jan 2022 20:10:21 +0000 Subject: automatic update --- data/CVE/2020.list | 2 +- data/CVE/2021.list | 181 ++++++++++++++++++++++++++++++------------------- data/CVE/2022.list | 196 ++++++++++++++++++++++++++++++++++++++++++++++------- 3 files changed, 284 insertions(+), 95 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index fd5798e971..b74e2f07d6 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -44656,7 +44656,7 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d NOTE: The original CVE-2020-1957 adressed in 1.5.2 introduced an encoding issue NOTE: which can (security wise) be exploited, resulting in a 1.5.3 release. This NOTE: CVE is closely related to CVE-2020-1957. -CVE-2020-11988 (Apache XmlGraphics Commons 2.4 is vulnerable to server-side request fo ...) +CVE-2020-11988 (Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-sid ...) - xmlgraphics-commons 2.4-2 (bug #984949) [bullseye] - xmlgraphics-commons 2.4-2~deb11u1 [buster] - xmlgraphics-commons 2.3-1+deb10u1 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index db502d438d..897af52c5f 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,47 @@ +CVE-2021-46140 + RESERVED +CVE-2021-46139 + RESERVED +CVE-2021-46138 + RESERVED +CVE-2021-46137 + RESERVED +CVE-2021-46136 + RESERVED +CVE-2021-46135 + RESERVED +CVE-2021-46134 + RESERVED +CVE-2021-46133 + RESERVED +CVE-2021-46132 + RESERVED +CVE-2021-46131 + RESERVED +CVE-2021-45722 + RESERVED +CVE-2021-45110 + RESERVED +CVE-2021-45073 + RESERVED +CVE-2021-44778 + RESERVED +CVE-2021-44468 + RESERVED +CVE-2021-44456 + RESERVED +CVE-2021-44452 + RESERVED +CVE-2021-43352 + RESERVED +CVE-2021-4199 + RESERVED +CVE-2021-4198 + RESERVED +CVE-2021-31564 + RESERVED +CVE-2021-23229 + RESERVED CVE-2021-46130 RESERVED CVE-2021-46129 @@ -309,12 +353,12 @@ CVE-2021-45982 RESERVED CVE-2021-45981 RESERVED -CVE-2021-45980 - RESERVED -CVE-2021-45979 - RESERVED -CVE-2021-45978 - RESERVED +CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) + TODO: check +CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) + TODO: check +CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) + TODO: check CVE-2021-45977 RESERVED CVE-2021-45976 @@ -564,10 +608,10 @@ CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...) - mruby (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28 NOTE: Fixed by: https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8 -CVE-2021-45913 - RESERVED -CVE-2021-45912 - RESERVED +CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2. ...) + TODO: check +CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...) + TODO: check CVE-2021-44775 RESERVED CVE-2021-44465 @@ -1842,8 +1886,8 @@ CVE-2021-45391 RESERVED CVE-2021-45390 RESERVED -CVE-2021-45389 - RESERVED +CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Build 68 ...) + TODO: check CVE-2021-45388 RESERVED CVE-2021-45387 @@ -2492,7 +2536,7 @@ CVE-2021-4127 RESERVED CVE-2021-4126 RESERVED - {DSA-5034-1} + {DSA-5034-1 DLA-2874-1} - thunderbird 1:91.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126 CVE-2021-26264 @@ -3367,6 +3411,7 @@ CVE-2021-44792 CVE-2021-44791 RESERVED CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in the mo ...) + {DSA-5035-1} - apache2 2.4.52-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790 NOTE: Fixed by: https://svn.apache.org/r1896039 @@ -4062,7 +4107,7 @@ CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) CVE-2021-44539 RESERVED CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 is vul ...) - {DSA-5034-1} + {DSA-5034-1 DLA-2874-1} - element-web (bug #866502) - olm 3.2.8~dfsg-1 (bug #1001664) [buster] - olm (Vulnerable code introduced later) @@ -4833,6 +4878,7 @@ CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficien NOTE: https://github.com/acassen/keepalived/pull/2063 NOTE: https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d CVE-2021-44224 (A crafted URI sent to httpd configured as a forward proxy (ProxyReques ...) + {DSA-5035-1} - apache2 2.4.52-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44224 NOTE: Fixed by: https://svn.apache.org/r1895955 @@ -4981,8 +5027,8 @@ CVE-2021-44170 RESERVED CVE-2021-44169 RESERVED -CVE-2021-44168 - RESERVED +CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...) + TODO: check CVE-2021-44167 RESERVED CVE-2021-44166 @@ -6117,8 +6163,8 @@ CVE-2021-43713 RESERVED CVE-2021-43712 RESERVED -CVE-2021-43711 - RESERVED +CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B2020 ...) + TODO: check CVE-2021-43710 RESERVED CVE-2021-43709 @@ -6530,7 +6576,7 @@ CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 re CVE-2021-43547 RESERVED CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6538,7 +6584,7 @@ CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks aga NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546 CVE-2021-43545 (Using the Location API in a loop could have caused severe application ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6549,7 +6595,7 @@ CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have s - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544 CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escaped the ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6557,7 +6603,7 @@ CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escap NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543 CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installed appl ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6565,7 +6611,7 @@ CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installe NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542 CVE-2021-43541 (When invoking protocol handlers for external protocols, a supplied par ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6576,7 +6622,7 @@ CVE-2021-43540 (WebExtensions with the correct permissions were able to create a - firefox 95.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540 CVE-2021-43539 (Failure to correctly record the location of live pointers across wasm ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6584,7 +6630,7 @@ CVE-2021-43539 (Failure to correctly record the location of live pointers across NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539 CVE-2021-43538 (By misusing a race in our notification code, an attacker could have fo ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6592,7 +6638,7 @@ CVE-2021-43538 (By misusing a race in our notification code, an attacker could h NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538 CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit integers all ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6600,7 +6646,7 @@ CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit intege NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537 CVE-2021-43536 (Under certain circumstances, asynchronous functions could have caused ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6608,7 +6654,7 @@ CVE-2021-43536 (Under certain circumstances, asynchronous functions could have c NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536 CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object was r ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 93.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -6616,7 +6662,7 @@ CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535 CVE-2021-43534 (Mozilla developers and community members reported memory safety bugs p ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -6637,12 +6683,12 @@ CVE-2021-43530 (A Universal XSS vulnerability was present in Firefox for Android NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43530 CVE-2021-43529 RESERVED - {DSA-5034-1} + {DSA-5034-1 DLA-2874-1} - thunderbird 1:91.3.0-1 NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1738501 CVE-2021-43528 (Thunderbird unexpectedly enabled JavaScript in the composition area. T ...) - {DSA-5034-1} + {DSA-5034-1 DLA-2874-1} - thunderbird 1:91.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43528 CVE-2021-43527 (NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR a ...) @@ -7080,7 +7126,7 @@ CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allow NOT-FOR-US: Sunnet eHRD CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...) NOT-FOR-US: Sunnet eHRD -CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...) +CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...) - vim 2:8.2.3995-1 [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd @@ -10617,8 +10663,8 @@ CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dan NOT-FOR-US: firefly-iii CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and Worry-Free Bu ...) NOT-FOR-US: Trend Micro -CVE-2021-3845 - RESERVED +CVE-2021-3845 (ws-scrcpy is vulnerable to External Control of File Name or Path ...) + TODO: check CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...) NOT-FOR-US: Apache OpenOffice CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of signed d ...) @@ -10629,8 +10675,8 @@ CVE-2021-3844 RESERVED CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM in some ...) NOT-FOR-US: Lenovo -CVE-2021-3842 - RESERVED +CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity ...) + TODO: check CVE-2021-3841 RESERVED CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the ...) @@ -10754,8 +10800,8 @@ CVE-2021-41791 (An issue was discovered in Hyland org.alfresco:share through 7.0 NOT-FOR-US: Hyland org.alfresco:share and Hyland org.alfresco:community-share CVE-2021-41790 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...) NOT-FOR-US: Hyland org.alfresco:alfresco-content-services -CVE-2021-41789 - RESERVED +CVE-2021-41789 (In wifi driver, there is a possible system crash due to a missing vali ...) + TODO: check CVE-2021-41788 (MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and ...) NOT-FOR-US: Netgear CVE-2021-3840 (A dependency confusion vulnerability was reported in the Antilles open ...) @@ -12059,8 +12105,8 @@ CVE-2021-41238 (Hangfire is an open source system to perform background job proc NOT-FOR-US: Hangfire CVE-2021-41237 RESERVED -CVE-2021-41236 - RESERVED +CVE-2021-41236 (OroPlatform is a PHP Business Application Platform. In affected versio ...) + TODO: check CVE-2021-41235 RESERVED CVE-2021-41234 @@ -12298,8 +12344,8 @@ CVE-2021-41143 RESERVED CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) NOT-FOR-US: Tuleap -CVE-2021-41141 - RESERVED +CVE-2021-41141 (PJSIP is a free and open source multimedia communication library writt ...) + TODO: check CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform that allows ...) NOT-FOR-US: Discourse plugin CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) @@ -13768,8 +13814,7 @@ CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the NOT-FOR-US: "com.onepeloton.erlich" mobile application CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...) NOT-FOR-US: Peleton -CVE-2021-40525 - RESERVED +CVE-2021-40525 (Apache James ManagedSieve implementation alongside with the file stora ...) NOT-FOR-US: Apache James CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: showdoc @@ -14717,8 +14762,8 @@ CVE-2021-40150 RESERVED CVE-2021-40149 RESERVED -CVE-2021-40148 - RESERVED +CVE-2021-40148 (In Modem EMM, there is a possible information disclosure due to a miss ...) + TODO: check CVE-2021-3743 RESERVED {DSA-4978-1 DLA-2785-1} @@ -14849,11 +14894,9 @@ CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface o NOT-FOR-US: Cisco CVE-2021-40112 (Multiple vulnerabilities in the web-based management interface of the ...) NOT-FOR-US: Cisco -CVE-2021-40111 - RESERVED +CVE-2021-40111 (In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we ...) NOT-FOR-US: Apache James -CVE-2021-40110 - RESERVED +CVE-2021-40110 (In Apache James, using Jazzer fuzzer, we identified that an IMAP user ...) NOT-FOR-US: Apache James CVE-2021-40109 (A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can a ...) NOT-FOR-US: Concrete CMS @@ -17224,8 +17267,8 @@ CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh NOTE: https://x-stream.github.io/CVE-2021-39144.html -CVE-2021-39143 - RESERVED +CVE-2021-39143 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...) + TODO: check CVE-2021-39142 RESERVED CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...) @@ -18545,8 +18588,7 @@ CVE-2021-38544 (Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remo NOT-FOR-US: Sony SRS-XB33 and SRS-XB43 devices CVE-2021-38543 (TP-Link UE330 USB splitter devices through 2021-08-09, in certain spec ...) NOT-FOR-US: TP-Link -CVE-2021-38542 - RESERVED +CVE-2021-38542 (Apache James prior to release 3.6.1 is vulnerable to a buffering attac ...) NOT-FOR-US: Apache James CVE-2021-38541 RESERVED @@ -18624,7 +18666,7 @@ CVE-2021-38510 (The executable file warning was not presented when downloading . NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510 CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Javascript ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -18632,7 +18674,7 @@ CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Java NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509 CVE-2021-38508 (By displaying a form validity message in the correct location at the s ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -18640,7 +18682,7 @@ CVE-2021-38508 (By displaying a form validity message in the correct location at NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508 CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -18648,7 +18690,7 @@ CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507 CVE-2021-38506 (Through a series of navigations, Firefox could have entered fullscreen ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -18663,7 +18705,7 @@ CVE-2021-38505 (Microsoft introduced a new feature in Windows 10 known as Cloud NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505 CVE-2021-38504 (When interacting with an HTML input element's file picker dialog with ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -18671,7 +18713,7 @@ CVE-2021-38504 (When interacting with an HTML input element's file picker dialog NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504 CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT stylesheet ...) - {DSA-5034-1 DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -18679,7 +18721,7 @@ CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT styl NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38503 CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS security for ...) - {DSA-5034-1} + {DSA-5034-1 DLA-2874-1} [experimental] - thunderbird 1:91.2.0-1 - thunderbird 1:91.2.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502 @@ -18691,7 +18733,7 @@ CVE-2021-38501 (Mozilla developers reported memory safety bugs present in Firefo NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501 CVE-2021-38500 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...) - {DSA-5034-1 DSA-4981-1 DLA-2782-1} + {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1} - firefox 93.0-1 - firefox-esr 91.2.0esr-1 [experimental] - thunderbird 1:91.2.0-1 @@ -18719,7 +18761,7 @@ CVE-2021-38497 (Through use of reportValidity() and window.open(), a plain-text NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497 CVE-2021-38496 (During operations on MessageTasks, a task may have been removed while ...) - {DSA-5034-1 DSA-4981-1 DLA-2782-1} + {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1} - firefox 93.0-1 - firefox-esr 91.2.0esr-1 [experimental] - thunderbird 1:91.2.0-1 @@ -25774,7 +25816,7 @@ CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an authentic NOT-FOR-US: Wowza Streaming Engine CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming E ...) NOT-FOR-US: Wowza Streaming Engine -CVE-2021-35490 (Thruk 2.40-2 allows stored XSS. ...) +CVE-2021-35490 (Thruk before 2.44 allows XSS for a quick command. ...) NOT-FOR-US: Thruk CVE-2021-35489 (Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTN ...) NOT-FOR-US: Thruk @@ -27322,8 +27364,7 @@ CVE-2021-34798 (Malformed requests may cause the server to dereference a NULL po NOTE: https://github.com/apache/httpd/commit/fa7b2a5250e54363b3a6c8ac3aaa7de4e8da9b2e (candidate-2.4.49-rc1) CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...) NOT-FOR-US: Secure 8 (Evalos) -CVE-2021-34797 - RESERVED +CVE-2021-34797 (Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log ...) NOT-FOR-US: Apache Geode CVE-2021-34796 RESERVED @@ -34549,8 +34590,8 @@ CVE-2021-31835 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrato NOT-FOR-US: McAfee CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrat ...) NOT-FOR-US: McAfee -CVE-2021-31833 - RESERVED +CVE-2021-31833 (Potential product security bypass vulnerability in McAfee Application ...) + TODO: check CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator extension fo ...) NOT-FOR-US: McAfee CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee Database S ...) @@ -53426,8 +53467,8 @@ CVE-2021-24044 RESERVED CVE-2021-24043 RESERVED -CVE-2021-24042 - RESERVED +CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp ...) + TODO: check CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...) TODO: check CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index d214ebf1b0..b1db173140 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,151 @@ +CVE-2022-22567 + RESERVED +CVE-2022-22566 + RESERVED +CVE-2022-22565 + RESERVED +CVE-2022-22564 + RESERVED +CVE-2022-22563 + RESERVED +CVE-2022-22562 + RESERVED +CVE-2022-22561 + RESERVED +CVE-2022-22560 + RESERVED +CVE-2022-22559 + RESERVED +CVE-2022-22558 + RESERVED +CVE-2022-22557 + RESERVED +CVE-2022-22556 + RESERVED +CVE-2022-22555 + RESERVED +CVE-2022-22554 + RESERVED +CVE-2022-22553 + RESERVED +CVE-2022-22552 + RESERVED +CVE-2022-22551 + RESERVED +CVE-2022-22550 + RESERVED +CVE-2022-22549 + RESERVED +CVE-2022-22548 + RESERVED +CVE-2022-22547 + RESERVED +CVE-2022-22546 + RESERVED +CVE-2022-22545 + RESERVED +CVE-2022-22544 + RESERVED +CVE-2022-22543 + RESERVED +CVE-2022-22542 + RESERVED +CVE-2022-22541 + RESERVED +CVE-2022-22540 + RESERVED +CVE-2022-22539 + RESERVED +CVE-2022-22538 + RESERVED +CVE-2022-22537 + RESERVED +CVE-2022-22536 + RESERVED +CVE-2022-22535 + RESERVED +CVE-2022-22534 + RESERVED +CVE-2022-22533 + RESERVED +CVE-2022-22532 + RESERVED +CVE-2022-22531 + RESERVED +CVE-2022-22530 + RESERVED +CVE-2022-22529 + RESERVED +CVE-2022-22528 + RESERVED +CVE-2022-22527 + RESERVED +CVE-2022-0120 + RESERVED +CVE-2022-0119 + RESERVED +CVE-2022-0118 + RESERVED +CVE-2022-0117 + RESERVED +CVE-2022-0116 + RESERVED +CVE-2022-0115 + RESERVED +CVE-2022-0114 + RESERVED +CVE-2022-0113 + RESERVED +CVE-2022-0112 + RESERVED +CVE-2022-0111 + RESERVED +CVE-2022-0110 + RESERVED +CVE-2022-0109 + RESERVED +CVE-2022-0108 + RESERVED +CVE-2022-0107 + RESERVED +CVE-2022-0106 + RESERVED +CVE-2022-0105 + RESERVED +CVE-2022-0104 + RESERVED +CVE-2022-0103 + RESERVED +CVE-2022-0102 + RESERVED +CVE-2022-0101 + RESERVED +CVE-2022-0100 + RESERVED +CVE-2022-0099 + RESERVED +CVE-2022-0098 + RESERVED +CVE-2022-0097 + RESERVED +CVE-2022-0096 + RESERVED +CVE-2022-0095 + RESERVED +CVE-2022-0094 + RESERVED +CVE-2022-0093 + RESERVED +CVE-2022-0092 + RESERVED +CVE-2022-0091 + RESERVED +CVE-2022-0090 + RESERVED +CVE-2022-0089 + RESERVED +CVE-2022-0088 + RESERVED CVE-2022-22526 RESERVED CVE-2022-22525 @@ -466,8 +614,8 @@ CVE-2022-22295 RESERVED CVE-2022-22294 RESERVED -CVE-2022-0086 - RESERVED +CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...) + TODO: check CVE-2022-0085 RESERVED CVE-2022-0084 @@ -4982,30 +5130,30 @@ CVE-2022-20025 RESERVED CVE-2022-20024 RESERVED -CVE-2022-20023 - RESERVED -CVE-2022-20022 - RESERVED -CVE-2022-20021 - RESERVED -CVE-2022-20020 - RESERVED -CVE-2022-20019 - RESERVED -CVE-2022-20018 - RESERVED +CVE-2022-20023 (In Bluetooth, there is a possible application crash due to bluetooth f ...) + TODO: check +CVE-2022-20022 (In Bluetooth, there is a possible link disconnection due to bluetooth ...) + TODO: check +CVE-2022-20021 (In Bluetooth, there is a possible application crash due to bluetooth d ...) + TODO: check +CVE-2022-20020 (In libvcodecdrv, there is a possible information disclosure due to a m ...) + TODO: check +CVE-2022-20019 (In libMtkOmxGsmDec, there is a possible information disclosure due to ...) + TODO: check +CVE-2022-20018 (In seninf driver, there is a possible information disclosure due to un ...) + TODO: check CVE-2022-20017 RESERVED -CVE-2022-20016 - RESERVED -CVE-2022-20015 - RESERVED -CVE-2022-20014 - RESERVED -CVE-2022-20013 - RESERVED -CVE-2022-20012 - RESERVED +CVE-2022-20016 (In vow driver, there is a possible memory corruption due to improper l ...) + TODO: check +CVE-2022-20015 (In kd_camera_hw driver, there is a possible information disclosure due ...) + TODO: check +CVE-2022-20014 (In vow driver, there is a possible memory corruption due to improper i ...) + TODO: check +CVE-2022-20013 (In vow driver, there is a possible memory corruption due to a race con ...) + TODO: check +CVE-2022-20012 (In mdp driver, there is a possible memory corruption due to an integer ...) + TODO: check CVE-2022-20011 RESERVED CVE-2022-20010 -- cgit v1.2.3