From 35c439eff859bf79f06cc32b6895e1845d910eaa Mon Sep 17 00:00:00 2001 From: security tracker role Date: Sat, 19 Feb 2022 08:10:16 +0000 Subject: automatic update --- data/CVE/2016.list | 2 + data/CVE/2017.list | 3 +- data/CVE/2021.list | 424 ++++++++++++++++++++++++++--------------------------- data/CVE/2022.list | 265 +++++++++++++++++++-------------- 4 files changed, 374 insertions(+), 320 deletions(-) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 147ae0a1e5..0195236e5c 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,3 +1,5 @@ +CVE-2016-20013 (sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...) + TODO: check CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...) - openssh (unimportant) NOTE: https://github.com/openssh/openssh-portable/pull/270 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 9ebbf9e129..dcb1defe6c 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -51097,8 +51097,7 @@ CVE-2017-0372 (Parameters injection in the SyntaxHighlight extension of Mediawik NOTE: https://phabricator.wikimedia.org/T158689 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html -CVE-2017-0371 - RESERVED +CVE-2017-0371 (MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.2 ...) - mediawiki 1:1.27.2-1 [wheezy] - mediawiki (Not supported in Wheezy LTS) NOTE: https://phabricator.wikimedia.org/T140591 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index b1a47ad899..ee07b82abe 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -135,196 +135,196 @@ CVE-2021-4217 [Null pointer dereference in Unicode strings code] NOTE: Crash in CLI tool, no security impact CVE-2021-4216 RESERVED -CVE-2021-46656 - RESERVED -CVE-2021-46655 - RESERVED -CVE-2021-46654 - RESERVED -CVE-2021-46653 - RESERVED -CVE-2021-46652 - RESERVED -CVE-2021-46651 - RESERVED -CVE-2021-46650 - RESERVED -CVE-2021-46649 - RESERVED -CVE-2021-46648 - RESERVED -CVE-2021-46647 - RESERVED -CVE-2021-46646 - RESERVED -CVE-2021-46645 - RESERVED -CVE-2021-46644 - RESERVED -CVE-2021-46643 - RESERVED -CVE-2021-46642 - RESERVED -CVE-2021-46641 - RESERVED -CVE-2021-46640 - RESERVED -CVE-2021-46639 - RESERVED -CVE-2021-46638 - RESERVED -CVE-2021-46637 - RESERVED -CVE-2021-46636 - RESERVED -CVE-2021-46635 - RESERVED -CVE-2021-46634 - RESERVED -CVE-2021-46633 - RESERVED -CVE-2021-46632 - RESERVED -CVE-2021-46631 - RESERVED -CVE-2021-46630 - RESERVED -CVE-2021-46629 - RESERVED -CVE-2021-46628 - RESERVED -CVE-2021-46627 - RESERVED -CVE-2021-46626 - RESERVED -CVE-2021-46625 - RESERVED -CVE-2021-46624 - RESERVED -CVE-2021-46623 - RESERVED -CVE-2021-46622 - RESERVED -CVE-2021-46621 - RESERVED -CVE-2021-46620 - RESERVED -CVE-2021-46619 - RESERVED -CVE-2021-46618 - RESERVED -CVE-2021-46617 - RESERVED -CVE-2021-46616 - RESERVED -CVE-2021-46615 - RESERVED -CVE-2021-46614 - RESERVED -CVE-2021-46613 - RESERVED -CVE-2021-46612 - RESERVED -CVE-2021-46611 - RESERVED -CVE-2021-46610 - RESERVED -CVE-2021-46609 - RESERVED -CVE-2021-46608 - RESERVED -CVE-2021-46607 - RESERVED -CVE-2021-46606 - RESERVED -CVE-2021-46605 - RESERVED -CVE-2021-46604 - RESERVED -CVE-2021-46603 - RESERVED -CVE-2021-46602 - RESERVED -CVE-2021-46601 - RESERVED -CVE-2021-46600 - RESERVED -CVE-2021-46599 - RESERVED -CVE-2021-46598 - RESERVED -CVE-2021-46597 - RESERVED -CVE-2021-46596 - RESERVED -CVE-2021-46595 - RESERVED -CVE-2021-46594 - RESERVED -CVE-2021-46593 - RESERVED -CVE-2021-46592 - RESERVED -CVE-2021-46591 - RESERVED -CVE-2021-46590 - RESERVED -CVE-2021-46589 - RESERVED -CVE-2021-46588 - RESERVED -CVE-2021-46587 - RESERVED -CVE-2021-46586 - RESERVED -CVE-2021-46585 - RESERVED -CVE-2021-46584 - RESERVED -CVE-2021-46583 - RESERVED -CVE-2021-46582 - RESERVED -CVE-2021-46581 - RESERVED -CVE-2021-46580 - RESERVED -CVE-2021-46579 - RESERVED -CVE-2021-46578 - RESERVED -CVE-2021-46577 - RESERVED -CVE-2021-46576 - RESERVED -CVE-2021-46575 - RESERVED -CVE-2021-46574 - RESERVED -CVE-2021-46573 - RESERVED -CVE-2021-46572 - RESERVED -CVE-2021-46571 - RESERVED -CVE-2021-46570 - RESERVED -CVE-2021-46569 - RESERVED -CVE-2021-46568 - RESERVED -CVE-2021-46567 - RESERVED -CVE-2021-46566 - RESERVED -CVE-2021-46565 - RESERVED -CVE-2021-46564 - RESERVED -CVE-2021-46563 - RESERVED -CVE-2021-46562 - RESERVED +CVE-2021-46656 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46655 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46654 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46653 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46652 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46651 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46650 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46649 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46648 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46647 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46646 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46645 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46644 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46643 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46642 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46641 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46640 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46639 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46638 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46637 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46636 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46635 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46634 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46633 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46632 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46631 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46630 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46629 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46628 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46627 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46626 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46625 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46624 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46623 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46622 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46621 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46620 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46619 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46618 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46617 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46616 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46615 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46614 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46613 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46612 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46611 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46610 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46609 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46608 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46607 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46606 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46605 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46604 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46603 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46602 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46601 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46600 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46599 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46598 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46597 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46596 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46595 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46594 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46593 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46592 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46591 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46590 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46589 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46588 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46587 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46586 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46585 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46584 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46583 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46582 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46581 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46580 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46579 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46578 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46577 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46576 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46575 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46574 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46573 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46572 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46571 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46570 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-46569 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46568 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46567 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46566 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46565 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46564 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46563 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-46562 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...) NOT-FOR-US: controller/org.controller/org.controller.js in the CVE Services API CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...) @@ -1400,8 +1400,8 @@ CVE-2021-46112 RESERVED CVE-2021-46111 RESERVED -CVE-2021-46110 - RESERVED +CVE-2021-46110 (Online Shopping Portal v3.1 was discovered to contain multiple time-ba ...) + TODO: check CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...) NOT-FOR-US: ASUS CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the username parame ...) @@ -1460,8 +1460,8 @@ CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting ( NOT-FOR-US: uscat CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...) NOT-FOR-US: uscat -CVE-2021-46082 - RESERVED +CVE-2021-46082 (Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gate ...) + TODO: check CVE-2021-46081 RESERVED CVE-2021-46080 (A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Se ...) @@ -1498,10 +1498,10 @@ CVE-2021-46065 (A Cross-site scripting (XSS) vulnerability in Secondary Email Fi NOT-FOR-US: Zoho ManageEngine CVE-2021-46064 RESERVED -CVE-2021-46063 - RESERVED -CVE-2021-46062 - RESERVED +CVE-2021-46063 (MCMS v5.2.5 was discovered to contain a Server Side Template Injection ...) + TODO: check +CVE-2021-46062 (MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulne ...) + TODO: check CVE-2021-46061 (An SQL Injection vulnerability exists in Sourcecodester Computer and M ...) NOT-FOR-US: Sourcecodester CVE-2021-46060 @@ -4153,8 +4153,8 @@ CVE-2021-45084 RESERVED CVE-2021-45083 RESERVED -CVE-2021-45082 - RESERVED +CVE-2021-45082 (An issue was discovered in Cobbler through 3.3.0. In the templar.py fi ...) + TODO: check CVE-2021-45081 RESERVED CVE-2021-45080 @@ -6310,8 +6310,8 @@ CVE-2021-44304 RESERVED CVE-2021-44303 RESERVED -CVE-2021-44302 - RESERVED +CVE-2021-44302 (BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection v ...) + TODO: check CVE-2021-44301 RESERVED CVE-2021-44300 @@ -14937,10 +14937,10 @@ CVE-2021-40843 (Proofpoint Insider Threat Management Server contains an unsafe d NOT-FOR-US: Proofpoint CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL injection v ...) NOT-FOR-US: Proofpoint -CVE-2021-40841 - RESERVED -CVE-2021-40840 - RESERVED +CVE-2021-40841 (A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 all ...) + TODO: check +CVE-2021-40840 (A Stored XSS issue exists in the admin/users user administration form ...) + TODO: check CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...) - python-rencode 1.0.6-2 [bullseye] - python-rencode (Minor issue) @@ -42396,10 +42396,10 @@ CVE-2021-29657 (arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/a58d9166a756a0f4a6618e4f593232593d6df134 NOTE: https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html -CVE-2021-29656 - RESERVED -CVE-2021-29655 - RESERVED +CVE-2021-29656 (Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validat ...) + TODO: check +CVE-2021-29655 (Pexip Infinity Connect before 1.8.0 omits certain provisioning authent ...) + TODO: check CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data ( ...) NOT-FOR-US: AjaxSearchPro CVE-2021-29653 (HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain ci ...) @@ -56715,8 +56715,8 @@ CVE-2021-23704 RESERVED CVE-2021-23703 RESERVED -CVE-2021-23702 - RESERVED +CVE-2021-23702 (The package object-extend from 0.0.0 are vulnerable to Prototype Pollu ...) + TODO: check CVE-2021-23701 RESERVED CVE-2021-23700 (All versions of package merge-deep2 are vulnerable to Prototype Pollut ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 4f2926b45c..091e69ca33 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,61 @@ +CVE-2022-25367 + RESERVED +CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, although it ...) + TODO: check +CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to move arbitr ...) + TODO: check +CVE-2022-25364 + RESERVED +CVE-2022-25363 + RESERVED +CVE-2022-25362 + RESERVED +CVE-2022-25361 + RESERVED +CVE-2022-25360 + RESERVED +CVE-2022-25359 + RESERVED +CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler of awf ...) + TODO: check +CVE-2022-25357 + RESERVED +CVE-2022-25356 + RESERVED +CVE-2022-25344 + RESERVED +CVE-2022-25343 + RESERVED +CVE-2022-25342 + RESERVED +CVE-2022-25341 + RESERVED +CVE-2022-25340 + RESERVED +CVE-2022-25339 + RESERVED +CVE-2022-25338 + RESERVED +CVE-2022-24914 + RESERVED +CVE-2022-24436 + RESERVED +CVE-2022-24378 + RESERVED +CVE-2022-24067 + RESERVED +CVE-2022-23403 + RESERVED +CVE-2022-23182 + RESERVED +CVE-2022-22139 + RESERVED +CVE-2022-21225 + RESERVED +CVE-2022-21198 + RESERVED +CVE-2022-21183 + RESERVED CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...) NOT-FOR-US: Ibexa CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...) @@ -235,8 +293,8 @@ CVE-2022-0649 RESERVED CVE-2022-25257 RESERVED -CVE-2022-25256 - RESERVED +CVE-2022-25256 (SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRend ...) + TODO: check CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...) - qt6-base - qtbase-opensource-src @@ -677,22 +735,22 @@ CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a he NOT-FOR-US: njs CVE-2022-25138 RESERVED -CVE-2022-25137 - RESERVED -CVE-2022-25136 - RESERVED -CVE-2022-25135 - RESERVED -CVE-2022-25134 - RESERVED -CVE-2022-25133 - RESERVED -CVE-2022-25132 - RESERVED -CVE-2022-25131 - RESERVED -CVE-2022-25130 - RESERVED +CVE-2022-25137 (A command injection vulnerability in the function recvSlaveUpgstatus o ...) + TODO: check +CVE-2022-25136 (A command injection vulnerability in the function meshSlaveUpdate of T ...) + TODO: check +CVE-2022-25135 (A command injection vulnerability in the function recv_mesh_info_sync ...) + TODO: check +CVE-2022-25134 (A command injection vulnerability in the function setUpgradeFW of TOTO ...) + TODO: check +CVE-2022-25133 (A command injection vulnerability in the function isAssocPriDevice of ...) + TODO: check +CVE-2022-25132 (A command injection vulnerability in the function meshSlaveDlfw of TOT ...) + TODO: check +CVE-2022-25131 (A command injection vulnerability in the function recvSlaveCloudCheckS ...) + TODO: check +CVE-2022-25130 (A command injection vulnerability in the function updateWifiInfo of TO ...) + TODO: check CVE-2022-25129 RESERVED CVE-2022-25128 @@ -1035,10 +1093,10 @@ CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 a NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to 22.2.0 ...) NOT-FOR-US: LibreNMS -CVE-2022-24980 - RESERVED -CVE-2022-24979 - RESERVED +CVE-2022-24980 (An issue was discovered in the Kitodo.Presentation (aka dif) extension ...) + TODO: check +CVE-2022-24979 (An issue was discovered in the Varnishcache extension before 2.0.1 for ...) + TODO: check CVE-2022-24978 RESERVED CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...) @@ -1089,8 +1147,8 @@ CVE-2022-24973 RESERVED CVE-2022-24972 RESERVED -CVE-2022-24971 - RESERVED +CVE-2022-24971 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check CVE-2022-24970 RESERVED CVE-2022-24969 @@ -1777,8 +1835,7 @@ CVE-2022-0545 RESERVED CVE-2022-0544 RESERVED -CVE-2022-0543 [sandbox escape] - RESERVED +CVE-2022-0543 (It was discovered, that redis, a persistent key-value database, due to ...) {DSA-5081-1} - redis (bug #1005787) NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce @@ -2536,40 +2593,40 @@ CVE-2022-24372 RESERVED CVE-2022-24371 RESERVED -CVE-2022-24370 - RESERVED -CVE-2022-24369 - RESERVED -CVE-2022-24368 - RESERVED -CVE-2022-24367 - RESERVED -CVE-2022-24366 - RESERVED -CVE-2022-24365 - RESERVED -CVE-2022-24364 - RESERVED -CVE-2022-24363 - RESERVED -CVE-2022-24362 - RESERVED -CVE-2022-24361 - RESERVED -CVE-2022-24360 - RESERVED -CVE-2022-24359 - RESERVED -CVE-2022-24358 - RESERVED -CVE-2022-24357 - RESERVED -CVE-2022-24356 - RESERVED -CVE-2022-24355 - RESERVED -CVE-2022-24354 - RESERVED +CVE-2022-24370 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2022-24369 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24368 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2022-24367 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24366 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24365 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24364 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24363 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24362 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24361 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24360 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24359 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24358 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24357 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24356 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24355 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check +CVE-2022-24354 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check CVE-2022-24353 RESERVED CVE-2022-24352 @@ -3341,8 +3398,8 @@ CVE-2022-24114 (Local privilege escalation due to race condition on application NOT-FOR-US: Acronis CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned to ch ...) NOT-FOR-US: Acronis -CVE-2022-0409 - RESERVED +CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist showdoc/s ...) + TODO: check CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) @@ -3478,65 +3535,61 @@ CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ... NOTE: https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 (v8.2.4233) CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...) NOT-FOR-US: Insyde -CVE-2022-24064 - RESERVED -CVE-2022-24063 - RESERVED -CVE-2022-24062 - RESERVED -CVE-2022-24061 - RESERVED -CVE-2022-24060 - RESERVED -CVE-2022-24059 - RESERVED -CVE-2022-24058 - RESERVED -CVE-2022-24057 - RESERVED -CVE-2022-24056 - RESERVED -CVE-2022-24055 - RESERVED +CVE-2022-24064 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24063 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24062 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24061 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2022-24060 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2022-24059 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24058 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24057 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24056 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24055 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check CVE-2022-24054 RESERVED CVE-2022-24053 RESERVED -CVE-2022-24052 - RESERVED +CVE-2022-24052 (This vulnerability allows local attackers to escalate privileges on af ...) - mariadb-10.6 - mariadb-10.5 - mariadb-10.3 NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/ -CVE-2022-24051 - RESERVED +CVE-2022-24051 (This vulnerability allows local attackers to escalate privileges on af ...) - mariadb-10.6 - mariadb-10.5 - mariadb-10.3 NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-318/ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/ -CVE-2022-24050 - RESERVED +CVE-2022-24050 (This vulnerability allows local attackers to escalate privileges on af ...) - mariadb-10.6 - mariadb-10.5 - mariadb-10.3 NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/ -CVE-2022-24049 - RESERVED -CVE-2022-24048 - RESERVED +CVE-2022-24049 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2022-24048 (This vulnerability allows local attackers to escalate privileges on af ...) - mariadb-10.6 - mariadb-10.5 - mariadb-10.3 NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/ -CVE-2022-24047 - RESERVED -CVE-2022-24046 - RESERVED +CVE-2022-24047 (This vulnerability allows remote attackers to bypass authentication on ...) + TODO: check +CVE-2022-24046 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check CVE-2022-24045 RESERVED CVE-2022-24044 @@ -4653,24 +4706,24 @@ CVE-2022-23652 RESERVED CVE-2022-23651 RESERVED -CVE-2022-23650 - RESERVED -CVE-2022-23649 - RESERVED +CVE-2022-23650 (Netmaker is a platform for creating and managing virtual overlay netwo ...) + TODO: check +CVE-2022-23649 (Cosign provides container signing, verification, and storage in an OCI ...) + TODO: check CVE-2022-23648 RESERVED CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...) TODO: check CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...) TODO: check -CVE-2022-23645 - RESERVED +CVE-2022-23645 (swtpm is a libtpms-based TPM emulator with socket, character device, a ...) + TODO: check CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...) NOT-FOR-US: BookWyrm CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...) TODO: check -CVE-2022-23642 - RESERVED +CVE-2022-23642 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...) + TODO: check CVE-2022-23641 (Discourse is an open source discussion platform. In versions prior to ...) NOT-FOR-US: Discourse CVE-2022-23640 @@ -5807,8 +5860,8 @@ CVE-2022-23230 RESERVED CVE-2022-23229 RESERVED -CVE-2022-23228 - RESERVED +CVE-2022-23228 (Pexip Infinity before 27.0 has improper WebRTC input validation. An un ...) + TODO: check CVE-2022-23227 (NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to uploa ...) NOT-FOR-US: NUUO NVRmini2 CVE-2022-23226 -- cgit v1.2.3