Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7914391e by security tracker role at 2023-02-17T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-25943
+ RESERVED
+CVE-2023-25942
+ RESERVED
+CVE-2023-25941
+ RESERVED
+CVE-2023-25940
+ RESERVED
+CVE-2023-25939
+ RESERVED
+CVE-2023-25938
+ RESERVED
+CVE-2023-25937
+ RESERVED
+CVE-2023-25936
+ RESERVED
+CVE-2023-25935
+ RESERVED
+CVE-2023-25934
+ RESERVED
+CVE-2023-25933
+ RESERVED
+CVE-2023-25756
+ RESERVED
+CVE-2023-25546
+ RESERVED
+CVE-2023-23904
+ RESERVED
+CVE-2023-23573
+ RESERVED
+CVE-2023-22449
+ RESERVED
+CVE-2023-22444
+ RESERVED
+CVE-2023-22356
+ RESERVED
+CVE-2023-22351
+ RESERVED
+CVE-2023-22330
+ RESERVED
+CVE-2023-22329
+ RESERVED
+CVE-2023-0882
+ RESERVED
+CVE-2023-0881
+ RESERVED
+CVE-2023-0880 (Misinterpretation of Input in GitHub repository
thorsten/phpmyfaq prio ...)
+ TODO: check
+CVE-2023-0879 (Cross-site Scripting (XSS) - Stored in GitHub repository
btcpayserver/ ...)
+ TODO: check
+CVE-2023-0878 (Cross-site Scripting (XSS) - Generic in GitHub repository
nuxt/framewo ...)
+ TODO: check
+CVE-2023-0877 (Code Injection in GitHub repository froxlor/froxlor prior to
2.0.11. ...)
+ TODO: check
+CVE-2023-0876
+ RESERVED
+CVE-2023-0875
+ RESERVED
+CVE-2023-0874
+ RESERVED
+CVE-2023-0873
+ RESERVED
CVE-2023-25932
RESERVED
CVE-2023-25931
@@ -56,8 +118,8 @@ CVE-2023-0868
RESERVED
CVE-2023-0867
RESERVED
-CVE-2023-0866
- RESERVED
+CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to 2.3 ...)
+ TODO: check
CVE-2023-0865
RESERVED
CVE-2023-0864
@@ -88,14 +150,14 @@ CVE-2023-0852
RESERVED
CVE-2023-0851
RESERVED
-CVE-2022-48327
- RESERVED
-CVE-2022-48326
- RESERVED
-CVE-2022-48325
- RESERVED
-CVE-2022-48324
- RESERVED
+CVE-2022-48327 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos
4.39.0 al ...)
+ TODO: check
+CVE-2022-48326 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos
4.39.0 al ...)
+ TODO: check
+CVE-2022-48325 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos
4.39.0 al ...)
+ TODO: check
+CVE-2022-48324 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos
4.39.0 al ...)
+ TODO: check
CVE-2021-46874
RESERVED
CVE-2023-25909
@@ -460,8 +522,8 @@ CVE-2023-25758 (Onekey Touch devices through 4.0.0 and
Onekey Mini devices throu
NOT-FOR-US: Onekey
CVE-2023-0822
RESERVED
-CVE-2023-0821
- RESERVED
+CVE-2023-0821 (HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and
1.4.3 job ...)
+ TODO: check
CVE-2023-0820
RESERVED
CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to v2. ...)
@@ -4793,12 +4855,12 @@ CVE-2023-24223
RESERVED
CVE-2023-24222
RESERVED
-CVE-2023-24221
- RESERVED
-CVE-2023-24220
- RESERVED
-CVE-2023-24219
- RESERVED
+CVE-2023-24221 (LuckyframeWEB v3.5 was discovered to contain a SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2023-24220 (LuckyframeWEB v3.5 was discovered to contain a SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2023-24219 (LuckyframeWEB v3.5 was discovered to contain a SQL injection
vulnerabi ...)
+ TODO: check
CVE-2023-24218
RESERVED
CVE-2023-24217
@@ -5079,8 +5141,8 @@ CVE-2023-24080
RESERVED
CVE-2023-24079
RESERVED
-CVE-2023-24078
- RESERVED
+CVE-2023-24078 (Real Time Logic FuguHub v8.1 and earlier was discovered to
contain a r ...)
+ TODO: check
CVE-2023-24077
RESERVED
CVE-2023-24076
@@ -6258,8 +6320,8 @@ CVE-2023-23697 (Dell Command | Intel vPro Out of Band,
versions before 4.4.0, co
NOT-FOR-US: Dell
CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1,
contain ...)
NOT-FOR-US: Dell
-CVE-2023-23695
- RESERVED
+CVE-2023-23695 (Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains
a broken ...)
+ TODO: check
CVE-2023-23694
RESERVED
CVE-2023-23693
@@ -6864,6 +6926,7 @@ CVE-2023-23530
RESERVED
CVE-2023-23529 [Processing maliciously crafted web content may lead to
arbitrary code execution]
RESERVED
+ {DSA-5352-1 DSA-5351-1}
- webkit2gtk 2.38.5-1
- wpewebkit 2.38.5-1
NOTE: https://webkitgtk.org/security/WSA-2023-0002.html
@@ -9405,7 +9468,8 @@ CVE-2022-4879 (A vulnerability was found in Forged
Alliance Forever up to 3746.
NOT-FOR-US: Forged Alliance Forever
CVE-2022-4878 (A vulnerability classified as critical has been found in JATOS.
Affect ...)
NOT-FOR-US: JATOS
-CVE-2020-36643 (A vulnerability was found in intgr uqm-wasm. It has been
classified as ...)
+CVE-2020-36643
+ REJECTED
NOT-FOR-US: intgr uqm-wasm
CVE-2020-36642 (A vulnerability was found in trampgeek jobe up to 1.6.x and
classified ...)
NOT-FOR-US: trampgeek jobe
@@ -11832,8 +11896,8 @@ CVE-2020-36620 (A vulnerability was found in Brondahl
EnumStringValues up to 4.0
NOT-FOR-US: Brondahl EnumStringValues
CVE-2023-22381
RESERVED
-CVE-2023-22380
- RESERVED
+CVE-2023-22380 (A path traversal vulnerability was identified in GitHub
Enterprise Ser ...)
+ TODO: check
CVE-2023-22373 (Cross-site scripting vulnerability in CONPROSYS HMI System
(CHS) Ver.3 ...)
NOT-FOR-US: CONPROSYS
CVE-2023-22339 (Improper access control vulnerability in CONPROSYS HMI System
(CHS) Ve ...)
@@ -12224,8 +12288,8 @@ CVE-2022-47705
RESERVED
CVE-2022-47704
RESERVED
-CVE-2022-47703
- RESERVED
+CVE-2022-47703 (TIANJIE CPE906-3 is vulnerable to password disclosure. This is
present ...)
+ TODO: check
CVE-2022-47702
RESERVED
CVE-2022-47701 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd)
CF-WR62 ...)
@@ -24619,8 +24683,8 @@ CVE-2022-44301
RESERVED
CVE-2022-44300
RESERVED
-CVE-2022-44299
- RESERVED
+CVE-2022-44299 (SiteServerCMS 7.1.3 sscms has a file read vulnerability. ...)
+ TODO: check
CVE-2022-44298 (SiteServer CMS 7.1.3 is vulnerable to SQL Injection. ...)
NOT-FOR-US: SiteServer CMS
CVE-2022-44297 (SiteServer CMS 7.1.3 has a SQL injection vulnerability the
background. ...)
@@ -33318,8 +33382,7 @@ CVE-2022-41646
RESERVED
CVE-2022-41628
RESERVED
-CVE-2022-41614
- RESERVED
+CVE-2022-41614 (Insufficiently protected credentials in the Intel(R) ON Event
Series A ...)
NOT-FOR-US: Intel
CVE-2022-40974
RESERVED
@@ -33833,8 +33896,8 @@ CVE-2022-41558 (The Visualizations component of TIBCO
Software Inc.'s TIBCO Spot
NOT-FOR-US: TIBCO
CVE-2022-41342 (Improper buffer restrictions the Intel(R) C++ Compiler Classic
before ...)
NOT-FOR-US: Intel
-CVE-2022-41314
- RESERVED
+CVE-2022-41314 (Uncontrolled search path in some Intel(R) Network Adapter
installer so ...)
+ TODO: check
CVE-2022-40982
RESERVED
CVE-2022-40971
@@ -37577,8 +37640,8 @@ CVE-2022-40082 (Hertz v0.3.0 ws discovered to contain a
path traversal vulnerabi
NOT-FOR-US: Hertz
CVE-2022-40081
RESERVED
-CVE-2022-40080
- RESERVED
+CVE-2022-40080 (Stack overflow vulnerability in Aspire E5-475G 's BIOS
firmware, in th ...)
+ TODO: check
CVE-2022-40079
RESERVED
CVE-2022-40078
@@ -42076,8 +42139,7 @@ CVE-2022-38401 (Adobe InCopy version 17.3 (and earlier)
and 16.4.2 (and earlier)
NOT-FOR-US: Adobe
CVE-2022-38102
RESERVED
-CVE-2022-38090
- RESERVED
+CVE-2022-38090 (Improper isolation of shared resources in some Intel(R)
Processors whe ...)
- intel-microcode <unfixed> (bug #1031334)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
@@ -43115,12 +43177,12 @@ CVE-2022-38076
CVE-2022-38060 (A privilege escalation vulnerability exists in the sudo
functionality ...)
- kolla <itp> (bug #804128)
NOTE: https://bugs.launchpad.net/kolla/+bug/1985784
-CVE-2022-38056
- RESERVED
+CVE-2022-38056 (Improper neutralization in the Intel(R) EMA software before
version 1. ...)
+ TODO: check
CVE-2022-37336
RESERVED
-CVE-2022-37329
- RESERVED
+CVE-2022-37329 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro
and Sta ...)
+ TODO: check
CVE-2022-36406
RESERVED
CVE-2022-36351
@@ -45128,8 +45190,8 @@ CVE-2022-37347 (Trend Micro Security 2021 and 2022
(Consumer) is vulnerable to a
NOT-FOR-US: Trend Micro
CVE-2022-37341
RESERVED
-CVE-2022-37340
- RESERVED
+CVE-2022-37340 (Uncontrolled search path in some Intel(R) QAT drivers for
Windows befo ...)
+ TODO: check
CVE-2022-37326
RESERVED
CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through
18.14.0, an ...)
@@ -45180,14 +45242,14 @@ CVE-2022-37305 (The Remote Keyless Entry (RKE)
receiving unit on certain Honda v
NOT-FOR-US: Remote Keyless Entry (RKE) receiving unit on Honda vehicles
CVE-2022-36426
RESERVED
-CVE-2022-36397
- RESERVED
-CVE-2022-36369
- RESERVED
+CVE-2022-36397 (Incorrect default permissions in the software installer for
some Intel ...)
+ TODO: check
+CVE-2022-36369 (Improper access control in some QATzip software maintained by
Intel(R) ...)
+ TODO: check
CVE-2022-36353
RESERVED
-CVE-2022-36348
- RESERVED
+CVE-2022-36348 (Active debug code in some Intel (R) SPS firmware before
version SPS_E5 ...)
+ TODO: check
CVE-2022-36291
RESERVED
CVE-2022-36281
@@ -46252,16 +46314,16 @@ CVE-2022-36944 (Scala 2.13.x before 2.13.9 has a Java
deserialization chain in i
- scala <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/scala/scala/pull/10118
NOTE:
https://github.com/scala/scala/commit/f24c226211eb340c999d810013efbff35a49863f
(v2.13.9)
-CVE-2022-36797
- RESERVED
-CVE-2022-36794
- RESERVED
+CVE-2022-36797 (Protection mechanism failure in the Intel(R) Ethernet 500
Series Contr ...)
+ TODO: check
+CVE-2022-36794 (Improper condition check in some Intel(R) SPS firmware before
version ...)
+ TODO: check
CVE-2022-36792
RESERVED
CVE-2022-36421
RESERVED
-CVE-2022-36416
- RESERVED
+CVE-2022-36416 (Protection mechanism failure in the Intel(R) Ethernet 500
Series Contr ...)
+ TODO: check
CVE-2022-36393
RESERVED
CVE-2022-36366
@@ -47405,16 +47467,16 @@ CVE-2022-36392
RESERVED
CVE-2022-36384 (Unquoted search path in the installer software for some
Intel(r) NUC K ...)
NOT-FOR-US: Intel
-CVE-2022-36382
- RESERVED
+CVE-2022-36382 (Out-of-bounds write in firmware for some Intel(R) Ethernet
Network Con ...)
+ TODO: check
CVE-2022-36380 (Uncontrolled search path in the installer software for some
Intel(r) N ...)
NOT-FOR-US: Intel
CVE-2022-36370 (Improper authentication in BIOS firmware for some Intel(R) NUC
Boards ...)
NOT-FOR-US: Intel
CVE-2022-36283
RESERVED
-CVE-2022-34864
- RESERVED
+CVE-2022-34864 (Out-of-bounds read in the Intel(R) Trace Analyzer and
Collector softwa ...)
+ TODO: check
CVE-2022-34859
RESERVED
CVE-2022-33963
@@ -47449,8 +47511,8 @@ CVE-2022-36409
RESERVED
CVE-2022-36408
REJECTED
-CVE-2022-36398
- RESERVED
+CVE-2022-36398 (Uncontrolled search path in the Intel(R) Battery Life
Diagnostic Tool ...)
+ TODO: check
CVE-2022-36396
RESERVED
CVE-2022-36395
@@ -47459,14 +47521,14 @@ CVE-2022-36377 (Incorrect default permissions in the
installer software for some
NOT-FOR-US: Intel
CVE-2022-36374
RESERVED
-CVE-2022-36287
- RESERVED
-CVE-2022-36278
- RESERVED
+CVE-2022-36287 (Uncaught exception in the FCS Server software maintained by
Intel befo ...)
+ TODO: check
+CVE-2022-36278 (Insufficient control flow management in the Intel(R) Battery
Life Diag ...)
+ TODO: check
CVE-2022-34855
RESERVED
-CVE-2022-34153
- RESERVED
+CVE-2022-34153 (Improper initialization in the Intel(R) Battery Life
Diagnostic Tool s ...)
+ TODO: check
CVE-2022-34147
RESERVED
CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
@@ -47598,21 +47660,20 @@ CVE-2022-36364 (Apache Calcite Avatica JDBC driver
creates HTTP client instances
NOT-FOR-US: Apache Calcite
CVE-2022-36298
RESERVED
-CVE-2022-35729
- RESERVED
+CVE-2022-35729 (Out of bounds read in firmware for OpenBMC in some Intel(R)
platforms ...)
+ TODO: check
CVE-2022-34848
RESERVED
CVE-2022-34846
RESERVED
CVE-2022-34657
RESERVED
-CVE-2022-33196
- RESERVED
+CVE-2022-33196 (Incorrect default permissions in some memory controller
configurations ...)
- intel-microcode <unfixed> (bug #1031334)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
-CVE-2022-32570
- RESERVED
+CVE-2022-32570 (Improper authentication in the Intel(R) Quartus Prime Pro and
Standard ...)
+ TODO: check
CVE-2022-32232
RESERVED
CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens
because of ...)
@@ -47682,12 +47743,12 @@ CVE-2022-35727
RESERVED
CVE-2022-34852
RESERVED
-CVE-2022-34849
- RESERVED
-CVE-2022-29494
- RESERVED
-CVE-2022-29493
- RESERVED
+CVE-2022-34849 (Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for
Windows ...)
+ TODO: check
+CVE-2022-29494 (Improper input validation in firmware for OpenBMC in some
Intel(R) pla ...)
+ TODO: check
+CVE-2022-29493 (Uncaught exception in webserver for the Integrated BMC in some
Intel(R ...)
+ TODO: check
CVE-2022-2501 (An improper access control issue in GitLab EE affecting all
versions f ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-2500 (A cross-site scripting issue has been discovered in GitLab
CE/EE affec ...)
@@ -47816,22 +47877,22 @@ CVE-2022-36294
RESERVED
CVE-2022-36290
RESERVED
-CVE-2022-36289
- RESERVED
-CVE-2022-35883
- RESERVED
+CVE-2022-36289 (Protection mechanism failure in the Intel(R) Media SDK
software before ...)
+ TODO: check
+CVE-2022-35883 (NULL pointer dereference in the Intel(R) Media SDK software
before ver ...)
+ TODO: check
CVE-2022-35274
RESERVED
CVE-2022-35237
RESERVED
CVE-2022-34860
RESERVED
-CVE-2022-34843
- RESERVED
+CVE-2022-34843 (Integer overflow in the Intel(R) Trace Analyzer and Collector
software ...)
+ TODO: check
CVE-2022-33949
RESERVED
-CVE-2022-32575
- RESERVED
+CVE-2022-32575 (Out-of-bounds write in the Intel(R) Trace Analyzer and
Collector softw ...)
+ TODO: check
CVE-2022-2485 (Any attempt (good or bad) to log into AutomationDirect Stride
Field I/ ...)
NOT-FOR-US: AutomationDirect
CVE-2022-2484 (The signature check in the Nokia ASIK AirScale system module
version 4 ...)
@@ -49364,8 +49425,8 @@ CVE-2022-33144
RESERVED
CVE-2022-29870
RESERVED
-CVE-2022-27170
- RESERVED
+CVE-2022-27170 (Protection mechanism failure in the Intel(R) Media SDK
software before ...)
+ TODO: check
CVE-2022-2395 (The weForms WordPress plugin before 1.6.14 does not sanitise
and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive
parameters wh ...)
@@ -51656,16 +51717,15 @@ CVE-2022-34863
RESERVED
CVE-2022-34856
RESERVED
-CVE-2022-34854
- RESERVED
-CVE-2022-34841
- RESERVED
+CVE-2022-34854 (Improper access control in the Intel(R) SUR software before
version 2. ...)
+ TODO: check
+CVE-2022-34841 (Improper buffer restrictions in the Intel(R) Media SDK
software before ...)
+ TODO: check
CVE-2022-34488 (Improper buffer restrictions in the firmware for some Intel(R)
NUC Lap ...)
NOT-FOR-US: Intel
-CVE-2022-34346
- RESERVED
-CVE-2022-33972
- RESERVED
+CVE-2022-34346 (Out-of-bounds read in the Intel(R) Media SDK software before
version 2 ...)
+ TODO: check
+CVE-2022-33972 (Incorrect calculation in microcode keying mechanism for some
3rd Gener ...)
- intel-microcode <unfixed> (bug #1031334)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00730.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
@@ -51673,8 +51733,8 @@ CVE-2022-33197
RESERVED
CVE-2022-32581
RESERVED
-CVE-2022-30531
- RESERVED
+CVE-2022-30531 (Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for
Windows ...)
+ TODO: check
CVE-2022-2287 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
...)
- vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284/
@@ -52599,24 +52659,24 @@ CVE-2022-34646
RESERVED
CVE-2022-34345 (Improper input validation in the firmware for some Intel(R)
NUC Laptop ...)
NOT-FOR-US: Intel
-CVE-2022-34157
- RESERVED
-CVE-2022-33964
- RESERVED
-CVE-2022-33946
- RESERVED
-CVE-2022-33190
- RESERVED
-CVE-2022-32971
- RESERVED
+CVE-2022-34157 (Improper access control in the Intel(R) FPGA SDK for
OpenCL(TM) with I ...)
+ TODO: check
+CVE-2022-33964 (Improper input validation in the Intel(R) SUR software before
version ...)
+ TODO: check
+CVE-2022-33946 (Improper authentication in the Intel(R) SUR software before
version 2. ...)
+ TODO: check
+CVE-2022-33190 (Improper input validation in the Intel(R) SUR software before
version ...)
+ TODO: check
+CVE-2022-32971 (Improper authentication in the Intel(R) SUR software before
version 2. ...)
+ TODO: check
CVE-2022-32579 (Improper initialization in the firmware for some Intel(R) NUC
Laptop K ...)
NOT-FOR-US: Intel
-CVE-2022-31476
- RESERVED
-CVE-2022-30692
- RESERVED
-CVE-2022-29514
- RESERVED
+CVE-2022-31476 (Improper access control in the Intel(R) SUR software before
version 2. ...)
+ TODO: check
+CVE-2022-30692 (Improper conditions check in the Intel(R) SUR software before
version ...)
+ TODO: check
+CVE-2022-29514 (Improper access control in the Intel(R) SUR software before
version 2. ...)
+ TODO: check
CVE-2022-27168 (Cross-site scripting vulnerability in LiteCart versions prior
to 2.4.2 ...)
NOT-FOR-US: LiteCart
CVE-2022-2214 (A vulnerability was found in SourceCodester Library Management
System ...)
@@ -54375,16 +54435,16 @@ CVE-2022-33973 (Improper access control in the
Intel(R) WAPI Security software f
NOT-FOR-US: Intel
CVE-2022-33898
RESERVED
-CVE-2022-32764
- RESERVED
+CVE-2022-32764 (Description: Race condition in the Intel(R) DSA software
before versio ...)
+ TODO: check
CVE-2022-32582
RESERVED
CVE-2022-32577
RESERVED
CVE-2022-32576
RESERVED
-CVE-2022-30530
- RESERVED
+CVE-2022-30530 (Protection mechanism failure in the Intel(R) DSA software
before versi ...)
+ TODO: check
CVE-2022-29895
RESERVED
CVE-2022-29871
@@ -54514,16 +54574,16 @@ CVE-2022-33945
RESERVED
CVE-2022-33942 (Protection mechanism failure in the Intel(R) DCM software
before versi ...)
NOT-FOR-US: Intel
-CVE-2022-33902
- RESERVED
+CVE-2022-33902 (Insufficient control flow management in the Intel(R) Quartus
Prime Pro ...)
+ TODO: check
CVE-2022-33899
RESERVED
CVE-2022-33895
RESERVED
CVE-2022-33894
RESERVED
-CVE-2022-33892
- RESERVED
+CVE-2022-33892 (Path traversal in the Intel(R) Quartus Prime Pro and Standard
edition ...)
+ TODO: check
CVE-2022-33209 (Improper input validation in the firmware for some Intel(R)
NUC Laptop ...)
NOT-FOR-US: Intel
CVE-2022-33200
@@ -54550,12 +54610,12 @@ CVE-2022-32288
RESERVED
CVE-2022-32233
RESERVED
-CVE-2022-32231
- RESERVED
+CVE-2022-32231 (Improper initialization in the BIOS firmware for some Intel(R)
Process ...)
+ TODO: check
CVE-2022-31477
RESERVED
-CVE-2022-30704
- RESERVED
+CVE-2022-30704 (Improper initialization in the Intel(R) TXT SINIT ACM for some
Intel(R ...)
+ TODO: check
CVE-2022-30691 (Uncontrolled resource consumption in the Intel(R) Support
Android appl ...)
NOT-FOR-US: Intel
CVE-2022-30606
@@ -57811,14 +57871,14 @@ CVE-2022-30601 (Insufficiently protected credentials
for Intel(R) AMT and Intel(
NOT-FOR-US: Intel
CVE-2022-30542 (Improper input validation in the firmware for some Intel(R)
Server Boa ...)
NOT-FOR-US: Intel
-CVE-2022-30539
- RESERVED
+CVE-2022-30539 (Use after free in the BIOS firmware for some Intel(R)
Processors may a ...)
+ TODO: check
CVE-2022-29920
RESERVED
CVE-2022-29896
RESERVED
-CVE-2022-29523
- RESERVED
+CVE-2022-29523 (Improper conditions check in the Open CAS software maintained
by Intel ...)
+ TODO: check
CVE-2022-28699
RESERVED
CVE-2022-28697 (Improper access control in firmware for Intel(R) AMT and
Intel(R) Stan ...)
@@ -63970,8 +64030,8 @@ CVE-2022-1671 (A NULL pointer dereference flaw was
found in rxrpc_preparse_s in
NOTE: Fixed by:
https://git.kernel.org/linus/ff8376ade4f668130385839cef586a0990f8ef87 (5.18-rc1)
CVE-2022-30548 (Uncontrolled search path element in the Intel(R) Glorp
software may al ...)
NOT-FOR-US: Intel
-CVE-2022-30339
- RESERVED
+CVE-2022-30339 (Out-of-bounds read in firmware for the Intel(R) Integrated
Sensor Solu ...)
+ TODO: check
CVE-2022-30338
RESERVED
CVE-2022-30296 (Insufficiently protected credentials in the Intel(R)
Datacenter Group ...)
@@ -63998,8 +64058,8 @@ CVE-2022-28693
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html
CVE-2022-27877
RESERVED
-CVE-2022-27808
- RESERVED
+CVE-2022-27808 (Insufficient control flow management in some Intel(R) Ethernet
Control ...)
+ TODO: check
CVE-2022-26844 (Insufficiently protected credentials in the installation
binaries for ...)
NOT-FOR-US: Intel
CVE-2022-26374 (Uncontrolled search path in the installation binaries for
Intel(R) SEA ...)
@@ -69397,26 +69457,26 @@ CVE-2022-27631 (A memory corruption vulnerability
exists in the httpd unescape f
NOT-FOR-US: DD-WRT
CVE-2022-27499 (Premature release of resource during expected lifetime in the
Intel(R) ...)
NOT-FOR-US: Intel
-CVE-2022-27234
- RESERVED
+CVE-2022-27234 (Server-side request forgery in the CVAT software maintained by
Intel(R ...)
+ TODO: check
CVE-2022-27187 (Uncontrolled search path element in the Intel(R) Quartus Prime
Standar ...)
NOT-FOR-US: Intel
CVE-2022-27173
RESERVED
CVE-2022-26845 (Improper authentication in firmware for Intel(R) AMT before
versions 1 ...)
NOT-FOR-US: Intel
-CVE-2022-26841
- RESERVED
-CVE-2022-26837
- RESERVED
+CVE-2022-26841 (Insufficient control flow management for the Intel(R) SGX SDK
software ...)
+ TODO: check
+CVE-2022-26837 (Improper input validation in the BIOS firmware for some
Intel(R) Proce ...)
+ TODO: check
CVE-2022-26833 (An improper authentication vulnerability exists in the REST
API functi ...)
NOT-FOR-US: Open Automation Software
CVE-2022-26515
RESERVED
CVE-2022-26513 (Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem
software befor ...)
NOT-FOR-US: Intel
-CVE-2022-26509
- RESERVED
+CVE-2022-26509 (Improper conditions check in the Intel(R) SGX SDK software may
allow a ...)
+ TODO: check
CVE-2022-26508 (Improper authentication in the Intel(R) SDP Tool before
version 3.0.0 ...)
NOT-FOR-US: Intel
CVE-2022-26376 (A memory corruption vulnerability exists in the httpd unescape
functio ...)
@@ -72960,10 +73020,10 @@ CVE-2022-27180
RESERVED
CVE-2022-26889 (In Splunk Enterprise versions before 8.1.2, the uri path to
load a rel ...)
NOT-FOR-US: Splunk
-CVE-2022-26888
- RESERVED
-CVE-2022-26840
- RESERVED
+CVE-2022-26888 (Cross-site scripting in the Intel(R) Quartus Prime Pro and
Standard ed ...)
+ TODO: check
+CVE-2022-26840 (Improper neutralization in the Intel(R) Quartus Prime Pro and
Standard ...)
+ TODO: check
CVE-2022-26070 (When handling a mismatched pre-authentication cookie, the
application ...)
NOT-FOR-US: Splunk
CVE-2022-26024 (Improper access control in the Intel(R) NUC HDMI Firmware
Update Tool ...)
@@ -74975,8 +75035,7 @@ CVE-2022-26849
RESERVED
CVE-2022-26848
RESERVED
-CVE-2022-26843
- RESERVED
+CVE-2022-26843 (Insufficient visual distinction of homoglyphs presented to
user in the ...)
NOT-FOR-US: Intel
CVE-2022-26832 (.NET Framework Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
@@ -75078,40 +75137,31 @@ CVE-2022-26784 (Windows Cluster Shared Volume (CSV)
Denial of Service Vulnerabil
NOT-FOR-US: Microsoft
CVE-2022-26783 (Windows Hyper-V Shared Virtual Hard Disks Information
Disclosure Vulne ...)
NOT-FOR-US: Microsoft
-CVE-2022-26512
- RESERVED
+CVE-2022-26512 (Uncontrolled search path element in the Intel(R) FPGA Add-on
for Intel ...)
NOT-FOR-US: Intel
-CVE-2022-26425
- RESERVED
+CVE-2022-26425 (Uncontrolled search path element in the Intel(R) oneAPI
Collective Com ...)
NOT-FOR-US: Intel
-CVE-2022-26421
- RESERVED
+CVE-2022-26421 (Uncontrolled search path element in the Intel(R) oneAPI
DPC++/C++ Comp ...)
NOT-FOR-US: Intel
CVE-2022-26342 (A buffer overflow vulnerability exists in the confsrv
ucloud_set_node_ ...)
NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
-CVE-2022-26076
- RESERVED
+CVE-2022-26076 (Uncontrolled search path element in the Intel(R) oneAPI Deep
Neural Ne ...)
NOT-FOR-US: Intel
-CVE-2022-26062
- RESERVED
+CVE-2022-26062 (Uncontrolled search path element in the Intel(R) Trace
Analyzer and Co ...)
NOT-FOR-US: Intel
-CVE-2022-26052
- RESERVED
+CVE-2022-26052 (Uncontrolled search path element in the Intel(R) MPI Library
before ve ...)
NOT-FOR-US: Intel
-CVE-2022-26032
- RESERVED
+CVE-2022-26032 (Uncontrolled search path element in the Intel(R) Distribution
for Pyth ...)
NOT-FOR-US: Intel
CVE-2022-26009 (A stack-based buffer overflow vulnerability exists in the
confsrv uclo ...)
NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-25996 (A stack-based buffer overflow vulnerability exists in the
confsrv addT ...)
NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
-CVE-2022-25987
- RESERVED
+CVE-2022-25987 (Improper handling of Unicode encoding in source code to be
compiled by ...)
NOT-FOR-US: Intel
CVE-2022-25915 (Improper access control vulnerability in ELECOM LAN routers
(WRC-1167G ...)
NOT-FOR-US: ELECOM LAN routers
-CVE-2022-25905
- RESERVED
+CVE-2022-25905 (Uncontrolled search path element in the Intel(R) oneAPI Data
Analytics ...)
NOT-FOR-US: Intel
CVE-2022-0910 (A downgrade from two-factor authentication to one-factor
authenticatio ...)
NOT-FOR-US: Zyxel
@@ -76383,11 +76433,10 @@ CVE-2022-26351
REJECTED
CVE-2022-26350
RESERVED
-CVE-2022-26345
- RESERVED
+CVE-2022-26345 (Uncontrolled search path element in the Intel(R) oneAPI
Toolkit OpenMP ...)
NOT-FOR-US: Intel
-CVE-2022-26343
- RESERVED
+CVE-2022-26343 (Improper access control in the BIOS firmware for some Intel(R)
Process ...)
+ TODO: check
CVE-2022-26337 (Trend Micro Password Manager (Consumer) installer version
5.0.0.1262 a ...)
NOT-FOR-US: Trend Micro
CVE-2022-26336 (A shortcoming in the HMEF package of poi-scratchpad (Apache
POI) allow ...)
@@ -76422,8 +76471,7 @@ CVE-2022-26006 (Improper input validation in the BIOS
firmware for some Intel(R)
NOT-FOR-US: Intel
CVE-2022-25999 (Uncontrolled search path element in the Intel(R) Enpirion(R)
Digital P ...)
NOT-FOR-US: Intel
-CVE-2022-25992
- RESERVED
+CVE-2022-25992 (Insecure inherited permissions in the Intel(R) oneAPI Toolkits
oneapi- ...)
NOT-FOR-US: Intel
CVE-2022-25966 (Improper access control in the Intel(R) Edge Insights for
Industrial s ...)
NOT-FOR-US: Intel
@@ -79468,8 +79516,8 @@ CVE-2022-0639 (Authorization Bypass Through
User-Controlled Key in NPM url-parse
NOTE:
https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788
(1.5.7)
CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist
microweber/microweber p ...)
NOT-FOR-US: microweber
-CVE-2022-0637
- RESERVED
+CVE-2022-0637 (There was an open redirection vulnerability pollbot, which was
used in ...)
+ TODO: check
CVE-2022-0636 (A denial of service vulnerability was reported in Lenovo Thin
Installe ...)
NOT-FOR-US: Lenovo
CVE-2022-0635 (Versions affected: BIND 9.18.0 When a vulnerable version of
named rece ...)
@@ -94961,8 +95009,8 @@ CVE-2022-21175
RESERVED
CVE-2022-21171
RESERVED
-CVE-2022-21163
- RESERVED
+CVE-2022-21163 (Improper access control in the Crypto API Toolkit for Intel(R)
SGX bef ...)
+ TODO: check
CVE-2022-21162
RESERVED
CVE-2022-21161
@@ -99434,8 +99482,7 @@ CVE-2021-43746 (Adobe Premiere Rush versions 1.5.16
(and earlier) allows access
NOT-FOR-US: Adobe
CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input
During Web ...)
- snipe-it <itp> (bug #1005172)
-CVE-2022-21216
- RESERVED
+CVE-2022-21216 (Insufficient granularity of access control in out-of-band
management i ...)
- intel-microcode <unfixed> (bug #1031334)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
@@ -100138,8 +100185,7 @@ CVE-2021-43531 (When a user loaded a Web Extensions
context menu, the Web Extens
CVE-2021-43530 (A Universal XSS vulnerability was present in Firefox for
Android resul ...)
- firefox 94.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43530
-CVE-2021-43529
- RESERVED
+CVE-2021-43529 (Thunderbird versions prior to 91.3.0 are vulnerable to the
heap overfl ...)
{DSA-5034-1 DLA-2874-1}
- thunderbird 1:91.3.0-1
NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6
@@ -128704,8 +128750,8 @@ CVE-2021-33106 (Integer overflow in the Safestring
library maintained by Intel(R
NOT-FOR-US: Intel
CVE-2021-33105 (Out-of-bounds read in some Intel(R) Core(TM) processors with
Radeon(TM ...)
NOT-FOR-US: Intel
-CVE-2021-33104
- RESERVED
+CVE-2021-33104 (Improper access control in the Intel(R) OFU software before
version 14 ...)
+ TODO: check
CVE-2021-33103 (Unintended intermediary in the BIOS authenticated code module
for some ...)
NOT-FOR-US: Intel
CVE-2021-33102
@@ -152006,8 +152052,7 @@ CVE-2021-23981 (A texture upload of a Pixel Buffer
Object could have confused th
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23981
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23981
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23981
-CVE-2021-23980 [mutation XSS via allowed math or svg; p or br; and style,
title, noscript, script, textarea, noframes, iframe, or xmp tags with
strip_comments=False]
- RESERVED
+CVE-2021-23980 (A mutation XSS affects users calling bleach.clean with all of:
svg or ...)
{DSA-4892-1 DLA-2620-1}
- python-bleach 3.2.1-2.1 (bug #986251)
NOTE:
https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq
@@ -174566,8 +174611,8 @@ CVE-2021-0189 (Use of out-of-range pointer offset in
the BIOS firmware for some
NOT-FOR-US: Intel
CVE-2021-0188 (Return of pointer value outside of expected range in the BIOS
firmware ...)
NOT-FOR-US: Intel
-CVE-2021-0187
- RESERVED
+CVE-2021-0187 (Improper access control in the BIOS firmware for some Intel(R)
Process ...)
+ TODO: check
CVE-2021-0186 (Improper input validation in the Intel(R) SGX SDK applications
compile ...)
NOT-FOR-US: Intel
CVE-2021-0185 (Improper input validation in the firmware for some Intel(R)
Server Boa ...)
@@ -210867,8 +210912,7 @@ CVE-2020-12415 (When "%2F" was present in a manifest
URL, Firefox's AppCache beh
CVE-2020-12414 (IndexedDB should be cleared when leaving private browsing mode
and it ...)
- firefox <not-affected> (Specific to Firefox on iOS)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/#CVE-2020-12414
-CVE-2020-12413 [racoon attack for NSS]
- RESERVED
+CVE-2020-12413 (The Raccoon attack is a timing attack on DHE ciphersuites
inherit in t ...)
- nss 2:3.17-1
[buster] - nss <no-dsa> (Minor issue)
[stretch] - nss <no-dsa> (Minor issue)
@@ -226664,8 +226708,7 @@ CVE-2020-6819 (Under certain conditions, when running
the nsDocShell destructor,
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6819
CVE-2020-6818
RESERVED
-CVE-2020-6817 [Regular expression denial of service]
- RESERVED
+CVE-2020-6817 (bleach.clean behavior parsing style attributes could result in
a regul ...)
{DLA-2167-1}
- python-bleach 3.1.4-1 (bug #955388)
[buster] - python-bleach <no-dsa> (Minor issue; some regression
potential)
@@ -250994,8 +251037,8 @@ CVE-2019-17005 (The plain text serializer used a
fixed-size array for the number
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17005
CVE-2019-17004
RESERVED
-CVE-2019-17003
- RESERVED
+CVE-2019-17003 (Scanning a QR code that contained a javascript: URL would have
resulte ...)
+ TODO: check
CVE-2019-17002 (If upgrade-insecure-requests was specified in the Content
Security Pol ...)
- firefox 70.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17002
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7914391e074c20965f51b8463904ff476ee157b7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7914391e074c20965f51b8463904ff476ee157b7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
