Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
db1c6f02 by security tracker role at 2023-01-04T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2023-22602
+ RESERVED
+CVE-2023-22601
+ RESERVED
+CVE-2023-22600
+ RESERVED
+CVE-2023-22599
+ RESERVED
+CVE-2023-22598
+ RESERVED
+CVE-2023-22597
+ RESERVED
+CVE-2023-22596
+ RESERVED
+CVE-2023-22595
+ RESERVED
+CVE-2023-22594
+ RESERVED
+CVE-2023-22593
+ RESERVED
+CVE-2023-22592
+ RESERVED
+CVE-2023-22591
+ RESERVED
+CVE-2023-22590
+ RESERVED
+CVE-2023-22589
+ RESERVED
+CVE-2023-22588
+ RESERVED
+CVE-2023-22587
+ RESERVED
+CVE-2023-0043
+ RESERVED
+CVE-2023-0042
+ RESERVED
+CVE-2023-0041
+ RESERVED
CVE-2023-22586
RESERVED
CVE-2023-22585
@@ -8460,8 +8498,8 @@ CVE-2022-46083
RESERVED
CVE-2022-46082
RESERVED
-CVE-2022-46081
- RESERVED
+CVE-2022-46081 (In Garmin Connect 4.61, terminating a LiveTrack session
wouldn't preve ...)
+ TODO: check
CVE-2022-46080
RESERVED
CVE-2022-46079
@@ -8946,8 +8984,8 @@ CVE-2022-45868 (The web-based admin console in H2
Database Engine through 2.1.21
- h2database <unfixed> (unimportant)
NOTE: Not cosidered a vulnerability of H2 Console by vendor. Passwords
should never be
NOTE: passed on the command line.
-CVE-2022-45867
- RESERVED
+CVE-2022-45867 (MyBB before 1.8.33 allows Directory Traversal. The Admin CP
Languages ...)
+ TODO: check
CVE-2022-45866 (qpress before PierreLvx/qpress 20220819 and before version
11.3, as us ...)
NOT-FOR-US: qpress
CVE-2022-4136 (Dangerous method exposed which can lead to RCE in
qmpass/leadshop v1.4 ...)
@@ -10075,6 +10113,7 @@ CVE-2022-4027 (The Simple:Press plugin for WordPress is
vulnerable to Stored Cro
CVE-2022-4026
RESERVED
CVE-2022-4025 (Inappropriate implementation in Paint in Google Chrome prior to
98.0.4 ...)
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-4024 (The Registration Forms WordPress plugin before 3.8.1.3 does not
have a ...)
@@ -12200,17 +12239,17 @@ CVE-2022-44757
RESERVED
CVE-2022-44756 (Insights for Vulnerability Remediation (IVR) is vulnerable to
improper ...)
NOT-FOR-US: HCL
-CVE-2022-44755 (IBM Notes is susceptible to a stack based buffer overflow
vulnerabilit ...)
+CVE-2022-44755 (HCL Notes is susceptible to a stack based buffer overflow
vulnerabilit ...)
NOT-FOR-US: IBM
-CVE-2022-44754 (IBM Domino is susceptible to a stack based buffer overflow
vulnerabili ...)
+CVE-2022-44754 (HCL Domino is susceptible to a stack based buffer overflow
vulnerabili ...)
NOT-FOR-US: IBM
-CVE-2022-44753 (IBM Notes is susceptible to a stack based buffer overflow
vulnerabilit ...)
+CVE-2022-44753 (HCL Notes is susceptible to a stack based buffer overflow
vulnerabilit ...)
NOT-FOR-US: IBM
-CVE-2022-44752 (IBM Domino is susceptible to a stack based buffer overflow
vulnerabili ...)
+CVE-2022-44752 (HCL Domino is susceptible to a stack based buffer overflow
vulnerabili ...)
NOT-FOR-US: IBM
-CVE-2022-44751 (IBM Notes is susceptible to a stack based buffer overflow
vulnerabilit ...)
+CVE-2022-44751 (HCL Notes is susceptible to a stack based buffer overflow
vulnerabilit ...)
NOT-FOR-US: IBM
-CVE-2022-44750 (IBM Domino is susceptible to a stack based buffer overflow
vulnerabili ...)
+CVE-2022-44750 (HCL Domino is susceptible to a stack based buffer overflow
vulnerabili ...)
NOT-FOR-US: IBM
CVE-2022-44747 (Local privilege escalation due to improper soft link handling.
The fol ...)
NOT-FOR-US: Acronis
@@ -12255,6 +12294,7 @@ CVE-2022-3865 (The WP User Merger WordPress plugin
before 1.5.3 does not properl
CVE-2022-3864
RESERVED
CVE-2022-3863 (Use after free in Browser History in Google Chrome prior to
100.0.4896 ...)
+ {DSA-5114-1}
- chromium 100.0.4896.75-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-21418
@@ -13604,6 +13644,7 @@ CVE-2022-42465
CVE-2022-3843
RESERVED
CVE-2022-3842 (Use after free in Passwords in Google Chrome prior to
105.0.5195.125 a ...)
+ {DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3841
@@ -13975,10 +14016,10 @@ CVE-2022-44537
RESERVED
CVE-2022-44536
RESERVED
-CVE-2022-44535
- RESERVED
-CVE-2022-44534
- RESERVED
+CVE-2022-44535 (A vulnerability in the Aruba EdgeConnect Enterprise
Orchestrator web-b ...)
+ TODO: check
+CVE-2022-44534 (A vulnerability in the Aruba EdgeConnect Enterprise
Orchestrator web-b ...)
+ TODO: check
CVE-2022-44533 (A vulnerability in the Aruba EdgeConnect Enterprise web
management int ...)
NOT-FOR-US: Aruba
CVE-2022-44532 (An authenticated path traversal vulnerability exists in the
Aruba Edge ...)
@@ -15040,8 +15081,8 @@ CVE-2022-44038 (Russound XSourcePlayer 777D v06.08.03
was discovered to contain
NOT-FOR-US: Russound XSourcePlayer 777D
CVE-2022-44037 (An access control issue in APsystems ENERGY COMMUNICATION UNIT
(ECU-C) ...)
NOT-FOR-US: APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control
Software
-CVE-2022-44036
- RESERVED
+CVE-2022-44036 (** DISPUTED ** In b2evolution 7.2.5, if configured with
admins_can_man ...)
+ TODO: check
CVE-2022-44035
RESERVED
CVE-2022-44034 (An issue was discovered in the Linux kernel through 6.0.6.
drivers/cha ...)
@@ -18106,42 +18147,42 @@ CVE-2022-43542 (Vulnerabilities in the Aruba
EdgeConnect Enterprise command line
NOT-FOR-US: Aruba
CVE-2022-43541 (Vulnerabilities in the Aruba EdgeConnect Enterprise command
line inter ...)
NOT-FOR-US: Aruba
-CVE-2022-43540
- RESERVED
-CVE-2022-43539
- RESERVED
-CVE-2022-43538
- RESERVED
-CVE-2022-43537
- RESERVED
-CVE-2022-43536
- RESERVED
-CVE-2022-43535
- RESERVED
-CVE-2022-43534
- RESERVED
-CVE-2022-43533
- RESERVED
-CVE-2022-43532
- RESERVED
-CVE-2022-43531
- RESERVED
-CVE-2022-43530
- RESERVED
-CVE-2022-43529
- RESERVED
-CVE-2022-43528
- RESERVED
-CVE-2022-43527
- RESERVED
-CVE-2022-43526
- RESERVED
-CVE-2022-43525
- RESERVED
-CVE-2022-43524
- RESERVED
-CVE-2022-43523
- RESERVED
+CVE-2022-43540 (A vulnerability exists in the ClearPass OnGuard macOS agent
that allow ...)
+ TODO: check
+CVE-2022-43539 (A vulnerability exists in the ClearPass Policy Manager cluster
communi ...)
+ TODO: check
+CVE-2022-43538 (Vulnerabilities in the ClearPass Policy Manager web-based
management i ...)
+ TODO: check
+CVE-2022-43537 (Vulnerabilities in the ClearPass Policy Manager web-based
management i ...)
+ TODO: check
+CVE-2022-43536 (Vulnerabilities in the ClearPass Policy Manager web-based
management i ...)
+ TODO: check
+CVE-2022-43535 (A vulnerability in the ClearPass OnGuard Windows agent could
allow mal ...)
+ TODO: check
+CVE-2022-43534 (A vulnerability in the ClearPass OnGuard Linux agent could
allow malic ...)
+ TODO: check
+CVE-2022-43533 (A vulnerability in the ClearPass OnGuard macOS agent could
allow malic ...)
+ TODO: check
+CVE-2022-43532 (A vulnerability in the web-based management interface of
ClearPass Pol ...)
+ TODO: check
+CVE-2022-43531 (Vulnerabilities in the web-based management interface of
ClearPass Pol ...)
+ TODO: check
+CVE-2022-43530 (Vulnerabilities in the web-based management interface of
ClearPass Pol ...)
+ TODO: check
+CVE-2022-43529 (A vulnerability in the web-based management interface of Aruba
EdgeCon ...)
+ TODO: check
+CVE-2022-43528 (Under certain configurations, an attacker can login to Aruba
EdgeConne ...)
+ TODO: check
+CVE-2022-43527 (Multiple vulnerabilities within the web-based management
interface of ...)
+ TODO: check
+CVE-2022-43526 (Multiple vulnerabilities within the web-based management
interface of ...)
+ TODO: check
+CVE-2022-43525 (Multiple vulnerabilities within the web-based management
interface of ...)
+ TODO: check
+CVE-2022-43524 (A vulnerability in the web-based management interface of Aruba
EdgeCon ...)
+ TODO: check
+CVE-2022-43523 (Multiple vulnerabilities in the web-based management interface
of Arub ...)
+ TODO: check
CVE-2022-43522 (Multiple vulnerabilities in the web-based management interface
of Arub ...)
NOT-FOR-US: Aruba
CVE-2022-43521 (Multiple vulnerabilities in the web-based management interface
of Arub ...)
@@ -20619,8 +20660,8 @@ CVE-2022-42712
RESERVED
CVE-2022-42711 (In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker
application ...)
NOT-FOR-US: Progress WhatsUp Gold
-CVE-2022-42710
- RESERVED
+CVE-2022-42710 (Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f,
0.32-07p, 0.3 ...)
+ TODO: check
CVE-2022-42709
RESERVED
CVE-2022-42708
@@ -21282,8 +21323,8 @@ CVE-2022-42437
RESERVED
CVE-2022-42436
RESERVED
-CVE-2022-42435
- RESERVED
+CVE-2022-42435 (IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2,
19.0.1, 19.0. ...)
+ TODO: check
CVE-2022-42433
RESERVED
CVE-2022-42432
@@ -30872,8 +30913,8 @@ CVE-2022-38725
RESERVED
CVE-2022-38724 (Silverstripe silverstripe/framework through 4.11.0,
silverstripe/asset ...)
NOT-FOR-US: SilverStripe CMS
-CVE-2022-38723
- RESERVED
+CVE-2022-38723 (Gravitee API Management before 3.15.13 allows path traversal
through H ...)
+ TODO: check
CVE-2022-38722
RESERVED
CVE-2022-38721
@@ -30947,8 +30988,8 @@ CVE-2022-2969 (Delta Industrial Automation DIALink
versions prior to v1.5.0.0 Be
NOT-FOR-US: Delta Industrial Automation DIALink
CVE-2022-2968
RESERVED
-CVE-2022-2967
- RESERVED
+CVE-2022-2967 (Prosys OPC UA Simulation Server version prior to v5.3.0-64 and
UA Modb ...)
+ TODO: check
CVE-2022-2966 (Out-of-bounds Read vulnerability in Delta Electronics
DOPSoft.This iss ...)
NOT-FOR-US: Delta Electronics DOPSoft
CVE-2022-2965 (Improper Restriction of Rendered UI Layers or Frames in GitHub
reposit ...)
@@ -31219,8 +31260,8 @@ CVE-2022-38629
RESERVED
CVE-2022-38628 (Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e,
0.32-09c, ...)
NOT-FOR-US: Nortek Linear eMerge E3-Series
-CVE-2022-38627
- RESERVED
+CVE-2022-38627 (Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e,
0.32-09c, ...)
+ TODO: check
CVE-2022-38626
RESERVED
CVE-2022-38625 (** DISPUTED ** Patlite NH-FB v1.46 and below was discovered to
contain ...)
@@ -35969,8 +36010,8 @@ CVE-2022-2557 (The Team WordPress plugin before 4.1.2
contains a file which coul
NOT-FOR-US: WordPress plugin
CVE-2021-46830 (A path traversal vulnerability exists within GoAnywhere MFT
before 6.8 ...)
NOT-FOR-US: GoAnywhere MFT
-CVE-2022-36943
- RESERVED
+CVE-2022-36943 (SSZipArchive versions 2.5.3 and older contain an arbitrary
file write ...)
+ TODO: check
CVE-2022-36942
RESERVED
CVE-2022-36941
@@ -47273,10 +47314,10 @@ CVE-2022-32667
RESERVED
CVE-2022-32666
RESERVED
-CVE-2022-32665
- RESERVED
-CVE-2022-32664
- RESERVED
+CVE-2022-32665 (In Boa, there is a possible command injection due to improper
input va ...)
+ TODO: check
+CVE-2022-32664 (In Config Manager, there is a possible command injection due
to improp ...)
+ TODO: check
CVE-2022-32663
RESERVED
CVE-2022-32662
@@ -47285,56 +47326,56 @@ CVE-2022-32661
RESERVED
CVE-2022-32660
RESERVED
-CVE-2022-32659
- RESERVED
-CVE-2022-32658
- RESERVED
-CVE-2022-32657
- RESERVED
+CVE-2022-32659 (In Wi-Fi driver, there is a possible undefined behavior due to
incorre ...)
+ TODO: check
+CVE-2022-32658 (In Wi-Fi driver, there is a possible undefined behavior due to
incorre ...)
+ TODO: check
+CVE-2022-32657 (In Wi-Fi driver, there is a possible undefined behavior due to
incorre ...)
+ TODO: check
CVE-2022-32656
RESERVED
CVE-2022-32655
RESERVED
CVE-2022-32654
RESERVED
-CVE-2022-32653
- RESERVED
-CVE-2022-32652
- RESERVED
-CVE-2022-32651
- RESERVED
-CVE-2022-32650
- RESERVED
-CVE-2022-32649
- RESERVED
-CVE-2022-32648
- RESERVED
-CVE-2022-32647
- RESERVED
-CVE-2022-32646
- RESERVED
-CVE-2022-32645
- RESERVED
-CVE-2022-32644
- RESERVED
+CVE-2022-32653 (In mtk-aie, there is a possible use after free due to a logic
error. T ...)
+ TODO: check
+CVE-2022-32652 (In mtk-aie, there is a possible use after free due to a logic
error. T ...)
+ TODO: check
+CVE-2022-32651 (In mtk-aie, there is a possible use after free due to a logic
error. T ...)
+ TODO: check
+CVE-2022-32650 (In mtk-isp, there is a possible use after free due to a logic
error. T ...)
+ TODO: check
+CVE-2022-32649 (In jpeg, there is a possible use after free due to a logic
error. This ...)
+ TODO: check
+CVE-2022-32648 (In disp, there is a possible use after free due to a race
condition. T ...)
+ TODO: check
+CVE-2022-32647 (In ccu, there is a possible out of bounds write due to
improper input ...)
+ TODO: check
+CVE-2022-32646 (In gpu drm, there is a possible stack overflow due to a
missing bounds ...)
+ TODO: check
+CVE-2022-32645 (In vow, there is a possible information disclosure due to a
race condi ...)
+ TODO: check
+CVE-2022-32644 (In vow, there is a possible use after free due to a race
condition. Th ...)
+ TODO: check
CVE-2022-32643
RESERVED
CVE-2022-32642
RESERVED
-CVE-2022-32641
- RESERVED
-CVE-2022-32640
- RESERVED
-CVE-2022-32639
- RESERVED
-CVE-2022-32638
- RESERVED
-CVE-2022-32637
- RESERVED
-CVE-2022-32636
- RESERVED
-CVE-2022-32635
- RESERVED
+CVE-2022-32641 (In meta wifi, there is a possible out of bounds read due to a
missing ...)
+ TODO: check
+CVE-2022-32640 (In meta wifi, there is a possible out of bounds write due to a
missing ...)
+ TODO: check
+CVE-2022-32639 (In watchdog, there is a possible out of bounds read due to a
missing b ...)
+ TODO: check
+CVE-2022-32638 (In isp, there is a possible out of bounds write due to a race
conditio ...)
+ TODO: check
+CVE-2022-32637 (In hevc decoder, there is a possible out of bounds write due
to a miss ...)
+ TODO: check
+CVE-2022-32636 (In keyinstall, there is a possible out of bounds write due to
an integ ...)
+ TODO: check
+CVE-2022-32635 (In gps, there is a possible out of bounds write due to a
missing bound ...)
+ TODO: check
CVE-2022-32634 (In ccci, there is a possible out of bounds write due to
improper input ...)
NOT-FOR-US: Mediatek
CVE-2022-32633 (In Wi-Fi, there is a possible memory access violation due to a
logic e ...)
@@ -47357,8 +47398,8 @@ CVE-2022-32625 (In display, there is a possible out of
bounds write due to an in
NOT-FOR-US: Mediatek
CVE-2022-32624 (In throttling, there is a possible out of bounds write due to
an incor ...)
NOT-FOR-US: Mediatek
-CVE-2022-32623
- RESERVED
+CVE-2022-32623 (In mdp, there is a possible out of bounds write due to
incorrect error ...)
+ TODO: check
CVE-2022-32622 (In gz, there is a possible memory corruption due to a missing
bounds c ...)
NOT-FOR-US: Mediatek
CVE-2022-32621 (In isp, there is a possible out of bounds write due to a race
conditio ...)
@@ -75156,8 +75197,8 @@ CVE-2022-23508
RESERVED
CVE-2022-23507 (Tendermint is a high-performance blockchain consensus engine
for Byzan ...)
TODO: check
-CVE-2022-23506
- RESERVED
+CVE-2022-23506 (Spinnaker is an open source, multi-cloud continuous delivery
platform ...)
+ TODO: check
CVE-2022-23505 (Passport-wsfed-saml2 is a ws-federation protocol and SAML2
tokens auth ...)
TODO: check
CVE-2022-23504 (TYPO3 is an open source PHP based web content management
system. Versi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db1c6f02f8c8e78e0934cf588b215729d46545ae
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db1c6f02f8c8e78e0934cf588b215729d46545ae
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
