From 411b5825931fd3ca63454ad8fccc5c9f33e24072 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 21 Feb 2022 20:10:25 +0000 Subject: automatic update --- data/CVE/2021.list | 86 ++++++++++++++--------------- data/CVE/2022.list | 158 +++++++++++++++++++++++++++++++++++++++-------------- 2 files changed, 160 insertions(+), 84 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 5903cd9c3a..24d7abb1e9 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -680,8 +680,8 @@ CVE-2021-4209 RESERVED CVE-2021-46403 RESERVED -CVE-2021-4208 - RESERVED +CVE-2021-4208 (The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and ...) + TODO: check CVE-2021-46402 RESERVED CVE-2021-46401 @@ -984,8 +984,8 @@ CVE-2021-4205 RESERVED CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability discovere ...) NOT-FOR-US: WordPress plugin -CVE-2021-26256 - RESERVED +CVE-2021-26256 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...) + TODO: check CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Ever ...) NOT-FOR-US: WordPress plugin CVE-2021-23209 @@ -4434,8 +4434,8 @@ CVE-2021-45010 RESERVED CVE-2021-45009 RESERVED -CVE-2021-45008 - RESERVED +CVE-2021-45008 (Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability ...) + TODO: check CVE-2021-45007 (Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulne ...) NOT-FOR-US: Plesk CVE-2021-45006 @@ -5586,8 +5586,8 @@ CVE-2021-44570 RESERVED CVE-2021-44569 RESERVED -CVE-2021-44568 - RESERVED +CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv th ...) + TODO: check CVE-2021-44567 RESERVED CVE-2021-44566 @@ -6806,8 +6806,7 @@ CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to [buster] - isync (Vulnerable code introduced later) [stretch] - isync (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/2 -CVE-2021-44142 [Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution] - RESERVED +CVE-2021-44142 (The Samba vfs_fruit module uses extended file attributes (EA, xattr) t ...) {DSA-5071-1} - samba (bug #1004693) NOTE: https://www.samba.org/samba/security/CVE-2021-44142.html @@ -6815,8 +6814,7 @@ CVE-2021-44142 [Out-of-bounds heap read/write vulnerability in VFS module vfs_fr NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-244/ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-245/ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-246/ -CVE-2021-44141 [Information leak via symlinks of existance of files or directories outside of the exported share] - RESERVED +CVE-2021-44141 (All versions of Samba prior to 4.15.5 are vulnerable to a malicious cl ...) - samba (bug #1004692) [bullseye] - samba (Minor issue; no backport to older versions, mitigations exists) [buster] - samba (Minor issue; no backport to older versions, mitigations exists) @@ -47055,10 +47053,10 @@ CVE-2021-27799 (ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator NOTE: https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/ CVE-2021-27798 RESERVED -CVE-2021-27797 - RESERVED -CVE-2021-27796 - RESERVED +CVE-2021-27797 (Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all v ...) + TODO: check +CVE-2021-27796 (A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS ...) + TODO: check CVE-2021-27795 RESERVED CVE-2021-27794 (A vulnerability in the authentication mechanism of Brocade Fabric OS v ...) @@ -47139,12 +47137,12 @@ CVE-2021-27757 RESERVED CVE-2021-27756 RESERVED -CVE-2021-27755 - RESERVED +CVE-2021-27755 ("Sametime Android potential path traversal vulnerability when using Fi ...) + TODO: check CVE-2021-27754 RESERVED -CVE-2021-27753 - RESERVED +CVE-2021-27753 ("Sametime Android PathTraversal Vulnerability" ...) + TODO: check CVE-2021-27752 RESERVED CVE-2021-27751 @@ -53648,12 +53646,12 @@ CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before NOT-FOR-US: WordPress plugin CVE-2021-25102 RESERVED -CVE-2021-25101 - RESERVED -CVE-2021-25100 - RESERVED -CVE-2021-25099 - RESERVED +CVE-2021-25101 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...) + TODO: check +CVE-2021-25100 (The GiveWP WordPress plugin before 2.17.3 does not escape the s parame ...) + TODO: check +CVE-2021-25099 (The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape ...) + TODO: check CVE-2021-25098 RESERVED CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper authori ...) @@ -53686,8 +53684,8 @@ CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2 and Adva NOT-FOR-US: WordPress plugin CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...) NOT-FOR-US: WordPress plugin -CVE-2021-25082 - RESERVED +CVE-2021-25082 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...) + TODO: check CVE-2021-25081 RESERVED CVE-2021-25080 (The Contact Form Entries WordPress plugin before 1.1.7 does not valida ...) @@ -53700,8 +53698,8 @@ CVE-2021-25077 (The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 NOT-FOR-US: WordPress plugin CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not validate ...) NOT-FOR-US: WordPress plugin -CVE-2021-25075 - RESERVED +CVE-2021-25075 (The Duplicate Page or Post WordPress plugin before 1.5.1 does not have ...) + TODO: check CVE-2021-25074 (The WebP Converter for Media WordPress plugin before 4.0.3 contains a ...) NOT-FOR-US: WordPress plugin CVE-2021-25073 (The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in v ...) @@ -53712,8 +53710,8 @@ CVE-2021-25071 RESERVED CVE-2021-25070 RESERVED -CVE-2021-25069 - RESERVED +CVE-2021-25069 (The Download Manager WordPress plugin before 3.2.34 does not sanitise ...) + TODO: check CVE-2021-25068 RESERVED CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was affected ...) @@ -53730,18 +53728,18 @@ CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before 1.1. NOT-FOR-US: WordPress plugin CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was affected by a ...) NOT-FOR-US: WordPress plugin -CVE-2021-25060 - RESERVED +CVE-2021-25060 (The Five Star Business Profile and Schema WordPress plugin before 2.1. ...) + TODO: check CVE-2021-25059 RESERVED -CVE-2021-25058 - RESERVED -CVE-2021-25057 - RESERVED +CVE-2021-25058 (The Buffer Button WordPress plugin through 1.0 was vulnerable to Authe ...) + TODO: check +CVE-2021-25057 (The Translation Exchange WordPress plugin through 1.0.14 was vulnerabl ...) + TODO: check CVE-2021-25056 RESERVED -CVE-2021-25055 - RESERVED +CVE-2021-25055 (The FeedWordPress plugin before 2022.0123 is affected by a Reflected C ...) + TODO: check CVE-2021-25054 (The WPcalc WordPress plugin through 2.1 does not sanitize user input i ...) NOT-FOR-US: WordPress plugin CVE-2021-25053 (The WP Coder WordPress plugin before 2.5.2 within the wow-company admi ...) @@ -54008,8 +54006,8 @@ CVE-2021-24923 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sen NOT-FOR-US: WordPress plugin CVE-2021-24922 (The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check w ...) NOT-FOR-US: WordPress plugin -CVE-2021-24921 - RESERVED +CVE-2021-24921 (The Advanced Database Cleaner WordPress plugin before 3.0.4 does not s ...) + TODO: check CVE-2021-24920 RESERVED CVE-2021-24919 (The Wicked Folders WordPress plugin before 2.8.10 does not sanitise an ...) @@ -54116,8 +54114,8 @@ CVE-2021-24869 RESERVED CVE-2021-24868 (The Document Embedder WordPress plugin before 1.7.9 contains a AJAX ac ...) NOT-FOR-US: WordPress plugin -CVE-2021-24867 - RESERVED +CVE-2021-24867 (Numerous Plugins and Themes from the AccessPress Themes (aka Access Ke ...) + TODO: check CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2021-24865 (The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 d ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 41d446fa17..a366a8287b 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,81 @@ +CVE-2022-25622 + RESERVED +CVE-2022-25621 + RESERVED +CVE-2022-25620 + RESERVED +CVE-2022-25619 + RESERVED +CVE-2022-25618 + RESERVED +CVE-2022-25617 + RESERVED +CVE-2022-25616 + RESERVED +CVE-2022-25615 + RESERVED +CVE-2022-25614 + RESERVED +CVE-2022-25613 + RESERVED +CVE-2022-25612 + RESERVED +CVE-2022-25611 + RESERVED +CVE-2022-25610 + RESERVED +CVE-2022-25609 + RESERVED +CVE-2022-25608 + RESERVED +CVE-2022-25607 + RESERVED +CVE-2022-25606 + RESERVED +CVE-2022-25605 + RESERVED +CVE-2022-25604 + RESERVED +CVE-2022-25603 + RESERVED +CVE-2022-25602 + RESERVED +CVE-2022-25601 + RESERVED +CVE-2022-25600 + RESERVED +CVE-2022-25599 (Cross-Site Request Forgery (CSRF) vulnerability leading to event delet ...) + TODO: check +CVE-2022-25598 + RESERVED +CVE-2022-0712 + RESERVED +CVE-2022-0711 + RESERVED +CVE-2022-0710 + RESERVED +CVE-2022-0709 + RESERVED +CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of the c ...) + TODO: check +CVE-2022-0707 + RESERVED +CVE-2022-0706 + RESERVED +CVE-2022-0705 + RESERVED +CVE-2022-0704 + RESERVED +CVE-2022-0703 + RESERVED +CVE-2022-0702 + RESERVED +CVE-2022-0701 + RESERVED +CVE-2022-0700 + RESERVED +CVE-2022-0699 + RESERVED CVE-2022-25597 RESERVED CVE-2022-25596 @@ -470,10 +548,10 @@ CVE-2022-0694 RESERVED CVE-2022-0693 RESERVED -CVE-2022-0692 - RESERVED -CVE-2022-0691 - RESERVED +CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to ...) + TODO: check +CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) + TODO: check CVE-2022-25369 RESERVED CVE-2022-25368 @@ -696,8 +774,8 @@ CVE-2022-25299 (This affects the package cesanta/mongoose before 7.6. The unsafe TODO: check CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is possible ...) NOT-FOR-US: webcc -CVE-2022-25297 - RESERVED +CVE-2022-25297 (This affects the package drogonframework/drogon before 1.7.5. The unsa ...) + TODO: check CVE-2022-25296 RESERVED CVE-2022-25295 @@ -1780,8 +1858,8 @@ CVE-2022-24917 RESERVED CVE-2022-24911 RESERVED -CVE-2022-0564 - RESERVED +CVE-2022-0564 (A vulnerability in Qlik Sense Enterprise on Windows could allow an rem ...) + TODO: check CVE-2022-24916 (Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing b ...) NOT-FOR-US: Optimism CVE-2022-24908 @@ -2661,8 +2739,8 @@ CVE-2022-24555 RESERVED CVE-2022-24554 RESERVED -CVE-2022-24553 - RESERVED +CVE-2022-24553 (An issue was found in Zfaka <= 1.4.5. The verification of the backg ...) + TODO: check CVE-2022-24552 (StarWind SAN and NAS before 0.2 build 1685 allows remote code executio ...) NOT-FOR-US: StarWind CVE-2022-24551 (StarWind SAN and NAS before 0.2 build 1685 allows users to reset other ...) @@ -3299,8 +3377,8 @@ CVE-2022-24302 RESERVED CVE-2022-24296 RESERVED -CVE-2022-24295 - RESERVED +CVE-2022-24295 (Okta Advanced Server Access Client for Windows prior to version 1.57.0 ...) + TODO: check CVE-2022-22986 RESERVED CVE-2022-0472 (Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/ ...) @@ -4267,10 +4345,10 @@ CVE-2022-23988 RESERVED CVE-2022-23987 RESERVED -CVE-2022-23984 - RESERVED -CVE-2022-23983 - RESERVED +CVE-2022-23984 (Sensitive information disclosure discovered in wpDiscuz WordPress plug ...) + TODO: check +CVE-2022-23983 (Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Sett ...) + TODO: check CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...) NOT-FOR-US: WordPress plugin CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...) @@ -5638,8 +5716,8 @@ CVE-2022-23457 RESERVED CVE-2022-0314 RESERVED -CVE-2022-0313 - RESERVED +CVE-2022-0313 (The Float menu WordPress plugin before 4.3.1 does not have CSRF check ...) + TODO: check CVE-2022-0312 RESERVED CVE-2022-0299 @@ -5809,8 +5887,8 @@ CVE-2022-0289 (Use after free in Safe browsing in Google Chrome prior to 97.0.46 - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) -CVE-2022-0288 - RESERVED +CVE-2022-0288 (The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPr ...) + TODO: check CVE-2022-0287 RESERVED CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer dereference in bo ...) @@ -5834,8 +5912,8 @@ CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Pac NOT-FOR-US: microweber CVE-2022-0280 RESERVED -CVE-2022-0279 - RESERVED +CVE-2022-0279 (The AnyComment WordPress plugin before 0.2.18 is affected by a race co ...) + TODO: check CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) NOT-FOR-US: microweber CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...) @@ -6164,14 +6242,14 @@ CVE-2022-0257 (pimcore is vulnerable to Improper Neutralization of Input During NOT-FOR-US: pimcore CVE-2022-0256 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) NOT-FOR-US: pimcore -CVE-2022-0255 - RESERVED +CVE-2022-0255 (The Database Backup for WordPress plugin before 2.5.1 does not properl ...) + TODO: check CVE-2022-0254 RESERVED CVE-2022-0253 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) NOT-FOR-US: livehelperchat -CVE-2022-0252 - RESERVED +CVE-2022-0252 (The GiveWP WordPress plugin before 2.17.3 does not escape the json par ...) + TODO: check CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-0250 @@ -6416,8 +6494,8 @@ CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to [bullseye] - node-fetch (Minor issue) NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ NOTE: Fixed by: https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80 (v3.1.1) -CVE-2022-0234 - RESERVED +CVE-2022-0234 (The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape ...) + TODO: check CVE-2022-0233 (The ProfileGrid – User Profiles, Memberships, Groups and Communi ...) NOT-FOR-US: WordPress plugin CVE-2022-0232 (The User Registration, Login & Landing Pages WordPress plugin is v ...) @@ -6428,8 +6506,8 @@ CVE-2022-0230 RESERVED CVE-2022-0229 RESERVED -CVE-2022-0228 - RESERVED +CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...) + TODO: check CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...) {DSA-5050-1} - linux 5.15.15-1 @@ -6505,8 +6583,8 @@ CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...) NOTE: Fixed by: https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 (v8.2.4074) CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise a ...) NOT-FOR-US: WordPress plugin -CVE-2022-0211 - RESERVED +CVE-2022-0211 (The Shield Security WordPress plugin before 13.0.6 does not sanitise a ...) + TODO: check CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...) NOT-FOR-US: Apache Traffic Control CVE-2022-23205 @@ -6610,8 +6688,8 @@ CVE-2022-0201 (The Permalink Manager Lite WordPress plugin before 2.2.15 and Per NOT-FOR-US: WordPress plugin CVE-2022-0200 (Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise ...) NOT-FOR-US: WordPress plugin -CVE-2022-0199 - RESERVED +CVE-2022-0199 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...) + TODO: check CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. ...) NOT-FOR-US: Crestron devices CVE-2022-23177 @@ -6805,8 +6883,8 @@ CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not NOT-FOR-US: WordPress plugin CVE-2022-0187 RESERVED -CVE-2022-0186 - RESERVED +CVE-2022-0186 (The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 ...) + TODO: check CVE-2022-0185 (A heap-based buffer overflow flaw was found in the way the legacy_pars ...) {DSA-5050-1} - linux 5.15.15-1 @@ -7440,8 +7518,8 @@ CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to NOT-FOR-US: McAfee CVE-2022-0165 RESERVED -CVE-2022-0164 - RESERVED +CVE-2022-0164 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...) + TODO: check CVE-2022-0163 RESERVED CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 ...) @@ -8012,8 +8090,8 @@ CVE-2022-0135 [out-of-bounds write in read_transfer_data()] NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654 NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/95e581fd181b213c2ed7cdc63f2abc03eaaa77ec TODO: Check introducing information for issue -CVE-2022-0134 - RESERVED +CVE-2022-0134 (The AnyComment WordPress plugin before 0.2.18 does not have CSRF check ...) + TODO: check CVE-2022-0133 (peertube is vulnerable to Improper Access Control ...) - peertube (bug #950821) CVE-2022-0132 (peertube is vulnerable to Server-Side Request Forgery (SSRF) ...) -- cgit v1.2.3