Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
af4b5d8d by security tracker role at 2023-03-07T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,147 @@
+CVE-2023-27892
+ RESERVED
+CVE-2023-27891 (rami.io pretix before 4.17.1 allows OAuth application
authorization fr ...)
+ TODO: check
+CVE-2023-27890
+ RESERVED
+CVE-2023-27878
+ RESERVED
+CVE-2023-27877
+ RESERVED
+CVE-2023-27876
+ RESERVED
+CVE-2023-27875
+ RESERVED
+CVE-2023-27874
+ RESERVED
+CVE-2023-27873
+ RESERVED
+CVE-2023-27872
+ RESERVED
+CVE-2023-27871
+ RESERVED
+CVE-2023-27870
+ RESERVED
+CVE-2023-27869
+ RESERVED
+CVE-2023-27868
+ RESERVED
+CVE-2023-27867
+ RESERVED
+CVE-2023-27866
+ RESERVED
+CVE-2023-27865
+ RESERVED
+CVE-2023-27864
+ RESERVED
+CVE-2023-27863
+ RESERVED
+CVE-2023-27862
+ RESERVED
+CVE-2023-27861
+ RESERVED
+CVE-2023-27860
+ RESERVED
+CVE-2023-27859
+ RESERVED
+CVE-2023-27858
+ RESERVED
+CVE-2023-27857
+ RESERVED
+CVE-2023-27856
+ RESERVED
+CVE-2023-27855
+ RESERVED
+CVE-2023-27854
+ RESERVED
+CVE-2023-25947
+ RESERVED
+CVE-2023-25076
+ RESERVED
+CVE-2023-24465
+ RESERVED
+CVE-2023-1246
+ RESERVED
+CVE-2023-1245
+ RESERVED
+CVE-2023-1244
+ RESERVED
+CVE-2023-1243
+ RESERVED
+CVE-2023-1242
+ RESERVED
+CVE-2023-1241
+ RESERVED
+CVE-2023-1240
+ RESERVED
+CVE-2023-1239
+ RESERVED
+CVE-2023-1238
+ RESERVED
+CVE-2023-1237
+ RESERVED
+CVE-2023-1236
+ RESERVED
+CVE-2023-1235
+ RESERVED
+CVE-2023-1234
+ RESERVED
+CVE-2023-1233
+ RESERVED
+CVE-2023-1232
+ RESERVED
+CVE-2023-1231
+ RESERVED
+CVE-2023-1230
+ RESERVED
+CVE-2023-1229
+ RESERVED
+CVE-2023-1228
+ RESERVED
+CVE-2023-1227
+ RESERVED
+CVE-2023-1226
+ RESERVED
+CVE-2023-1225
+ RESERVED
+CVE-2023-1224
+ RESERVED
+CVE-2023-1223
+ RESERVED
+CVE-2023-1222
+ RESERVED
+CVE-2023-1221
+ RESERVED
+CVE-2023-1220
+ RESERVED
+CVE-2023-1219
+ RESERVED
+CVE-2023-1218
+ RESERVED
+CVE-2023-1217
+ RESERVED
+CVE-2023-1216
+ RESERVED
+CVE-2023-1215
+ RESERVED
+CVE-2023-1214
+ RESERVED
+CVE-2023-1213
+ RESERVED
+CVE-2023-1212 (Cross-site Scripting (XSS) - Stored in GitHub repository
phpipam/phpip ...)
+ TODO: check
+CVE-2023-1211 (SQL Injection in GitHub repository phpipam/phpipam prior to
v1.5.2. ...)
+ TODO: check
+CVE-2023-1210
+ RESERVED
+CVE-2023-1209
+ RESERVED
+CVE-2023-1208
+ RESERVED
+CVE-2023-1207
+ RESERVED
+CVE-2023-1206
+ RESERVED
CVE-2023-27853
RESERVED
CVE-2023-27852
@@ -14,8 +158,8 @@ CVE-2023-1203 (Improper removal of sensitive data in the
entry edit feature of H
NOT-FOR-US: Devolutions
CVE-2023-1202
RESERVED
-CVE-2023-1201
- RESERVED
+CVE-2023-1201 (Improper access control in the secure messages feature in
Devolutions ...)
+ TODO: check
CVE-2023-1200 (A vulnerability was found in ehuacui bbs. It has been declared
as prob ...)
NOT-FOR-US: ehuacui bbs
CVE-2023-1199
@@ -514,8 +658,8 @@ CVE-2023-1180 (A vulnerability has been found in
SourceCodester Health Center Pa
NOT-FOR-US: SourceCodester Health Center Patient Record Management
System
CVE-2023-1179 (A vulnerability, which was classified as problematic, was found
in Sou ...)
NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
-CVE-2008-10004
- RESERVED
+CVE-2008-10004 (A vulnerability was found in Email Registration 5.x-2.1. It
has been d ...)
+ TODO: check
CVE-2023-27634
RESERVED
CVE-2023-27633
@@ -594,12 +738,12 @@ CVE-2023-1175 (Incorrect Calculation of Buffer Size in
GitHub repository vim/vim
NOTE:
https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba
(v9.0.1378)
CVE-2022-4930 (A vulnerability classified as problematic was found in nuxsmin
sysPass ...)
NOT-FOR-US: nuxsmin sysPass
-CVE-2017-20181
- RESERVED
+CVE-2017-20181 (A vulnerability classified as critical was found in hgzojer
Vocable Tr ...)
+ TODO: check
CVE-2017-20180 (A vulnerability classified as critical has been found in
Zerocoin libz ...)
TODO: check
-CVE-2015-10095
- RESERVED
+CVE-2015-10095 (A vulnerability classified as problematic has been found in
woo-popup ...)
+ TODO: check
CVE-2015-10094 (A vulnerability was found in Fastly Plugin up to 0.97. It has
been rat ...)
NOT-FOR-US: WordPress plugin
CVE-2015-10093 (A vulnerability was found in Mark User as Spammer Plugin
1.0.0/1.0.1. ...)
@@ -808,8 +952,8 @@ CVE-2023-1163 (A vulnerability has been found in DrayTek
Vigor 2960 1.5.1.4 and
NOT-FOR-US: DrayTek Vigor 2960
CVE-2023-1162 (A vulnerability, which was classified as critical, was found in
DrayTe ...)
NOT-FOR-US: DrayTek Vigor 2960
-CVE-2023-1161
- RESERVED
+CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to
4.0.3 an ...)
+ TODO: check
CVE-2023-1160 (Use of Platform-Dependent Third Party Components in GitHub
repository ...)
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-1159
@@ -994,8 +1138,8 @@ CVE-2023-27474 (Directus is a real-time API and App
dashboard for managing SQL d
NOT-FOR-US: Directus
CVE-2023-27473
RESERVED
-CVE-2023-27472
- RESERVED
+CVE-2023-27472 (quickentity-editor-next is an open source, system local, video
game as ...)
+ TODO: check
CVE-2023-27471
RESERVED
CVE-2023-27470
@@ -1418,10 +1562,10 @@ CVE-2023-27310
RESERVED
CVE-2023-27309
RESERVED
-CVE-2023-23554
- RESERVED
-CVE-2023-22847
- RESERVED
+CVE-2023-23554 (Uncontrolled search path element vulnerability exists in
pg_ivm versio ...)
+ TODO: check
+CVE-2023-22847 (Information disclosure vulnerability exists in pg_ivm versions
prior t ...)
+ TODO: check
CVE-2023-1098
RESERVED
CVE-2023-1097 (Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8
are vu ...)
@@ -2268,8 +2412,8 @@ CVE-2023-26951
RESERVED
CVE-2023-26950
RESERVED
-CVE-2023-26949
- RESERVED
+CVE-2023-26949 (An arbitrary file upload vulnerability in the component
/admin1/config ...)
+ TODO: check
CVE-2023-26948
RESERVED
CVE-2023-26947
@@ -2975,10 +3119,10 @@ CVE-2022-48363 (In MPD before 0.23.8, as used on
Automotive Grade Linux and othe
NOT-FOR-US: MPD as used by Automotive Grade Linux
CVE-2023-26602 (ASUS ASMB8 iKVM firmware through 1.14.51 allows remote
attackers to ex ...)
NOT-FOR-US: ASUS ASMB8 iKVM firmware
-CVE-2023-26601
- RESERVED
-CVE-2023-26600
- RESERVED
+CVE-2023-26601 (Zoho ManageEngine ServiceDesk Plus through 14104, Asset
Explorer throu ...)
+ TODO: check
+CVE-2023-26600 (ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus
MSP thro ...)
+ TODO: check
CVE-2023-26599
RESERVED
CVE-2023-26598
@@ -4564,8 +4708,8 @@ CVE-2023-26056 (XWiki Platform is a generic wiki
platform. Starting in version 3
NOT-FOR-US: XWiki
CVE-2023-26055 (XWiki Commons are technical libraries common to several other
top leve ...)
NOT-FOR-US: XWiki
-CVE-2023-26054
- RESERVED
+CVE-2023-26054 (BuildKit is a toolkit for converting source code to build
artifacts in ...)
+ TODO: check
CVE-2023-26053 (Gradle is a build tool with a focus on build automation and
support fo ...)
- gradle <not-affected> (The version of Gradle in Debian doesn't
support dependency verification yet)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2174854
@@ -6018,8 +6162,7 @@ CVE-2023-0758 (A vulnerability was found in glorylion
JFinalOA 1.0.2 and classif
NOT-FOR-US: glorylion JFinalOA
CVE-2023-0757
RESERVED
-CVE-2022-4904
- RESERVED
+CVE-2022-4904 (A flaw was found in the c-ares package. The ares_set_sortlist
is missi ...)
{DLA-3323-1}
- c-ares 1.18.1-2 (bug #1031525)
[bullseye] - c-ares <no-dsa> (Minor issue)
@@ -7226,8 +7369,8 @@ CVE-2023-25171 (Kiwi TCMS, an open source test management
system, does not impos
NOT-FOR-US: Kiwi TCMS
CVE-2023-25170
RESERVED
-CVE-2023-25169
- RESERVED
+CVE-2023-25169 (discourse-yearly-review is a discourse plugin which publishes
an autom ...)
+ TODO: check
CVE-2023-25168 (Wings is Pterodactyl's server control plane. This
vulnerability can be ...)
NOT-FOR-US: Wings
CVE-2023-25167 (Discourse is an open source discussion platform. In affected
versions ...)
@@ -8273,8 +8416,8 @@ CVE-2023-24778
RESERVED
CVE-2023-24777
RESERVED
-CVE-2023-24776
- RESERVED
+CVE-2023-24776 (Funadmin v3.2.0 was discovered to contain a remote code
execution (RCE ...)
+ TODO: check
CVE-2023-24775
RESERVED
CVE-2023-24774
@@ -8299,8 +8442,8 @@ CVE-2023-24765
RESERVED
CVE-2023-24764
RESERVED
-CVE-2023-24763
- RESERVED
+CVE-2023-24763 (In the module "Xen Forum" (xenforum) for PrestaShop, an
authenticated ...)
+ TODO: check
CVE-2023-24762
RESERVED
CVE-2023-24761
@@ -8372,16 +8515,16 @@ CVE-2023-24739
RESERVED
CVE-2023-24738
RESERVED
-CVE-2023-24737
- RESERVED
-CVE-2023-24736
- RESERVED
-CVE-2023-24735
- RESERVED
-CVE-2023-24734
- RESERVED
-CVE-2023-24733
- RESERVED
+CVE-2023-24737 (PMB v7.4.6 was discovered to contain a reflected cross-site
scripting ...)
+ TODO: check
+CVE-2023-24736 (PMB v7.4.6 was discovered to contain a remote code execution
(RCE) vul ...)
+ TODO: check
+CVE-2023-24735 (PMB v7.4.6 was discovered to contain an open redirect
vulnerability vi ...)
+ TODO: check
+CVE-2023-24734 (An arbitrary file upload vulnerability in the
camera_upload.php compon ...)
+ TODO: check
+CVE-2023-24733 (PMB v7.4.6 was discovered to contain a reflected cross-site
scripting ...)
+ TODO: check
CVE-2023-24732
RESERVED
CVE-2023-24731
@@ -9848,8 +9991,8 @@ CVE-2023-24219 (LuckyframeWEB v3.5 was discovered to
contain a SQL injection vul
NOT-FOR-US: LuckyframeWEB
CVE-2023-24218
RESERVED
-CVE-2023-24217
- RESERVED
+CVE-2023-24217 (AgileBio Electronic Lab Notebook v4.234 was discovered to
contain a lo ...)
+ TODO: check
CVE-2023-24216
RESERVED
CVE-2023-24215
@@ -10546,8 +10689,8 @@ CVE-2023-23941 (SwagPayPal is a PayPal integration for
shopware/platform. If Jav
NOT-FOR-US: SwagPayPal
CVE-2023-23940 (OpenZeppelin Contracts for Cairo is a library for secure smart
contrac ...)
NOT-FOR-US: OpenZeppelin Contracts
-CVE-2023-23939
- RESERVED
+CVE-2023-23939 (Azure/setup-kubectl is a GitHub Action for installing Kubectl.
This vu ...)
+ TODO: check
CVE-2023-23938
RESERVED
CVE-2023-23937 (Pimcore is an Open Source Data & Experience Management
Platform: P ...)
@@ -11435,8 +11578,7 @@ CVE-2023-23638
RESERVED
CVE-2023-0331 (The Correos Oficial WordPress plugin through 1.2.0.2 does not
have an ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0330
- RESERVED
+CVE-2023-0330 (A vulnerability in the lsi53c895a device affects the latest
version of ...)
- qemu <unfixed> (bug #1029155)
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
@@ -14556,8 +14698,8 @@ CVE-2023-22666
RESERVED
CVE-2023-0094
RESERVED
-CVE-2023-0093
- RESERVED
+CVE-2023-0093 (Okta Advanced Server Access Client versions 1.13.1 through
1.65.0 are ...)
+ TODO: check
CVE-2023-0092
RESERVED
CVE-2023-0090
@@ -15388,8 +15530,8 @@ CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a
CommonMark parsing and re
TODO: check other codebase, python-cmarkgfm, ghostwriter,
ruby-commonmarker and r-cran-commonmark
CVE-2023-22482 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
NOT-FOR-US: Argo CD
-CVE-2023-22481
- RESERVED
+CVE-2023-22481 (FreshRSS is a self-hosted RSS feed aggregator. When using the
greader ...)
+ TODO: check
CVE-2023-22480 (KubeOperator is an open source Kubernetes distribution focused
on help ...)
NOT-FOR-US: KubeOperator
CVE-2023-22479 (KubePi is a modern Kubernetes panel. A session fixation attack
allows ...)
@@ -19179,34 +19321,34 @@ CVE-2022-47486
RESERVED
CVE-2022-47485
RESERVED
-CVE-2022-47484
- RESERVED
-CVE-2022-47483
- RESERVED
-CVE-2022-47482
- RESERVED
-CVE-2022-47481
- RESERVED
-CVE-2022-47480
- RESERVED
-CVE-2022-47479
- RESERVED
-CVE-2022-47478
- RESERVED
-CVE-2022-47477
- RESERVED
-CVE-2022-47476
- RESERVED
-CVE-2022-47475
- RESERVED
-CVE-2022-47474
- RESERVED
-CVE-2022-47473
- RESERVED
-CVE-2022-47472
- RESERVED
-CVE-2022-47471
- RESERVED
+CVE-2022-47484 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47483 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47482 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47481 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47480 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47479 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47478 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47477 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47476 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47475 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47474 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47473 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47472 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47471 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
CVE-2022-47470
RESERVED
CVE-2022-47469
@@ -19223,26 +19365,26 @@ CVE-2022-47464
RESERVED
CVE-2022-47463
RESERVED
-CVE-2022-47462
- RESERVED
-CVE-2022-47461
- RESERVED
-CVE-2022-47460
- RESERVED
-CVE-2022-47459
- RESERVED
-CVE-2022-47458
- RESERVED
-CVE-2022-47457
- RESERVED
-CVE-2022-47456
- RESERVED
-CVE-2022-47455
- RESERVED
-CVE-2022-47454
- RESERVED
-CVE-2022-47453
- RESERVED
+CVE-2022-47462 (In telephone service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47461 (In telephone service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2022-47460 (In gpu device, there is a memory corruption due to a use after
free. T ...)
+ TODO: check
+CVE-2022-47459 (In wlan driver, there is a possible missing params check. This
could l ...)
+ TODO: check
+CVE-2022-47458 (In wlan driver, there is a possible missing params check. This
could l ...)
+ TODO: check
+CVE-2022-47457 (In wlan driver, there is a possible missing params check. This
could l ...)
+ TODO: check
+CVE-2022-47456 (In wlan driver, there is a possible missing params check. This
could l ...)
+ TODO: check
+CVE-2022-47455 (In wlan driver, there is a possible missing params check. This
could l ...)
+ TODO: check
+CVE-2022-47454 (In wlan driver, there is a possible missing params check. This
could l ...)
+ TODO: check
+CVE-2022-47453 (In wcn service, there is a possible missing params check. This
could l ...)
+ TODO: check
CVE-2022-47452 (In gnss driver, there is a possible out of bounds write due to
a missi ...)
NOT-FOR-US: Unisoc
CVE-2022-47451 (In wlan driver, there is a possible missing params check. This
could l ...)
@@ -24144,8 +24286,7 @@ CVE-2022-4135 (Heap buffer overflow in GPU in Google
Chrome prior to 107.0.5304.
{DSA-5289-1}
- chromium 107.0.5304.121-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-4134
- RESERVED
+CVE-2022-4134 (A flaw was found in openstack-glance. This issue could allow a
remote, ...)
NOTE: There's no code fix, just an update on best practices
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2147462
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0090
@@ -26423,14 +26564,12 @@ CVE-2022-45143 (The JsonErrorReportValve in Apache
Tomcat 8.5.83, 9.0.40 to 9.0.
NOTE:
https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e
(9.0.69)
NOTE:
https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf
(8.5.84)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/03/1
-CVE-2022-45142 [gsskrb5: fix accidental logic inversions]
- RESERVED
+CVE-2022-45142 (The fix for CVE-2022-3437 included changing memcmp to be
constant time ...)
{DSA-5344-1 DLA-3311-1}
- heimdal 7.8.git20221117.28daf24+dfsg-1.1 (bug #1030849)
NOTE: https://www.openwall.com/lists/oss-security/2023/02/08/1
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15296
-CVE-2022-45141
- RESERVED
+CVE-2022-45141 (Since the Windows Kerberos RC4-HMAC Elevation of Privilege
Vulnerabili ...)
- samba 2:4.16.0+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2022-45141.html
CVE-2022-45140 (The configuration backend allows an unauthenticated user to
write arbi ...)
@@ -27554,8 +27693,7 @@ CVE-2022-3859 (An uncontrolled search path
vulnerability exists in Trellix Agent
NOT-FOR-US: Trellix
CVE-2022-3858 (The Floating Chat Widget: Contact Chat Icons, Telegram Chat,
Line, WeC ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3857 [Null pointer dereference leads to segmentation fault]
- RESERVED
+CVE-2022-3857 (A flaw was found in libpng 1.6.38. A crafted PNG image can lead
to a s ...)
NOTE: Unreproducible libpng issue
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2142600
NOTE: https://sourceforge.net/p/libpng/bugs/300/
@@ -28673,8 +28811,7 @@ CVE-2022-44665
RESERVED
CVE-2022-3855 (The 404 to Start WordPress plugin through 1.6.1 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3854 [possible DoS issue in ceph URL processing on RGW backends]
- RESERVED
+CVE-2022-3854 (A flaw was found in Ceph, relating to the URL processing on RGW
backen ...)
- ceph 16.2.10+ds-5 (bug #1027151)
[bullseye] - ceph <not-affected> (Vulnerable code added in Ceph 16.1)
[buster] - ceph <not-affected> (Vulnerable code added in Ceph 16.1)
@@ -32364,8 +32501,7 @@ CVE-2022-3709 (A stored XSS vulnerability allows admin
to super-admin privilege
NOT-FOR-US: Sophos
CVE-2022-3708 (The Web Stories plugin for WordPress is vulnerable to
Server-Side Requ ...)
NOT-FOR-US: Web Stories plugin for WordPress
-CVE-2022-3707
- RESERVED
+CVE-2022-3707 (A double-free memory flaw was found in the Linux kernel. The
Intel GVT ...)
- linux 6.1.7-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137979
NOTE:
https://lore.kernel.org/all/[email protected]/
@@ -36491,8 +36627,7 @@ CVE-2022-3426 (The Advanced WP Columns WordPress plugin
through 2.0.6 does not s
NOT-FOR-US: WordPress plugin
CVE-2022-3425 (The Analyticator WordPress plugin before 6.5.6 unserializes
user input ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3424 [misc: sgi-gru: fix use-after-free error in
gru_set_context_option, gru_fault and gru_handle_user_call_os]
- RESERVED
+CVE-2022-3424 (A use-after-free flaw was found in the Linux kernel’s SGI
GRU dr ...)
- linux 6.1.4-1 (unimportant)
NOTE:
https://lore.kernel.org/all/[email protected]/
NOTE:
https://git.kernel.org/linus/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
@@ -37227,8 +37362,8 @@ CVE-2022-42250 (Simple Cold Storage Management System
v1.0 is vulnerable to SQL
NOT-FOR-US: Simple Cold Storage Management System
CVE-2022-42249 (Simple Cold Storage Management System v1.0 is vulnerable to
SQL inject ...)
NOT-FOR-US: Simple Cold Storage Management System
-CVE-2022-42248
- RESERVED
+CVE-2022-42248 (QlikView 12.60.2 was discovered to contain a stored cross-site
scripti ...)
+ TODO: check
CVE-2022-42247 (pfSense v2.5.2 was discovered to contain a cross-site
scripting (XSS) ...)
NOT-FOR-US: pfSense
CVE-2022-42246 (Doufox 0.0.4 contains a CSRF vulnerability that can add system
adminis ...)
@@ -39662,8 +39797,7 @@ CVE-2022-3278 (NULL Pointer Dereference in GitHub
repository vim/vim prior to 9.
NOTE: https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612/
NOTE:
https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e
(v9.0.0552)
NOTE: Crash in CLI toool, no security impact
-CVE-2022-3277 [unrestricted creation of security groups]
- RESERVED
+CVE-2022-3277 (An uncontrolled resource consumption flaw was found in
openstack-neutr ...)
- neutron <unfixed> (bug #1027150)
[bookworm] - neutron <no-dsa> (Minor issue)
[bullseye] - neutron <no-dsa> (Minor issue)
@@ -41614,34 +41748,34 @@ CVE-2022-40542
RESERVED
CVE-2022-40541
RESERVED
-CVE-2022-40540
- RESERVED
-CVE-2022-40539
- RESERVED
+CVE-2022-40540 (Memory corruption due to buffer copy without checking the size
of inpu ...)
+ TODO: check
+CVE-2022-40539 (Memory corruption in Automotive Android OS due to improper
validation ...)
+ TODO: check
CVE-2022-40538
RESERVED
-CVE-2022-40537
- RESERVED
+CVE-2022-40537 (Memory corruption in Bluetooth HOST while processing the
AVRC_PDU_GET_ ...)
+ TODO: check
CVE-2022-40536
RESERVED
-CVE-2022-40535
- RESERVED
+CVE-2022-40535 (Transient DOS due to buffer over-read in WLAN while sending a
packet t ...)
+ TODO: check
CVE-2022-40534
RESERVED
CVE-2022-40533
RESERVED
CVE-2022-40532
RESERVED
-CVE-2022-40531
- RESERVED
-CVE-2022-40530
- RESERVED
+CVE-2022-40531 (Memory corruption in WLAN due to incorrect type cast while
sending WMI ...)
+ TODO: check
+CVE-2022-40530 (Memory corruption in WLAN due to integer overflow to buffer
overflow i ...)
+ TODO: check
CVE-2022-40529
RESERVED
CVE-2022-40528
RESERVED
-CVE-2022-40527
- RESERVED
+CVE-2022-40527 (Transient DOS due to reachable assertion in WLAN while
processing PEER ...)
+ TODO: check
CVE-2022-40526
RESERVED
CVE-2022-40525
@@ -41664,8 +41798,8 @@ CVE-2022-40517 (Memory corruption in core due to
stack-based buffer overflow ...
NOT-FOR-US: Qualcomm
CVE-2022-40516 (Memory corruption in Core due to stack-based buffer overflow.
...)
NOT-FOR-US: Qualcomm
-CVE-2022-40515
- RESERVED
+CVE-2022-40515 (Memory corruption in Video due to double free while playing
3gp clip w ...)
+ TODO: check
CVE-2022-40514 (Memory corruption due to buffer copy without checking the size
of inpu ...)
NOT-FOR-US: Snapdragon
CVE-2022-40513 (Transient DOS due to uncontrolled resource consumption in WLAN
firmwar ...)
@@ -44415,7 +44549,7 @@ CVE-2022-39336
RESERVED
CVE-2022-39335
RESERVED
-CVE-2022-39334 (Nextcloud desktop is the desktop sync client for Nextcloud.
Versions p ...)
+CVE-2022-39334 (Nextcloud also ships a CLI utility called nextcloudcmd which
is someti ...)
- nextcloud-desktop 3.6.1-1
[bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
@@ -61248,8 +61382,8 @@ CVE-2022-33313 (Multiple command injection
vulnerabilities exist in the web_serv
NOT-FOR-US: Robustel R1510
CVE-2022-33312 (Multiple command injection vulnerabilities exist in the
web_server act ...)
NOT-FOR-US: Robustel R1510
-CVE-2022-33309
- RESERVED
+CVE-2022-33309 (Transient DOS due to buffer over-read in WLAN Firmware while
parsing s ...)
+ TODO: check
CVE-2022-33308
RESERVED
CVE-2022-33307
@@ -61310,8 +61444,8 @@ CVE-2022-33280 (Memory corruption due to access of
uninitialized pointer in Blue
NOT-FOR-US: Qualcomm
CVE-2022-33279 (Memory corruption due to stack based buffer overflow in WLAN
having in ...)
NOT-FOR-US: Qualcomm
-CVE-2022-33278
- RESERVED
+CVE-2022-33278 (Memory corruption due to buffer copy without checking the size
of inpu ...)
+ TODO: check
CVE-2022-33277 (Memory corruption in modem due to buffer copy without checking
size of ...)
NOT-FOR-US: Qualcomm
CVE-2022-33276 (Memory corruption due to buffer copy without checking size of
input in ...)
@@ -61322,8 +61456,8 @@ CVE-2022-33274 (Memory corruption in android core due
to improper validation of
NOT-FOR-US: Qualcomm
CVE-2022-33273
RESERVED
-CVE-2022-33272
- RESERVED
+CVE-2022-33272 (Transient DOS in modem due to reachable assertion. ...)
+ TODO: check
CVE-2022-33271 (Information disclosure due to buffer over-read in WLAN while
parsing N ...)
NOT-FOR-US: Qualcomm
CVE-2022-33270
@@ -61346,28 +61480,28 @@ CVE-2022-33262
RESERVED
CVE-2022-33261
RESERVED
-CVE-2022-33260
- RESERVED
+CVE-2022-33260 (Memory corruption due to stack based buffer overflow in core
while sen ...)
+ TODO: check
CVE-2022-33259
RESERVED
CVE-2022-33258
RESERVED
-CVE-2022-33257
- RESERVED
-CVE-2022-33256
- RESERVED
+CVE-2022-33257 (Memory corruption in Core due to time-of-check time-of-use
race condit ...)
+ TODO: check
+CVE-2022-33256 (Memory corruption due to improper validation of array index in
Multi-m ...)
+ TODO: check
CVE-2022-33255 (Information disclosure due to buffer over-read in Bluetooth
HOST while ...)
NOT-FOR-US: Qualcomm
-CVE-2022-33254
- RESERVED
+CVE-2022-33254 (Transient DOS due to reachable assertion in Modem while
processing SIB ...)
+ TODO: check
CVE-2022-33253 (Transient DOS due to buffer over-read in WLAN while parsing
corrupted ...)
NOT-FOR-US: Qualcomm
CVE-2022-33252 (Information disclosure due to buffer over-read in WLAN while
handling ...)
NOT-FOR-US: Qualcomm
CVE-2022-33251
RESERVED
-CVE-2022-33250
- RESERVED
+CVE-2022-33250 (Transient DOS due to reachable assertion in modem when network
repeate ...)
+ TODO: check
CVE-2022-33249
RESERVED
CVE-2022-33248 (Memory corruption in User Identity Module due to integer
overflow to b ...)
@@ -61376,14 +61510,14 @@ CVE-2022-33247
RESERVED
CVE-2022-33246 (Memory corruption in Audio due to use of out-of-range pointer
offset w ...)
NOT-FOR-US: Qualcomm
-CVE-2022-33245
- RESERVED
-CVE-2022-33244
- RESERVED
+CVE-2022-33245 (Memory corruption in WLAN due to use after free ...)
+ TODO: check
+CVE-2022-33244 (Transient DOS due to reachable assertion in modem during MIB
reception ...)
+ TODO: check
CVE-2022-33243 (Memory corruption due to improper access control in Qualcomm
IPC. ...)
NOT-FOR-US: Qualcomm
-CVE-2022-33242
- RESERVED
+CVE-2022-33242 (Memory corruption due to improper authentication in Qualcomm
IPC while ...)
+ TODO: check
CVE-2022-33241
RESERVED
CVE-2022-33240
@@ -61440,8 +61574,8 @@ CVE-2022-33215
RESERVED
CVE-2022-33214 (Memory corruption in display due to time-of-check time-of-use
of metad ...)
NOT-FOR-US: Snapdragon
-CVE-2022-33213
- RESERVED
+CVE-2022-33213 (Memory corruption in modem due to buffer overflow while
processing a P ...)
+ TODO: check
CVE-2022-33212
RESERVED
CVE-2022-33211
@@ -83326,16 +83460,16 @@ CVE-2022-25711 (Memory corruption in camera due to
improper validation of array
NOT-FOR-US: Snapdragon
CVE-2022-25710 (Denial of service due to null pointer dereference when GATT is
disconn ...)
NOT-FOR-US: Snapdragon
-CVE-2022-25709
- RESERVED
+CVE-2022-25709 (Memory corruption in modem due to use of out of range pointer
offset w ...)
+ TODO: check
CVE-2022-25708 (Memory corruption in WLAN due to buffer copy without checking
size of ...)
NOT-FOR-US: Qualcomm
CVE-2022-25707
RESERVED
CVE-2022-25706 (Information disclosure in Bluetooth driver due to buffer
over-read whi ...)
NOT-FOR-US: Qualcomm
-CVE-2022-25705
- RESERVED
+CVE-2022-25705 (Memory corruption in modem due to integer overflow to buffer
overflow ...)
+ TODO: check
CVE-2022-25704
RESERVED
CVE-2022-25703
@@ -83356,8 +83490,8 @@ CVE-2022-25696 (Memory corruption in display due to
time-of-check time-of-use ra
NOT-FOR-US: Qualcomm
CVE-2022-25695 (Memory corruption in MODEM due to Improper Validation of Array
Index w ...)
NOT-FOR-US: Snapdragon
-CVE-2022-25694
- RESERVED
+CVE-2022-25694 (Memory corruption in Modem due to usage of Out-of-range
pointer offset ...)
+ TODO: check
CVE-2022-25693 (Memory corruption in graphics due to use-after-free while
graphics pro ...)
NOT-FOR-US: Qualcomm
CVE-2022-25692 (Denial of service in Modem due to reachable assertion while
processing ...)
@@ -83434,8 +83568,8 @@ CVE-2022-25657 (Memory corruption due to buffer
overflow occurs while processing
NOT-FOR-US: Qualcomm
CVE-2022-25656 (Possible integer overflow and memory corruption due to
improper valida ...)
NOT-FOR-US: Qualcomm
-CVE-2022-25655
- RESERVED
+CVE-2022-25655 (Memory corruption in WLAN HAL while arbitrary value is passed
in WMI U ...)
+ TODO: check
CVE-2022-25654 (Memory corruption in kernel due to improper input validation
while pro ...)
NOT-FOR-US: Qualcomm
CVE-2022-25653 (Information disclosure in video due to buffer over-read while
processi ...)
@@ -97636,8 +97770,8 @@ CVE-2022-22077 (Memory corruption in graphics due to
use-after-free in graphics
NOT-FOR-US: Snapdragon
CVE-2022-22076
RESERVED
-CVE-2022-22075
- RESERVED
+CVE-2022-22075 (Information Disclosure in Graphics during GPU context switch.
...)
+ TODO: check
CVE-2022-22074 (Memory Corruption during wma file playback due to integer
overflow in ...)
NOT-FOR-US: Qualcomm
CVE-2022-22073
@@ -109354,7 +109488,8 @@ CVE-2022-20446 (In AlwaysOnHotwordDetector of
AlwaysOnHotwordDetector.java, ther
NOT-FOR-US: Android
CVE-2022-20445 (In process_service_search_rsp of sdp_discovery.cc, there is a
possible ...)
NOT-FOR-US: Android
-CVE-2022-20444 (In several functions of inputDispatcher.cpp, there is a
possible way t ...)
+CVE-2022-20444
+ REJECTED
NOT-FOR-US: Android
CVE-2022-20443
RESERVED
@@ -125151,8 +125286,8 @@ CVE-2021-36715
RESERVED
CVE-2021-36714
RESERVED
-CVE-2021-36713
- RESERVED
+CVE-2021-36713 (Cross Site Scripting (XSS) vulnerability in the DataTables
plug-in 1.9 ...)
+ TODO: check
CVE-2021-36712 (Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows
attacker ...)
TODO: check
CVE-2021-36711 (WebInterface in OctoBot before 0.4.4 allows remote code
execution beca ...)
@@ -125816,30 +125951,30 @@ CVE-2021-36405
RESERVED
CVE-2021-36404
RESERVED
-CVE-2021-36403
- RESERVED
-CVE-2021-36402
- RESERVED
-CVE-2021-36401
- RESERVED
-CVE-2021-36400
- RESERVED
-CVE-2021-36399
- RESERVED
-CVE-2021-36398
- RESERVED
-CVE-2021-36397
- RESERVED
-CVE-2021-36396
- RESERVED
-CVE-2021-36395
- RESERVED
-CVE-2021-36394
- RESERVED
-CVE-2021-36393
- RESERVED
-CVE-2021-36392
- RESERVED
+CVE-2021-36403 (In Moodle, in some circumstances, email notifications of
messages coul ...)
+ TODO: check
+CVE-2021-36402 (In Moodle, Users' names required additional sanitizing in the
account ...)
+ TODO: check
+CVE-2021-36401 (In Moodle, ID numbers exported in HTML data formats required
additiona ...)
+ TODO: check
+CVE-2021-36400 (In Moodle, insufficient capability checks made it possible to
remove o ...)
+ TODO: check
+CVE-2021-36399 (In Moodle, ID numbers displayed in the quiz override screens
required ...)
+ TODO: check
+CVE-2021-36398 (In moodle, ID numbers displayed in the web service token list
required ...)
+ TODO: check
+CVE-2021-36397 (In Moodle, insufficient capability checks meant message
deletions were ...)
+ TODO: check
+CVE-2021-36396 (In Moodle, insufficient redirect handling made it possible to
blindly ...)
+ TODO: check
+CVE-2021-36395 (In Moodle, the file repository's URL parsing required
additional recur ...)
+ TODO: check
+CVE-2021-36394 (In Moodle, a remote code execution risk was identified in the
Shibbole ...)
+ TODO: check
+CVE-2021-36393 (In Moodle, an SQL injection risk was identified in the library
fetchin ...)
+ TODO: check
+CVE-2021-36392 (In Moodle, an SQL injection risk was identified in the library
fetchin ...)
+ TODO: check
CVE-2021-36391
RESERVED
CVE-2021-36390
@@ -128400,8 +128535,8 @@ CVE-2021-35379
RESERVED
CVE-2021-35378
RESERVED
-CVE-2021-35377
- RESERVED
+CVE-2021-35377 (Cross Site Scripting vulnerability found in VICIdial
v2.14-610c and v. ...)
+ TODO: check
CVE-2021-35376
RESERVED
CVE-2021-35375
@@ -167907,8 +168042,7 @@ CVE-2021-20253 (A flaw was found in ansible-tower.
The default installation is v
NOT-FOR-US: Ansible Tower
CVE-2021-20252 (A flaw was found in Red Hat 3scale API Management Platform 2.
The 3sca ...)
NOT-FOR-US: Red Hat 3scale API Management
-CVE-2021-20251
- RESERVED
+CVE-2021-20251 (A flaw was found in samba. A race condition in the password
lockout co ...)
[experimental] - samba 2:4.17.1+dfsg-1
- samba 2:4.17.2+dfsg-3
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14611
@@ -282998,8 +283132,7 @@ CVE-2019-8722 (Multiple issues in ld64 in the Xcode
toolchains were addressed by
NOT-FOR-US: Apple
CVE-2019-8721 (Multiple issues in ld64 in the Xcode toolchains were addressed
by upda ...)
NOT-FOR-US: Apple
-CVE-2019-8720
- RESERVED
+CVE-2019-8720 (A vulnerability was found in WebKit. The flaw is triggered when
proces ...)
{DSA-4558-1}
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af4b5d8d742e265b33fefa34b537e512773a632e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af4b5d8d742e265b33fefa34b537e512773a632e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
