From b3fecbd0838d89a3fc7b727fe5fb5e8fa388f01c Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 16 Feb 2022 08:10:21 +0000 Subject: automatic update --- data/CVE/2021.list | 49 ++++++++++++++--------------- data/CVE/2022.list | 90 +++++++++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 107 insertions(+), 32 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index ddde2e4ef4..fbe03b3bd9 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -863,8 +863,8 @@ CVE-2021-46323 (Espruino 2v11.251 was discovered to contain a SEGV vulnerability NOT-FOR-US: Espruino CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV vulnerability via th ...) NOT-FOR-US: Duktape -CVE-2021-46321 - RESERVED +CVE-2021-46321 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + TODO: check CVE-2021-46320 (In OpenZeppelin <=v4.4.0, initializer functions that are invoked se ...) NOT-FOR-US: OpenZeppelin CVE-2021-46319 @@ -993,14 +993,14 @@ CVE-2021-46267 RESERVED CVE-2021-46266 RESERVED -CVE-2021-46265 - RESERVED -CVE-2021-46264 - RESERVED -CVE-2021-46263 - RESERVED -CVE-2021-46262 - RESERVED +CVE-2021-46265 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + TODO: check +CVE-2021-46264 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + TODO: check +CVE-2021-46263 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + TODO: check +CVE-2021-46262 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + TODO: check CVE-2021-46261 RESERVED CVE-2021-46260 @@ -1019,14 +1019,14 @@ CVE-2021-46254 RESERVED CVE-2021-46253 (A cross-site scripting (XSS) vulnerability in the Create Post function ...) NOT-FOR-US: Anchor CMS -CVE-2021-46252 - RESERVED -CVE-2021-46251 - RESERVED -CVE-2021-46250 - RESERVED -CVE-2021-46249 - RESERVED +CVE-2021-46252 (A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of S ...) + TODO: check +CVE-2021-46251 (A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit ...) + TODO: check +CVE-2021-46250 (An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879 ...) + TODO: check +CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in Specific ...) + TODO: check CVE-2021-46248 RESERVED CVE-2021-46247 @@ -7541,6 +7541,7 @@ CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution frame NOTE: https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451 NOTE: https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042 CVE-2021-43859 (XStream is an open source java library to serialize objects to XML and ...) + {DLA-2924-1} - libxstream-java NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf NOTE: https://x-stream.github.io/CVE-2021-43859.html @@ -23586,8 +23587,8 @@ CVE-2021-37356 RESERVED CVE-2021-37355 RESERVED -CVE-2021-37354 - RESERVED +CVE-2021-37354 (Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer ov ...) + TODO: check CVE-2021-37353 (Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due ...) NOT-FOR-US: Nagios XI CVE-2021-37352 (An open redirect vulnerability exists in Nagios XI before version 5.8. ...) @@ -28165,8 +28166,8 @@ CVE-2021-35382 RESERVED CVE-2021-35381 RESERVED -CVE-2021-35380 - RESERVED +CVE-2021-35380 (A Directory Traversal vulnerability exists in Solari di Udine TermTalk ...) + TODO: check CVE-2021-35379 RESERVED CVE-2021-35378 @@ -31364,8 +31365,8 @@ CVE-2021-33947 RESERVED CVE-2021-33946 RESERVED -CVE-2021-33945 - RESERVED +CVE-2021-33945 (RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN ...) + TODO: check CVE-2021-33944 RESERVED CVE-2021-33943 diff --git a/data/CVE/2022.list b/data/CVE/2022.list index f3d3d98b3f..945cdce0d1 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,77 @@ +CVE-2022-25245 + RESERVED +CVE-2022-25244 + RESERVED +CVE-2022-25243 + RESERVED +CVE-2022-25242 (In FileCloud before 21.3, file upload is not protected against Cross-S ...) + TODO: check +CVE-2022-25241 (In FileCloud before 21.3, the CSV user import functionality is vulnera ...) + TODO: check +CVE-2022-25240 + RESERVED +CVE-2022-25239 + RESERVED +CVE-2022-25238 + RESERVED +CVE-2022-25237 + RESERVED +CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...) + TODO: check +CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain valid ...) + TODO: check +CVE-2022-25229 + RESERVED +CVE-2022-25228 + RESERVED +CVE-2022-25227 + RESERVED +CVE-2022-25226 + RESERVED +CVE-2022-25225 + RESERVED +CVE-2022-25224 + RESERVED +CVE-2022-25223 + RESERVED +CVE-2022-25222 + RESERVED +CVE-2022-25221 + RESERVED +CVE-2022-25220 + RESERVED +CVE-2022-25219 + RESERVED +CVE-2022-25218 + RESERVED +CVE-2022-25217 + RESERVED +CVE-2022-25216 + RESERVED +CVE-2022-25215 + RESERVED +CVE-2022-25214 + RESERVED +CVE-2022-25213 + RESERVED +CVE-2022-24915 + RESERVED +CVE-2022-24432 + RESERVED +CVE-2022-22985 + RESERVED +CVE-2022-21146 + RESERVED +CVE-2022-0623 + RESERVED +CVE-2022-0622 + RESERVED +CVE-2022-0621 + RESERVED +CVE-2022-0620 + RESERVED +CVE-2022-0619 + RESERVED CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XM ...) NOT-FOR-US: Jenkins Chef Sinatra Plugin CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier use ...) @@ -143,10 +217,10 @@ CVE-2022-25149 RESERVED CVE-2022-25148 RESERVED -CVE-2022-0612 - RESERVED -CVE-2022-0611 - RESERVED +CVE-2022-0612 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + TODO: check +CVE-2022-0611 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...) + TODO: check CVE-2022-25147 RESERVED CVE-2022-0610 @@ -4221,12 +4295,12 @@ CVE-2022-23645 RESERVED CVE-2022-23644 RESERVED -CVE-2022-23643 - RESERVED +CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...) + TODO: check CVE-2022-23642 RESERVED -CVE-2022-23641 - RESERVED +CVE-2022-23641 (Discourse is an open source discussion platform. In versions prior to ...) + TODO: check CVE-2022-23640 RESERVED CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, scoped t ...) -- cgit v1.2.3