Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2d7ead13 by security tracker role at 2022-04-08T20:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,4 +1,474 @@ -CVE-2022-28796 [jbd2: fix use-after-free of transaction_t race] +CVE-2022-28857 + RESERVED +CVE-2022-28856 + RESERVED +CVE-2022-28855 + RESERVED +CVE-2022-28854 + RESERVED +CVE-2022-28853 + RESERVED +CVE-2022-28852 + RESERVED +CVE-2022-28851 + RESERVED +CVE-2022-28850 + RESERVED +CVE-2022-28849 + RESERVED +CVE-2022-28848 + RESERVED +CVE-2022-28847 + RESERVED +CVE-2022-28846 + RESERVED +CVE-2022-28845 + RESERVED +CVE-2022-28844 + RESERVED +CVE-2022-28843 + RESERVED +CVE-2022-28842 + RESERVED +CVE-2022-28841 + RESERVED +CVE-2022-28840 + RESERVED +CVE-2022-28839 + RESERVED +CVE-2022-28838 + RESERVED +CVE-2022-28837 + RESERVED +CVE-2022-28836 + RESERVED +CVE-2022-28835 + RESERVED +CVE-2022-28834 + RESERVED +CVE-2022-28833 + RESERVED +CVE-2022-28832 + RESERVED +CVE-2022-28831 + RESERVED +CVE-2022-28830 + RESERVED +CVE-2022-28829 + RESERVED +CVE-2022-28828 + RESERVED +CVE-2022-28827 + RESERVED +CVE-2022-28826 + RESERVED +CVE-2022-28825 + RESERVED +CVE-2022-28824 + RESERVED +CVE-2022-28823 + RESERVED +CVE-2022-28822 + RESERVED +CVE-2022-28821 + RESERVED +CVE-2022-28820 + RESERVED +CVE-2022-28819 + RESERVED +CVE-2022-28818 + RESERVED +CVE-2022-28817 + RESERVED +CVE-2022-28816 + RESERVED +CVE-2022-28815 + RESERVED +CVE-2022-28814 + RESERVED +CVE-2022-28813 + RESERVED +CVE-2022-28812 + RESERVED +CVE-2022-28811 + RESERVED +CVE-2022-28810 + RESERVED +CVE-2022-28809 + RESERVED +CVE-2022-28808 + RESERVED +CVE-2022-28807 + RESERVED +CVE-2022-28806 + RESERVED +CVE-2022-28805 (singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2a ...) + TODO: check +CVE-2022-28804 + RESERVED +CVE-2022-28803 + RESERVED +CVE-2022-28802 + RESERVED +CVE-2022-28801 + RESERVED +CVE-2022-28800 + RESERVED +CVE-2022-28799 + RESERVED +CVE-2022-28798 + RESERVED +CVE-2022-28797 + RESERVED +CVE-2022-28795 + RESERVED +CVE-2022-28794 + RESERVED +CVE-2022-28793 + RESERVED +CVE-2022-28792 + RESERVED +CVE-2022-28791 + RESERVED +CVE-2022-28790 + RESERVED +CVE-2022-28789 + RESERVED +CVE-2022-28788 + RESERVED +CVE-2022-28787 + RESERVED +CVE-2022-28786 + RESERVED +CVE-2022-28785 + RESERVED +CVE-2022-28784 + RESERVED +CVE-2022-28783 + RESERVED +CVE-2022-28782 + RESERVED +CVE-2022-28781 + RESERVED +CVE-2022-28780 + RESERVED +CVE-2022-28779 + RESERVED +CVE-2022-28778 + RESERVED +CVE-2022-28777 + RESERVED +CVE-2022-28776 + RESERVED +CVE-2022-28775 + RESERVED +CVE-2022-28774 + RESERVED +CVE-2022-28773 + RESERVED +CVE-2022-28772 + RESERVED +CVE-2022-28771 + RESERVED +CVE-2022-28770 + RESERVED +CVE-2022-28769 + RESERVED +CVE-2022-28768 + RESERVED +CVE-2022-28767 + RESERVED +CVE-2022-28766 + RESERVED +CVE-2022-28765 + RESERVED +CVE-2022-28764 + RESERVED +CVE-2022-28763 + RESERVED +CVE-2022-28762 + RESERVED +CVE-2022-28761 + RESERVED +CVE-2022-28760 + RESERVED +CVE-2022-28759 + RESERVED +CVE-2022-28758 + RESERVED +CVE-2022-28757 + RESERVED +CVE-2022-28756 + RESERVED +CVE-2022-28755 + RESERVED +CVE-2022-28754 + RESERVED +CVE-2022-28753 + RESERVED +CVE-2022-28752 + RESERVED +CVE-2022-28751 + RESERVED +CVE-2022-28750 + RESERVED +CVE-2022-28749 + RESERVED +CVE-2022-28748 + RESERVED +CVE-2022-28747 + RESERVED +CVE-2022-28746 + RESERVED +CVE-2022-28745 + RESERVED +CVE-2022-28744 + RESERVED +CVE-2022-28743 + RESERVED +CVE-2022-28742 + RESERVED +CVE-2022-28741 + RESERVED +CVE-2022-28740 + RESERVED +CVE-2022-28739 + RESERVED +CVE-2022-28738 + RESERVED +CVE-2022-28737 + RESERVED +CVE-2022-28736 + RESERVED +CVE-2022-28735 + RESERVED +CVE-2022-28734 + RESERVED +CVE-2022-28733 + RESERVED +CVE-2022-28732 + RESERVED +CVE-2022-28731 + RESERVED +CVE-2022-28730 + RESERVED +CVE-2022-28729 + RESERVED +CVE-2022-28728 + RESERVED +CVE-2022-28727 + RESERVED +CVE-2022-28726 + RESERVED +CVE-2022-28725 + RESERVED +CVE-2022-28724 + RESERVED +CVE-2022-28723 + RESERVED +CVE-2022-28722 + RESERVED +CVE-2022-28721 + RESERVED +CVE-2022-28720 + RESERVED +CVE-2022-28711 + RESERVED +CVE-2022-28709 + RESERVED +CVE-2022-28698 + RESERVED +CVE-2022-28696 + RESERVED +CVE-2022-28694 + RESERVED +CVE-2022-28688 + RESERVED +CVE-2022-28687 + RESERVED +CVE-2022-28686 + RESERVED +CVE-2022-28685 + RESERVED +CVE-2022-28684 + RESERVED +CVE-2022-28683 + RESERVED +CVE-2022-28682 + RESERVED +CVE-2022-28681 + RESERVED +CVE-2022-28680 + RESERVED +CVE-2022-28679 + RESERVED +CVE-2022-28678 + RESERVED +CVE-2022-28677 + RESERVED +CVE-2022-28676 + RESERVED +CVE-2022-28675 + RESERVED +CVE-2022-28674 + RESERVED +CVE-2022-28673 + RESERVED +CVE-2022-28672 + RESERVED +CVE-2022-28671 + RESERVED +CVE-2022-28670 + RESERVED +CVE-2022-28669 + RESERVED +CVE-2022-28668 + RESERVED +CVE-2022-28667 + RESERVED +CVE-2022-28665 + RESERVED +CVE-2022-28664 + RESERVED +CVE-2022-28611 + RESERVED +CVE-2022-28126 + RESERVED +CVE-2022-27879 + RESERVED +CVE-2022-27876 + RESERVED +CVE-2022-27874 + RESERVED +CVE-2022-27639 + RESERVED +CVE-2022-27638 + RESERVED +CVE-2022-27631 + RESERVED +CVE-2022-27499 + RESERVED +CVE-2022-27234 + RESERVED +CVE-2022-27187 + RESERVED +CVE-2022-27173 + RESERVED +CVE-2022-26845 + RESERVED +CVE-2022-26841 + RESERVED +CVE-2022-26837 + RESERVED +CVE-2022-26833 + RESERVED +CVE-2022-26515 + RESERVED +CVE-2022-26513 + RESERVED +CVE-2022-26509 + RESERVED +CVE-2022-26508 + RESERVED +CVE-2022-26376 + RESERVED +CVE-2022-26369 + RESERVED +CVE-2022-26367 + RESERVED +CVE-2022-26341 + RESERVED +CVE-2022-26079 + RESERVED +CVE-2022-26047 + RESERVED +CVE-2022-26045 + RESERVED +CVE-2022-25868 + RESERVED +CVE-2022-1284 (heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...) + TODO: check +CVE-2022-1283 (NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHu ...) + TODO: check +CVE-2022-1282 + RESERVED +CVE-2022-1281 + RESERVED +CVE-2022-1280 + RESERVED +CVE-2022-1279 + RESERVED +CVE-2022-1278 + RESERVED +CVE-2022-1277 + RESERVED +CVE-2022-1276 + RESERVED +CVE-2022-1275 + RESERVED +CVE-2022-1274 + RESERVED +CVE-2022-1273 + RESERVED +CVE-2022-1272 + RESERVED +CVE-2022-1270 + RESERVED +CVE-2022-1269 + RESERVED +CVE-2022-1268 + RESERVED +CVE-2022-1267 + RESERVED +CVE-2022-1266 + RESERVED +CVE-2022-1265 + RESERVED +CVE-2022-1264 + RESERVED +CVE-2022-1262 + RESERVED +CVE-2022-1261 + RESERVED +CVE-2022-1260 + RESERVED +CVE-2022-1259 + RESERVED +CVE-2022-1258 + RESERVED +CVE-2022-1257 + RESERVED +CVE-2022-1256 + RESERVED +CVE-2022-1255 + RESERVED +CVE-2022-1254 + RESERVED +CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository strukturag/libde265 pr ...) + TODO: check +CVE-2022-1252 + RESERVED +CVE-2022-1251 + RESERVED +CVE-2022-1250 + RESERVED +CVE-2022-1248 (A vulnerability was found in SAP Information System 1.0 which has been ...) + TODO: check +CVE-2022-1247 + RESERVED +CVE-2022-1246 + RESERVED +CVE-2022-1245 + RESERVED +CVE-2022-1244 (heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5 ...) + TODO: check +CVE-2022-1243 (CRHTLF can lead to invalid protocol extraction potentially leading to ...) + TODO: check +CVE-2022-1242 + RESERVED +CVE-2022-1241 + RESERVED +CVE-2022-28796 (jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel ...) - linux <not-affected> (Vulnerable code not present) NOTE: https:/git.kernel.org/linus/cc16eecae687912238ee6efbff71ad31e2bc414e (5.18-rc1) CVE-2022-28663 @@ -8,6 +478,7 @@ CVE-2022-28662 CVE-2022-28661 RESERVED CVE-2022-1271 + RESERVED - xz-utils <unfixed> (bug #1009167) - gzip <unfixed> (bug #1009168) NOTE: https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch @@ -22,22 +493,24 @@ CVE-2022-1271 NOTE: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=9d3248751178939713a39115cf68ec8a11506cc9 (v1.12) NOTE: https://www.openwall.com/lists/oss-security/2022/04/07/8 CVE-2022-1263 + RESERVED - linux <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2022/04/07/1 NOTE: https://www.spinics.net/lists/kvm/msg273052.html CVE-2022-1249 [NULL pointer dereference in cms_set_pw_data()] + RESERVED - pesign <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/rhboot/pesign/pull/79 NOTE: Introduced by: https://github.com/rhboot/pesign/commit/12f16710ee44ef64ddb044a3523c3c4c4d90039a (114) NOTE: Fixed by: https://github.com/rhboot/pesign/commit/b879dda52f8122de697d145977c285fb0a022d76 (115) -CVE-2022-1240 - RESERVED +CVE-2022-1240 (Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub reposi ...) + TODO: check CVE-2022-1239 RESERVED -CVE-2022-1238 - RESERVED -CVE-2022-1237 - RESERVED +CVE-2022-1238 (Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub reposi ...) + TODO: check +CVE-2022-1237 (Improper Validation of Array Index in GitHub repository radareorg/rada ...) + TODO: check CVE-2022-1236 (Weak Password Requirements in GitHub repository weseek/growi prior to ...) NOT-FOR-US: GROWI CVE-2022-28660 @@ -60,8 +533,8 @@ CVE-2022-28652 RESERVED CVE-2022-1235 (Weak secrethash can be brute-forced in GitHub repository livehelpercha ...) NOT-FOR-US: livehelperchat -CVE-2022-1234 - RESERVED +CVE-2022-1234 (XSS in livehelperchat in GitHub repository livehelperchat/livehelperch ...) + TODO: check CVE-2022-1233 (URL Confusion When Scheme Not Supplied in GitHub repository medialize/ ...) TODO: check CVE-2022-1232 @@ -70,14 +543,14 @@ CVE-2022-1232 - chromium 100.0.4896.75-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-28651 - RESERVED -CVE-2022-28650 - RESERVED -CVE-2022-28649 - RESERVED -CVE-2022-28648 - RESERVED +CVE-2022-28651 (In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get pass ...) + TODO: check +CVE-2022-28650 (In JetBrains YouTrack before 2022.1.43700 it was possible to inject Ja ...) + TODO: check +CVE-2022-28649 (In JetBrains YouTrack before 2022.1.43563 it was possible to include a ...) + TODO: check +CVE-2022-28648 (In JetBrains YouTrack before 2022.1.43563 HTML code from the issue des ...) + TODO: check CVE-2022-28647 RESERVED CVE-2022-28646 @@ -182,8 +655,8 @@ CVE-2022-1221 RESERVED CVE-2022-1220 RESERVED -CVE-2022-1219 - RESERVED +CVE-2022-1219 (SQL injection in RecyclebinController.php in GitHub repository pimcore ...) + TODO: check CVE-2022-1218 RESERVED CVE-2022-1217 @@ -476,10 +949,10 @@ CVE-2022-28470 RESERVED CVE-2022-28469 RESERVED -CVE-2022-28468 - RESERVED -CVE-2022-28467 - RESERVED +CVE-2022-28468 (Payroll Management System v1.0 was discovered to contain a SQL injecti ...) + TODO: check +CVE-2022-28467 (Online Student Admission v1.0 was discovered to contain a SQL injectio ...) + TODO: check CVE-2022-28466 RESERVED CVE-2022-28465 @@ -1247,8 +1720,8 @@ CVE-2022-1165 (The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses hea NOT-FOR-US: WordPress plugin CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in the bu ...) NOT-FOR-US: Wordpress theme -CVE-2022-28219 - RESERVED +CVE-2022-28219 (Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthe ...) + TODO: check CVE-2022-28218 RESERVED CVE-2022-28217 @@ -1692,10 +2165,10 @@ CVE-2022-28118 RESERVED CVE-2022-28117 RESERVED -CVE-2022-28116 - RESERVED -CVE-2022-28115 - RESERVED +CVE-2022-28116 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) + TODO: check +CVE-2022-28115 (Online Sports Complex Booking v1.0 was discovered to contain a SQL inj ...) + TODO: check CVE-2022-28114 RESERVED CVE-2022-28113 @@ -1920,12 +2393,12 @@ CVE-2022-28004 RESERVED CVE-2022-28003 RESERVED -CVE-2022-28002 - RESERVED -CVE-2022-28001 - RESERVED -CVE-2022-28000 - RESERVED +CVE-2022-28002 (Movie Seat Reservation v1 was discovered to contain an unauthenticated ...) + TODO: check +CVE-2022-28001 (Movie Seat Reservation v1 was discovered to contain a SQL injection vu ...) + TODO: check +CVE-2022-28000 (Car Rental System v1.0 was discovered to contain a SQL injection vulne ...) + TODO: check CVE-2022-27999 RESERVED CVE-2022-27998 @@ -1940,10 +2413,10 @@ CVE-2022-27994 RESERVED CVE-2022-27993 RESERVED -CVE-2022-27992 - RESERVED -CVE-2022-27991 - RESERVED +CVE-2022-27992 (Zoo Management System v1.0 was discovered to contain a SQL injection v ...) + TODO: check +CVE-2022-27991 (Online Banking System in PHP v1 was discovered to contain multiple SQL ...) + TODO: check CVE-2022-27990 RESERVED CVE-2022-27989 @@ -2440,10 +2913,10 @@ CVE-2022-27821 RESERVED CVE-2022-27820 (OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the T ...) - zaproxy <itp> (bug #897142) -CVE-2022-27819 - RESERVED -CVE-2022-27818 - RESERVED +CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via the -c option. An information le ...) + TODO: check +CVE-2022-27818 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be a ...) + TODO: check CVE-2022-27817 RESERVED CVE-2022-27816 (SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be da ...) @@ -3233,10 +3706,10 @@ CVE-2022-27465 RESERVED CVE-2022-27464 RESERVED -CVE-2022-27463 - RESERVED -CVE-2022-27462 - RESERVED +CVE-2022-27463 (Open redirect vulnerability in objects/login.json.php in WWBN AVideo t ...) + TODO: check +CVE-2022-27462 (Cross Site Scripting (XSS) vulnerability in objects/function.php in fu ...) + TODO: check CVE-2022-27461 RESERVED CVE-2022-27460 @@ -3445,8 +3918,8 @@ CVE-2022-27359 RESERVED CVE-2022-27358 RESERVED -CVE-2022-27357 - RESERVED +CVE-2022-27357 (Ecommerce-Website v1 was discovered to contain an arbitrary file uploa ...) + TODO: check CVE-2022-27356 RESERVED CVE-2022-27355 @@ -3455,20 +3928,20 @@ CVE-2022-27354 RESERVED CVE-2022-27353 RESERVED -CVE-2022-27352 - RESERVED -CVE-2022-27351 - RESERVED +CVE-2022-27352 (Simple House Rental System v1 was discovered to contain an arbitrary f ...) + TODO: check +CVE-2022-27351 (Zoo Management System v1.0 was discovered to contain an arbitrary file ...) + TODO: check CVE-2022-27350 RESERVED -CVE-2022-27349 - RESERVED -CVE-2022-27348 - RESERVED +CVE-2022-27349 (Social Codia SMS v1 was discovered to contain an arbitrary file upload ...) + TODO: check +CVE-2022-27348 (Social Codia SMS v1 was discovered to contain a stored cross-site scri ...) + TODO: check CVE-2022-27347 RESERVED -CVE-2022-27346 - RESERVED +CVE-2022-27346 (Ecommece-Website v1.1.0 was discovered to contain an arbitrary file up ...) + TODO: check CVE-2022-27345 RESERVED CVE-2022-27344 @@ -3551,8 +4024,8 @@ CVE-2022-27306 REJECTED CVE-2022-27305 RESERVED -CVE-2022-27304 - RESERVED +CVE-2022-27304 (Student Grading System v1.0 was discovered to contain a SQL injection ...) + TODO: check CVE-2022-27303 RESERVED CVE-2022-27302 @@ -4206,22 +4679,22 @@ CVE-2022-27154 RESERVED CVE-2022-27153 RESERVED -CVE-2022-27152 - RESERVED +CVE-2022-27152 (Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a R ...) + TODO: check CVE-2022-27151 RESERVED CVE-2022-27150 RESERVED CVE-2022-27149 RESERVED -CVE-2022-27148 - RESERVED -CVE-2022-27147 - RESERVED -CVE-2022-27146 - RESERVED -CVE-2022-27145 - RESERVED +CVE-2022-27148 (GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integ ...) + TODO: check +CVE-2022-27147 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free v ...) + TODO: check +CVE-2022-27146 (GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vu ...) + TODO: check +CVE-2022-27145 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow v ...) + TODO: check CVE-2022-27144 RESERVED CVE-2022-27143 @@ -4262,10 +4735,10 @@ CVE-2022-27126 RESERVED CVE-2022-27125 RESERVED -CVE-2022-27124 - RESERVED -CVE-2022-27123 - RESERVED +CVE-2022-27124 (Insurance Management System 1.0 was discovered to contain a SQL inject ...) + TODO: check +CVE-2022-27123 (Employee Performance Evaluation v1.0 was discovered to contain a SQL i ...) + TODO: check CVE-2022-27122 RESERVED CVE-2022-27121 @@ -4290,14 +4763,14 @@ CVE-2022-27112 RESERVED CVE-2022-27111 RESERVED -CVE-2022-27110 - RESERVED -CVE-2022-27109 - RESERVED -CVE-2022-27108 - RESERVED -CVE-2022-27107 - RESERVED +CVE-2022-27110 (OrangeHRM 4.10 is vulnerable to a Host header injection redirect via v ...) + TODO: check +CVE-2022-27109 (OrangeHRM 4.10 suffers from a Referer header injection redirect vulner ...) + TODO: check +CVE-2022-27108 (OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR ...) + TODO: check +CVE-2022-27107 (OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" sectio ...) + TODO: check CVE-2022-27106 RESERVED CVE-2022-27105 @@ -4382,14 +4855,14 @@ CVE-2022-27066 RESERVED CVE-2022-27065 RESERVED -CVE-2022-27064 - RESERVED -CVE-2022-27063 - RESERVED -CVE-2022-27062 - RESERVED -CVE-2022-27061 - RESERVED +CVE-2022-27064 (Musical World v1 was discovered to contain an arbitrary file upload vu ...) + TODO: check +CVE-2022-27063 (AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting ...) + TODO: check +CVE-2022-27062 (AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting ...) + TODO: check +CVE-2022-27061 (AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vuln ...) + TODO: check CVE-2022-27060 RESERVED CVE-2022-27059 @@ -4416,14 +4889,14 @@ CVE-2022-27049 (Raidrive before v2021.12.35 allows attackers to arbitrarily move NOT-FOR-US: Raidrive CVE-2022-27048 RESERVED -CVE-2022-27047 - RESERVED -CVE-2022-27046 - RESERVED +CVE-2022-27047 (mogu_blog_cms 5.2 suffers from upload arbitrary files without any limi ...) + TODO: check +CVE-2022-27046 (libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in ...) + TODO: check CVE-2022-27045 RESERVED -CVE-2022-27044 - RESERVED +CVE-2022-27044 (libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c: ...) + TODO: check CVE-2022-27043 RESERVED CVE-2022-27042 @@ -4466,8 +4939,8 @@ CVE-2022-27024 RESERVED CVE-2022-27023 RESERVED -CVE-2022-27022 - RESERVED +CVE-2022-27022 (There is a stack overflow vulnerability in the SetSysTimeCfg() functio ...) + TODO: check CVE-2022-27021 RESERVED CVE-2022-27020 @@ -4478,8 +4951,8 @@ CVE-2022-27018 RESERVED CVE-2022-27017 RESERVED -CVE-2022-27016 - RESERVED +CVE-2022-27016 (There is a stack overflow vulnerability in the SetStaticRouteCfg() fun ...) + TODO: check CVE-2022-27015 RESERVED CVE-2022-27014 @@ -4538,16 +5011,16 @@ CVE-2022-26988 RESERVED CVE-2022-26987 RESERVED -CVE-2022-26986 - RESERVED +CVE-2022-26986 (SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers ...) + TODO: check CVE-2022-26985 RESERVED CVE-2022-26984 RESERVED CVE-2022-26983 RESERVED -CVE-2022-26982 - RESERVED +CVE-2022-26982 (SimpleMachinesForum 2.1.1 and earlier allows remote authenticated admi ...) + TODO: check CVE-2022-0947 RESERVED CVE-2022-0946 (Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc ...) @@ -4645,10 +5118,10 @@ CVE-2022-0937 (Stored xss in showdoc through file upload in GitHub repository st NOT-FOR-US: ShowDoc CVE-2022-26954 RESERVED -CVE-2022-26953 - RESERVED -CVE-2022-26952 - RESERVED +CVE-2022-26953 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflo ...) + TODO: check +CVE-2022-26952 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflo ...) + TODO: check CVE-2022-26951 (Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerabil ...) NOT-FOR-US: Archer CVE-2022-26950 (Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vu ...) @@ -4729,16 +5202,16 @@ CVE-2022-26914 RESERVED CVE-2022-26913 RESERVED -CVE-2022-26912 - RESERVED +CVE-2022-26912 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + TODO: check CVE-2022-26911 RESERVED CVE-2022-26910 RESERVED -CVE-2022-26909 - RESERVED -CVE-2022-26908 - RESERVED +CVE-2022-26909 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + TODO: check +CVE-2022-26908 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + TODO: check CVE-2022-26907 RESERVED CVE-2022-26906 @@ -4753,8 +5226,8 @@ CVE-2022-26902 RESERVED CVE-2022-26901 RESERVED -CVE-2022-26900 - RESERVED +CVE-2022-26900 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + TODO: check CVE-2022-26899 RESERVED CVE-2022-26898 @@ -4763,24 +5236,24 @@ CVE-2022-26897 RESERVED CVE-2022-26896 RESERVED -CVE-2022-26895 - RESERVED -CVE-2022-26894 - RESERVED +CVE-2022-26895 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + TODO: check +CVE-2022-26894 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + TODO: check CVE-2022-26893 RESERVED CVE-2022-26892 RESERVED -CVE-2022-26891 - RESERVED +CVE-2022-26891 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + TODO: check CVE-2022-26061 RESERVED CVE-2022-25972 RESERVED CVE-2022-25942 RESERVED -CVE-2022-0935 - RESERVED +CVE-2022-0935 (Host Header injection in password Reset in GitHub repository livehelpe ...) + TODO: check CVE-2022-26886 RESERVED CVE-2022-26885 @@ -4890,8 +5363,7 @@ CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow excep CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to conduct spoof ...) - node-swagger-ui <itp> (bug #871461) - swagger-ui <itp> (bug #895422) -CVE-2022-26850 - RESERVED +CVE-2022-26850 (When creating or updating credentials for single-user access, Apache N ...) NOT-FOR-US: Apache NiFi CVE-2022-0923 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics @@ -5370,20 +5842,20 @@ CVE-2022-26846 (SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authentica - spip 4.0.5-1 NOTE: https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html -CVE-2022-26676 - RESERVED -CVE-2022-26675 - RESERVED +CVE-2022-26676 (aEnrich a+HRD has inadequate privilege restrictions, an unauthenticate ...) + TODO: check +CVE-2022-26675 (aEnrich a+HRD has inadequate filtering for special characters in URLs. ...) + TODO: check CVE-2022-26674 RESERVED CVE-2022-26673 RESERVED CVE-2022-26672 RESERVED -CVE-2022-26671 - RESERVED -CVE-2022-26670 - RESERVED +CVE-2022-26671 (Taiwan Secom Dr.ID Access Control system’s login page has a hard ...) + TODO: check +CVE-2022-26670 (D-Link DIR-878 has inadequate filtering for special characters in the ...) + TODO: check CVE-2022-26669 RESERVED CVE-2022-26668 @@ -5460,8 +5932,8 @@ CVE-2022-26637 RESERVED CVE-2022-26636 RESERVED -CVE-2022-26635 - RESERVED +CVE-2022-26635 (PHP-Memcached v2.2.0 and below contains an improper NULL termination w ...) + TODO: check CVE-2022-26634 RESERVED CVE-2022-26633 @@ -5470,20 +5942,20 @@ CVE-2022-26632 RESERVED CVE-2022-26631 RESERVED -CVE-2022-26630 - RESERVED +CVE-2022-26630 (Jellycms v3.8.1 and below was discovered to contain an arbitrary file ...) + TODO: check CVE-2022-26629 (An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.3 ...) NOT-FOR-US: SoroushPlus+ Messenger -CVE-2022-26628 - RESERVED -CVE-2022-26627 - RESERVED +CVE-2022-26628 (Matrimony v1.0 was discovered to contain a SQL injection vulnerability ...) + TODO: check +CVE-2022-26627 (Online Project Time Management System v1.0 was discovered to contain a ...) + TODO: check CVE-2022-26626 RESERVED CVE-2022-26625 RESERVED -CVE-2022-26624 - RESERVED +CVE-2022-26624 (Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site sc ...) + TODO: check CVE-2022-26623 RESERVED CVE-2022-26622 @@ -5504,10 +5976,9 @@ CVE-2022-26615 (A cross-site scripting (XSS) vulnerability in College Website Co NOT-FOR-US: SourceCodester Simple College Website CVE-2022-26614 RESERVED -CVE-2022-26613 - RESERVED -CVE-2022-26612 - RESERVED +CVE-2022-26613 (PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability v ...) + TODO: check +CVE-2022-26612 (In Apache Hadoop, The unTar function uses unTarUsingJava function on W ...) - hadoop <itp> (bug #793644) CVE-2022-26611 RESERVED @@ -5517,12 +5988,12 @@ CVE-2022-26609 RESERVED CVE-2022-26608 RESERVED -CVE-2022-26607 - RESERVED +CVE-2022-26607 (A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 ...) + TODO: check CVE-2022-26606 RESERVED -CVE-2022-26605 - RESERVED +CVE-2022-26605 (eZiosuite v2.0.7 contains an authenticated arbitrary file upload via t ...) + TODO: check CVE-2022-26604 RESERVED CVE-2022-26603 @@ -5549,8 +6020,8 @@ CVE-2022-26593 RESERVED CVE-2022-26592 RESERVED -CVE-2022-26591 - RESERVED +CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attac ...) + TODO: check CVE-2022-26590 RESERVED CVE-2022-26589 @@ -5736,7 +6207,8 @@ CVE-2022-26504 (Improper authentication in Veeam Backup & Replication 9.5U3, NOT-FOR-US: Veeam CVE-2022-26503 (Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, ...) NOT-FOR-US: Veeam -CVE-2022-26502 (**REJECT** Veeam Backup & Replication 10.x and 11.x has an Untrust ...) +CVE-2022-26502 + REJECTED NOT-FOR-US: Veeam CVE-2022-26501 (Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4 ...) NOT-FOR-US: Veeam @@ -6171,38 +6643,32 @@ CVE-2022-26363 RESERVED CVE-2022-26362 RESERVED -CVE-2022-26361 - RESERVED +CVE-2022-26361 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...) - xen <unfixed> [buster] - xen <end-of-life> (DSA 4677-1) [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-400.html -CVE-2022-26360 - RESERVED +CVE-2022-26360 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...) - xen <unfixed> [buster] - xen <end-of-life> (DSA 4677-1) [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-400.html -CVE-2022-26359 - RESERVED +CVE-2022-26359 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...) - xen <unfixed> [buster] - xen <end-of-life> (DSA 4677-1) [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-400.html -CVE-2022-26358 - RESERVED +CVE-2022-26358 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...) - xen <unfixed> [buster] - xen <end-of-life> (DSA 4677-1) [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-400.html -CVE-2022-26357 - RESERVED +CVE-2022-26357 (race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. ...) - xen <unfixed> [buster] - xen <end-of-life> (DSA 4677-1) [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-399.html -CVE-2022-26356 - RESERVED +CVE-2022-26356 (Racy interactions between dirty vram tracking and paging log dirty hyp ...) [buster] - xen <end-of-life> (DSA 4677-1) [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-397.html @@ -6504,10 +6970,10 @@ CVE-2022-26253 RESERVED CVE-2022-26252 (aaPanel v6.8.21 was discovered to be vulnerable to directory traversal ...) NOT-FOR-US: aaPanel -CVE-2022-26251 - RESERVED -CVE-2022-26250 - RESERVED +CVE-2022-26251 (The HTTP interface of Synaman v5.1 and below was discovered to allow a ...) + TODO: check +CVE-2022-26250 (Synaman v5.1 and below was discovered to contain weak file permissions ...) + TODO: check CVE-2022-26249 (Survey King v0.3.0 does not filter data properly when exporting excel ...) NOT-FOR-US: Survey King CVE-2022-26248 @@ -7004,8 +7470,7 @@ CVE-2021-4224 RESERVED CVE-2022-26111 RESERVED -CVE-2022-26110 [HTCONDOR-2022-0003] - RESERVED +CVE-2022-26110 (An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before ...) - condor <unfixed> (bug #1008634) NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0003 NOTE: https://github.com/htcondor/htcondor/commit/1cae7601d796725e7f5dd73fedf37f6fbbe379ca (V8_8_16) @@ -8248,14 +8713,14 @@ CVE-2022-0700 (The Simple Tracking WordPress plugin before 1.7 does not sanitise NOT-FOR-US: WordPress plugin CVE-2022-0699 RESERVED -CVE-2022-25597 - RESERVED -CVE-2022-25596 - RESERVED -CVE-2022-25595 - RESERVED -CVE-2022-25594 - RESERVED +CVE-2022-25597 (ASUS RT-AC86U’s LPD service has insufficient filtering for speci ...) + TODO: check +CVE-2022-25596 (ASUS RT-AC56U’s configuration function has a heap-based buffer o ...) + TODO: check +CVE-2022-25595 (ASUS RT-AC86U has improper user request handling, which allows an unau ...) + TODO: check +CVE-2022-25594 (Microprogram’s parking lot management system is vulnerable to se ...) + TODO: check CVE-2022-25593 RESERVED CVE-2022-25592 @@ -8714,8 +9179,8 @@ CVE-2022-25375 (An issue was discovered in drivers/usb/gadget/function/rndis.c i NOTE: https://git.kernel.org/linus/38ea1eac7d88072bbffb630e2b3db83ca649b826 (5.17-rc4) CVE-2022-25374 (HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Infor ...) NOT-FOR-US: HashiCorp Terraform Enterprise -CVE-2022-25373 - RESERVED +CVE-2022-25373 (Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in ...) + TODO: check CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local privilege e ...) NOT-FOR-US: Pritunl Client CVE-2022-0698 @@ -8821,10 +9286,10 @@ CVE-2022-25341 RESERVED CVE-2022-25340 RESERVED -CVE-2022-25339 - RESERVED -CVE-2022-25338 - RESERVED +CVE-2022-25339 (ownCloud owncloud/android 2.20 has Incorrect Access Control for local ...) + TODO: check +CVE-2022-25338 (ownCloud owncloud/android before 2.20 has Incorrect Access Control for ...) + TODO: check CVE-2022-24914 RESERVED CVE-2022-24436 @@ -8904,8 +9369,8 @@ CVE-2022-0679 (The Narnoo Distributor WordPress plugin through 2.5.1 fails to va NOT-FOR-US: WordPress plugin CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) NOT-FOR-US: microweber -CVE-2022-0677 - RESERVED +CVE-2022-0677 (Improper Handling of Length Parameter Inconsistency vulnerability in t ...) + TODO: check CVE-2021-4221 RESERVED CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...) @@ -9267,8 +9732,8 @@ CVE-2022-25271 (Drupal core's form API has a vulnerability where certain contrib - drupal7 <removed> NOTE: https://www.drupal.org/sa-core-2022-003 NOTE: https://git.drupalcode.org/project/drupal/-/commit/43c757167380643b5f73287a63a8739731a5b712 -CVE-2022-25245 - RESERVED +CVE-2022-25245 (Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know ...) + TODO: check CVE-2022-25244 (Vault Enterprise clusters using the tokenization transform feature can ...) NOT-FOR-US: HashiCorp Vault CVE-2022-25243 ("Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the ...) @@ -9572,8 +10037,8 @@ CVE-2022-0603 (Use after free in File Manager in Google Chrome on Chrome OS prio [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html -CVE-2022-0602 - RESERVED +CVE-2022-0602 (Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tas ...) + TODO: check CVE-2022-0601 (The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 ...) NOT-FOR-US: WordPress plugin CVE-2022-0600 (The Conference Scheduler WordPress plugin before 2.4.3 does not saniti ...) @@ -10020,8 +10485,8 @@ CVE-2022-24980 (An issue was discovered in the Kitodo.Presentation (aka dif) ext NOT-FOR-US: TYPO3 extension CVE-2022-24979 (An issue was discovered in the Varnishcache extension before 2.0.1 for ...) NOT-FOR-US: TYPO3 extension -CVE-2022-24978 - RESERVED +CVE-2022-24978 (Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privil ...) + TODO: check CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...) NOT-FOR-US: ImpressCMS CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...) @@ -10405,10 +10870,10 @@ CVE-2022-24824 RESERVED CVE-2022-24823 RESERVED -CVE-2022-24822 - RESERVED -CVE-2022-24821 - RESERVED +CVE-2022-24822 (Podium is a library for building micro frontends. @podium/layout is a ...) + TODO: check +CVE-2022-24821 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check CVE-2022-24820 RESERVED CVE-2022-24819 @@ -10427,8 +10892,8 @@ CVE-2022-24813 (CreateWiki is Miraheze's MediaWiki extension for requesting & NOT-FOR-US: Miraheze CreateWiki CVE-2022-24812 RESERVED -CVE-2022-24811 - RESERVED +CVE-2022-24811 (Combodi iTop is a web based IT Service Management tool. Prior to versi ...) + TODO: check CVE-2022-24810 RESERVED CVE-2022-24809 @@ -10466,12 +10931,12 @@ CVE-2022-24797 (Pomerium is an identity-aware access proxy. In distributed servi NOT-FOR-US: Pomerium CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for running ...) NOT-FOR-US: RaspberryMatic -CVE-2022-24795 - RESERVED +CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation libra ...) + TODO: check CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing sign o ...) NOT-FOR-US: Express OpenID Connect -CVE-2022-24793 - RESERVED +CVE-2022-24793 (PJSIP is a free and open source multimedia communication library writt ...) + TODO: check CVE-2022-24792 RESERVED CVE-2022-24791 (Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cran ...) @@ -10487,8 +10952,8 @@ CVE-2022-24788 RESERVED CVE-2022-24787 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) NOT-FOR-US: Vyper -CVE-2022-24786 - RESERVED +CVE-2022-24786 (PJSIP is a free and open source multimedia communication library writt ...) + TODO: check CVE-2022-24785 (Moment.js is a JavaScript date library for parsing, validating, manipu ...) - node-moment <unfixed> NOTE: https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4 @@ -10501,8 +10966,8 @@ CVE-2022-24782 (Discourse is an open source discussion platform. Versions 2.8.2 NOT-FOR-US: Discourse CVE-2022-24781 (Geon is a board game based on solving questions about the Pythagorean ...) NOT-FOR-US: Geon -CVE-2022-24780 - RESERVED +CVE-2022-24780 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) + TODO: check CVE-2022-24779 RESERVED CVE-2022-24778 (The imgcrypt library provides API exensions for containerd to support ...) @@ -10855,8 +11320,8 @@ CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.1 NOTE: https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560 CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...) NOT-FOR-US: Zimbra -CVE-2022-24681 - RESERVED +CVE-2022-24681 (Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the we ...) + TODO: check CVE-2022-24680 (A security link following local privilege escalation vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2022-24679 (A security link following local privilege escalation vulnerability in ...) @@ -11335,8 +11800,8 @@ CVE-2022-24525 (Windows Update Stack Elevation of Privilege Vulnerability. ...) NOT-FOR-US: Microsoft CVE-2022-24524 RESERVED -CVE-2022-24523 - RESERVED +CVE-2022-24523 (Microsoft Edge (Chromium-based) Spoofing Vulnerability. ...) + TODO: check CVE-2022-24522 (Skype Extension for Chrome Information Disclosure Vulnerability. ...) NOT-FOR-US: Skype Extension for Chrome CVE-2022-24521 @@ -11431,8 +11896,8 @@ CVE-2022-24477 RESERVED CVE-2022-24476 RESERVED -CVE-2022-24475 - RESERVED +CVE-2022-24475 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + TODO: check CVE-2022-24474 RESERVED CVE-2022-24473 @@ -12351,8 +12816,8 @@ CVE-2022-24231 (Simple Student Information System v1.0 was discovered to contain TODO: check CVE-2022-24230 RESERVED -CVE-2022-24229 - RESERVED +CVE-2022-24229 (A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Serv ...) + TODO: check CVE-2022-24228 RESERVED CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows at ...) @@ -13281,8 +13746,8 @@ CVE-2022-23976 RESERVED CVE-2022-23975 RESERVED -CVE-2022-23974 - RESERVED +CVE-2022-23974 (In 0.9.3 or older versions of Apache Pinot segment upload path allowed ...) + TODO: check CVE-2022-23103 RESERVED CVE-2022-0383 (The WP Review Slider WordPress plugin before 11.0 does not sanitise an ...) @@ -13319,14 +13784,14 @@ CVE-2018-25029 (The Z-Wave specification requires that S2 security can be downgr NOT-FOR-US: Z-Wave specification CVE-2013-20003 (Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (usin ...) NOT-FOR-US: Z-Wave devices -CVE-2022-23973 - RESERVED -CVE-2022-23972 - RESERVED -CVE-2022-23971 - RESERVED -CVE-2022-23970 - RESERVED +CVE-2022-23973 (ASUS RT-AX56U’s user profile configuration function is vulnerabl ...) + TODO: check +CVE-2022-23972 (ASUS RT-AX56U’s SQL handling function has an SQL injection vulne ...) + TODO: check +CVE-2022-23971 (ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulner ...) + TODO: check +CVE-2022-23970 (ASUS RT-AX56U’s update_json function has a path traversal vulner ...) + TODO: check CVE-2022-23969 RESERVED CVE-2022-23968 (Xerox VersaLink devices on specific versions of firmware before 2022-0 ...) @@ -13582,8 +14047,8 @@ CVE-2022-23901 (A stack overflow re2c 2.2 exists due to infinite recursion issue NOTE: https://github.com/skvadrik/re2c/commit/a3473fd7be829cb33907cb08612f955133c70a96 (3.0) NOTE: https://github.com/skvadrik/re2c/commit/039c18949190c5de5397eba504d2c75dad2ea9ca (3.0) NOTE: Crash im CLI tool, no security impact -CVE-2022-23900 - RESERVED +CVE-2022-23900 (A command injection vulnerability in the API of the Wavlink WL-WN531P3 ...) + TODO: check CVE-2022-23899 (MCMS v5.2.5 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: MCMS CVE-2022-23898 (MCMS v5.2.5 was discovered to contain a SQL injection vulnerability vi ...) @@ -13924,10 +14389,10 @@ CVE-2021-46439 REJECTED CVE-2021-46438 RESERVED -CVE-2021-46437 - RESERVED -CVE-2021-46436 - RESERVED +CVE-2021-46437 (An issue was discovered in ZZCMS 2021. There is a cross-site scripting ...) + TODO: check +CVE-2021-46436 (An issue was discovered in ZZCMS 2021. There is a SQL injection vulner ...) + TODO: check CVE-2021-46435 RESERVED CVE-2021-46434 (** UNSUPPORTED WHEN ASSIGNED ** EMQ X Dashboard V3.0.0 is affected by ...) @@ -13960,14 +14425,14 @@ CVE-2021-46421 RESERVED CVE-2021-46420 RESERVED -CVE-2021-46419 - RESERVED -CVE-2021-46418 - RESERVED -CVE-2021-46417 - RESERVED -CVE-2021-46416 - RESERVED +CVE-2021-46419 (An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 ...) + TODO: check +CVE-2021-46418 (An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 ...) + TODO: check +CVE-2021-46417 (Insecure handling of a download function leads to disclosure of intern ...) + TODO: check +CVE-2021-46416 (Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware versio ...) + TODO: check CVE-2021-46415 RESERVED CVE-2021-46414 @@ -15098,8 +15563,8 @@ CVE-2022-23448 RESERVED CVE-2022-23447 RESERVED -CVE-2022-23446 - RESERVED +CVE-2022-23446 (A improper control of a resource through its lifetime in Fortinet Fort ...) + TODO: check CVE-2022-23445 RESERVED CVE-2022-23444 @@ -15108,10 +15573,10 @@ CVE-2022-23443 RESERVED CVE-2022-23442 RESERVED -CVE-2022-23441 - RESERVED -CVE-2022-23440 - RESERVED +CVE-2022-23441 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...) + TODO: check +CVE-2022-23440 (A use of hard-coded cryptographic key vulnerability [CWE-321] in the r ...) + TODO: check CVE-2022-23439 RESERVED CVE-2022-23438 @@ -15615,8 +16080,8 @@ CVE-2021-46369 RESERVED CVE-2021-46368 (TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path s ...) NOT-FOR-US: TRIGONE Remote System Monitor -CVE-2021-46367 - RESERVED +CVE-2021-46367 (RiteCMS version 3.1.0 and below suffers from a remote code execution v ...) + TODO: check CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...) NOT-FOR-US: Magnolia CMS CVE-2021-46365 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...) @@ -15798,6 +16263,7 @@ CVE-2022-23310 CVE-2022-23309 RESERVED CVE-2022-23308 (valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF ...) + {DLA-2972-1} - libxml2 2.9.13+dfsg-1 (bug #1006489) [bullseye] - libxml2 2.9.10+dfsg-6.7+deb11u1 [buster] - libxml2 2.9.4+dfsg1-7+deb10u3 @@ -18355,6 +18821,7 @@ CVE-2022-22638 (A null pointer dereference was addressed with improved validatio NOT-FOR-US: Apple CVE-2022-22637 [A logic issue was addressed with improved state management] RESERVED + {DSA-5061-1 DSA-5060-1} - webkit2gtk 2.34.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.34.4-1 @@ -18375,12 +18842,14 @@ CVE-2022-22630 RESERVED CVE-2022-22629 [A buffer overflow issue was addressed with improved memory handling] RESERVED + {DSA-5116-1 DSA-5115-1} - webkit2gtk 2.36.0-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.36.0-2 NOTE: https://webkitgtk.org/security/WSA-2022-0004.html CVE-2022-22628 [A use after free issue was addressed with improved memory management] RESERVED + {DSA-5116-1 DSA-5115-1} - webkit2gtk 2.36.0-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.36.0-2 @@ -18393,11 +18862,13 @@ CVE-2022-22625 (An out-of-bounds read was addressed with improved input validati NOT-FOR-US: Apple CVE-2022-22624 [A use after free issue was addressed with improved memory management] RESERVED + {DSA-5116-1 DSA-5115-1} - webkit2gtk 2.36.0-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.36.0-2 NOTE: https://webkitgtk.org/security/WSA-2022-0004.html -CVE-2022-22623 (Multiple issues were addressed by updating to curl version 7.79.1. Thi ...) +CVE-2022-22623 + REJECTED NOT-FOR-US: Apple CVE-2022-22622 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple @@ -18799,20 +19270,20 @@ CVE-2022-22521 RESERVED CVE-2022-22520 RESERVED -CVE-2022-22519 - RESERVED -CVE-2022-22518 - RESERVED -CVE-2022-22517 - RESERVED -CVE-2022-22516 - RESERVED -CVE-2022-22515 - RESERVED -CVE-2022-22514 - RESERVED -CVE-2022-22513 - RESERVED +CVE-2022-22519 (A remote, authenticated attacker can send a specific crafted HTTP or H ...) + TODO: check +CVE-2022-22518 (A bug in CmpUserMgr component can lead to only partially applied secur ...) + TODO: check +CVE-2022-22517 (An unauthenticated, remote attacker can disrupt existing communication ...) + TODO: check +CVE-2022-22516 (The SysDrv3S driver in the CODESYS Control runtime system on Microsoft ...) + TODO: check +CVE-2022-22515 (A remote, unauthenticated attacker could utilize the control programme ...) + TODO: check +CVE-2022-22514 (An authenticated, remote attacker can gain access to a dereferenced po ...) + TODO: check +CVE-2022-22513 (An authenticated remote attacker can cause a null pointer dereference ...) + TODO: check CVE-2022-22512 RESERVED CVE-2022-22511 (Various configuration pages of the device are vulnerable to reflected ...) @@ -19017,8 +19488,8 @@ CVE-2022-22412 RESERVED CVE-2022-22411 RESERVED -CVE-2022-22410 - RESERVED +CVE-2022-22410 (IBM Watson Query with Cloud Pak for Data as a Service could allow an a ...) + TODO: check CVE-2022-22409 RESERVED CVE-2022-22408 @@ -19125,10 +19596,10 @@ CVE-2022-22358 RESERVED CVE-2022-22357 RESERVED -CVE-2022-22356 - RESERVED -CVE-2022-22355 - RESERVED +CVE-2022-22356 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumera ...) + TODO: check +CVE-2022-22355 (IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of serv ...) + TODO: check CVE-2022-22354 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum C ...) NOT-FOR-US: IBM CVE-2022-22353 (IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 c ...) @@ -19159,8 +19630,8 @@ CVE-2022-22341 RESERVED CVE-2022-22340 RESERVED -CVE-2022-22339 - RESERVED +CVE-2022-22339 (IBM Planning Analytics 2.0 is vulnerable to server-side request forger ...) + TODO: check CVE-2022-22338 RESERVED CVE-2022-22337 @@ -22916,12 +23387,10 @@ CVE-2022-21935 RESERVED CVE-2022-21934 RESERVED -CVE-2021-45104 - RESERVED +CVE-2021-45104 (An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x befo ...) - condor <not-affected> (Vulnerable code introduced later) NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0002 -CVE-2021-45103 - RESERVED +CVE-2021-45103 (An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x befo ...) - condor <not-affected> (Vulnerable code introduced later) NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0001 CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x befor ...) @@ -26043,8 +26512,8 @@ CVE-2021-44171 RESERVED CVE-2021-44170 RESERVED -CVE-2021-44169 - RESERVED +CVE-2021-44169 (A improper initialization in Fortinet FortiClient (Windows) version 6. ...) + TODO: check CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...) NOT-FOR-US: FortiGuard CVE-2021-44167 @@ -29114,8 +29583,8 @@ CVE-2021-3933 (An integer overflow could occur when OpenEXR processes a crafted NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019783 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912 NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/5a0adf1aba7d41c6b94ba167c0c4308d2eecfd17 -CVE-2021-43521 - RESERVED +CVE-2021-43521 (A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_bu ...) + TODO: check CVE-2021-43520 RESERVED CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 a ...) @@ -29145,12 +29614,12 @@ CVE-2021-43518 (Teeworlds up to and including 0.7.5 is vulnerable to Buffer Over NOTE: https://github.com/teeworlds/teeworlds/pull/3018 NOTE: https://github.com/teeworlds/teeworlds/commit/91e5492d4c210f82f1ca6b43a73417fef5463368 NOTE: https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/ -CVE-2021-43517 - RESERVED +CVE-2021-43517 (FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00 ...) + TODO: check CVE-2021-43516 RESERVED -CVE-2021-43515 - RESERVED +CVE-2021-43515 (A CSV Injection vulnerablity exists in Kimai Kimai 2 > 1.14 via a d ...) + TODO: check CVE-2021-43514 RESERVED CVE-2021-43513 @@ -29173,8 +29642,8 @@ CVE-2021-43505 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in Sso NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2021-43504 RESERVED -CVE-2021-43503 - RESERVED +CVE-2021-43503 (A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 ...) + TODO: check CVE-2021-43502 RESERVED CVE-2021-43501 @@ -29183,8 +29652,8 @@ CVE-2021-43500 RESERVED CVE-2021-43499 RESERVED -CVE-2021-43498 - RESERVED +CVE-2021-43498 (An Access Control vulnerability exists in ATutor 2.2.4 in password_rem ...) + TODO: check CVE-2021-43497 RESERVED CVE-2021-43496 (Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd7 ...) @@ -29213,8 +29682,8 @@ CVE-2021-43485 RESERVED CVE-2021-43484 (A Remote Code Execution (RCE) vulnerability exists in Simple Client Ma ...) NOT-FOR-US: Sourcecodester Simple Client Management System -CVE-2021-43483 - RESERVED +CVE-2021-43483 (An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in ...) + TODO: check CVE-2021-43482 RESERVED CVE-2021-43481 @@ -29231,8 +29700,8 @@ CVE-2021-43476 RESERVED CVE-2021-43475 RESERVED -CVE-2021-43474 - RESERVED +CVE-2021-43474 (An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B0 ...) + TODO: check CVE-2021-43473 RESERVED CVE-2021-43472 @@ -29275,8 +29744,8 @@ CVE-2021-43455 (An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via NOTE: https://www.exploit-db.com/exploits/49630 CVE-2021-43454 (An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.3 ...) NOT-FOR-US: AnyTXT Searcher for Windows -CVE-2021-43453 - RESERVED +CVE-2021-43453 (A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 ...) + TODO: check CVE-2021-43452 RESERVED CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee Record Manag ...) @@ -29317,14 +29786,14 @@ CVE-2021-43434 RESERVED CVE-2021-43433 RESERVED -CVE-2021-43432 - RESERVED +CVE-2021-43432 (A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admi ...) + TODO: check CVE-2021-43431 RESERVED -CVE-2021-43430 - RESERVED -CVE-2021-43429 - RESERVED +CVE-2021-43430 (An Access Control vulnerability exists in BigAntSoft BigAnt office mes ...) + TODO: check +CVE-2021-43429 (A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7 ...) + TODO: check CVE-2021-43428 RESERVED CVE-2021-43427 @@ -29339,8 +29808,8 @@ CVE-2021-43423 RESERVED CVE-2021-43422 RESERVED -CVE-2021-43421 - RESERVED +CVE-2021-43421 (A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1. ...) + TODO: check CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester Online Paym ...) NOT-FOR-US: Sourcecodester CVE-2021-43419 @@ -30472,14 +30941,14 @@ CVE-2022-20786 RESERVED CVE-2022-20785 RESERVED -CVE-2022-20784 - RESERVED +CVE-2022-20784 (A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cis ...) + TODO: check CVE-2022-20783 RESERVED -CVE-2022-20782 - RESERVED -CVE-2022-20781 - RESERVED +CVE-2022-20782 (A vulnerability in the web-based management interface of Cisco Identit ...) + TODO: check +CVE-2022-20781 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) + TODO: check CVE-2022-20780 RESERVED CVE-2022-20779 @@ -30492,8 +30961,8 @@ CVE-2022-20776 RESERVED CVE-2022-20775 RESERVED -CVE-2022-20774 - RESERVED +CVE-2022-20774 (A vulnerability in the web-based management interface of Cisco IP Phon ...) + TODO: check CVE-2022-20773 RESERVED CVE-2022-20772 @@ -30514,10 +30983,10 @@ CVE-2022-20765 RESERVED CVE-2022-20764 RESERVED -CVE-2022-20763 - RESERVED -CVE-2022-20762 - RESERVED +CVE-2022-20763 (A vulnerability in the login authorization components of Cisco Webex M ...) + TODO: check +CVE-2022-20762 (A vulnerability in the Common Execution Environment (CEE) ConfD CLI of ...) + TODO: check CVE-2022-20761 RESERVED CVE-2022-20760 @@ -30528,12 +30997,12 @@ CVE-2022-20758 RESERVED CVE-2022-20757 RESERVED -CVE-2022-20756 - RESERVED -CVE-2022-20755 - RESERVED -CVE-2022-20754 - RESERVED +CVE-2022-20756 (A vulnerability in the RADIUS feature of Cisco Identity Services Engin ...) + TODO: check +CVE-2022-20755 (Multiple vulnerabilities in the API and web-based management interface ...) + TODO: check +CVE-2022-20754 (Multiple vulnerabilities in the API and web-based management interface ...) + TODO: check CVE-2022-20753 RESERVED CVE-2022-20752 @@ -30558,8 +31027,8 @@ CVE-2022-20743 RESERVED CVE-2022-20742 RESERVED -CVE-2022-20741 - RESERVED +CVE-2022-20741 (A vulnerability in the web-based management interface of the Network D ...) + TODO: check CVE-2022-20740 RESERVED CVE-2022-20739 @@ -30695,8 +31164,8 @@ CVE-2022-20677 RESERVED CVE-2022-20676 RESERVED -CVE-2022-20675 - RESERVED +CVE-2022-20675 (A vulnerability in the TCP/IP stack of Cisco Email Security Appliance ...) + TODO: check CVE-2022-20674 RESERVED CVE-2022-20673 @@ -30715,8 +31184,8 @@ CVE-2022-20667 RESERVED CVE-2022-20666 RESERVED -CVE-2022-20665 - RESERVED +CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an authenticate ...) + TODO: check CVE-2022-20664 RESERVED CVE-2022-20663 @@ -30905,8 +31374,8 @@ CVE-2021-43207 (Windows Common Log File System Driver Elevation of Privilege Vul NOT-FOR-US: Microsoft CVE-2021-43206 RESERVED -CVE-2021-43205 - RESERVED +CVE-2021-43205 (An exposure of sensitive information to an unauthorized actor vulnerab ...) + TODO: check CVE-2021-43204 (A improper control of a resource through its lifetime in Fortinet Fort ...) NOT-FOR-US: FortiGuard CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) @@ -31071,8 +31540,8 @@ CVE-2021-43140 (SQL Injection vulnerability exists in Sourcecodester. Simple Sub NOT-FOR-US: Sourcecodester CVE-2021-43139 RESERVED -CVE-2021-43138 - RESERVED +CVE-2021-43138 (A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) , which ...) + TODO: check CVE-2021-43137 (Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulne ...) NOT-FOR-US: hostel management system CVE-2021-43136 (An authentication bypass issue in FormaLMS <= 2.4.4 allows an attac ...) @@ -35731,10 +36200,10 @@ CVE-2021-41754 RESERVED CVE-2021-41753 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...) NOT-FOR-US: D-Link -CVE-2021-41752 - RESERVED -CVE-2021-41751 - RESERVED +CVE-2021-41752 (Stack overflow vulnerability in Jerryscript before commit e1ce7dd72712 ...) + TODO: check +CVE-2021-41751 (Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:9 ...) + TODO: check CVE-2021-41750 RESERVED CVE-2021-41749 @@ -35816,8 +36285,8 @@ CVE-2021-41717 RESERVED CVE-2021-41716 (Maharashtra State Electricity Board Mahavitara Android Application 8.2 ...) NOT-FOR-US: Maharashtra State Electricity Board Mahavitara Android Application -CVE-2021-41715 - RESERVED +CVE-2021-41715 (libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither ...) + TODO: check CVE-2021-41714 RESERVED CVE-2021-41713 @@ -36915,8 +37384,8 @@ CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter noteb NOTE: https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27 CVE-2021-41246 (Express OpenID Connect is express JS middleware implementing sign on f ...) NOT-FOR-US: Express OpenID Connect -CVE-2021-41245 - RESERVED +CVE-2021-41245 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) + TODO: check CVE-2021-41244 (Grafana is an open-source platform for monitoring and observability. I ...) - grafana <removed> CVE-2021-41243 (There is a Potential Zip Slip Vulnerability and OS Command Injection V ...) @@ -37517,8 +37986,8 @@ CVE-2021-41028 (A combination of a use of hard-coded cryptographic key vulnerabi NOT-FOR-US: FortiGuard CVE-2021-41027 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6 ...) NOT-FOR-US: FortiGuard -CVE-2021-41026 - RESERVED +CVE-2021-41026 (A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 ...) + TODO: check CVE-2021-41025 (Multiple vulnerabilities in the authentication mechanism of confd in F ...) NOT-FOR-US: FortiGuard CVE-2021-41024 (A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7 ...) @@ -38402,8 +38871,8 @@ CVE-2021-40658 RESERVED CVE-2021-40657 RESERVED -CVE-2021-40656 - RESERVED +CVE-2021-40656 (libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/ ...) + TODO: check CVE-2021-40655 (An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Ve ...) NOT-FOR-US: D-Link CVE-2021-40654 (An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An ...) @@ -39135,10 +39604,10 @@ CVE-2021-40377 (SmarterTools SmarterMail 16.x before build 7866 has stored XSS. NOT-FOR-US: SmarterTools CVE-2021-40376 (otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM acce ...) NOT-FOR-US: otris Update Manager -CVE-2021-40375 - RESERVED -CVE-2021-40374 - RESERVED +CVE-2021-40375 (Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the ...) + TODO: check +CVE-2021-40374 (A stored cross-site scripting (XSS) vulnerability was identified in Ap ...) + TODO: check CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP c ...) NOT-FOR-US: playSMS CVE-2021-40372 @@ -49455,8 +49924,8 @@ CVE-2021-36204 RESERVED CVE-2021-36203 RESERVED -CVE-2021-36202 - RESERVED +CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls M ...) + TODO: check CVE-2021-36201 RESERVED CVE-2021-36200 @@ -55849,7 +56318,7 @@ CVE-2021-33529 (In Weidmueller Industrial WLAN devices in multiple versions the NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33528 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices -CVE-2021-33527 (In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged lo ...) +CVE-2021-33527 (In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker c ...) NOT-FOR-US: MB connect line CVE-2021-33526 (In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged lo ...) NOT-FOR-US: MB connect line @@ -58254,8 +58723,8 @@ CVE-2021-32595 (Multiple uncontrolled resource consumption vulnerabilities in th NOT-FOR-US: Fortiguard CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface of Fort ...) NOT-FOR-US: FortiPortal -CVE-2021-32593 - RESERVED +CVE-2021-32593 (A use of a broken or risky cryptographic algorithm vulnerability [CWE- ...) + TODO: check CVE-2021-32592 (An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 ...) NOT-FOR-US: FortiGuard CVE-2021-32591 (A missing cryptographic steps vulnerability in the function that encry ...) @@ -58270,8 +58739,8 @@ CVE-2021-32587 (An improper access control vulnerability in FortiManager and For NOT-FOR-US: Fortiguard CVE-2021-32586 (An improper input validation vulnerability in the web server CGI facil ...) NOT-FOR-US: FortiGuard -CVE-2021-32585 - RESERVED +CVE-2021-32585 (An improper neutralization of input during web page generation vulnera ...) + TODO: check CVE-2021-32584 RESERVED CVE-2021-32583 @@ -64000,8 +64469,8 @@ CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in export.c [buster] - libcaca <no-dsa> (Minor issue) [stretch] - libcaca <postponed> (Minor issue; can be fixed in next update) NOTE: https://github.com/cacalabs/libcaca/issues/53 -CVE-2021-30497 - RESERVED +CVE-2021-30497 (Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users t ...) + TODO: check CVE-2021-30496 (The Telegram app 7.6.2 for iOS allows remote authenticated users to ca ...) NOT-FOR-US: Telegram for iOS CVE-2021-30495 @@ -65102,8 +65571,8 @@ CVE-2021-30082 (An issue was discovered in Gris CMS v0.1. There is a Persistent NOT-FOR-US: Gris CMS CVE-2021-30081 (An issue was discovered in emlog 6.0.0stable. There is a SQL Injection ...) NOT-FOR-US: emlog -CVE-2021-30080 - RESERVED +CVE-2021-30080 (An issue was discovered in the route lookup process in beego through 2 ...) + TODO: check CVE-2021-30079 RESERVED CVE-2021-30078 @@ -69303,8 +69772,8 @@ CVE-2021-28430 RESERVED CVE-2021-28429 RESERVED -CVE-2021-28428 - RESERVED +CVE-2021-28428 (File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploa ...) + TODO: check CVE-2021-28427 RESERVED CVE-2021-28426 @@ -72443,10 +72912,10 @@ CVE-2021-27119 RESERVED CVE-2021-27118 RESERVED -CVE-2021-27117 - RESERVED -CVE-2021-27116 - RESERVED +CVE-2021-27117 (An issue was discovered in file profile.go in function GetCPUProfile i ...) + TODO: check +CVE-2021-27116 (An issue was discovered in file profile.go in function MemProf in beeg ...) + TODO: check CVE-2021-27115 RESERVED CVE-2021-27114 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within ...) @@ -75058,16 +75527,16 @@ CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use NOTE: https://issues.apache.org/jira/browse/AMQ-8035 NOTE: https://www.openwall.com/lists/oss-security/2021/01/27/6 NOTE: https://gitbox.apache.org/repos/asf?p=activemq.git;h=c9f68f4c64b2687eee283b95538753665d2b229b -CVE-2021-26116 - RESERVED +CVE-2021-26116 (An improper neutralization of special elements used in an OS command v ...) + TODO: check CVE-2021-26115 RESERVED -CVE-2021-26114 - RESERVED -CVE-2021-26113 - RESERVED -CVE-2021-26112 - RESERVED +CVE-2021-26114 (Multiple improper neutralization of special elements used in an SQL co ...) + TODO: check +CVE-2021-26113 (A use of a one-way hash with a predictable salt vulnerability [CWE-760 ...) + TODO: check +CVE-2021-26112 (Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in ...) + TODO: check CVE-2021-26111 (A missing release of memory after effective lifetime vulnerability in ...) NOT-FOR-US: Fortiguard CVE-2021-26110 (An improper access control vulnerability [CWE-284] in FortiOS autod da ...) @@ -75082,8 +75551,8 @@ CVE-2021-26106 (An improper neutralization of special elements used in an OS Com NOT-FOR-US: Fortiguard CVE-2021-26105 RESERVED -CVE-2021-26104 - RESERVED +CVE-2021-26104 (Multiple OS command injection (CWE-78) vulnerabilities in the command ...) + TODO: check CVE-2021-26103 (An insufficient verification of data authenticity vulnerability (CWE-3 ...) NOT-FOR-US: FortiGuard CVE-2021-26102 @@ -79994,8 +80463,8 @@ CVE-2021-24011 (A privilege escalation vulnerability in FortiNAC version below 8 NOT-FOR-US: Fortiguard CVE-2021-24010 (Improper limitation of a pathname to a restricted directory vulnerabil ...) NOT-FOR-US: FortiSandbox -CVE-2021-24009 - RESERVED +CVE-2021-24009 (Multiple improper neutralization of special elements used in an OS com ...) + TODO: check CVE-2021-24008 RESERVED CVE-2021-24007 (Multiple improper neutralization of special elements of SQL commands v ...) @@ -84529,8 +84998,8 @@ CVE-2021-22129 (Multiple instances of incorrect calculation of buffer size in th NOT-FOR-US: Fortiguard CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN portal ...) NOT-FOR-US: FortiProxy SSL VPN portal -CVE-2021-22127 - RESERVED +CVE-2021-22127 (An improper input validation vulnerability in FortiClient for Linux 6. ...) + TODO: check CVE-2021-22126 RESERVED CVE-2021-22125 (An instance of improper neutralization of special elements in the snif ...) @@ -96038,8 +96507,8 @@ CVE-2020-29015 (A blind SQL injection in the user interface of FortiWeb 6.3.0 th NOT-FOR-US: Fortiguard CVE-2020-29014 (A concurrent execution using shared resource with improper synchroniza ...) NOT-FOR-US: Fortiguard -CVE-2020-29013 - RESERVED +CVE-2020-29013 (An improper input validation vulnerability in the sniffer interface of ...) + TODO: check CVE-2020-29012 (An insufficient session expiration vulnerability in FortiSandbox versi ...) NOT-FOR-US: FortiGuard CVE-2020-29011 (Instances of SQL Injection vulnerabilities in the checksum search and ...) @@ -96495,8 +96964,8 @@ CVE-2020-28849 RESERVED CVE-2020-28848 RESERVED -CVE-2020-28847 - RESERVED +CVE-2020-28847 (Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via th ...) + TODO: check CVE-2020-28846 (Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 ...) NOT-FOR-US: SeaCMS CVE-2020-28845 (A CSV injection vulnerability in the Admin portal for Netskope 75.0 al ...) @@ -103613,14 +104082,14 @@ CVE-2020-27378 RESERVED CVE-2020-27377 (A cross-site scripting (XSS) vulnerability was discovered in the Admin ...) NOT-FOR-US: CMS Made Simple -CVE-2020-27376 - RESERVED -CVE-2020-27375 - RESERVED -CVE-2020-27374 - RESERVED -CVE-2020-27373 - RESERVED +CVE-2020-27376 (Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is ...) + TODO: check +CVE-2020-27375 (Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is ...) + TODO: check +CVE-2020-27374 (Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnera ...) + TODO: check +CVE-2020-27373 (Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnera ...) + TODO: check CVE-2020-27372 (A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1 ...) - brandy <unfixed> (unimportant) NOTE: https://sourceforge.net/p/brandy/bugs/10/ @@ -113137,8 +113606,8 @@ CVE-2020-23351 RESERVED CVE-2020-23350 RESERVED -CVE-2020-23349 - RESERVED +CVE-2020-23349 (An intent redirection issue was doscovered in Sina Weibo Android SDK 4 ...) + TODO: check CVE-2020-23348 RESERVED CVE-2020-23347 @@ -115451,8 +115920,8 @@ CVE-2020-22255 RESERVED CVE-2020-22254 RESERVED -CVE-2020-22253 - RESERVED +CVE-2020-22253 (Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R- ...) + TODO: check CVE-2020-22252 RESERVED CVE-2020-22251 (Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the logi ...) @@ -121971,8 +122440,8 @@ CVE-2020-19231 RESERVED CVE-2020-19230 RESERVED -CVE-2020-19229 - RESERVED +CVE-2020-19229 (Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016 ...) + TODO: check CVE-2020-19228 RESERVED CVE-2020-19227 @@ -160379,8 +160848,8 @@ CVE-2020-4670 (IBM Planning Analytics Local 2.0 connects to a Redis server. The NOT-FOR-US: IBM CVE-2020-4669 (IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB ...) NOT-FOR-US: IBM -CVE-2020-4668 - RESERVED +CVE-2020-4668 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, ...) + TODO: check CVE-2020-4667 (IBM Engineering Requirements Quality Assistant On-Premises could allow ...) NOT-FOR-US: IBM CVE-2020-4666 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...) @@ -284427,7 +284896,7 @@ CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote authenticated NOTE: https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846 NOTE: Fix for the incomplete fix for CVE-2016-2313 CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite recursion i ...) - {DLA-1194-1} + {DLA-2972-1 DLA-1194-1} [experimental] - libxml2 2.9.7+dfsg-1 - libxml2 2.9.10+dfsg-2 (bug #882613) [buster] - libxml2 <ignored> (Minor issue; too intrusive to backport) @@ -318527,6 +318996,7 @@ CVE-2017-5970 (The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in th NOTE: Fixed by: https://github.com/torvalds/linux/commit/34b2cef20f19c87999fff3da4071e66937db9644 (v4.10-rc8) NOTE: Introduced by: https://github.com/torvalds/linux/commit/f84af32cbca70a3c6d30463dc08c7984af11c277 (v2.6.35-rc1) CVE-2017-5969 (** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote ...) + {DLA-2972-1} - libxml2 2.9.4+dfsg1-5.1 (bug #855001) [jessie] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode) [wheezy] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode) @@ -321702,7 +322172,7 @@ CVE-2017-5131 (An integer overflow in Skia in Google Chrome prior to 62.0.3202.6 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5130 (An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in ...) - {DLA-1188-1} + {DLA-2972-1 DLA-1188-1} - libxml2 2.9.4+dfsg1-5.1 (bug #880000) [jessie] - libxml2 <no-dsa> (Minor issue) - chromium-browser 62.0.3202.75-1 (unimportant) @@ -335634,6 +336104,7 @@ CVE-2016-9320 CVE-2016-9319 (There is Missing SSL Certificate Validation in the Trend Micro Enterpr ...) NOT-FOR-US: Trend Micro CVE-2016-9318 (libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ot ...) + {DLA-2972-1} [experimental] - libxml2 2.9.8+dfsg-1 - libxml2 2.9.10+dfsg-2 (bug #844581) [buster] - libxml2 <ignored> (Minor issue; intrusive to backport) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d7ead13ecb40a53b9a6608cbf530c5e2a2223b2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d7ead13ecb40a53b9a6608cbf530c5e2a2223b2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits