From 9901a0299747c0d6d5b5179857bd364890288f80 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 27 May 2022 20:10:19 +0000 Subject: automatic update --- data/CVE/list | 247 +++++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 165 insertions(+), 82 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 5d8e4e8f63..734bc977a0 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,85 @@ +CVE-2022-31780 + RESERVED +CVE-2022-31779 + RESERVED +CVE-2022-31778 + RESERVED +CVE-2022-31777 + RESERVED +CVE-2022-31776 + RESERVED +CVE-2022-31775 + RESERVED +CVE-2022-31774 + RESERVED +CVE-2022-31773 + RESERVED +CVE-2022-31772 + RESERVED +CVE-2022-31771 + RESERVED +CVE-2022-31770 + RESERVED +CVE-2022-31769 + RESERVED +CVE-2022-31768 + RESERVED +CVE-2022-31767 + RESERVED +CVE-2022-31766 + RESERVED +CVE-2022-31765 + RESERVED +CVE-2022-31764 + RESERVED +CVE-2022-1925 + RESERVED +CVE-2022-1924 + RESERVED +CVE-2022-1923 + RESERVED +CVE-2022-1922 + RESERVED +CVE-2022-1921 + RESERVED +CVE-2022-1920 + RESERVED +CVE-2022-1919 + RESERVED +CVE-2022-1918 + RESERVED +CVE-2022-1917 + RESERVED +CVE-2022-1916 + RESERVED +CVE-2022-1915 + RESERVED +CVE-2022-1914 + RESERVED +CVE-2022-1913 + RESERVED +CVE-2022-1912 + RESERVED +CVE-2022-1911 + RESERVED +CVE-2022-1910 + RESERVED +CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organ ...) + TODO: check +CVE-2022-1908 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) + TODO: check +CVE-2022-1907 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) + TODO: check +CVE-2022-1906 + RESERVED +CVE-2022-1905 + RESERVED +CVE-2022-1904 + RESERVED +CVE-2022-1903 + RESERVED +CVE-2020-36528 + RESERVED CVE-2022-31763 RESERVED CVE-2022-31762 @@ -84,10 +166,10 @@ CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior t - radare2 NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04 NOTE: https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d -CVE-2022-1898 - RESERVED -CVE-2022-1897 - RESERVED +CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) + TODO: check +CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...) + TODO: check CVE-2022-1896 RESERVED CVE-2022-1895 @@ -3454,30 +3536,30 @@ CVE-2022-30516 (In Hospital-Management-System v1.0, the editid parameter in the NOT-FOR-US: Hospital-Management-System CVE-2022-30515 RESERVED -CVE-2022-30514 - RESERVED -CVE-2022-30513 - RESERVED -CVE-2022-30512 - RESERVED -CVE-2022-30511 - RESERVED -CVE-2022-30510 - RESERVED +CVE-2022-30514 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...) + TODO: check +CVE-2022-30513 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...) + TODO: check +CVE-2022-30512 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...) + TODO: check +CVE-2022-30511 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...) + TODO: check +CVE-2022-30510 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...) + TODO: check CVE-2022-30509 RESERVED CVE-2022-30508 (DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vuln ...) NOT-FOR-US: DedeCMS CVE-2022-30507 RESERVED -CVE-2022-30506 - RESERVED +CVE-2022-30506 (An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, a ...) + TODO: check CVE-2022-30505 RESERVED CVE-2022-30504 RESERVED -CVE-2022-30503 - RESERVED +CVE-2022-30503 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) + TODO: check CVE-2022-30502 RESERVED CVE-2022-30501 @@ -3632,12 +3714,12 @@ CVE-2022-30427 (In ginadmin through 05-10-2022 the incoming path value is not fi TODO: check CVE-2022-30426 RESERVED -CVE-2022-30425 - RESERVED +CVE-2022-30425 (Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a ...) + TODO: check CVE-2022-30424 RESERVED -CVE-2022-30423 - RESERVED +CVE-2022-30423 (Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execu ...) + TODO: check CVE-2022-30422 RESERVED CVE-2022-30421 @@ -3778,14 +3860,14 @@ CVE-2022-30354 RESERVED CVE-2022-30353 RESERVED -CVE-2022-30352 - RESERVED +CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanit ...) + TODO: check CVE-2022-30351 RESERVED CVE-2022-30350 RESERVED -CVE-2022-30349 - RESERVED +CVE-2022-30349 (siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). ...) + TODO: check CVE-2022-30348 RESERVED CVE-2022-30347 @@ -3881,8 +3963,8 @@ CVE-2022-30326 RESERVED CVE-2022-30325 RESERVED -CVE-2022-30324 - RESERVED +CVE-2022-30324 (HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were im ...) + TODO: check CVE-2022-30323 (HashiCorp go-getter through 2.0.2 does not safely perform downloads (i ...) - golang-github-hashicorp-go-getter (bug #1011741) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 @@ -5640,10 +5722,10 @@ CVE-2022-29782 RESERVED CVE-2022-29781 RESERVED -CVE-2022-29780 - RESERVED -CVE-2022-29779 - RESERVED +CVE-2022-29780 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) + TODO: check +CVE-2022-29779 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) + TODO: check CVE-2022-29778 RESERVED CVE-2022-29777 @@ -5730,20 +5812,20 @@ CVE-2022-29737 RESERVED CVE-2022-29736 RESERVED -CVE-2022-29735 - RESERVED -CVE-2022-29734 - RESERVED -CVE-2022-29733 - RESERVED -CVE-2022-29732 - RESERVED -CVE-2022-29731 - RESERVED -CVE-2022-29730 - RESERVED -CVE-2022-29729 - RESERVED +CVE-2022-29735 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows ...) + TODO: check +CVE-2022-29734 (A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 ...) + TODO: check +CVE-2022-29733 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was dis ...) + TODO: check +CVE-2022-29732 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was dis ...) + TODO: check +CVE-2022-29731 (An access control issue in ICT Protege GX/WX 2.08 allows attackers to ...) + TODO: check +CVE-2022-29730 (USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered t ...) + TODO: check +CVE-2022-29729 (Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak ...) + TODO: check CVE-2022-29728 (Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-s ...) NOT-FOR-US: Survey Sparrow Enterprise Survey Software CVE-2022-29727 (Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site ...) @@ -6047,8 +6129,8 @@ CVE-2022-1443 RESERVED CVE-2022-1442 (The Metform WordPress plugin is vulnerable to sensitive information di ...) NOT-FOR-US: WordPress plugin -CVE-2022-29598 - RESERVED +CVE-2022-29598 (Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerabl ...) + TODO: check CVE-2022-29597 RESERVED CVE-2022-29596 (MicroStrategy Enterprise Manager 2022 allows authentication bypass by ...) @@ -18450,8 +18532,8 @@ CVE-2022-25239 RESERVED CVE-2022-25238 RESERVED -CVE-2022-25237 - RESERVED +CVE-2022-25237 (Bonita Web 2021.2 is affected by a authentication/authorization bypass ...) + TODO: check CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...) {DSA-5085-1 DLA-2935-1} - expat 2.4.5-1 (bug #1005895) @@ -39974,10 +40056,10 @@ CVE-2022-20809 (Multiple vulnerabilities in the API and web-based management int NOT-FOR-US: Cisco CVE-2022-20808 RESERVED -CVE-2022-20807 - RESERVED -CVE-2022-20806 - RESERVED +CVE-2022-20807 (Multiple vulnerabilities in the API and web-based management interface ...) + TODO: check +CVE-2022-20806 (Multiple vulnerabilities in the API and web-based management interface ...) + TODO: check CVE-2022-20805 (A vulnerability in the automatic decryption process in Cisco Umbrella ...) NOT-FOR-US: Cisco CVE-2022-20804 (A vulnerability in the Cisco Discovery Protocol of Cisco Unified Commu ...) @@ -39986,8 +40068,8 @@ CVE-2022-20803 RESERVED - clamav (Only affects 0.104.x) NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html -CVE-2022-20802 - RESERVED +CVE-2022-20802 (A vulnerability in the web interface of Cisco Enterprise Chat and Emai ...) + TODO: check CVE-2022-20801 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20800 @@ -39996,8 +40078,8 @@ CVE-2022-20799 (Multiple vulnerabilities in the web-based management interface o NOT-FOR-US: Cisco CVE-2022-20798 RESERVED -CVE-2022-20797 - RESERVED +CVE-2022-20797 (A vulnerability in the web-based management interface of Cisco Secure ...) + TODO: check CVE-2022-20796 (On May 4, 2022, the following vulnerability in the ClamAV scanning lib ...) - clamav 0.103.6+dfsg-1 [bullseye] - clamav (clamav is updated via -updates) @@ -40076,8 +40158,8 @@ CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco F NOT-FOR-US: Cisco Firepower CVE-2022-20766 RESERVED -CVE-2022-20765 - RESERVED +CVE-2022-20765 (A vulnerability in the web applications of Cisco UCS Director could al ...) + TODO: check CVE-2022-20764 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...) NOT-FOR-US: Cisco CVE-2022-20763 (A vulnerability in the login authorization components of Cisco Webex M ...) @@ -40263,24 +40345,24 @@ CVE-2022-20676 (A vulnerability in the Tool Command Language (Tcl) interpreter o NOT-FOR-US: Cisco CVE-2022-20675 (A vulnerability in the TCP/IP stack of Cisco Email Security Appliance ...) NOT-FOR-US: Cisco -CVE-2022-20674 - RESERVED -CVE-2022-20673 - RESERVED -CVE-2022-20672 - RESERVED -CVE-2022-20671 - RESERVED -CVE-2022-20670 - RESERVED -CVE-2022-20669 - RESERVED -CVE-2022-20668 - RESERVED -CVE-2022-20667 - RESERVED -CVE-2022-20666 - RESERVED +CVE-2022-20674 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2022-20673 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2022-20672 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2022-20671 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2022-20670 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2022-20669 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2022-20668 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2022-20667 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2022-20666 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an authenticate ...) NOT-FOR-US: Cisco CVE-2022-20664 @@ -80835,10 +80917,10 @@ CVE-2021-27783 (User generated PPKG file for Bulk Enroll may have unencrypted se NOT-FOR-US: HCL CVE-2021-27782 RESERVED -CVE-2021-27781 - RESERVED -CVE-2021-27780 - RESERVED +CVE-2021-27781 (The Master operator may be able to embed script tag in HTML with alert ...) + TODO: check +CVE-2021-27780 (The software may be vulnerable to both Un-Auth XML interaction and una ...) + TODO: check CVE-2021-27779 (VersionVault Express exposes sensitive information that an attacker ca ...) NOT-FOR-US: HCL CVE-2021-27778 @@ -201240,6 +201322,7 @@ CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplic NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4 CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed zip arc ...) + {DLA-3030-1} - zipios++ 0.1.5.9+cvs.2007.04.28-11 (low; bug #932556) [buster] - zipios++ 0.1.5.9+cvs.2007.04.28-10+deb10u1 [jessie] - zipios++ (Minor issue) -- cgit v1.2.3