Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d87ed895 by security tracker role at 2022-07-13T08:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-35740
+ RESERVED
+CVE-2022-35739
+ RESERVED
+CVE-2022-35738
+ RESERVED
+CVE-2022-35737
+ RESERVED
+CVE-2022-35736
+ RESERVED
+CVE-2022-35724
+ RESERVED
+CVE-2022-35723
+ RESERVED
+CVE-2022-35722
+ RESERVED
+CVE-2022-35721
+ RESERVED
+CVE-2022-35720
+ RESERVED
+CVE-2022-35719
+ RESERVED
+CVE-2022-35718
+ RESERVED
+CVE-2022-35717
+ RESERVED
+CVE-2022-35716
+ RESERVED
+CVE-2022-35715
+ RESERVED
+CVE-2022-35714
+ RESERVED
+CVE-2022-34861
+ RESERVED
+CVE-2022-34842
+ RESERVED
+CVE-2022-34649
+ RESERVED
+CVE-2022-34489
+ RESERVED
+CVE-2022-33979
+ RESERVED
+CVE-2022-33966
+ RESERVED
+CVE-2022-33144
+ RESERVED
+CVE-2022-29870
+ RESERVED
+CVE-2022-27170
+ RESERVED
+CVE-2022-2395
+ RESERVED
+CVE-2022-2394
+ RESERVED
+CVE-2021-46827 (An issue was discovered in Oxygen XML WebHelp before 22.1
build 202108 ...)
+ TODO: check
CVE-2022-35713
RESERVED
CVE-2022-35712
@@ -190,8 +246,8 @@ CVE-2022-35630
RESERVED
CVE-2022-35629
RESERVED
-CVE-2022-35628
- RESERVED
+CVE-2022-35628 (A SQL injection issue was discovered in the lux extension
before 17.6. ...)
+ TODO: check
CVE-2022-35627
RESERVED
CVE-2022-2385 (A security issue was discovered in aws-iam-authenticator where
an allo ...)
@@ -714,8 +770,8 @@ CVE-2022-35405
RESERVED
CVE-2022-35404
RESERVED
-CVE-2022-35403
- RESERVED
+CVE-2022-35403 (Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk
Plus MSP ...)
+ TODO: check
CVE-2022-35402
RESERVED
CVE-2022-2353 (Prior to microweber/microweber v1.2.20, due to improper
neutralization ...)
@@ -1127,16 +1183,16 @@ CVE-2022-35230 (An authenticated user can create a link
with reflected Javascrip
TODO: check
CVE-2022-35229 (An authenticated user can create a link with reflected
Javascript code ...)
TODO: check
-CVE-2022-35228
- RESERVED
-CVE-2022-35227
- RESERVED
+CVE-2022-35228 (SAP BusinessObjects CMC allows an unauthenticated attacker to
retrieve ...)
+ TODO: check
+CVE-2022-35227 (A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31,
7.40, 7.50, ...)
+ TODO: check
CVE-2022-35226
RESERVED
-CVE-2022-35225
- RESERVED
-CVE-2022-35224
- RESERVED
+CVE-2022-35225 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20,
7.30, 7.3 ...)
+ TODO: check
+CVE-2022-35224 (SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31,
7.40, 7 ...)
+ TODO: check
CVE-2022-35223
RESERVED
CVE-2022-35222
@@ -1280,16 +1336,16 @@ CVE-2022-35174
RESERVED
CVE-2022-35173
RESERVED
-CVE-2022-35172
- RESERVED
-CVE-2022-35171
- RESERVED
-CVE-2022-35170
- RESERVED
-CVE-2022-35169
- RESERVED
-CVE-2022-35168
- RESERVED
+CVE-2022-35172 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20,
7.30, 7.3 ...)
+ TODO: check
+CVE-2022-35171 (When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files
receive ...)
+ TODO: check
+CVE-2022-35170 (SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11,
7.20, 7.30 ...)
+ TODO: check
+CVE-2022-35169 (SAP BusinessObjects Business Intelligence Platform (LCM) -
versions 42 ...)
+ TODO: check
+CVE-2022-35168 (Due to improper input sanitization of XML input in SAP
Business One - ...)
+ TODO: check
CVE-2022-35167
RESERVED
CVE-2022-35166
@@ -3010,8 +3066,7 @@ CVE-2022-34494 (rpmsg_virtio_add_ctrl_dev in
drivers/rpmsg/virtio_rpmsg_bus.c in
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1680939e9ecf7764fba8689cfb3429c2fe2bb23c (5.19-rc1)
-CVE-2022-2211 [Buffer overflow in get_keys leads to Dos]
- RESERVED
+CVE-2022-2211 (A vulnerability was found in libguestfs. This issue occurs
while calcu ...)
- libguestfs 1:1.46.2-1
[bullseye] - libguestfs <no-dsa> (Minor issue)
[buster] - libguestfs <no-dsa> (Minor issue)
@@ -5320,64 +5375,64 @@ CVE-2022-33680 (Microsoft Edge (Chromium-based)
Elevation of Privilege Vulnerabi
NOT-FOR-US: Microsoft
CVE-2022-33679
RESERVED
-CVE-2022-33678
- RESERVED
-CVE-2022-33677
- RESERVED
-CVE-2022-33676
- RESERVED
-CVE-2022-33675
- RESERVED
-CVE-2022-33674
- RESERVED
-CVE-2022-33673
- RESERVED
-CVE-2022-33672
- RESERVED
-CVE-2022-33671
- RESERVED
+CVE-2022-33678 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
+ TODO: check
+CVE-2022-33677 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33676 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
+ TODO: check
+CVE-2022-33675 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33674 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33673 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33672 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33671 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
CVE-2022-33670
RESERVED
-CVE-2022-33669
- RESERVED
-CVE-2022-33668
- RESERVED
-CVE-2022-33667
- RESERVED
-CVE-2022-33666
- RESERVED
-CVE-2022-33665
- RESERVED
-CVE-2022-33664
- RESERVED
-CVE-2022-33663
- RESERVED
-CVE-2022-33662
- RESERVED
-CVE-2022-33661
- RESERVED
-CVE-2022-33660
- RESERVED
-CVE-2022-33659
- RESERVED
-CVE-2022-33658
- RESERVED
-CVE-2022-33657
- RESERVED
-CVE-2022-33656
- RESERVED
-CVE-2022-33655
- RESERVED
-CVE-2022-33654
- RESERVED
-CVE-2022-33653
- RESERVED
-CVE-2022-33652
- RESERVED
-CVE-2022-33651
- RESERVED
-CVE-2022-33650
- RESERVED
+CVE-2022-33669 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33668 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33667 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33666 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33665 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33664 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33663 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33662 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33661 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33660 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33659 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33658 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33657 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33656 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33655 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33654 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33653 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33652 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33651 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33650 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
CVE-2022-33649
RESERVED
CVE-2022-33648
@@ -5388,32 +5443,32 @@ CVE-2022-33646
RESERVED
CVE-2022-33645
RESERVED
-CVE-2022-33644
- RESERVED
-CVE-2022-33643
- RESERVED
-CVE-2022-33642
- RESERVED
-CVE-2022-33641
- RESERVED
+CVE-2022-33644 (Xbox Live Save Service Elevation of Privilege Vulnerability.
...)
+ TODO: check
+CVE-2022-33643 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33642 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-33641 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
CVE-2022-33640
RESERVED
CVE-2022-33639 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-33638 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-33637
- RESERVED
+CVE-2022-33637 (Microsoft Defender for Endpoint Tampering Vulnerability. ...)
+ TODO: check
CVE-2022-33636
RESERVED
CVE-2022-33635
RESERVED
CVE-2022-33634
RESERVED
-CVE-2022-33633
- RESERVED
-CVE-2022-33632
- RESERVED
+CVE-2022-33633 (Skype for Business and Lync Remote Code Execution
Vulnerability. ...)
+ TODO: check
+CVE-2022-33632 (Microsoft Office Security Feature Bypass Vulnerability. ...)
+ TODO: check
CVE-2022-33631
RESERVED
CVE-2022-33630
@@ -6398,14 +6453,14 @@ CVE-2022-33159
RESERVED
CVE-2022-33158
RESERVED
-CVE-2022-33157
- RESERVED
-CVE-2022-33156
- RESERVED
-CVE-2022-33155
- RESERVED
-CVE-2022-33154
- RESERVED
+CVE-2022-33157 (The libconnect extension before 7.0.8 and 8.x before 8.1.0 for
TYPO3 a ...)
+ TODO: check
+CVE-2022-33156 (The matomo_integration (aka Matomo Integration) extension
before 1.3.2 ...)
+ TODO: check
+CVE-2022-33155 (The ameos_tarteaucitron (aka AMEOS - TarteAuCitron GDPR cookie
banner ...)
+ TODO: check
+CVE-2022-33154 (The schema (aka Embedding schema.org vocabulary) extension
before 1.13 ...)
+ TODO: check
CVE-2022-33153
RESERVED
CVE-2022-33152
@@ -8703,14 +8758,14 @@ CVE-2022-32250 (net/netfilter/nf_tables_api.c in the
Linux kernel through 5.18.1
NOTE: https://www.openwall.com/lists/oss-security/2022/05/31/1
NOTE:
https://git.kernel.org/linus/520778042ccca019f3ffa136dd0ca565c486cedd
NOTE: Was previously also tracked as CVE-2022-1966
-CVE-2022-32249
- RESERVED
-CVE-2022-32248
- RESERVED
-CVE-2022-32247
- RESERVED
-CVE-2022-32246
- RESERVED
+CVE-2022-32249 (Under special integration scenario of SAP Business one and SAP
HANA - ...)
+ TODO: check
+CVE-2022-32248 (Due to missing input validation in the Manage Checkbooks
component of ...)
+ TODO: check
+CVE-2022-32247 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20,
7.30, 7.3 ...)
+ TODO: check
+CVE-2022-32246 (SAP Busines Objects Business Intelligence Platform (Visual
Difference ...)
+ TODO: check
CVE-2022-32245
RESERVED
CVE-2022-32244
@@ -9031,7 +9086,7 @@ CVE-2022-1963 (An issue has been discovered in GitLab
CE/EE affecting all versio
- gitlab <unfixed>
CVE-2021-4233
RESERVED
-CVE-2022-32158 (Splunk Enterprise deployment servers in versions before 9.0
let client ...)
+CVE-2022-32158 (Splunk Enterprise deployment servers in versions before
8.1.10.1, 8.2. ...)
NOT-FOR-US: Splunk Enterprise deployment servers
CVE-2022-32157 (Splunk Enterprise deployment servers in versions before 9.0
allow unau ...)
NOT-FOR-US: Splunk Enterprise deployment servers
@@ -10395,10 +10450,10 @@ CVE-2022-31657
RESERVED
CVE-2022-31656
RESERVED
-CVE-2022-31655
- RESERVED
-CVE-2022-31654
- RESERVED
+CVE-2022-31655 (VMware vRealize Log Insight in versions prior to 8.8.2 contain
a store ...)
+ TODO: check
+CVE-2022-31654 (VMware vRealize Log Insight in versions prior to 8.8.2 contain
a store ...)
+ TODO: check
CVE-2022-31653
RESERVED
CVE-2022-31652
@@ -10802,22 +10857,22 @@ CVE-2013-10003 (A vulnerability classified as
critical has been found in Telecom
NOT-FOR-US: Telecommunication Software SAMwin Contact Center Suite
CVE-2013-10002 (A vulnerability was found in Telecommunication Software SAMwin
Contact ...)
NOT-FOR-US: Telecommunication Software SAMwin Contact Center Suite
-CVE-2022-31598
- RESERVED
-CVE-2022-31597
- RESERVED
+CVE-2022-31598 (Due to insufficient input validation, SAP Business Objects -
version 4 ...)
+ TODO: check
+CVE-2022-31597 (Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105,
106, SAP ...)
+ TODO: check
CVE-2022-31596
RESERVED
CVE-2022-31595 (SAP Financial Consolidation - version 1010,�does not
perform ne ...)
NOT-FOR-US: SAP
CVE-2022-31594 (A highly privileged user can exploit SUID-root program to
escalate his ...)
NOT-FOR-US: SAP
-CVE-2022-31593
- RESERVED
-CVE-2022-31592
- RESERVED
-CVE-2022-31591
- RESERVED
+CVE-2022-31593 (SAP Business One client - version 10.0 allows an attacker with
low pri ...)
+ TODO: check
+CVE-2022-31592 (The application SAP Enterprise Extension Defense Forces &
Public S ...)
+ TODO: check
+CVE-2022-31591 (SAP BusinessObjects BW Publisher Service - versions 420, 430,
uses a s ...)
+ TODO: check
CVE-2022-31590 (SAP PowerDesigner Proxy - version 16.7, allows an attacker
with low pr ...)
NOT-FOR-US: SAP
CVE-2022-31589 (Due to improper authorization check, business users who are
using Isra ...)
@@ -11855,8 +11910,8 @@ CVE-2022-31136 (Bookwyrm is an open source social
reading and reviewing program.
TODO: check
CVE-2022-31135 (Akashi is an open source server implementation of the Attorney
Online ...)
TODO: check
-CVE-2022-31134
- RESERVED
+CVE-2022-31134 (Zulip is an open-source team collaboration tool. Zulip Server
versions ...)
+ TODO: check
CVE-2022-31133 (HumHub is an Open Source Enterprise Social Network. Affected
versions ...)
TODO: check
CVE-2022-31132
@@ -11927,14 +11982,14 @@ CVE-2022-31107
RESERVED
CVE-2022-31106 (Underscore.deep is a collection of Underscore mixins that
operate on n ...)
NOT-FOR-US: Underscore.deep
-CVE-2022-31105
- RESERVED
+CVE-2022-31105 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
+ TODO: check
CVE-2022-31104 (Wasmtime is a standalone runtime for WebAssembly. In affected
versions ...)
NOT-FOR-US: wasmtime
CVE-2022-31103 (lettersanitizer is a DOM-based HTML email sanitizer for
in-browser ema ...)
NOT-FOR-US: Node lettersanitizer
-CVE-2022-31102
- RESERVED
+CVE-2022-31102 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
+ TODO: check
CVE-2022-31101 (prestashop/blockwishlist is a prestashop extension which adds
a block ...)
NOT-FOR-US: prestashop extension
CVE-2022-31100 (rulex is a new, portable, regular expression language. When
parsing un ...)
@@ -12179,8 +12234,8 @@ CVE-2022-31014 (Nextcloud server is an open source
personal cloud server. Affect
- nextcloud-server <itp> (bug #941708)
CVE-2022-31013 (Chat Server is the chat server for Vartalap, an open-source
messaging ...)
NOT-FOR-US: chat server for Vartalap
-CVE-2022-31012
- RESERVED
+CVE-2022-31012 (Git for Windows is a fork of Git that contains
Windows-specific patche ...)
+ TODO: check
CVE-2022-31011 (TiDB is an open-source NewSQL database that supports Hybrid
Transactio ...)
NOT-FOR-US: TiDB
CVE-2022-31010
@@ -12481,8 +12536,8 @@ CVE-2022-1739 (The tested version of Dominion Voting
Systems ImageCast X does no
NOT-FOR-US: Dominion
CVE-2022-1738
RESERVED
-CVE-2022-1737
- RESERVED
+CVE-2022-1737 (Pyramid Solutions' affected products, the Developer and DLL
kits for E ...)
+ TODO: check
CVE-2013-10001 (A vulnerability was found in HTC One/Sense 4.x. It has been
rated as p ...)
NOT-FOR-US: HTC One/Sense
CVE-2022-30942
@@ -13863,8 +13918,8 @@ CVE-2022-30519
RESERVED
CVE-2022-30518 (ChatBot Application with a Suggestion Feature 1.0 was
discovered to co ...)
NOT-FOR-US: ChatBot Application with a Suggestion Feature
-CVE-2022-30517
- RESERVED
+CVE-2022-30517 (Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). ...)
+ TODO: check
CVE-2022-30516 (In Hospital-Management-System v1.0, the editid parameter in
the doctor ...)
NOT-FOR-US: Hospital-Management-System
CVE-2022-30515
@@ -14674,56 +14729,56 @@ CVE-2021-46791
RESERVED
CVE-2022-30227
RESERVED
-CVE-2022-30226
- RESERVED
-CVE-2022-30225
- RESERVED
-CVE-2022-30224
- RESERVED
-CVE-2022-30223
- RESERVED
-CVE-2022-30222
- RESERVED
-CVE-2022-30221
- RESERVED
-CVE-2022-30220
- RESERVED
+CVE-2022-30226 (Windows Print Spooler Elevation of Privilege Vulnerability.
This CVE I ...)
+ TODO: check
+CVE-2022-30225 (Windows Media Player Network Sharing Service Elevation of
Privilege Vu ...)
+ TODO: check
+CVE-2022-30224 (Windows Advanced Local Procedure Call Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2022-30223 (Windows Hyper-V Information Disclosure Vulnerability. This CVE
ID is u ...)
+ TODO: check
+CVE-2022-30222 (Windows Shell Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-30221 (Windows Graphics Component Remote Code Execution
Vulnerability. ...)
+ TODO: check
+CVE-2022-30220 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
+ TODO: check
CVE-2022-30219
RESERVED
CVE-2022-30218
RESERVED
CVE-2022-30217
RESERVED
-CVE-2022-30216
- RESERVED
-CVE-2022-30215
- RESERVED
-CVE-2022-30214
- RESERVED
-CVE-2022-30213
- RESERVED
-CVE-2022-30212
- RESERVED
-CVE-2022-30211
- RESERVED
+CVE-2022-30216 (Windows Server Service Tampering Vulnerability. ...)
+ TODO: check
+CVE-2022-30215 (Active Directory Federation Services Elevation of Privilege
Vulnerabil ...)
+ TODO: check
+CVE-2022-30214 (Windows DNS Server Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-30213 (Windows GDI+ Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-30212 (Windows Connected Devices Platform Service Information
Disclosure Vuln ...)
+ TODO: check
+CVE-2022-30211 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code
Execution Vulner ...)
+ TODO: check
CVE-2022-30210
RESERVED
-CVE-2022-30209
- RESERVED
-CVE-2022-30208
- RESERVED
+CVE-2022-30209 (Windows IIS Server Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-30208 (Windows Security Account Manager (SAM) Denial of Service
Vulnerability ...)
+ TODO: check
CVE-2022-30207
RESERVED
-CVE-2022-30206
- RESERVED
-CVE-2022-30205
- RESERVED
+CVE-2022-30206 (Windows Print Spooler Elevation of Privilege Vulnerability.
This CVE I ...)
+ TODO: check
+CVE-2022-30205 (Windows Group Policy Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-30204
RESERVED
-CVE-2022-30203
- RESERVED
-CVE-2022-30202
- RESERVED
+CVE-2022-30203 (Windows Boot Manager Security Feature Bypass Vulnerability.
...)
+ TODO: check
+CVE-2022-30202 (Windows Advanced Local Procedure Call Elevation of Privilege
Vulnerabi ...)
+ TODO: check
CVE-2022-30201
RESERVED
CVE-2022-30200
@@ -14752,8 +14807,8 @@ CVE-2022-30189 (Windows Autopilot Device Management and
Enrollment Client Spoofi
NOT-FOR-US: Microsoft
CVE-2022-30188 (HEVC Video Extensions Remote Code Execution Vulnerability.
This CVE ID ...)
NOT-FOR-US: Microsoft
-CVE-2022-30187
- RESERVED
+CVE-2022-30187 (Azure Storage Library Information Disclosure Vulnerability.
...)
+ TODO: check
CVE-2022-30186
RESERVED
CVE-2022-30185
@@ -14764,8 +14819,8 @@ CVE-2022-30183
RESERVED
CVE-2022-30182
RESERVED
-CVE-2022-30181
- RESERVED
+CVE-2022-30181 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
CVE-2022-30180 (Azure RTOS GUIX Studio Information Disclosure Vulnerability.
...)
NOT-FOR-US: Microsoft
CVE-2022-30179 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
@@ -16437,8 +16492,8 @@ CVE-2022-29621
RESERVED
CVE-2022-29620 (** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain
cleartext ...)
NOT-FOR-US: Disputed Filezilla issue
-CVE-2022-29619
- RESERVED
+CVE-2022-29619 (Under certain conditions SAP BusinessObjects Business
Intelligence Pla ...)
+ TODO: check
CVE-2022-29618 (Due to insufficient input validation, SAP NetWeaver
Development Infras ...)
NOT-FOR-US: SAP
CVE-2022-29617 (Due to improper error handling an authenticated user can crash
CLA ass ...)
@@ -16471,12 +16526,12 @@ CVE-2022-29604
RESERVED
CVE-2022-29603 (A SQL Injection vulnerability exists in UniverSIS
UniverSIS-API throug ...)
NOT-FOR-US: UniverSIS
-CVE-2022-29602
- RESERVED
-CVE-2022-29601
- RESERVED
-CVE-2022-29600
- RESERVED
+CVE-2022-29602 (The gridelements (aka Grid Elements) extension through 7.6.1,
8.x thro ...)
+ TODO: check
+CVE-2022-29601 (The seminars (aka Seminar Manager) extension through 4.1.3 for
TYPO3 a ...)
+ TODO: check
+CVE-2022-29600 (The oelib (aka One is Enough Library) extension through 4.1.5
for TYPO ...)
+ TODO: check
CVE-2022-1455 (The Call Now Button WordPress plugin before 1.1.2 does not
escape a pa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1454
@@ -17724,8 +17779,7 @@ CVE-2022-29189 (Pion DTLS is a Go implementation of
Datagram Transport Layer Sec
NOTE: https://github.com/pion/dtls/releases/tag/v2.1.4
CVE-2022-29188 (Smokescreen is an HTTP proxy. The primary use case for
Smokescreen is ...)
NOT-FOR-US: Smokescreen
-CVE-2022-29187
- RESERVED
+CVE-2022-29187 (Git is a distributed revision control system. Git prior to
versions 2. ...)
- git <unfixed> (bug #1014848)
[bullseye] - git <no-dsa> (Minor issue)
[buster] - git <no-dsa> (Minor issue)
@@ -18846,8 +18900,8 @@ CVE-2022-28773 (Due to an uncontrolled recursion in SAP
Web Dispatcher and SAP I
NOT-FOR-US: SAP
CVE-2022-28772 (By overlong input values an attacker may force overwrite of
the intern ...)
NOT-FOR-US: SAP
-CVE-2022-28771
- RESERVED
+CVE-2022-28771 (Due to missing authentication check, SAP Business one License
service ...)
+ TODO: check
CVE-2022-28770 (Due to insufficient input validation, SAPUI5 library(vbm) -
versions 7 ...)
NOT-FOR-US: SAP
CVE-2022-28769
@@ -23338,8 +23392,7 @@ CVE-2022-1027 (The Page Restriction WordPress (WP)
WordPress plugin before 1.2.7
NOT-FOR-US: WordPress plugin
CVE-2022-1026 (Kyocera multifunction printers running vulnerable versions of
Net View ...)
NOT-FOR-US: Kyocera printers
-CVE-2022-1025
- RESERVED
+CVE-2022-1025 (All unpatched versions of Argo CD starting with v1.0.0 are
vulnerable ...)
NOT-FOR-US: Argo CD
CVE-2022-1024
RESERVED
@@ -30361,8 +30414,8 @@ CVE-2022-24801 (Twisted is an event-based framework for
internet applications, s
NOTE:
https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq
NOTE: https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1
NOTE:
https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac
(twisted-22.04.0rc1)
-CVE-2022-24800
- RESERVED
+CVE-2022-24800 (October/System is the system module for October CMS, a
self-hosted CMS ...)
+ TODO: check
CVE-2022-24799 (wire-webapp is the web application interface for the wire
messaging se ...)
NOT-FOR-US: wire-webapp
CVE-2022-24798 (Internet Routing Registry daemon version 4 is an IRR database
server, ...)
@@ -36964,10 +37017,10 @@ CVE-2022-23000
RESERVED
CVE-2022-22999
RESERVED
-CVE-2022-22998
- RESERVED
-CVE-2022-22997
- RESERVED
+CVE-2022-22998 (Implemented protections on AWS credentials that were not
properly prot ...)
+ TODO: check
+CVE-2022-22997 (Addressed a remote code execution vulnerability by resolving a
command ...)
+ TODO: check
CVE-2022-22996 (The G-RAID 4/8 Software Utility setups for Windows were
affected by a ...)
NOT-FOR-US: Western Digital Windows setup
CVE-2022-22995 (The combination of primitives offered by SMB and AFP in their
default ...)
@@ -38258,8 +38311,8 @@ CVE-2022-22713 (Windows Hyper-V Denial of Service
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-22712 (Windows Hyper-V Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-22711
- RESERVED
+CVE-2022-22711 (Windows BitLocker Information Disclosure Vulnerability. ...)
+ TODO: check
CVE-2022-22710 (Windows Common Log File System Driver Denial of Service
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-22709 (VP9 Video Extensions Remote Code Execution Vulnerability. ...)
@@ -42574,64 +42627,64 @@ CVE-2022-22052
RESERVED
CVE-2022-22051
RESERVED
-CVE-2022-22050
- RESERVED
-CVE-2022-22049
- RESERVED
-CVE-2022-22048
- RESERVED
-CVE-2022-22047
- RESERVED
+CVE-2022-22050 (Windows Fax Service Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-22049 (Windows CSRSS Elevation of Privilege Vulnerability. This CVE
ID is uni ...)
+ TODO: check
+CVE-2022-22048 (BitLocker Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-22047 (Windows CSRSS Elevation of Privilege Vulnerability. This CVE
ID is uni ...)
+ TODO: check
CVE-2022-22046
RESERVED
-CVE-2022-22045
- RESERVED
+CVE-2022-22045 (Windows.Devices.Picker.dll Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2022-22044
RESERVED
-CVE-2022-22043
- RESERVED
-CVE-2022-22042
- RESERVED
-CVE-2022-22041
- RESERVED
-CVE-2022-22040
- RESERVED
-CVE-2022-22039
- RESERVED
-CVE-2022-22038
- RESERVED
-CVE-2022-22037
- RESERVED
-CVE-2022-22036
- RESERVED
+CVE-2022-22043 (Windows Fast FAT File System Driver Elevation of Privilege
Vulnerabili ...)
+ TODO: check
+CVE-2022-22042 (Windows Hyper-V Information Disclosure Vulnerability. This CVE
ID is u ...)
+ TODO: check
+CVE-2022-22041 (Windows Print Spooler Elevation of Privilege Vulnerability.
This CVE I ...)
+ TODO: check
+CVE-2022-22040 (Internet Information Services Dynamic Compression Module
Denial of Ser ...)
+ TODO: check
+CVE-2022-22039 (Windows Network File System Remote Code Execution
Vulnerability. This ...)
+ TODO: check
+CVE-2022-22038 (Remote Procedure Call Runtime Remote Code Execution
Vulnerability. ...)
+ TODO: check
+CVE-2022-22037 (Windows Advanced Local Procedure Call Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2022-22036 (Performance Counters for Windows Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2022-22035
RESERVED
-CVE-2022-22034
- RESERVED
+CVE-2022-22034 (Windows Graphics Component Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2022-22033
RESERVED
CVE-2022-22032
RESERVED
-CVE-2022-22031
- RESERVED
+CVE-2022-22031 (Windows Credential Guard Domain-joined Public Key Elevation of
Privile ...)
+ TODO: check
CVE-2022-22030
RESERVED
-CVE-2022-22029
- RESERVED
-CVE-2022-22028
- RESERVED
-CVE-2022-22027
- RESERVED
-CVE-2022-22026
- RESERVED
-CVE-2022-22025
- RESERVED
-CVE-2022-22024
- RESERVED
-CVE-2022-22023
- RESERVED
-CVE-2022-22022
- RESERVED
+CVE-2022-22029 (Windows Network File System Remote Code Execution
Vulnerability. This ...)
+ TODO: check
+CVE-2022-22028 (Windows Network File System Information Disclosure
Vulnerability. ...)
+ TODO: check
+CVE-2022-22027 (Windows Fax Service Remote Code Execution Vulnerability. This
CVE ID i ...)
+ TODO: check
+CVE-2022-22026 (Windows CSRSS Elevation of Privilege Vulnerability. This CVE
ID is uni ...)
+ TODO: check
+CVE-2022-22025 (Windows Internet Information Services Cachuri Module Denial of
Service ...)
+ TODO: check
+CVE-2022-22024 (Windows Fax Service Remote Code Execution Vulnerability. This
CVE ID i ...)
+ TODO: check
+CVE-2022-22023 (Windows Portable Device Enumerator Service Security Feature
Bypass Vul ...)
+ TODO: check
+CVE-2022-22022 (Windows Print Spooler Elevation of Privilege Vulnerability.
This CVE I ...)
+ TODO: check
CVE-2022-22021 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-22020
@@ -43559,8 +43612,8 @@ CVE-2022-21847 (Windows Hyper-V Denial of Service
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-21846 (Microsoft Exchange Server Remote Code Execution Vulnerability.
This CV ...)
NOT-FOR-US: Microsoft
-CVE-2022-21845
- RESERVED
+CVE-2022-21845 (Windows Kernel Information Disclosure Vulnerability. ...)
+ TODO: check
CVE-2022-21844 (HEVC Video Extensions Remote Code Execution Vulnerability.
This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-21843 (Windows IKE Extension Denial of Service Vulnerability. This
CVE ID is ...)
@@ -473728,8 +473781,7 @@ CVE-2011-4917 (In the Linux kernel through 3.1 there
is an information disclosur
- linux <unfixed> (unimportant)
- linux-2.6 <removed> (unimportant)
NOTE: Minor info leak, unlikely to be fixed upstream
-CVE-2011-4916
- RESERVED
+CVE-2011-4916 (Linux kernel through 3.1 allows local users to obtain sensitive
keystr ...)
- linux <unfixed> (unimportant)
NOTE: https://lkml.org/lkml/2011/11/7/355
NOTE: https://www.openwall.com/lists/oss-security/2011/12/28/3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d87ed895ee3ab3d6ee0789bebe5af45d506064bc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d87ed895ee3ab3d6ee0789bebe5af45d506064bc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
