CVE-2022-25257 RESERVED CVE-2022-25256 RESERVED CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...) TODO: check CVE-2022-25254 RESERVED CVE-2022-25253 RESERVED CVE-2022-25252 RESERVED CVE-2022-25251 RESERVED CVE-2022-25250 RESERVED CVE-2022-25249 RESERVED CVE-2022-25248 RESERVED CVE-2022-25247 RESERVED CVE-2022-25246 RESERVED CVE-2022-24374 RESERVED CVE-2022-23916 RESERVED CVE-2022-23810 RESERVED CVE-2022-21142 RESERVED CVE-2022-0648 RESERVED CVE-2022-0647 RESERVED CVE-2022-0646 RESERVED CVE-2022-0645 RESERVED CVE-2022-0644 RESERVED CVE-2022-0643 RESERVED CVE-2022-0642 RESERVED CVE-2022-0641 RESERVED CVE-2022-0640 RESERVED CVE-2022-0639 RESERVED CVE-2022-0638 RESERVED CVE-2022-0637 RESERVED CVE-2022-0636 RESERVED CVE-2022-0635 RESERVED CVE-2022-0634 RESERVED CVE-2022-0633 RESERVED CVE-2022-0632 RESERVED CVE-2022-0631 RESERVED CVE-2022-0630 RESERVED CVE-2022-0629 RESERVED CVE-2022-0628 RESERVED CVE-2022-0627 RESERVED CVE-2022-0626 RESERVED CVE-2022-0625 RESERVED CVE-2022-0624 RESERVED CVE-2022-XXXX [Improper input validation - SA-CORE-2022-003] - drupal7 [stretch] - drupal7 7.52-2+deb9u18 NOTE: https://www.drupal.org/sa-core-2022-003 NOTE: https://git.drupalcode.org/project/drupal/-/commit/43c757167380643b5f73287a63a8739731a5b712 CVE-2022-25245 RESERVED CVE-2022-25244 RESERVED CVE-2022-25243 RESERVED CVE-2022-25242 (In FileCloud before 21.3, file upload is not protected against Cross-S ...) NOT-FOR-US: FileCloud CVE-2022-25241 (In FileCloud before 21.3, the CSV user import functionality is vulnera ...) NOT-FOR-US: FileCloud CVE-2022-25240 RESERVED CVE-2022-25239 RESERVED CVE-2022-25238 RESERVED CVE-2022-25237 RESERVED CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...) - expat NOTE: https://github.com/libexpat/libexpat/pull/561 CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain valid ...) - expat (bug #1005894) NOTE: https://github.com/libexpat/libexpat/pull/562 CVE-2022-25229 RESERVED CVE-2022-25228 RESERVED CVE-2022-25227 RESERVED CVE-2022-25226 RESERVED CVE-2022-25225 RESERVED CVE-2022-25224 RESERVED CVE-2022-25223 RESERVED CVE-2022-25222 RESERVED CVE-2022-25221 RESERVED CVE-2022-25220 RESERVED CVE-2022-25219 RESERVED CVE-2022-25218 RESERVED CVE-2022-25217 RESERVED CVE-2022-25216 RESERVED CVE-2022-25215 RESERVED CVE-2022-25214 RESERVED CVE-2022-25213 RESERVED CVE-2022-24915 RESERVED CVE-2022-24432 RESERVED CVE-2022-22985 RESERVED CVE-2022-21146 RESERVED CVE-2022-0623 RESERVED CVE-2022-0622 RESERVED CVE-2022-0621 RESERVED CVE-2022-0620 RESERVED CVE-2022-0619 RESERVED CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XM ...) NOT-FOR-US: Jenkins Chef Sinatra Plugin CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier use ...) NOT-FOR-US: Jenkins Pipeline: Multibranch Plugin CVE-2022-25169 RESERVED CVE-2022-25168 RESERVED CVE-2022-25167 RESERVED CVE-2022-24435 RESERVED CVE-2022-23986 RESERVED CVE-2022-21159 RESERVED CVE-2022-0618 RESERVED CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file system fu ...) - linux 5.16.7-1 NOTE: https://git.kernel.org/linus/7fc3b7c2981bbd1047916ade327beccb90994eee NOTE: https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f CVE-2022-0616 RESERVED CVE-2022-0615 RESERVED CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. ...) TODO: check CVE-2022-0613 (Authorization Bypass Through User-Controlled Key in NPM urijs prior to ...) TODO: check CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...) NOT-FOR-US: Jenkins plugin CVE-2022-25211 (A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier a ...) NOT-FOR-US: Jenkins plugin CVE-2022-25210 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static ...) NOT-FOR-US: Jenkins plugin CVE-2022-25208 (A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2022-25207 (A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sina ...) NOT-FOR-US: Jenkins plugin CVE-2022-25206 (A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows at ...) NOT-FOR-US: Jenkins plugin CVE-2022-25205 (A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts ...) NOT-FOR-US: Jenkins plugin CVE-2022-25204 (Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that ...) NOT-FOR-US: Jenkins plugin CVE-2022-25203 (Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names ...) NOT-FOR-US: Jenkins plugin CVE-2022-25202 (Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2022-25201 (Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2022-25200 (A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx ...) NOT-FOR-US: Jenkins plugin CVE-2022-25199 (A missing permission check in Jenkins SCP publisher Plugin 1.8 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2022-25198 (A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publi ...) NOT-FOR-US: Jenkins plugin CVE-2022-25197 (Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implement ...) NOT-FOR-US: Jenkins plugin CVE-2022-25196 (Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP ...) NOT-FOR-US: Jenkins plugin CVE-2022-25195 (A missing permission check in Jenkins autonomiq Plugin 1.15 and earlie ...) NOT-FOR-US: Jenkins plugin CVE-2022-25194 (A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq ...) NOT-FOR-US: Jenkins plugin CVE-2022-25193 (Missing permission checks in Jenkins Snow Commander Plugin 2.0 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2022-25192 (A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Comm ...) NOT-FOR-US: Jenkins plugin CVE-2022-25191 (Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin CVE-2022-25190 (A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-25189 (Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not esca ...) NOT-FOR-US: Jenkins plugin CVE-2022-25188 (Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appNa ...) NOT-FOR-US: Jenkins plugin CVE-2022-25187 (Jenkins Support Core Plugin 2.79 and earlier does not redact some sens ...) NOT-FOR-US: Jenkins plugin CVE-2022-25186 (Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functional ...) NOT-FOR-US: Jenkins plugin CVE-2022-25185 (Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2022-25184 (Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password ...) NOT-FOR-US: Jenkins plugin CVE-2022-25183 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-25182 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...) NOT-FOR-US: Jenkins plugin CVE-2022-25181 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...) NOT-FOR-US: Jenkins plugin CVE-2022-25180 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier include ...) NOT-FOR-US: Jenkins plugin CVE-2022-25179 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier fol ...) NOT-FOR-US: Jenkins plugin CVE-2022-25178 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-25177 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-25176 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows ...) NOT-FOR-US: Jenkins plugin CVE-2022-25174 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-25173 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses th ...) NOT-FOR-US: Jenkins plugin CVE-2022-25166 RESERVED CVE-2022-25165 RESERVED CVE-2022-25164 RESERVED CVE-2022-25163 RESERVED CVE-2022-25162 RESERVED CVE-2022-25161 RESERVED CVE-2022-25160 RESERVED CVE-2022-25159 RESERVED CVE-2022-25158 RESERVED CVE-2022-25157 RESERVED CVE-2022-25156 RESERVED CVE-2022-25155 RESERVED CVE-2022-25154 RESERVED CVE-2022-25153 RESERVED CVE-2022-25152 RESERVED CVE-2022-25151 RESERVED CVE-2022-25150 (In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, prog ...) NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control CVE-2022-25149 RESERVED CVE-2022-25148 RESERVED CVE-2022-0612 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0611 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...) NOT-FOR-US: snipe-it CVE-2022-25147 RESERVED CVE-2022-0610 RESERVED - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0609 RESERVED - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0608 RESERVED - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0607 RESERVED - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0606 RESERVED - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0605 RESERVED - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0604 RESERVED - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0603 RESERVED - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0602 RESERVED CVE-2022-0601 RESERVED CVE-2022-0600 RESERVED CVE-2022-0599 RESERVED CVE-2022-0598 RESERVED CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...) NOT-FOR-US: microweber CVE-2022-0596 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...) NOT-FOR-US: microweber CVE-2022-0595 RESERVED CVE-2022-0594 RESERVED CVE-2022-0593 RESERVED CVE-2022-0592 RESERVED CVE-2022-0591 RESERVED CVE-2022-0590 RESERVED CVE-2022-0589 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...) NOT-FOR-US: LibreNMS CVE-2022-0588 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...) NOT-FOR-US: LibreNMS CVE-2022-0587 (Improper Authorization in Packagist librenms/librenms prior to 22.2.0. ...) NOT-FOR-US: LibreNMS CVE-2022-25146 RESERVED CVE-2022-25145 RESERVED CVE-2022-25144 RESERVED CVE-2022-25143 RESERVED CVE-2022-25142 RESERVED CVE-2022-25141 RESERVED CVE-2022-25140 RESERVED CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a heap use ...) NOT-FOR-US: njs CVE-2022-25138 RESERVED CVE-2022-25137 RESERVED CVE-2022-25136 RESERVED CVE-2022-25135 RESERVED CVE-2022-25134 RESERVED CVE-2022-25133 RESERVED CVE-2022-25132 RESERVED CVE-2022-25131 RESERVED CVE-2022-25130 RESERVED CVE-2022-25129 RESERVED CVE-2022-25128 RESERVED CVE-2022-25127 RESERVED CVE-2022-25126 RESERVED CVE-2022-25125 RESERVED CVE-2022-25124 RESERVED CVE-2022-25123 RESERVED CVE-2022-25122 RESERVED CVE-2022-25121 RESERVED CVE-2022-25120 RESERVED CVE-2022-25119 RESERVED CVE-2022-25118 RESERVED CVE-2022-25117 RESERVED CVE-2022-25116 RESERVED CVE-2022-25115 RESERVED CVE-2022-25114 RESERVED CVE-2022-25113 RESERVED CVE-2022-25112 RESERVED CVE-2022-25111 RESERVED CVE-2022-25110 RESERVED CVE-2022-25109 RESERVED CVE-2022-25108 RESERVED CVE-2022-25107 RESERVED CVE-2022-25106 RESERVED CVE-2022-25105 RESERVED CVE-2022-25104 RESERVED CVE-2022-25103 RESERVED CVE-2022-25102 RESERVED CVE-2022-25101 RESERVED CVE-2022-25100 RESERVED CVE-2022-25099 RESERVED CVE-2022-25098 RESERVED CVE-2022-25097 RESERVED CVE-2022-25096 RESERVED CVE-2022-25095 RESERVED CVE-2022-25094 RESERVED CVE-2022-25093 RESERVED CVE-2022-25092 RESERVED CVE-2022-25091 RESERVED CVE-2022-25090 RESERVED CVE-2022-25089 RESERVED CVE-2022-25088 RESERVED CVE-2022-25087 RESERVED CVE-2022-25086 RESERVED CVE-2022-25085 RESERVED CVE-2022-25084 RESERVED CVE-2022-25083 RESERVED CVE-2022-25082 RESERVED CVE-2022-25081 RESERVED CVE-2022-25080 RESERVED CVE-2022-25079 RESERVED CVE-2022-25078 RESERVED CVE-2022-25077 RESERVED CVE-2022-25076 RESERVED CVE-2022-25075 RESERVED CVE-2022-25074 RESERVED CVE-2022-25073 RESERVED CVE-2022-25072 RESERVED CVE-2022-25071 RESERVED CVE-2022-25070 RESERVED CVE-2022-25069 RESERVED CVE-2022-25068 RESERVED CVE-2022-25067 RESERVED CVE-2022-25066 RESERVED CVE-2022-25065 RESERVED CVE-2022-25064 RESERVED CVE-2022-25063 RESERVED CVE-2022-25062 RESERVED CVE-2022-25061 RESERVED CVE-2022-25060 RESERVED CVE-2022-25059 RESERVED CVE-2022-25058 RESERVED CVE-2022-25057 RESERVED CVE-2022-25056 RESERVED CVE-2022-25055 RESERVED CVE-2022-25054 RESERVED CVE-2022-25053 RESERVED CVE-2022-25052 RESERVED CVE-2022-25051 RESERVED CVE-2022-25050 RESERVED CVE-2022-25049 RESERVED CVE-2022-25048 RESERVED CVE-2022-25047 RESERVED CVE-2022-25046 RESERVED CVE-2022-25045 RESERVED CVE-2022-25044 RESERVED CVE-2022-25043 RESERVED CVE-2022-25042 RESERVED CVE-2022-25041 RESERVED CVE-2022-25040 RESERVED CVE-2022-25039 RESERVED CVE-2022-25038 RESERVED CVE-2022-25037 RESERVED CVE-2022-25036 RESERVED CVE-2022-25035 RESERVED CVE-2022-25034 RESERVED CVE-2022-25033 RESERVED CVE-2022-25032 RESERVED CVE-2022-25031 RESERVED CVE-2022-25030 RESERVED CVE-2022-25029 RESERVED CVE-2022-25028 RESERVED CVE-2022-25027 RESERVED CVE-2022-25026 RESERVED CVE-2022-25025 RESERVED CVE-2022-25024 RESERVED CVE-2022-25023 RESERVED CVE-2022-25022 RESERVED CVE-2022-25021 RESERVED CVE-2022-25020 RESERVED CVE-2022-25019 RESERVED CVE-2022-25018 RESERVED CVE-2022-25017 RESERVED CVE-2022-25016 RESERVED CVE-2022-25015 RESERVED CVE-2022-25014 RESERVED CVE-2022-25013 RESERVED CVE-2022-25012 RESERVED CVE-2022-25011 RESERVED CVE-2022-25010 RESERVED CVE-2022-25009 RESERVED CVE-2022-25008 RESERVED CVE-2022-25007 RESERVED CVE-2022-25006 RESERVED CVE-2022-25005 RESERVED CVE-2022-25004 RESERVED CVE-2022-25003 RESERVED CVE-2022-25002 RESERVED CVE-2022-25001 RESERVED CVE-2022-25000 RESERVED CVE-2022-24999 RESERVED CVE-2022-24998 RESERVED CVE-2022-24997 RESERVED CVE-2022-24996 RESERVED CVE-2022-24995 RESERVED CVE-2022-24994 RESERVED CVE-2022-24993 RESERVED CVE-2022-24992 RESERVED CVE-2022-24991 RESERVED CVE-2022-24990 RESERVED CVE-2022-24989 RESERVED CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-b ...) NOT-FOR-US: galois_2p8 CVE-2022-24987 RESERVED CVE-2022-24986 RESERVED CVE-2022-24985 RESERVED CVE-2022-24984 RESERVED CVE-2022-24983 RESERVED CVE-2022-24982 RESERVED CVE-2022-24981 RESERVED CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 ...) - wireshark [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html CVE-2022-0585 RESERVED - wireshark [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2054049 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-02.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17829 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17842 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17847 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17855 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17891 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17925 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17926 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17931 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17932 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17933 CVE-2022-0584 RESERVED CVE-2022-0583 (Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3 ...) - wireshark [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17840 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-03.html CVE-2022-0582 (Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to ...) - wireshark [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17882 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-04.html CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3. ...) - wireshark [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17935 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to 22.2.0 ...) NOT-FOR-US: LibreNMS CVE-2022-24980 RESERVED CVE-2022-24979 RESERVED CVE-2022-24978 RESERVED CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...) NOT-FOR-US: ImpressCMS CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...) NOT-FOR-US: snipe-it CVE-2022-0578 RESERVED CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with InspI ...) - atheme-services 7.2.12-1 [bullseye] - atheme-services (Minor issue; can be fixed via point release) [buster] - atheme-services (Minor issue; can be fixed via point release) [stretch] - atheme-services (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/4 NOTE: https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52 CVE-2022-0577 RESERVED CVE-2022-0576 (Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms pr ...) NOT-FOR-US: LibreNMS CVE-2022-0575 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...) NOT-FOR-US: LibreNMS CVE-2022-0574 RESERVED CVE-2022-0573 RESERVED CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf NOTE: https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f (v8.2.4359) CVE-2022-0571 (Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-t ...) - phoronix-test-suite CVE-2022-0570 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...) - mruby (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/65a7632e-f95b-4836-b1a7-9cb95e5124f1 NOTE: https://github.com/mruby/mruby/commit/38b164ace7d6ae1c367883a3d67d7f559783faad CVE-2022-0569 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...) NOT-FOR-US: snipe-it CVE-2022-24975 (The --mirror documentation for Git through 2.35.1 does not mention the ...) - git (unimportant) NOTE: https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/ NOTE: CVE is specifically about --mirror documentation not mentioning the availability NOTE: of deleted content. CVE-2022-24974 RESERVED CVE-2022-24973 RESERVED CVE-2022-24972 RESERVED CVE-2022-24971 RESERVED CVE-2022-24970 RESERVED CVE-2022-24969 RESERVED CVE-2022-24968 (In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoo ...) NOT-FOR-US: Mellium CVE-2022-24967 RESERVED CVE-2022-24966 RESERVED CVE-2022-24965 RESERVED CVE-2022-24964 RESERVED CVE-2022-24963 RESERVED CVE-2022-24962 RESERVED CVE-2022-0568 RESERVED CVE-2022-0567 RESERVED CVE-2022-0566 RESERVED CVE-2022-0565 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...) NOT-FOR-US: pimcore CVE-2022-24961 (In Portainer Agent before 2.11.1, an API server can continue running e ...) NOT-FOR-US: Portainer CVE-2022-24960 RESERVED CVE-2022-24959 (An issue was discovered in the Linux kernel before 5.16.5. There is a ...) - linux 5.16.7-1 NOTE: https://git.kernel.org/linus/29eb31542787e1019208a2e1047bb7c76c069536 (5.17-rc2) CVE-2022-24958 (drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 m ...) - linux NOTE: Fixed by: https://git.kernel.org/linus/89f3594d0de58e8a57d92d497dea9fee3d4b9cda (5.17-rc1) NOTE: Fixed by: https://git.kernel.org/linus/501e38a5531efbd77d5c73c0ba838a889bfc1d74 (5.17-rc1) CVE-2022-24957 RESERVED CVE-2022-24956 RESERVED CVE-2022-24955 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have ...) NOT-FOR-US: Foxit CVE-2022-24954 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have ...) NOT-FOR-US: Foxit CVE-2022-24953 RESERVED CVE-2022-24952 RESERVED CVE-2022-24951 RESERVED CVE-2022-24950 RESERVED CVE-2022-24949 RESERVED CVE-2022-24948 RESERVED CVE-2022-24947 RESERVED CVE-2022-24946 RESERVED CVE-2022-24945 RESERVED CVE-2022-24944 RESERVED CVE-2022-24943 RESERVED CVE-2022-24942 RESERVED CVE-2022-24941 RESERVED CVE-2022-24940 RESERVED CVE-2022-24939 RESERVED CVE-2022-24938 RESERVED CVE-2022-24937 RESERVED CVE-2022-24936 RESERVED CVE-2022-24935 RESERVED CVE-2022-24934 RESERVED CVE-2022-24933 RESERVED CVE-2022-24932 RESERVED CVE-2022-24931 RESERVED CVE-2022-24930 RESERVED CVE-2022-24929 RESERVED CVE-2022-24928 RESERVED CVE-2022-24927 (Improper privilege management vulnerability in Samsung Video Player pr ...) NOT-FOR-US: Samsung CVE-2022-24926 (Improper input validation vulnerability in SmartTagPlugin prior to ver ...) NOT-FOR-US: Samsung CVE-2022-24925 (Improper input validation vulnerability in SettingsProvider prior to A ...) NOT-FOR-US: Samsung CVE-2022-24924 (An improper access control in LiveWallpaperService prior to versions 3 ...) NOT-FOR-US: Samsung CVE-2022-24923 (Improper access control vulnerability in Samsung SearchWidget prior to ...) NOT-FOR-US: Samsung CVE-2022-24922 RESERVED CVE-2022-24921 RESERVED CVE-2022-24920 RESERVED CVE-2022-24919 RESERVED CVE-2022-24918 RESERVED CVE-2022-24917 RESERVED CVE-2022-24911 RESERVED CVE-2022-0564 RESERVED CVE-2022-24916 (Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing b ...) NOT-FOR-US: Optimism CVE-2022-24908 RESERVED CVE-2022-24907 RESERVED CVE-2022-24906 RESERVED CVE-2022-24905 RESERVED CVE-2022-24904 RESERVED CVE-2022-24903 RESERVED CVE-2022-24902 RESERVED CVE-2022-24901 RESERVED CVE-2022-24900 RESERVED CVE-2022-24899 RESERVED CVE-2022-24898 RESERVED CVE-2022-24897 RESERVED CVE-2022-24896 RESERVED CVE-2022-24895 RESERVED CVE-2022-24894 RESERVED CVE-2022-24893 RESERVED CVE-2022-24892 RESERVED CVE-2022-24891 RESERVED CVE-2022-24890 RESERVED CVE-2022-24889 RESERVED CVE-2022-24888 RESERVED CVE-2022-24887 RESERVED CVE-2022-24886 RESERVED CVE-2022-24885 RESERVED CVE-2022-24884 RESERVED CVE-2022-24883 RESERVED CVE-2022-24882 RESERVED CVE-2022-24881 RESERVED CVE-2022-24880 RESERVED CVE-2022-24879 RESERVED CVE-2022-24878 RESERVED CVE-2022-24877 RESERVED CVE-2022-24876 RESERVED CVE-2022-24875 RESERVED CVE-2022-24874 RESERVED CVE-2022-24873 RESERVED CVE-2022-24872 RESERVED CVE-2022-24871 RESERVED CVE-2022-24870 RESERVED CVE-2022-24869 RESERVED CVE-2022-24868 RESERVED CVE-2022-24867 RESERVED CVE-2022-24866 RESERVED CVE-2022-24865 RESERVED CVE-2022-24864 RESERVED CVE-2022-24863 RESERVED CVE-2022-24862 RESERVED CVE-2022-24861 RESERVED CVE-2022-24860 RESERVED CVE-2022-24859 RESERVED CVE-2022-24858 RESERVED CVE-2022-24857 RESERVED CVE-2022-24856 RESERVED CVE-2022-24855 RESERVED CVE-2022-24854 RESERVED CVE-2022-24853 RESERVED CVE-2022-24852 RESERVED CVE-2022-24851 RESERVED CVE-2022-24850 RESERVED CVE-2022-24849 RESERVED CVE-2022-24848 RESERVED CVE-2022-24847 RESERVED CVE-2022-24846 RESERVED CVE-2022-24845 RESERVED CVE-2022-24844 RESERVED CVE-2022-24843 RESERVED CVE-2022-24842 RESERVED CVE-2022-24841 RESERVED CVE-2022-24840 RESERVED CVE-2022-24839 RESERVED CVE-2022-24838 RESERVED CVE-2022-24837 RESERVED CVE-2022-24836 RESERVED CVE-2022-24835 RESERVED CVE-2022-24834 RESERVED CVE-2022-24833 RESERVED CVE-2022-24832 RESERVED CVE-2022-24831 RESERVED CVE-2022-24830 RESERVED CVE-2022-24829 RESERVED CVE-2022-24828 RESERVED CVE-2022-24827 RESERVED CVE-2022-24826 RESERVED CVE-2022-24825 RESERVED CVE-2022-24824 RESERVED CVE-2022-24823 RESERVED CVE-2022-24822 RESERVED CVE-2022-24821 RESERVED CVE-2022-24820 RESERVED CVE-2022-24819 RESERVED CVE-2022-24818 RESERVED CVE-2022-24817 RESERVED CVE-2022-24816 RESERVED CVE-2022-24815 RESERVED CVE-2022-24814 RESERVED CVE-2022-24813 RESERVED CVE-2022-24812 RESERVED CVE-2022-24811 RESERVED CVE-2022-24810 RESERVED CVE-2022-24809 RESERVED CVE-2022-24808 RESERVED CVE-2022-24807 RESERVED CVE-2022-24806 RESERVED CVE-2022-24805 RESERVED CVE-2022-24804 RESERVED CVE-2022-24803 RESERVED CVE-2022-24802 RESERVED CVE-2022-24801 RESERVED CVE-2022-24800 RESERVED CVE-2022-24799 RESERVED CVE-2022-24798 RESERVED CVE-2022-24797 RESERVED CVE-2022-24796 RESERVED CVE-2022-24795 RESERVED CVE-2022-24794 RESERVED CVE-2022-24793 RESERVED CVE-2022-24792 RESERVED CVE-2022-24791 RESERVED CVE-2022-24790 RESERVED CVE-2022-24789 RESERVED CVE-2022-24788 RESERVED CVE-2022-24787 RESERVED CVE-2022-24786 RESERVED CVE-2022-24785 RESERVED CVE-2022-24784 RESERVED CVE-2022-24783 RESERVED CVE-2022-24782 RESERVED CVE-2022-24781 RESERVED CVE-2022-24780 RESERVED CVE-2022-24779 RESERVED CVE-2022-24778 RESERVED CVE-2022-24777 RESERVED CVE-2022-24776 RESERVED CVE-2022-24775 RESERVED CVE-2022-24774 RESERVED CVE-2022-24773 RESERVED CVE-2022-24772 RESERVED CVE-2022-24771 RESERVED CVE-2022-24770 RESERVED CVE-2022-24769 RESERVED CVE-2022-24768 RESERVED CVE-2022-24767 RESERVED CVE-2022-24766 RESERVED CVE-2022-24765 RESERVED CVE-2022-24764 RESERVED CVE-2022-24763 RESERVED CVE-2022-24762 RESERVED CVE-2022-24761 RESERVED CVE-2022-24760 RESERVED CVE-2022-24759 RESERVED CVE-2022-24758 RESERVED CVE-2022-24757 RESERVED CVE-2022-24756 RESERVED CVE-2022-24755 RESERVED CVE-2022-24754 RESERVED CVE-2022-24753 RESERVED CVE-2022-24752 RESERVED CVE-2022-24751 RESERVED CVE-2022-24750 RESERVED CVE-2022-24749 RESERVED CVE-2022-24748 RESERVED CVE-2022-24747 RESERVED CVE-2022-24746 RESERVED CVE-2022-24745 RESERVED CVE-2022-24744 RESERVED CVE-2022-24743 RESERVED CVE-2022-24742 RESERVED CVE-2022-24741 RESERVED CVE-2022-24740 RESERVED CVE-2022-24739 RESERVED CVE-2022-24738 RESERVED CVE-2022-24737 RESERVED CVE-2022-24736 RESERVED CVE-2022-24735 RESERVED CVE-2022-24734 RESERVED CVE-2022-24733 RESERVED CVE-2022-24732 RESERVED CVE-2022-24731 RESERVED CVE-2022-24730 RESERVED CVE-2022-24729 RESERVED CVE-2022-24728 RESERVED CVE-2022-24727 RESERVED CVE-2022-24726 RESERVED CVE-2022-24725 RESERVED CVE-2022-24724 RESERVED CVE-2022-24723 RESERVED CVE-2022-24722 RESERVED CVE-2022-24721 RESERVED CVE-2022-24720 RESERVED CVE-2022-24719 RESERVED CVE-2022-24718 RESERVED CVE-2022-24717 RESERVED CVE-2022-24716 RESERVED CVE-2022-24715 RESERVED CVE-2022-24714 RESERVED CVE-2022-24713 RESERVED CVE-2022-24712 RESERVED CVE-2022-24711 RESERVED CVE-2022-24710 RESERVED CVE-2022-24709 RESERVED CVE-2022-24708 RESERVED CVE-2022-24707 RESERVED CVE-2022-24706 RESERVED CVE-2022-24705 (The rad_packet_recv function in radius/packet.c suffers from a memcpy ...) NOT-FOR-US: ACCEL-PPP CVE-2022-24704 (The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suf ...) NOT-FOR-US: ACCEL-PPP CVE-2022-23922 RESERVED CVE-2022-23104 RESERVED CVE-2022-0563 [partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline] RESERVED - util-linux (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151 NOTE: https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u NOTE: https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 NOTE: util-linux in Debian does build with readline support but chfn and chsh are provided NOTE: by src:shadow and util-linux is configured with --disable-chfn-chsh CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within ...) - tiff 4.3.0-4 [bullseye] - tiff (Minor issue) [buster] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within ...) - tiff 4.3.0-4 [bullseye] - tiff (Minor issue) [buster] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...) NOT-FOR-US: microweber CVE-2022-0559 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. ...) - radare2 NOTE: https://huntr.dev/bounties/aa80adb7-e900-44a5-ad05-91f3ccdfc81e NOTE: https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3cc94a362807f5e CVE-2022-0558 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) NOT-FOR-US: microweber CVE-2022-0557 (OS Command Injection in Packagist microweber/microweber prior to 1.2.1 ...) NOT-FOR-US: microweber CVE-2022-24703 RESERVED CVE-2022-24702 RESERVED CVE-2022-24701 RESERVED CVE-2022-24700 RESERVED CVE-2022-0556 RESERVED CVE-2022-0555 RESERVED CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71/ NOTE: https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8 (v8.2.4327) CVE-2022-0553 RESERVED CVE-2022-0552 RESERVED CVE-2022-24699 RESERVED CVE-2022-24698 RESERVED CVE-2022-24697 RESERVED CVE-2022-0551 RESERVED CVE-2022-0550 RESERVED CVE-2022-0549 RESERVED CVE-2022-0548 RESERVED CVE-2022-24696 RESERVED CVE-2022-24695 RESERVED CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before ...) - mahara CVE-2022-24693 RESERVED CVE-2022-24692 RESERVED CVE-2022-24691 RESERVED CVE-2022-24690 RESERVED CVE-2022-24689 RESERVED CVE-2022-24688 RESERVED CVE-2022-24687 RESERVED CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...) - nomad NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559 CVE-2022-24685 RESERVED CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.1 ...) - nomad NOTE: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562 CVE-2022-24683 RESERVED CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...) NOT-FOR-US: Zimbra CVE-2022-24681 RESERVED CVE-2022-24680 RESERVED CVE-2022-24679 RESERVED CVE-2022-24678 RESERVED CVE-2022-24677 (Admin.php in HYBBS2 through 2.3.2 allows remote code execution because ...) NOT-FOR-US: HYBBS2 CVE-2022-24676 (update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file ...) NOT-FOR-US: HYBBS2 CVE-2022-24675 RESERVED CVE-2022-24674 RESERVED CVE-2022-24673 RESERVED CVE-2022-24672 RESERVED CVE-2022-24383 RESERVED CVE-2022-21228 RESERVED CVE-2022-21214 RESERVED CVE-2022-21202 RESERVED CVE-2022-21168 RESERVED CVE-2022-24671 RESERVED CVE-2022-24670 RESERVED CVE-2022-24669 RESERVED CVE-2022-0547 RESERVED CVE-2022-0546 RESERVED CVE-2022-0545 RESERVED CVE-2022-0544 RESERVED CVE-2022-0543 RESERVED - redis (bug #1005787) CVE-2022-0542 RESERVED CVE-2022-0541 RESERVED CVE-2022-0540 RESERVED CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_c ...) NOT-FOR-US: beanstalk_console CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...) - jenkins CVE-2022-0537 RESERVED CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM foll ...) - node-follow-redirects 1.14.8+~1.14.0-1 [bullseye] - node-follow-redirects (Minor issue) [buster] - node-follow-redirects (Minor issue) NOTE: https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db/ NOTE: https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445 (v1.14.8) CVE-2022-0535 RESERVED CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the stack ou ...) - htmldoc 1.9.15-1 NOTE: https://github.com/michaelrsweet/htmldoc/issues/463 NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50 (v1.9.15) NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9 (v1.9.15) CVE-2022-0533 RESERVED CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18 ...) NOT-FOR-US: cri-o CVE-2022-0531 RESERVED CVE-2022-0530 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...) - unzip NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051395 TODO: clarify details CVE-2022-0529 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...) - unzip NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051402 TODO: clarify details CVE-2022-24668 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) NOT-FOR-US: swift-nio-http2 CVE-2022-24667 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) NOT-FOR-US: swift-nio-http2 CVE-2022-24666 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) NOT-FOR-US: swift-nio-http2 CVE-2022-0528 RESERVED CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...) NOT-FOR-US: chatwoot CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...) NOT-FOR-US: chatwoot CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...) - mruby (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9 NOTE: https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7 CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify prior to 9. ...) NOT-FOR-US: Publify CVE-2022-0523 (Expired Pointer Dereference in GitHub repository radareorg/radare2 pri ...) - radare2 NOTE: https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69 NOTE: https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269 CVE-2022-0522 (Access of Memory Location Before Start of Buffer in NPM radare2.js pri ...) TODO: check CVE-2022-0521 (Access of Memory Location After End of Buffer in GitHub repository rad ...) - radare2 NOTE: https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca NOTE: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5 CVE-2022-0520 (Use After Free in NPM radare2.js prior to 5.6.2. ...) TODO: check CVE-2022-0519 (Buffer Access with Incorrect Length Value in GitHub repository radareo ...) - radare2 NOTE: https://huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3 NOTE: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5 CVE-2022-0518 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) - radare2 NOTE: https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184 NOTE: https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa CVE-2022-0517 RESERVED CVE-2022-0516 [KVM: s390: Return error on SIDA memop on normal guest] RESERVED - linux [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/2c212e1baedcd782b2535a3f86bc491977677c0e NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/2 CVE-2022-24665 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...) NOT-FOR-US: PHP Everywhere CVE-2022-24664 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...) NOT-FOR-US: PHP Everywhere CVE-2022-24663 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...) NOT-FOR-US: PHP Everywhere CVE-2022-24662 RESERVED CVE-2022-24661 RESERVED CVE-2022-24660 RESERVED CVE-2022-24659 RESERVED CVE-2022-24658 RESERVED CVE-2022-24657 RESERVED CVE-2022-24656 RESERVED CVE-2022-24655 RESERVED CVE-2022-24654 RESERVED CVE-2022-24653 RESERVED CVE-2022-24652 RESERVED CVE-2022-24651 RESERVED CVE-2022-24650 RESERVED CVE-2022-24649 RESERVED CVE-2022-24648 RESERVED CVE-2022-24647 (Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vu ...) NOT-FOR-US: Cuppa CMS CVE-2022-24646 (Hospital Management System v4.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Hospital Management System CVE-2022-24645 RESERVED CVE-2022-24644 RESERVED CVE-2022-24643 RESERVED CVE-2022-24642 RESERVED CVE-2022-24641 RESERVED CVE-2022-24640 RESERVED CVE-2022-24639 RESERVED CVE-2022-24638 RESERVED CVE-2022-24637 RESERVED CVE-2022-24636 RESERVED CVE-2022-24635 RESERVED CVE-2022-24634 RESERVED CVE-2022-24633 RESERVED CVE-2022-24632 RESERVED CVE-2022-24631 RESERVED CVE-2022-24630 RESERVED CVE-2022-24629 RESERVED CVE-2022-24628 RESERVED CVE-2022-24627 RESERVED CVE-2022-24626 RESERVED CVE-2022-24625 RESERVED CVE-2022-24624 RESERVED CVE-2022-24623 RESERVED CVE-2022-24622 RESERVED CVE-2022-24621 RESERVED CVE-2022-24620 RESERVED CVE-2022-24619 RESERVED CVE-2022-24618 RESERVED CVE-2022-24617 RESERVED CVE-2022-24616 RESERVED CVE-2022-24615 RESERVED CVE-2022-24614 RESERVED CVE-2022-24613 RESERVED CVE-2022-24612 RESERVED CVE-2022-24611 RESERVED CVE-2022-24610 RESERVED CVE-2022-24609 RESERVED CVE-2022-24608 RESERVED CVE-2022-24607 RESERVED CVE-2022-24606 RESERVED CVE-2022-24605 RESERVED CVE-2022-24604 RESERVED CVE-2022-24603 RESERVED CVE-2022-24602 RESERVED CVE-2022-24601 RESERVED CVE-2022-24600 RESERVED CVE-2022-24599 RESERVED CVE-2022-24598 RESERVED CVE-2022-24597 RESERVED CVE-2022-24596 RESERVED CVE-2022-24595 RESERVED CVE-2022-24594 RESERVED CVE-2022-24593 RESERVED CVE-2022-24592 RESERVED CVE-2022-24591 RESERVED CVE-2022-24590 (A stored cross-site scripting (XSS) vulnerability in the Add Link func ...) NOT-FOR-US: BackdropCMS CVE-2022-24589 (Burden v3.0 was discovered to contain a stored cross-site scripting (X ...) NOT-FOR-US: Burden CVE-2022-24588 (Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: Flatpress CVE-2022-24587 (A stored cross-site scripting (XSS) vulnerability in the component cor ...) - pluxml NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24587/CVE-2022-24587.pdf TODO: check if reported upstream CVE-2022-24586 (A stored cross-site scripting (XSS) vulnerability in the component /co ...) - pluxml NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24586/CVE-2022-24586.pdf TODO: check if reported upstream CVE-2022-24585 (A stored cross-site scripting (XSS) vulnerability in the component /co ...) - pluxml NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf TODO: check if reported upstream CVE-2022-24584 RESERVED CVE-2022-24583 RESERVED CVE-2022-24582 RESERVED CVE-2022-24581 RESERVED CVE-2022-24580 RESERVED CVE-2022-24579 RESERVED CVE-2022-24578 RESERVED CVE-2022-24577 RESERVED CVE-2022-24576 RESERVED CVE-2022-24575 RESERVED CVE-2022-24574 RESERVED CVE-2022-24573 RESERVED CVE-2022-24572 RESERVED CVE-2022-24571 RESERVED CVE-2022-24570 RESERVED CVE-2022-24569 RESERVED CVE-2022-24568 (Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Reque ...) NOT-FOR-US: Novel-plus CVE-2022-24567 RESERVED CVE-2022-24566 RESERVED CVE-2022-24565 RESERVED CVE-2022-24564 RESERVED CVE-2022-24563 RESERVED CVE-2022-24562 RESERVED CVE-2022-24561 RESERVED CVE-2022-24560 RESERVED CVE-2022-24559 RESERVED CVE-2022-24558 RESERVED CVE-2022-24557 RESERVED CVE-2022-24556 RESERVED CVE-2022-24555 RESERVED CVE-2022-24554 RESERVED CVE-2022-24553 RESERVED CVE-2022-24552 (StarWind SAN and NAS before 0.2 build 1685 allows remote code executio ...) NOT-FOR-US: StarWind CVE-2022-24551 (StarWind SAN and NAS before 0.2 build 1685 allows users to reset other ...) NOT-FOR-US: StarWind CVE-2022-24550 RESERVED CVE-2022-24549 RESERVED CVE-2022-24548 RESERVED CVE-2022-24547 RESERVED CVE-2022-24546 RESERVED CVE-2022-24545 RESERVED CVE-2022-24544 RESERVED CVE-2022-24543 RESERVED CVE-2022-24542 RESERVED CVE-2022-24541 RESERVED CVE-2022-24540 RESERVED CVE-2022-24539 RESERVED CVE-2022-24538 RESERVED CVE-2022-24537 RESERVED CVE-2022-24536 RESERVED CVE-2022-24535 RESERVED CVE-2022-24534 RESERVED CVE-2022-24533 RESERVED CVE-2022-24532 RESERVED CVE-2022-24531 RESERVED CVE-2022-24530 RESERVED CVE-2022-24529 RESERVED CVE-2022-24528 RESERVED CVE-2022-24527 RESERVED CVE-2022-24526 RESERVED CVE-2022-24525 RESERVED CVE-2022-24524 RESERVED CVE-2022-24523 RESERVED CVE-2022-24522 RESERVED CVE-2022-24521 RESERVED CVE-2022-24520 RESERVED CVE-2022-24519 RESERVED CVE-2022-24518 RESERVED CVE-2022-24517 RESERVED CVE-2022-24516 RESERVED CVE-2022-24515 RESERVED CVE-2022-24514 RESERVED CVE-2022-24513 RESERVED CVE-2022-24512 RESERVED CVE-2022-24511 RESERVED CVE-2022-24510 RESERVED CVE-2022-24509 RESERVED CVE-2022-24508 RESERVED CVE-2022-24507 RESERVED CVE-2022-24506 RESERVED CVE-2022-24505 RESERVED CVE-2022-24504 RESERVED CVE-2022-24503 RESERVED CVE-2022-24502 RESERVED CVE-2022-24501 RESERVED CVE-2022-24500 RESERVED CVE-2022-24499 RESERVED CVE-2022-24498 RESERVED CVE-2022-24497 RESERVED CVE-2022-24496 RESERVED CVE-2022-24495 RESERVED CVE-2022-24494 RESERVED CVE-2022-24493 RESERVED CVE-2022-24492 RESERVED CVE-2022-24491 RESERVED CVE-2022-24490 RESERVED CVE-2022-24489 RESERVED CVE-2022-24488 RESERVED CVE-2022-24487 RESERVED CVE-2022-24486 RESERVED CVE-2022-24485 RESERVED CVE-2022-24484 RESERVED CVE-2022-24483 RESERVED CVE-2022-24482 RESERVED CVE-2022-24481 RESERVED CVE-2022-24480 RESERVED CVE-2022-24479 RESERVED CVE-2022-24478 RESERVED CVE-2022-24477 RESERVED CVE-2022-24476 RESERVED CVE-2022-24475 RESERVED CVE-2022-24474 RESERVED CVE-2022-24473 RESERVED CVE-2022-24472 RESERVED CVE-2022-24471 RESERVED CVE-2022-24470 RESERVED CVE-2022-24469 RESERVED CVE-2022-24468 RESERVED CVE-2022-24467 RESERVED CVE-2022-24466 RESERVED CVE-2022-24465 RESERVED CVE-2022-24464 RESERVED CVE-2022-24463 RESERVED CVE-2022-24462 RESERVED CVE-2022-24461 RESERVED CVE-2022-24460 RESERVED CVE-2022-24459 RESERVED CVE-2022-24458 RESERVED CVE-2022-24457 RESERVED CVE-2022-24456 RESERVED CVE-2022-24455 RESERVED CVE-2022-24454 RESERVED CVE-2022-24453 RESERVED CVE-2022-24452 RESERVED CVE-2022-24451 RESERVED CVE-2022-24450 (NATS nats-server before 2.7.2 has Incorrect Access Control. Any authen ...) NOT-FOR-US: nats-server CVE-2022-24449 RESERVED CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.1 ...) - linux 5.16.7-1 NOTE: Fixed by: https://git.kernel.org/linus/ac795161c93699d600db16c1a8cc23a65a1eceaf (5.17-rc2) CVE-2022-24447 RESERVED CVE-2022-24446 RESERVED CVE-2022-24445 RESERVED CVE-2022-24444 RESERVED CVE-2022-24443 RESERVED CVE-2022-24442 RESERVED CVE-2022-24428 RESERVED CVE-2022-24427 RESERVED CVE-2022-24426 RESERVED CVE-2022-24425 RESERVED CVE-2022-24424 RESERVED CVE-2022-24423 RESERVED CVE-2022-24422 RESERVED CVE-2022-24421 RESERVED CVE-2022-24420 RESERVED CVE-2022-24419 RESERVED CVE-2022-24418 RESERVED CVE-2022-24417 RESERVED CVE-2022-24416 RESERVED CVE-2022-24415 RESERVED CVE-2022-24414 RESERVED CVE-2022-24413 RESERVED CVE-2022-24412 RESERVED CVE-2022-24411 RESERVED CVE-2022-24410 RESERVED CVE-2022-24409 RESERVED CVE-2022-24380 RESERVED CVE-2022-22147 RESERVED CVE-2022-21130 RESERVED CVE-2022-0515 RESERVED CVE-2022-0514 RESERVED CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) NOT-FOR-US: WordPress plugin CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) TODO: check CVE-2022-0511 RESERVED - firefox 97.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-0511 CVE-2022-0510 (Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore pr ...) NOT-FOR-US: pimcore CVE-2022-0509 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) NOT-FOR-US: pimcore CVE-2022-0508 (Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/pee ...) - peertube (bug #950821) CVE-2022-0507 RESERVED CVE-2022-0506 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) NOT-FOR-US: microweber CVE-2022-0505 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...) NOT-FOR-US: microweber CVE-2022-0504 (Generation of Error Message Containing Sensitive Information in Packag ...) NOT-FOR-US: microweber CVE-2022-0503 RESERVED CVE-2022-0502 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-24408 RESERVED CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstal ...) NOT-FOR-US: beanstalk_console CVE-2022-0500 RESERVED CVE-2022-0499 RESERVED CVE-2022-0498 REJECTED CVE-2022-0497 RESERVED - openscad 2021.01-4 (unimportant; bug #1005641) NOTE: https://github.com/openscad/openscad/issues/4043 NOTE: Crash in CLI tool, no security impact CVE-2022-0496 RESERVED - openscad 2021.01-4 (unimportant; bug #1005641) NOTE: https://github.com/openscad/openscad/issues/4037 NOTE: Crash in CLI tool, no security impact CVE-2022-0495 RESERVED CVE-2022-0494 RESERVED CVE-2022-0493 RESERVED CVE-2022-24407 RESERVED CVE-2022-24406 RESERVED CVE-2022-24405 RESERVED CVE-2022-24404 RESERVED CVE-2022-24403 RESERVED CVE-2022-24402 RESERVED CVE-2022-24401 RESERVED CVE-2022-24400 RESERVED CVE-2022-24382 RESERVED CVE-2022-24379 RESERVED CVE-2022-24297 RESERVED CVE-2022-23917 RESERVED CVE-2022-23914 RESERVED CVE-2022-22730 RESERVED CVE-2022-21807 RESERVED CVE-2022-21795 RESERVED CVE-2022-21233 RESERVED CVE-2022-21128 RESERVED CVE-2022-0492 [cgroup-v1: Require capabilities to set release_agent] RESERVED - linux 5.16.7-1 NOTE: https://www.openwall.com/lists/oss-security/2022/02/04/1 NOTE: https://git.kernel.org/linus/24f6008564183aa120d07c03d9289519c2fe02af CVE-2022-0491 RESERVED CVE-2022-0490 RESERVED CVE-2022-0489 RESERVED CVE-2022-0488 RESERVED CVE-2022-24399 RESERVED CVE-2022-24398 RESERVED CVE-2022-24397 RESERVED CVE-2022-24396 RESERVED CVE-2022-24395 RESERVED CVE-2022-24394 RESERVED CVE-2022-24393 RESERVED CVE-2022-24392 RESERVED CVE-2022-24391 RESERVED CVE-2022-24390 RESERVED CVE-2022-24389 RESERVED CVE-2022-24388 RESERVED CVE-2022-24387 RESERVED CVE-2022-24386 RESERVED CVE-2022-24385 RESERVED CVE-2022-24384 RESERVED CVE-2022-21241 (Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a rem ...) NOT-FOR-US: CSV+ CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in ...) - linux (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1194516 NOTE: https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/ NOTE: https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4) NOTE: CONFIG_MMC_MOXART is not set in Debian. CVE-2022-0486 RESERVED CVE-2022-0485 [nbdcopy: missing error handling may create corrupted destination image] RESERVED - libnbd 1.10.5-1 (bug #1005307) [bullseye] - libnbd (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2050324 NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb (v1.11.8) NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/9219d2e70c770d8efb98d6e8eaf68e8e354631e3 (v1.10.4) NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/6c8f2f859926b82094fb5e85c446ea099700fa10 (v1.6.6) NOTE: https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html CVE-2022-0484 (Lack of validation of URLs causes Mirantis Container Cloud Lens Extens ...) NOT-FOR-US: Mirantis Container Cloud Lens CVE-2022-0483 (Local privilege escalation due to insecure folder permissions. The fol ...) NOT-FOR-US: Acronis VSS Doctor CVE-2022-0482 RESERVED CVE-2022-24372 RESERVED CVE-2022-24371 RESERVED CVE-2022-24370 RESERVED CVE-2022-24369 RESERVED CVE-2022-24368 RESERVED CVE-2022-24367 RESERVED CVE-2022-24366 RESERVED CVE-2022-24365 RESERVED CVE-2022-24364 RESERVED CVE-2022-24363 RESERVED CVE-2022-24362 RESERVED CVE-2022-24361 RESERVED CVE-2022-24360 RESERVED CVE-2022-24359 RESERVED CVE-2022-24358 RESERVED CVE-2022-24357 RESERVED CVE-2022-24356 RESERVED CVE-2022-24355 RESERVED CVE-2022-24354 RESERVED CVE-2022-24353 RESERVED CVE-2022-24352 RESERVED CVE-2022-24351 RESERVED CVE-2022-24350 RESERVED CVE-2022-24349 RESERVED CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal ...) NOT-FOR-US: Argo CD CVE-2022-24347 RESERVED CVE-2022-24346 RESERVED CVE-2022-24345 RESERVED CVE-2022-24344 RESERVED CVE-2022-24343 RESERVED CVE-2022-24342 RESERVED CVE-2022-24341 RESERVED CVE-2022-24340 RESERVED CVE-2022-24339 RESERVED CVE-2022-24338 RESERVED CVE-2022-24337 RESERVED CVE-2022-24336 RESERVED CVE-2022-24335 RESERVED CVE-2022-24334 RESERVED CVE-2022-24333 RESERVED CVE-2022-24332 RESERVED CVE-2022-24331 RESERVED CVE-2022-24330 RESERVED CVE-2022-24329 RESERVED CVE-2022-24328 RESERVED CVE-2022-24327 RESERVED CVE-2022-24326 RESERVED CVE-2022-24325 RESERVED CVE-2022-23402 RESERVED CVE-2022-23401 RESERVED CVE-2022-22729 RESERVED CVE-2022-22151 RESERVED CVE-2022-22148 RESERVED CVE-2022-22145 RESERVED CVE-2022-22141 RESERVED CVE-2022-21808 RESERVED CVE-2022-21194 RESERVED CVE-2022-21177 RESERVED CVE-2022-0481 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...) - mruby [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) [stretch] - mruby (Minor issue) NOTE: https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027 NOTE: https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e TODO: check, possibly only introduced with dccd66f9efecd0a974b735c62836fe566015cf37 in 3.1.0-rc CVE-2022-24324 RESERVED CVE-2022-24323 RESERVED CVE-2022-24322 RESERVED CVE-2022-24321 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Schneider Electric CVE-2022-24320 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...) NOT-FOR-US: Schneider Electric CVE-2022-24319 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...) NOT-FOR-US: Schneider Electric CVE-2022-24318 (A CWE-326: Inadequate Encryption Strength vulnerability exists that co ...) NOT-FOR-US: Schneider Electric CVE-2022-24317 (A CWE-862: Missing Authorization vulnerability exists that could cause ...) NOT-FOR-US: Schneider Electric CVE-2022-24316 (A CWE-665: Improper Initialization vulnerability exists that could cau ...) NOT-FOR-US: Schneider Electric CVE-2022-24315 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause de ...) NOT-FOR-US: Schneider Electric CVE-2022-24314 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause me ...) NOT-FOR-US: Schneider Electric CVE-2022-24313 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider Electric CVE-2022-24312 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider Electric CVE-2022-24311 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider Electric CVE-2022-24310 (A CWE-190: Integer Overflow or Wraparound vulnerability exists that co ...) NOT-FOR-US: Schneider Electric CVE-2022-24309 RESERVED CVE-2022-0480 RESERVED - linux 5.15.3-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2049700 NOTE: https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1) CVE-2022-0479 RESERVED CVE-2022-0478 RESERVED CVE-2022-0477 RESERVED CVE-2022-0476 RESERVED CVE-2022-0475 RESERVED CVE-2022-0474 (Full list of recipients from customer users in a contact field could b ...) NOT-FOR-US: OTRS NOTE: Only affects 8.x, so won't affect znuny fork packaged in Debian CVE-2022-0473 (OTRS administrators can configure dynamic field and inject malicious J ...) TODO: check CVE-2022-24308 RESERVED CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access cont ...) NOT-FOR-US: Mastodon CVE-2022-24306 RESERVED CVE-2022-24305 RESERVED CVE-2022-24304 RESERVED CVE-2022-24303 RESERVED - pillow [bullseye] - pillow (Minor issue) [buster] - pillow (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052682 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security NOTE: https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26 (9.0.1) CVE-2022-24302 RESERVED CVE-2022-24296 RESERVED CVE-2022-24295 RESERVED CVE-2022-22986 RESERVED CVE-2022-0472 (Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/ ...) TODO: check CVE-2022-0471 RESERVED CVE-2022-24294 RESERVED CVE-2022-24293 RESERVED CVE-2022-24292 RESERVED CVE-2022-24291 RESERVED CVE-2022-24290 RESERVED CVE-2022-24289 (Hessian serialization is a network protocol that supports object-based ...) NOT-FOR-US: Apache Cayenne CVE-2022-24288 RESERVED CVE-2022-24287 RESERVED CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R ...) NOT-FOR-US: ELECOM CVE-2022-21173 (Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 f ...) NOT-FOR-US: ELECOM CVE-2022-0470 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0469 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0468 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0467 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0466 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0465 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0464 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0463 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0462 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0461 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0460 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0459 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0458 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0457 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0456 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0455 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0454 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0453 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0452 RESERVED {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0451 RESERVED CVE-2022-0450 RESERVED CVE-2022-0449 RESERVED CVE-2022-0448 RESERVED CVE-2022-0447 RESERVED CVE-2022-0446 RESERVED CVE-2022-0445 RESERVED CVE-2022-0444 RESERVED CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51 NOTE: https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461 (v8.2.4281) CVE-2022-0442 RESERVED CVE-2022-0441 RESERVED CVE-2022-0440 RESERVED CVE-2022-0439 RESERVED CVE-2022-0438 RESERVED CVE-2022-24286 RESERVED CVE-2022-24285 RESERVED CVE-2022-24284 RESERVED CVE-2022-24283 RESERVED CVE-2022-0437 (Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14. ...) NOT-FOR-US: Node karma CVE-2022-0436 RESERVED CVE-2022-24282 RESERVED CVE-2022-24281 RESERVED CVE-2022-24280 RESERVED CVE-2022-24277 RESERVED CVE-2022-24276 RESERVED CVE-2022-24275 RESERVED CVE-2022-24274 RESERVED CVE-2022-24273 RESERVED CVE-2022-24272 RESERVED CVE-2022-23400 RESERVED CVE-2022-0435 RESERVED - linux NOTE: https://www.openwall.com/lists/oss-security/2022/02/10/1 NOTE: Fixed by: https://git.kernel.org/linus/9aa422ad326634b76309e8ff342c246800621216 CVE-2022-0434 RESERVED CVE-2022-0433 [missing initialization in bloom filter map in kernel/bpf/bloom_filter.c can lead to DoS] RESERVED - linux (Vulnerable code newer in a supported Debian release; only affected experimental) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048259 NOTE: Fixed by: https://git.kernel.org/linus/3ccdcee28415c4226de05438b4d89eb5514edf73 (5.17-rc1) CVE-2022-0432 (Prototype Pollution in GitHub repository mastodon/mastodon prior to 3. ...) NOT-FOR-US: Mastodon CVE-2022-0431 RESERVED CVE-2022-0430 RESERVED CVE-2022-0429 RESERVED CVE-2022-0428 RESERVED CVE-2022-0427 RESERVED CVE-2022-0426 RESERVED CVE-2022-0425 RESERVED CVE-2022-0424 RESERVED CVE-2022-0423 RESERVED CVE-2022-0422 RESERVED CVE-2022-0421 RESERVED CVE-2022-0420 RESERVED CVE-2022-24271 RESERVED CVE-2022-24270 RESERVED CVE-2022-24269 RESERVED CVE-2022-24268 RESERVED CVE-2022-24267 RESERVED CVE-2022-24266 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Cuppa CMS CVE-2022-24265 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Cuppa CMS CVE-2022-24264 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Cuppa CMS CVE-2022-24263 (Hospital Management System v4.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Hospital Management System CVE-2022-24262 (The config restore function of Voipmonitor GUI before v24.96 does not ...) NOT-FOR-US: Voipmonitor CVE-2022-24261 RESERVED CVE-2022-24260 (A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows ...) NOT-FOR-US: Voipmonitor CVE-2022-24259 (An incorrect check in the component cdr.php of Voipmonitor GUI before ...) NOT-FOR-US: Voipmonitor CVE-2022-24258 RESERVED CVE-2022-24257 RESERVED CVE-2022-24256 RESERVED CVE-2022-24255 RESERVED CVE-2022-24254 RESERVED CVE-2022-24253 RESERVED CVE-2022-24252 RESERVED CVE-2022-24251 RESERVED CVE-2022-24250 RESERVED CVE-2022-24249 (A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the ...) - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/2081 NOTE: https://github.com/gpac/gpac/commit/71f9871fc210e60df041b58c84572782b4849de9 CVE-2022-24248 RESERVED CVE-2022-24247 RESERVED CVE-2022-24246 RESERVED CVE-2022-24245 RESERVED CVE-2022-24244 RESERVED CVE-2022-24243 RESERVED CVE-2022-24242 RESERVED CVE-2022-24241 RESERVED CVE-2022-24240 RESERVED CVE-2022-24239 RESERVED CVE-2022-24238 RESERVED CVE-2022-24237 RESERVED CVE-2022-24236 RESERVED CVE-2022-24235 RESERVED CVE-2022-24234 RESERVED CVE-2022-24233 RESERVED CVE-2022-24232 RESERVED CVE-2022-24231 RESERVED CVE-2022-24230 RESERVED CVE-2022-24229 RESERVED CVE-2022-24228 RESERVED CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows at ...) NOT-FOR-US: BoltWire CVE-2022-24226 (Hospital Management System v4.0 was discovered to contain a blind SQL ...) NOT-FOR-US: Hospital Management System CVE-2022-24225 RESERVED CVE-2022-24224 RESERVED CVE-2022-24223 (AtomCMS v2.0 was discovered to contain a SQL injection vulnerability v ...) NOT-FOR-US: AtomCMS CVE-2022-24222 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: eliteCMS CVE-2022-24221 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: eliteCMS CVE-2022-24220 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: eliteCMS CVE-2022-24219 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: eliteCMS CVE-2022-24218 (An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers ...) NOT-FOR-US: eliteCMS CVE-2022-24217 RESERVED CVE-2022-24216 RESERVED CVE-2022-24215 RESERVED CVE-2022-24214 RESERVED CVE-2022-24213 RESERVED CVE-2022-24212 RESERVED CVE-2022-24211 RESERVED CVE-2022-24210 RESERVED CVE-2022-24209 RESERVED CVE-2022-24208 RESERVED CVE-2022-24207 RESERVED CVE-2022-24206 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Tongda2000 CVE-2022-24205 RESERVED CVE-2022-24204 RESERVED CVE-2022-24203 RESERVED CVE-2022-24202 RESERVED CVE-2022-24201 RESERVED CVE-2022-24200 RESERVED CVE-2022-24199 RESERVED CVE-2022-24198 (iText v7.1.17 was discovered to contain an out-of-bounds exception via ...) NOT-FOR-US: iText CVE-2022-24197 (iText v7.1.17 was discovered to contain a stack-based buffer overflow ...) NOT-FOR-US: iText CVE-2022-24196 (iText v7.1.17 was discovered to contain an out-of-memory error via the ...) NOT-FOR-US: iText CVE-2022-24195 RESERVED CVE-2022-24194 RESERVED CVE-2022-24193 RESERVED CVE-2022-24192 RESERVED CVE-2022-24191 RESERVED CVE-2022-24190 RESERVED CVE-2022-24189 RESERVED CVE-2022-24188 RESERVED CVE-2022-24187 RESERVED CVE-2022-24186 RESERVED CVE-2022-24185 RESERVED CVE-2022-24184 RESERVED CVE-2022-24183 RESERVED CVE-2022-24182 RESERVED CVE-2022-24181 RESERVED CVE-2022-24180 RESERVED CVE-2022-24179 RESERVED CVE-2022-24178 RESERVED CVE-2022-24177 RESERVED CVE-2022-24176 RESERVED CVE-2022-24175 RESERVED CVE-2022-24174 RESERVED CVE-2022-24173 RESERVED CVE-2022-24172 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24171 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24170 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24169 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24168 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24167 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24166 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24165 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24164 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24163 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24162 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24161 (Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in ...) NOT-FOR-US: Tenda routers CVE-2022-24160 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24159 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24158 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24157 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24156 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24155 (Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in ...) NOT-FOR-US: Tenda routers CVE-2022-24154 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24153 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24152 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24151 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24150 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...) NOT-FOR-US: Tenda routers CVE-2022-24149 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24148 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...) NOT-FOR-US: Tenda routers CVE-2022-24147 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24146 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24145 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24144 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...) NOT-FOR-US: Tenda routers CVE-2022-24143 (Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to con ...) NOT-FOR-US: Tenda routers CVE-2022-24142 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24141 RESERVED CVE-2022-24140 RESERVED CVE-2022-24139 RESERVED CVE-2022-24138 RESERVED CVE-2022-24137 RESERVED CVE-2022-24136 RESERVED CVE-2022-24135 RESERVED CVE-2022-24134 RESERVED CVE-2022-24133 RESERVED CVE-2022-24132 RESERVED CVE-2022-24131 RESERVED CVE-2022-21170 RESERVED CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...) - radare2 NOTE: https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa NOTE: https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6 (5.6.0) CVE-2022-0418 RESERVED CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/ NOTE: https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a (v8.2.4245) CVE-2022-0416 RESERVED CVE-2022-0415 RESERVED CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows attacke ...) {DLA-2913-1} - xterm 370-2 (bug #1004689) [bullseye] - xterm (Minor issue) [buster] - xterm (Minor issue) NOTE: https://twitter.com/nickblack/status/1487731459398025216 NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/2 NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/3 NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d CVE-2022-24129 (The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allow ...) NOT-FOR-US: Shibboleth identity provider OIDC OP plugin CVE-2022-24128 RESERVED CVE-2022-24127 RESERVED CVE-2022-24126 RESERVED CVE-2022-24125 RESERVED CVE-2022-24124 (The query API in Casdoor before 1.13.1 has a SQL injection vulnerabili ...) NOT-FOR-US: Casdoor CVE-2022-24123 (MarkText through 0.16.3 does not sanitize the input of a mermaid block ...) NOT-FOR-US: MarkText CVE-2022-24121 (SQL Injection vulnerability discovered in Unified Office Total Connect ...) NOT-FOR-US: Unified Office CVE-2022-0414 (Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. ...) - dolibarr CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38 NOTE: https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a (v8.2.4253) CVE-2022-0412 RESERVED CVE-2022-0411 RESERVED CVE-2022-0410 RESERVED CVE-2022-24122 (kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivil ...) - linux 5.15.15-2 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/01/29/1 NOTE: https://git.kernel.org/linus/f9d87929d451d3e649699d0f1d74f71f77ad38f5 CVE-2022-24120 RESERVED CVE-2022-24119 RESERVED CVE-2022-24118 RESERVED CVE-2022-24117 RESERVED CVE-2022-24116 RESERVED CVE-2022-24115 (Local privilege escalation due to unrestricted loading of unsigned lib ...) NOT-FOR-US: Acronis CVE-2022-24114 (Local privilege escalation due to race condition on application startu ...) NOT-FOR-US: Acronis CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned to ch ...) NOT-FOR-US: Acronis CVE-2022-0409 RESERVED CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d NOTE: https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31 (v8.2.4247) CVE-2022-0407 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c NOTE: https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e (v8.2.4219) CVE-2022-24112 (An attacker can abuse the batch-requests plugin to send requests to by ...) NOT-FOR-US: Apache APISIX CVE-2022-0406 RESERVED CVE-2022-0405 RESERVED CVE-2022-0404 RESERVED CVE-2022-0403 RESERVED CVE-2022-0402 RESERVED CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12. ...) NOT-FOR-US: Node w-zip CVE-2022-0400 [Out of bounds read in the smc protocol stack] RESERVED - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044575 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public) CVE-2022-0399 RESERVED CVE-2022-0398 RESERVED CVE-2022-0397 RESERVED CVE-2022-24111 (In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios cr ...) - mahara CVE-2022-24110 (Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' ...) NOT-FOR-US: Kiteworks managed file transfer CVE-2022-24109 RESERVED CVE-2022-24108 RESERVED CVE-2022-24107 RESERVED CVE-2022-24106 RESERVED CVE-2022-24105 RESERVED CVE-2022-24104 RESERVED CVE-2022-24103 RESERVED CVE-2022-24102 RESERVED CVE-2022-24101 RESERVED CVE-2022-24100 RESERVED CVE-2022-24099 RESERVED CVE-2022-24098 RESERVED CVE-2022-24097 RESERVED CVE-2022-24096 RESERVED CVE-2022-24095 RESERVED CVE-2022-24094 RESERVED CVE-2022-24093 RESERVED CVE-2022-24092 RESERVED CVE-2022-24091 RESERVED CVE-2022-24090 RESERVED CVE-2022-24089 RESERVED CVE-2022-24088 RESERVED CVE-2022-24087 RESERVED CVE-2022-24086 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...) NOT-FOR-US: Adobe CVE-2022-24085 RESERVED CVE-2022-24084 RESERVED CVE-2022-24083 RESERVED CVE-2022-24082 RESERVED CVE-2022-24081 RESERVED CVE-2022-24080 RESERVED CVE-2022-24079 RESERVED CVE-2022-24078 RESERVED CVE-2022-24077 RESERVED CVE-2022-24076 RESERVED CVE-2022-24075 RESERVED CVE-2022-24074 RESERVED CVE-2022-24073 RESERVED CVE-2022-24072 RESERVED CVE-2022-24071 (A Built-in extension in Whale browser before 3.12.129.46 allows attack ...) NOT-FOR-US: Whale browser CVE-2022-24070 RESERVED CVE-2022-0396 RESERVED CVE-2022-0395 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba NOTE: https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 (v8.2.4233) CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...) NOT-FOR-US: Insyde CVE-2022-24064 RESERVED CVE-2022-24063 RESERVED CVE-2022-24062 RESERVED CVE-2022-24061 RESERVED CVE-2022-24060 RESERVED CVE-2022-24059 RESERVED CVE-2022-24058 RESERVED CVE-2022-24057 RESERVED CVE-2022-24056 RESERVED CVE-2022-24055 RESERVED CVE-2022-24054 RESERVED CVE-2022-24053 RESERVED CVE-2022-24052 RESERVED - mariadb-10.6 - mariadb-10.5 - mariadb-10.3 NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/ CVE-2022-24051 RESERVED - mariadb-10.6 - mariadb-10.5 - mariadb-10.3 NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-318/ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/ CVE-2022-24050 RESERVED - mariadb-10.6 - mariadb-10.5 - mariadb-10.3 NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/ CVE-2022-24049 RESERVED CVE-2022-24048 RESERVED - mariadb-10.6 - mariadb-10.5 - mariadb-10.3 NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/ CVE-2022-24047 RESERVED CVE-2022-24046 RESERVED CVE-2022-24045 RESERVED CVE-2022-24044 RESERVED CVE-2022-24043 RESERVED CVE-2022-24042 RESERVED CVE-2022-24041 RESERVED CVE-2022-24040 RESERVED CVE-2022-24039 RESERVED CVE-2022-24038 RESERVED CVE-2022-24037 RESERVED CVE-2022-24036 RESERVED CVE-2022-23921 RESERVED CVE-2022-22987 (The affected product has a hardcoded private key available inside the ...) NOT-FOR-US: Advantech CVE-2022-21798 RESERVED CVE-2022-21154 RESERVED CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126 NOTE: https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a (v8.2.4218) CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse modul ...) - python3.9 3.9.7-1 [bullseye] - python3.9 (Minor issue) - python3.7 [buster] - python3.7 (Minor issue) - python3.5 [stretch] - python3.5 (Minor issue; regressions reports) - python3.4 NOTE: https://bugs.python.org/issue43882 NOTE: Fixed by: https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 (v3.10.0b1) NOTE: Followup for 3.10.x: https://github.com/python/cpython/commit/24f1d1a8a2c4aa58a606b4b6d5fa4305a3b91705 (v3.10.0b2) NOTE: Fixed by: https://github.com/python/cpython/commit/491fde0161d5e527eeff8586dd3972d7d3a631a7 (v3.9.5) NOTE: Followup for 3.9.x: https://github.com/python/cpython/commit/8a595744e696a0fb92dccc5d4e45da41571270a1 (v3.9.6) NOTE: Fixed by: https://github.com/python/cpython/commit/515a7bc4e13645d0945b46a8e1d9102b918cd407 (v3.8.11) NOTE: Fixed by: https://github.com/python/cpython/commit/f4dac7ec55477a6c5d965e594e74bd6bda786903 (v3.7.11) NOTE: Fixed by: https://github.com/python/cpython/commit/6c472d3a1d334d4eeb4a25eba7bf3b01611bf667 (v3.6.14) CVE-2022-0390 RESERVED CVE-2022-0389 RESERVED CVE-2022-0388 RESERVED CVE-2022-24035 RESERVED CVE-2022-24034 RESERVED CVE-2022-24033 RESERVED CVE-2022-24032 (Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enu ...) NOT-FOR-US: Adenza AxiomSL ControllerView CVE-2022-24031 (An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kern ...) NOT-FOR-US: Insyde CVE-2022-24030 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...) NOT-FOR-US: Insyde CVE-2022-24029 RESERVED CVE-2022-24028 RESERVED CVE-2022-24027 RESERVED CVE-2022-24026 RESERVED CVE-2022-24025 RESERVED CVE-2022-24024 RESERVED CVE-2022-24023 RESERVED CVE-2022-24022 RESERVED CVE-2022-24021 RESERVED CVE-2022-24020 RESERVED CVE-2022-24019 RESERVED CVE-2022-24018 RESERVED CVE-2022-24017 RESERVED CVE-2022-24016 RESERVED CVE-2022-24015 RESERVED CVE-2022-24014 RESERVED CVE-2022-24013 RESERVED CVE-2022-24012 RESERVED CVE-2022-24011 RESERVED CVE-2022-24010 RESERVED CVE-2022-24009 RESERVED CVE-2022-24008 RESERVED CVE-2022-24007 RESERVED CVE-2022-24006 RESERVED CVE-2022-24005 RESERVED CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0386 RESERVED CVE-2022-0385 RESERVED CVE-2022-0384 RESERVED CVE-2022-24004 RESERVED CVE-2022-24003 (Exposure of Sensitive Information vulnerability in Bixby Vision prior ...) NOT-FOR-US: Samsung CVE-2022-24002 (Improper Authorization vulnerability in Link Sharing prior to version ...) NOT-FOR-US: Samsung CVE-2022-24001 (Information disclosure vulnerability in Edge Panel prior to Android S( ...) NOT-FOR-US: Samsung CVE-2022-24000 (PendingIntent hijacking vulnerability in DataUsageReminderReceiver pri ...) NOT-FOR-US: Samsung CVE-2022-23999 (PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb- ...) NOT-FOR-US: Samsung CVE-2022-23998 (Improper access control vulnerability in Camera prior to versions 11.1 ...) NOT-FOR-US: Samsung CVE-2022-23997 (Unprotected component vulnerability in StTheaterModeDurationAlarmRecei ...) NOT-FOR-US: Samsung CVE-2022-23996 (Unprotected component vulnerability in StTheaterModeReceiver in Wear O ...) NOT-FOR-US: Samsung CVE-2022-23995 (Unprotected component vulnerability in StBedtimeModeAlarmReceiver in W ...) NOT-FOR-US: Samsung CVE-2022-23994 (An Improper access control vulnerability in StBedtimeModeReceiver in W ...) NOT-FOR-US: Samsung CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_fi ...) NOT-FOR-US: pfSense CVE-2022-23992 (XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain ...) NOT-FOR-US: XCOM Data Transport CVE-2022-23991 RESERVED CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-3 NOTE: https://github.com/libexpat/libexpat/pull/551 NOTE: Introduced with: https://github.com/libexpat/libexpat/commit/cb8a4c756d057b948c1b41e7185dd69ef3ade3fb (R_1_95_4) NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/ede41d1e186ed2aba88a06e84cac839b770af3a1 (R_2_4_4) CVE-2022-23989 RESERVED CVE-2022-23988 RESERVED CVE-2022-23987 RESERVED CVE-2022-23984 RESERVED CVE-2022-23983 RESERVED CVE-2022-23982 RESERVED CVE-2022-23981 RESERVED CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Ye ...) NOT-FOR-US: WordPress plugin CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-23978 RESERVED CVE-2022-23977 RESERVED CVE-2022-23976 RESERVED CVE-2022-23975 RESERVED CVE-2022-23974 RESERVED CVE-2022-23103 RESERVED CVE-2022-0383 RESERVED CVE-2022-0382 (An information leak flaw was found due to uninitialized memory in the ...) - linux 5.15.15-1 NOTE: Fixed by: https://git.kernel.org/linus/d6d86830705f173fca6087a3e67ceaf68db80523 CVE-2022-0381 (The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2022-0380 (The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) NOT-FOR-US: microweber CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) NOT-FOR-US: microweber CVE-2022-0377 RESERVED CVE-2022-0376 RESERVED CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0373 RESERVED CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior ...) NOT-FOR-US: Crater CVE-2022-23973 RESERVED CVE-2022-23972 RESERVED CVE-2022-23971 RESERVED CVE-2022-23970 RESERVED CVE-2022-23969 RESERVED CVE-2022-23968 (Xerox VersaLink devices on specific versions of firmware before 2022-0 ...) NOT-FOR-US: Xerox CVE-2022-23967 (In TightVNC 1.3.10, there is an integer signedness error and resultant ...) TODO: check CVE-2022-23966 RESERVED CVE-2022-23965 RESERVED CVE-2022-23964 RESERVED CVE-2022-23963 RESERVED CVE-2022-23962 RESERVED CVE-2022-23961 RESERVED CVE-2022-23960 RESERVED CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 ...) {DLA-2920-1} - varnish (bug #1004433) NOTE: https://varnish-cache.org/security/VSV00008.html NOTE: https://docs.varnish-software.com/security/VSV00008/ NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4 (master) NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/9ed39d1f796369caafb647fe37b729c07f332327 (6.6.2) NOTE: Test case: https://github.com/varnishcache/varnish-cache/commit/ec531e16b9cd139bbf8971c5b306561c669681f4 (6.6.2) CVE-2022-23958 RESERVED CVE-2022-23957 RESERVED CVE-2022-23956 RESERVED CVE-2022-23955 RESERVED CVE-2022-23954 RESERVED CVE-2022-23953 RESERVED CVE-2022-23952 RESERVED CVE-2022-23951 RESERVED CVE-2022-23950 RESERVED CVE-2022-23949 RESERVED CVE-2022-23948 RESERVED CVE-2022-0371 RESERVED CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0369 RESERVED CVE-2022-23947 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) NOT-FOR-US: Gerber CVE-2022-23946 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) NOT-FOR-US: Gerber CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. This iss ...) NOT-FOR-US: Apache ShenYu Admin CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...) NOT-FOR-US: Apache ShenYu Admin CVE-2022-23943 RESERVED CVE-2022-23942 RESERVED CVE-2022-21184 RESERVED CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9/ NOTE: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa (v8.2.4217) CVE-2022-0367 RESERVED CVE-2022-0366 (An authenticated and authorized agent user could potentially gain admi ...) NOT-FOR-US: Sophos CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command inje ...) NOT-FOR-US: Ricon Mobile CVE-2022-0364 RESERVED CVE-2022-0363 RESERVED CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...) NOT-FOR-US: ShowDoc CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b NOTE: https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 (v8.2.4215) CVE-2022-0360 RESERVED CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def NOTE: https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 (v8.2.4214) CVE-2022-0358 RESERVED - qemu [buster] - qemu (Vulnerable code not present) [stretch] - qemu (virtiofsd added in 5.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044863 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca CVE-2022-0357 RESERVED CVE-2022-0356 RESERVED CVE-2022-23941 RESERVED CVE-2022-23940 RESERVED CVE-2022-23939 RESERVED CVE-2022-23938 RESERVED CVE-2022-23937 RESERVED CVE-2022-23936 RESERVED CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ...) - libimage-exiftool-perl 12.38+dfsg-1 [bullseye] - libimage-exiftool-perl (Minor issue) [buster] - libimage-exiftool-perl (Minor issue) [stretch] - libimage-exiftool-perl (Minor issue) NOTE: https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582 (12.38) CVE-2022-23934 RESERVED CVE-2022-23933 RESERVED CVE-2022-23932 RESERVED CVE-2022-23931 RESERVED CVE-2022-23930 RESERVED CVE-2022-23929 RESERVED CVE-2022-23928 RESERVED CVE-2022-23927 RESERVED CVE-2022-23926 RESERVED CVE-2022-23925 RESERVED CVE-2022-23924 RESERVED CVE-2022-23919 RESERVED CVE-2022-23918 RESERVED CVE-2022-23399 RESERVED CVE-2022-22144 RESERVED CVE-2022-22140 RESERVED CVE-2022-21201 RESERVED CVE-2022-21178 RESERVED CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in NPM simp ...) NOT-FOR-US: simple-get nodejs module CVE-2022-0354 RESERVED CVE-2022-0353 RESERVED CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker coul ...) TODO: check CVE-2022-23912 RESERVED CVE-2022-23911 RESERVED CVE-2022-23910 RESERVED CVE-2022-23909 RESERVED CVE-2022-23908 RESERVED CVE-2022-23907 RESERVED CVE-2022-23906 RESERVED CVE-2022-23905 RESERVED CVE-2022-23904 RESERVED CVE-2022-23903 RESERVED CVE-2022-23902 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Tongda2000 CVE-2022-23901 RESERVED CVE-2022-23900 RESERVED CVE-2022-23899 RESERVED CVE-2022-23898 RESERVED CVE-2022-23897 RESERVED CVE-2022-23896 RESERVED CVE-2022-23895 RESERVED CVE-2022-23894 RESERVED CVE-2022-23893 RESERVED CVE-2022-23892 RESERVED CVE-2022-23891 RESERVED CVE-2022-23890 RESERVED CVE-2022-23889 (The comment function in YzmCMS v6.3 was discovered as being able to be ...) NOT-FOR-US: YzmCMS CVE-2022-23888 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSR ...) NOT-FOR-US: YzmCMS CVE-2022-23887 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CS ...) NOT-FOR-US: YzmCMS CVE-2022-23886 RESERVED CVE-2022-23885 RESERVED CVE-2022-23884 RESERVED CVE-2022-23883 RESERVED CVE-2022-23882 RESERVED CVE-2022-23881 RESERVED CVE-2022-23880 RESERVED CVE-2022-23879 RESERVED CVE-2022-23878 RESERVED CVE-2022-23877 RESERVED CVE-2022-23876 RESERVED CVE-2022-23875 RESERVED CVE-2022-23874 RESERVED CVE-2022-23873 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Victor CMS CVE-2022-23872 (Emlog pro v1.1.1 was discovered to contain a stored cross-site scripti ...) NOT-FOR-US: Emlog pro CVE-2022-23871 (Multiple cross-site scripting (XSS) vulnerabilities in the component o ...) NOT-FOR-US: Gibbon CMS CVE-2022-23870 RESERVED CVE-2022-23869 RESERVED CVE-2022-23868 RESERVED CVE-2022-23867 RESERVED CVE-2022-23866 RESERVED CVE-2022-23865 RESERVED CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6 ...) NOT-FOR-US: calibre-web CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub repository ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161 NOTE: https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d (v8.2.4206) CVE-2022-0350 RESERVED CVE-2022-0349 RESERVED CVE-2022-0348 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) NOT-FOR-US: pimcore CVE-2022-0347 RESERVED CVE-2022-0346 RESERVED CVE-2022-0345 RESERVED CVE-2022-0344 RESERVED CVE-2022-0343 RESERVED CVE-2022-0342 RESERVED CVE-2022-23864 RESERVED CVE-2022-23863 (Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authen ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-23862 RESERVED CVE-2022-23861 RESERVED CVE-2022-23860 RESERVED CVE-2022-23859 RESERVED CVE-2022-23858 (In StarWind Command Center before V2 build 6021, an authenticated read ...) NOT-FOR-US: StarWind Command Center CVE-2022-23857 (model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to ...) NOT-FOR-US: Navidrome CVE-2022-23856 (An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 ...) NOT-FOR-US: Saviynt Enterprise Identity Cloud (EIC) CVE-2022-23855 (An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 ...) NOT-FOR-US: Saviynt Enterprise Identity Cloud (EIC) CVE-2022-23854 RESERVED CVE-2022-23853 (The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 a ...) - kate [bullseye] - kate (Minor issue) [buster] - kate (Minor issue) [stretch] - kate (Minor issue) - ktexteditor [bullseye] - ktexteditor (Minor issue) [buster] - ktexteditor (Minor issue) [stretch] - ktexteditor (Minor issue) NOTE: https://kde.org/info/security/advisory-20220131-1.txt NOTE: KTextEditor: Fixed by: https://commits.kde.org/ktexteditor/804e49444c093fe58ec0df2ab436565e50dc147e NOTE: KTextEditor: Fixed by: https://commits.kde.org/ktexteditor/c80f935c345de2e2fb10635202800839ca9697bf NOTE: Kate: prerequisites: NOTE: https://commits.kde.org/kate/361dd43e42994829dbdb35e78fb7698d27cbb0e2 NOTE: https://commits.kde.org/kate/6fc3bf6e5bd540e842e32c4a959c2158c8573be5 NOTE: https://commits.kde.org/kate/92a9c65e30b4b63b8b116eb5c8dcb1e1a2d867bc NOTE: Fixed by: https://commits.kde.org/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9 NOTE: Fixed by: https://commits.kde.org/kate/7e08a58fb50d28ba96aedd5f5cd79a9479b4a0ad CVE-2022-23852 (Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-2 NOTE: https://github.com/libexpat/libexpat/pull/550 NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 (R_2_4_4) NOTE: Tests: https://github.com/libexpat/libexpat/commit/acf956f14bf79a5e6383a969aaffec98bfbc2e44 CVE-2022-23851 RESERVED CVE-2022-0341 RESERVED CVE-2022-0340 RESERVED CVE-2022-24300 (Minetest before 5.4.0 allows attackers to add or modify arbitrary meta ...) {DSA-5075-1} - minetest 5.4.1+repack-1 (bug #1004223) [stretch] - minetest (games are not supported in LTS) NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf NOTE: Fixed by: https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae (5.4.0) NOTE: When fixing this issue the fix for GHSA-7q63-4fq2-hqcr should be included, NOTE: which is not a vulnerability by itself, and won't get a CVE assigned: NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-7q63-4fq2-hqcr NOTE: https://github.com/minetest/minetest/commit/8d6a0b917ce1e7f4f1017835af0ca76e79c98c38 (5.2.0) CVE-2022-24301 (In Minetest before 5.4.0, players can add or subtract items from a dif ...) {DSA-5075-1} - minetest 5.4.1+repack-1 [stretch] - minetest (games are not supported in LTS) NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-fvwv-qcq6-wmp5 NOTE: Fixed by: https://github.com/minetest/minetest/commit/3693b6871eba268ecc79b3f52d00d3cefe761131 (5.4.0) CVE-2022-23850 (xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through ...) - epub2txt2 (bug #1004115) CVE-2022-23849 RESERVED CVE-2022-0339 (Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. ...) NOT-FOR-US: calibre-web CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ...) - loguru (unimportant) NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/ NOTE: Document best practices for security: https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa NOTE: loguru documents security considerations and best practices to follow CVE-2022-23848 RESERVED CVE-2022-23847 RESERVED CVE-2022-23846 RESERVED CVE-2022-23845 RESERVED CVE-2022-23844 RESERVED CVE-2022-23843 RESERVED CVE-2022-23842 RESERVED CVE-2022-23841 RESERVED CVE-2022-23840 RESERVED CVE-2022-23839 RESERVED CVE-2022-23838 RESERVED CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the ...) - ruby-sidekiq (bug #1004193) NOTE: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 (v6.4.0) CVE-2022-23836 RESERVED CVE-2022-23835 RESERVED CVE-2022-0337 RESERVED CVE-2022-0336 [Samba AD users with permission to write to an account can impersonate arbitrary services] RESERVED - samba (bug #1004694) [bullseye] - samba 2:4.13.13+dfsg-1~deb11u3 [buster] - samba (Minor issue; affects Samba as AD DC) NOTE: https://www.samba.org/samba/security/CVE-2022-0336.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14950 CVE-2022-23834 RESERVED CVE-2022-23833 (An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27 ...) {DLA-2906-1} - python-django 2:3.2.12-1 (bug #1004752) [bullseye] - python-django (Minor issue) [buster] - python-django (Minor issue) NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/ NOTE: https://github.com/django/django/commit/fc18f36c4ab94399366ca2f2007b3692559a6f23 (main) NOTE: https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9 (4.0.2) NOTE: https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468 (3.2.12) NOTE: https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a (2.2.27) CVE-2022-23832 RESERVED CVE-2022-23831 RESERVED CVE-2022-23830 RESERVED CVE-2022-23829 RESERVED CVE-2022-23828 RESERVED CVE-2022-23827 RESERVED CVE-2022-23826 RESERVED CVE-2022-23825 RESERVED CVE-2022-23824 RESERVED CVE-2022-23823 RESERVED CVE-2022-23822 RESERVED CVE-2022-23821 RESERVED CVE-2022-23820 RESERVED CVE-2022-23819 RESERVED CVE-2022-23818 RESERVED CVE-2022-23817 RESERVED CVE-2022-23816 RESERVED CVE-2022-23815 RESERVED CVE-2022-23814 RESERVED CVE-2022-23813 RESERVED CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allo ...) NOT-FOR-US: TransmitMail CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...) NOT-FOR-US: TransmitMail CVE-2022-21176 RESERVED CVE-2022-21143 RESERVED CVE-2022-21141 RESERVED CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) - moodle CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) - moodle CVE-2022-0333 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) - moodle CVE-2022-0332 (A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injectio ...) - moodle CVE-2022-0331 RESERVED CVE-2022-0330 [drm/i915: Flush TLBs before releasing backing store] RESERVED - linux 5.15.15-2 NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/12 NOTE: https://git.kernel.org/linus/7938d61591d33394a21bdd7797a245b65428f44c CVE-2022-0329 REJECTED CVE-2022-0328 RESERVED CVE-2022-0327 RESERVED CVE-2022-23809 RESERVED CVE-2022-23808 (An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker ca ...) - phpmyadmin 4:5.1.3+dfsg1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2022-2/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59 NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/28 (setup not available) CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before ...) - phpmyadmin 4:5.1.3+dfsg1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2022-1/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ca54f1db050859eb8555875c6aa5d7796fdf4b32 NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages) NOTE: 2FA support is not packaged in Debian CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x bef ...) - golang-1.18 - golang-1.17 1.17.7-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Minor issue) - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/50974 NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ NOTE: https://github.com/golang/go/commit/e16331902340c02bdf1831b5508df2307b871ef6 (go1.17.7) CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2022-23804 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) TODO: check CVE-2022-23803 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) TODO: check CVE-2022-23802 RESERVED CVE-2022-23801 RESERVED CVE-2022-23800 RESERVED CVE-2022-23799 RESERVED CVE-2022-23798 RESERVED CVE-2022-23797 RESERVED CVE-2022-23796 RESERVED CVE-2022-23795 RESERVED CVE-2022-23794 RESERVED CVE-2022-23793 RESERVED CVE-2022-0326 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...) - mruby (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/mruby/mruby/commit/dccd66f9efecd0a974b735c62836fe566015cf37 (3.1.0-rc) NOTE: Fixed by: https://github.com/mruby/mruby/commit/b611c43a5de061ec21b343967e1b64c45c373d7e CVE-2022-0325 RESERVED CVE-2022-0324 RESERVED CVE-2022-23792 RESERVED CVE-2022-23791 RESERVED CVE-2022-23790 RESERVED CVE-2022-23789 RESERVED CVE-2022-23788 RESERVED CVE-2022-23787 RESERVED CVE-2022-23786 RESERVED CVE-2022-23785 RESERVED CVE-2022-23784 RESERVED CVE-2022-23783 RESERVED CVE-2022-23782 RESERVED CVE-2022-23781 RESERVED CVE-2022-23780 RESERVED CVE-2022-21147 RESERVED CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template Engine ...) NOT-FOR-US: Mustache (implementation in PHP) CVE-2022-0322 [DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c] RESERVED - linux 5.14.16-1 [bullseye] - linux 5.10.84-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/a2d859e3fc97e79d907761550dbc03ff1b36479c (5.15-rc6) CVE-2022-0321 RESERVED CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before 5.0.5 does ...) NOT-FOR-US: WordPress plugin CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b NOTE: https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9 (v8.2.4154) CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...) - vim (bug #1004859) [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08 NOTE: https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc (v8.2.4151) CVE-2022-0317 (An improper input validation vulnerability in go-attestation before 0. ...) TODO: check CVE-2022-0316 RESERVED CVE-2022-0315 RESERVED CVE-2022-23779 RESERVED CVE-2022-23778 RESERVED CVE-2022-23777 RESERVED CVE-2022-23776 RESERVED CVE-2022-23775 RESERVED CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to move arbitr ...) NOT-FOR-US: Docker Desktop CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret ...) - golang-1.18 - golang-1.17 1.17.7-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Minor issue) - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/35671 NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ NOTE: https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 (go1.17.7) CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17. ...) - golang-1.18 1.18~beta2-1 - golang-1.17 1.17.7-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Minor issue) - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/50699 NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ NOTE: https://github.com/golang/go/commit/539d430efb5043cc6a2d4d4fcd2866b11717039a (go1.17.7) CVE-2022-23771 RESERVED CVE-2022-23770 RESERVED CVE-2022-23769 RESERVED CVE-2022-23768 RESERVED CVE-2022-23767 RESERVED CVE-2022-23766 RESERVED CVE-2022-23765 RESERVED CVE-2022-23764 RESERVED CVE-2022-23763 RESERVED CVE-2022-23762 RESERVED CVE-2022-23761 RESERVED CVE-2022-23760 RESERVED CVE-2022-23759 RESERVED CVE-2022-23758 RESERVED CVE-2022-23757 RESERVED CVE-2022-23756 RESERVED CVE-2022-23755 RESERVED CVE-2022-23754 RESERVED CVE-2022-23753 RESERVED CVE-2022-23752 RESERVED CVE-2022-23751 RESERVED CVE-2022-23750 RESERVED CVE-2022-23749 RESERVED CVE-2022-23748 RESERVED CVE-2022-23747 RESERVED CVE-2022-23746 RESERVED CVE-2022-23745 RESERVED CVE-2022-23744 RESERVED CVE-2022-23743 RESERVED CVE-2022-23742 RESERVED CVE-2022-23741 RESERVED CVE-2022-23740 RESERVED CVE-2022-23739 RESERVED CVE-2022-23738 RESERVED CVE-2022-23737 RESERVED CVE-2022-23736 RESERVED CVE-2022-23735 RESERVED CVE-2022-23734 RESERVED CVE-2022-23733 RESERVED CVE-2022-23732 RESERVED CVE-2022-23731 RESERVED CVE-2022-23730 RESERVED CVE-2022-23729 RESERVED CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...) NOT-FOR-US: LG CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS TVs. Due t ...) NOT-FOR-US: LG CVE-2022-23726 RESERVED CVE-2022-23725 RESERVED CVE-2022-23724 RESERVED CVE-2022-23723 RESERVED CVE-2022-23722 RESERVED CVE-2022-23721 RESERVED CVE-2022-23720 RESERVED CVE-2022-23719 RESERVED CVE-2022-23718 RESERVED CVE-2022-23717 RESERVED CVE-2022-23716 RESERVED CVE-2022-23715 RESERVED CVE-2022-23714 RESERVED CVE-2022-23713 RESERVED CVE-2022-23712 RESERVED CVE-2022-23711 RESERVED CVE-2022-23710 RESERVED CVE-2022-23709 RESERVED CVE-2022-23708 RESERVED CVE-2022-23707 (An XSS vulnerability was found in Kibana index patterns. Using this vu ...) - kibana (bug #700337) CVE-2022-23706 RESERVED CVE-2022-23705 RESERVED CVE-2022-23704 RESERVED CVE-2022-23703 RESERVED CVE-2022-23702 RESERVED CVE-2022-23701 RESERVED CVE-2022-23700 RESERVED CVE-2022-23699 RESERVED CVE-2022-23698 RESERVED CVE-2022-23697 RESERVED CVE-2022-23696 RESERVED CVE-2022-23695 RESERVED CVE-2022-23694 RESERVED CVE-2022-23693 RESERVED CVE-2022-23692 RESERVED CVE-2022-23691 RESERVED CVE-2022-23690 RESERVED CVE-2022-23689 RESERVED CVE-2022-23688 RESERVED CVE-2022-23687 RESERVED CVE-2022-23686 RESERVED CVE-2022-23685 RESERVED CVE-2022-23684 RESERVED CVE-2022-23683 RESERVED CVE-2022-23682 RESERVED CVE-2022-23681 RESERVED CVE-2022-23680 RESERVED CVE-2022-23679 RESERVED CVE-2022-23678 RESERVED CVE-2022-23677 RESERVED CVE-2022-23676 RESERVED CVE-2022-23675 RESERVED CVE-2022-23674 RESERVED CVE-2022-23673 RESERVED CVE-2022-23672 RESERVED CVE-2022-23671 RESERVED CVE-2022-23670 RESERVED CVE-2022-23669 RESERVED CVE-2022-23668 RESERVED CVE-2022-23667 RESERVED CVE-2022-23666 RESERVED CVE-2022-23665 RESERVED CVE-2022-23664 RESERVED CVE-2022-23663 RESERVED CVE-2022-23662 RESERVED CVE-2022-23661 RESERVED CVE-2022-23660 RESERVED CVE-2022-23659 RESERVED CVE-2022-23658 RESERVED CVE-2022-23657 RESERVED CVE-2022-23656 RESERVED CVE-2022-23655 RESERVED CVE-2022-23654 RESERVED CVE-2022-23653 RESERVED CVE-2022-23652 RESERVED CVE-2022-23651 RESERVED CVE-2022-23650 RESERVED CVE-2022-23649 RESERVED CVE-2022-23648 RESERVED CVE-2022-23647 RESERVED CVE-2022-23646 RESERVED CVE-2022-23645 RESERVED CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...) NOT-FOR-US: BookWyrm CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...) TODO: check CVE-2022-23642 RESERVED CVE-2022-23641 (Discourse is an open source discussion platform. In versions prior to ...) NOT-FOR-US: Discourse CVE-2022-23640 RESERVED CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, scoped t ...) TODO: check CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...) TODO: check CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...) NOT-FOR-US: K-Box CVE-2022-23636 RESERVED CVE-2022-23635 RESERVED CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` ...) - puma (bug #1005391) NOTE: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h NOTE: https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb NOTE: Related issue to CVE-2022-23633 for src:rails CVE-2022-23633 (Action Pack is a framework for handling and responding to web requests ...) - rails (bug #1005389) NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/5 NOTE: Fixed by: https://github.com/rails/rails/commit/07d9600172a18b45791c89e95a642e13fc367545 (v6.1.4.5) NOTE: Followup: https://github.com/rails/rails/commit/d1267768e9f57ebcf86ff7f011aca7fb08e733eb (v6.1.4.6) NOTE: Fixed by: https://github.com/rails/rails/commit/e9015f91dd685472f915f8aa1eb18b0e0763e013 (v6.0.4.5) NOTE: Followup: https://github.com/rails/rails/commit/f85b396e5a0019eb614e4ee436ea713089696833 (v6.0.4.6) NOTE: Fixed by: https://github.com/rails/rails/commit/ddaf5058350b3a72f59b7c3e0d713678354b9a08 (v5.2.6.1) NOTE: Followup: https://github.com/rails/rails/commit/676ad96fa5d9d0213babc32c9bad8190597a00d1 (v5.2.6.2) CVE-2022-23632 RESERVED CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be serialize ...) TODO: check CVE-2022-23630 (Gradle is a build tool with a focus on build automation and support fo ...) - gradle (Vulnerable node not yet uploaded; introduced in 6.2) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr NOTE: https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351 (v7.4.0-RC2) CVE-2022-23629 RESERVED CVE-2022-23628 (OPA is an open source, general-purpose policy engine. Under certain co ...) NOT-FOR-US: OPA CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of idlin ...) NOT-FOR-US: ArchiSteamFarm CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...) NOT-FOR-US: m1k1o/blog CVE-2022-23625 RESERVED CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScript. Fro ...) NOT-FOR-US: Frourio-express CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio users who u ...) NOT-FOR-US: Frourio CVE-2022-23622 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23621 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23620 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23619 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23618 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23617 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23616 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23615 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23614 (Twig is an open source template language for PHP. When in a sandbox mo ...) - php-twig 3.3.8-1 NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v NOTE: https://github.com/twigphp/Twig/pull/3641 NOTE: https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5 (v3.3.8) CVE-2022-23613 (xrdp is an open source remote desktop protocol (RDP) server. In affect ...) - xrdp (bug #1005304) [bullseye] - xrdp (Vulnerable code not present) [buster] - xrdp (Vulnerable code not present) [stretch] - xrdp (Vulnerable code not present) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32 NOTE: Introduced by: https://github.com/neutrinolabs/xrdp/commit/738e346f810c97d578df9e99a36520616ee201be (v0.9.17) NOTE: Fixed by: https://github.com/neutrinolabs/xrdp/commit/4def30ab8ea445cdc06832a44c3ec40a506a0ffa CVE-2022-23612 RESERVED CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...) NOT-FOR-US: iTunesRPC-Remastered CVE-2022-23610 RESERVED CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...) NOT-FOR-US: iTunesRPC-Remastered CVE-2022-23608 RESERVED CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top of Twi ...) - python-treq (bug #1005041) NOTE: https://github.com/twisted/treq/security/advisories/GHSA-fhpf-pp6p-55qc NOTE: https://github.com/twisted/treq/commit/1da6022cc880bbcff59321abe02bf8498b89efb2 (release-22.1.0) CVE-2022-23606 RESERVED CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol. In versio ...) NOT-FOR-US: Wire webapp CVE-2022-23604 (x26-Cogs is a repository of cogs made by Twentysix for the Red Discord ...) NOT-FOR-US: x26-Cogs CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...) NOT-FOR-US: iTunesRPC-Remastered CVE-2022-23602 (Nimforum is a lightweight alternative to Discourse written in Nim. In ...) NOT-FOR-US: Nimforum CVE-2022-23601 (Symfony is a PHP framework for web and console applications and a set ...) - symfony (Vulnerable code not present; no Debian released version contained the vulnerable code) NOTE: https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms NOTE: https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50 CVE-2022-23600 (fleet is an open source device management, built on osquery. Versions ...) NOT-FOR-US: Fleet CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone 2.1 - 4.3 ...) NOT-FOR-US: Plone CVE-2022-23598 (laminas-form is a package for validating and displaying simple and com ...) NOT-FOR-US: laminas-form CVE-2022-23597 (Element Desktop is a Matrix client for desktop platforms with Element ...) NOT-FOR-US: Element Desktop CVE-2022-23596 (Junrar is an open source java RAR archive library. In affected version ...) NOT-FOR-US: Junrar CVE-2022-23595 (Tensorflow is an Open Source Machine Learning Framework. When building ...) - tensorflow (bug #804612) CVE-2022-23594 (Tensorflow is an Open Source Machine Learning Framework. The TFG diale ...) - tensorflow (bug #804612) CVE-2022-23593 (Tensorflow is an Open Source Machine Learning Framework. The `simplify ...) - tensorflow (bug #804612) CVE-2022-23592 (Tensorflow is an Open Source Machine Learning Framework. TensorFlow's ...) - tensorflow (bug #804612) CVE-2022-23591 (Tensorflow is an Open Source Machine Learning Framework. The `GraphDef ...) - tensorflow (bug #804612) CVE-2022-23590 (Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` ...) - tensorflow (bug #804612) CVE-2022-23589 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...) - tensorflow (bug #804612) CVE-2022-23588 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) - tensorflow (bug #804612) CVE-2022-23587 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...) - tensorflow (bug #804612) CVE-2022-23586 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) - tensorflow (bug #804612) CVE-2022-23585 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) - tensorflow (bug #804612) CVE-2022-23584 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) - tensorflow (bug #804612) CVE-2022-23583 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) - tensorflow (bug #804612) CVE-2022-23582 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) - tensorflow (bug #804612) CVE-2022-23581 (Tensorflow is an Open Source Machine Learning Framework. The Grappler ...) - tensorflow (bug #804612) CVE-2022-23580 (Tensorflow is an Open Source Machine Learning Framework. During shape ...) - tensorflow (bug #804612) CVE-2022-23579 (Tensorflow is an Open Source Machine Learning Framework. The Grappler ...) - tensorflow (bug #804612) CVE-2022-23578 (Tensorflow is an Open Source Machine Learning Framework. If a graph no ...) - tensorflow (bug #804612) CVE-2022-23577 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-23576 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-23575 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-23574 (Tensorflow is an Open Source Machine Learning Framework. There is a ty ...) - tensorflow (bug #804612) CVE-2022-23573 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-23572 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...) - tensorflow (bug #804612) CVE-2022-23571 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) - tensorflow (bug #804612) CVE-2022-23570 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) - tensorflow (bug #804612) CVE-2022-23569 (Tensorflow is an Open Source Machine Learning Framework. Multiple oper ...) - tensorflow (bug #804612) CVE-2022-23568 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-23567 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-23566 (Tensorflow is an Open Source Machine Learning Framework. TensorFlow is ...) - tensorflow (bug #804612) CVE-2022-23565 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) - tensorflow (bug #804612) CVE-2022-23564 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) - tensorflow (bug #804612) CVE-2022-23563 (Tensorflow is an Open Source Machine Learning Framework. In multiple p ...) - tensorflow (bug #804612) CVE-2022-23562 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-23561 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) - tensorflow (bug #804612) CVE-2022-23560 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) - tensorflow (bug #804612) CVE-2022-23559 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) - tensorflow (bug #804612) CVE-2022-23558 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) - tensorflow (bug #804612) CVE-2022-23557 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) - tensorflow (bug #804612) CVE-2022-23556 RESERVED CVE-2022-23555 RESERVED CVE-2022-23554 RESERVED CVE-2022-23553 RESERVED CVE-2022-23552 RESERVED CVE-2022-23551 RESERVED CVE-2022-23550 RESERVED CVE-2022-23549 RESERVED CVE-2022-23548 RESERVED CVE-2022-23547 RESERVED CVE-2022-23546 RESERVED CVE-2022-23545 RESERVED CVE-2022-23544 RESERVED CVE-2022-23543 RESERVED CVE-2022-23542 RESERVED CVE-2022-23541 RESERVED CVE-2022-23540 RESERVED CVE-2022-23539 RESERVED CVE-2022-23538 RESERVED CVE-2022-23537 RESERVED CVE-2022-23536 RESERVED CVE-2022-23535 RESERVED CVE-2022-23534 RESERVED CVE-2022-23533 RESERVED CVE-2022-23532 RESERVED CVE-2022-23531 RESERVED CVE-2022-23530 RESERVED CVE-2022-23529 RESERVED CVE-2022-23528 RESERVED CVE-2022-23527 RESERVED CVE-2022-23526 RESERVED CVE-2022-23525 RESERVED CVE-2022-23524 RESERVED CVE-2022-23523 RESERVED CVE-2022-23522 RESERVED CVE-2022-23521 RESERVED CVE-2022-23520 RESERVED CVE-2022-23519 RESERVED CVE-2022-23518 RESERVED CVE-2022-23517 RESERVED CVE-2022-23516 RESERVED CVE-2022-23515 RESERVED CVE-2022-23514 RESERVED CVE-2022-23513 RESERVED CVE-2022-23512 RESERVED CVE-2022-23511 RESERVED CVE-2022-23510 RESERVED CVE-2022-23509 RESERVED CVE-2022-23508 RESERVED CVE-2022-23507 RESERVED CVE-2022-23506 RESERVED CVE-2022-23505 RESERVED CVE-2022-23504 RESERVED CVE-2022-23503 RESERVED CVE-2022-23502 RESERVED CVE-2022-23501 RESERVED CVE-2022-23500 RESERVED CVE-2022-23499 RESERVED CVE-2022-23498 RESERVED CVE-2022-23497 RESERVED CVE-2022-23496 RESERVED CVE-2022-23495 RESERVED CVE-2022-23494 RESERVED CVE-2022-23493 RESERVED CVE-2022-23492 RESERVED CVE-2022-23491 RESERVED CVE-2022-23490 RESERVED CVE-2022-23489 RESERVED CVE-2022-23488 RESERVED CVE-2022-23487 RESERVED CVE-2022-23486 RESERVED CVE-2022-23485 RESERVED CVE-2022-23484 RESERVED CVE-2022-23483 RESERVED CVE-2022-23482 RESERVED CVE-2022-23481 RESERVED CVE-2022-23480 RESERVED CVE-2022-23479 RESERVED CVE-2022-23478 RESERVED CVE-2022-23477 RESERVED CVE-2022-23476 RESERVED CVE-2022-23475 RESERVED CVE-2022-23474 RESERVED CVE-2022-23473 RESERVED CVE-2022-23472 RESERVED CVE-2022-23471 RESERVED CVE-2022-23470 RESERVED CVE-2022-23469 RESERVED CVE-2022-23468 RESERVED CVE-2022-23467 RESERVED CVE-2022-23466 RESERVED CVE-2022-23465 RESERVED CVE-2022-23464 RESERVED CVE-2022-23463 RESERVED CVE-2022-23462 RESERVED CVE-2022-23461 RESERVED CVE-2022-23460 RESERVED CVE-2022-23459 RESERVED CVE-2022-23458 RESERVED CVE-2022-23457 RESERVED CVE-2022-0314 RESERVED CVE-2022-0313 RESERVED CVE-2022-0312 RESERVED CVE-2022-0299 RESERVED CVE-2022-23456 (Potential arbitrary file deletion vulnerability has been identified in ...) NOT-FOR-US: HP CVE-2022-23455 RESERVED CVE-2022-23454 RESERVED CVE-2022-23453 RESERVED CVE-2022-23452 RESERVED - barbican [bullseye] - barbican (Minor issue) [buster] - barbican (Minor issue) [stretch] - barbican (Minor issue) NOTE: https://storyboard.openstack.org/#!/story/2009297 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025090 CVE-2022-23451 RESERVED - barbican [bullseye] - barbican (Minor issue) [buster] - barbican (Minor issue) [stretch] - barbican (Minor issue) NOTE: https://storyboard.openstack.org/#!/story/2009253 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025089 CVE-2022-23450 RESERVED CVE-2022-23449 RESERVED CVE-2022-23448 RESERVED CVE-2022-23447 RESERVED CVE-2022-23446 RESERVED CVE-2022-23445 RESERVED CVE-2022-23444 RESERVED CVE-2022-23443 RESERVED CVE-2022-23442 RESERVED CVE-2022-23441 RESERVED CVE-2022-23440 RESERVED CVE-2022-23439 RESERVED CVE-2022-23438 RESERVED CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...) - libxerces2-java [stretch] - libxerces2-java (revisit when/if fix is complete) NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/3 CVE-2022-0311 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0310 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0309 (Inappropriate implementation in Autofill in Google Chrome prior to 97. ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0308 (Use after free in Data Transfer in Google Chrome on Chrome OS prior to ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0307 (Use after free in Optimization Guide in Google Chrome prior to 97.0.46 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0306 (Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0305 (Inappropriate implementation in Service Worker API in Google Chrome pr ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0304 (Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 all ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0303 RESERVED {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0302 (Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allow ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0301 (Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.9 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0300 (Use after free in Text Input Method Editor in Google Chrome on Android ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0298 (Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 al ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0297 (Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowe ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0296 (Use after free in Printing in Google Chrome prior to 97.0.4692.99 allo ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0295 (Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allow ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0294 (Inappropriate implementation in Push messaging in Google Chrome prior ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0293 (Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0292 (Inappropriate implementation in Fenced Frames in Google Chrome prior t ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0291 (Inappropriate implementation in Storage in Google Chrome prior to 97.0 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0290 (Use after free in Site isolation in Google Chrome prior to 97.0.4692.9 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0289 (Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0288 RESERVED CVE-2022-0287 RESERVED CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer dereference in bo ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) NOT-FOR-US: pimcore CVE-2022-0284 RESERVED - imagemagick (Specific to IM7) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045943 NOTE: https://github.com/ImageMagick/ImageMagick/issues/4729 NOTE: https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7 CVE-2022-0283 RESERVED CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11. ...) NOT-FOR-US: microweber CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...) NOT-FOR-US: microweber CVE-2022-0280 RESERVED CVE-2022-0279 RESERVED CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) NOT-FOR-US: microweber CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...) NOT-FOR-US: microweber CVE-2022-23436 RESERVED CVE-2022-23435 (decoding.c in android-gif-drawable before 1.2.24 does not limit the ma ...) NOT-FOR-US: android-gif-drawable CVE-2022-23434 (A vulnerability using PendingIntent in Bixby Vision prior to versions ...) NOT-FOR-US: Samsung CVE-2022-23433 (Improper access control vulnerability in Reminder prior to versions 12 ...) NOT-FOR-US: Samsung CVE-2022-23432 (An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw pri ...) NOT-FOR-US: Samsung CVE-2022-23431 (An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release ...) NOT-FOR-US: Samsung CVE-2022-23430 RESERVED CVE-2022-23429 (An improper boundary check in audio hal service prior to SMR Feb-2022 ...) NOT-FOR-US: Samsung CVE-2022-23428 (An improper boundary check in eden_runtime hal service prior to SMR Fe ...) NOT-FOR-US: Samsung CVE-2022-23427 (PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver pri ...) NOT-FOR-US: Samsung CVE-2022-23426 (A vulnerability using PendingIntent in DeX Home and DeX for PC prior t ...) NOT-FOR-US: Samsung CVE-2022-23425 (Improper input validation in Exynos baseband prior to SMR Feb-2022 Rel ...) NOT-FOR-US: Samsung CVE-2022-23424 RESERVED CVE-2022-23423 RESERVED CVE-2022-23422 RESERVED CVE-2022-23421 RESERVED CVE-2022-23420 RESERVED CVE-2022-23419 RESERVED CVE-2022-23418 RESERVED CVE-2022-23417 RESERVED CVE-2022-23416 RESERVED CVE-2022-23415 RESERVED CVE-2022-23414 RESERVED CVE-2022-23413 RESERVED CVE-2022-23412 RESERVED CVE-2022-23411 RESERVED CVE-2022-23410 (AXIS IP Utility prior to 4.17.0 allows for remote code execution and l ...) NOT-FOR-US: AXIS IP Utility CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to ...) NOT-FOR-US: Craft CMS CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situatio ...) - wolfssl 5.1.1-1 (bug #1004181) [bullseye] - wolfssl (Vulnerable code introduced later) NOTE: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-511-jan-3rd-2022 NOTE: https://github.com/wolfSSL/wolfssl/pull/4710 NOTE: Introduced by: https://github.com/wolfSSL/wolfssl/commit/2871fc670f448e5f7cab7101479cb5b88e4d21f4 (WCv5.0-RC9) NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/73b4cc9476f6355a91138f545f3fd007ce058255 (master) NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/f3038b7aa5512572a04c14becee799ef275a6736 (v5.1.1-stable) CVE-2022-23407 RESERVED CVE-2022-23406 RESERVED CVE-2022-23405 RESERVED CVE-2022-23404 RESERVED CVE-2022-0276 RESERVED CVE-2022-0275 RESERVED CVE-2022-23398 RESERVED CVE-2022-23397 RESERVED CVE-2022-23396 RESERVED CVE-2022-23395 RESERVED CVE-2022-23394 RESERVED CVE-2022-23393 RESERVED CVE-2022-23392 RESERVED CVE-2022-23391 (A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attack ...) NOT-FOR-US: Pybbs CVE-2022-23390 (An issue in the getType function of BBS Forum v5.3 and below allows at ...) NOT-FOR-US: BBS Forum CVE-2022-23389 (PublicCMS v4.0 was discovered to contain a remote code execution (RCE) ...) NOT-FOR-US: PublicCMS CVE-2022-23388 RESERVED CVE-2022-23387 RESERVED CVE-2022-23386 RESERVED CVE-2022-23385 RESERVED CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin ...) NOT-FOR-US: YzmCMS CVE-2022-23383 RESERVED CVE-2022-23382 RESERVED CVE-2022-23381 RESERVED CVE-2022-23380 RESERVED CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...) NOT-FOR-US: Emlog CVE-2022-23378 (A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 ver ...) NOT-FOR-US: TastyIgniter CVE-2022-23377 RESERVED CVE-2022-23376 RESERVED CVE-2022-23375 RESERVED CVE-2022-23374 RESERVED CVE-2022-23373 RESERVED CVE-2022-23372 RESERVED CVE-2022-23371 RESERVED CVE-2022-23370 RESERVED CVE-2022-23369 RESERVED CVE-2022-23368 RESERVED CVE-2022-23367 (Fulusso v1.1 was discovered to contain a DOM-based cross-site scriptin ...) NOT-FOR-US: Fulusso CVE-2022-23366 (HMS v1.0 was discovered to contain a SQL injection vulnerability via p ...) NOT-FOR-US: HMS (Hospital Managment System) CVE-2022-23365 (HMS v1.0 was discovered to contain a SQL injection vulnerability via d ...) NOT-FOR-US: HMS (Hospital Managment System) CVE-2022-23364 (HMS v1.0 was discovered to contain a SQL injection vulnerability via a ...) NOT-FOR-US: HMS (Hospital Managment System) CVE-2022-23363 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-23362 RESERVED CVE-2022-23361 RESERVED CVE-2022-23360 RESERVED CVE-2022-23359 RESERVED CVE-2022-23358 (EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In ...) NOT-FOR-US: EasyCMS CVE-2022-23357 (mozilo2.0 was discovered to be vulnerable to directory traversal attac ...) TODO: check CVE-2022-23356 RESERVED CVE-2022-23355 RESERVED CVE-2022-23354 RESERVED CVE-2022-23353 RESERVED CVE-2022-23352 RESERVED CVE-2022-23351 RESERVED CVE-2022-23350 RESERVED CVE-2022-23349 RESERVED CVE-2022-23348 RESERVED CVE-2022-23347 RESERVED CVE-2022-23346 RESERVED CVE-2022-23345 RESERVED CVE-2022-23344 RESERVED CVE-2022-23343 RESERVED CVE-2022-23342 RESERVED CVE-2022-23341 RESERVED CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system commands throu ...) NOT-FOR-US: Joplin CVE-2022-23339 RESERVED CVE-2022-23338 RESERVED CVE-2022-23337 (DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: DedeCMS CVE-2022-23336 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability in ...) NOT-FOR-US: S-CMS CVE-2022-23335 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Metinfo CVE-2022-23334 RESERVED CVE-2022-23333 RESERVED CVE-2022-23332 RESERVED CVE-2022-23331 (In DataEase v1.6.1, an authenticated user can gain unauthorized access ...) NOT-FOR-US: DataEase CVE-2022-23330 (A remote code execution (RCE) vulnerability in HelloWorldAddonControll ...) NOT-FOR-US: jpress CVE-2022-23329 (A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJ ...) NOT-FOR-US: UJCMS Jspxcms CVE-2022-23328 RESERVED CVE-2022-23327 RESERVED CVE-2022-23326 RESERVED CVE-2022-23325 RESERVED CVE-2022-23324 RESERVED CVE-2022-23323 RESERVED CVE-2022-23322 RESERVED CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on two in ...) NOT-FOR-US: XMPie CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...) NOT-FOR-US: XMPie uStore CVE-2022-23319 RESERVED CVE-2022-23318 RESERVED CVE-2022-23317 (CobaltStrike <=4.5 HTTP(S) listener does not determine whether the ...) NOT-FOR-US: CobaltStrike CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...) NOT-FOR-US: taocms CVE-2022-23315 (MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnera ...) NOT-FOR-US: MCMS CVE-2022-23314 (MCMS v5.2.4 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: MCMS CVE-2022-23313 RESERVED CVE-2022-22137 RESERVED CVE-2022-21801 (A denial of service vulnerability exists in the netserver recv_command ...) NOT-FOR-US: Reolink CVE-2022-21796 (A memory corruption vulnerability exists in the netserver parse_comman ...) NOT-FOR-US: Reolink CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...) NOT-FOR-US: Orchard CMS CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...) NOT-FOR-US: calibre-web CVE-2022-0272 RESERVED CVE-2022-0271 RESERVED CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes im ...) NOT-FOR-US: bored-agent CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm ...) NOT-FOR-US: yetiforce-crm CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to ...) NOT-FOR-US: Grav CMS CVE-2022-0267 RESERVED CVE-2022-23312 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) NOT-FOR-US: Siemens CVE-2022-23311 RESERVED CVE-2022-23310 RESERVED CVE-2022-23309 RESERVED CVE-2022-23308 RESERVED CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist remdex/l ...) NOT-FOR-US: livehelperchat CVE-2022-0265 RESERVED CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...) {DLA-2905-1} - apache-log4j1.2 1.2.17-11 (bug #1004482) [bullseye] - apache-log4j1.2 (Minor issue) [buster] - apache-log4j1.2 (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5 CVE-2022-23306 RESERVED CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...) {DLA-2905-1} - apache-log4j1.2 1.2.17-11 (bug #1004482) [bullseye] - apache-log4j1.2 (Minor issue) [buster] - apache-log4j1.2 (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4 CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...) NOT-FOR-US: pimcore CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) NOT-FOR-US: pimcore CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82 NOTE: https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc (v8.2.4120) CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-0259 RESERVED CVE-2022-0258 (pimcore is vulnerable to Improper Neutralization of Special Elements u ...) NOT-FOR-US: pimcore CVE-2022-0257 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) NOT-FOR-US: pimcore CVE-2022-0256 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) NOT-FOR-US: pimcore CVE-2022-0255 RESERVED CVE-2022-0254 RESERVED CVE-2022-0253 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) NOT-FOR-US: livehelperchat CVE-2022-0252 RESERVED CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-0250 RESERVED CVE-2022-0249 RESERVED CVE-2022-0248 RESERVED CVE-2022-0247 RESERVED CVE-2022-0246 RESERVED CVE-2022-23304 (The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplica ...) - wpa 2:2.10-1 [bullseye] - wpa (Minor issue) [buster] - wpa (Minor issue) [stretch] - wpa (Minor issue) NOTE: https://w1.fi/security/2022-1/ NOTE: Issue exists because of an incomplete fix for CVE-2019-9495 CVE-2022-23303 (The implementations of SAE in hostapd before 2.10 and wpa_supplicant b ...) - wpa 2:2.10-1 [bullseye] - wpa (Minor issue) [buster] - wpa (Minor issue) [stretch] - wpa (CVE-2019-9494 was not applied and is marked as ignored) NOTE: https://w1.fi/security/2022-1/ NOTE: Issue exists because of an incomplete fix for CVE-2019-9494 CVE-2022-0264 (A vulnerability was found in the Linux kernel's eBPF verifier when han ...) - linux 5.15.5-2 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7d3baf0afa3aa9102d6a521a8e4c41888bb79882 (5.16-rc6) CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/ ...) NOT-FOR-US: livehelperchat CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...) NOT-FOR-US: Orchard CMS CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...) {DLA-2905-1} - apache-log4j1.2 1.2.17-11 (bug #1004482) [bullseye] - apache-log4j1.2 (Minor issue) [buster] - apache-log4j1.2 (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3 CVE-2022-22142 (Reflected cross-site scripting vulnerability in the checkbox of php_ma ...) NOT-FOR-US: php_mailform CVE-2022-21805 (Reflected cross-site scripting vulnerability in the attached file name ...) NOT-FOR-US: php_mailform CVE-2022-0242 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...) NOT-FOR-US: Crater CVE-2022-0241 RESERVED CVE-2022-0240 (mruby is vulnerable to NULL Pointer Dereference ...) - mruby [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) [stretch] - mruby (Minor issue) NOTE: https://huntr.dev/bounties/5857eced-aad9-417d-864e-0bdf17226cbb/ NOTE: https://github.com/mruby/mruby/commit/31fa3304049fc406a201a72293cce140f0557dca CVE-2022-0239 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) NOT-FOR-US: corenlp CVE-2022-0238 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...) - phoronix-test-suite CVE-2022-23301 RESERVED CVE-2022-23300 RESERVED CVE-2022-23299 RESERVED CVE-2022-23298 RESERVED CVE-2022-23297 RESERVED CVE-2022-23296 RESERVED CVE-2022-23295 RESERVED CVE-2022-23294 RESERVED CVE-2022-23293 RESERVED CVE-2022-23292 RESERVED CVE-2022-23291 RESERVED CVE-2022-23290 RESERVED CVE-2022-23289 RESERVED CVE-2022-23288 RESERVED CVE-2022-23287 RESERVED CVE-2022-23286 RESERVED CVE-2022-23285 RESERVED CVE-2022-23284 RESERVED CVE-2022-23283 RESERVED CVE-2022-23282 RESERVED CVE-2022-23281 RESERVED CVE-2022-23280 (Microsoft Outlook for Mac Security Feature Bypass Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-23279 RESERVED CVE-2022-23278 RESERVED CVE-2022-23277 RESERVED CVE-2022-23276 (SQL Server for Linux Containers Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-23275 RESERVED CVE-2022-23274 (Microsoft Dynamics GP Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-23273 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...) NOT-FOR-US: Microsoft CVE-2022-23272 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...) NOT-FOR-US: Microsoft CVE-2022-23271 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...) NOT-FOR-US: Microsoft CVE-2022-23270 RESERVED CVE-2022-23269 (Microsoft Dynamics GP Spoofing Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-23268 RESERVED CVE-2022-23267 RESERVED CVE-2022-23266 RESERVED CVE-2022-23265 RESERVED CVE-2022-23264 RESERVED CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-23262 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-23261 (Microsoft Edge (Chromium-based) Tampering Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-23260 RESERVED CVE-2022-23259 RESERVED CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-23257 RESERVED CVE-2022-23256 (Azure Data Explorer Spoofing Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-23255 (Microsoft OneDrive for Android Security Feature Bypass Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-23254 (Microsoft Power BI Information Disclosure Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-23253 RESERVED CVE-2022-23252 (Microsoft Office Information Disclosure Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-23251 RESERVED CVE-2022-23250 RESERVED CVE-2022-23249 RESERVED CVE-2022-23248 RESERVED CVE-2022-23247 RESERVED CVE-2022-23246 RESERVED CVE-2022-23245 RESERVED CVE-2022-23244 RESERVED CVE-2022-23243 RESERVED CVE-2022-23242 RESERVED CVE-2022-23241 RESERVED CVE-2022-23240 RESERVED CVE-2022-23239 RESERVED CVE-2022-23238 RESERVED CVE-2022-23237 RESERVED CVE-2022-23236 RESERVED CVE-2022-23235 RESERVED CVE-2022-23234 RESERVED CVE-2022-23233 RESERVED CVE-2022-23232 RESERVED CVE-2022-23231 RESERVED CVE-2022-23230 RESERVED CVE-2022-23229 RESERVED CVE-2022-23228 RESERVED CVE-2022-23227 (NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to uploa ...) NOT-FOR-US: NUUO NVRmini2 CVE-2022-23226 RESERVED CVE-2022-23225 RESERVED CVE-2022-23224 RESERVED CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...) NOT-FOR-US: Apache ShenYu Admin CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...) {DSA-5076-1 DLA-2923-1} - h2database 2.1.210-1 NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210 NOTE: Fixed by https://github.com/h2database/h2database/commit/eb75633d0dfa86341e6ef77a861665c4a0f16ab8 NOTE: https://github.com/h2database/h2database/issues/3360#issuecomment-1018351050 CVE-2022-23220 (USBView 2.1 before 2.2 allows some local users (e.g., ones logged in v ...) {DSA-5052-1} - usbview 2.0-21-g6fe2f4f-2.1 [stretch] - usbview (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/01/21/1 NOTE: Introduced by: https://github.com/gregkh/usbview/commit/ddefeba3f67d6a6f394eb57352254c1c8a312671 (v2.1) NOTE: Fixed by: https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b (v2.2) NOTE: Hardening: https://github.com/gregkh/usbview/commit/1282782301570b3ee27f82f4f34c2c1a82bfd91a (v2.2) CVE-2022-0237 RESERVED CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium versions) ...) NOT-FOR-US: WordPress plugin CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to an Un ...) - node-fetch 2.6.1-7 [bullseye] - node-fetch (Minor issue) NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ NOTE: Fixed by: https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80 (v3.1.1) CVE-2022-0234 RESERVED CVE-2022-0233 (The ProfileGrid – User Profiles, Memberships, Groups and Communi ...) NOT-FOR-US: WordPress plugin CVE-2022-0232 (The User Registration, Login & Landing Pages WordPress plugin is v ...) NOT-FOR-US: WordPress plugin CVE-2022-0231 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: livehelperchat CVE-2022-0230 RESERVED CVE-2022-0229 RESERVED CVE-2022-0228 RESERVED CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...) {DSA-5050-1} - linux 5.15.15-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/1 CVE-2022-23219 (The deprecated compatibility function clnt_create in the sunrpc module ...) - glibc 2.33-3 [bullseye] - glibc (Minor issue) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22542 CVE-2022-23218 (The deprecated compatibility function svcunix_create in the sunrpc mod ...) - glibc 2.33-3 [bullseye] - glibc (Minor issue) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28768 CVE-2022-23217 RESERVED CVE-2022-23216 RESERVED CVE-2022-23215 RESERVED CVE-2022-23214 RESERVED CVE-2022-23213 RESERVED CVE-2022-23212 RESERVED CVE-2022-23211 RESERVED CVE-2022-23210 RESERVED CVE-2022-23209 RESERVED CVE-2022-23208 RESERVED CVE-2022-23207 RESERVED CVE-2022-0227 (Business Logic Errors in GitHub repository silverstripe/silverstripe-f ...) NOT-FOR-US: Silverstripe CMS CVE-2022-0226 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: livehelperchat CVE-2022-0225 RESERVED NOT-FOR-US: Keycloak CVE-2022-0224 (dolibarr is vulnerable to Improper Neutralization of Special Elements ...) - dolibarr CVE-2022-0223 RESERVED CVE-2022-0222 RESERVED CVE-2022-0221 RESERVED CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR WordPress ...) NOT-FOR-US: WordPress plugin CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...) NOT-FOR-US: jadx CVE-2022-0218 (The WP HTML Mail WordPress plugin is vulnerable to unauthorized access ...) NOT-FOR-US: WordPress plugin CVE-2022-0216 RESERVED CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...) NOT-FOR-US: WordPress plugin CVE-2022-0214 (The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoloa ...) NOT-FOR-US: WordPress plugin CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed NOTE: Fixed by: https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 (v8.2.4074) CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-0211 RESERVED CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...) NOT-FOR-US: Apache Traffic Control CVE-2022-23205 RESERVED CVE-2022-23204 (Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of ...) NOT-FOR-US: Adobe CVE-2022-23203 (Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2022-23202 (Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affecte ...) NOT-FOR-US: Adobe CVE-2022-23201 RESERVED CVE-2022-23200 (Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earl ...) NOT-FOR-US: Adobe CVE-2022-23199 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23198 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23197 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23196 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23195 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23194 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23193 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23192 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23191 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23190 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23189 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23188 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23187 RESERVED CVE-2022-23186 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23185 RESERVED CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...) NOT-FOR-US: Octopus Server CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use ...) - tomcat9 [bullseye] - tomcat9 (Minor issue, fix along in future DSA) [buster] - tomcat9 (Minor issue, fix along in future DSA) - tomcat8 [stretch] - tomcat8 (Minor issue; local race condition) NOTE: https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9 NOTE: https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e (9.0.57) NOTE: https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530 (8.5.74) NOTE: Issue introduced by the fix for CVE-2020-9484 CVE-2022-23180 RESERVED CVE-2022-23179 RESERVED CVE-2022-21199 (An information disclosure vulnerability exists due to the hardcoded TL ...) NOT-FOR-US: Reolink CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket interface] RESERVED {DSA-5047-1} - prosody 0.11.12-1 (bug #1003696) [stretch] - prosody (websocket module introduced in 0.10.0; internal XML API only used on trusted data) NOTE: https://prosody.im/security/advisory_20220113/ NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch NOTE: https://hg.prosody.im/0.11/raw-rev/783056b4e448 NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/3 NOTE: Regression: https://issues.prosody.im/1711 NOTE: Regression fix: https://hg.prosody.im/trunk/rev/e5e0ab93d7f4 CVE-2022-0210 (The Random Banner WordPress plugin is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2022-0209 RESERVED CVE-2022-0208 (The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-0207 RESERVED - vdsm (bug #668538) CVE-2022-0206 (The NewStatPress WordPress plugin before 1.3.6 does not properly escap ...) NOT-FOR-US: WordPress plugin CVE-2022-0205 RESERVED CVE-2022-0204 [Heap overflow vulnerability in the implementation of the gatt protocol] RESERVED - bluez (bug #1003712) [bullseye] - bluez (Minor issue) [buster] - bluez (Minor issue) [stretch] - bluez (Minor issue) NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=591c546c536b42bef696d027f64aa22434f8c3f0 (5.63) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2039807 CVE-2022-0203 (Improper Access Control in GitHub repository crater-invoice/crater pri ...) NOT-FOR-US: Crater CVE-2022-0202 RESERVED CVE-2022-0201 (The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalin ...) NOT-FOR-US: WordPress plugin CVE-2022-0200 (Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-0199 RESERVED CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. ...) NOT-FOR-US: Crestron devices CVE-2022-23177 RESERVED CVE-2022-23176 RESERVED CVE-2022-23175 RESERVED CVE-2022-23174 RESERVED CVE-2022-23173 RESERVED CVE-2022-23172 RESERVED CVE-2022-23171 RESERVED CVE-2022-23170 RESERVED CVE-2022-23169 RESERVED CVE-2022-23168 RESERVED CVE-2022-23167 RESERVED CVE-2022-23166 RESERVED CVE-2022-23165 RESERVED CVE-2022-23164 RESERVED CVE-2022-23163 RESERVED CVE-2022-23162 RESERVED CVE-2022-23161 RESERVED CVE-2022-23160 RESERVED CVE-2022-23159 RESERVED CVE-2022-23158 RESERVED CVE-2022-23157 RESERVED CVE-2022-23156 RESERVED CVE-2022-23155 RESERVED CVE-2022-23154 RESERVED CVE-2022-23153 RESERVED CVE-2022-23152 RESERVED CVE-2022-23151 RESERVED CVE-2022-23150 RESERVED CVE-2022-23149 RESERVED CVE-2022-23148 RESERVED CVE-2022-23147 RESERVED CVE-2022-23146 RESERVED CVE-2022-23145 RESERVED CVE-2022-23144 RESERVED CVE-2022-23143 RESERVED CVE-2022-23142 RESERVED CVE-2022-23141 RESERVED CVE-2022-23140 RESERVED CVE-2022-23139 RESERVED CVE-2022-23138 RESERVED CVE-2022-23137 RESERVED CVE-2022-23136 RESERVED CVE-2022-23135 RESERVED CVE-2022-23134 (After the initial setup process, some steps of setup.php file are reac ...) {DLA-2914-1} - zabbix NOTE: https://support.zabbix.com/browse/ZBX-20384 NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa0fecfbcc9794bc00206630a7424575dfc944df (5.0.19rc2) CVE-2022-23133 (An authenticated user can create a hosts group from the configuration ...) - zabbix [stretch] - zabbix (Vulnerable code introduced later, and reverted with the fix) NOTE: https://support.zabbix.com/browse/ZBX-20388 NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/74b8716a73c324e6cdbdda1de434e7872740a908 (5.0.19rc1) NOTE: Introduced by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/f3654d0173ea244a2319a093f7c4e27ad9086dc3 (4.4.0alpha3) CVE-2022-23132 (During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability i ...) - zabbix [stretch] - zabbix (Not using RPM or DAC_OVERRIDE in Debian installs, zbx_ipc_service_init_env() not present) NOTE: https://support.zabbix.com/browse/ZBX-20341 NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/019fbd9b5cc9c455304f1a48460435ca474ba2ac (5.0.18) CVE-2022-23131 (In the case of instances where the SAML SSO authentication is enabled ...) - zabbix [stretch] - zabbix (SAML authentication support added in 5.0) NOTE: https://support.zabbix.com/browse/ZBX-20350 TODO: check, possibly only affecting 5.4.0 onwards; similar code but no upstream fix in 5.0 LTS CVE-2022-23130 (Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versi ...) NOT-FOR-US: Mitsubishi CVE-2022-23129 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric M ...) NOT-FOR-US: Mitsubishi CVE-2022-23128 (Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Elect ...) NOT-FOR-US: Mitsubishi CVE-2022-23127 (Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 v ...) NOT-FOR-US: Mitsubishi CVE-2022-23126 (TeslaMate before 1.25.1 (when using the default Docker configuration) ...) NOT-FOR-US: TeslaMate CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) NOT-FOR-US: corenlp CVE-2022-0197 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...) - phoronix-test-suite CVE-2022-0196 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...) - phoronix-test-suite CVE-2022-0195 RESERVED CVE-2022-23125 RESERVED CVE-2022-23124 RESERVED CVE-2022-23123 RESERVED CVE-2022-23122 RESERVED CVE-2022-23121 RESERVED CVE-2022-23120 (A code injection vulnerability in Trend Micro Deep Security and Cloud ...) NOT-FOR-US: Trend Micro CVE-2022-23119 (A directory traversal vulnerability in Trend Micro Deep Security and C ...) NOT-FOR-US: Trend Micro CVE-2022-23118 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements fu ...) NOT-FOR-US: Jenkins plugin CVE-2022-23117 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...) NOT-FOR-US: Jenkins plugin CVE-2022-23116 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...) NOT-FOR-US: Jenkins plugin CVE-2022-23115 (Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch tas ...) NOT-FOR-US: Jenkins plugin CVE-2022-23114 (Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unenc ...) NOT-FOR-US: Jenkins plugin CVE-2022-23113 (Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation ...) NOT-FOR-US: Jenkins plugin CVE-2022-23112 (A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-23111 (A cross-site request forgery (CSRF) vulnerability in Jenkins Publish O ...) NOT-FOR-US: Jenkins plugin CVE-2022-23110 (Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the S ...) NOT-FOR-US: Jenkins plugin CVE-2022-23109 (Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault c ...) NOT-FOR-US: Jenkins plugin CVE-2022-23108 (Jenkins Badge Plugin 1.9 and earlier does not escape the description a ...) NOT-FOR-US: Jenkins plugin CVE-2022-23107 (Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not re ...) NOT-FOR-US: Jenkins plugin CVE-2022-23106 (Jenkins Configuration as Code Plugin 1.55 and earlier used a non-const ...) NOT-FOR-US: Jenkins plugin CVE-2022-23105 (Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the ...) NOT-FOR-US: Jenkins plugin CVE-2022-23102 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-21236 (An information disclosure vulnerability exists due to a web server mis ...) NOT-FOR-US: Reolink CVE-2022-21217 (An out-of-bounds write vulnerability exists in the device TestEmail fu ...) NOT-FOR-US: Reolink CVE-2022-21134 (A firmware update vulnerability exists in the &quot;update&quo ...) NOT-FOR-US: Reolink CVE-2022-0194 RESERVED CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s para ...) NOT-FOR-US: WordPress plugin CVE-2022-0192 RESERVED CVE-2022-0191 RESERVED CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...) NOT-FOR-US: WordPress plugin CVE-2022-0189 RESERVED CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not logge ...) NOT-FOR-US: WordPress plugin CVE-2022-0187 RESERVED CVE-2022-0186 RESERVED CVE-2022-0185 (A heap-based buffer overflow flaw was found in the way the legacy_pars ...) {DSA-5050-1} - linux 5.15.15-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/722d94847de29310e8aa03fcbdb41fc92c521756 NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/7 NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/14 NOTE: https://www.willsroot.io/2022/01/cve-2022-0185.html CVE-2022-0184 (Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR59 ...) NOT-FOR-US: TEPRA CVE-2022-0183 (Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 ...) NOT-FOR-US: MIRUPASS CVE-2022-23101 RESERVED CVE-2022-23100 RESERVED CVE-2022-23099 RESERVED CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...) {DLA-2915-1} - connman (bug #1004935) [bullseye] - connman (Minor issue) [buster] - connman (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1 NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c34313a196515c80fe78a2862ad78174b985be5 CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40. forw ...) {DLA-2915-1} - connman (bug #1004935) [bullseye] - connman (Minor issue) [buster] - connman (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1 NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950 CVE-2022-23096 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...) {DLA-2915-1} - connman (bug #1004935) [bullseye] - connman (Minor issue) [buster] - connman (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1 NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950 CVE-2022-23095 (Open Design Alliance Drawings SDK before 2022.12.1 mishandles the load ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2022-23094 (Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of ...) {DSA-5048-1} - libreswan 4.6-1 [buster] - libreswan (Vulnerable code introduced in 4.2) NOTE: https://github.com/libreswan/libreswan/issues/585 NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094.txt NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.2-4.3.patch (4.2-4.3) NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.4-4.5.patch (4.4-4.5) CVE-2022-23093 RESERVED CVE-2022-23092 RESERVED CVE-2022-23091 RESERVED CVE-2022-23090 RESERVED CVE-2022-23089 RESERVED CVE-2022-23088 RESERVED CVE-2022-23087 RESERVED CVE-2022-23086 RESERVED CVE-2022-23085 RESERVED CVE-2022-23084 RESERVED CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transf ...) NOT-FOR-US: NetMaster CVE-2022-23082 RESERVED CVE-2022-23081 RESERVED CVE-2022-23080 RESERVED CVE-2022-23079 RESERVED CVE-2022-23078 RESERVED CVE-2022-23077 RESERVED CVE-2022-23076 RESERVED CVE-2022-23075 RESERVED CVE-2022-23074 RESERVED CVE-2022-23073 RESERVED CVE-2022-23072 RESERVED CVE-2022-23071 RESERVED CVE-2022-23070 RESERVED CVE-2022-23069 RESERVED CVE-2022-23068 RESERVED CVE-2022-23067 RESERVED CVE-2022-23066 RESERVED CVE-2022-23065 RESERVED CVE-2022-23064 RESERVED CVE-2022-23063 RESERVED CVE-2022-23062 RESERVED CVE-2022-23061 RESERVED CVE-2022-23060 RESERVED CVE-2022-23059 RESERVED CVE-2022-23058 RESERVED CVE-2022-23057 RESERVED CVE-2022-23056 RESERVED CVE-2022-23055 RESERVED CVE-2022-23054 RESERVED CVE-2022-23053 RESERVED CVE-2022-23052 RESERVED CVE-2022-23051 RESERVED CVE-2022-23050 RESERVED CVE-2022-23049 (Exponent CMS 2.6.0patch2 allows an authenticated user to inject persis ...) NOT-FOR-US: Exponent CMS CVE-2022-23048 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload ...) NOT-FOR-US: Exponent CMS CVE-2022-23047 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject ...) NOT-FOR-US: Exponent CMS CVE-2022-23046 (PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL senten ...) NOT-FOR-US: PhpIPAM CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent ...) NOT-FOR-US: PhpIPAM CVE-2022-23044 RESERVED CVE-2022-23043 RESERVED CVE-2022-23042 RESERVED CVE-2022-23041 RESERVED CVE-2022-23040 RESERVED CVE-2022-23039 RESERVED CVE-2022-23038 RESERVED CVE-2022-23037 RESERVED CVE-2022-23036 RESERVED CVE-2022-23035 (Insufficient cleanup of passed-through device IRQs The management of I ...) - xen [bullseye] - xen (Fix along with next DSA round) [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-395.html CVE-2022-23034 (A PV guest could DoS Xen while unmapping a grant To address XSA-380, r ...) - xen [bullseye] - xen (Fix along with next DSA round) [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-394.html CVE-2022-23033 (arm: guest_physmap_remove_page not removing the p2m mappings The funct ...) - xen [bullseye] - xen (Fix along with next DSA round) [buster] - xen (Vulnerable code introduced later) [stretch] - xen (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-393.html CVE-2022-23032 (In all versions before 7.2.1.4, when proxy settings are configured in ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23031 (On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23030 (On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23029 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23028 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23027 (On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23026 (On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23025 (On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x b ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23024 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23023 (On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23022 (On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is config ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23021 (On BIG-IP version 16.1.x before 16.1.2, when any of the following conf ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23020 (On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' se ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23019 (On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23018 (On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23017 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23016 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23015 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23014 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23013 (On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23012 (On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23011 (On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23010 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23009 (On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated ad ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23008 (On NGINX Controller API Management versions 3.18.0-3.19.0, an authenti ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23007 RESERVED CVE-2022-23006 RESERVED CVE-2022-23005 RESERVED CVE-2022-23004 RESERVED CVE-2022-23003 RESERVED CVE-2022-23002 RESERVED CVE-2022-23001 RESERVED CVE-2022-23000 RESERVED CVE-2022-22999 RESERVED CVE-2022-22998 RESERVED CVE-2022-22997 RESERVED CVE-2022-22996 RESERVED CVE-2022-22995 RESERVED CVE-2022-22994 (A remote code execution vulnerability was discovered on Western Digita ...) NOT-FOR-US: Western Digital CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital My Clou ...) NOT-FOR-US: Western Digital CVE-2022-22992 (A command injection remote code execution vulnerability was discovered ...) NOT-FOR-US: Western Digital CVE-2022-22991 (A malicious user on the same LAN could use DNS spoofing followed by a ...) NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware CVE-2022-22990 (A limited authentication bypass vulnerability was discovered that coul ...) NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware CVE-2022-22989 (My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vul ...) NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware CVE-2022-22988 (File and directory permissions have been corrected to prevent unintend ...) NOT-FOR-US: Western Digital CVE-2022-21234 RESERVED CVE-2022-21210 RESERVED CVE-2022-21145 RESERVED CVE-2022-0182 (Stored cross-site scripting vulnerability in Quiz And Survey Master ve ...) NOT-FOR-US: Quiz And Survey Master CVE-2022-0181 (Reflected cross-site scripting vulnerability in Quiz And Survey Master ...) NOT-FOR-US: Quiz And Survey Master CVE-2022-0180 (Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Mas ...) NOT-FOR-US: Quiz And Survey Master CVE-2022-0179 (snipe-it is vulnerable to Improper Access Control ...) NOT-FOR-US: snipe-it CVE-2022-0178 (snipe-it is vulnerable to Improper Access Control ...) NOT-FOR-US: snipe-it CVE-2022-0177 REJECTED CVE-2022-22983 RESERVED CVE-2022-22982 RESERVED CVE-2022-22981 RESERVED CVE-2022-22980 RESERVED CVE-2022-22979 RESERVED CVE-2022-22978 RESERVED CVE-2022-22977 RESERVED CVE-2022-22976 RESERVED CVE-2022-22975 RESERVED CVE-2022-22974 RESERVED CVE-2022-22973 RESERVED CVE-2022-22972 RESERVED CVE-2022-22971 RESERVED CVE-2022-22970 RESERVED CVE-2022-22969 RESERVED CVE-2022-22968 RESERVED CVE-2022-22967 RESERVED CVE-2022-22966 RESERVED CVE-2022-22965 RESERVED CVE-2022-22964 RESERVED CVE-2022-22963 RESERVED CVE-2022-22962 RESERVED CVE-2022-22961 RESERVED CVE-2022-22960 RESERVED CVE-2022-22959 RESERVED CVE-2022-22958 RESERVED CVE-2022-22957 RESERVED CVE-2022-22956 RESERVED CVE-2022-22955 RESERVED CVE-2022-22954 RESERVED CVE-2022-22953 RESERVED CVE-2022-22952 RESERVED CVE-2022-22951 RESERVED CVE-2022-22950 RESERVED CVE-2022-22949 RESERVED CVE-2022-22948 RESERVED CVE-2022-22947 RESERVED CVE-2022-22946 RESERVED CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability. A malici ...) NOT-FOR-US: VMware CVE-2022-22944 RESERVED CVE-2022-22943 RESERVED CVE-2022-22942 [drm/vmwgfx: Fix stale file descriptors on failed usercopy] RESERVED - linux 5.15.15-2 [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/01/27/4 NOTE: https://www.openwall.com/lists/oss-security/2022/02/03/1 NOTE: Fixed by: https://git.kernel.org/linus/a0f90c8815706981c483a652a6aefca51a5e191c CVE-2022-22941 RESERVED CVE-2022-22940 RESERVED CVE-2022-22939 (VMware Cloud Foundation contains an information disclosure vulnerabili ...) NOT-FOR-US: VMware CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windo ...) NOT-FOR-US: VMware CVE-2022-22937 RESERVED CVE-2022-22936 RESERVED CVE-2022-22935 RESERVED CVE-2022-22934 RESERVED CVE-2022-22933 RESERVED CVE-2022-22932 (Apache Karaf obr:* commands and run goal on the karaf-maven-plugin hav ...) - apache-karaf (bug #881297) CVE-2022-22931 (Fix of CVE-2021-40525 do not prepend delimiters upon valid directory v ...) NOT-FOR-US: Apache James CVE-2022-22930 (A remote code execution (RCE) vulnerability in the Template Management ...) NOT-FOR-US: MCMS CVE-2022-22929 (MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerabil ...) NOT-FOR-US: MCMS CVE-2022-22928 (MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing att ...) NOT-FOR-US: MCMS CVE-2022-22927 RESERVED CVE-2022-22926 RESERVED CVE-2022-22925 RESERVED CVE-2022-22924 RESERVED CVE-2022-22923 RESERVED CVE-2022-22922 RESERVED CVE-2022-22921 RESERVED CVE-2022-22920 RESERVED CVE-2022-22919 (Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SS ...) NOT-FOR-US: Adenza AxiomSL ControllerView CVE-2022-22918 RESERVED CVE-2022-22917 RESERVED CVE-2022-22916 RESERVED CVE-2022-22915 RESERVED CVE-2022-22914 RESERVED CVE-2022-22913 RESERVED CVE-2022-22912 RESERVED CVE-2022-22911 RESERVED CVE-2022-22910 RESERVED CVE-2022-22909 RESERVED CVE-2022-22908 RESERVED CVE-2022-22907 RESERVED CVE-2022-22906 RESERVED CVE-2022-22905 RESERVED CVE-2022-22904 RESERVED CVE-2022-22903 RESERVED CVE-2022-22902 RESERVED CVE-2022-22901 RESERVED CVE-2022-22900 RESERVED CVE-2022-22899 RESERVED CVE-2022-22898 RESERVED CVE-2022-22897 RESERVED CVE-2022-22896 RESERVED CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...) - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4850 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4882 CVE-2022-22894 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...) - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899 CVE-2022-22893 (Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_lo ...) - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4901 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4945 CVE-2022-22892 (There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_valu ...) - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4872 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878 CVE-2022-22891 (Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via e ...) - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4871 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4885 CVE-2022-22890 (There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT &am ...) - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4849 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4847 CVE-2022-22889 RESERVED CVE-2022-22888 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...) - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4877 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4848 CVE-2022-22887 RESERVED CVE-2022-22886 RESERVED CVE-2022-22885 RESERVED CVE-2022-22884 RESERVED CVE-2022-22883 RESERVED CVE-2022-22882 RESERVED CVE-2022-22881 RESERVED CVE-2022-22880 RESERVED CVE-2022-22879 RESERVED CVE-2022-22878 RESERVED CVE-2022-22877 RESERVED CVE-2022-22876 RESERVED CVE-2022-22875 RESERVED CVE-2022-22874 RESERVED CVE-2022-22873 RESERVED CVE-2022-22872 RESERVED CVE-2022-22871 RESERVED CVE-2022-22870 RESERVED CVE-2022-22869 RESERVED CVE-2022-22868 (Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting ( ...) NOT-FOR-US: Gibbon CMS CVE-2022-22867 RESERVED CVE-2022-22866 RESERVED CVE-2022-22865 RESERVED CVE-2022-22864 RESERVED CVE-2022-22863 RESERVED CVE-2022-22862 RESERVED CVE-2022-22861 RESERVED CVE-2022-22860 RESERVED CVE-2022-22859 RESERVED CVE-2022-22858 RESERVED CVE-2022-22857 RESERVED CVE-2022-22856 RESERVED CVE-2022-22855 RESERVED CVE-2022-22854 (An access control issue in hprms/admin/?page=user/list of Hospital Pat ...) NOT-FOR-US: Hospital Patient Record Management System CVE-2022-22853 (A stored cross-site scripting (XSS) vulnerability in Hospital Patient ...) NOT-FOR-US: Hospital Patient Record Management System CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) NOT-FOR-US: Sourcecodtester CVE-2022-22851 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) NOT-FOR-US: Sourcecodtester CVE-2022-22850 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) NOT-FOR-US: Sourcecodtester CVE-2022-22849 RESERVED CVE-2022-22149 RESERVED CVE-2022-0176 (The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 ...) NOT-FOR-US: WordPress plugin CVE-2022-0175 [memory initialization issue in vrend_resource_alloc_buffer() can lead to info leak] RESERVED - virglrenderer NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2039003 NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654 NOTE: Code refactored in https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/7899e057327848300b18d8f03aa3789e00ed0221 (0.9.0) NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c TODO: check if issue is present before refactoring in 0.9.0 CVE-2022-0174 (dolibarr is vulnerable to Business Logic Errors ...) - dolibarr CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read ...) - radare2 NOTE: https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5 NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2022-0171 RESERVED CVE-2022-0170 (peertube is vulnerable to Improper Access Control ...) - peertube (bug #950821) CVE-2022-0169 RESERVED CVE-2022-0168 RESERVED CVE-2022-0167 RESERVED CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to 5.7. ...) NOT-FOR-US: McAfee CVE-2022-0165 RESERVED CVE-2022-0164 RESERVED CVE-2022-0163 RESERVED CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 ...) NOT-FOR-US: TP-Link CVE-2022-0161 RESERVED CVE-2022-0160 RESERVED CVE-2022-0159 (orchardcore is vulnerable to Improper Neutralization of Input During W ...) NOT-FOR-US: orchardcore CVE-2022-0158 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/ NOTE: https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39 (v8.2.4049) CVE-2022-0157 (phoronix-test-suite is vulnerable to Improper Neutralization of Input ...) - phoronix-test-suite CVE-2022-22848 RESERVED CVE-2022-22847 (Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Se ...) NOT-FOR-US: Formpipe Lasernet CVE-2022-22846 (The dnslib package through 0.9.16 for Python does not verify that the ...) - python-dnslib 0.9.18-1 [bullseye] - python-dnslib (Minor issue) [buster] - python-dnslib (Minor issue) NOTE: https://github.com/paulc/dnslib/issues/30 NOTE: https://github.com/paulc/dnslib/commit/76e8677699ed098387d502c57980f58da642aeba CVE-2022-22845 (QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167 ...) NOT-FOR-US: QXIP SIPCAPTURE homer-app for HOMER CVE-2022-22844 (LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c i ...) - tiff 4.3.0-3 [bullseye] - tiff (Minor issue) [buster] - tiff (Minor issue) [stretch] - tiff (Minor issue; read overflow in CLI utility) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/355 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/287 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64 CVE-2022-22843 RESERVED CVE-2022-22842 RESERVED CVE-2022-22841 RESERVED CVE-2022-22840 RESERVED CVE-2022-22839 RESERVED CVE-2022-22838 RESERVED CVE-2022-22837 RESERVED CVE-2022-22836 (CoreFTP Server before 727 allows directory traversal (for file creatio ...) NOT-FOR-US: CoreFTP CVE-2022-22835 RESERVED CVE-2022-22834 RESERVED CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obta ...) NOT-FOR-US: Servisnet Tessa CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2. Authorization data i ...) NOT-FOR-US: Servisnet Tessa CVE-2022-22831 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add ...) NOT-FOR-US: Servisnet Tessa CVE-2022-22830 RESERVED CVE-2022-22829 RESERVED CVE-2022-22828 (An insecure direct object reference for the file-download URL in Synam ...) NOT-FOR-US: Synametrics CVE-2022-0156 (vim is vulnerable to Use After Free ...) - vim [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36 NOTE: https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f (v8.2.4040) CVE-2022-22827 (storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an in ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22826 (nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22825 (lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integ ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22824 (defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22823 (build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an i ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in wh ...) NOT-FOR-US: NVIDIA NeMo CVE-2022-22820 (Due to the lack of media file checks before rendering, it was possible ...) NOT-FOR-US: LINE CVE-2022-22819 RESERVED CVE-2022-22818 (The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ...) {DLA-2906-1} - python-django 2:3.2.12-1 (bug #1004752) [bullseye] - python-django (Minor issue) [buster] - python-django (Minor issue) NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/ NOTE: https://github.com/django/django/commit/394517f07886495efcf79f95c7ee402a9437bd68 (main) NOTE: https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5 (4.0.2) NOTE: https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2 (3.2.12) NOTE: https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6 (2.2.27) CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitra ...) {DSA-5053-1 DLA-2893-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval NOTE: https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11 (9.0.0) NOTE: Fillowup in 9.0.1: https://github.com/python-pillow/Pillow/commit/c930be0758ac02cf15a2b8d5409d50d443550581 CVE-2022-22816 (path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read d ...) {DSA-5053-1 DLA-2893-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling NOTE: https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c (9.0.0) CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly initializes I ...) {DSA-5053-1 DLA-2893-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling NOTE: https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c (9.0.0) CVE-2022-22814 RESERVED CVE-2022-0155 (follow-redirects is vulnerable to Exposure of Private Personal Informa ...) - node-follow-redirects 1.14.7+~1.13.1-1 [bullseye] - node-follow-redirects (Minor issue) [buster] - node-follow-redirects (Minor issue, too intrusive to backport) NOTE: https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406 NOTE: https://github.com/follow-redirects/follow-redirects/issues/183 NOTE: https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 (v1.14.7) CVE-2022-22813 (A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an a ...) NOT-FOR-US: Schneider Electric CVE-2022-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) NOT-FOR-US: Schneider Electric CVE-2022-22811 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that ...) NOT-FOR-US: Schneider Electric CVE-2022-22810 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...) NOT-FOR-US: Schneider Electric CVE-2022-22809 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider Electric CVE-2022-22808 (A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulne ...) NOT-FOR-US: Schneider Electric CVE-2022-22807 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...) NOT-FOR-US: Schneider Electric CVE-2022-22806 RESERVED CVE-2022-22805 RESERVED CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) NOT-FOR-US: Schneider Electric CVE-2022-22803 RESERVED CVE-2022-22802 RESERVED CVE-2022-22801 RESERVED CVE-2022-22800 RESERVED CVE-2022-22799 RESERVED CVE-2022-22798 RESERVED CVE-2022-22797 RESERVED CVE-2022-22796 RESERVED CVE-2022-22795 RESERVED CVE-2022-22794 RESERVED CVE-2022-22793 RESERVED CVE-2022-22792 (MobiSoft - MobiPlus User Take Over and Improper Handling of url Parame ...) NOT-FOR-US: MobiSoft CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code ...) NOT-FOR-US: SYNEL CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is an atta ...) NOT-FOR-US: SYNEL CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover – An attacker ...) NOT-FOR-US: Charactell - FormStorm Enterprise CVE-2022-22788 RESERVED CVE-2022-22787 RESERVED CVE-2022-22786 RESERVED CVE-2022-22785 RESERVED CVE-2022-22784 RESERVED CVE-2022-22783 RESERVED CVE-2022-22782 RESERVED CVE-2022-22781 RESERVED CVE-2022-22780 (The Zoom Client for Meetings chat functionality was susceptible to Zip ...) NOT-FOR-US: Zoom CVE-2022-22779 (The Keybase Clients for macOS and Windows before version 5.9.0 fails t ...) NOT-FOR-US: Keybase on MacOS & Windows CVE-2022-22778 RESERVED CVE-2022-22777 RESERVED CVE-2022-22776 RESERVED CVE-2022-22775 RESERVED CVE-2022-22774 RESERVED CVE-2022-22773 RESERVED CVE-2022-22772 RESERVED CVE-2022-22771 RESERVED CVE-2022-22770 (The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe cont ...) NOT-FOR-US: TIBCO CVE-2022-22769 (The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX ...) NOT-FOR-US: TIBCO CVE-2022-22768 RESERVED CVE-2022-22767 RESERVED CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products. If explo ...) NOT-FOR-US: BD Pyxis CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded credent ...) NOT-FOR-US: BD Viper LT system CVE-2022-22764 RESERVED {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22764 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22764 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22764 CVE-2022-22763 RESERVED {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22763 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22763 CVE-2022-22762 RESERVED - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22762 CVE-2022-22761 RESERVED {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22761 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22761 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22761 CVE-2022-22760 RESERVED {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22760 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22760 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22760 CVE-2022-22759 RESERVED {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22759 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22759 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22759 CVE-2022-22758 RESERVED - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22758 CVE-2022-22757 RESERVED - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22757 TODO: check if WebDriver enabled, if not demote severity to unimportant CVE-2022-22756 RESERVED {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22756 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22756 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22756 CVE-2022-22755 RESERVED - firefox 97.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22755 CVE-2022-22754 RESERVED {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22754 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22754 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22754 CVE-2022-22753 RESERVED - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22753 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22753 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22753 CVE-2022-22752 RESERVED - firefox 96.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22752 CVE-2022-22751 RESERVED {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22751 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22751 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22751 CVE-2022-22750 RESERVED - firefox (Only affects Windows and MacOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22750 CVE-2022-22749 RESERVED - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22749 CVE-2022-22748 RESERVED {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22748 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22748 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22748 CVE-2022-22747 RESERVED {DSA-5062-1 DSA-5045-1 DSA-5044-1 DLA-2898-1 DLA-2881-1 DLA-2880-1} - nss 2:3.73-1 - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22747 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1735028 NOTE: https://hg.mozilla.org/projects/nss/rev/7ff99e71f3e37faed12bc3cc90a3eed27e3418d0 CVE-2022-22746 RESERVED - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22746 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22746 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22746 CVE-2022-22745 RESERVED {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22745 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22745 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22745 CVE-2022-22744 RESERVED - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22744 CVE-2022-22743 RESERVED {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22743 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22743 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22743 CVE-2022-22742 RESERVED {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22742 CVE-2022-22741 RESERVED {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22741 CVE-2022-22740 RESERVED {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22740 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22740 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22740 CVE-2022-22739 RESERVED {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22739 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22739 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22739 CVE-2022-22738 RESERVED {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22738 CVE-2022-22737 RESERVED {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22737 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22737 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22737 CVE-2022-22736 RESERVED - firefox (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22736 CVE-2022-22735 RESERVED CVE-2022-22734 RESERVED CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Apache ShardingSphere ElasticJob-UI CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2022-0153 RESERVED CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2022-0150 RESERVED CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affe ...) NOT-FOR-US: WordPress plugin CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon ...) NOT-FOR-US: WordPress plugin CVE-2022-0147 RESERVED CVE-2022-0146 RESERVED CVE-2022-0145 RESERVED CVE-2022-22732 RESERVED CVE-2022-22731 RESERVED CVE-2022-0144 (shelljs is vulnerable to Improper Privilege Management ...) - node-shelljs 0.8.5+~cs0.8.10-1 [bullseye] - node-shelljs (Minor issue) [buster] - node-shelljs (Minor issue) [stretch] - node-shelljs (Nodejs in stretch not covered by security support) NOTE: https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/ NOTE: https://github.com/shelljs/shelljs/issues/1058 NOTE: https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c (v0.8.5) CVE-2022-0143 RESERVED CVE-2022-0142 RESERVED CVE-2022-0141 RESERVED CVE-2022-0140 RESERVED CVE-2022-22728 RESERVED CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) NOT-FOR-US: Schneider Electric CVE-2022-22726 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) NOT-FOR-US: Schneider Electric CVE-2022-22725 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider Electric CVE-2022-22724 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists that ...) NOT-FOR-US: Schneider Electric CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider Electric CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...) NOT-FOR-US: Schneider Electric CVE-2022-22721 RESERVED CVE-2022-22720 RESERVED CVE-2022-22719 RESERVED CVE-2022-22718 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...) NOT-FOR-US: Microsoft CVE-2022-22717 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...) NOT-FOR-US: Microsoft CVE-2022-22716 (Microsoft Excel Information Disclosure Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-22715 (Named Pipe File System Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-22714 RESERVED CVE-2022-22713 RESERVED CVE-2022-22712 (Windows Hyper-V Denial of Service Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-22711 RESERVED CVE-2022-22710 (Windows Common Log File System Driver Denial of Service Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-22709 (VP9 Video Extensions Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21806 RESERVED CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. ...) - radare2 NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/ NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0) CVE-2022-0138 RESERVED CVE-2022-0137 RESERVED CVE-2022-0136 RESERVED CVE-2022-0135 [out-of-bounds write in read_transfer_data()] RESERVED - virglrenderer NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037790 NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654 NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/95e581fd181b213c2ed7cdc63f2abc03eaaa77ec TODO: Check introducing information for issue CVE-2022-0134 RESERVED CVE-2022-0133 (peertube is vulnerable to Improper Access Control ...) - peertube (bug #950821) CVE-2022-0132 (peertube is vulnerable to Server-Side Request Forgery (SSRF) ...) - peertube (bug #950821) CVE-2022-0131 (Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API ...) NOT-FOR-US: Jimoty App for Android CVE-2022-22708 RESERVED CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...) {DSA-5040-1} - lighttpd 1.4.64-1 [stretch] - lighttpd (Vulnerable code not present; the issue was introduced in later versions) NOTE: https://redmine.lighttpd.net/issues/3134 NOTE: https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664 CVE-2022-22706 RESERVED CVE-2022-22705 RESERVED CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes a ...) NOT-FOR-US: zabbix-agent2 package for Alpine CVE-2022-22703 (In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cl ...) NOT-FOR-US: Stormshield SSO Agent CVE-2022-22702 (PartKeepr versions up to v1.4.0, in the functionality to upload attach ...) NOT-FOR-US: PartKeepr CVE-2022-22701 (PartKeepr versions up to v1.4.0, loads attachments using a URL while c ...) NOT-FOR-US: PartKeepr CVE-2022-22700 RESERVED CVE-2022-22699 RESERVED CVE-2022-22698 RESERVED CVE-2022-22697 RESERVED CVE-2022-22696 RESERVED CVE-2022-22695 RESERVED CVE-2022-22694 RESERVED CVE-2022-22693 RESERVED CVE-2022-22692 RESERVED CVE-2022-22691 (The password reset component deployed within Umbraco uses the hostname ...) NOT-FOR-US: Umbraco CMS CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...) NOT-FOR-US: Umbraco CMS CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, an ...) NOT-FOR-US: CA Harvest Software Change Manager CVE-2022-22688 RESERVED CVE-2022-22687 RESERVED CVE-2022-22686 RESERVED CVE-2022-22685 RESERVED CVE-2022-22684 RESERVED CVE-2022-22683 RESERVED CVE-2022-22682 RESERVED CVE-2022-22681 RESERVED CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) NOT-FOR-US: Synology CVE-2022-22679 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2022-22150 (A memory corruption vulnerability exists in the JavaScript engine of F ...) NOT-FOR-US: Foxit CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remo ...) NOT-FOR-US: Tenable CVE-2022-22678 RESERVED CVE-2022-0129 (Uncontrolled search path element vulnerability in McAfee TechCheck pri ...) NOT-FOR-US: McAfee CVE-2022-0128 (vim is vulnerable to Out-of-bounds Read ...) - vim [bullseye] - vim (Vulnerable code introduced later) [buster] - vim (Vulnerable code introduced later) [stretch] - vim (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba NOTE: Introduced by: https://github.com/vim/vim/commit/bdc0f1c6986e5d64f647e0924a4de795b47c549a (v8.2.2806) NOTE: Fixed by: https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a (v8.2.4009) CVE-2022-0127 RESERVED CVE-2022-0126 RESERVED CVE-2022-0125 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2022-0124 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - gitlab CVE-2022-0123 RESERVED CVE-2022-22677 RESERVED CVE-2022-22676 RESERVED CVE-2022-22675 RESERVED CVE-2022-22674 RESERVED CVE-2022-22673 RESERVED CVE-2022-22672 RESERVED CVE-2022-22671 RESERVED CVE-2022-22670 RESERVED CVE-2022-22669 RESERVED CVE-2022-22668 RESERVED CVE-2022-22667 RESERVED CVE-2022-22666 RESERVED CVE-2022-22665 RESERVED CVE-2022-22664 RESERVED CVE-2022-22663 RESERVED CVE-2022-22662 RESERVED CVE-2022-22661 RESERVED CVE-2022-22660 RESERVED CVE-2022-22659 RESERVED CVE-2022-22658 RESERVED CVE-2022-22657 RESERVED CVE-2022-22656 RESERVED CVE-2022-22655 RESERVED CVE-2022-22654 RESERVED CVE-2022-22653 RESERVED CVE-2022-22652 RESERVED CVE-2022-22651 RESERVED CVE-2022-22650 RESERVED CVE-2022-22649 RESERVED CVE-2022-22648 RESERVED CVE-2022-22647 RESERVED CVE-2022-22646 RESERVED CVE-2022-22645 RESERVED CVE-2022-22644 RESERVED CVE-2022-22643 RESERVED CVE-2022-22642 RESERVED CVE-2022-22641 RESERVED CVE-2022-22640 RESERVED CVE-2022-22639 RESERVED CVE-2022-22638 RESERVED CVE-2022-22637 RESERVED CVE-2022-22636 RESERVED CVE-2022-22635 RESERVED CVE-2022-22634 RESERVED CVE-2022-22633 RESERVED CVE-2022-22632 RESERVED CVE-2022-22631 RESERVED CVE-2022-22630 RESERVED CVE-2022-22629 RESERVED CVE-2022-22628 RESERVED CVE-2022-22627 RESERVED CVE-2022-22626 RESERVED CVE-2022-22625 RESERVED CVE-2022-22624 RESERVED CVE-2022-22623 RESERVED CVE-2022-22622 RESERVED CVE-2022-22621 RESERVED CVE-2022-22620 RESERVED CVE-2022-22619 RESERVED CVE-2022-22618 RESERVED CVE-2022-22617 RESERVED CVE-2022-22616 RESERVED CVE-2022-22615 RESERVED CVE-2022-22614 RESERVED CVE-2022-22613 RESERVED CVE-2022-22612 RESERVED CVE-2022-22611 RESERVED CVE-2022-22610 RESERVED CVE-2022-22609 RESERVED CVE-2022-22608 RESERVED CVE-2022-22607 RESERVED CVE-2022-22606 RESERVED CVE-2022-22605 RESERVED CVE-2022-22604 RESERVED CVE-2022-22603 RESERVED CVE-2022-22602 RESERVED CVE-2022-22601 RESERVED CVE-2022-22600 RESERVED CVE-2022-22599 RESERVED CVE-2022-22598 RESERVED CVE-2022-22597 RESERVED CVE-2022-22596 RESERVED CVE-2022-22595 RESERVED CVE-2022-22594 [A cross-origin issue in the IndexDB API was addressed with improved input validation] RESERVED {DSA-5061-1 DSA-5060-1} - webkit2gtk 2.34.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.4-1 NOTE: https://webkitgtk.org/security/WSA-2022-0001.html CVE-2022-22593 RESERVED CVE-2022-22591 RESERVED CVE-2022-22589 [A validation issue was addressed with improved input sanitization] RESERVED - webkit2gtk 2.34.5-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.5-1 NOTE: https://webkitgtk.org/security/WSA-2022-0002.html CVE-2022-22588 RESERVED CVE-2022-22587 RESERVED CVE-2022-22586 RESERVED CVE-2022-22585 RESERVED CVE-2022-22584 RESERVED CVE-2022-22583 RESERVED CVE-2022-22582 RESERVED CVE-2022-22581 RESERVED CVE-2022-22580 RESERVED CVE-2022-22579 RESERVED CVE-2022-22578 RESERVED CVE-2022-22577 RESERVED CVE-2022-22576 RESERVED CVE-2022-22575 RESERVED CVE-2022-22574 RESERVED CVE-2022-22573 RESERVED CVE-2022-22572 RESERVED CVE-2022-22571 RESERVED CVE-2022-22570 RESERVED CVE-2022-22569 RESERVED CVE-2022-22568 RESERVED CVE-2022-0122 (forge is vulnerable to URL Redirection to Untrusted Site ...) NOT-FOR-US: forge CVE-2022-0121 (hoppscotch is vulnerable to Exposure of Sensitive Information to an Un ...) NOT-FOR-US: hoppscotch CVE-2022-22567 (Select Dell Client Commercial and Consumer platforms are vulnerable to ...) NOT-FOR-US: Dell CVE-2022-22566 (Select Dell Client Commercial and Consumer platforms contain a pre-boo ...) NOT-FOR-US: Dell CVE-2022-22565 RESERVED CVE-2022-22564 RESERVED CVE-2022-22563 RESERVED CVE-2022-22562 RESERVED CVE-2022-22561 RESERVED CVE-2022-22560 RESERVED CVE-2022-22559 RESERVED CVE-2022-22558 RESERVED CVE-2022-22557 RESERVED CVE-2022-22556 RESERVED CVE-2022-22555 RESERVED CVE-2022-22554 (Dell EMC System Update, version 1.9.2 and prior, contain an Unprotecte ...) NOT-FOR-US: EMC CVE-2022-22553 (Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction o ...) NOT-FOR-US: EMC CVE-2022-22552 (Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerabil ...) NOT-FOR-US: EMC CVE-2022-22551 (DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensi ...) NOT-FOR-US: EMC CVE-2022-22550 RESERVED CVE-2022-22549 RESERVED CVE-2022-22548 RESERVED CVE-2022-22547 RESERVED CVE-2022-22546 (Due to improper HTML encoding in input control summary, an authorized ...) NOT-FOR-US: SAP CVE-2022-22545 (A high privileged user who has access to transaction SM59 can read con ...) NOT-FOR-US: SAP CVE-2022-22544 (Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720 ...) NOT-FOR-US: SAP CVE-2022-22543 (SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform ( ...) NOT-FOR-US: SAP CVE-2022-22542 (S/4HANA Supplier Factsheet exposes the private address and bank detail ...) NOT-FOR-US: SAP CVE-2022-22541 RESERVED CVE-2022-22540 (SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731 ...) NOT-FOR-US: SAP CVE-2022-22539 (When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) receiv ...) NOT-FOR-US: SAP CVE-2022-22538 (When a user opens a manipulated Adobe Illustrator file format (.ai, ai ...) NOT-FOR-US: SAP CVE-2022-22537 (When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3 ...) NOT-FOR-US: SAP CVE-2022-22536 (SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Serve ...) NOT-FOR-US: SAP CVE-2022-22535 (SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necess ...) NOT-FOR-US: SAP CVE-2022-22534 (Due to insufficient encoding of user input, SAP NetWeaver allows an un ...) NOT-FOR-US: SAP CVE-2022-22533 (Due to improper error handling in SAP NetWeaver Application Server Jav ...) NOT-FOR-US: SAP CVE-2022-22532 (In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7. ...) NOT-FOR-US: SAP CVE-2022-22531 (The F0743 Create Single Payment application of SAP S/4HANA - versions ...) NOT-FOR-US: SAP CVE-2022-22530 (The F0743 Create Single Payment application of SAP S/4HANA - versions ...) NOT-FOR-US: SAP CVE-2022-22529 (SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficie ...) NOT-FOR-US: SAP CVE-2022-22528 (SAP Adaptive Server Enterprise (ASE) - version 16.0, installation make ...) NOT-FOR-US: SAP CVE-2022-22527 RESERVED CVE-2022-0120 (Inappropriate implementation in Passwords in Google Chrome prior to 97 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0119 RESERVED CVE-2022-0118 (Inappropriate implementation in WebShare in Google Chrome prior to 97. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0117 (Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0116 (Inappropriate implementation in Compositing in Google Chrome prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0115 (Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0114 (Out of bounds memory access in Blink Serial API in Google Chrome prior ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0113 (Inappropriate implementation in Blink in Google Chrome prior to 97.0.4 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0112 (Incorrect security UI in Browser UI in Google Chrome prior to 97.0.469 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0111 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0110 (Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0109 (Inappropriate implementation in Autofill in Google Chrome prior to 97. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0108 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0107 (Use after free in File Manager API in Google Chrome on Chrome OS prior ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0106 (Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0105 (Use after free in PDF Accessibility in Google Chrome prior to 97.0.469 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0104 (Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0103 (Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0102 (Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0101 (Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0100 (Heap buffer overflow in Media streams API in Google Chrome prior to 97 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0099 (Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allow ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0098 (Use after free in Screen Capture in Google Chrome on Chrome OS prior t ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0097 (Inappropriate implementation in DevTools in Google Chrome prior to 97. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0096 (Use after free in Storage in Google Chrome prior to 97.0.4692.71 allow ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0095 RESERVED CVE-2022-0094 RESERVED CVE-2022-0093 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - gitlab CVE-2022-0092 RESERVED CVE-2022-0091 RESERVED CVE-2022-0090 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - gitlab CVE-2022-0089 RESERVED CVE-2022-0088 RESERVED CVE-2022-22526 RESERVED CVE-2022-22525 RESERVED CVE-2022-22524 RESERVED CVE-2022-22523 RESERVED CVE-2022-22522 RESERVED CVE-2022-22521 RESERVED CVE-2022-22520 RESERVED CVE-2022-22519 RESERVED CVE-2022-22518 RESERVED CVE-2022-22517 RESERVED CVE-2022-22516 RESERVED CVE-2022-22515 RESERVED CVE-2022-22514 RESERVED CVE-2022-22513 RESERVED CVE-2022-22512 RESERVED CVE-2022-22511 RESERVED CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer derefere ...) NOT-FOR-US: Codesys CVE-2022-22509 (In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect ...) NOT-FOR-US: Phoenix Contact FL SWITCH Series CVE-2022-22508 RESERVED CVE-2022-22507 RESERVED CVE-2022-22506 RESERVED CVE-2022-22505 RESERVED CVE-2022-22504 RESERVED CVE-2022-22503 RESERVED CVE-2022-22502 RESERVED CVE-2022-22501 RESERVED CVE-2022-22500 RESERVED CVE-2022-22499 RESERVED CVE-2022-22498 RESERVED CVE-2022-22497 RESERVED CVE-2022-22496 RESERVED CVE-2022-22495 RESERVED CVE-2022-22494 RESERVED CVE-2022-22493 RESERVED CVE-2022-22492 RESERVED CVE-2022-22491 RESERVED CVE-2022-22490 RESERVED CVE-2022-22489 RESERVED CVE-2022-22488 RESERVED CVE-2022-22487 RESERVED CVE-2022-22486 RESERVED CVE-2022-22485 RESERVED CVE-2022-22484 RESERVED CVE-2022-22483 RESERVED CVE-2022-22482 RESERVED CVE-2022-22481 RESERVED CVE-2022-22480 RESERVED CVE-2022-22479 RESERVED CVE-2022-22478 RESERVED CVE-2022-22477 RESERVED CVE-2022-22476 RESERVED CVE-2022-22475 RESERVED CVE-2022-22474 RESERVED CVE-2022-22473 RESERVED CVE-2022-22472 RESERVED CVE-2022-22471 RESERVED CVE-2022-22470 RESERVED CVE-2022-22469 RESERVED CVE-2022-22468 RESERVED CVE-2022-22467 RESERVED CVE-2022-22466 RESERVED CVE-2022-22465 RESERVED CVE-2022-22464 RESERVED CVE-2022-22463 RESERVED CVE-2022-22462 RESERVED CVE-2022-22461 RESERVED CVE-2022-22460 RESERVED CVE-2022-22459 RESERVED CVE-2022-22458 RESERVED CVE-2022-22457 RESERVED CVE-2022-22456 RESERVED CVE-2022-22455 RESERVED CVE-2022-22454 RESERVED CVE-2022-22453 RESERVED CVE-2022-22452 RESERVED CVE-2022-22451 RESERVED CVE-2022-22450 RESERVED CVE-2022-22449 RESERVED CVE-2022-22448 RESERVED CVE-2022-22447 RESERVED CVE-2022-22446 RESERVED CVE-2022-22445 RESERVED CVE-2022-22444 RESERVED CVE-2022-22443 RESERVED CVE-2022-22442 RESERVED CVE-2022-22441 RESERVED CVE-2022-22440 RESERVED CVE-2022-22439 RESERVED CVE-2022-22438 RESERVED CVE-2022-22437 RESERVED CVE-2022-22436 RESERVED CVE-2022-22435 RESERVED CVE-2022-22434 RESERVED CVE-2022-22433 RESERVED CVE-2022-22432 RESERVED CVE-2022-22431 RESERVED CVE-2022-22430 RESERVED CVE-2022-22429 RESERVED CVE-2022-22428 RESERVED CVE-2022-22427 RESERVED CVE-2022-22426 RESERVED CVE-2022-22425 RESERVED CVE-2022-22424 RESERVED CVE-2022-22423 RESERVED CVE-2022-22422 RESERVED CVE-2022-22421 RESERVED CVE-2022-22420 RESERVED CVE-2022-22419 RESERVED CVE-2022-22418 RESERVED CVE-2022-22417 RESERVED CVE-2022-22416 RESERVED CVE-2022-22415 RESERVED CVE-2022-22414 RESERVED CVE-2022-22413 RESERVED CVE-2022-22412 RESERVED CVE-2022-22411 RESERVED CVE-2022-22410 RESERVED CVE-2022-22409 RESERVED CVE-2022-22408 RESERVED CVE-2022-22407 RESERVED CVE-2022-22406 RESERVED CVE-2022-22405 RESERVED CVE-2022-22404 RESERVED CVE-2022-22403 RESERVED CVE-2022-22402 RESERVED CVE-2022-22401 RESERVED CVE-2022-22400 RESERVED CVE-2022-22399 RESERVED CVE-2022-22398 RESERVED CVE-2022-22397 RESERVED CVE-2022-22396 RESERVED CVE-2022-22395 RESERVED CVE-2022-22394 RESERVED CVE-2022-22393 RESERVED CVE-2022-22392 RESERVED CVE-2022-22391 RESERVED CVE-2022-22390 RESERVED CVE-2022-22389 RESERVED CVE-2022-22388 RESERVED CVE-2022-22387 RESERVED CVE-2022-22386 RESERVED CVE-2022-22385 RESERVED CVE-2022-22384 RESERVED CVE-2022-22383 RESERVED CVE-2022-22382 RESERVED CVE-2022-22381 RESERVED CVE-2022-22380 RESERVED CVE-2022-22379 RESERVED CVE-2022-22378 RESERVED CVE-2022-22377 RESERVED CVE-2022-22376 RESERVED CVE-2022-22375 RESERVED CVE-2022-22374 RESERVED CVE-2022-22373 RESERVED CVE-2022-22372 RESERVED CVE-2022-22371 RESERVED CVE-2022-22370 RESERVED CVE-2022-22369 RESERVED CVE-2022-22368 RESERVED CVE-2022-22367 RESERVED CVE-2022-22366 RESERVED CVE-2022-22365 RESERVED CVE-2022-22364 RESERVED CVE-2022-22363 RESERVED CVE-2022-22362 RESERVED CVE-2022-22361 RESERVED CVE-2022-22360 RESERVED CVE-2022-22359 RESERVED CVE-2022-22358 RESERVED CVE-2022-22357 RESERVED CVE-2022-22356 RESERVED CVE-2022-22355 RESERVED CVE-2022-22354 RESERVED CVE-2022-22353 RESERVED CVE-2022-22352 RESERVED CVE-2022-22351 RESERVED CVE-2022-22350 RESERVED CVE-2022-22349 RESERVED CVE-2022-22348 RESERVED CVE-2022-22347 RESERVED CVE-2022-22346 RESERVED CVE-2022-22345 RESERVED CVE-2022-22344 RESERVED CVE-2022-22343 RESERVED CVE-2022-22342 RESERVED CVE-2022-22341 RESERVED CVE-2022-22340 RESERVED CVE-2022-22339 RESERVED CVE-2022-22338 RESERVED CVE-2022-22337 RESERVED CVE-2022-22336 RESERVED CVE-2022-22335 RESERVED CVE-2022-22334 RESERVED CVE-2022-22333 RESERVED CVE-2022-22332 RESERVED CVE-2022-22331 RESERVED CVE-2022-22330 RESERVED CVE-2022-22329 RESERVED CVE-2022-22328 RESERVED CVE-2022-22327 RESERVED CVE-2022-22326 RESERVED CVE-2022-22325 RESERVED CVE-2022-22324 RESERVED CVE-2022-22323 RESERVED CVE-2022-22322 RESERVED CVE-2022-22321 RESERVED CVE-2022-22320 RESERVED CVE-2022-22319 RESERVED CVE-2022-22318 RESERVED CVE-2022-22317 RESERVED CVE-2022-22316 RESERVED CVE-2022-22315 RESERVED CVE-2022-22314 RESERVED CVE-2022-22313 RESERVED CVE-2022-22312 RESERVED CVE-2022-22311 RESERVED CVE-2022-22310 (IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 c ...) NOT-FOR-US: IBM CVE-2022-22309 RESERVED CVE-2022-22308 RESERVED CVE-2022-22307 RESERVED CVE-2022-0087 (keystone is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: KeystoneJS CVE-2022-22306 RESERVED CVE-2022-22305 RESERVED CVE-2022-22304 RESERVED CVE-2022-22303 RESERVED CVE-2022-22302 RESERVED CVE-2022-22301 RESERVED CVE-2022-22300 RESERVED CVE-2022-22299 RESERVED CVE-2022-22298 RESERVED CVE-2022-22297 RESERVED CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0 is vul ...) NOT-FOR-US: Sourcecodester CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Metinfo CVE-2022-22294 (A SQL injection vulnerability exists in ZFAKA<=1.43 which an attack ...) NOT-FOR-US: zfaka CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...) NOT-FOR-US: Node uppy CVE-2022-0085 RESERVED CVE-2022-0084 RESERVED CVE-2022-0083 (livehelperchat is vulnerable to Generation of Error Message Containing ...) NOT-FOR-US: livehelperchat CVE-2022-0082 RESERVED CVE-2022-22293 (admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstra ...) - dolibarr CVE-2022-0081 RESERVED CVE-2022-0080 (mruby is vulnerable to Heap-based Buffer Overflow ...) - mruby 3.0.0-3 [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) [stretch] - mruby (Minor issue) NOTE: https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e/ NOTE: https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6 CVE-2022-0079 (showdoc is vulnerable to Generation of Error Message Containing Sensit ...) NOT-FOR-US: ShowDoc CVE-2022-0078 RESERVED CVE-2022-22292 (Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release ...) NOT-FOR-US: Samsung CVE-2022-22291 (Logging of excessive data vulnerability in telephony prior to SMR Feb- ...) NOT-FOR-US: Samsung CVE-2022-22290 (Incorrect download source UI in Downloads in Samsung Internet prior to ...) NOT-FOR-US: Samsung CVE-2022-22289 (Improper access control vulnerability in S Assistant prior to version ...) NOT-FOR-US: Samsung CVE-2022-22288 (Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 ...) NOT-FOR-US: Samsung CVE-2022-22287 (Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 ...) NOT-FOR-US: Samsung CVE-2022-22286 (A vulnerability using PendingIntent in Bixby Routines prior to version ...) NOT-FOR-US: Samsung CVE-2022-22285 (A vulnerability using PendingIntent in Reminder prior to version 12.2. ...) NOT-FOR-US: Samsung CVE-2022-22284 (Improper authentication vulnerability in Samsung Internet prior to 16. ...) NOT-FOR-US: Samsung CVE-2022-22283 (Improper session management vulnerability in Samsung Health prior to 6 ...) NOT-FOR-US: Samsung CVE-2022-22282 RESERVED CVE-2022-22281 RESERVED CVE-2022-22280 RESERVED CVE-2022-22279 RESERVED CVE-2022-22278 RESERVED CVE-2022-22277 RESERVED CVE-2022-22276 RESERVED CVE-2022-22275 RESERVED CVE-2022-22274 RESERVED CVE-2022-22273 RESERVED CVE-2022-22272 (Improper authorization in TelephonyManager prior to SMR Jan-2022 Relea ...) NOT-FOR-US: Samsung CVE-2022-22271 (A missing input validation before memory copy in TIMA trustlet prior t ...) NOT-FOR-US: Samsung CVE-2022-22270 (An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan- ...) NOT-FOR-US: Samsung CVE-2022-22269 (Keeping sensitive data in unprotected BluetoothSettingsProvider prior ...) NOT-FOR-US: Samsung CVE-2022-22268 (Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 ...) NOT-FOR-US: Samsung CVE-2022-22267 (Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior ...) NOT-FOR-US: Samsung CVE-2022-22266 ((Applicable to China models only) Unprotected WifiEvaluationService in ...) NOT-FOR-US: Samsung CVE-2022-22265 (An improper check or handling of exceptional conditions in NPU driver ...) NOT-FOR-US: Samsung CVE-2022-22264 (Improper sanitization of incoming intent in Dressroom prior to SMR Jan ...) NOT-FOR-US: Samsung CVE-2022-22263 (Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Rele ...) NOT-FOR-US: Samsung CVE-2022-22262 RESERVED CVE-2022-0077 RESERVED CVE-2022-0076 RESERVED CVE-2022-0075 RESERVED CVE-2022-0074 RESERVED CVE-2022-0073 RESERVED CVE-2022-0072 RESERVED CVE-2022-0071 RESERVED CVE-2022-0070 RESERVED CVE-2022-0069 RESERVED CVE-2022-0068 RESERVED CVE-2022-0067 RESERVED CVE-2022-0066 RESERVED CVE-2022-0065 RESERVED CVE-2022-0064 RESERVED CVE-2022-0063 RESERVED CVE-2022-0062 RESERVED CVE-2022-0061 RESERVED CVE-2022-0060 RESERVED CVE-2022-0059 RESERVED CVE-2022-0058 RESERVED CVE-2022-0057 RESERVED CVE-2022-0056 RESERVED CVE-2022-0055 RESERVED CVE-2022-0054 RESERVED CVE-2022-0053 RESERVED CVE-2022-0052 RESERVED CVE-2022-0051 RESERVED CVE-2022-0050 RESERVED CVE-2022-0049 RESERVED CVE-2022-0048 RESERVED CVE-2022-0047 RESERVED CVE-2022-0046 RESERVED CVE-2022-0045 RESERVED CVE-2022-0044 RESERVED CVE-2022-0043 RESERVED CVE-2022-0042 RESERVED CVE-2022-0041 RESERVED CVE-2022-0040 RESERVED CVE-2022-0039 RESERVED CVE-2022-0038 RESERVED CVE-2022-0037 RESERVED CVE-2022-0036 RESERVED CVE-2022-0035 RESERVED CVE-2022-0034 RESERVED CVE-2022-0033 RESERVED CVE-2022-0032 RESERVED CVE-2022-0031 RESERVED CVE-2022-0030 RESERVED CVE-2022-0029 RESERVED CVE-2022-0028 RESERVED CVE-2022-0027 RESERVED CVE-2022-0026 RESERVED CVE-2022-0025 RESERVED CVE-2022-0024 RESERVED CVE-2022-0023 RESERVED CVE-2022-0022 RESERVED CVE-2022-0021 (An information exposure through log file vulnerability exists in the P ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0020 (A stored cross-site scripting (XSS) vulnerability in Palo Alto Network ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0019 (An insufficiently protected credentials vulnerability exists in the Pa ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0018 (An information exposure vulnerability exists in the Palo Alto Networks ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0017 (An improper link resolution before file access ('link following') vuln ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0016 (An improper handling of exceptional conditions vulnerability exists wi ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0015 (A local privilege escalation (PE) vulnerability exists in the Palo Alt ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0014 (An untrusted search path vulnerability exists in the Palo Alto Network ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0013 (A file information exposure vulnerability exists in the Palo Alto Netw ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0012 (An improper link resolution before file access vulnerability exists in ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0011 (PAN-OS software provides options to exclude specific websites from URL ...) NOT-FOR-US: Palo Alto Networks CVE-2022-22261 RESERVED CVE-2022-22260 RESERVED CVE-2022-22259 RESERVED CVE-2022-22258 RESERVED CVE-2022-22257 RESERVED CVE-2022-22256 RESERVED CVE-2022-22255 RESERVED CVE-2022-22254 RESERVED CVE-2022-22253 RESERVED CVE-2022-22252 RESERVED CVE-2022-22251 RESERVED CVE-2022-22250 RESERVED CVE-2022-22249 RESERVED CVE-2022-22248 RESERVED CVE-2022-22247 RESERVED CVE-2022-22246 RESERVED CVE-2022-22245 RESERVED CVE-2022-22244 RESERVED CVE-2022-22243 RESERVED CVE-2022-22242 RESERVED CVE-2022-22241 RESERVED CVE-2022-22240 RESERVED CVE-2022-22239 RESERVED CVE-2022-22238 RESERVED CVE-2022-22237 RESERVED CVE-2022-22236 RESERVED CVE-2022-22235 RESERVED CVE-2022-22234 RESERVED CVE-2022-22233 RESERVED CVE-2022-22232 RESERVED CVE-2022-22231 RESERVED CVE-2022-22230 RESERVED CVE-2022-22229 RESERVED CVE-2022-22228 RESERVED CVE-2022-22227 RESERVED CVE-2022-22226 RESERVED CVE-2022-22225 RESERVED CVE-2022-22224 RESERVED CVE-2022-22223 RESERVED CVE-2022-22222 RESERVED CVE-2022-22221 RESERVED CVE-2022-22220 RESERVED CVE-2022-22219 RESERVED CVE-2022-22218 RESERVED CVE-2022-22217 RESERVED CVE-2022-22216 RESERVED CVE-2022-22215 RESERVED CVE-2022-22214 RESERVED CVE-2022-22213 RESERVED CVE-2022-22212 RESERVED CVE-2022-22211 RESERVED CVE-2022-22210 RESERVED CVE-2022-22209 RESERVED CVE-2022-22208 RESERVED CVE-2022-22207 RESERVED CVE-2022-22206 RESERVED CVE-2022-22205 RESERVED CVE-2022-22204 RESERVED CVE-2022-22203 RESERVED CVE-2022-22202 RESERVED CVE-2022-22201 RESERVED CVE-2022-22200 RESERVED CVE-2022-22199 RESERVED CVE-2022-22198 RESERVED CVE-2022-22197 RESERVED CVE-2022-22196 RESERVED CVE-2022-22195 RESERVED CVE-2022-22194 RESERVED CVE-2022-22193 RESERVED CVE-2022-22192 RESERVED CVE-2022-22191 RESERVED CVE-2022-22190 RESERVED CVE-2022-22189 RESERVED CVE-2022-22188 RESERVED CVE-2022-22187 RESERVED CVE-2022-22186 RESERVED CVE-2022-22185 RESERVED CVE-2022-22184 RESERVED CVE-2022-22183 RESERVED CVE-2022-22182 RESERVED CVE-2022-22181 RESERVED CVE-2022-22180 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22179 (A Improper Validation of Specified Index, Position, or Offset in Input ...) NOT-FOR-US: Juniper CVE-2022-22178 (A Stack-based Buffer Overflow vulnerability in the flow processing dae ...) NOT-FOR-US: Juniper CVE-2022-22177 (A release of illegal memory vulnerability in the snmpd daemon of Junip ...) NOT-FOR-US: Juniper CVE-2022-22176 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22175 (An Improper Locking vulnerability in the SIP ALG of Juniper Networks J ...) NOT-FOR-US: Juniper CVE-2022-22174 (A vulnerability in the processing of inbound IPv6 packets in Juniper N ...) NOT-FOR-US: Juniper CVE-2022-22173 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2022-22172 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2022-22171 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22170 (A Missing Release of Resource after Effective Lifetime vulnerability i ...) NOT-FOR-US: Juniper CVE-2022-22169 (An Improper Initialization vulnerability in the routing protocol daemo ...) NOT-FOR-US: Juniper CVE-2022-22168 (An Improper Validation of Specified Type of Input vulnerability in the ...) NOT-FOR-US: Juniper CVE-2022-22167 (A traffic classification vulnerability in Juniper Networks Junos OS on ...) NOT-FOR-US: Juniper CVE-2022-22166 (An Improper Validation of Specified Quantity in Input vulnerability in ...) NOT-FOR-US: Juniper CVE-2022-22165 RESERVED CVE-2022-22164 (An Improper Initialization vulnerability in Juniper Networks Junos OS ...) NOT-FOR-US: Juniper CVE-2022-22163 (An Improper Input Validation vulnerability in the Juniper DHCP daemon ...) NOT-FOR-US: Juniper CVE-2022-22162 (A Generation of Error Message Containing Sensitive Information vulnera ...) NOT-FOR-US: Juniper CVE-2022-22161 (An Uncontrolled Resource Consumption vulnerability in the kernel of Ju ...) NOT-FOR-US: Juniper CVE-2022-22160 (An Unchecked Error Condition vulnerability in the subscriber managemen ...) NOT-FOR-US: Juniper CVE-2022-22159 (A vulnerability in the NETISR network queue functionality of Juniper N ...) NOT-FOR-US: Juniper CVE-2022-22158 RESERVED CVE-2022-22157 (A traffic classification vulnerability in Juniper Networks Junos OS on ...) NOT-FOR-US: Juniper CVE-2022-22156 (An Improper Certificate Validation weakness in the Juniper Networks Ju ...) NOT-FOR-US: Juniper CVE-2022-22155 (An Uncontrolled Resource Consumption vulnerability in the handling of ...) NOT-FOR-US: Juniper CVE-2022-22154 (In a Junos Fusion scenario an External Control of Critical State Data ...) NOT-FOR-US: Juniper CVE-2022-22153 (An Insufficient Algorithmic Complexity combined with an Allocation of ...) NOT-FOR-US: Juniper CVE-2022-22152 (A Protection Mechanism Failure vulnerability in the REST API of Junipe ...) NOT-FOR-US: Juniper CVE-2022-21800 RESERVED CVE-2022-21215 RESERVED CVE-2022-21196 RESERVED CVE-2022-21155 RESERVED CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...) NOT-FOR-US: Omron CX-One CVE-2022-22136 RESERVED CVE-2022-22135 RESERVED CVE-2022-22134 RESERVED CVE-2022-22133 RESERVED CVE-2022-22132 RESERVED CVE-2022-22131 RESERVED CVE-2022-22130 RESERVED CVE-2022-22129 RESERVED CVE-2022-22128 RESERVED CVE-2022-22127 RESERVED CVE-2022-22126 RESERVED CVE-2022-22125 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...) NOT-FOR-US: Halo CVE-2022-22124 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...) NOT-FOR-US: Halo CVE-2022-22123 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...) NOT-FOR-US: Halo CVE-2022-22122 REJECTED CVE-2022-22121 (In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injectio ...) NOT-FOR-US: NocoDB CVE-2022-22120 (In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrep ...) NOT-FOR-US: NocoDB CVE-2022-22119 RESERVED CVE-2022-22118 RESERVED CVE-2022-22117 (In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted f ...) NOT-FOR-US: Directus CVE-2022-22116 (In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to st ...) NOT-FOR-US: Directus CVE-2022-22115 (In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Si ...) NOT-FOR-US: Teedy CVE-2022-22114 (In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross ...) NOT-FOR-US: Teedy CVE-2022-22113 (In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable ...) NOT-FOR-US: DayByDay CRM CVE-2022-22112 (In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an ap ...) NOT-FOR-US: DayByDay CRM CVE-2022-22111 (In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. ...) NOT-FOR-US: DayByDay CRM CVE-2022-22110 (In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requ ...) NOT-FOR-US: DayByDay CRM CVE-2022-22109 (In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scri ...) NOT-FOR-US: DayByDay CRM CVE-2022-22108 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missin ...) NOT-FOR-US: DayByDay CRM CVE-2022-22107 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missin ...) NOT-FOR-US: DayByDay CRM CVE-2022-22106 RESERVED CVE-2022-22105 RESERVED CVE-2022-22104 RESERVED CVE-2022-22103 RESERVED CVE-2022-22102 RESERVED CVE-2022-22101 RESERVED CVE-2022-22100 RESERVED CVE-2022-22099 RESERVED CVE-2022-22098 RESERVED CVE-2022-22097 RESERVED CVE-2022-22096 RESERVED CVE-2022-22095 RESERVED CVE-2022-22094 RESERVED CVE-2022-22093 RESERVED CVE-2022-22092 RESERVED CVE-2022-22091 RESERVED CVE-2022-22090 RESERVED CVE-2022-22089 RESERVED CVE-2022-22088 RESERVED CVE-2022-22087 RESERVED CVE-2022-22086 RESERVED CVE-2022-22085 RESERVED CVE-2022-22084 RESERVED CVE-2022-22083 RESERVED CVE-2022-22082 RESERVED CVE-2022-22081 RESERVED CVE-2022-22080 RESERVED CVE-2022-22079 RESERVED CVE-2022-22078 RESERVED CVE-2022-22077 RESERVED CVE-2022-22076 RESERVED CVE-2022-22075 RESERVED CVE-2022-22074 RESERVED CVE-2022-22073 RESERVED CVE-2022-22072 RESERVED CVE-2022-22071 RESERVED CVE-2022-22070 RESERVED CVE-2022-22069 RESERVED CVE-2022-22068 RESERVED CVE-2022-22067 RESERVED CVE-2022-22066 RESERVED CVE-2022-22065 RESERVED CVE-2022-22064 RESERVED CVE-2022-22063 RESERVED CVE-2022-22062 RESERVED CVE-2022-22061 RESERVED CVE-2022-22060 RESERVED CVE-2022-22059 RESERVED CVE-2022-22058 RESERVED CVE-2022-22057 RESERVED CVE-2022-22056 (The Le-yan dental management system contains a hard-coded credentials ...) NOT-FOR-US: Le-yan dental management system CVE-2022-22055 (The Le-yan dental management system contains an SQL-injection vulnerab ...) NOT-FOR-US: Le-yan dental management system CVE-2022-22054 (ASUS RT-AX56U’s login function contains a path traversal vulnera ...) NOT-FOR-US: ASUS CVE-2022-22053 RESERVED CVE-2022-22052 RESERVED CVE-2022-22051 RESERVED CVE-2022-22050 RESERVED CVE-2022-22049 RESERVED CVE-2022-22048 RESERVED CVE-2022-22047 RESERVED CVE-2022-22046 RESERVED CVE-2022-22045 RESERVED CVE-2022-22044 RESERVED CVE-2022-22043 RESERVED CVE-2022-22042 RESERVED CVE-2022-22041 RESERVED CVE-2022-22040 RESERVED CVE-2022-22039 RESERVED CVE-2022-22038 RESERVED CVE-2022-22037 RESERVED CVE-2022-22036 RESERVED CVE-2022-22035 RESERVED CVE-2022-22034 RESERVED CVE-2022-22033 RESERVED CVE-2022-22032 RESERVED CVE-2022-22031 RESERVED CVE-2022-22030 RESERVED CVE-2022-22029 RESERVED CVE-2022-22028 RESERVED CVE-2022-22027 RESERVED CVE-2022-22026 RESERVED CVE-2022-22025 RESERVED CVE-2022-22024 RESERVED CVE-2022-22023 RESERVED CVE-2022-22022 RESERVED CVE-2022-22021 RESERVED CVE-2022-22020 RESERVED CVE-2022-22019 RESERVED CVE-2022-22018 RESERVED CVE-2022-22017 RESERVED CVE-2022-22016 RESERVED CVE-2022-22015 RESERVED CVE-2022-22014 RESERVED CVE-2022-22013 RESERVED CVE-2022-22012 RESERVED CVE-2022-22011 RESERVED CVE-2022-22010 RESERVED CVE-2022-22009 RESERVED CVE-2022-22008 RESERVED CVE-2022-22007 RESERVED CVE-2022-22006 RESERVED CVE-2022-22005 (Microsoft SharePoint Server Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-22004 (Microsoft Office ClickToRun Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-22003 (Microsoft Office Graphics Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-22002 (Windows User Account Profile Picture Denial of Service Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-22001 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2022-22000 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-21999 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...) NOT-FOR-US: Microsoft CVE-2022-21998 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-21997 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...) NOT-FOR-US: Microsoft CVE-2022-21996 (Win32k Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21995 (Windows Hyper-V Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21994 (Windows DWM Core Library Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21993 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) NOT-FOR-US: Microsoft CVE-2022-21992 (Windows Mobile Device Management Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21991 (Visual Studio Code Remote Development Extension Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2022-21990 RESERVED CVE-2022-21989 (Windows Kernel Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21988 (Microsoft Office Visio Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21987 (Microsoft SharePoint Server Spoofing Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21986 (.NET Denial of Service Vulnerability. ...) NOT-FOR-US: Microsoft .NET CVE-2022-21985 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21984 (Windows DNS Server Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21983 RESERVED CVE-2022-21982 RESERVED CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-21980 RESERVED CVE-2022-21979 RESERVED CVE-2022-21978 RESERVED CVE-2022-21977 RESERVED CVE-2022-21976 RESERVED CVE-2022-21975 RESERVED CVE-2022-21974 (Roaming Security Rights Management Services Remote Code Execution Vuln ...) NOT-FOR-US: Microsoft CVE-2022-21973 RESERVED CVE-2022-21972 RESERVED CVE-2022-21971 (Windows Runtime Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21970 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21969 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...) NOT-FOR-US: Microsoft CVE-2022-21968 (Microsoft SharePoint Server Security Feature BypassVulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21967 RESERVED CVE-2022-21966 RESERVED CVE-2022-21965 (Microsoft Teams Denial of Service Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21964 (Remote Desktop Licensing Diagnoser Information Disclosure Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-21963 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21962 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21961 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21960 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21959 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21958 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21957 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21956 RESERVED CVE-2022-21955 RESERVED CVE-2022-21954 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21953 RESERVED CVE-2022-21952 RESERVED CVE-2022-21951 RESERVED CVE-2022-21950 RESERVED CVE-2022-21949 RESERVED CVE-2022-21948 RESERVED CVE-2022-21947 RESERVED CVE-2022-21946 RESERVED CVE-2022-21945 RESERVED CVE-2022-21944 (A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd ...) NOT-FOR-US: SUSE packaging issue in watchman CVE-2022-21943 RESERVED CVE-2022-21942 RESERVED CVE-2022-21941 RESERVED CVE-2022-21940 RESERVED CVE-2022-21939 RESERVED CVE-2022-21938 RESERVED CVE-2022-21937 RESERVED CVE-2022-21936 RESERVED CVE-2022-21935 RESERVED CVE-2022-21934 RESERVED CVE-2022-21933 (ASUS VivoMini/Mini PC device has an improper input validation vulnerab ...) NOT-FOR-US: ASUS CVE-2022-21932 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21931 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...) NOT-FOR-US: Microsoft CVE-2022-21930 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...) NOT-FOR-US: Microsoft CVE-2022-21929 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...) NOT-FOR-US: Microsoft CVE-2022-21928 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21927 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...) NOT-FOR-US: Microsoft CVE-2022-21926 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...) NOT-FOR-US: Microsoft CVE-2022-21925 (Windows BackupKey Remote Protocol Security Feature Bypass Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-21924 (Workstation Service Remote Protocol Security Feature Bypass Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2022-21923 RESERVED CVE-2022-21922 (Remote Procedure Call Runtime Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21921 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-21920 (Windows Kerberos Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21919 (Windows User Profile Service Elevation of Privilege Vulnerability. Thi ...) NOT-FOR-US: Microsoft CVE-2022-21918 (DirectX Graphics Kernel File Denial of Service Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21917 (HEVC Video Extensions Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21916 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-21915 (Windows GDI+ Information Disclosure Vulnerability. This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2022-21914 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21913 (Local Security Authority (Domain Policy) Remote Protocol Security Feat ...) NOT-FOR-US: Microsoft CVE-2022-21912 (DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ...) NOT-FOR-US: Microsoft CVE-2022-21911 (.NET Framework Denial of Service Vulnerability. ...) NOT-FOR-US: Microsoft .NET CVE-2022-21910 (Microsoft Cluster Port Driver Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21909 RESERVED CVE-2022-21908 (Windows Installer Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21907 (HTTP Protocol Stack Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21906 (Windows Defender Application Control Security Feature Bypass Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-21905 (Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2022-21904 (Windows GDI Information Disclosure Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21903 (Windows GDI Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21902 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...) NOT-FOR-US: Microsoft CVE-2022-21901 (Windows Hyper-V Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21900 (Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2022-21899 (Windows Extensible Firmware Interface Security Feature Bypass Vulnerab ...) NOT-FOR-US: Microsoft CVE-2022-21898 (DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ...) NOT-FOR-US: Microsoft CVE-2022-21897 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-21896 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...) NOT-FOR-US: Microsoft CVE-2022-21895 (Windows User Profile Service Elevation of Privilege Vulnerability. Thi ...) NOT-FOR-US: Microsoft CVE-2022-21894 (Secure Boot Security Feature Bypass Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21893 (Remote Desktop Protocol Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21892 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21891 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21890 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2022-21889 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2022-21888 (Windows Modern Execution Server Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21887 (Win32k Elevation of Privilege Vulnerability. This CVE ID is unique fro ...) NOT-FOR-US: Microsoft CVE-2022-21886 RESERVED CVE-2022-21885 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21884 (Local Security Authority Subsystem Service Elevation of Privilege Vuln ...) NOT-FOR-US: Microsoft CVE-2022-21883 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2022-21882 (Win32k Elevation of Privilege Vulnerability. This CVE ID is unique fro ...) NOT-FOR-US: Microsoft CVE-2022-21881 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...) NOT-FOR-US: Microsoft CVE-2022-21880 (Windows GDI+ Information Disclosure Vulnerability. This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2022-21879 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...) NOT-FOR-US: Microsoft CVE-2022-21878 (Windows Geolocation Service Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21877 (Storage Spaces Controller Information Disclosure Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21876 (Win32k Information Disclosure Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21875 (Windows Storage Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21874 (Windows Security Center API Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21873 (Tile Data Repository Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21872 (Windows Event Tracing Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21871 (Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Priv ...) NOT-FOR-US: Microsoft CVE-2022-21870 (Tablet Windows User Interface Application Core Elevation of Privilege ...) NOT-FOR-US: Microsoft CVE-2022-21869 (Clipboard User Service Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21868 (Windows Devices Human Interface Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21867 (Windows Push Notifications Apps Elevation Of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21866 (Windows System Launcher Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21865 (Connected Devices Platform Service Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-21864 (Windows UI Immersive Server API Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21863 (Windows StateRepository API Server file Elevation of Privilege Vulnera ...) NOT-FOR-US: Microsoft CVE-2022-21862 (Windows Application Model Core API Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-21861 (Task Flow Data Engine Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21860 (Windows AppContracts API Server Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21859 (Windows Accounts Control Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21858 (Windows Bind Filter Driver Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21857 (Active Directory Domain Services Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21856 RESERVED CVE-2022-21855 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...) NOT-FOR-US: Microsoft CVE-2022-21854 RESERVED CVE-2022-21853 RESERVED CVE-2022-21852 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...) NOT-FOR-US: Microsoft CVE-2022-21851 (Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID ...) NOT-FOR-US: Microsoft CVE-2022-21850 (Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID ...) NOT-FOR-US: Microsoft CVE-2022-21849 (Windows IKE Extension Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21848 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2022-21847 (Windows Hyper-V Denial of Service Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21846 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...) NOT-FOR-US: Microsoft CVE-2022-21845 RESERVED CVE-2022-21844 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...) NOT-FOR-US: Microsoft CVE-2022-21843 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2022-21842 (Microsoft Word Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21841 (Microsoft Excel Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21840 (Microsoft Office Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21839 (Windows Event Tracing Discretionary Access Control List Denial of Serv ...) NOT-FOR-US: Microsoft CVE-2022-21838 (Windows Cleanup Manager Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21837 (Microsoft SharePoint Server Remote Code Execution Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21836 (Windows Certificate Spoofing Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21835 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-21834 (Windows User-mode Driver Framework Reflector Driver Elevation of Privi ...) NOT-FOR-US: Microsoft CVE-2022-21833 (Virtual Machine IDE Drive Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-0010 RESERVED CVE-2022-21832 RESERVED CVE-2022-21831 RESERVED CVE-2022-21830 RESERVED CVE-2022-21829 RESERVED CVE-2022-21828 RESERVED CVE-2022-21827 RESERVED CVE-2022-21826 RESERVED CVE-2022-21825 (An Improper Access Control vulnerability exists in Citrix Workspace Ap ...) NOT-FOR-US: Citrix CVE-2022-21823 (A insecure storage of sensitive information vulnerability exists in Iv ...) NOT-FOR-US: Ivanti CVE-2022-21822 RESERVED CVE-2022-21821 RESERVED CVE-2022-21820 RESERVED CVE-2022-21819 RESERVED CVE-2022-21818 (NVIDIA License System contains a vulnerability in the installation scr ...) NOT-FOR-US: NVIDIA License System CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...) NOT-FOR-US: NVIDIA CVE-2022-21816 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA vGPU software CVE-2022-21815 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2022-21814 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 470.103.01-1 (bug #1004847) [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1004848) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx (bug #1004849) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) - nvidia-graphics-drivers-tesla-470 470.103.01-1 (bug #1004853) - nvidia-graphics-drivers-tesla-460 (bug #1004852) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.172.01-1 (bug #1004851) [bullseye] - nvidia-graphics-drivers-tesla-450 (Non-free not supported) - nvidia-graphics-drivers-tesla-418 (bug #1004850) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) CVE-2022-21813 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 470.103.01-1 (bug #1004847) [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1004848) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx (bug #1004849) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) - nvidia-graphics-drivers-tesla-470 470.103.01-1 (bug #1004853) - nvidia-graphics-drivers-tesla-460 (bug #1004852) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.172.01-1 (bug #1004851) [bullseye] - nvidia-graphics-drivers-tesla-450 (Non-free not supported) - nvidia-graphics-drivers-tesla-418 (bug #1004850) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) CVE-2022-21812 RESERVED CVE-2022-21804 RESERVED CVE-2022-21794 RESERVED CVE-2022-21793 RESERVED CVE-2022-21239 RESERVED CVE-2022-21229 RESERVED CVE-2022-21226 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...) NOT-FOR-US: Intel CVE-2022-21206 RESERVED CVE-2022-21188 RESERVED CVE-2022-21185 RESERVED CVE-2022-21175 RESERVED CVE-2022-21171 RESERVED CVE-2022-21163 RESERVED CVE-2022-21162 RESERVED CVE-2022-21161 RESERVED CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer and Col ...) NOT-FOR-US: Intel CVE-2022-21152 RESERVED CVE-2022-21150 RESERVED CVE-2022-21148 RESERVED CVE-2022-21135 RESERVED CVE-2022-21824 [Prototype pollution via console.table properties] RESERVED - nodejs (bug #1004177) [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824 NOTE: https://github.com/nodejs/node/commit/be69403528da99bf3df9e1dc47186f18ba59cb5e (v12.x) CVE-2022-21240 RESERVED CVE-2022-21237 RESERVED CVE-2022-21218 (Uncaught exception in the Intel(R) Trace Analyzer and Collector before ...) NOT-FOR-US: Intel CVE-2022-21212 RESERVED CVE-2022-21197 RESERVED CVE-2022-21172 RESERVED CVE-2022-21160 RESERVED CVE-2022-21140 RESERVED CVE-2022-21139 RESERVED CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...) NOT-FOR-US: Intel CVE-2022-21792 RESERVED CVE-2022-21791 RESERVED CVE-2022-21790 RESERVED CVE-2022-21789 RESERVED CVE-2022-21788 RESERVED CVE-2022-21787 RESERVED CVE-2022-21786 RESERVED CVE-2022-21785 RESERVED CVE-2022-21784 RESERVED CVE-2022-21783 RESERVED CVE-2022-21782 RESERVED CVE-2022-21781 RESERVED CVE-2022-21780 RESERVED CVE-2022-21779 RESERVED CVE-2022-21778 RESERVED CVE-2022-21777 RESERVED CVE-2022-21776 RESERVED CVE-2022-21775 RESERVED CVE-2022-21774 RESERVED CVE-2022-21773 RESERVED CVE-2022-21772 RESERVED CVE-2022-21771 RESERVED CVE-2022-21770 RESERVED CVE-2022-21769 RESERVED CVE-2022-21768 RESERVED CVE-2022-21767 RESERVED CVE-2022-21766 RESERVED CVE-2022-21765 RESERVED CVE-2022-21764 RESERVED CVE-2022-21763 RESERVED CVE-2022-21762 RESERVED CVE-2022-21761 RESERVED CVE-2022-21760 RESERVED CVE-2022-21759 RESERVED CVE-2022-21758 RESERVED CVE-2022-21757 RESERVED CVE-2022-21756 RESERVED CVE-2022-21755 RESERVED CVE-2022-21754 RESERVED CVE-2022-21753 RESERVED CVE-2022-21752 RESERVED CVE-2022-21751 RESERVED CVE-2022-21750 RESERVED CVE-2022-21749 RESERVED CVE-2022-21748 RESERVED CVE-2022-21747 RESERVED CVE-2022-21746 RESERVED CVE-2022-21745 RESERVED CVE-2022-21744 RESERVED CVE-2022-21743 RESERVED CVE-2022-0009 RESERVED CVE-2022-0008 RESERVED CVE-2022-0007 RESERVED CVE-2022-0006 RESERVED CVE-2022-21742 RESERVED CVE-2022-21741 (Tensorflow is an Open Source Machine Learning Framework. ### Impact An ...) - tensorflow (bug #804612) CVE-2022-21740 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21739 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21738 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21737 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21736 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21735 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21734 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21733 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21732 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21731 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21730 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21729 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21728 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21727 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21726 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21725 (Tensorflow is an Open Source Machine Learning Framework. The estimator ...) - tensorflow (bug #804612) CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was foun ...) TODO: check CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...) - pjproject NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm NOTE: https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896 TODO: check, might affect in impact src:ring CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...) - pjproject NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36 NOTE: https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a TODO: check, might affect in impact src:ring CVE-2022-21721 (Next.js is a React framework. Starting with version 12.0.0 and prior t ...) TODO: check CVE-2022-21720 (GLPI is a free asset and IT management software package. Prior to vers ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-21719 (GLPI is a free asset and IT management software package. All GLPI vers ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-21718 RESERVED CVE-2022-21717 RESERVED CVE-2022-21716 RESERVED CVE-2022-21715 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web fr ...) - codeigniter (bug #471583) CVE-2022-21714 RESERVED CVE-2022-21713 (Grafana is an open-source platform for monitoring and observability. A ...) - grafana CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...) - twisted [bullseye] - twisted (Minor issue) [buster] - twisted (Minor issue) NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx NOTE: https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2 (twisted-22.1.0rc1) CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...) NOT-FOR-US: elfspirit CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local short de ...) NOT-FOR-US: ShortDescription MediaWiki extension CVE-2022-21709 RESERVED CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In version ...) - golang-github-graph-gophers-graphql-go 1.3.0-1 NOTE: https://github.com/graph-gophers/graphql-go/commit/eae31ca73eb3473c544710955d1dbebc22605bfe (v1.3.0) NOTE: https://github.com/graph-gophers/graphql-go/security/advisories/GHSA-mh3m-8c74-74xh NOTE: https://github.com/graph-gophers/graphql-go/pull/492 CVE-2022-21707 (wasmCloud Host Runtime is a server process that securely hosts and pro ...) NOT-FOR-US: wasmCloud Host Runtime CVE-2022-21706 RESERVED CVE-2022-21705 RESERVED CVE-2022-21704 (log4js-node is a port of log4js to node.js. In affected versions defau ...) - node-log4js 6.4.1+~cs8.3.5-1 [bullseye] - node-log4js (Minor issue) [buster] - node-log4js (Minor issue) [stretch] - node-log4js (Nodejs in stretch not covered by security support) NOTE: https://github.com/log4js-node/log4js-node/pull/1141 (v6.4.1) NOTE: https://github.com/log4js-node/streamroller/pull/87 NOTE: https://github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q NOTE: https://github.com/log4js-node/log4js-node/blob/v6.4.0/CHANGELOG.md#640 CVE-2022-21703 (Grafana is an open-source platform for monitoring and observability. A ...) - grafana CVE-2022-21702 (Grafana is an open-source platform for monitoring and observability. I ...) - grafana CVE-2022-21701 (Istio is an open platform to connect, manage, and secure microservices ...) NOT-FOR-US: Istio CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed for build ...) NOT-FOR-US: Micronaut CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive comput ...) {DSA-5065-1 DLA-2896-1} - ipython 7.31.1-1 (bug #1004122) NOTE: https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x NOTE: Fixed by: https://github.com/ipython/ipython/commit/1ec91ebf328bdf3450130de4b4604c79dc1e19d9 NOTE: Testcase: https://github.com/ipython/ipython/commit/56665dfcf7df8690da46aab1278df8e47b14fe3b NOTE: https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699 CVE-2022-21698 (client_golang is the instrumentation library for Go applications in Pr ...) - golang-github-prometheus-client-golang NOTE: https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p NOTE: https://github.com/prometheus/client_golang/pull/962 NOTE: https://github.com/prometheus/client_golang/pull/987 CVE-2022-21697 (Jupyter Server Proxy is a Jupyter notebook server extension to proxy w ...) TODO: check CVE-2022-21696 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-68vr-8f46-vc9f CVE-2022-21695 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4 CVE-2022-21694 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h NOTE: https://github.com/onionshare/onionshare/issues/1389 CVE-2022-21693 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-jgm9-xpfj-4fq6 CVE-2022-21692 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v CVE-2022-21691 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-w9m4-7w72-r766 CVE-2022-21690 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-ch22-x2v3-v6vq CVE-2022-21689 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-jh82-c5jw-pxpc CVE-2022-21688 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v CVE-2022-21687 (gh-ost is a triggerless online schema migration solution for MySQL. Ve ...) NOT-FOR-US: GitHub Online Schema CVE-2022-21686 (PrestaShop is an Open Source e-commerce platform. Starting with versio ...) NOT-FOR-US: PrestaShop CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...) TODO: check CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior to 2.7 ...) NOT-FOR-US: Discourse CVE-2022-21683 (Wagtail is a Django based content management system focused on flexibi ...) NOT-FOR-US: Wagtail CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution framework. ...) {DSA-5049-1} - flatpak 1.12.3-1 [buster] - flatpak (Intrusive and risky to backport) [stretch] - flatpak (Intrusive and risky to backport) NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx NOTE: https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a NOTE: Documentation: https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa NOTE: 1.12.4 added further changes to avoid regressions for some workflows CVE-2022-21681 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...) - node-marked 4.0.12+ds+~4.0.1-1 [bullseye] - node-marked (Minor issue) [buster] - node-marked (Minor issue) [stretch] - node-marked (Nodejs in stretch not covered by security support) NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj NOTE: https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5 NOTE: https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0 (4.0.10) NOTE: https://github.com/markedjs/marked/releases/tag/v4.0.10 CVE-2022-21680 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...) - node-marked 4.0.12+ds+~4.0.1-1 [bullseye] - node-marked (Minor issue) [buster] - node-marked (Minor issue) [stretch] - node-marked (Nodejs in stretch not covered by security support) NOTE: https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0 (4.0.10) NOTE: https://github.com/markedjs/marked/releases/tag/v4.0.10 NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf CVE-2022-21679 (Istio is an open platform to connect, manage, and secure microservices ...) NOT-FOR-US: Istio CVE-2022-21678 (Discourse is an open source discussion platform. Prior to version 2.8. ...) NOT-FOR-US: Discourse CVE-2022-21677 (Discourse is an open source discussion platform. Discourse groups can ...) NOT-FOR-US: Discourse CVE-2022-21676 (Engine.IO is the implementation of transport-based cross-browser/cross ...) TODO: check CVE-2022-21675 (Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Ver ...) TODO: check CVE-2022-21674 RESERVED CVE-2022-21673 (Grafana is an open-source platform for monitoring and observability. I ...) - grafana CVE-2022-21672 (make-ca is a utility to deliver and manage a complete PKI configuratio ...) TODO: check CVE-2022-21671 (@replit/crosis is a JavaScript client that speaks Replit's container p ...) NOT-FOR-US: crosis CVE-2022-21670 (markdown-it is a Markdown parser. Prior to version 1.3.2, special patt ...) - node-markdown-it 10.0.0+dfsg-6 [bullseye] - node-markdown-it (Minor issue) NOTE: https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c NOTE: https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101 (12.3.2) CVE-2022-21669 (PuddingBot is a group management bot. In version 0.0.6-b933652 and pri ...) NOT-FOR-US: PuddingBot CVE-2022-21668 (pipenv is a Python development workflow tool. Starting with version 20 ...) - pipenv (Vulnerable code not uploaded) NOTE: https://github.com/pypa/pipenv/security/advisories/GHSA-qc9x-gjcv-465w NOTE: https://github.com/pypa/pipenv/releases/tag/v2022.1.8 NOTE: https://github.com/pypa/pipenv/pull/4899 (v2022.1.8) NOTE: Introduced by: https://github.com/pypa/pipenv/commit/742988169333ba14a4b2b6f527a604d6f0bc9e09 (v2018.10.9) NOTE: Fixed by: https://github.com/pypa/pipenv/commit/167909839a95ef5aa379fe12d4564b2b829cc175 (v2022.1.8) CVE-2022-21667 (soketi is an open-source WebSockets server. There is an unhandled case ...) NOT-FOR-US: soketi CVE-2022-21666 (Useful Simple Open-Source CMS (USOC) is a content management system (C ...) NOT-FOR-US: Useful Simple Open-Source CMS (USOC) CVE-2022-21665 RESERVED CVE-2022-21664 (WordPress is a free and open-source content management system written ...) {DSA-5039-1 DLA-2884-1} - wordpress 5.8.3+dfsg1-1 (bug #1003243) NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86 NOTE: https://github.com/WordPress/wordpress-develop/commit/c09ccfbc547d75b392dbccc1ef0b4442ccd3c957 CVE-2022-21663 (WordPress is a free and open-source content management system written ...) {DSA-5039-1 DLA-2884-1} - wordpress 5.8.3+dfsg1-1 (bug #1003243) NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h NOTE: https://hackerone.com/reports/541469 CVE-2022-21662 (WordPress is a free and open-source content management system written ...) {DSA-5039-1 DLA-2884-1} - wordpress 5.8.3+dfsg1-1 (bug #1003243) NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w NOTE: https://hackerone.com/reports/425342 CVE-2022-21661 (WordPress is a free and open-source content management system written ...) {DSA-5039-1 DLA-2884-1} - wordpress 5.8.3+dfsg1-1 (bug #1003243) NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84 NOTE: https://github.com/WordPress/wordpress-develop/commit/17efac8c8ec64555eff5cf51a3eff81e06317214 NOTE: https://hackerone.com/reports/1378209 NOTE: https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection CVE-2022-21660 (Gin-vue-admin is a backstage management system based on vue and gin. I ...) NOT-FOR-US: Gin-vue-admin CVE-2022-21659 (Flask-AppBuilder is an application development framework, built on top ...) - flask-appbuilder (bug #998029) NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f NOTE: https://github.com/dpgaspar/Flask-AppBuilder/pull/1775 NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/e2b744c258ff62ece9d5ac7172c3b4644ff4c2fe (3.4.4) CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language designe ...) - rustc [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658 NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/1 CVE-2022-21657 RESERVED CVE-2022-21656 RESERVED CVE-2022-21655 RESERVED CVE-2022-21654 RESERVED CVE-2022-21653 (Jawn is an open source JSON parser. Extenders of the `org.typelevel.ja ...) - jawn (Vulnerable code not uploaded) NOTE: https://github.com/typelevel/jawn/pull/390 NOTE: https://github.com/typelevel/jawn/commit/e5ddb114ed5d45ee0a605da06a280207bf9f9f58 (1.3.2) NOTE: https://github.com/typelevel/jawn/commit/0707e2569f43ff6195f90cc0dfc2d0ca79b51dd1 (1.3.2) CVE-2022-21652 (Shopware is an open source e-commerce software platform. In affected v ...) NOT-FOR-US: Shopware CVE-2022-21651 (Shopware is an open source e-commerce software platform. An open redir ...) NOT-FOR-US: Shopware CVE-2022-21650 (Convos is an open source multi-user chat that runs in a web browser. Y ...) NOT-FOR-US: Convos CVE-2022-21649 (Convos is an open source multi-user chat that runs in a web browser. C ...) NOT-FOR-US: Convos CVE-2022-21648 (Latte is an open source template engine for PHP. Versions since 2.8.0 ...) - php-nette [stretch] - php-nette (Sandbox first appeared in Latte 2.8.0 so older versions are not affected.) NOTE: https://github.com/nette/latte/security/advisories/GHSA-36m2-8rhx-f36j NOTE: https://github.com/nette/latte/commit/9e1b4f7d70f7a9c3fa6753ffa7d7e450a3d4abb0 CVE-2022-21647 (CodeIgniter is an open source PHP full-stack web framework. Deserializ ...) - codeigniter (bug #471583) CVE-2022-21646 (SpiceDB is a database system for managing security-critical applicatio ...) TODO: check CVE-2022-21645 RESERVED CVE-2022-21644 (USOC is an open source CMS with a focus on simplicity. In affected ver ...) NOT-FOR-US: USOC CVE-2022-21643 (USOC is an open source CMS with a focus on simplicity. In affected ver ...) NOT-FOR-US: USOC CVE-2022-21642 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2022-21641 RESERVED CVE-2022-21640 RESERVED CVE-2022-21639 RESERVED CVE-2022-21638 RESERVED CVE-2022-21637 RESERVED CVE-2022-21636 RESERVED CVE-2022-21635 RESERVED CVE-2022-21634 RESERVED CVE-2022-21633 RESERVED CVE-2022-21632 RESERVED CVE-2022-21631 RESERVED CVE-2022-21630 RESERVED CVE-2022-21629 RESERVED CVE-2022-21628 RESERVED CVE-2022-21627 RESERVED CVE-2022-21626 RESERVED CVE-2022-21625 RESERVED CVE-2022-21624 RESERVED CVE-2022-21623 RESERVED CVE-2022-21622 RESERVED CVE-2022-21621 RESERVED CVE-2022-21620 RESERVED CVE-2022-21619 RESERVED CVE-2022-21618 RESERVED CVE-2022-21617 RESERVED CVE-2022-21616 RESERVED CVE-2022-21615 RESERVED CVE-2022-21614 RESERVED CVE-2022-21613 RESERVED CVE-2022-21612 RESERVED CVE-2022-21611 RESERVED CVE-2022-21610 RESERVED CVE-2022-21609 RESERVED CVE-2022-21608 RESERVED CVE-2022-21607 RESERVED CVE-2022-21606 RESERVED CVE-2022-21605 RESERVED CVE-2022-21604 RESERVED CVE-2022-21603 RESERVED CVE-2022-21602 RESERVED CVE-2022-21601 RESERVED CVE-2022-21600 RESERVED CVE-2022-21599 RESERVED CVE-2022-21598 RESERVED CVE-2022-21597 RESERVED CVE-2022-21596 RESERVED CVE-2022-21595 RESERVED CVE-2022-21594 RESERVED CVE-2022-21593 RESERVED CVE-2022-21592 RESERVED CVE-2022-21591 RESERVED CVE-2022-21590 RESERVED CVE-2022-21589 RESERVED CVE-2022-21588 RESERVED CVE-2022-21587 RESERVED CVE-2022-21586 RESERVED CVE-2022-21585 RESERVED CVE-2022-21584 RESERVED CVE-2022-21583 RESERVED CVE-2022-21582 RESERVED CVE-2022-21581 RESERVED CVE-2022-21580 RESERVED CVE-2022-21579 RESERVED CVE-2022-21578 RESERVED CVE-2022-21577 RESERVED CVE-2022-21576 RESERVED CVE-2022-21575 RESERVED CVE-2022-21574 RESERVED CVE-2022-21573 RESERVED CVE-2022-21572 RESERVED CVE-2022-21571 RESERVED CVE-2022-21570 RESERVED CVE-2022-21569 RESERVED CVE-2022-21568 RESERVED CVE-2022-21567 RESERVED CVE-2022-21566 RESERVED CVE-2022-21565 RESERVED CVE-2022-21564 RESERVED CVE-2022-21563 RESERVED CVE-2022-21562 RESERVED CVE-2022-21561 RESERVED CVE-2022-21560 RESERVED CVE-2022-21559 RESERVED CVE-2022-21558 RESERVED CVE-2022-21557 RESERVED CVE-2022-21556 RESERVED CVE-2022-21555 RESERVED CVE-2022-21554 RESERVED CVE-2022-21553 RESERVED CVE-2022-21552 RESERVED CVE-2022-21551 RESERVED CVE-2022-21550 RESERVED CVE-2022-21549 RESERVED CVE-2022-21548 RESERVED CVE-2022-21547 RESERVED CVE-2022-21546 RESERVED CVE-2022-21545 RESERVED CVE-2022-21544 RESERVED CVE-2022-21543 RESERVED CVE-2022-21542 RESERVED CVE-2022-21541 RESERVED CVE-2022-21540 RESERVED CVE-2022-21539 RESERVED CVE-2022-21538 RESERVED CVE-2022-21537 RESERVED CVE-2022-21536 RESERVED CVE-2022-21535 RESERVED CVE-2022-21534 RESERVED CVE-2022-21533 RESERVED CVE-2022-21532 RESERVED CVE-2022-21531 RESERVED CVE-2022-21530 RESERVED CVE-2022-21529 RESERVED CVE-2022-21528 RESERVED CVE-2022-21527 RESERVED CVE-2022-21526 RESERVED CVE-2022-21525 RESERVED CVE-2022-21524 RESERVED CVE-2022-21523 RESERVED CVE-2022-21522 RESERVED CVE-2022-21521 RESERVED CVE-2022-21520 RESERVED CVE-2022-21519 RESERVED CVE-2022-21518 RESERVED CVE-2022-21517 RESERVED CVE-2022-21516 RESERVED CVE-2022-21515 RESERVED CVE-2022-21514 RESERVED CVE-2022-21513 RESERVED CVE-2022-21512 RESERVED CVE-2022-21511 RESERVED CVE-2022-21510 RESERVED CVE-2022-21509 RESERVED CVE-2022-21508 RESERVED CVE-2022-21507 RESERVED CVE-2022-21506 RESERVED CVE-2022-21505 RESERVED CVE-2022-21504 RESERVED CVE-2022-21503 RESERVED CVE-2022-21502 RESERVED CVE-2022-21501 RESERVED CVE-2022-21500 RESERVED CVE-2022-21499 RESERVED CVE-2022-21498 RESERVED CVE-2022-21497 RESERVED CVE-2022-21496 RESERVED CVE-2022-21495 RESERVED CVE-2022-21494 RESERVED CVE-2022-21493 RESERVED CVE-2022-21492 RESERVED CVE-2022-21491 RESERVED CVE-2022-21490 RESERVED CVE-2022-21489 RESERVED CVE-2022-21488 RESERVED CVE-2022-21487 RESERVED CVE-2022-21486 RESERVED CVE-2022-21485 RESERVED CVE-2022-21484 RESERVED CVE-2022-21483 RESERVED CVE-2022-21482 RESERVED CVE-2022-21481 RESERVED CVE-2022-21480 RESERVED CVE-2022-21479 RESERVED CVE-2022-21478 RESERVED CVE-2022-21477 RESERVED CVE-2022-21476 RESERVED CVE-2022-21475 RESERVED CVE-2022-21474 RESERVED CVE-2022-21473 RESERVED CVE-2022-21472 RESERVED CVE-2022-21471 RESERVED CVE-2022-21470 RESERVED CVE-2022-21469 RESERVED CVE-2022-21468 RESERVED CVE-2022-21467 RESERVED CVE-2022-21466 RESERVED CVE-2022-21465 RESERVED CVE-2022-21464 RESERVED CVE-2022-21463 RESERVED CVE-2022-21462 RESERVED CVE-2022-21461 RESERVED CVE-2022-21460 RESERVED CVE-2022-21459 RESERVED CVE-2022-21458 RESERVED CVE-2022-21457 RESERVED CVE-2022-21456 RESERVED CVE-2022-21455 RESERVED CVE-2022-21454 RESERVED CVE-2022-21453 RESERVED CVE-2022-21452 RESERVED CVE-2022-21451 RESERVED CVE-2022-21450 RESERVED CVE-2022-21449 RESERVED CVE-2022-21448 RESERVED CVE-2022-21447 RESERVED CVE-2022-21446 RESERVED CVE-2022-21445 RESERVED CVE-2022-21444 RESERVED CVE-2022-21443 RESERVED CVE-2022-21442 RESERVED CVE-2022-21441 RESERVED CVE-2022-21440 RESERVED CVE-2022-21439 RESERVED CVE-2022-21438 RESERVED CVE-2022-21437 RESERVED CVE-2022-21436 RESERVED CVE-2022-21435 RESERVED CVE-2022-21434 RESERVED CVE-2022-21433 RESERVED CVE-2022-21432 RESERVED CVE-2022-21431 RESERVED CVE-2022-21430 RESERVED CVE-2022-21429 RESERVED CVE-2022-21428 RESERVED CVE-2022-21427 RESERVED CVE-2022-21426 RESERVED CVE-2022-21425 RESERVED CVE-2022-21424 RESERVED CVE-2022-21423 RESERVED CVE-2022-21422 RESERVED CVE-2022-21421 RESERVED CVE-2022-21420 RESERVED CVE-2022-21419 RESERVED CVE-2022-21418 RESERVED CVE-2022-21417 RESERVED CVE-2022-21416 RESERVED CVE-2022-21415 RESERVED CVE-2022-21414 RESERVED CVE-2022-21413 RESERVED CVE-2022-21412 RESERVED CVE-2022-21411 RESERVED CVE-2022-21410 RESERVED CVE-2022-21409 RESERVED CVE-2022-21408 RESERVED CVE-2022-21407 RESERVED CVE-2022-21406 RESERVED CVE-2022-21405 RESERVED CVE-2022-21404 RESERVED CVE-2022-21403 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21402 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21401 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21400 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21399 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21398 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21397 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21396 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21395 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21394 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.32-dfsg-1 CVE-2022-21393 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2022-21392 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-21391 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21390 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21389 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21388 (Vulnerability in the Oracle Communications Pricing Design Center produ ...) NOT-FOR-US: Oracle CVE-2022-21387 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) NOT-FOR-US: Oracle CVE-2022-21386 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21385 RESERVED CVE-2022-21384 RESERVED CVE-2022-21383 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) NOT-FOR-US: Oracle CVE-2022-21382 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) NOT-FOR-US: Oracle CVE-2022-21381 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) NOT-FOR-US: Oracle CVE-2022-21380 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21379 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21378 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21377 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21376 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21375 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21374 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21373 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2022-21372 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21371 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21370 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21369 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21368 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21367 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 CVE-2022-21366 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1} - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21365 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21364 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21363 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) - mysql-8.0 CVE-2022-21362 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21361 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21360 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21359 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21358 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21357 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21356 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21355 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21354 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2022-21353 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21352 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21351 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21350 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21349 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DLA-2917-1} - openjdk-8 CVE-2022-21348 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21347 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21346 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2022-21345 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21344 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 CVE-2022-21343 RESERVED CVE-2022-21342 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21341 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21340 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21339 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21338 (Vulnerability in the Oracle Communications Convergence product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21337 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21336 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21335 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21334 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21333 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21332 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21331 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21330 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21329 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21328 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21327 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21326 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21325 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21324 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21323 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21322 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21321 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21320 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21319 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21318 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21317 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21316 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21315 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21314 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21313 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21312 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21311 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21310 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21309 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21308 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21307 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21306 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21305 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21304 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 CVE-2022-21303 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 CVE-2022-21302 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21301 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21300 (Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack prod ...) NOT-FOR-US: Oracle CVE-2022-21299 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21298 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21297 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21296 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21295 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox (Windows-specific) CVE-2022-21294 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21293 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21292 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21291 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1} - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21290 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21289 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21288 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21287 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21286 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21285 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21284 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21283 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21282 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21281 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21280 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21279 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21278 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21277 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1} - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21276 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21275 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21274 (Vulnerability in the Oracle Sourcing product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2022-21273 (Vulnerability in the Oracle Project Costing product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2022-21272 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21271 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjdk-8 (Seems specific to Oracle Java) - openjdk-11 (Seems specific to Oracle Java) CVE-2022-21270 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 CVE-2022-21269 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21268 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21267 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21266 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21265 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21264 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21263 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21262 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21261 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21260 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21259 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21258 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21257 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21256 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21255 (Vulnerability in the Oracle Configurator product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2022-21254 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21253 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21252 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21251 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2022-21250 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2022-21249 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2022-21248 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21247 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2022-21246 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21245 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 CVE-2022-21244 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21243 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21242 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21216 RESERVED CVE-2022-21204 (Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before ...) NOT-FOR-US: Intel CVE-2022-21200 RESERVED CVE-2022-21174 (Improper access control in a third-party component of Intel(R) Quartus ...) NOT-FOR-US: Intel CVE-2022-21157 (Improper access control in the Intel(R) Smart Campus Android applicati ...) NOT-FOR-US: Intel CVE-2022-21153 (Improper access control in the Intel(R) Capital Global Summit Android ...) NOT-FOR-US: Intel CVE-2022-21151 RESERVED CVE-2022-21138 RESERVED CVE-2022-21136 RESERVED CVE-2022-21131 RESERVED CVE-2022-21220 (Improper restriction of XML external entity for Intel(R) Quartus(R) Pr ...) NOT-FOR-US: Intel CVE-2022-21207 RESERVED CVE-2022-21205 (Improper restriction of XML external entity reference in DSP Builder P ...) NOT-FOR-US: Intel CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R) Quart ...) NOT-FOR-US: Intel CVE-2022-21181 RESERVED CVE-2022-21180 RESERVED CVE-2022-21166 RESERVED CVE-2022-21127 RESERVED CVE-2022-21125 RESERVED CVE-2022-21123 RESERVED CVE-2022-21121 RESERVED CVE-2022-21120 RESERVED CVE-2022-21119 RESERVED CVE-2022-21118 RESERVED CVE-2022-21117 RESERVED CVE-2022-21116 RESERVED CVE-2022-21115 RESERVED CVE-2022-21114 RESERVED CVE-2022-21113 RESERVED CVE-2022-21112 RESERVED CVE-2022-21111 RESERVED CVE-2022-21110 RESERVED CVE-2022-21109 RESERVED CVE-2022-21108 RESERVED CVE-2022-21107 RESERVED CVE-2022-21106 RESERVED CVE-2022-21105 RESERVED CVE-2022-21104 RESERVED CVE-2022-21103 RESERVED CVE-2022-21102 RESERVED CVE-2022-21101 RESERVED CVE-2022-21100 RESERVED CVE-2022-21099 RESERVED CVE-2022-21098 RESERVED CVE-2022-21097 RESERVED CVE-2022-21096 RESERVED CVE-2022-21095 RESERVED CVE-2022-21094 RESERVED CVE-2022-21093 RESERVED CVE-2022-21092 RESERVED CVE-2022-21091 RESERVED CVE-2022-21090 RESERVED CVE-2022-21089 RESERVED CVE-2022-21088 RESERVED CVE-2022-21087 RESERVED CVE-2022-21086 RESERVED CVE-2022-21085 RESERVED CVE-2022-21084 RESERVED CVE-2022-21083 RESERVED CVE-2022-21082 RESERVED CVE-2022-21081 RESERVED CVE-2022-21080 RESERVED CVE-2022-21079 RESERVED CVE-2022-21078 RESERVED CVE-2022-21077 RESERVED CVE-2022-21076 RESERVED CVE-2022-21075 RESERVED CVE-2022-21074 RESERVED CVE-2022-21073 RESERVED CVE-2022-21072 RESERVED CVE-2022-21071 RESERVED CVE-2022-21070 RESERVED CVE-2022-21069 RESERVED CVE-2022-21068 RESERVED CVE-2022-21067 RESERVED CVE-2022-21066 RESERVED CVE-2022-21065 RESERVED CVE-2022-21064 RESERVED CVE-2022-21063 RESERVED CVE-2022-21062 RESERVED CVE-2022-21061 RESERVED CVE-2022-21060 RESERVED CVE-2022-21059 RESERVED CVE-2022-21058 RESERVED CVE-2022-21057 RESERVED CVE-2022-21056 RESERVED CVE-2022-21055 RESERVED CVE-2022-21054 RESERVED CVE-2022-21053 RESERVED CVE-2022-21052 RESERVED CVE-2022-21051 RESERVED CVE-2022-21050 RESERVED CVE-2022-21049 RESERVED CVE-2022-21048 RESERVED CVE-2022-21047 RESERVED CVE-2022-21046 RESERVED CVE-2022-21045 RESERVED CVE-2022-21044 RESERVED CVE-2022-21043 RESERVED CVE-2022-21042 RESERVED CVE-2022-21041 RESERVED CVE-2022-21040 RESERVED CVE-2022-21039 RESERVED CVE-2022-21038 RESERVED CVE-2022-21037 RESERVED CVE-2022-21036 RESERVED CVE-2022-21035 RESERVED CVE-2022-21034 RESERVED CVE-2022-21033 RESERVED CVE-2022-21032 RESERVED CVE-2022-21031 RESERVED CVE-2022-21030 RESERVED CVE-2022-21029 RESERVED CVE-2022-21028 RESERVED CVE-2022-21027 RESERVED CVE-2022-21026 RESERVED CVE-2022-21025 RESERVED CVE-2022-21024 RESERVED CVE-2022-21023 RESERVED CVE-2022-21022 RESERVED CVE-2022-21021 RESERVED CVE-2022-21020 RESERVED CVE-2022-21019 RESERVED CVE-2022-21018 RESERVED CVE-2022-21017 RESERVED CVE-2022-21016 RESERVED CVE-2022-21015 RESERVED CVE-2022-21014 RESERVED CVE-2022-21013 RESERVED CVE-2022-21012 RESERVED CVE-2022-21011 RESERVED CVE-2022-21010 RESERVED CVE-2022-21009 RESERVED CVE-2022-21008 RESERVED CVE-2022-21007 RESERVED CVE-2022-21006 RESERVED CVE-2022-21005 RESERVED CVE-2022-21004 RESERVED CVE-2022-21003 RESERVED CVE-2022-21002 RESERVED CVE-2022-21001 RESERVED CVE-2022-21000 RESERVED CVE-2022-20999 RESERVED CVE-2022-20998 RESERVED CVE-2022-20997 RESERVED CVE-2022-20996 RESERVED CVE-2022-20995 RESERVED CVE-2022-20994 RESERVED CVE-2022-20993 RESERVED CVE-2022-20992 RESERVED CVE-2022-20991 RESERVED CVE-2022-20990 RESERVED CVE-2022-20989 RESERVED CVE-2022-20988 RESERVED CVE-2022-20987 RESERVED CVE-2022-20986 RESERVED CVE-2022-20985 RESERVED CVE-2022-20984 RESERVED CVE-2022-20983 RESERVED CVE-2022-20982 RESERVED CVE-2022-20981 RESERVED CVE-2022-20980 RESERVED CVE-2022-20979 RESERVED CVE-2022-20978 RESERVED CVE-2022-20977 RESERVED CVE-2022-20976 RESERVED CVE-2022-20975 RESERVED CVE-2022-20974 RESERVED CVE-2022-20973 RESERVED CVE-2022-20972 RESERVED CVE-2022-20971 RESERVED CVE-2022-20970 RESERVED CVE-2022-20969 RESERVED CVE-2022-20968 RESERVED CVE-2022-20967 RESERVED CVE-2022-20966 RESERVED CVE-2022-20965 RESERVED CVE-2022-20964 RESERVED CVE-2022-20963 RESERVED CVE-2022-20962 RESERVED CVE-2022-20961 RESERVED CVE-2022-20960 RESERVED CVE-2022-20959 RESERVED CVE-2022-20958 RESERVED CVE-2022-20957 RESERVED CVE-2022-20956 RESERVED CVE-2022-20955 RESERVED CVE-2022-20954 RESERVED CVE-2022-20953 RESERVED CVE-2022-20952 RESERVED CVE-2022-20951 RESERVED CVE-2022-20950 RESERVED CVE-2022-20949 RESERVED CVE-2022-20948 RESERVED CVE-2022-20947 RESERVED CVE-2022-20946 RESERVED CVE-2022-20945 RESERVED CVE-2022-20944 RESERVED CVE-2022-20943 RESERVED CVE-2022-20942 RESERVED CVE-2022-20941 RESERVED CVE-2022-20940 RESERVED CVE-2022-20939 RESERVED CVE-2022-20938 RESERVED CVE-2022-20937 RESERVED CVE-2022-20936 RESERVED CVE-2022-20935 RESERVED CVE-2022-20934 RESERVED CVE-2022-20933 RESERVED CVE-2022-20932 RESERVED CVE-2022-20931 RESERVED CVE-2022-20930 RESERVED CVE-2022-20929 RESERVED CVE-2022-20928 RESERVED CVE-2022-20927 RESERVED CVE-2022-20926 RESERVED CVE-2022-20925 RESERVED CVE-2022-20924 RESERVED CVE-2022-20923 RESERVED CVE-2022-20922 RESERVED CVE-2022-20921 RESERVED CVE-2022-20920 RESERVED CVE-2022-20919 RESERVED CVE-2022-20918 RESERVED CVE-2022-20917 RESERVED CVE-2022-20916 RESERVED CVE-2022-20915 RESERVED CVE-2022-20914 RESERVED CVE-2022-20913 RESERVED CVE-2022-20912 RESERVED CVE-2022-20911 RESERVED CVE-2022-20910 RESERVED CVE-2022-20909 RESERVED CVE-2022-20908 RESERVED CVE-2022-20907 RESERVED CVE-2022-20906 RESERVED CVE-2022-20905 RESERVED CVE-2022-20904 RESERVED CVE-2022-20903 RESERVED CVE-2022-20902 RESERVED CVE-2022-20901 RESERVED CVE-2022-20900 RESERVED CVE-2022-20899 RESERVED CVE-2022-20898 RESERVED CVE-2022-20897 RESERVED CVE-2022-20896 RESERVED CVE-2022-20895 RESERVED CVE-2022-20894 RESERVED CVE-2022-20893 RESERVED CVE-2022-20892 RESERVED CVE-2022-20891 RESERVED CVE-2022-20890 RESERVED CVE-2022-20889 RESERVED CVE-2022-20888 RESERVED CVE-2022-20887 RESERVED CVE-2022-20886 RESERVED CVE-2022-20885 RESERVED CVE-2022-20884 RESERVED CVE-2022-20883 RESERVED CVE-2022-20882 RESERVED CVE-2022-20881 RESERVED CVE-2022-20880 RESERVED CVE-2022-20879 RESERVED CVE-2022-20878 RESERVED CVE-2022-20877 RESERVED CVE-2022-20876 RESERVED CVE-2022-20875 RESERVED CVE-2022-20874 RESERVED CVE-2022-20873 RESERVED CVE-2022-20872 RESERVED CVE-2022-20871 RESERVED CVE-2022-20870 RESERVED CVE-2022-20869 RESERVED CVE-2022-20868 RESERVED CVE-2022-20867 RESERVED CVE-2022-20866 RESERVED CVE-2022-20865 RESERVED CVE-2022-20864 RESERVED CVE-2022-20863 RESERVED CVE-2022-20862 RESERVED CVE-2022-20861 RESERVED CVE-2022-20860 RESERVED CVE-2022-20859 RESERVED CVE-2022-20858 RESERVED CVE-2022-20857 RESERVED CVE-2022-20856 RESERVED CVE-2022-20855 RESERVED CVE-2022-20854 RESERVED CVE-2022-20853 RESERVED CVE-2022-20852 RESERVED CVE-2022-20851 RESERVED CVE-2022-20850 RESERVED CVE-2022-20849 RESERVED CVE-2022-20848 RESERVED CVE-2022-20847 RESERVED CVE-2022-20846 RESERVED CVE-2022-20845 RESERVED CVE-2022-20844 RESERVED CVE-2022-20843 RESERVED CVE-2022-20842 RESERVED CVE-2022-20841 RESERVED CVE-2022-20840 RESERVED CVE-2022-20839 RESERVED CVE-2022-20838 RESERVED CVE-2022-20837 RESERVED CVE-2022-20836 RESERVED CVE-2022-20835 RESERVED CVE-2022-20834 RESERVED CVE-2022-20833 RESERVED CVE-2022-20832 RESERVED CVE-2022-20831 RESERVED CVE-2022-20830 RESERVED CVE-2022-20829 RESERVED CVE-2022-20828 RESERVED CVE-2022-20827 RESERVED CVE-2022-20826 RESERVED CVE-2022-20825 RESERVED CVE-2022-20824 RESERVED CVE-2022-20823 RESERVED CVE-2022-20822 RESERVED CVE-2022-20821 RESERVED CVE-2022-20820 RESERVED CVE-2022-20819 RESERVED CVE-2022-20818 RESERVED CVE-2022-20817 RESERVED CVE-2022-20816 RESERVED CVE-2022-20815 RESERVED CVE-2022-20814 RESERVED CVE-2022-20813 RESERVED CVE-2022-20812 RESERVED CVE-2022-20811 RESERVED CVE-2022-20810 RESERVED CVE-2022-20809 RESERVED CVE-2022-20808 RESERVED CVE-2022-20807 RESERVED CVE-2022-20806 RESERVED CVE-2022-20805 RESERVED CVE-2022-20804 RESERVED CVE-2022-20803 RESERVED CVE-2022-20802 RESERVED CVE-2022-20801 RESERVED CVE-2022-20800 RESERVED CVE-2022-20799 RESERVED CVE-2022-20798 RESERVED CVE-2022-20797 RESERVED CVE-2022-20796 RESERVED CVE-2022-20795 RESERVED CVE-2022-20794 RESERVED CVE-2022-20793 RESERVED CVE-2022-20792 RESERVED CVE-2022-20791 RESERVED CVE-2022-20790 RESERVED CVE-2022-20789 RESERVED CVE-2022-20788 RESERVED CVE-2022-20787 RESERVED CVE-2022-20786 RESERVED CVE-2022-20785 RESERVED CVE-2022-20784 RESERVED CVE-2022-20783 RESERVED CVE-2022-20782 RESERVED CVE-2022-20781 RESERVED CVE-2022-20780 RESERVED CVE-2022-20779 RESERVED CVE-2022-20778 RESERVED CVE-2022-20777 RESERVED CVE-2022-20776 RESERVED CVE-2022-20775 RESERVED CVE-2022-20774 RESERVED CVE-2022-20773 RESERVED CVE-2022-20772 RESERVED CVE-2022-20771 RESERVED CVE-2022-20770 RESERVED CVE-2022-20769 RESERVED CVE-2022-20768 RESERVED CVE-2022-20767 RESERVED CVE-2022-20766 RESERVED CVE-2022-20765 RESERVED CVE-2022-20764 RESERVED CVE-2022-20763 RESERVED CVE-2022-20762 RESERVED CVE-2022-20761 RESERVED CVE-2022-20760 RESERVED CVE-2022-20759 RESERVED CVE-2022-20758 RESERVED CVE-2022-20757 RESERVED CVE-2022-20756 RESERVED CVE-2022-20755 RESERVED CVE-2022-20754 RESERVED CVE-2022-20753 RESERVED CVE-2022-20752 RESERVED CVE-2022-20751 RESERVED CVE-2022-20750 RESERVED CVE-2022-20749 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20748 RESERVED CVE-2022-20747 RESERVED CVE-2022-20746 RESERVED CVE-2022-20745 RESERVED CVE-2022-20744 RESERVED CVE-2022-20743 RESERVED CVE-2022-20742 RESERVED CVE-2022-20741 RESERVED CVE-2022-20740 RESERVED CVE-2022-20739 RESERVED CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service could ...) NOT-FOR-US: Cisco CVE-2022-20737 RESERVED CVE-2022-20736 RESERVED CVE-2022-20735 RESERVED CVE-2022-20734 RESERVED CVE-2022-20733 RESERVED CVE-2022-20732 RESERVED CVE-2022-20731 RESERVED CVE-2022-20730 RESERVED CVE-2022-20729 RESERVED CVE-2022-20728 RESERVED CVE-2022-20727 RESERVED CVE-2022-20726 RESERVED CVE-2022-20725 RESERVED CVE-2022-20724 RESERVED CVE-2022-20723 RESERVED CVE-2022-20722 RESERVED CVE-2022-20721 RESERVED CVE-2022-20720 RESERVED CVE-2022-20719 RESERVED CVE-2022-20718 RESERVED CVE-2022-20717 RESERVED CVE-2022-20716 RESERVED CVE-2022-20715 RESERVED CVE-2022-20714 RESERVED CVE-2022-20713 RESERVED CVE-2022-20712 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20711 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20710 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20709 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20708 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20707 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20706 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20705 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20704 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20703 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20702 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20701 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20700 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20699 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20698 (A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) ...) - clamav 0.103.5+dfsg-1 [bullseye] - clamav (clamav is updated via -updates) [buster] - clamav (clamav is updated via -updates) [stretch] - clamav (Minor issue; clean crash; follow stable updates) NOTE: https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html NOTE: https://github.com/Cisco-Talos/clamav/commit/9a6bb57f89721db637f4ddb5b233c1c4e23d223a (0.103.5) CVE-2022-20697 RESERVED CVE-2022-20696 RESERVED CVE-2022-20695 RESERVED CVE-2022-20694 RESERVED CVE-2022-20693 RESERVED CVE-2022-20692 RESERVED CVE-2022-20691 RESERVED CVE-2022-20690 RESERVED CVE-2022-20689 RESERVED CVE-2022-20688 RESERVED CVE-2022-20687 RESERVED CVE-2022-20686 RESERVED CVE-2022-20685 RESERVED CVE-2022-20684 RESERVED CVE-2022-20683 RESERVED CVE-2022-20682 RESERVED CVE-2022-20681 RESERVED CVE-2022-20680 (A vulnerability in the web-based management interface of Cisco Prime S ...) NOT-FOR-US: Cisco CVE-2022-20679 RESERVED CVE-2022-20678 RESERVED CVE-2022-20677 RESERVED CVE-2022-20676 RESERVED CVE-2022-20675 RESERVED CVE-2022-20674 RESERVED CVE-2022-20673 RESERVED CVE-2022-20672 RESERVED CVE-2022-20671 RESERVED CVE-2022-20670 RESERVED CVE-2022-20669 RESERVED CVE-2022-20668 RESERVED CVE-2022-20667 RESERVED CVE-2022-20666 RESERVED CVE-2022-20665 RESERVED CVE-2022-20664 RESERVED CVE-2022-20663 RESERVED CVE-2022-20662 RESERVED CVE-2022-20661 RESERVED CVE-2022-20660 (A vulnerability in the information storage architecture of several Cis ...) NOT-FOR-US: Cisco CVE-2022-20659 RESERVED CVE-2022-20658 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2022-20657 RESERVED CVE-2022-20656 RESERVED CVE-2022-20655 RESERVED CVE-2022-20654 RESERVED CVE-2022-20653 RESERVED CVE-2022-20652 RESERVED CVE-2022-20651 RESERVED CVE-2022-20650 RESERVED CVE-2022-20649 RESERVED CVE-2022-20648 RESERVED CVE-2022-20647 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20646 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20645 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20644 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20643 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20642 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20641 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20640 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20639 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20638 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20637 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20636 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20635 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20634 RESERVED CVE-2022-20633 RESERVED CVE-2022-20632 RESERVED CVE-2022-20631 RESERVED CVE-2022-20630 (A vulnerability in the audit log of Cisco DNA Center could allow an au ...) NOT-FOR-US: Cisco CVE-2022-20629 RESERVED CVE-2022-20628 RESERVED CVE-2022-20627 RESERVED CVE-2022-20626 RESERVED CVE-2022-20625 RESERVED CVE-2022-20624 RESERVED CVE-2022-20623 RESERVED CVE-2022-20622 RESERVED CVE-2022-20621 (Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencr ...) NOT-FOR-US: Jenkins plugin CVE-2022-20620 (Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2022-20619 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket ...) NOT-FOR-US: Jenkins plugin CVE-2022-20618 (A missing permission check in Jenkins Bitbucket Branch Source Plugin 7 ...) NOT-FOR-US: Jenkins plugin CVE-2022-20617 (Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the n ...) NOT-FOR-US: Jenkins plugin CVE-2022-20616 (Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a ...) NOT-FOR-US: Jenkins plugin CVE-2022-20615 (Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML me ...) NOT-FOR-US: Jenkins plugin CVE-2022-20614 (A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4 ...) NOT-FOR-US: Jenkins plugin CVE-2022-20613 (A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Pl ...) NOT-FOR-US: Jenkins plugin CVE-2022-20612 (A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and ...) - jenkins CVE-2022-0005 RESERVED CVE-2022-0004 RESERVED CVE-2022-0003 RESERVED CVE-2022-0002 RESERVED CVE-2022-0001 RESERVED CVE-2022-20611 RESERVED CVE-2022-20610 RESERVED CVE-2022-20609 RESERVED CVE-2022-20608 RESERVED CVE-2022-20607 RESERVED CVE-2022-20606 RESERVED CVE-2022-20605 RESERVED CVE-2022-20604 RESERVED CVE-2022-20603 RESERVED CVE-2022-20602 RESERVED CVE-2022-20601 RESERVED CVE-2022-20600 RESERVED CVE-2022-20599 RESERVED CVE-2022-20598 RESERVED CVE-2022-20597 RESERVED CVE-2022-20596 RESERVED CVE-2022-20595 RESERVED CVE-2022-20594 RESERVED CVE-2022-20593 RESERVED CVE-2022-20592 RESERVED CVE-2022-20591 RESERVED CVE-2022-20590 RESERVED CVE-2022-20589 RESERVED CVE-2022-20588 RESERVED CVE-2022-20587 RESERVED CVE-2022-20586 RESERVED CVE-2022-20585 RESERVED CVE-2022-20584 RESERVED CVE-2022-20583 RESERVED CVE-2022-20582 RESERVED CVE-2022-20581 RESERVED CVE-2022-20580 RESERVED CVE-2022-20579 RESERVED CVE-2022-20578 RESERVED CVE-2022-20577 RESERVED CVE-2022-20576 RESERVED CVE-2022-20575 RESERVED CVE-2022-20574 RESERVED CVE-2022-20573 RESERVED CVE-2022-20572 RESERVED CVE-2022-20571 RESERVED CVE-2022-20570 RESERVED CVE-2022-20569 RESERVED CVE-2022-20568 RESERVED CVE-2022-20567 RESERVED CVE-2022-20566 RESERVED CVE-2022-20565 RESERVED CVE-2022-20564 RESERVED CVE-2022-20563 RESERVED CVE-2022-20562 RESERVED CVE-2022-20561 RESERVED CVE-2022-20560 RESERVED CVE-2022-20559 RESERVED CVE-2022-20558 RESERVED CVE-2022-20557 RESERVED CVE-2022-20556 RESERVED CVE-2022-20555 RESERVED CVE-2022-20554 RESERVED CVE-2022-20553 RESERVED CVE-2022-20552 RESERVED CVE-2022-20551 RESERVED CVE-2022-20550 RESERVED CVE-2022-20549 RESERVED CVE-2022-20548 RESERVED CVE-2022-20547 RESERVED CVE-2022-20546 RESERVED CVE-2022-20545 RESERVED CVE-2022-20544 RESERVED CVE-2022-20543 RESERVED CVE-2022-20542 RESERVED CVE-2022-20541 RESERVED CVE-2022-20540 RESERVED CVE-2022-20539 RESERVED CVE-2022-20538 RESERVED CVE-2022-20537 RESERVED CVE-2022-20536 RESERVED CVE-2022-20535 RESERVED CVE-2022-20534 RESERVED CVE-2022-20533 RESERVED CVE-2022-20532 RESERVED CVE-2022-20531 RESERVED CVE-2022-20530 RESERVED CVE-2022-20529 RESERVED CVE-2022-20528 RESERVED CVE-2022-20527 RESERVED CVE-2022-20526 RESERVED CVE-2022-20525 RESERVED CVE-2022-20524 RESERVED CVE-2022-20523 RESERVED CVE-2022-20522 RESERVED CVE-2022-20521 RESERVED CVE-2022-20520 RESERVED CVE-2022-20519 RESERVED CVE-2022-20518 RESERVED CVE-2022-20517 RESERVED CVE-2022-20516 RESERVED CVE-2022-20515 RESERVED CVE-2022-20514 RESERVED CVE-2022-20513 RESERVED CVE-2022-20512 RESERVED CVE-2022-20511 RESERVED CVE-2022-20510 RESERVED CVE-2022-20509 RESERVED CVE-2022-20508 RESERVED CVE-2022-20507 RESERVED CVE-2022-20506 RESERVED CVE-2022-20505 RESERVED CVE-2022-20504 RESERVED CVE-2022-20503 RESERVED CVE-2022-20502 RESERVED CVE-2022-20501 RESERVED CVE-2022-20500 RESERVED CVE-2022-20499 RESERVED CVE-2022-20498 RESERVED CVE-2022-20497 RESERVED CVE-2022-20496 RESERVED CVE-2022-20495 RESERVED CVE-2022-20494 RESERVED CVE-2022-20493 RESERVED CVE-2022-20492 RESERVED CVE-2022-20491 RESERVED CVE-2022-20490 RESERVED CVE-2022-20489 RESERVED CVE-2022-20488 RESERVED CVE-2022-20487 RESERVED CVE-2022-20486 RESERVED CVE-2022-20485 RESERVED CVE-2022-20484 RESERVED CVE-2022-20483 RESERVED CVE-2022-20482 RESERVED CVE-2022-20481 RESERVED CVE-2022-20480 RESERVED CVE-2022-20479 RESERVED CVE-2022-20478 RESERVED CVE-2022-20477 RESERVED CVE-2022-20476 RESERVED CVE-2022-20475 RESERVED CVE-2022-20474 RESERVED CVE-2022-20473 RESERVED CVE-2022-20472 RESERVED CVE-2022-20471 RESERVED CVE-2022-20470 RESERVED CVE-2022-20469 RESERVED CVE-2022-20468 RESERVED CVE-2022-20467 RESERVED CVE-2022-20466 RESERVED CVE-2022-20465 RESERVED CVE-2022-20464 RESERVED CVE-2022-20463 RESERVED CVE-2022-20462 RESERVED CVE-2022-20461 RESERVED CVE-2022-20460 RESERVED CVE-2022-20459 RESERVED CVE-2022-20458 RESERVED CVE-2022-20457 RESERVED CVE-2022-20456 RESERVED CVE-2022-20455 RESERVED CVE-2022-20454 RESERVED CVE-2022-20453 RESERVED CVE-2022-20452 RESERVED CVE-2022-20451 RESERVED CVE-2022-20450 RESERVED CVE-2022-20449 RESERVED CVE-2022-20448 RESERVED CVE-2022-20447 RESERVED CVE-2022-20446 RESERVED CVE-2022-20445 RESERVED CVE-2022-20444 RESERVED CVE-2022-20443 RESERVED CVE-2022-20442 RESERVED CVE-2022-20441 RESERVED CVE-2022-20440 RESERVED CVE-2022-20439 RESERVED CVE-2022-20438 RESERVED CVE-2022-20437 RESERVED CVE-2022-20436 RESERVED CVE-2022-20435 RESERVED CVE-2022-20434 RESERVED CVE-2022-20433 RESERVED CVE-2022-20432 RESERVED CVE-2022-20431 RESERVED CVE-2022-20430 RESERVED CVE-2022-20429 RESERVED CVE-2022-20428 RESERVED CVE-2022-20427 RESERVED CVE-2022-20426 RESERVED CVE-2022-20425 RESERVED CVE-2022-20424 RESERVED CVE-2022-20423 RESERVED CVE-2022-20422 RESERVED CVE-2022-20421 RESERVED CVE-2022-20420 RESERVED CVE-2022-20419 RESERVED CVE-2022-20418 RESERVED CVE-2022-20417 RESERVED CVE-2022-20416 RESERVED CVE-2022-20415 RESERVED CVE-2022-20414 RESERVED CVE-2022-20413 RESERVED CVE-2022-20412 RESERVED CVE-2022-20411 RESERVED CVE-2022-20410 RESERVED CVE-2022-20409 RESERVED CVE-2022-20408 RESERVED CVE-2022-20407 RESERVED CVE-2022-20406 RESERVED CVE-2022-20405 RESERVED CVE-2022-20404 RESERVED CVE-2022-20403 RESERVED CVE-2022-20402 RESERVED CVE-2022-20401 RESERVED CVE-2022-20400 RESERVED CVE-2022-20399 RESERVED CVE-2022-20398 RESERVED CVE-2022-20397 RESERVED CVE-2022-20396 RESERVED CVE-2022-20395 RESERVED CVE-2022-20394 RESERVED CVE-2022-20393 RESERVED CVE-2022-20392 RESERVED CVE-2022-20391 RESERVED CVE-2022-20390 RESERVED CVE-2022-20389 RESERVED CVE-2022-20388 RESERVED CVE-2022-20387 RESERVED CVE-2022-20386 RESERVED CVE-2022-20385 RESERVED CVE-2022-20384 RESERVED CVE-2022-20383 RESERVED CVE-2022-20382 RESERVED CVE-2022-20381 RESERVED CVE-2022-20380 RESERVED CVE-2022-20379 RESERVED CVE-2022-20378 RESERVED CVE-2022-20377 RESERVED CVE-2022-20376 RESERVED CVE-2022-20375 RESERVED CVE-2022-20374 RESERVED CVE-2022-20373 RESERVED CVE-2022-20372 RESERVED CVE-2022-20371 RESERVED CVE-2022-20370 RESERVED CVE-2022-20369 RESERVED CVE-2022-20368 RESERVED CVE-2022-20367 RESERVED CVE-2022-20366 RESERVED CVE-2022-20365 RESERVED CVE-2022-20364 RESERVED CVE-2022-20363 RESERVED CVE-2022-20362 RESERVED CVE-2022-20361 RESERVED CVE-2022-20360 RESERVED CVE-2022-20359 RESERVED CVE-2022-20358 RESERVED CVE-2022-20357 RESERVED CVE-2022-20356 RESERVED CVE-2022-20355 RESERVED CVE-2022-20354 RESERVED CVE-2022-20353 RESERVED CVE-2022-20352 RESERVED CVE-2022-20351 RESERVED CVE-2022-20350 RESERVED CVE-2022-20349 RESERVED CVE-2022-20348 RESERVED CVE-2022-20347 RESERVED CVE-2022-20346 RESERVED CVE-2022-20345 RESERVED CVE-2022-20344 RESERVED CVE-2022-20343 RESERVED CVE-2022-20342 RESERVED CVE-2022-20341 RESERVED CVE-2022-20340 RESERVED CVE-2022-20339 RESERVED CVE-2022-20338 RESERVED CVE-2022-20337 RESERVED CVE-2022-20336 RESERVED CVE-2022-20335 RESERVED CVE-2022-20334 RESERVED CVE-2022-20333 RESERVED CVE-2022-20332 RESERVED CVE-2022-20331 RESERVED CVE-2022-20330 RESERVED CVE-2022-20329 RESERVED CVE-2022-20328 RESERVED CVE-2022-20327 RESERVED CVE-2022-20326 RESERVED CVE-2022-20325 RESERVED CVE-2022-20324 RESERVED CVE-2022-20323 RESERVED CVE-2022-20322 RESERVED CVE-2022-20321 RESERVED CVE-2022-20320 RESERVED CVE-2022-20319 RESERVED CVE-2022-20318 RESERVED CVE-2022-20317 RESERVED CVE-2022-20316 RESERVED CVE-2022-20315 RESERVED CVE-2022-20314 RESERVED CVE-2022-20313 RESERVED CVE-2022-20312 RESERVED CVE-2022-20311 RESERVED CVE-2022-20310 RESERVED CVE-2022-20309 RESERVED CVE-2022-20308 RESERVED CVE-2022-20307 RESERVED CVE-2022-20306 RESERVED CVE-2022-20305 RESERVED CVE-2022-20304 RESERVED CVE-2022-20303 RESERVED CVE-2022-20302 RESERVED CVE-2022-20301 RESERVED CVE-2022-20300 RESERVED CVE-2022-20299 RESERVED CVE-2022-20298 RESERVED CVE-2022-20297 RESERVED CVE-2022-20296 RESERVED CVE-2022-20295 RESERVED CVE-2022-20294 RESERVED CVE-2022-20293 RESERVED CVE-2022-20292 RESERVED CVE-2022-20291 RESERVED CVE-2022-20290 RESERVED CVE-2022-20289 RESERVED CVE-2022-20288 RESERVED CVE-2022-20287 RESERVED CVE-2022-20286 RESERVED CVE-2022-20285 RESERVED CVE-2022-20284 RESERVED CVE-2022-20283 RESERVED CVE-2022-20282 RESERVED CVE-2022-20281 RESERVED CVE-2022-20280 RESERVED CVE-2022-20279 RESERVED CVE-2022-20278 RESERVED CVE-2022-20277 RESERVED CVE-2022-20276 RESERVED CVE-2022-20275 RESERVED CVE-2022-20274 RESERVED CVE-2022-20273 RESERVED CVE-2022-20272 RESERVED CVE-2022-20271 RESERVED CVE-2022-20270 RESERVED CVE-2022-20269 RESERVED CVE-2022-20268 RESERVED CVE-2022-20267 RESERVED CVE-2022-20266 RESERVED CVE-2022-20265 RESERVED CVE-2022-20264 RESERVED CVE-2022-20263 RESERVED CVE-2022-20262 RESERVED CVE-2022-20261 RESERVED CVE-2022-20260 RESERVED CVE-2022-20259 RESERVED CVE-2022-20258 RESERVED CVE-2022-20257 RESERVED CVE-2022-20256 RESERVED CVE-2022-20255 RESERVED CVE-2022-20254 RESERVED CVE-2022-20253 RESERVED CVE-2022-20252 RESERVED CVE-2022-20251 RESERVED CVE-2022-20250 RESERVED CVE-2022-20249 RESERVED CVE-2022-20248 RESERVED CVE-2022-20247 RESERVED CVE-2022-20246 RESERVED CVE-2022-20245 RESERVED CVE-2022-20244 RESERVED CVE-2022-20243 RESERVED CVE-2022-20242 RESERVED CVE-2022-20241 RESERVED CVE-2022-20240 RESERVED CVE-2022-20239 RESERVED CVE-2022-20238 RESERVED CVE-2022-20237 RESERVED CVE-2022-20236 RESERVED CVE-2022-20235 RESERVED CVE-2022-20234 RESERVED CVE-2022-20233 RESERVED CVE-2022-20232 RESERVED CVE-2022-20231 RESERVED CVE-2022-20230 RESERVED CVE-2022-20229 RESERVED CVE-2022-20228 RESERVED CVE-2022-20227 RESERVED CVE-2022-20226 RESERVED CVE-2022-20225 RESERVED CVE-2022-20224 RESERVED CVE-2022-20223 RESERVED CVE-2022-20222 RESERVED CVE-2022-20221 RESERVED CVE-2022-20220 RESERVED CVE-2022-20219 RESERVED CVE-2022-20218 RESERVED CVE-2022-20217 RESERVED CVE-2022-20216 RESERVED CVE-2022-20215 RESERVED CVE-2022-20214 RESERVED CVE-2022-20213 RESERVED CVE-2022-20212 RESERVED CVE-2022-20211 RESERVED CVE-2022-20210 RESERVED CVE-2022-20209 RESERVED CVE-2022-20208 RESERVED CVE-2022-20207 RESERVED CVE-2022-20206 RESERVED CVE-2022-20205 RESERVED CVE-2022-20204 RESERVED CVE-2022-20203 RESERVED CVE-2022-20202 RESERVED CVE-2022-20201 RESERVED CVE-2022-20200 RESERVED CVE-2022-20199 RESERVED CVE-2022-20198 RESERVED CVE-2022-20197 RESERVED CVE-2022-20196 RESERVED CVE-2022-20195 RESERVED CVE-2022-20194 RESERVED CVE-2022-20193 RESERVED CVE-2022-20192 RESERVED CVE-2022-20191 RESERVED CVE-2022-20190 RESERVED CVE-2022-20189 RESERVED CVE-2022-20188 RESERVED CVE-2022-20187 RESERVED CVE-2022-20186 RESERVED CVE-2022-20185 RESERVED CVE-2022-20184 RESERVED CVE-2022-20183 RESERVED CVE-2022-20182 RESERVED CVE-2022-20181 RESERVED CVE-2022-20180 RESERVED CVE-2022-20179 RESERVED CVE-2022-20178 RESERVED CVE-2022-20177 RESERVED CVE-2022-20176 RESERVED CVE-2022-20175 RESERVED CVE-2022-20174 RESERVED CVE-2022-20173 RESERVED CVE-2022-20172 RESERVED CVE-2022-20171 RESERVED CVE-2022-20170 RESERVED CVE-2022-20169 RESERVED CVE-2022-20168 RESERVED CVE-2022-20167 RESERVED CVE-2022-20166 RESERVED CVE-2022-20165 RESERVED CVE-2022-20164 RESERVED CVE-2022-20163 RESERVED CVE-2022-20162 RESERVED CVE-2022-20161 RESERVED CVE-2022-20160 RESERVED CVE-2022-20159 RESERVED CVE-2022-20158 RESERVED CVE-2022-20157 RESERVED CVE-2022-20156 RESERVED CVE-2022-20155 RESERVED CVE-2022-20154 RESERVED CVE-2022-20153 RESERVED CVE-2022-20152 RESERVED CVE-2022-20151 RESERVED CVE-2022-20150 RESERVED CVE-2022-20149 RESERVED CVE-2022-20148 RESERVED CVE-2022-20147 RESERVED CVE-2022-20146 RESERVED CVE-2022-20145 RESERVED CVE-2022-20144 RESERVED CVE-2022-20143 RESERVED CVE-2022-20142 RESERVED CVE-2022-20141 RESERVED CVE-2022-20140 RESERVED CVE-2022-20139 RESERVED CVE-2022-20138 RESERVED CVE-2022-20137 RESERVED CVE-2022-20136 RESERVED CVE-2022-20135 RESERVED CVE-2022-20134 RESERVED CVE-2022-20133 RESERVED CVE-2022-20132 RESERVED CVE-2022-20131 RESERVED CVE-2022-20130 RESERVED CVE-2022-20129 RESERVED CVE-2022-20128 RESERVED CVE-2022-20127 RESERVED CVE-2022-20126 RESERVED CVE-2022-20125 RESERVED CVE-2022-20124 RESERVED CVE-2022-20123 RESERVED CVE-2022-20122 RESERVED CVE-2022-20121 RESERVED CVE-2022-20120 RESERVED CVE-2022-20119 RESERVED CVE-2022-20118 RESERVED CVE-2022-20117 RESERVED CVE-2022-20116 RESERVED CVE-2022-20115 RESERVED CVE-2022-20114 RESERVED CVE-2022-20113 RESERVED CVE-2022-20112 RESERVED CVE-2022-20111 RESERVED CVE-2022-20110 RESERVED CVE-2022-20109 RESERVED CVE-2022-20108 RESERVED CVE-2022-20107 RESERVED CVE-2022-20106 RESERVED CVE-2022-20105 RESERVED CVE-2022-20104 RESERVED CVE-2022-20103 RESERVED CVE-2022-20102 RESERVED CVE-2022-20101 RESERVED CVE-2022-20100 RESERVED CVE-2022-20099 RESERVED CVE-2022-20098 RESERVED CVE-2022-20097 RESERVED CVE-2022-20096 RESERVED CVE-2022-20095 RESERVED CVE-2022-20094 RESERVED CVE-2022-20093 RESERVED CVE-2022-20092 RESERVED CVE-2022-20091 RESERVED CVE-2022-20090 RESERVED CVE-2022-20089 RESERVED CVE-2022-20088 RESERVED CVE-2022-20087 RESERVED CVE-2022-20086 RESERVED CVE-2022-20085 RESERVED CVE-2022-20084 RESERVED CVE-2022-20083 RESERVED CVE-2022-20082 RESERVED CVE-2022-20081 RESERVED CVE-2022-20080 RESERVED CVE-2022-20079 RESERVED CVE-2022-20078 RESERVED CVE-2022-20077 RESERVED CVE-2022-20076 RESERVED CVE-2022-20075 RESERVED CVE-2022-20074 RESERVED CVE-2022-20073 RESERVED CVE-2022-20072 RESERVED CVE-2022-20071 RESERVED CVE-2022-20070 RESERVED CVE-2022-20069 RESERVED CVE-2022-20068 RESERVED CVE-2022-20067 RESERVED CVE-2022-20066 RESERVED CVE-2022-20065 RESERVED CVE-2022-20064 RESERVED CVE-2022-20063 RESERVED CVE-2022-20062 RESERVED CVE-2022-20061 RESERVED CVE-2022-20060 RESERVED CVE-2022-20059 RESERVED CVE-2022-20058 RESERVED CVE-2022-20057 RESERVED CVE-2022-20056 RESERVED CVE-2022-20055 RESERVED CVE-2022-20054 RESERVED CVE-2022-20053 RESERVED CVE-2022-20052 RESERVED CVE-2022-20051 RESERVED CVE-2022-20050 RESERVED CVE-2022-20049 RESERVED CVE-2022-20048 RESERVED CVE-2022-20047 RESERVED CVE-2022-20046 (In Bluetooth, there is a possible memory corruption due to a logic err ...) NOT-FOR-US: MediaTek CVE-2022-20045 (In Bluetooth, there is a possible service crash due to a use after fre ...) NOT-FOR-US: MediaTek CVE-2022-20044 (In Bluetooth, there is a possible service crash due to a use after fre ...) NOT-FOR-US: MediaTek CVE-2022-20043 (In Bluetooth, there is a possible escalation of privilege due to a mis ...) NOT-FOR-US: MediaTek CVE-2022-20042 (In Bluetooth, there is a possible information disclosure due to incorr ...) NOT-FOR-US: MediaTek CVE-2022-20041 (In Bluetooth, there is a possible escalation of privilege due to a mis ...) NOT-FOR-US: MediaTek CVE-2022-20040 (In power_hal_manager_service, there is a possible permission bypass du ...) NOT-FOR-US: MediaTek CVE-2022-20039 (In ccu driver, there is a possible memory corruption due to an integer ...) NOT-FOR-US: MediaTek CVE-2022-20038 (In ccu driver, there is a possible memory corruption due to an incorre ...) NOT-FOR-US: MediaTek CVE-2022-20037 (In ion driver, there is a possible information disclosure due to an in ...) NOT-FOR-US: MediaTek CVE-2022-20036 (In ion driver, there is a possible information disclosure due to an in ...) NOT-FOR-US: MediaTek CVE-2022-20035 (In vcu driver, there is a possible information disclosure due to a use ...) NOT-FOR-US: MediaTek CVE-2022-20034 (In Preloader XFLASH, there is a possible escalation of privilege due t ...) NOT-FOR-US: MediaTek CVE-2022-20033 (In camera driver, there is a possible out of bounds read due to an inc ...) NOT-FOR-US: MediaTek CVE-2022-20032 (In vow driver, there is a possible memory corruption due to a race con ...) NOT-FOR-US: MediaTek CVE-2022-20031 (In fb driver, there is a possible memory corruption due to a use after ...) NOT-FOR-US: MediaTek CVE-2022-20030 (In vow driver, there is a possible out of bounds write due to a stack- ...) NOT-FOR-US: MediaTek CVE-2022-20029 (In cmdq driver, there is a possible out of bounds read due to an incor ...) NOT-FOR-US: MediaTek CVE-2022-20028 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek CVE-2022-20027 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek CVE-2022-20026 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek CVE-2022-20025 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek CVE-2022-20024 (In system service, there is a possible permission bypass due to a miss ...) NOT-FOR-US: MediaTek CVE-2022-20023 (In Bluetooth, there is a possible application crash due to bluetooth f ...) NOT-FOR-US: MediaTek CVE-2022-20022 (In Bluetooth, there is a possible link disconnection due to bluetooth ...) NOT-FOR-US: MediaTek CVE-2022-20021 (In Bluetooth, there is a possible application crash due to bluetooth d ...) NOT-FOR-US: MediaTek CVE-2022-20020 (In libvcodecdrv, there is a possible information disclosure due to a m ...) NOT-FOR-US: MediaTek CVE-2022-20019 (In libMtkOmxGsmDec, there is a possible information disclosure due to ...) NOT-FOR-US: MediaTek CVE-2022-20018 (In seninf driver, there is a possible information disclosure due to un ...) NOT-FOR-US: MediaTek CVE-2022-20017 (In ion driver, there is a possible information disclosure due to an in ...) NOT-FOR-US: MediaTek CVE-2022-20016 (In vow driver, there is a possible memory corruption due to improper l ...) NOT-FOR-US: MediaTek CVE-2022-20015 (In kd_camera_hw driver, there is a possible information disclosure due ...) NOT-FOR-US: MediaTek CVE-2022-20014 (In vow driver, there is a possible memory corruption due to improper i ...) NOT-FOR-US: MediaTek CVE-2022-20013 (In vow driver, there is a possible memory corruption due to a race con ...) NOT-FOR-US: MediaTek CVE-2022-20012 (In mdp driver, there is a possible memory corruption due to an integer ...) NOT-FOR-US: MediaTek CVE-2022-20011 RESERVED CVE-2022-20010 RESERVED CVE-2022-20009 RESERVED CVE-2022-20008 RESERVED CVE-2022-20007 RESERVED CVE-2022-20006 RESERVED CVE-2022-20005 RESERVED CVE-2022-20004 RESERVED CVE-2022-20003 RESERVED CVE-2022-20002 RESERVED CVE-2022-20001 RESERVED CVE-2022-22590 [A use after free issue was addressed with improved memory management] RESERVED - webkit2gtk 2.34.5-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.5-1 NOTE: https://webkitgtk.org/security/WSA-2022-0002.html CVE-2022-22592 [A logic issue was addressed with improved state management] RESERVED - webkit2gtk 2.34.5-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.5-1 NOTE: https://webkitgtk.org/security/WSA-2022-0002.html