Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2d7ead13 by security tracker role at 2022-04-08T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,474 @@
-CVE-2022-28796 [jbd2: fix use-after-free of transaction_t race]
+CVE-2022-28857
+ RESERVED
+CVE-2022-28856
+ RESERVED
+CVE-2022-28855
+ RESERVED
+CVE-2022-28854
+ RESERVED
+CVE-2022-28853
+ RESERVED
+CVE-2022-28852
+ RESERVED
+CVE-2022-28851
+ RESERVED
+CVE-2022-28850
+ RESERVED
+CVE-2022-28849
+ RESERVED
+CVE-2022-28848
+ RESERVED
+CVE-2022-28847
+ RESERVED
+CVE-2022-28846
+ RESERVED
+CVE-2022-28845
+ RESERVED
+CVE-2022-28844
+ RESERVED
+CVE-2022-28843
+ RESERVED
+CVE-2022-28842
+ RESERVED
+CVE-2022-28841
+ RESERVED
+CVE-2022-28840
+ RESERVED
+CVE-2022-28839
+ RESERVED
+CVE-2022-28838
+ RESERVED
+CVE-2022-28837
+ RESERVED
+CVE-2022-28836
+ RESERVED
+CVE-2022-28835
+ RESERVED
+CVE-2022-28834
+ RESERVED
+CVE-2022-28833
+ RESERVED
+CVE-2022-28832
+ RESERVED
+CVE-2022-28831
+ RESERVED
+CVE-2022-28830
+ RESERVED
+CVE-2022-28829
+ RESERVED
+CVE-2022-28828
+ RESERVED
+CVE-2022-28827
+ RESERVED
+CVE-2022-28826
+ RESERVED
+CVE-2022-28825
+ RESERVED
+CVE-2022-28824
+ RESERVED
+CVE-2022-28823
+ RESERVED
+CVE-2022-28822
+ RESERVED
+CVE-2022-28821
+ RESERVED
+CVE-2022-28820
+ RESERVED
+CVE-2022-28819
+ RESERVED
+CVE-2022-28818
+ RESERVED
+CVE-2022-28817
+ RESERVED
+CVE-2022-28816
+ RESERVED
+CVE-2022-28815
+ RESERVED
+CVE-2022-28814
+ RESERVED
+CVE-2022-28813
+ RESERVED
+CVE-2022-28812
+ RESERVED
+CVE-2022-28811
+ RESERVED
+CVE-2022-28810
+ RESERVED
+CVE-2022-28809
+ RESERVED
+CVE-2022-28808
+ RESERVED
+CVE-2022-28807
+ RESERVED
+CVE-2022-28806
+ RESERVED
+CVE-2022-28805 (singlevar in lparser.c in Lua through 5.4.4 lacks a certain
luaK_exp2a ...)
+ TODO: check
+CVE-2022-28804
+ RESERVED
+CVE-2022-28803
+ RESERVED
+CVE-2022-28802
+ RESERVED
+CVE-2022-28801
+ RESERVED
+CVE-2022-28800
+ RESERVED
+CVE-2022-28799
+ RESERVED
+CVE-2022-28798
+ RESERVED
+CVE-2022-28797
+ RESERVED
+CVE-2022-28795
+ RESERVED
+CVE-2022-28794
+ RESERVED
+CVE-2022-28793
+ RESERVED
+CVE-2022-28792
+ RESERVED
+CVE-2022-28791
+ RESERVED
+CVE-2022-28790
+ RESERVED
+CVE-2022-28789
+ RESERVED
+CVE-2022-28788
+ RESERVED
+CVE-2022-28787
+ RESERVED
+CVE-2022-28786
+ RESERVED
+CVE-2022-28785
+ RESERVED
+CVE-2022-28784
+ RESERVED
+CVE-2022-28783
+ RESERVED
+CVE-2022-28782
+ RESERVED
+CVE-2022-28781
+ RESERVED
+CVE-2022-28780
+ RESERVED
+CVE-2022-28779
+ RESERVED
+CVE-2022-28778
+ RESERVED
+CVE-2022-28777
+ RESERVED
+CVE-2022-28776
+ RESERVED
+CVE-2022-28775
+ RESERVED
+CVE-2022-28774
+ RESERVED
+CVE-2022-28773
+ RESERVED
+CVE-2022-28772
+ RESERVED
+CVE-2022-28771
+ RESERVED
+CVE-2022-28770
+ RESERVED
+CVE-2022-28769
+ RESERVED
+CVE-2022-28768
+ RESERVED
+CVE-2022-28767
+ RESERVED
+CVE-2022-28766
+ RESERVED
+CVE-2022-28765
+ RESERVED
+CVE-2022-28764
+ RESERVED
+CVE-2022-28763
+ RESERVED
+CVE-2022-28762
+ RESERVED
+CVE-2022-28761
+ RESERVED
+CVE-2022-28760
+ RESERVED
+CVE-2022-28759
+ RESERVED
+CVE-2022-28758
+ RESERVED
+CVE-2022-28757
+ RESERVED
+CVE-2022-28756
+ RESERVED
+CVE-2022-28755
+ RESERVED
+CVE-2022-28754
+ RESERVED
+CVE-2022-28753
+ RESERVED
+CVE-2022-28752
+ RESERVED
+CVE-2022-28751
+ RESERVED
+CVE-2022-28750
+ RESERVED
+CVE-2022-28749
+ RESERVED
+CVE-2022-28748
+ RESERVED
+CVE-2022-28747
+ RESERVED
+CVE-2022-28746
+ RESERVED
+CVE-2022-28745
+ RESERVED
+CVE-2022-28744
+ RESERVED
+CVE-2022-28743
+ RESERVED
+CVE-2022-28742
+ RESERVED
+CVE-2022-28741
+ RESERVED
+CVE-2022-28740
+ RESERVED
+CVE-2022-28739
+ RESERVED
+CVE-2022-28738
+ RESERVED
+CVE-2022-28737
+ RESERVED
+CVE-2022-28736
+ RESERVED
+CVE-2022-28735
+ RESERVED
+CVE-2022-28734
+ RESERVED
+CVE-2022-28733
+ RESERVED
+CVE-2022-28732
+ RESERVED
+CVE-2022-28731
+ RESERVED
+CVE-2022-28730
+ RESERVED
+CVE-2022-28729
+ RESERVED
+CVE-2022-28728
+ RESERVED
+CVE-2022-28727
+ RESERVED
+CVE-2022-28726
+ RESERVED
+CVE-2022-28725
+ RESERVED
+CVE-2022-28724
+ RESERVED
+CVE-2022-28723
+ RESERVED
+CVE-2022-28722
+ RESERVED
+CVE-2022-28721
+ RESERVED
+CVE-2022-28720
+ RESERVED
+CVE-2022-28711
+ RESERVED
+CVE-2022-28709
+ RESERVED
+CVE-2022-28698
+ RESERVED
+CVE-2022-28696
+ RESERVED
+CVE-2022-28694
+ RESERVED
+CVE-2022-28688
+ RESERVED
+CVE-2022-28687
+ RESERVED
+CVE-2022-28686
+ RESERVED
+CVE-2022-28685
+ RESERVED
+CVE-2022-28684
+ RESERVED
+CVE-2022-28683
+ RESERVED
+CVE-2022-28682
+ RESERVED
+CVE-2022-28681
+ RESERVED
+CVE-2022-28680
+ RESERVED
+CVE-2022-28679
+ RESERVED
+CVE-2022-28678
+ RESERVED
+CVE-2022-28677
+ RESERVED
+CVE-2022-28676
+ RESERVED
+CVE-2022-28675
+ RESERVED
+CVE-2022-28674
+ RESERVED
+CVE-2022-28673
+ RESERVED
+CVE-2022-28672
+ RESERVED
+CVE-2022-28671
+ RESERVED
+CVE-2022-28670
+ RESERVED
+CVE-2022-28669
+ RESERVED
+CVE-2022-28668
+ RESERVED
+CVE-2022-28667
+ RESERVED
+CVE-2022-28665
+ RESERVED
+CVE-2022-28664
+ RESERVED
+CVE-2022-28611
+ RESERVED
+CVE-2022-28126
+ RESERVED
+CVE-2022-27879
+ RESERVED
+CVE-2022-27876
+ RESERVED
+CVE-2022-27874
+ RESERVED
+CVE-2022-27639
+ RESERVED
+CVE-2022-27638
+ RESERVED
+CVE-2022-27631
+ RESERVED
+CVE-2022-27499
+ RESERVED
+CVE-2022-27234
+ RESERVED
+CVE-2022-27187
+ RESERVED
+CVE-2022-27173
+ RESERVED
+CVE-2022-26845
+ RESERVED
+CVE-2022-26841
+ RESERVED
+CVE-2022-26837
+ RESERVED
+CVE-2022-26833
+ RESERVED
+CVE-2022-26515
+ RESERVED
+CVE-2022-26513
+ RESERVED
+CVE-2022-26509
+ RESERVED
+CVE-2022-26508
+ RESERVED
+CVE-2022-26376
+ RESERVED
+CVE-2022-26369
+ RESERVED
+CVE-2022-26367
+ RESERVED
+CVE-2022-26341
+ RESERVED
+CVE-2022-26079
+ RESERVED
+CVE-2022-26047
+ RESERVED
+CVE-2022-26045
+ RESERVED
+CVE-2022-25868
+ RESERVED
+CVE-2022-1284 (heap-use-after-free in GitHub repository radareorg/radare2
prior to 5. ...)
+ TODO: check
+CVE-2022-1283 (NULL Pointer Dereference in r_bin_ne_get_entrypoints function
in GitHu ...)
+ TODO: check
+CVE-2022-1282
+ RESERVED
+CVE-2022-1281
+ RESERVED
+CVE-2022-1280
+ RESERVED
+CVE-2022-1279
+ RESERVED
+CVE-2022-1278
+ RESERVED
+CVE-2022-1277
+ RESERVED
+CVE-2022-1276
+ RESERVED
+CVE-2022-1275
+ RESERVED
+CVE-2022-1274
+ RESERVED
+CVE-2022-1273
+ RESERVED
+CVE-2022-1272
+ RESERVED
+CVE-2022-1270
+ RESERVED
+CVE-2022-1269
+ RESERVED
+CVE-2022-1268
+ RESERVED
+CVE-2022-1267
+ RESERVED
+CVE-2022-1266
+ RESERVED
+CVE-2022-1265
+ RESERVED
+CVE-2022-1264
+ RESERVED
+CVE-2022-1262
+ RESERVED
+CVE-2022-1261
+ RESERVED
+CVE-2022-1260
+ RESERVED
+CVE-2022-1259
+ RESERVED
+CVE-2022-1258
+ RESERVED
+CVE-2022-1257
+ RESERVED
+CVE-2022-1256
+ RESERVED
+CVE-2022-1255
+ RESERVED
+CVE-2022-1254
+ RESERVED
+CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository
strukturag/libde265 pr ...)
+ TODO: check
+CVE-2022-1252
+ RESERVED
+CVE-2022-1251
+ RESERVED
+CVE-2022-1250
+ RESERVED
+CVE-2022-1248 (A vulnerability was found in SAP Information System 1.0 which
has been ...)
+ TODO: check
+CVE-2022-1247
+ RESERVED
+CVE-2022-1246
+ RESERVED
+CVE-2022-1245
+ RESERVED
+CVE-2022-1244 (heap-buffer-overflow in GitHub repository radareorg/radare2
prior to 5 ...)
+ TODO: check
+CVE-2022-1243 (CRHTLF can lead to invalid protocol extraction potentially
leading to ...)
+ TODO: check
+CVE-2022-1242
+ RESERVED
+CVE-2022-1241
+ RESERVED
+CVE-2022-28796 (jbd2_journal_wait_updates in fs/jbd2/transaction.c in the
Linux kernel ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https:/git.kernel.org/linus/cc16eecae687912238ee6efbff71ad31e2bc414e (5.18-rc1)
CVE-2022-28663
@@ -8,6 +478,7 @@ CVE-2022-28662
CVE-2022-28661
RESERVED
CVE-2022-1271
+ RESERVED
- xz-utils <unfixed> (bug #1009167)
- gzip <unfixed> (bug #1009168)
NOTE: https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
@@ -22,22 +493,24 @@ CVE-2022-1271
NOTE:
https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=9d3248751178939713a39115cf68ec8a11506cc9
(v1.12)
NOTE: https://www.openwall.com/lists/oss-security/2022/04/07/8
CVE-2022-1263
+ RESERVED
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/04/07/1
NOTE: https://www.spinics.net/lists/kvm/msg273052.html
CVE-2022-1249 [NULL pointer dereference in cms_set_pw_data()]
+ RESERVED
- pesign <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/rhboot/pesign/pull/79
NOTE: Introduced by:
https://github.com/rhboot/pesign/commit/12f16710ee44ef64ddb044a3523c3c4c4d90039a
(114)
NOTE: Fixed by:
https://github.com/rhboot/pesign/commit/b879dda52f8122de697d145977c285fb0a022d76
(115)
-CVE-2022-1240
- RESERVED
+CVE-2022-1240 (Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub
reposi ...)
+ TODO: check
CVE-2022-1239
RESERVED
-CVE-2022-1238
- RESERVED
-CVE-2022-1237
- RESERVED
+CVE-2022-1238 (Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub
reposi ...)
+ TODO: check
+CVE-2022-1237 (Improper Validation of Array Index in GitHub repository
radareorg/rada ...)
+ TODO: check
CVE-2022-1236 (Weak Password Requirements in GitHub repository weseek/growi
prior to ...)
NOT-FOR-US: GROWI
CVE-2022-28660
@@ -60,8 +533,8 @@ CVE-2022-28652
RESERVED
CVE-2022-1235 (Weak secrethash can be brute-forced in GitHub repository
livehelpercha ...)
NOT-FOR-US: livehelperchat
-CVE-2022-1234
- RESERVED
+CVE-2022-1234 (XSS in livehelperchat in GitHub repository
livehelperchat/livehelperch ...)
+ TODO: check
CVE-2022-1233 (URL Confusion When Scheme Not Supplied in GitHub repository
medialize/ ...)
TODO: check
CVE-2022-1232
@@ -70,14 +543,14 @@ CVE-2022-1232
- chromium 100.0.4896.75-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-28651
- RESERVED
-CVE-2022-28650
- RESERVED
-CVE-2022-28649
- RESERVED
-CVE-2022-28648
- RESERVED
+CVE-2022-28651 (In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to
get pass ...)
+ TODO: check
+CVE-2022-28650 (In JetBrains YouTrack before 2022.1.43700 it was possible to
inject Ja ...)
+ TODO: check
+CVE-2022-28649 (In JetBrains YouTrack before 2022.1.43563 it was possible to
include a ...)
+ TODO: check
+CVE-2022-28648 (In JetBrains YouTrack before 2022.1.43563 HTML code from the
issue des ...)
+ TODO: check
CVE-2022-28647
RESERVED
CVE-2022-28646
@@ -182,8 +655,8 @@ CVE-2022-1221
RESERVED
CVE-2022-1220
RESERVED
-CVE-2022-1219
- RESERVED
+CVE-2022-1219 (SQL injection in RecyclebinController.php in GitHub repository
pimcore ...)
+ TODO: check
CVE-2022-1218
RESERVED
CVE-2022-1217
@@ -476,10 +949,10 @@ CVE-2022-28470
RESERVED
CVE-2022-28469
RESERVED
-CVE-2022-28468
- RESERVED
-CVE-2022-28467
- RESERVED
+CVE-2022-28468 (Payroll Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2022-28467 (Online Student Admission v1.0 was discovered to contain a SQL
injectio ...)
+ TODO: check
CVE-2022-28466
RESERVED
CVE-2022-28465
@@ -1247,8 +1720,8 @@ CVE-2022-1165 (The Blackhole for Bad Bots WordPress
plugin before 3.3.2 uses hea
NOT-FOR-US: WordPress plugin
CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in
the bu ...)
NOT-FOR-US: Wordpress theme
-CVE-2022-28219
- RESERVED
+CVE-2022-28219 (Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an
unauthe ...)
+ TODO: check
CVE-2022-28218
RESERVED
CVE-2022-28217
@@ -1692,10 +2165,10 @@ CVE-2022-28118
RESERVED
CVE-2022-28117
RESERVED
-CVE-2022-28116
- RESERVED
-CVE-2022-28115
- RESERVED
+CVE-2022-28116 (Online Banking System v1.0 was discovered to contain a SQL
injection v ...)
+ TODO: check
+CVE-2022-28115 (Online Sports Complex Booking v1.0 was discovered to contain a
SQL inj ...)
+ TODO: check
CVE-2022-28114
RESERVED
CVE-2022-28113
@@ -1920,12 +2393,12 @@ CVE-2022-28004
RESERVED
CVE-2022-28003
RESERVED
-CVE-2022-28002
- RESERVED
-CVE-2022-28001
- RESERVED
-CVE-2022-28000
- RESERVED
+CVE-2022-28002 (Movie Seat Reservation v1 was discovered to contain an
unauthenticated ...)
+ TODO: check
+CVE-2022-28001 (Movie Seat Reservation v1 was discovered to contain a SQL
injection vu ...)
+ TODO: check
+CVE-2022-28000 (Car Rental System v1.0 was discovered to contain a SQL
injection vulne ...)
+ TODO: check
CVE-2022-27999
RESERVED
CVE-2022-27998
@@ -1940,10 +2413,10 @@ CVE-2022-27994
RESERVED
CVE-2022-27993
RESERVED
-CVE-2022-27992
- RESERVED
-CVE-2022-27991
- RESERVED
+CVE-2022-27992 (Zoo Management System v1.0 was discovered to contain a SQL
injection v ...)
+ TODO: check
+CVE-2022-27991 (Online Banking System in PHP v1 was discovered to contain
multiple SQL ...)
+ TODO: check
CVE-2022-27990
RESERVED
CVE-2022-27989
@@ -2440,10 +2913,10 @@ CVE-2022-27821
RESERVED
CVE-2022-27820 (OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not
verify the T ...)
- zaproxy <itp> (bug #897142)
-CVE-2022-27819
- RESERVED
-CVE-2022-27818
- RESERVED
+CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via the -c option. An
information le ...)
+ TODO: check
+CVE-2022-27818 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There
can be a ...)
+ TODO: check
CVE-2022-27817
RESERVED
CVE-2022-27816 (SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There
can be da ...)
@@ -3233,10 +3706,10 @@ CVE-2022-27465
RESERVED
CVE-2022-27464
RESERVED
-CVE-2022-27463
- RESERVED
-CVE-2022-27462
- RESERVED
+CVE-2022-27463 (Open redirect vulnerability in objects/login.json.php in WWBN
AVideo t ...)
+ TODO: check
+CVE-2022-27462 (Cross Site Scripting (XSS) vulnerability in
objects/function.php in fu ...)
+ TODO: check
CVE-2022-27461
RESERVED
CVE-2022-27460
@@ -3445,8 +3918,8 @@ CVE-2022-27359
RESERVED
CVE-2022-27358
RESERVED
-CVE-2022-27357
- RESERVED
+CVE-2022-27357 (Ecommerce-Website v1 was discovered to contain an arbitrary
file uploa ...)
+ TODO: check
CVE-2022-27356
RESERVED
CVE-2022-27355
@@ -3455,20 +3928,20 @@ CVE-2022-27354
RESERVED
CVE-2022-27353
RESERVED
-CVE-2022-27352
- RESERVED
-CVE-2022-27351
- RESERVED
+CVE-2022-27352 (Simple House Rental System v1 was discovered to contain an
arbitrary f ...)
+ TODO: check
+CVE-2022-27351 (Zoo Management System v1.0 was discovered to contain an
arbitrary file ...)
+ TODO: check
CVE-2022-27350
RESERVED
-CVE-2022-27349
- RESERVED
-CVE-2022-27348
- RESERVED
+CVE-2022-27349 (Social Codia SMS v1 was discovered to contain an arbitrary
file upload ...)
+ TODO: check
+CVE-2022-27348 (Social Codia SMS v1 was discovered to contain a stored
cross-site scri ...)
+ TODO: check
CVE-2022-27347
RESERVED
-CVE-2022-27346
- RESERVED
+CVE-2022-27346 (Ecommece-Website v1.1.0 was discovered to contain an arbitrary
file up ...)
+ TODO: check
CVE-2022-27345
RESERVED
CVE-2022-27344
@@ -3551,8 +4024,8 @@ CVE-2022-27306
REJECTED
CVE-2022-27305
RESERVED
-CVE-2022-27304
- RESERVED
+CVE-2022-27304 (Student Grading System v1.0 was discovered to contain a SQL
injection ...)
+ TODO: check
CVE-2022-27303
RESERVED
CVE-2022-27302
@@ -4206,22 +4679,22 @@ CVE-2022-27154
RESERVED
CVE-2022-27153
RESERVED
-CVE-2022-27152
- RESERVED
+CVE-2022-27152 (Roku devices running RokuOS v9.4.0 build 4200 or earlier that
uses a R ...)
+ TODO: check
CVE-2022-27151
RESERVED
CVE-2022-27150
RESERVED
CVE-2022-27149
RESERVED
-CVE-2022-27148
- RESERVED
-CVE-2022-27147
- RESERVED
-CVE-2022-27146
- RESERVED
-CVE-2022-27145
- RESERVED
+CVE-2022-27148 (GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable
to Integ ...)
+ TODO: check
+CVE-2022-27147 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a
use-after-free v ...)
+ TODO: check
+CVE-2022-27146 (GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a
heap-buffer-overflow vu ...)
+ TODO: check
+CVE-2022-27145 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a
stack-overflow v ...)
+ TODO: check
CVE-2022-27144
RESERVED
CVE-2022-27143
@@ -4262,10 +4735,10 @@ CVE-2022-27126
RESERVED
CVE-2022-27125
RESERVED
-CVE-2022-27124
- RESERVED
-CVE-2022-27123
- RESERVED
+CVE-2022-27124 (Insurance Management System 1.0 was discovered to contain a
SQL inject ...)
+ TODO: check
+CVE-2022-27123 (Employee Performance Evaluation v1.0 was discovered to contain
a SQL i ...)
+ TODO: check
CVE-2022-27122
RESERVED
CVE-2022-27121
@@ -4290,14 +4763,14 @@ CVE-2022-27112
RESERVED
CVE-2022-27111
RESERVED
-CVE-2022-27110
- RESERVED
-CVE-2022-27109
- RESERVED
-CVE-2022-27108
- RESERVED
-CVE-2022-27107
- RESERVED
+CVE-2022-27110 (OrangeHRM 4.10 is vulnerable to a Host header injection
redirect via v ...)
+ TODO: check
+CVE-2022-27109 (OrangeHRM 4.10 suffers from a Referer header injection
redirect vulner ...)
+ TODO: check
+CVE-2022-27108 (OrangeHRM 4.10 is vulnerable to Insecure Direct Object
Reference (IDOR ...)
+ TODO: check
+CVE-2022-27107 (OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share
Video" sectio ...)
+ TODO: check
CVE-2022-27106
RESERVED
CVE-2022-27105
@@ -4382,14 +4855,14 @@ CVE-2022-27066
RESERVED
CVE-2022-27065
RESERVED
-CVE-2022-27064
- RESERVED
-CVE-2022-27063
- RESERVED
-CVE-2022-27062
- RESERVED
-CVE-2022-27061
- RESERVED
+CVE-2022-27064 (Musical World v1 was discovered to contain an arbitrary file
upload vu ...)
+ TODO: check
+CVE-2022-27063 (AeroCMS v0.0.1 was discovered to contain a stored cross-site
scripting ...)
+ TODO: check
+CVE-2022-27062 (AeroCMS v0.0.1 was discovered to contain a stored cross-site
scripting ...)
+ TODO: check
+CVE-2022-27061 (AeroCMS v0.0.1 was discovered to contain an arbitrary file
upload vuln ...)
+ TODO: check
CVE-2022-27060
RESERVED
CVE-2022-27059
@@ -4416,14 +4889,14 @@ CVE-2022-27049 (Raidrive before v2021.12.35 allows
attackers to arbitrarily move
NOT-FOR-US: Raidrive
CVE-2022-27048
RESERVED
-CVE-2022-27047
- RESERVED
-CVE-2022-27046
- RESERVED
+CVE-2022-27047 (mogu_blog_cms 5.2 suffers from upload arbitrary files without
any limi ...)
+ TODO: check
+CVE-2022-27046 (libsixel 1.8.6 suffers from a Heap Use After Free
vulnerability in in ...)
+ TODO: check
CVE-2022-27045
RESERVED
-CVE-2022-27044
- RESERVED
+CVE-2022-27044 (libsixel 1.8.6 is affected by Buffer Overflow in
libsixel/src/quant.c: ...)
+ TODO: check
CVE-2022-27043
RESERVED
CVE-2022-27042
@@ -4466,8 +4939,8 @@ CVE-2022-27024
RESERVED
CVE-2022-27023
RESERVED
-CVE-2022-27022
- RESERVED
+CVE-2022-27022 (There is a stack overflow vulnerability in the SetSysTimeCfg()
functio ...)
+ TODO: check
CVE-2022-27021
RESERVED
CVE-2022-27020
@@ -4478,8 +4951,8 @@ CVE-2022-27018
RESERVED
CVE-2022-27017
RESERVED
-CVE-2022-27016
- RESERVED
+CVE-2022-27016 (There is a stack overflow vulnerability in the
SetStaticRouteCfg() fun ...)
+ TODO: check
CVE-2022-27015
RESERVED
CVE-2022-27014
@@ -4538,16 +5011,16 @@ CVE-2022-26988
RESERVED
CVE-2022-26987
RESERVED
-CVE-2022-26986
- RESERVED
+CVE-2022-26986 (SQL Injection in ImpressCMS 1.4.3 and earlier allows remote
attackers ...)
+ TODO: check
CVE-2022-26985
RESERVED
CVE-2022-26984
RESERVED
CVE-2022-26983
RESERVED
-CVE-2022-26982
- RESERVED
+CVE-2022-26982 (SimpleMachinesForum 2.1.1 and earlier allows remote
authenticated admi ...)
+ TODO: check
CVE-2022-0947
RESERVED
CVE-2022-0946 (Stored XSS viva cshtm file upload in GitHub repository
star7th/showdoc ...)
@@ -4645,10 +5118,10 @@ CVE-2022-0937 (Stored xss in showdoc through file
upload in GitHub repository st
NOT-FOR-US: ShowDoc
CVE-2022-26954
RESERVED
-CVE-2022-26953
- RESERVED
-CVE-2022-26952
- RESERVED
+CVE-2022-26953 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer
overflo ...)
+ TODO: check
+CVE-2022-26952 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer
overflo ...)
+ TODO: check
CVE-2022-26951 (Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS
vulnerabil ...)
NOT-FOR-US: Archer
CVE-2022-26950 (Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open
redirect vu ...)
@@ -4729,16 +5202,16 @@ CVE-2022-26914
RESERVED
CVE-2022-26913
RESERVED
-CVE-2022-26912
- RESERVED
+CVE-2022-26912 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2022-26911
RESERVED
CVE-2022-26910
RESERVED
-CVE-2022-26909
- RESERVED
-CVE-2022-26908
- RESERVED
+CVE-2022-26909 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-26908 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2022-26907
RESERVED
CVE-2022-26906
@@ -4753,8 +5226,8 @@ CVE-2022-26902
RESERVED
CVE-2022-26901
RESERVED
-CVE-2022-26900
- RESERVED
+CVE-2022-26900 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2022-26899
RESERVED
CVE-2022-26898
@@ -4763,24 +5236,24 @@ CVE-2022-26897
RESERVED
CVE-2022-26896
RESERVED
-CVE-2022-26895
- RESERVED
-CVE-2022-26894
- RESERVED
+CVE-2022-26895 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-26894 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2022-26893
RESERVED
CVE-2022-26892
RESERVED
-CVE-2022-26891
- RESERVED
+CVE-2022-26891 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2022-26061
RESERVED
CVE-2022-25972
RESERVED
CVE-2022-25942
RESERVED
-CVE-2022-0935
- RESERVED
+CVE-2022-0935 (Host Header injection in password Reset in GitHub repository
livehelpe ...)
+ TODO: check
CVE-2022-26886
RESERVED
CVE-2022-26885
@@ -4890,8 +5363,7 @@ CVE-2020-36518 (jackson-databind before 2.13.0 allows a
Java StackOverflow excep
CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to
conduct spoof ...)
- node-swagger-ui <itp> (bug #871461)
- swagger-ui <itp> (bug #895422)
-CVE-2022-26850
- RESERVED
+CVE-2022-26850 (When creating or updating credentials for single-user access,
Apache N ...)
NOT-FOR-US: Apache NiFi
CVE-2022-0923 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004)
has a ...)
NOT-FOR-US: Delta Electronics
@@ -5370,20 +5842,20 @@ CVE-2022-26846 (SPIP before 3.2.14 and 4.x before 4.0.5
allows remote authentica
- spip 4.0.5-1
NOTE:
https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2
NOTE:
https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html
-CVE-2022-26676
- RESERVED
-CVE-2022-26675
- RESERVED
+CVE-2022-26676 (aEnrich a+HRD has inadequate privilege restrictions, an
unauthenticate ...)
+ TODO: check
+CVE-2022-26675 (aEnrich a+HRD has inadequate filtering for special characters
in URLs. ...)
+ TODO: check
CVE-2022-26674
RESERVED
CVE-2022-26673
RESERVED
CVE-2022-26672
RESERVED
-CVE-2022-26671
- RESERVED
-CVE-2022-26670
- RESERVED
+CVE-2022-26671 (Taiwan Secom Dr.ID Access Control system’s login page
has a hard ...)
+ TODO: check
+CVE-2022-26670 (D-Link DIR-878 has inadequate filtering for special characters
in the ...)
+ TODO: check
CVE-2022-26669
RESERVED
CVE-2022-26668
@@ -5460,8 +5932,8 @@ CVE-2022-26637
RESERVED
CVE-2022-26636
RESERVED
-CVE-2022-26635
- RESERVED
+CVE-2022-26635 (PHP-Memcached v2.2.0 and below contains an improper NULL
termination w ...)
+ TODO: check
CVE-2022-26634
RESERVED
CVE-2022-26633
@@ -5470,20 +5942,20 @@ CVE-2022-26632
RESERVED
CVE-2022-26631
RESERVED
-CVE-2022-26630
- RESERVED
+CVE-2022-26630 (Jellycms v3.8.1 and below was discovered to contain an
arbitrary file ...)
+ TODO: check
CVE-2022-26629 (An Access Control vulnerability exists in SoroushPlus+
Messenger 1.0.3 ...)
NOT-FOR-US: SoroushPlus+ Messenger
-CVE-2022-26628
- RESERVED
-CVE-2022-26627
- RESERVED
+CVE-2022-26628 (Matrimony v1.0 was discovered to contain a SQL injection
vulnerability ...)
+ TODO: check
+CVE-2022-26627 (Online Project Time Management System v1.0 was discovered to
contain a ...)
+ TODO: check
CVE-2022-26626
RESERVED
CVE-2022-26625
RESERVED
-CVE-2022-26624
- RESERVED
+CVE-2022-26624 (Bootstrap v3.1.11 and v3.3.7 was discovered to contain a
cross-site sc ...)
+ TODO: check
CVE-2022-26623
RESERVED
CVE-2022-26622
@@ -5504,10 +5976,9 @@ CVE-2022-26615 (A cross-site scripting (XSS)
vulnerability in College Website Co
NOT-FOR-US: SourceCodester Simple College Website
CVE-2022-26614
RESERVED
-CVE-2022-26613
- RESERVED
-CVE-2022-26612
- RESERVED
+CVE-2022-26613 (PHP-CMS v1.0 was discovered to contain a SQL injection
vulnerability v ...)
+ TODO: check
+CVE-2022-26612 (In Apache Hadoop, The unTar function uses unTarUsingJava
function on W ...)
- hadoop <itp> (bug #793644)
CVE-2022-26611
RESERVED
@@ -5517,12 +5988,12 @@ CVE-2022-26609
RESERVED
CVE-2022-26608
RESERVED
-CVE-2022-26607
- RESERVED
+CVE-2022-26607 (A remote code execution (RCE) vulnerability in baigo CMS
v3.0-alpha-2 ...)
+ TODO: check
CVE-2022-26606
RESERVED
-CVE-2022-26605
- RESERVED
+CVE-2022-26605 (eZiosuite v2.0.7 contains an authenticated arbitrary file
upload via t ...)
+ TODO: check
CVE-2022-26604
RESERVED
CVE-2022-26603
@@ -5549,8 +6020,8 @@ CVE-2022-26593
RESERVED
CVE-2022-26592
RESERVED
-CVE-2022-26591
- RESERVED
+CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows
unauthenticated attac ...)
+ TODO: check
CVE-2022-26590
RESERVED
CVE-2022-26589
@@ -5736,7 +6207,8 @@ CVE-2022-26504 (Improper authentication in Veeam Backup
& Replication 9.5U3,
NOT-FOR-US: Veeam
CVE-2022-26503 (Deserialization of untrusted data in Veeam Agent for Windows
2.0, 2.1, ...)
NOT-FOR-US: Veeam
-CVE-2022-26502 (**REJECT** Veeam Backup & Replication 10.x and 11.x has an
Untrust ...)
+CVE-2022-26502
+ REJECTED
NOT-FOR-US: Veeam
CVE-2022-26501 (Improper authentication in Veeam Backup & Replication
9.5U3, 9.5U4 ...)
NOT-FOR-US: Veeam
@@ -6171,38 +6643,32 @@ CVE-2022-26363
RESERVED
CVE-2022-26362
RESERVED
-CVE-2022-26361
- RESERVED
+CVE-2022-26361 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues
T[his CNA in ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-400.html
-CVE-2022-26360
- RESERVED
+CVE-2022-26360 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues
T[his CNA in ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-400.html
-CVE-2022-26359
- RESERVED
+CVE-2022-26359 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues
T[his CNA in ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-400.html
-CVE-2022-26358
- RESERVED
+CVE-2022-26358 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues
T[his CNA in ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-400.html
-CVE-2022-26357
- RESERVED
+CVE-2022-26357 (race in VT-d domain ID cleanup Xen domain IDs are up to 15
bits wide. ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-399.html
-CVE-2022-26356
- RESERVED
+CVE-2022-26356 (Racy interactions between dirty vram tracking and paging log
dirty hyp ...)
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-397.html
@@ -6504,10 +6970,10 @@ CVE-2022-26253
RESERVED
CVE-2022-26252 (aaPanel v6.8.21 was discovered to be vulnerable to directory
traversal ...)
NOT-FOR-US: aaPanel
-CVE-2022-26251
- RESERVED
-CVE-2022-26250
- RESERVED
+CVE-2022-26251 (The HTTP interface of Synaman v5.1 and below was discovered to
allow a ...)
+ TODO: check
+CVE-2022-26250 (Synaman v5.1 and below was discovered to contain weak file
permissions ...)
+ TODO: check
CVE-2022-26249 (Survey King v0.3.0 does not filter data properly when
exporting excel ...)
NOT-FOR-US: Survey King
CVE-2022-26248
@@ -7004,8 +7470,7 @@ CVE-2021-4224
RESERVED
CVE-2022-26111
RESERVED
-CVE-2022-26110 [HTCONDOR-2022-0003]
- RESERVED
+CVE-2022-26110 (An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x
before ...)
- condor <unfixed> (bug #1008634)
NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0003
NOTE:
https://github.com/htcondor/htcondor/commit/1cae7601d796725e7f5dd73fedf37f6fbbe379ca
(V8_8_16)
@@ -8248,14 +8713,14 @@ CVE-2022-0700 (The Simple Tracking WordPress plugin
before 1.7 does not sanitise
NOT-FOR-US: WordPress plugin
CVE-2022-0699
RESERVED
-CVE-2022-25597
- RESERVED
-CVE-2022-25596
- RESERVED
-CVE-2022-25595
- RESERVED
-CVE-2022-25594
- RESERVED
+CVE-2022-25597 (ASUS RT-AC86U’s LPD service has insufficient filtering
for speci ...)
+ TODO: check
+CVE-2022-25596 (ASUS RT-AC56U’s configuration function has a heap-based
buffer o ...)
+ TODO: check
+CVE-2022-25595 (ASUS RT-AC86U has improper user request handling, which allows
an unau ...)
+ TODO: check
+CVE-2022-25594 (Microprogram’s parking lot management system is
vulnerable to se ...)
+ TODO: check
CVE-2022-25593
RESERVED
CVE-2022-25592
@@ -8714,8 +9179,8 @@ CVE-2022-25375 (An issue was discovered in
drivers/usb/gadget/function/rndis.c i
NOTE:
https://git.kernel.org/linus/38ea1eac7d88072bbffb630e2b3db83ca649b826 (5.17-rc4)
CVE-2022-25374 (HashiCorp Terraform Enterprise before 202202-1 inserts
Sensitive Infor ...)
NOT-FOR-US: HashiCorp Terraform Enterprise
-CVE-2022-25373
- RESERVED
+CVE-2022-25373 (Zoho ManageEngine SupportCenter Plus before 11020 allows
Stored XSS in ...)
+ TODO: check
CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local
privilege e ...)
NOT-FOR-US: Pritunl Client
CVE-2022-0698
@@ -8821,10 +9286,10 @@ CVE-2022-25341
RESERVED
CVE-2022-25340
RESERVED
-CVE-2022-25339
- RESERVED
-CVE-2022-25338
- RESERVED
+CVE-2022-25339 (ownCloud owncloud/android 2.20 has Incorrect Access Control
for local ...)
+ TODO: check
+CVE-2022-25338 (ownCloud owncloud/android before 2.20 has Incorrect Access
Control for ...)
+ TODO: check
CVE-2022-24914
RESERVED
CVE-2022-24436
@@ -8904,8 +9369,8 @@ CVE-2022-0679 (The Narnoo Distributor WordPress plugin
through 2.5.1 fails to va
NOT-FOR-US: WordPress plugin
CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist
microweber/microwe ...)
NOT-FOR-US: microweber
-CVE-2022-0677
- RESERVED
+CVE-2022-0677 (Improper Handling of Length Parameter Inconsistency
vulnerability in t ...)
+ TODO: check
CVE-2021-4221
RESERVED
CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...)
@@ -9267,8 +9732,8 @@ CVE-2022-25271 (Drupal core's form API has a
vulnerability where certain contrib
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2022-003
NOTE:
https://git.drupalcode.org/project/drupal/-/commit/43c757167380643b5f73287a63a8739731a5b712
-CVE-2022-25245
- RESERVED
+CVE-2022-25245 (Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone
to know ...)
+ TODO: check
CVE-2022-25244 (Vault Enterprise clusters using the tokenization transform
feature can ...)
NOT-FOR-US: HashiCorp Vault
CVE-2022-25243 ("Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3
allowed the ...)
@@ -9572,8 +10037,8 @@ CVE-2022-0603 (Use after free in File Manager in Google
Chrome on Chrome OS prio
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE:
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
-CVE-2022-0602
- RESERVED
+CVE-2022-0602 (Cross-site Scripting (XSS) - DOM in GitHub repository
tastyigniter/tas ...)
+ TODO: check
CVE-2022-0601 (The Countdown, Coming Soon, Maintenance WordPress plugin before
2.2.9 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0600 (The Conference Scheduler WordPress plugin before 2.4.3 does not
saniti ...)
@@ -10020,8 +10485,8 @@ CVE-2022-24980 (An issue was discovered in the
Kitodo.Presentation (aka dif) ext
NOT-FOR-US: TYPO3 extension
CVE-2022-24979 (An issue was discovered in the Varnishcache extension before
2.0.1 for ...)
NOT-FOR-US: TYPO3 extension
-CVE-2022-24978
- RESERVED
+CVE-2022-24978 (Zoho ManageEngine ADAudit Plus before 7055 allows
authenticated Privil ...)
+ TODO: check
CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code
execution v ...)
NOT-FOR-US: ImpressCMS
CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior
to 5.3 ...)
@@ -10405,10 +10870,10 @@ CVE-2022-24824
RESERVED
CVE-2022-24823
RESERVED
-CVE-2022-24822
- RESERVED
-CVE-2022-24821
- RESERVED
+CVE-2022-24822 (Podium is a library for building micro frontends.
@podium/layout is a ...)
+ TODO: check
+CVE-2022-24821 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
CVE-2022-24820
RESERVED
CVE-2022-24819
@@ -10427,8 +10892,8 @@ CVE-2022-24813 (CreateWiki is Miraheze's MediaWiki
extension for requesting &
NOT-FOR-US: Miraheze CreateWiki
CVE-2022-24812
RESERVED
-CVE-2022-24811
- RESERVED
+CVE-2022-24811 (Combodi iTop is a web based IT Service Management tool. Prior
to versi ...)
+ TODO: check
CVE-2022-24810
RESERVED
CVE-2022-24809
@@ -10466,12 +10931,12 @@ CVE-2022-24797 (Pomerium is an identity-aware access
proxy. In distributed servi
NOT-FOR-US: Pomerium
CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for
running ...)
NOT-FOR-US: RaspberryMatic
-CVE-2022-24795
- RESERVED
+CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and
generation libra ...)
+ TODO: check
CVE-2022-24794 (Express OpenID Connect is an Express JS middleware
implementing sign o ...)
NOT-FOR-US: Express OpenID Connect
-CVE-2022-24793
- RESERVED
+CVE-2022-24793 (PJSIP is a free and open source multimedia communication
library writt ...)
+ TODO: check
CVE-2022-24792
RESERVED
CVE-2022-24791 (Wasmtime is a standalone JIT-style runtime for WebAssembly,
using Cran ...)
@@ -10487,8 +10952,8 @@ CVE-2022-24788
RESERVED
CVE-2022-24787 (Vyper is a Pythonic Smart Contract Language for the Ethereum
Virtual M ...)
NOT-FOR-US: Vyper
-CVE-2022-24786
- RESERVED
+CVE-2022-24786 (PJSIP is a free and open source multimedia communication
library writt ...)
+ TODO: check
CVE-2022-24785 (Moment.js is a JavaScript date library for parsing,
validating, manipu ...)
- node-moment <unfixed>
NOTE:
https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4
@@ -10501,8 +10966,8 @@ CVE-2022-24782 (Discourse is an open source discussion
platform. Versions 2.8.2
NOT-FOR-US: Discourse
CVE-2022-24781 (Geon is a board game based on solving questions about the
Pythagorean ...)
NOT-FOR-US: Geon
-CVE-2022-24780
- RESERVED
+CVE-2022-24780 (Combodo iTop is a web based IT Service Management tool. In
versions pr ...)
+ TODO: check
CVE-2022-24779
RESERVED
CVE-2022-24778 (The imgcrypt library provides API exensions for containerd to
support ...)
@@ -10855,8 +11320,8 @@ CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise
0.9.2 through 1.0.17, 1.1.1
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560
CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra
Collaboratio ...)
NOT-FOR-US: Zimbra
-CVE-2022-24681
- RESERVED
+CVE-2022-24681 (Zoho ManageEngine ADSelfService Plus before 6121 allows XSS
via the we ...)
+ TODO: check
CVE-2022-24680 (A security link following local privilege escalation
vulnerability in ...)
NOT-FOR-US: Trend Micro
CVE-2022-24679 (A security link following local privilege escalation
vulnerability in ...)
@@ -11335,8 +11800,8 @@ CVE-2022-24525 (Windows Update Stack Elevation of
Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-24524
RESERVED
-CVE-2022-24523
- RESERVED
+CVE-2022-24523 (Microsoft Edge (Chromium-based) Spoofing Vulnerability. ...)
+ TODO: check
CVE-2022-24522 (Skype Extension for Chrome Information Disclosure
Vulnerability. ...)
NOT-FOR-US: Skype Extension for Chrome
CVE-2022-24521
@@ -11431,8 +11896,8 @@ CVE-2022-24477
RESERVED
CVE-2022-24476
RESERVED
-CVE-2022-24475
- RESERVED
+CVE-2022-24475 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2022-24474
RESERVED
CVE-2022-24473
@@ -12351,8 +12816,8 @@ CVE-2022-24231 (Simple Student Information System v1.0
was discovered to contain
TODO: check
CVE-2022-24230
RESERVED
-CVE-2022-24229
- RESERVED
+CVE-2022-24229 (A cross-site scripting (XSS) vulnerability in ONLYOFFICE
Document Serv ...)
+ TODO: check
CVE-2022-24228
RESERVED
CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10
allows at ...)
@@ -13281,8 +13746,8 @@ CVE-2022-23976
RESERVED
CVE-2022-23975
RESERVED
-CVE-2022-23974
- RESERVED
+CVE-2022-23974 (In 0.9.3 or older versions of Apache Pinot segment upload path
allowed ...)
+ TODO: check
CVE-2022-23103
RESERVED
CVE-2022-0383 (The WP Review Slider WordPress plugin before 11.0 does not
sanitise an ...)
@@ -13319,14 +13784,14 @@ CVE-2018-25029 (The Z-Wave specification requires
that S2 security can be downgr
NOT-FOR-US: Z-Wave specification
CVE-2013-20003 (Z-Wave devices from Sierra Designs (circa 2013) and Silicon
Labs (usin ...)
NOT-FOR-US: Z-Wave devices
-CVE-2022-23973
- RESERVED
-CVE-2022-23972
- RESERVED
-CVE-2022-23971
- RESERVED
-CVE-2022-23970
- RESERVED
+CVE-2022-23973 (ASUS RT-AX56U’s user profile configuration function is
vulnerabl ...)
+ TODO: check
+CVE-2022-23972 (ASUS RT-AX56U’s SQL handling function has an SQL
injection vulne ...)
+ TODO: check
+CVE-2022-23971 (ASUS RT-AX56U’s update_PLC/PORT file has a path
traversal vulner ...)
+ TODO: check
+CVE-2022-23970 (ASUS RT-AX56U’s update_json function has a path
traversal vulner ...)
+ TODO: check
CVE-2022-23969
RESERVED
CVE-2022-23968 (Xerox VersaLink devices on specific versions of firmware
before 2022-0 ...)
@@ -13582,8 +14047,8 @@ CVE-2022-23901 (A stack overflow re2c 2.2 exists due to
infinite recursion issue
NOTE:
https://github.com/skvadrik/re2c/commit/a3473fd7be829cb33907cb08612f955133c70a96
(3.0)
NOTE:
https://github.com/skvadrik/re2c/commit/039c18949190c5de5397eba504d2c75dad2ea9ca
(3.0)
NOTE: Crash im CLI tool, no security impact
-CVE-2022-23900
- RESERVED
+CVE-2022-23900 (A command injection vulnerability in the API of the Wavlink
WL-WN531P3 ...)
+ TODO: check
CVE-2022-23899 (MCMS v5.2.5 was discovered to contain a SQL injection
vulnerability vi ...)
NOT-FOR-US: MCMS
CVE-2022-23898 (MCMS v5.2.5 was discovered to contain a SQL injection
vulnerability vi ...)
@@ -13924,10 +14389,10 @@ CVE-2021-46439
REJECTED
CVE-2021-46438
RESERVED
-CVE-2021-46437
- RESERVED
-CVE-2021-46436
- RESERVED
+CVE-2021-46437 (An issue was discovered in ZZCMS 2021. There is a cross-site
scripting ...)
+ TODO: check
+CVE-2021-46436 (An issue was discovered in ZZCMS 2021. There is a SQL
injection vulner ...)
+ TODO: check
CVE-2021-46435
RESERVED
CVE-2021-46434 (** UNSUPPORTED WHEN ASSIGNED ** EMQ X Dashboard V3.0.0 is
affected by ...)
@@ -13960,14 +14425,14 @@ CVE-2021-46421
RESERVED
CVE-2021-46420
RESERVED
-CVE-2021-46419
- RESERVED
-CVE-2021-46418
- RESERVED
-CVE-2021-46417
- RESERVED
-CVE-2021-46416
- RESERVED
+CVE-2021-46419 (An unauthorized file deletion vulnerability in Telesquare
TLR-2855KS6 ...)
+ TODO: check
+CVE-2021-46418 (An unauthorized file creation vulnerability in Telesquare
TLR-2855KS6 ...)
+ TODO: check
+CVE-2021-46417 (Insecure handling of a download function leads to disclosure
of intern ...)
+ TODO: check
+CVE-2021-46416 (Insecure direct object reference in SUNNY TRIPOWER 5.0
Firmware versio ...)
+ TODO: check
CVE-2021-46415
RESERVED
CVE-2021-46414
@@ -15098,8 +15563,8 @@ CVE-2022-23448
RESERVED
CVE-2022-23447
RESERVED
-CVE-2022-23446
- RESERVED
+CVE-2022-23446 (A improper control of a resource through its lifetime in
Fortinet Fort ...)
+ TODO: check
CVE-2022-23445
RESERVED
CVE-2022-23444
@@ -15108,10 +15573,10 @@ CVE-2022-23443
RESERVED
CVE-2022-23442
RESERVED
-CVE-2022-23441
- RESERVED
-CVE-2022-23440
- RESERVED
+CVE-2022-23441 (A use of hard-coded cryptographic key vulnerability [CWE-321]
in Forti ...)
+ TODO: check
+CVE-2022-23440 (A use of hard-coded cryptographic key vulnerability [CWE-321]
in the r ...)
+ TODO: check
CVE-2022-23439
RESERVED
CVE-2022-23438
@@ -15615,8 +16080,8 @@ CVE-2021-46369
RESERVED
CVE-2021-46368 (TRIGONE Remote System Monitor 3.61 is vulnerable to an
unquoted path s ...)
NOT-FOR-US: TRIGONE Remote System Monitor
-CVE-2021-46367
- RESERVED
+CVE-2021-46367 (RiteCMS version 3.1.0 and below suffers from a remote code
execution v ...)
+ TODO: check
CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below
allows att ...)
NOT-FOR-US: Magnolia CMS
CVE-2021-46365 (An issue in the Export function of Magnolia v6.2.3 and below
allows at ...)
@@ -15798,6 +16263,7 @@ CVE-2022-23310
CVE-2022-23309
RESERVED
CVE-2022-23308 (valid.c in libxml2 before 2.9.13 has a use-after-free of ID
and IDREF ...)
+ {DLA-2972-1}
- libxml2 2.9.13+dfsg-1 (bug #1006489)
[bullseye] - libxml2 2.9.10+dfsg-6.7+deb11u1
[buster] - libxml2 2.9.4+dfsg1-7+deb10u3
@@ -18355,6 +18821,7 @@ CVE-2022-22638 (A null pointer dereference was
addressed with improved validatio
NOT-FOR-US: Apple
CVE-2022-22637 [A logic issue was addressed with improved state management]
RESERVED
+ {DSA-5061-1 DSA-5060-1}
- webkit2gtk 2.34.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.4-1
@@ -18375,12 +18842,14 @@ CVE-2022-22630
RESERVED
CVE-2022-22629 [A buffer overflow issue was addressed with improved memory
handling]
RESERVED
+ {DSA-5116-1 DSA-5115-1}
- webkit2gtk 2.36.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.36.0-2
NOTE: https://webkitgtk.org/security/WSA-2022-0004.html
CVE-2022-22628 [A use after free issue was addressed with improved memory
management]
RESERVED
+ {DSA-5116-1 DSA-5115-1}
- webkit2gtk 2.36.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.36.0-2
@@ -18393,11 +18862,13 @@ CVE-2022-22625 (An out-of-bounds read was addressed
with improved input validati
NOT-FOR-US: Apple
CVE-2022-22624 [A use after free issue was addressed with improved memory
management]
RESERVED
+ {DSA-5116-1 DSA-5115-1}
- webkit2gtk 2.36.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.36.0-2
NOTE: https://webkitgtk.org/security/WSA-2022-0004.html
-CVE-2022-22623 (Multiple issues were addressed by updating to curl version
7.79.1. Thi ...)
+CVE-2022-22623
+ REJECTED
NOT-FOR-US: Apple
CVE-2022-22622 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
@@ -18799,20 +19270,20 @@ CVE-2022-22521
RESERVED
CVE-2022-22520
RESERVED
-CVE-2022-22519
- RESERVED
-CVE-2022-22518
- RESERVED
-CVE-2022-22517
- RESERVED
-CVE-2022-22516
- RESERVED
-CVE-2022-22515
- RESERVED
-CVE-2022-22514
- RESERVED
-CVE-2022-22513
- RESERVED
+CVE-2022-22519 (A remote, authenticated attacker can send a specific crafted
HTTP or H ...)
+ TODO: check
+CVE-2022-22518 (A bug in CmpUserMgr component can lead to only partially
applied secur ...)
+ TODO: check
+CVE-2022-22517 (An unauthenticated, remote attacker can disrupt existing
communication ...)
+ TODO: check
+CVE-2022-22516 (The SysDrv3S driver in the CODESYS Control runtime system on
Microsoft ...)
+ TODO: check
+CVE-2022-22515 (A remote, unauthenticated attacker could utilize the control
programme ...)
+ TODO: check
+CVE-2022-22514 (An authenticated, remote attacker can gain access to a
dereferenced po ...)
+ TODO: check
+CVE-2022-22513 (An authenticated remote attacker can cause a null pointer
dereference ...)
+ TODO: check
CVE-2022-22512
RESERVED
CVE-2022-22511 (Various configuration pages of the device are vulnerable to
reflected ...)
@@ -19017,8 +19488,8 @@ CVE-2022-22412
RESERVED
CVE-2022-22411
RESERVED
-CVE-2022-22410
- RESERVED
+CVE-2022-22410 (IBM Watson Query with Cloud Pak for Data as a Service could
allow an a ...)
+ TODO: check
CVE-2022-22409
RESERVED
CVE-2022-22408
@@ -19125,10 +19596,10 @@ CVE-2022-22358
RESERVED
CVE-2022-22357
RESERVED
-CVE-2022-22356
- RESERVED
-CVE-2022-22355
- RESERVED
+CVE-2022-22356 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to
enumera ...)
+ TODO: check
+CVE-2022-22355 (IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial
of serv ...)
+ TODO: check
CVE-2022-22354 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM
Spectrum C ...)
NOT-FOR-US: IBM
CVE-2022-22353 (IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and
7.2.3 c ...)
@@ -19159,8 +19630,8 @@ CVE-2022-22341
RESERVED
CVE-2022-22340
RESERVED
-CVE-2022-22339
- RESERVED
+CVE-2022-22339 (IBM Planning Analytics 2.0 is vulnerable to server-side
request forger ...)
+ TODO: check
CVE-2022-22338
RESERVED
CVE-2022-22337
@@ -22916,12 +23387,10 @@ CVE-2022-21935
RESERVED
CVE-2022-21934
RESERVED
-CVE-2021-45104
- RESERVED
+CVE-2021-45104 (An issue was discovered in HTCondor 9.0.x before 9.0.10 and
9.1.x befo ...)
- condor <not-affected> (Vulnerable code introduced later)
NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0002
-CVE-2021-45103
- RESERVED
+CVE-2021-45103 (An issue was discovered in HTCondor 9.0.x before 9.0.10 and
9.1.x befo ...)
- condor <not-affected> (Vulnerable code introduced later)
NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0001
CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and
9.1.x befor ...)
@@ -26043,8 +26512,8 @@ CVE-2021-44171
RESERVED
CVE-2021-44170
RESERVED
-CVE-2021-44169
- RESERVED
+CVE-2021-44169 (A improper initialization in Fortinet FortiClient (Windows)
version 6. ...)
+ TODO: check
CVE-2021-44168 (A download of code without integrity check vulnerability in
the "execu ...)
NOT-FOR-US: FortiGuard
CVE-2021-44167
@@ -29114,8 +29583,8 @@ CVE-2021-3933 (An integer overflow could occur when
OpenEXR processes a crafted
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019783
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912
NOTE: Fixed by:
https://github.com/AcademySoftwareFoundation/openexr/commit/5a0adf1aba7d41c6b94ba167c0c4308d2eecfd17
-CVE-2021-43521
- RESERVED
+CVE-2021-43521 (A Buffer Overflow vulnerability exists in zlog 1.2.15 via
zlog_conf_bu ...)
+ TODO: check
CVE-2021-43520
RESERVED
CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter
5.1.0~5.4.4 a ...)
@@ -29145,12 +29614,12 @@ CVE-2021-43518 (Teeworlds up to and including 0.7.5
is vulnerable to Buffer Over
NOTE: https://github.com/teeworlds/teeworlds/pull/3018
NOTE:
https://github.com/teeworlds/teeworlds/commit/91e5492d4c210f82f1ca6b43a73417fef5463368
NOTE: https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/
-CVE-2021-43517
- RESERVED
+CVE-2021-43517 (FOSCAM Camera FI9805E with firmware
V4.02.R12.00018510.10012.143900.00 ...)
+ TODO: check
CVE-2021-43516
RESERVED
-CVE-2021-43515
- RESERVED
+CVE-2021-43515 (A CSV Injection vulnerablity exists in Kimai Kimai 2 > 1.14
via a d ...)
+ TODO: check
CVE-2021-43514
RESERVED
CVE-2021-43513
@@ -29173,8 +29642,8 @@ CVE-2021-43505 (Multiple Cross Site Scripting (XSS)
vulnerabilities exist in Sso
NOT-FOR-US: Sourcecodester Simple Client Management System
CVE-2021-43504
RESERVED
-CVE-2021-43503
- RESERVED
+CVE-2021-43503 (A Remote Code Execution (RCE) vulnerability exists in h
laravel 5.8.38 ...)
+ TODO: check
CVE-2021-43502
RESERVED
CVE-2021-43501
@@ -29183,8 +29652,8 @@ CVE-2021-43500
RESERVED
CVE-2021-43499
RESERVED
-CVE-2021-43498
- RESERVED
+CVE-2021-43498 (An Access Control vulnerability exists in ATutor 2.2.4 in
password_rem ...)
+ TODO: check
CVE-2021-43497
RESERVED
CVE-2021-43496 (Clustering master branch as of commit
53e663e259bcfc8cdecb56c0bb255bd7 ...)
@@ -29213,8 +29682,8 @@ CVE-2021-43485
RESERVED
CVE-2021-43484 (A Remote Code Execution (RCE) vulnerability exists in Simple
Client Ma ...)
NOT-FOR-US: Sourcecodester Simple Client Management System
-CVE-2021-43483
- RESERVED
+CVE-2021-43483 (An Access Control vulnerability exists in CLARO KAON CG3000
1.00.67 in ...)
+ TODO: check
CVE-2021-43482
RESERVED
CVE-2021-43481
@@ -29231,8 +29700,8 @@ CVE-2021-43476
RESERVED
CVE-2021-43475
RESERVED
-CVE-2021-43474
- RESERVED
+CVE-2021-43474 (An Access Control vulnerability exists in D-Link DIR-823G
REVA1 1.02B0 ...)
+ TODO: check
CVE-2021-43473
RESERVED
CVE-2021-43472
@@ -29275,8 +29744,8 @@ CVE-2021-43455 (An Unquoted Service Path vulnerability
exists in FreeLAN 2.2 via
NOTE: https://www.exploit-db.com/exploits/49630
CVE-2021-43454 (An Unquoted Service Path vulnerability exists in AnyTXT
Searcher 1.2.3 ...)
NOT-FOR-US: AnyTXT Searcher for Windows
-CVE-2021-43453
- RESERVED
+CVE-2021-43453 (A Heap-based Buffer Overflow vulnerability exists in
JerryScript 2.4.0 ...)
+ TODO: check
CVE-2021-43452
RESERVED
CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee
Record Manag ...)
@@ -29317,14 +29786,14 @@ CVE-2021-43434
RESERVED
CVE-2021-43433
RESERVED
-CVE-2021-43432
- RESERVED
+CVE-2021-43432 (A Cross Site Scripting (XSS) vulnerability exists in Exrick
XMall Admi ...)
+ TODO: check
CVE-2021-43431
RESERVED
-CVE-2021-43430
- RESERVED
-CVE-2021-43429
- RESERVED
+CVE-2021-43430 (An Access Control vulnerability exists in BigAntSoft BigAnt
office mes ...)
+ TODO: check
+CVE-2021-43429 (A Denial of Service vulnerability exists in CORTX-S3 Server as
of 11/7 ...)
+ TODO: check
CVE-2021-43428
RESERVED
CVE-2021-43427
@@ -29339,8 +29808,8 @@ CVE-2021-43423
RESERVED
CVE-2021-43422
RESERVED
-CVE-2021-43421
- RESERVED
+CVE-2021-43421 (A File Upload vulnerability exists in Studio-42 elFinder 2.0.4
to 2.1. ...)
+ TODO: check
CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester
Online Paym ...)
NOT-FOR-US: Sourcecodester
CVE-2021-43419
@@ -30472,14 +30941,14 @@ CVE-2022-20786
RESERVED
CVE-2022-20785
RESERVED
-CVE-2022-20784
- RESERVED
+CVE-2022-20784 (A vulnerability in the Web-Based Reputation Score (WBRS)
engine of Cis ...)
+ TODO: check
CVE-2022-20783
RESERVED
-CVE-2022-20782
- RESERVED
-CVE-2022-20781
- RESERVED
+CVE-2022-20782 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2022-20781 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
+ TODO: check
CVE-2022-20780
RESERVED
CVE-2022-20779
@@ -30492,8 +30961,8 @@ CVE-2022-20776
RESERVED
CVE-2022-20775
RESERVED
-CVE-2022-20774
- RESERVED
+CVE-2022-20774 (A vulnerability in the web-based management interface of Cisco
IP Phon ...)
+ TODO: check
CVE-2022-20773
RESERVED
CVE-2022-20772
@@ -30514,10 +30983,10 @@ CVE-2022-20765
RESERVED
CVE-2022-20764
RESERVED
-CVE-2022-20763
- RESERVED
-CVE-2022-20762
- RESERVED
+CVE-2022-20763 (A vulnerability in the login authorization components of Cisco
Webex M ...)
+ TODO: check
+CVE-2022-20762 (A vulnerability in the Common Execution Environment (CEE)
ConfD CLI of ...)
+ TODO: check
CVE-2022-20761
RESERVED
CVE-2022-20760
@@ -30528,12 +30997,12 @@ CVE-2022-20758
RESERVED
CVE-2022-20757
RESERVED
-CVE-2022-20756
- RESERVED
-CVE-2022-20755
- RESERVED
-CVE-2022-20754
- RESERVED
+CVE-2022-20756 (A vulnerability in the RADIUS feature of Cisco Identity
Services Engin ...)
+ TODO: check
+CVE-2022-20755 (Multiple vulnerabilities in the API and web-based management
interface ...)
+ TODO: check
+CVE-2022-20754 (Multiple vulnerabilities in the API and web-based management
interface ...)
+ TODO: check
CVE-2022-20753
RESERVED
CVE-2022-20752
@@ -30558,8 +31027,8 @@ CVE-2022-20743
RESERVED
CVE-2022-20742
RESERVED
-CVE-2022-20741
- RESERVED
+CVE-2022-20741 (A vulnerability in the web-based management interface of the
Network D ...)
+ TODO: check
CVE-2022-20740
RESERVED
CVE-2022-20739
@@ -30695,8 +31164,8 @@ CVE-2022-20677
RESERVED
CVE-2022-20676
RESERVED
-CVE-2022-20675
- RESERVED
+CVE-2022-20675 (A vulnerability in the TCP/IP stack of Cisco Email Security
Appliance ...)
+ TODO: check
CVE-2022-20674
RESERVED
CVE-2022-20673
@@ -30715,8 +31184,8 @@ CVE-2022-20667
RESERVED
CVE-2022-20666
RESERVED
-CVE-2022-20665
- RESERVED
+CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an
authenticate ...)
+ TODO: check
CVE-2022-20664
RESERVED
CVE-2022-20663
@@ -30905,8 +31374,8 @@ CVE-2021-43207 (Windows Common Log File System Driver
Elevation of Privilege Vul
NOT-FOR-US: Microsoft
CVE-2021-43206
RESERVED
-CVE-2021-43205
- RESERVED
+CVE-2021-43205 (An exposure of sensitive information to an unauthorized actor
vulnerab ...)
+ TODO: check
CVE-2021-43204 (A improper control of a resource through its lifetime in
Fortinet Fort ...)
NOT-FOR-US: FortiGuard
CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
...)
@@ -31071,8 +31540,8 @@ CVE-2021-43140 (SQL Injection vulnerability exists in
Sourcecodester. Simple Sub
NOT-FOR-US: Sourcecodester
CVE-2021-43139
RESERVED
-CVE-2021-43138
- RESERVED
+CVE-2021-43138 (A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2)
, which ...)
+ TODO: check
CVE-2021-43137 (Cross-Site Scripting (XSS) and Cross-Site Request Forgery
(CSRF) vulne ...)
NOT-FOR-US: hostel management system
CVE-2021-43136 (An authentication bypass issue in FormaLMS <= 2.4.4 allows
an attac ...)
@@ -35731,10 +36200,10 @@ CVE-2021-41754
RESERVED
CVE-2021-41753 (A denial-of-service attack in WPA2, and WPA3-SAE
authentication method ...)
NOT-FOR-US: D-Link
-CVE-2021-41752
- RESERVED
-CVE-2021-41751
- RESERVED
+CVE-2021-41752 (Stack overflow vulnerability in Jerryscript before commit
e1ce7dd72712 ...)
+ TODO: check
+CVE-2021-41751 (Buffer overflow vulnerability in file
ecma-builtin-array-prototype.c:9 ...)
+ TODO: check
CVE-2021-41750
RESERVED
CVE-2021-41749
@@ -35816,8 +36285,8 @@ CVE-2021-41717
RESERVED
CVE-2021-41716 (Maharashtra State Electricity Board Mahavitara Android
Application 8.2 ...)
NOT-FOR-US: Maharashtra State Electricity Board Mahavitara Android
Application
-CVE-2021-41715
- RESERVED
+CVE-2021-41715 (libsixel 1.10.0 is vulnerable to Use after free in
libsixel/src/dither ...)
+ TODO: check
CVE-2021-41714
RESERVED
CVE-2021-41713
@@ -36915,8 +37384,8 @@ CVE-2021-41247 (JupyterHub is an open source multi-user
server for Jupyter noteb
NOTE:
https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
CVE-2021-41246 (Express OpenID Connect is express JS middleware implementing
sign on f ...)
NOT-FOR-US: Express OpenID Connect
-CVE-2021-41245
- RESERVED
+CVE-2021-41245 (Combodo iTop is a web based IT Service Management tool. In
versions pr ...)
+ TODO: check
CVE-2021-41244 (Grafana is an open-source platform for monitoring and
observability. I ...)
- grafana <removed>
CVE-2021-41243 (There is a Potential Zip Slip Vulnerability and OS Command
Injection V ...)
@@ -37517,8 +37986,8 @@ CVE-2021-41028 (A combination of a use of hard-coded
cryptographic key vulnerabi
NOT-FOR-US: FortiGuard
CVE-2021-41027 (A stack-based buffer overflow in Fortinet FortiWeb version
6.4.1 and 6 ...)
NOT-FOR-US: FortiGuard
-CVE-2021-41026
- RESERVED
+CVE-2021-41026 (A relative path traversal in FortiWeb versions 6.4.1, 6.4.0,
and 6.3.0 ...)
+ TODO: check
CVE-2021-41025 (Multiple vulnerabilities in the authentication mechanism of
confd in F ...)
NOT-FOR-US: FortiGuard
CVE-2021-41024 (A relative path traversal [CWE-23] vulnerabiltiy in FortiOS
versions 7 ...)
@@ -38402,8 +38871,8 @@ CVE-2021-40658
RESERVED
CVE-2021-40657
RESERVED
-CVE-2021-40656
- RESERVED
+CVE-2021-40656 (libsixel before 1.10 is vulnerable to Buffer Overflow in
libsixel/src/ ...)
+ TODO: check
CVE-2021-40655 (An informtion disclosure issue exists in D-LINK-DIR-605 B2
Firmware Ve ...)
NOT-FOR-US: D-Link
CVE-2021-40654 (An information disclosure issue exist in D-LINK-DIR-615 B2
2.01mt. An ...)
@@ -39135,10 +39604,10 @@ CVE-2021-40377 (SmarterTools SmarterMail 16.x before
build 7866 has stored XSS.
NOT-FOR-US: SmarterTools
CVE-2021-40376 (otris Update Manager 1.2.1.0 allows local users to achieve
SYSTEM acce ...)
NOT-FOR-US: otris Update Manager
-CVE-2021-40375
- RESERVED
-CVE-2021-40374
- RESERVED
+CVE-2021-40375 (Apperta Foundation OpenEyes 3.5.1 allows remote attackers to
view the ...)
+ TODO: check
+CVE-2021-40374 (A stored cross-site scripting (XSS) vulnerability was
identified in Ap ...)
+ TODO: check
CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by
entering PHP c ...)
NOT-FOR-US: playSMS
CVE-2021-40372
@@ -49455,8 +49924,8 @@ CVE-2021-36204
RESERVED
CVE-2021-36203
RESERVED
-CVE-2021-36202
- RESERVED
+CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson
Controls M ...)
+ TODO: check
CVE-2021-36201
RESERVED
CVE-2021-36200
@@ -55849,7 +56318,7 @@ CVE-2021-33529 (In Weidmueller Industrial WLAN devices
in multiple versions the
NOT-FOR-US: Weidmueller Industrial WLAN devices
CVE-2021-33528 (In Weidmueller Industrial WLAN devices in multiple versions an
exploit ...)
NOT-FOR-US: Weidmueller Industrial WLAN devices
-CVE-2021-33527 (In MB connect line mbDIALUP versions <= 3.9R0.0 a low
privileged lo ...)
+CVE-2021-33527 (In MB connect line mbDIALUP versions <= 3.9R0.0 a remote
attacker c ...)
NOT-FOR-US: MB connect line
CVE-2021-33526 (In MB connect line mbDIALUP versions <= 3.9R0.0 a low
privileged lo ...)
NOT-FOR-US: MB connect line
@@ -58254,8 +58723,8 @@ CVE-2021-32595 (Multiple uncontrolled resource
consumption vulnerabilities in th
NOT-FOR-US: Fortiguard
CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface
of Fort ...)
NOT-FOR-US: FortiPortal
-CVE-2021-32593
- RESERVED
+CVE-2021-32593 (A use of a broken or risky cryptographic algorithm
vulnerability [CWE- ...)
+ TODO: check
CVE-2021-32592 (An unsafe search path vulnerability in FortiClientWindows
7.0.0, 6.4.6 ...)
NOT-FOR-US: FortiGuard
CVE-2021-32591 (A missing cryptographic steps vulnerability in the function
that encry ...)
@@ -58270,8 +58739,8 @@ CVE-2021-32587 (An improper access control
vulnerability in FortiManager and For
NOT-FOR-US: Fortiguard
CVE-2021-32586 (An improper input validation vulnerability in the web server
CGI facil ...)
NOT-FOR-US: FortiGuard
-CVE-2021-32585
- RESERVED
+CVE-2021-32585 (An improper neutralization of input during web page generation
vulnera ...)
+ TODO: check
CVE-2021-32584
RESERVED
CVE-2021-32583
@@ -64000,8 +64469,8 @@ CVE-2021-30498 (A flaw was found in libcaca. A heap
buffer overflow in export.c
[buster] - libcaca <no-dsa> (Minor issue)
[stretch] - libcaca <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://github.com/cacalabs/libcaca/issues/53
-CVE-2021-30497
- RESERVED
+CVE-2021-30497 (Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated
users t ...)
+ TODO: check
CVE-2021-30496 (The Telegram app 7.6.2 for iOS allows remote authenticated
users to ca ...)
NOT-FOR-US: Telegram for iOS
CVE-2021-30495
@@ -65102,8 +65571,8 @@ CVE-2021-30082 (An issue was discovered in Gris CMS
v0.1. There is a Persistent
NOT-FOR-US: Gris CMS
CVE-2021-30081 (An issue was discovered in emlog 6.0.0stable. There is a SQL
Injection ...)
NOT-FOR-US: emlog
-CVE-2021-30080
- RESERVED
+CVE-2021-30080 (An issue was discovered in the route lookup process in beego
through 2 ...)
+ TODO: check
CVE-2021-30079
RESERVED
CVE-2021-30078
@@ -69303,8 +69772,8 @@ CVE-2021-28430
RESERVED
CVE-2021-28429
RESERVED
-CVE-2021-28428
- RESERVED
+CVE-2021-28428 (File upload vulnerability in HorizontCMS before 1.0.0-beta.3
via uploa ...)
+ TODO: check
CVE-2021-28427
RESERVED
CVE-2021-28426
@@ -72443,10 +72912,10 @@ CVE-2021-27119
RESERVED
CVE-2021-27118
RESERVED
-CVE-2021-27117
- RESERVED
-CVE-2021-27116
- RESERVED
+CVE-2021-27117 (An issue was discovered in file profile.go in function
GetCPUProfile i ...)
+ TODO: check
+CVE-2021-27116 (An issue was discovered in file profile.go in function MemProf
in beeg ...)
+ TODO: check
CVE-2021-27115
RESERVED
CVE-2021-27114 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices.
Within ...)
@@ -75058,16 +75527,16 @@ CVE-2021-26117 (The optional ActiveMQ LDAP login
module can be configured to use
NOTE: https://issues.apache.org/jira/browse/AMQ-8035
NOTE: https://www.openwall.com/lists/oss-security/2021/01/27/6
NOTE:
https://gitbox.apache.org/repos/asf?p=activemq.git;h=c9f68f4c64b2687eee283b95538753665d2b229b
-CVE-2021-26116
- RESERVED
+CVE-2021-26116 (An improper neutralization of special elements used in an OS
command v ...)
+ TODO: check
CVE-2021-26115
RESERVED
-CVE-2021-26114
- RESERVED
-CVE-2021-26113
- RESERVED
-CVE-2021-26112
- RESERVED
+CVE-2021-26114 (Multiple improper neutralization of special elements used in
an SQL co ...)
+ TODO: check
+CVE-2021-26113 (A use of a one-way hash with a predictable salt vulnerability
[CWE-760 ...)
+ TODO: check
+CVE-2021-26112 (Multiple stack-based buffer overflow vulnerabilities [CWE-121]
both in ...)
+ TODO: check
CVE-2021-26111 (A missing release of memory after effective lifetime
vulnerability in ...)
NOT-FOR-US: Fortiguard
CVE-2021-26110 (An improper access control vulnerability [CWE-284] in FortiOS
autod da ...)
@@ -75082,8 +75551,8 @@ CVE-2021-26106 (An improper neutralization of special
elements used in an OS Com
NOT-FOR-US: Fortiguard
CVE-2021-26105
RESERVED
-CVE-2021-26104
- RESERVED
+CVE-2021-26104 (Multiple OS command injection (CWE-78) vulnerabilities in the
command ...)
+ TODO: check
CVE-2021-26103 (An insufficient verification of data authenticity
vulnerability (CWE-3 ...)
NOT-FOR-US: FortiGuard
CVE-2021-26102
@@ -79994,8 +80463,8 @@ CVE-2021-24011 (A privilege escalation vulnerability in
FortiNAC version below 8
NOT-FOR-US: Fortiguard
CVE-2021-24010 (Improper limitation of a pathname to a restricted directory
vulnerabil ...)
NOT-FOR-US: FortiSandbox
-CVE-2021-24009
- RESERVED
+CVE-2021-24009 (Multiple improper neutralization of special elements used in
an OS com ...)
+ TODO: check
CVE-2021-24008
RESERVED
CVE-2021-24007 (Multiple improper neutralization of special elements of SQL
commands v ...)
@@ -84529,8 +84998,8 @@ CVE-2021-22129 (Multiple instances of incorrect
calculation of buffer size in th
NOT-FOR-US: Fortiguard
CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN
portal ...)
NOT-FOR-US: FortiProxy SSL VPN portal
-CVE-2021-22127
- RESERVED
+CVE-2021-22127 (An improper input validation vulnerability in FortiClient for
Linux 6. ...)
+ TODO: check
CVE-2021-22126
RESERVED
CVE-2021-22125 (An instance of improper neutralization of special elements in
the snif ...)
@@ -96038,8 +96507,8 @@ CVE-2020-29015 (A blind SQL injection in the user
interface of FortiWeb 6.3.0 th
NOT-FOR-US: Fortiguard
CVE-2020-29014 (A concurrent execution using shared resource with improper
synchroniza ...)
NOT-FOR-US: Fortiguard
-CVE-2020-29013
- RESERVED
+CVE-2020-29013 (An improper input validation vulnerability in the sniffer
interface of ...)
+ TODO: check
CVE-2020-29012 (An insufficient session expiration vulnerability in
FortiSandbox versi ...)
NOT-FOR-US: FortiGuard
CVE-2020-29011 (Instances of SQL Injection vulnerabilities in the checksum
search and ...)
@@ -96495,8 +96964,8 @@ CVE-2020-28849
RESERVED
CVE-2020-28848
RESERVED
-CVE-2020-28847
- RESERVED
+CVE-2020-28847 (Cross Site Scripting (XSS) vulnerability in xCss Valine
v1.4.14 via th ...)
+ TODO: check
CVE-2020-28846 (Cross Site Request Forgery (CSRF) vulnerability exists in
SeaCMS 10.7 ...)
NOT-FOR-US: SeaCMS
CVE-2020-28845 (A CSV injection vulnerability in the Admin portal for Netskope
75.0 al ...)
@@ -103613,14 +104082,14 @@ CVE-2020-27378
RESERVED
CVE-2020-27377 (A cross-site scripting (XSS) vulnerability was discovered in
the Admin ...)
NOT-FOR-US: CMS Made Simple
-CVE-2020-27376
- RESERVED
-CVE-2020-27375
- RESERVED
-CVE-2020-27374
- RESERVED
-CVE-2020-27373
- RESERVED
+CVE-2020-27376 (Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version
1.2.1 is ...)
+ TODO: check
+CVE-2020-27375 (Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version
1.2.1 is ...)
+ TODO: check
+CVE-2020-27374 (Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is
vulnera ...)
+ TODO: check
+CVE-2020-27373 (Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is
vulnera ...)
+ TODO: check
CVE-2020-27372 (A buffer overflow vulnerability exists in Brandy Basic V
Interpreter 1 ...)
- brandy <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/brandy/bugs/10/
@@ -113137,8 +113606,8 @@ CVE-2020-23351
RESERVED
CVE-2020-23350
RESERVED
-CVE-2020-23349
- RESERVED
+CVE-2020-23349 (An intent redirection issue was doscovered in Sina Weibo
Android SDK 4 ...)
+ TODO: check
CVE-2020-23348
RESERVED
CVE-2020-23347
@@ -115451,8 +115920,8 @@ CVE-2020-22255
RESERVED
CVE-2020-22254
RESERVED
-CVE-2020-22253
- RESERVED
+CVE-2020-22253 (Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS,
AHB7804R- ...)
+ TODO: check
CVE-2020-22252
RESERVED
CVE-2020-22251 (Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via
the logi ...)
@@ -121971,8 +122440,8 @@ CVE-2020-19231
RESERVED
CVE-2020-19230
RESERVED
-CVE-2020-19229
- RESERVED
+CVE-2020-19229 (Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by
CVE-2016 ...)
+ TODO: check
CVE-2020-19228
RESERVED
CVE-2020-19227
@@ -160379,8 +160848,8 @@ CVE-2020-4670 (IBM Planning Analytics Local 2.0
connects to a Redis server. The
NOT-FOR-US: IBM
CVE-2020-4669 (IBM Planning Analytics Local 2.0 connects to a MongoDB server.
MongoDB ...)
NOT-FOR-US: IBM
-CVE-2020-4668
- RESERVED
+CVE-2020-4668 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.0.3.5, ...)
+ TODO: check
CVE-2020-4667 (IBM Engineering Requirements Quality Assistant On-Premises
could allow ...)
NOT-FOR-US: IBM
CVE-2020-4666 (IBM Engineering Requirements Quality Assistant On-Premises is
vulnerab ...)
@@ -284427,7 +284896,7 @@ CVE-2016-10700 (auth_login.php in Cacti before 1.0.0
allows remote authenticated
NOTE:
https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846
NOTE: Fix for the incomplete fix for CVE-2016-2313
CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite
recursion i ...)
- {DLA-1194-1}
+ {DLA-2972-1 DLA-1194-1}
[experimental] - libxml2 2.9.7+dfsg-1
- libxml2 2.9.10+dfsg-2 (bug #882613)
[buster] - libxml2 <ignored> (Minor issue; too intrusive to backport)
@@ -318527,6 +318996,7 @@ CVE-2017-5970 (The ipv4_pktinfo_prepare function in
net/ipv4/ip_sockglue.c in th
NOTE: Fixed by:
https://github.com/torvalds/linux/commit/34b2cef20f19c87999fff3da4071e66937db9644
(v4.10-rc8)
NOTE: Introduced by:
https://github.com/torvalds/linux/commit/f84af32cbca70a3c6d30463dc08c7984af11c277
(v2.6.35-rc1)
CVE-2017-5969 (** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows
remote ...)
+ {DLA-2972-1}
- libxml2 2.9.4+dfsg1-5.1 (bug #855001)
[jessie] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when
using recover mode)
[wheezy] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when
using recover mode)
@@ -321702,7 +322172,7 @@ CVE-2017-5131 (An integer overflow in Skia in Google
Chrome prior to 62.0.3202.6
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5130 (An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as
used in ...)
- {DLA-1188-1}
+ {DLA-2972-1 DLA-1188-1}
- libxml2 2.9.4+dfsg1-5.1 (bug #880000)
[jessie] - libxml2 <no-dsa> (Minor issue)
- chromium-browser 62.0.3202.75-1 (unimportant)
@@ -335634,6 +336104,7 @@ CVE-2016-9320
CVE-2016-9319 (There is Missing SSL Certificate Validation in the Trend Micro
Enterpr ...)
NOT-FOR-US: Trend Micro
CVE-2016-9318 (libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier
and ot ...)
+ {DLA-2972-1}
[experimental] - libxml2 2.9.8+dfsg-1
- libxml2 2.9.10+dfsg-2 (bug #844581)
[buster] - libxml2 <ignored> (Minor issue; intrusive to backport)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d7ead13ecb40a53b9a6608cbf530c5e2a2223b2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d7ead13ecb40a53b9a6608cbf530c5e2a2223b2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
