Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c84f2b60 by security tracker role at 2022-08-10T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,161 @@
+CVE-2022-38115
+ RESERVED
+CVE-2022-38114
+ RESERVED
+CVE-2022-38113
+ RESERVED
+CVE-2022-38112
+ RESERVED
+CVE-2022-38111
+ RESERVED
+CVE-2022-38110
+ RESERVED
+CVE-2022-38109
+ RESERVED
+CVE-2022-38108
+ RESERVED
+CVE-2022-38107
+ RESERVED
+CVE-2022-38106
+ RESERVED
+CVE-2022-38093
+ RESERVED
+CVE-2022-38070
+ RESERVED
+CVE-2022-38068
+ RESERVED
+CVE-2022-38067
+ RESERVED
+CVE-2022-38062
+ RESERVED
+CVE-2022-38061
+ RESERVED
+CVE-2022-38059
+ RESERVED
+CVE-2022-38058
+ RESERVED
+CVE-2022-38054
+ RESERVED
+CVE-2022-37412
+ RESERVED
+CVE-2022-37411
+ RESERVED
+CVE-2022-37407
+ RESERVED
+CVE-2022-37405
+ RESERVED
+CVE-2022-37404
+ RESERVED
+CVE-2022-37403
+ RESERVED
+CVE-2022-37402
+ RESERVED
+CVE-2022-37344
+ RESERVED
+CVE-2022-37339
+ RESERVED
+CVE-2022-37338
+ RESERVED
+CVE-2022-37335
+ RESERVED
+CVE-2022-37330
+ RESERVED
+CVE-2022-37328
+ RESERVED
+CVE-2022-36798
+ RESERVED
+CVE-2022-36796
+ RESERVED
+CVE-2022-36793
+ RESERVED
+CVE-2022-36791
+ RESERVED
+CVE-2022-36428
+ RESERVED
+CVE-2022-36427
+ RESERVED
+CVE-2022-36425
+ RESERVED
+CVE-2022-36422
+ RESERVED
+CVE-2022-36405
+ RESERVED
+CVE-2022-36394
+ RESERVED
+CVE-2022-36390
+ RESERVED
+CVE-2022-36387
+ RESERVED
+CVE-2022-36383
+ RESERVED
+CVE-2022-36376
+ RESERVED
+CVE-2022-36373
+ RESERVED
+CVE-2022-36365
+ RESERVED
+CVE-2022-36358
+ RESERVED
+CVE-2022-36355
+ RESERVED
+CVE-2022-36352
+ RESERVED
+CVE-2022-36347
+ RESERVED
+CVE-2022-36345
+ RESERVED
+CVE-2022-35726
+ RESERVED
+CVE-2022-35725
+ RESERVED
+CVE-2022-35277
+ RESERVED
+CVE-2022-35275
+ RESERVED
+CVE-2022-35242
+ RESERVED
+CVE-2022-35235
+ RESERVED
+CVE-2022-31474
+ RESERVED
+CVE-2022-29476
+ RESERVED
+CVE-2022-2743
+ RESERVED
+CVE-2022-2742
+ RESERVED
+CVE-2022-2741
+ RESERVED
+CVE-2022-2740
+ RESERVED
+CVE-2022-2739
+ RESERVED
+CVE-2022-2738
+ RESERVED
+CVE-2022-2737
+ RESERVED
+CVE-2022-2736
+ RESERVED
+CVE-2022-2735
+ RESERVED
+CVE-2022-2734 (Improper Restriction of Rendered UI Layers or Frames in GitHub
reposit ...)
+ TODO: check
+CVE-2022-2733 (Cross-site Scripting (XSS) - Reflected in GitHub repository
openemr/op ...)
+ TODO: check
+CVE-2022-2732 (Improper Privilege Management in GitHub repository
openemr/openemr pri ...)
+ TODO: check
+CVE-2022-2731 (Cross-site Scripting (XSS) - Reflected in GitHub repository
openemr/op ...)
+ TODO: check
+CVE-2022-2730 (Authorization Bypass Through User-Controlled Key in GitHub
repository ...)
+ TODO: check
+CVE-2022-2729 (Cross-site Scripting (XSS) - DOM in GitHub repository
openemr/openemr ...)
+ TODO: check
+CVE-2022-2728 (A vulnerability was found in SourceCodester Gym Management
System. It ...)
+ TODO: check
+CVE-2022-2727 (A vulnerability was found in SourceCodester Gym Management
System. It ...)
+ TODO: check
+CVE-2022-2726 (A vulnerability classified as critical has been found in
SEMCMS. This ...)
+ TODO: check
CVE-2022-38053
RESERVED
CVE-2022-38052
@@ -352,14 +510,14 @@ CVE-2022-37878
RESERVED
CVE-2022-37877
RESERVED
-CVE-2022-2725
- RESERVED
-CVE-2022-2724
- RESERVED
-CVE-2022-2723
- RESERVED
-CVE-2022-2722
- RESERVED
+CVE-2022-2725 (A vulnerability was found in SourceCodester Company Website
CMS. It ha ...)
+ TODO: check
+CVE-2022-2724 (A vulnerability was found in SourceCodester Employee Management
System ...)
+ TODO: check
+CVE-2022-2723 (A vulnerability was found in SourceCodester Employee Management
System ...)
+ TODO: check
+CVE-2022-2722 (A vulnerability was found in SourceCodester Simple Student
Information ...)
+ TODO: check
CVE-2022-2721
RESERVED
CVE-2022-2720
@@ -396,8 +554,7 @@ CVE-2022-37864
RESERVED
CVE-2022-35733
RESERVED
-CVE-2022-2719 [Assertion Failure could lead to DoS due to attempted writing of
NULL image list]
- RESERVED
+CVE-2022-2719 (In ImageMagick, a crafted file could trigger an assertion
failure when ...)
- imagemagick <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2116537
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/716496e6df0add89e9679d6da9c0afca814cfe49
@@ -408,8 +565,8 @@ CVE-2022-2717
RESERVED
CVE-2022-2716
RESERVED
-CVE-2022-2715
- RESERVED
+CVE-2022-2715 (A vulnerability has been found in SourceCodester Employee
Management S ...)
+ TODO: check
CVE-2022-2714
RESERVED
CVE-2022-2713 (Insufficient Session Expiration in GitHub repository
cockpit-hq/cockpi ...)
@@ -1574,8 +1731,8 @@ CVE-2022-2635
RESERVED
CVE-2022-37393
RESERVED
-CVE-2022-2634
- RESERVED
+CVE-2022-2634 (An attacker may be able to execute malicious actions due to the
lack o ...)
+ TODO: check
CVE-2022-37392
RESERVED
CVE-2022-37391
@@ -2463,8 +2620,8 @@ CVE-2022-37026
RESERVED
CVE-2022-37025
RESERVED
-CVE-2022-37024
- RESERVED
+CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP,
Network Co ...)
+ TODO: check
CVE-2022-2588
RESERVED
- linux <unfixed>
@@ -2616,22 +2773,22 @@ CVE-2022-2564 (Prototype Pollution in GitHub repository
automattic/mongoose prio
NOT-FOR-US: Mongoose
CVE-2022-2563
RESERVED
-CVE-2022-37008
- RESERVED
-CVE-2022-37007
- RESERVED
-CVE-2022-37006
- RESERVED
-CVE-2022-37005
- RESERVED
-CVE-2022-37004
- RESERVED
-CVE-2022-37003
- RESERVED
-CVE-2022-37002
- RESERVED
-CVE-2022-37001
- RESERVED
+CVE-2022-37008 (The recovery module has a vulnerability of bypassing the
verification ...)
+ TODO: check
+CVE-2022-37007 (The chinadrm module has an out-of-bounds read vulnerability.
Successfu ...)
+ TODO: check
+CVE-2022-37006 (Permission control vulnerability in the network module.
Successful exp ...)
+ TODO: check
+CVE-2022-37005 (The Settings application has an argument injection
vulnerability. Succ ...)
+ TODO: check
+CVE-2022-37004 (The Settings application has a vulnerability of bypassing the
out-of-b ...)
+ TODO: check
+CVE-2022-37003 (The AOD module has a vulnerability in permission assignment.
Successfu ...)
+ TODO: check
+CVE-2022-37002 (The SystemUI module has a privilege escalation vulnerability.
Successf ...)
+ TODO: check
+CVE-2022-37001 (The diag-router module has a vulnerability in intercepting
excessive l ...)
+ TODO: check
CVE-2022-37000 (An issue was discovered in Veritas NetBackup 8.1.x through
8.1.2, 8.2, ...)
NOT-FOR-US: Veritas
CVE-2022-36999 (An issue was discovered in Veritas NetBackup 8.1.x through
8.1.2, 8.2, ...)
@@ -4424,11 +4581,9 @@ CVE-2022-2460 (The WPDating WordPress plugin through
7.1.9 does not properly esc
NOT-FOR-US: WordPress plugin
CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all
versions befor ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2022-2458
- RESERVED
+CVE-2022-2458 (XML external entity injection(XXE) is a vulnerability that
allows an a ...)
NOT-FOR-US: Red Hat Process Automation Manager
-CVE-2022-2457
- RESERVED
+CVE-2022-2457 (A flaw was found in Red Hat Process Automation Manager 7 where
an atta ...)
NOT-FOR-US: Red Hat Process Automation Manager
CVE-2022-2456 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- gitlab <unfixed>
@@ -4772,11 +4927,9 @@ CVE-2016-15003 (A vulnerability has been found in
FileZilla Client 3.17.0.0 and
- filezilla <not-affected> (Installer not relevant to Debian)
CVE-2015-10003 (A vulnerability, which was classified as problematic, was
found in Fil ...)
NOT-FOR-US: FileZilla server
-CVE-2022-36125
- RESERVED
+CVE-2022-36125 (It is possible to crash (panic) an application by providing a
corrupte ...)
NOT-FOR-US: Apache Avro
-CVE-2022-36124
- RESERVED
+CVE-2022-36124 (It is possible for a Reader to consume memory beyond the
allowed const ...)
NOT-FOR-US: Apache Avro
CVE-2022-36123 (The Linux kernel before 5.18.13 lacks a certain clear
operation for th ...)
- linux 5.18.14-1
@@ -5468,142 +5621,142 @@ CVE-2022-35829
RESERVED
CVE-2022-35828
RESERVED
-CVE-2022-35827
- RESERVED
-CVE-2022-35826
- RESERVED
-CVE-2022-35825
- RESERVED
-CVE-2022-35824
- RESERVED
+CVE-2022-35827 (Visual Studio Remote Code Execution Vulnerability. This CVE ID
is uniq ...)
+ TODO: check
+CVE-2022-35826 (Visual Studio Remote Code Execution Vulnerability. This CVE ID
is uniq ...)
+ TODO: check
+CVE-2022-35825 (Visual Studio Remote Code Execution Vulnerability. This CVE ID
is uniq ...)
+ TODO: check
+CVE-2022-35824 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
+ TODO: check
CVE-2022-35823
RESERVED
CVE-2022-35822
RESERVED
-CVE-2022-35821
- RESERVED
-CVE-2022-35820
- RESERVED
-CVE-2022-35819
- RESERVED
-CVE-2022-35818
- RESERVED
-CVE-2022-35817
- RESERVED
-CVE-2022-35816
- RESERVED
-CVE-2022-35815
- RESERVED
-CVE-2022-35814
- RESERVED
-CVE-2022-35813
- RESERVED
-CVE-2022-35812
- RESERVED
-CVE-2022-35811
- RESERVED
-CVE-2022-35810
- RESERVED
-CVE-2022-35809
- RESERVED
-CVE-2022-35808
- RESERVED
-CVE-2022-35807
- RESERVED
-CVE-2022-35806
- RESERVED
+CVE-2022-35821 (Azure Sphere Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-35820 (Windows Bluetooth Driver Elevation of Privilege Vulnerability.
...)
+ TODO: check
+CVE-2022-35819 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35818 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35817 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35816 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35815 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35814 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35813 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35812 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35811 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35810 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35809 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35808 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35807 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35806 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
+ TODO: check
CVE-2022-35805
RESERVED
-CVE-2022-35804
- RESERVED
+CVE-2022-35804 (SMB Client and Server Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-35803
RESERVED
-CVE-2022-35802
- RESERVED
-CVE-2022-35801
- RESERVED
-CVE-2022-35800
- RESERVED
-CVE-2022-35799
- RESERVED
+CVE-2022-35802 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35801 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35800 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35799 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
CVE-2022-35798
RESERVED
-CVE-2022-35797
- RESERVED
-CVE-2022-35796
- RESERVED
-CVE-2022-35795
- RESERVED
-CVE-2022-35794
- RESERVED
-CVE-2022-35793
- RESERVED
-CVE-2022-35792
- RESERVED
-CVE-2022-35791
- RESERVED
-CVE-2022-35790
- RESERVED
-CVE-2022-35789
- RESERVED
-CVE-2022-35788
- RESERVED
-CVE-2022-35787
- RESERVED
-CVE-2022-35786
- RESERVED
-CVE-2022-35785
- RESERVED
-CVE-2022-35784
- RESERVED
-CVE-2022-35783
- RESERVED
-CVE-2022-35782
- RESERVED
-CVE-2022-35781
- RESERVED
-CVE-2022-35780
- RESERVED
-CVE-2022-35779
- RESERVED
+CVE-2022-35797 (Windows Hello Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-35796 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-35795 (Windows Error Reporting Service Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-35794 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
+ TODO: check
+CVE-2022-35793 (Windows Print Spooler Elevation of Privilege Vulnerability.
This CVE I ...)
+ TODO: check
+CVE-2022-35792 (Storage Spaces Direct Elevation of Privilege Vulnerability.
This CVE I ...)
+ TODO: check
+CVE-2022-35791 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35790 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35789 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35788 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35787 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35786 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35785 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35784 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35783 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35782 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35781 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35780 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35779 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
+ TODO: check
CVE-2022-35778
RESERVED
-CVE-2022-35777
- RESERVED
-CVE-2022-35776
- RESERVED
-CVE-2022-35775
- RESERVED
-CVE-2022-35774
- RESERVED
-CVE-2022-35773
- RESERVED
-CVE-2022-35772
- RESERVED
-CVE-2022-35771
- RESERVED
+CVE-2022-35777 (Visual Studio Remote Code Execution Vulnerability. This CVE ID
is uniq ...)
+ TODO: check
+CVE-2022-35776 (Azure Site Recovery Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-35775 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35774 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
+ TODO: check
+CVE-2022-35773 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
+ TODO: check
+CVE-2022-35772 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
+ TODO: check
+CVE-2022-35771 (Windows Defender Credential Guard Elevation of Privilege
Vulnerability ...)
+ TODO: check
CVE-2022-35770
RESERVED
-CVE-2022-35769
- RESERVED
-CVE-2022-35768
- RESERVED
-CVE-2022-35767
- RESERVED
-CVE-2022-35766
- RESERVED
-CVE-2022-35765
- RESERVED
-CVE-2022-35764
- RESERVED
-CVE-2022-35763
- RESERVED
-CVE-2022-35762
- RESERVED
-CVE-2022-35761
- RESERVED
-CVE-2022-35760
- RESERVED
+CVE-2022-35769 (Windows Point-to-Point Protocol (PPP) Denial of Service
Vulnerability. ...)
+ TODO: check
+CVE-2022-35768 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+ TODO: check
+CVE-2022-35767 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
+ TODO: check
+CVE-2022-35766 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
+ TODO: check
+CVE-2022-35765 (Storage Spaces Direct Elevation of Privilege Vulnerability.
This CVE I ...)
+ TODO: check
+CVE-2022-35764 (Storage Spaces Direct Elevation of Privilege Vulnerability.
This CVE I ...)
+ TODO: check
+CVE-2022-35763 (Storage Spaces Direct Elevation of Privilege Vulnerability.
This CVE I ...)
+ TODO: check
+CVE-2022-35762 (Storage Spaces Direct Elevation of Privilege Vulnerability.
This CVE I ...)
+ TODO: check
+CVE-2022-35761 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+ TODO: check
+CVE-2022-35760 (Microsoft ATA Port Driver Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2022-35759
RESERVED
CVE-2022-35758
@@ -5672,8 +5825,7 @@ CVE-2022-35737 (SQLite 1.0.12 through 3.39.x before
3.39.2 sometimes allows an a
NOTE: Debian sqlite3 packages not compiled with -DSQLITE_ENABLE_STAT4
CVE-2022-35736
RESERVED
-CVE-2022-35724
- RESERVED
+CVE-2022-35724 (It is possible to provide data to be read that leads the
reader to loo ...)
NOT-FOR-US: Apache Avro
CVE-2022-35723
RESERVED
@@ -5751,8 +5903,8 @@ CVE-2022-35699
RESERVED
CVE-2022-35698
RESERVED
-CVE-2022-35697
- RESERVED
+CVE-2022-35697 (Adobe Experience Manager Core Components version 2.20.6 (and
earlier) ...)
+ TODO: check
CVE-2022-35696
RESERVED
CVE-2022-35695
@@ -6135,18 +6287,18 @@ CVE-2022-35540
RESERVED
CVE-2022-35539
RESERVED
-CVE-2022-35538
- RESERVED
-CVE-2022-35537
- RESERVED
-CVE-2022-35536
- RESERVED
-CVE-2022-35535
- RESERVED
-CVE-2022-35534
- RESERVED
-CVE-2022-35533
- RESERVED
+CVE-2022-35538 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3
wireless.cgi has ...)
+ TODO: check
+CVE-2022-35537 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3
wireless.cgi has ...)
+ TODO: check
+CVE-2022-35536 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi
has no fi ...)
+ TODO: check
+CVE-2022-35535 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3
wireless.cgi has ...)
+ TODO: check
+CVE-2022-35534 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3
wireless.cgi has ...)
+ TODO: check
+CVE-2022-35533 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi
has no fi ...)
+ TODO: check
CVE-2022-35532
RESERVED
CVE-2022-35531
@@ -6159,26 +6311,26 @@ CVE-2022-35528
RESERVED
CVE-2022-35527
RESERVED
-CVE-2022-35526
- RESERVED
-CVE-2022-35525
- RESERVED
-CVE-2022-35524
- RESERVED
-CVE-2022-35523
- RESERVED
-CVE-2022-35522
- RESERVED
-CVE-2022-35521
- RESERVED
-CVE-2022-35520
- RESERVED
-CVE-2022-35519
- RESERVED
-CVE-2022-35518
- RESERVED
-CVE-2022-35517
- RESERVED
+CVE-2022-35526 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi
has no ...)
+ TODO: check
+CVE-2022-35525 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi
has no fi ...)
+ TODO: check
+CVE-2022-35524 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi
has no fi ...)
+ TODO: check
+CVE-2022-35523 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3
firewall.cgi has ...)
+ TODO: check
+CVE-2022-35522 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi
has no fi ...)
+ TODO: check
+CVE-2022-35521 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3
firewall.cgi has ...)
+ TODO: check
+CVE-2022-35520 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi
has no fi ...)
+ TODO: check
+CVE-2022-35519 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3
firewall.cgi has ...)
+ TODO: check
+CVE-2022-35518 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi
has no fi ...)
+ TODO: check
+CVE-2022-35517 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi
has no fi ...)
+ TODO: check
CVE-2022-35516
RESERVED
CVE-2022-35515
@@ -6193,8 +6345,8 @@ CVE-2022-35511
RESERVED
CVE-2022-35510
RESERVED
-CVE-2022-35509
- RESERVED
+CVE-2022-35509 (An issue was discovered in EyouCMS 1.5.8. There is a Storage
XSS vulne ...)
+ TODO: check
CVE-2022-35508
RESERVED
CVE-2022-35507
@@ -6229,8 +6381,8 @@ CVE-2022-35493 (A Cross-site scripting (XSS)
vulnerability in json search parse
NOT-FOR-US: eShop - Multipurpose Ecommerce Store Website
CVE-2022-35492
RESERVED
-CVE-2022-35491
- RESERVED
+CVE-2022-35491 (TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded
password for ro ...)
+ TODO: check
CVE-2022-35490 (Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has
a preve ...)
- zammad <itp> (bug #841355)
CVE-2022-35489 (In Zammad 5.2.0, customers who have secondary organizations
assigned w ...)
@@ -6359,8 +6511,8 @@ CVE-2022-35428
RESERVED
CVE-2022-35427
RESERVED
-CVE-2022-35426
- RESERVED
+CVE-2022-35426 (UCMS 1.6 is vulnerable to arbitrary file upload via
ucms/sadmin/file P ...)
+ TODO: check
CVE-2022-35425
RESERVED
CVE-2022-35424
@@ -6711,14 +6863,14 @@ CVE-2022-35295
RESERVED
CVE-2022-35294
RESERVED
-CVE-2022-35293
- RESERVED
+CVE-2022-35293 (Due to insecure session management, SAP Enable Now allows an
unauthent ...)
+ TODO: check
CVE-2022-35292
RESERVED
CVE-2022-35291 (Due to misconfigured application endpoints, SAP SuccessFactors
attachm ...)
NOT-FOR-US: SAP
-CVE-2022-35290
- RESERVED
+CVE-2022-35290 (Under certain conditions SAP Authenticator for Android allows
an attac ...)
+ TODO: check
CVE-2022-35289
RESERVED
CVE-2022-35288 (IBM Security Verify Information Queue 10.0.2 could allow a
user to obt ...)
@@ -8254,72 +8406,72 @@ CVE-2022-34719
RESERVED
CVE-2022-34718
RESERVED
-CVE-2022-34717
- RESERVED
-CVE-2022-34716
- RESERVED
-CVE-2022-34715
- RESERVED
-CVE-2022-34714
- RESERVED
-CVE-2022-34713
- RESERVED
-CVE-2022-34712
- RESERVED
+CVE-2022-34717 (Microsoft Office Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-34716 (.NET Spoofing Vulnerability. ...)
+ TODO: check
+CVE-2022-34715 (Windows Network File System Remote Code Execution
Vulnerability. ...)
+ TODO: check
+CVE-2022-34714 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
+ TODO: check
+CVE-2022-34713 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code
Execution ...)
+ TODO: check
+CVE-2022-34712 (Windows Defender Credential Guard Information Disclosure
Vulnerability ...)
+ TODO: check
CVE-2022-34711
RESERVED
-CVE-2022-34710
- RESERVED
-CVE-2022-34709
- RESERVED
-CVE-2022-34708
- RESERVED
-CVE-2022-34707
- RESERVED
-CVE-2022-34706
- RESERVED
-CVE-2022-34705
- RESERVED
-CVE-2022-34704
- RESERVED
-CVE-2022-34703
- RESERVED
-CVE-2022-34702
- RESERVED
-CVE-2022-34701
- RESERVED
+CVE-2022-34710 (Windows Defender Credential Guard Information Disclosure
Vulnerability ...)
+ TODO: check
+CVE-2022-34709 (Windows Defender Credential Guard Security Feature Bypass
Vulnerabilit ...)
+ TODO: check
+CVE-2022-34708 (Windows Kernel Information Disclosure Vulnerability. This CVE
ID is un ...)
+ TODO: check
+CVE-2022-34707 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+ TODO: check
+CVE-2022-34706 (Windows Local Security Authority (LSA) Elevation of Privilege
Vulnerab ...)
+ TODO: check
+CVE-2022-34705 (Windows Defender Credential Guard Elevation of Privilege
Vulnerability ...)
+ TODO: check
+CVE-2022-34704 (Windows Defender Credential Guard Information Disclosure
Vulnerability ...)
+ TODO: check
+CVE-2022-34703 (Windows Partition Management Driver Elevation of Privilege
Vulnerabili ...)
+ TODO: check
+CVE-2022-34702 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
+ TODO: check
+CVE-2022-34701 (Windows Secure Socket Tunneling Protocol (SSTP) Denial of
Service Vuln ...)
+ TODO: check
CVE-2022-34700
RESERVED
-CVE-2022-34699
- RESERVED
+CVE-2022-34699 (Windows Win32k Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-34698
RESERVED
CVE-2022-34697
RESERVED
-CVE-2022-34696
- RESERVED
+CVE-2022-34696 (Windows Hyper-V Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-34695
RESERVED
CVE-2022-34694
RESERVED
CVE-2022-34693
RESERVED
-CVE-2022-34692
- RESERVED
-CVE-2022-34691
- RESERVED
-CVE-2022-34690
- RESERVED
+CVE-2022-34692 (Microsoft Exchange Information Disclosure Vulnerability. This
CVE ID i ...)
+ TODO: check
+CVE-2022-34691 (Active Directory Domain Services Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-34690 (Windows Fax Service Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-34689
RESERVED
CVE-2022-34688
RESERVED
-CVE-2022-34687
- RESERVED
-CVE-2022-34686
- RESERVED
-CVE-2022-34685
- RESERVED
+CVE-2022-34687 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
+ TODO: check
+CVE-2022-34686 (Azure RTOS GUIX Studio Information Disclosure Vulnerability.
This CVE ...)
+ TODO: check
+CVE-2022-34685 (Azure RTOS GUIX Studio Information Disclosure Vulnerability.
This CVE ...)
+ TODO: check
CVE-2022-34684
RESERVED
CVE-2022-34683
@@ -10393,6 +10545,7 @@ CVE-2022-26084
CVE-2022-2123 (The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to
CSRF whi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2122 (DOS / potential heap overwrite in qtdemux using zlib
decompression. In ...)
+ {DSA-5204-1 DLA-3069-1}
- gst-plugins-good1.0 1.20.3-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0003.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
@@ -11133,8 +11286,8 @@ CVE-2022-33672 (Azure Site Recovery Elevation of
Privilege Vulnerability. This C
NOT-FOR-US: Microsoft
CVE-2022-33671 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
NOT-FOR-US: Microsoft
-CVE-2022-33670
- RESERVED
+CVE-2022-33670 (Windows Partition Management Driver Elevation of Privilege
Vulnerabili ...)
+ TODO: check
CVE-2022-33669 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-33668 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
@@ -11175,14 +11328,14 @@ CVE-2022-33651 (Azure Site Recovery Elevation of
Privilege Vulnerability. This C
NOT-FOR-US: Microsoft
CVE-2022-33650 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
NOT-FOR-US: Microsoft
-CVE-2022-33649
- RESERVED
-CVE-2022-33648
- RESERVED
+CVE-2022-33649 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability. ...)
+ TODO: check
+CVE-2022-33648 (Microsoft Excel Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-33647
RESERVED
-CVE-2022-33646
- RESERVED
+CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability.
...)
+ TODO: check
CVE-2022-33645
RESERVED
CVE-2022-33644 (Xbox Live Save Service Elevation of Privilege Vulnerability.
...)
@@ -11193,16 +11346,16 @@ CVE-2022-33642 (Azure Site Recovery Elevation of
Privilege Vulnerability. This C
NOT-FOR-US: Microsoft
CVE-2022-33641 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
NOT-FOR-US: Microsoft
-CVE-2022-33640
- RESERVED
+CVE-2022-33640 (System Center Operations Manager: Open Management
Infrastructure (OMI) ...)
+ TODO: check
CVE-2022-33639 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-33638 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-33637 (Microsoft Defender for Endpoint Tampering Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-33636
- RESERVED
+CVE-2022-33636 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability. ...)
+ TODO: check
CVE-2022-33635
RESERVED
CVE-2022-33634
@@ -11211,8 +11364,8 @@ CVE-2022-33633 (Skype for Business and Lync Remote Code
Execution Vulnerability.
NOT-FOR-US: Skype for Business and Lync
CVE-2022-33632 (Microsoft Office Security Feature Bypass Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-33631
- RESERVED
+CVE-2022-33631 (Microsoft Excel Security Feature Bypass Vulnerability. ...)
+ TODO: check
CVE-2022-33630
RESERVED
CVE-2022-33629
@@ -14021,8 +14174,8 @@ CVE-2022-32431
RESERVED
CVE-2022-32430 (An access control issue in Lin CMS Spring Boot v0.2.1 allows
attackers ...)
NOT-FOR-US: Lin CMS
-CVE-2022-32429
- RESERVED
+CVE-2022-32429 (An authentication-bypass issue in the component
http://MYDEVICEIP/cgi- ...)
+ TODO: check
CVE-2022-32428
RESERVED
CVE-2022-32427
@@ -14548,8 +14701,8 @@ CVE-2022-32247 (SAP NetWeaver Enterprise Portal -
versions 7.10, 7.11, 7.20, 7.3
NOT-FOR-US: SAP
CVE-2022-32246 (SAP Busines Objects Business Intelligence Platform (Visual
Difference ...)
NOT-FOR-US: SAP
-CVE-2022-32245
- RESERVED
+CVE-2022-32245 (SAP BusinessObjects Business Intelligence Platform (Open
Document) - v ...)
+ TODO: check
CVE-2022-32244
RESERVED
CVE-2022-32243 (When a user opens manipulated Scalable Vector Graphics (.svg,
svg.x3d) ...)
@@ -14804,8 +14957,7 @@ CVE-2022-32191
RESERVED
CVE-2022-32190
RESERVED
-CVE-2022-32189
- RESERVED
+CVE-2022-32189 (A too-short encoded message can cause a panic in
Float.GobDecode and R ...)
- golang-1.19 1.19-1
- golang-1.18 1.18.5-1
- golang-1.17 <unfixed>
@@ -14900,8 +15052,7 @@ CVE-2022-32150
RESERVED
CVE-2022-32149
RESERVED
-CVE-2022-32148
- RESERVED
+CVE-2022-32148 (Improper exposure of client IP addresses in net/http before Go
1.17.12 ...)
- golang-1.19 1.19~rc1-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -14939,8 +15090,7 @@ CVE-2022-30997 (Use of hard-coded credentials
vulnerability exists in STARDOM FC
NOT-FOR-US: Yokogawa Electric Corporation
CVE-2022-29519 (Cleartext transmission of sensitive information vulnerability
exists i ...)
NOT-FOR-US: Yokogawa Electric Corporation
-CVE-2022-1962
- RESERVED
+CVE-2022-1962 (Uncontrolled recursion in the Parse functions in go/parser
before Go 1 ...)
- golang-1.19 1.19~rc2-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -15872,36 +16022,42 @@ CVE-2022-31765
CVE-2022-31764
RESERVED
CVE-2022-1925 (DOS / potential heap overwrite in mkv demuxing using
HEADERSTRIP decom ...)
+ {DSA-5204-1 DLA-3069-1}
- gst-plugins-good1.0 1.20.3-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b
(1.20.3)
CVE-2022-1924 (DOS / potential heap overwrite in mkv demuxing using lzo
decompression ...)
+ {DSA-5204-1 DLA-3069-1}
- gst-plugins-good1.0 1.20.3-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b
(1.20.3)
CVE-2022-1923 (DOS / potential heap overwrite in mkv demuxing using bzip
decompressio ...)
+ {DSA-5204-1 DLA-3069-1}
- gst-plugins-good1.0 1.20.3-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b
(1.20.3)
CVE-2022-1922 (DOS / potential heap overwrite in mkv demuxing using zlib
decompressio ...)
+ {DSA-5204-1 DLA-3069-1}
- gst-plugins-good1.0 1.20.3-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b
(1.20.3)
CVE-2022-1921 (Integer overflow in avidemux element in gst_avi_demux_invert
function ...)
+ {DSA-5204-1 DLA-3069-1}
- gst-plugins-good1.0 1.20.3-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0001.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f503caad676971933dc0b52c4b313e5ef0d6dbb0
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0d9ce6c9412006c7bf2aefd1992e7d6ba16e93b7
(1.20.3)
CVE-2022-1920 (Integer overflow in matroskademux element in
gst_matroska_demux_add_wv ...)
+ {DSA-5204-1 DLA-3069-1}
- gst-plugins-good1.0 1.20.3-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0004.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226
@@ -16241,14 +16397,14 @@ CVE-2022-31677
RESERVED
CVE-2022-31676
RESERVED
-CVE-2022-31675
- RESERVED
-CVE-2022-31674
- RESERVED
-CVE-2022-31673
- RESERVED
-CVE-2022-31672
- RESERVED
+CVE-2022-31675 (VMware vRealize Operations contains an authentication bypass
vulnerabi ...)
+ TODO: check
+CVE-2022-31674 (VMware vRealize Operations contains an information disclosure
vulnerab ...)
+ TODO: check
+CVE-2022-31673 (VMware vRealize Operations contains an information disclosure
vulnerab ...)
+ TODO: check
+CVE-2022-31672 (VMware vRealize Operations contains a privilege escalation
vulnerabili ...)
+ TODO: check
CVE-2022-31671
RESERVED
CVE-2022-31670
@@ -19224,8 +19380,7 @@ CVE-2022-30637
RESERVED
CVE-2022-30636
RESERVED
-CVE-2022-30635
- RESERVED
+CVE-2022-30635 (Uncontrolled recursion in Decoder.Decode in encoding/gob
before Go 1.1 ...)
- golang-1.19 1.19~rc2-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -19246,8 +19401,7 @@ CVE-2022-30634 (Infinite loop in Read in crypto/rand
before Go 1.17.11 and Go 1.
NOTE: https://go.dev/issue/52561
NOTE:
https://github.com/golang/go/commit/32dedaa69e22f1a058ae90b9484fd4c3b46fbcbf
(go1.18.3)
NOTE:
https://github.com/golang/go/commit/2be03d789de905a4b050ff5f3a51b724e1b09494
(go1.17.11)
-CVE-2022-30633
- RESERVED
+CVE-2022-30633 (Uncontrolled recursion in Unmarshal in encoding/xml before Go
1.17.12 ...)
- golang-1.19 1.19~rc2-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -19257,8 +19411,7 @@ CVE-2022-30633
NOTE:
https://github.com/golang/go/commit/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08
(go1.19rc2)
NOTE:
https://github.com/golang/go/commit/2924ced71d16297320e8ff18829c2038e6ad8d9b
(go1.18.4)
NOTE:
https://github.com/golang/go/commit/2678d0c957193dceef336c969a9da74dd716a827
(go1.17.12)
-CVE-2022-30632
- RESERVED
+CVE-2022-30632 (Uncontrolled recursion in Glob in path/filepath before Go
1.17.12 and ...)
- golang-1.19 1.19~rc2-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -19268,8 +19421,7 @@ CVE-2022-30632
NOTE:
https://github.com/golang/go/commit/ac68c6c683409f98250d34ad282b9e1b0c9095ef
(go1.19rc2)
NOTE:
https://github.com/golang/go/commit/5ebd862b1714dad1544bd10a24c47cdb53ad7f46
(go1.18.4)
NOTE:
https://github.com/golang/go/commit/76f8b7304d1f7c25834e2a0cc9e88c55276c47df
(go1.17.12)
-CVE-2022-30631
- RESERVED
+CVE-2022-30631 (Uncontrolled recursion in Reader.Read in compress/gzip before
Go 1.17. ...)
- golang-1.19 1.19~rc2-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -19279,8 +19431,7 @@ CVE-2022-30631
NOTE:
https://github.com/golang/go/commit/b2b8872c876201eac2d0707276c6999ff3eb185e
(go1.19rc2)
NOTE:
https://github.com/golang/go/commit/8e27a8ac4c001c27713810b75925aa3794049c48
(go1.18.4)
NOTE:
https://github.com/golang/go/commit/0117dee7dccbbd7803d88f65a2ce8bd686219ad3
(go1.17.12)
-CVE-2022-30630
- RESERVED
+CVE-2022-30630 (Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and
Go 1.18. ...)
- golang-1.19 1.19~rc2-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -19290,8 +19441,7 @@ CVE-2022-30630
NOTE:
https://github.com/golang/go/commit/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59
(go1.19rc2)
NOTE:
https://github.com/golang/go/commit/315e80d293b684ac2902819e58f618f1b5a14d49
(go1.18.4)
NOTE:
https://github.com/golang/go/commit/8c1d8c836270615cfb5b229932269048ef59ac07
(go1.17.12)
-CVE-2022-30629
- RESERVED
+CVE-2022-30629 (Non-random values for ticket_age_add in session tickets in
crypto/tls ...)
- golang-1.18 1.18.3-1
- golang-1.17 1.17.11-1
- golang-1.15 <removed>
@@ -19336,8 +19486,7 @@ CVE-2022-28704 (Improper access control vulnerability
in Rakuten Casa version AP
NOT-FOR-US: Rakuten Casa
CVE-2022-26834 (Improper access control vulnerability in Rakuten Casa version
AP_F_V1_ ...)
NOT-FOR-US: Rakuten Casa
-CVE-2022-1705
- RESERVED
+CVE-2022-1705 (Acceptance of some invalid Transfer-Encoding headers in the
HTTP/1 cli ...)
- golang-1.19 1.19~rc1-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -19490,8 +19639,7 @@ CVE-2022-30582
RESERVED
CVE-2022-30581
RESERVED
-CVE-2022-30580
- RESERVED
+CVE-2022-30580 (Code injection in Cmd.Start in os/exec before Go 1.17.11 and
Go 1.18.3 ...)
- golang-1.18 <not-affected> (Only affects Go on Windows)
- golang-1.17 <not-affected> (Only affects Go on Windows)
- golang-1.15 <not-affected> (Only affects Go on Windows)
@@ -19509,10 +19657,10 @@ CVE-2022-30576
RESERVED
CVE-2022-30575
RESERVED
-CVE-2022-30574
- RESERVED
-CVE-2022-30573
- RESERVED
+CVE-2022-30574 (The ftlserver component of TIBCO Software Inc.'s TIBCO FTL -
Community ...)
+ TODO: check
+CVE-2022-30573 (The ftlserver component of TIBCO Software Inc.'s TIBCO FTL -
Community ...)
+ TODO: check
CVE-2022-30572 (The iWay Service Manager Console component of TIBCO Software
Inc.'s TI ...)
NOT-FOR-US: TIBCO
CVE-2022-30571 (The iWay Service Manager Console component of TIBCO Software
Inc.'s TI ...)
@@ -20710,14 +20858,14 @@ CVE-2022-30199
RESERVED
CVE-2022-30198
RESERVED
-CVE-2022-30197
- RESERVED
+CVE-2022-30197 (Windows Kernel Information Disclosure Vulnerability. This CVE
ID is un ...)
+ TODO: check
CVE-2022-30196
RESERVED
CVE-2022-30195
RESERVED
-CVE-2022-30194
- RESERVED
+CVE-2022-30194 (Windows WebBrowser Control Remote Code Execution
Vulnerability. ...)
+ TODO: check
CVE-2022-30193 (AV1 Video Extension Remote Code Execution Vulnerability. This
CVE ID i ...)
NOT-FOR-US: Microsoft
CVE-2022-30192 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
@@ -20752,10 +20900,10 @@ CVE-2022-30178 (Azure RTOS GUIX Studio Remote Code
Execution Vulnerability. This
NOT-FOR-US: Microsoft
CVE-2022-30177 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
NOT-FOR-US: Microsoft
-CVE-2022-30176
- RESERVED
-CVE-2022-30175
- RESERVED
+CVE-2022-30176 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
+ TODO: check
+CVE-2022-30175 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
+ TODO: check
CVE-2022-30174 (Microsoft Office Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-30173 (Microsoft Excel Remote Code Execution Vulnerability. ...)
@@ -20816,8 +20964,8 @@ CVE-2022-30146 (Windows Lightweight Directory Access
Protocol (LDAP) Remote Code
NOT-FOR-US: Microsoft
CVE-2022-30145 (Windows Encrypting File System (EFS) Remote Code Execution
Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2022-30144
- RESERVED
+CVE-2022-30144 (Windows Bluetooth Service Remote Code Execution Vulnerability.
...)
+ TODO: check
CVE-2022-30143 (Windows Lightweight Directory Access Protocol (LDAP) Remote
Code Execu ...)
NOT-FOR-US: Microsoft
CVE-2022-30142 (Windows File History Remote Code Execution Vulnerability. ...)
@@ -20836,10 +20984,10 @@ CVE-2022-30136 (Windows Network File System Remote
Code Execution Vulnerability.
NOT-FOR-US: Microsoft
CVE-2022-30135 (Windows Media Center Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-30134
- RESERVED
-CVE-2022-30133
- RESERVED
+CVE-2022-30134 (Microsoft Exchange Information Disclosure Vulnerability. This
CVE ID i ...)
+ TODO: check
+CVE-2022-30133 (Windows Point-to-Point Protocol (PPP) Remote Code Execution
Vulnerabil ...)
+ TODO: check
CVE-2022-30132 (Windows Container Manager Service Elevation of Privilege
Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2022-30131 (Windows Container Isolation FS Filter Driver Elevation of
Privilege Vu ...)
@@ -21959,8 +22107,7 @@ CVE-2022-29806 (ZoneMinder before 1.36.13 allows remote
code execution via an in
NOTE: Only supported for trusted users/behind auth, see
README.debian.security
CVE-2022-29805
RESERVED
-CVE-2022-29804
- RESERVED
+CVE-2022-29804 (Incorrect conversion of certain invalid paths to valid,
absolute paths ...)
- golang-1.18 <not-affected> (Only affects Go on Windows)
- golang-1.17 <not-affected> (Only affects Go on Windows)
- golang-1.15 <not-affected> (Only affects Go on Windows)
@@ -23969,8 +24116,8 @@ CVE-2022-29085 (Dell Unity, Dell UnityVSA, and Dell
Unity XT versions prior to 5
NOT-FOR-US: Dell
CVE-2022-29084 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions before
5.2.0.0.5 ...)
NOT-FOR-US: Dell
-CVE-2022-29083
- RESERVED
+CVE-2022-29083 (Prior Dell BIOS versions contain an Improper Authentication
vulnerabil ...)
+ TODO: check
CVE-2022-29082 (Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x,
19.2.x, 19.2.0 ...)
NOT-FOR-US: EMC
CVE-2022-1332 (One of the API in Mattermost version 6.4.1 and earlier fails to
proper ...)
@@ -26251,8 +26398,7 @@ CVE-2022-1192 (The Turn off all comments WordPress
plugin through 1.0 does not s
NOT-FOR-US: WordPress plugin
CVE-2021-46779
RESERVED
-CVE-2021-46778
- RESERVED
+CVE-2021-46778 (Execution unit scheduler contention may lead to a side channel
vulnera ...)
NOT-FOR-US: AMD
CVE-2021-46777
RESERVED
@@ -26835,8 +26981,7 @@ CVE-2022-28133 (Jenkins Bitbucket Server Integration
Plugin 3.1.0 and earlier do
NOT-FOR-US: Jenkins plugin
CVE-2022-28132
RESERVED
-CVE-2022-28131
- RESERVED
+CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before
Go 1.17. ...)
- golang-1.18 1.18.4-1
- golang-1.15 <removed>
- golang-1.11 <removed>
@@ -37333,8 +37478,8 @@ CVE-2022-24518 (Azure Site Recovery Elevation of
Privilege Vulnerability. This C
NOT-FOR-US: Microsoft
CVE-2022-24517 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
NOT-FOR-US: Microsoft
-CVE-2022-24516
- RESERVED
+CVE-2022-24516 (Microsoft Exchange Server Elevation of Privilege
Vulnerability. This C ...)
+ TODO: check
CVE-2022-24515 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-24514
@@ -37411,8 +37556,8 @@ CVE-2022-24479 (Connected User Experiences and
Telemetry Elevation of Privilege
NOT-FOR-US: Microsoft
CVE-2022-24478
RESERVED
-CVE-2022-24477
- RESERVED
+CVE-2022-24477 (Microsoft Exchange Server Elevation of Privilege
Vulnerability. This C ...)
+ TODO: check
CVE-2022-24476
RESERVED
CVE-2022-24475 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
@@ -42089,8 +42234,8 @@ CVE-2022-23240
RESERVED
CVE-2022-23239
RESERVED
-CVE-2022-23238
- RESERVED
+CVE-2022-23238 (Linux deployments of StorageGRID (formerly StorageGRID
Webscale) versi ...)
+ TODO: check
CVE-2022-23237 (E-Series SANtricity OS Controller Software 11.x versions
through 11.70 ...)
NOT-FOR-US: E-Series SANtricity OS Controller Software
CVE-2022-23236 (E-Series SANtricity OS Controller Software versions 11.40
through 11.7 ...)
@@ -42995,8 +43140,8 @@ CVE-2021-4204 [eBPF Improper Input Validation
Vulnerability]
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/4
-CVE-2022-22983
- RESERVED
+CVE-2022-22983 (VMware Workstation (16.x prior to 16.2.4) contains an
unprotected stor ...)
+ TODO: check
CVE-2022-22982 (The vCenter Server contains a server-side request forgery
(SSRF) vulne ...)
NOT-FOR-US: VMWare
CVE-2022-22981
@@ -48705,10 +48850,10 @@ CVE-2022-21982
RESERVED
CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-21980
- RESERVED
-CVE-2022-21979
- RESERVED
+CVE-2022-21980 (Microsoft Exchange Server Elevation of Privilege
Vulnerability. This C ...)
+ TODO: check
+CVE-2022-21979 (Microsoft Exchange Information Disclosure Vulnerability. This
CVE ID i ...)
+ TODO: check
CVE-2022-21978 (Microsoft Exchange Server Elevation of Privilege
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-21977 (Media Foundation Information Disclosure Vulnerability. This
CVE ID is ...)
@@ -59606,42 +59751,42 @@ CVE-2022-20363
RESERVED
CVE-2022-20362
RESERVED
-CVE-2022-20361
- RESERVED
-CVE-2022-20360
- RESERVED
-CVE-2022-20359
- RESERVED
-CVE-2022-20358
- RESERVED
-CVE-2022-20357
- RESERVED
-CVE-2022-20356
- RESERVED
-CVE-2022-20355
- RESERVED
-CVE-2022-20354
- RESERVED
-CVE-2022-20353
- RESERVED
-CVE-2022-20352
- RESERVED
+CVE-2022-20361 (In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible
vulnerabil ...)
+ TODO: check
+CVE-2022-20360 (In setChecked of SecureNfcPreferenceController.java, there is
a missin ...)
+ TODO: check
+CVE-2022-20359 (In various methods of NotificationManagerService.java, there
is a poss ...)
+ TODO: check
+CVE-2022-20358 (In startSync of AbstractThreadedSyncAdapter.java, there is a
possible ...)
+ TODO: check
+CVE-2022-20357 (In writeToParcel of SurfaceControl.cpp, there is a possible
informatio ...)
+ TODO: check
+CVE-2022-20356 (In shouldAllowFgsWhileInUsePermissionLocked of
ActiveServices.java, th ...)
+ TODO: check
+CVE-2022-20355 (In get of PacProxyService.java, there is a possible system
service cra ...)
+ TODO: check
+CVE-2022-20354 (In onDefaultNetworkChanged of Vpn.java, there is a possible
way to dis ...)
+ TODO: check
+CVE-2022-20353 (In onSaveRingtone of DefaultRingtonePreference.java, there is
a possib ...)
+ TODO: check
+CVE-2022-20352 (In addProviderRequestListener of LocationManagerService.java,
there is ...)
+ TODO: check
CVE-2022-20351
RESERVED
-CVE-2022-20350
- RESERVED
-CVE-2022-20349
- RESERVED
-CVE-2022-20348
- RESERVED
-CVE-2022-20347
- RESERVED
-CVE-2022-20346
- RESERVED
-CVE-2022-20345
- RESERVED
-CVE-2022-20344
- RESERVED
+CVE-2022-20350 (In onCreate of NotificationAccessConfirmationActivity.java,
there is a ...)
+ TODO: check
+CVE-2022-20349 (In WifiScanningPreferenceController and
BluetoothScanningPreferenceCon ...)
+ TODO: check
+CVE-2022-20348 (In updateState of
LocationServicesWifiScanningPreferenceController.jav ...)
+ TODO: check
+CVE-2022-20347 (In onAttach of ConnectedDeviceDashboardFragment.java, there is
a possi ...)
+ TODO: check
+CVE-2022-20346 (In updateAudioTrackInfoFromESDS_MPEG4Audio of
MPEG4Extractor.cpp, ther ...)
+ TODO: check
+CVE-2022-20345 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible
out of bo ...)
+ TODO: check
+CVE-2022-20344 (In stealReceiveChannel of EventThread.cpp, there is a possible
way to ...)
+ TODO: check
CVE-2022-20343
RESERVED
CVE-2022-20342
@@ -59850,8 +59995,8 @@ CVE-2022-20241
RESERVED
CVE-2022-20240
RESERVED
-CVE-2022-20239
- RESERVED
+CVE-2022-20239 ('remap_pfn_range' here may map out of size kernel memory (for
example, ...)
+ TODO: check
CVE-2022-20238 ('remap_pfn_range' here may map out of size kernel memory (for
example, ...)
NOT-FOR-US: Unisoc
CVE-2022-20237
@@ -66715,8 +66860,8 @@ CVE-2021-40042 (There is a release of invalid pointer
vulnerability in some Huaw
NOT-FOR-US: Huawei
CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI
WS318n pr ...)
NOT-FOR-US: Huawei
-CVE-2021-40040
- RESERVED
+CVE-2021-40040 (Vulnerability of writing data to an arbitrary address in the
HW_KEYMAS ...)
+ TODO: check
CVE-2021-40039 (There is a Null pointer dereference vulnerability in the
camera module ...)
NOT-FOR-US: Huawei
CVE-2021-40038 (There is a Double free vulnerability in the AOD module in
smartphones. ...)
@@ -66727,16 +66872,16 @@ CVE-2021-40036 (The bone voice ID TA has a memory
overwrite vulnerability. Succe
NOT-FOR-US: Huawei
CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary
error with ...)
NOT-FOR-US: Huawei
-CVE-2021-40034
- RESERVED
+CVE-2021-40034 (The video framework has the memory overwriting vulnerability
caused by ...)
+ TODO: check
CVE-2021-40033 (There is an information exposure vulnerability on several
Huawei Produ ...)
NOT-FOR-US: Huawei
CVE-2021-40032 (The bone voice ID TA has a vulnerability in information
management,Suc ...)
NOT-FOR-US: Huawei
CVE-2021-40031 (There is a Null pointer dereference vulnerability in the
camera module ...)
NOT-FOR-US: Huawei
-CVE-2021-40030
- RESERVED
+CVE-2021-40030 (The My HUAWEI app has a defect in the design. Successful
exploitation ...)
+ TODO: check
CVE-2021-40029 (There is a Buffer overflow vulnerability due to a boundary
error with ...)
NOT-FOR-US: Huawei
CVE-2021-40028 (The eID module has an out-of-bounds memory write
vulnerability,Success ...)
@@ -67471,8 +67616,8 @@ CVE-2021-39698 (In aio_poll_complete_work of aio.c,
there is a possible memory c
NOTE: https://source.android.com/security/bulletin/2022-03-01
CVE-2021-39697 (In checkFileUriDestination of DownloadProvider.java, there is
a possib ...)
NOT-FOR-US: Android
-CVE-2021-39696
- RESERVED
+CVE-2021-39696 (In Task.java, there is a possible escalation of privilege due
to a con ...)
+ TODO: check
CVE-2021-39695 (In createOrUpdate of BasePermission.java, there is a possible
permissi ...)
NOT-FOR-US: Android
CVE-2021-39694 (In parse of RoleParser.java, there is a possible way for
default apps ...)
@@ -82437,14 +82582,14 @@ CVE-2021-33648 (When performing the inference shape
operation of Affine, Concat,
NOT-FOR-US: Mindspore deep learning
CVE-2021-33647 (When performing the inference shape operation of the Tile
operator, if ...)
NOT-FOR-US: Mindspore deep learning
-CVE-2021-33646
- RESERVED
-CVE-2021-33645
- RESERVED
-CVE-2021-33644
- RESERVED
-CVE-2021-33643
- RESERVED
+CVE-2021-33646 (The th_read() function doesn’t free a variable
t->th_buf.gnu_ ...)
+ TODO: check
+CVE-2021-33645 (The th_read() function doesn’t free a variable
t->th_buf.gnu_ ...)
+ TODO: check
+CVE-2021-33644 (An attacker who submits a crafted tar file with size in header
struct ...)
+ TODO: check
+CVE-2021-33643 (An attacker who submits a crafted tar file with size in header
struct ...)
+ TODO: check
CVE-2021-33642
RESERVED
CVE-2021-33641
@@ -125884,7 +126029,7 @@ CVE-2020-28368 (Xen through 4.14.x allows guest OS
administrators to obtain sens
- xen 4.14.0+80-gd101b417b7-1
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-351.html
-CVE-2020-28367 (Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument
Injection. ...)
+CVE-2020-28367 (Code injection in the go command with cgo before Go 1.14.12
and Go 1.1 ...)
{DLA-2460-1}
- golang-1.15 1.15.5-1
- golang-1.11 <removed>
@@ -160638,7 +160783,7 @@ CVE-2020-14360 (A flaw was found in the X.Org Server
before version 1.20.10. An
{DSA-4803-1 DLA-2486-1}
- xorg-server 2:1.20.10-1 (bug #976216)
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b
-CVE-2020-14359 (A vulnerability was found in all versions of keycloak, where
on using ...)
+CVE-2020-14359 (A vulnerability was found in all versions of Keycloak
Gatekeeper, wher ...)
NOT-FOR-US: Keycloak
CVE-2020-14358
REJECTED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c84f2b60b8442253e9811a8ed5227b9c575e51d4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c84f2b60b8442253e9811a8ed5227b9c575e51d4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
