Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bd79d6fd by Moritz Muehlenhoff at 2023-02-10T15:20:26+01:00
new gpac issue
- - - - -
4e5d15c4 by Moritz Muehlenhoff at 2023-02-10T15:20:26+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -71,7 +71,10 @@ CVE-2023-25642
CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to
5.5.7,deve ...)
- ampache <removed>
CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac
prior to 2. ...)
- TODO: check
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
+ NOTE:
https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26
CVE-2023-0769
RESERVED
CVE-2023-0768
@@ -150,10 +153,11 @@ CVE-2023-0761
RESERVED
CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to V2. ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21
NOTE:
https://github.com/gpac/gpac/commit/ea7395f39f601a7750d48d606e9d10ea0b7beefe
CVE-2023-0759 (Privilege Chaining in GitHub repository cockpit-hq/cockpit
prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-0758 (A vulnerability was found in glorylion JFinalOA 1.0.2 and
classified a ...)
NOT-FOR-US: glorylion JFinalOA
CVE-2023-0757
@@ -5445,9 +5449,9 @@ CVE-2023-23627 (Sanitize is an allowlist-based HTML and
CSS sanitizer. Versions
NOTE:
https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7
NOTE:
https://github.com/rgrove/sanitize/commit/ec14265e530dc3fe31ce2ef773594d3a97778d22
(v6.0.1)
CVE-2023-23626 (go-bitfield is a simple bitfield package for the go language
aiming to ...)
- TODO: check
+ NOT-FOR-US: go-bitfield
CVE-2023-23625 (go-unixfs is an implementation of a unix-like filesystem on
top of an ...)
- TODO: check
+ NOT-FOR-US: go-unixfs
CVE-2023-23624 (Discourse is an open-source discussion platform. Prior to
version 3.0. ...)
NOT-FOR-US: Discourse
CVE-2023-23623
@@ -6534,7 +6538,7 @@ CVE-2023-23288
CVE-2023-23287
RESERVED
CVE-2023-23286 (Cross Site Scripting (XSS) vulnerability in Provide server
14.4 allows ...)
- TODO: check
+ NOT-FOR-US: Provide server
CVE-2023-23285
RESERVED
CVE-2023-23284
@@ -26581,15 +26585,15 @@ CVE-2022-43767
CVE-2022-43766 (Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are
vulnerable ...)
NOT-FOR-US: Apache IoTDB
CVE-2022-43765 (B&R APROL versions < R 4.2-07 doesn’t process
correctly s ...)
- TODO: check
+ NOT-FOR-US: B&R APROL
CVE-2022-43764 (Insufficient validation of input parameters when changing
configuratio ...)
- TODO: check
+ NOT-FOR-US: B&R APROL
CVE-2022-43763 (Insufficient check of preconditions could lead to Denial of
Service co ...)
- TODO: check
+ NOT-FOR-US: B&R APROL
CVE-2022-43762 (Lack of verification in B&R APROL Tbase server versions
< R 4.2 ...)
- TODO: check
+ NOT-FOR-US: B&R APROL
CVE-2022-43761 (Missing authentication when creating and managing the B&R
APROL da ...)
- TODO: check
+ NOT-FOR-US: B&R APROL
CVE-2022-3705 (A vulnerability was found in vim and classified as problematic.
Affect ...)
{DLA-3182-1}
- vim 2:9.0.0813-1 (unimportant)
@@ -26638,15 +26642,15 @@ CVE-2022-3688 (The WPQA Builder WordPress plugin
before 5.9 does not have CSRF c
CVE-2022-43760
RESERVED
CVE-2022-43759 (A Improper Privilege Management vulnerability in SUSE Rancher,
allows ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-43758 (A Improper Neutralization of Special Elements used in an OS
Command (' ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-43757 (A Cleartext Storage of Sensitive Information vulnerability in
SUSE Ran ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-43756 (A Improper Neutralization of Special Elements in Output Used
by a Down ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-43755 (A Insufficient Entropy vulnerability in SUSE Rancher allows
attackers ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-43754 (An Improper Neutralization of Input During Web Page Generation
('Cross ...)
NOT-FOR-US: Uyuni
CVE-2022-43753 (A Improper Limitation of a Pathname to a Restricted Directory
('Path T ...)
@@ -27239,7 +27243,7 @@ CVE-2022-43551 (A vulnerability exists in curl
<7.87.0 HSTS check that could
NOTE: Enabled by default since:
https://github.com/curl/curl/commit/d71ff2b9db566b3f4b2eb29441c2df86715d4339
(curl-7_77_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/9e71901634e276dd050481c4320f046bebb1bc28
(curl-7_87_0)
CVE-2022-43550 (A command injection vulnerability exists in Jitsi before
commit 8aa7be ...)
- TODO: check
+ - jitsi <removed>
CVE-2022-43549 (Improper authentication in Veeam Backup for Google Cloud v1.0
and v3.0 ...)
NOT-FOR-US: Veeam
CVE-2022-43548 (A OS Command Injection vulnerability exists in Node.js
versions <14 ...)
@@ -27453,7 +27457,7 @@ CVE-2022-40698 (Auth. (subscriber+) Cross-Site
Scripting (XSS) vulnerability in
CVE-2022-40695 (Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO
Redirectio ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40692 (Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine
Sunshin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40687 (Cross-Site Request Forgery (CSRF) vulnerability in Creative
Mail plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40686 (Cross-Site Request Forgery (CSRF) vulnerability in Creative
Mail plugi ...)
@@ -27495,7 +27499,7 @@ CVE-2022-3642
CVE-2022-3641 (Elevation of privilege in the Azure SQL Data Source in
Devolutions Rem ...)
NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2022-36401 (Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet
– ...)
- TODO: check
+ NOT-FOR-US: TeraWallet
CVE-2022-3640 (A vulnerability, which was classified as critical, was found in
Linux ...)
{DLA-3245-1 DLA-3244-1}
- linux 6.0.8-1
@@ -27859,7 +27863,7 @@ CVE-2022-3570 (Multiple heap buffer overflows in
tiffcrop.c utility in libtiff l
CVE-2022-3569 (Due to an issue with incorrect sudo permissions, Zimbra
Collaboration ...)
NOT-FOR-US: Zimbra
CVE-2022-3568 (The ImageMagick Engine plugin for WordPress is vulnerable to
deseriali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43378
RESERVED
CVE-2022-43377
@@ -28854,13 +28858,13 @@ CVE-2022-42975 (socket/transport.ex in Phoenix before
1.6.14 mishandles check_or
CVE-2022-42974
RESERVED
CVE-2022-42973 (A CWE-798: Use of Hard-coded Credentials vulnerability exists
that cou ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-42972 (A CWE-732: Incorrect Permission Assignment for Critical
Resource vulne ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-42971 (A CWE-434: Unrestricted Upload of File with Dangerous Type
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-42970 (A CWE-306: Missing Authentication for Critical Function The
software d ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-3535
REJECTED
CVE-2022-3534 (A vulnerability classified as critical has been found in Linux
Kernel. ...)
@@ -29168,9 +29172,9 @@ CVE-2022-42911
CVE-2022-42910
RESERVED
CVE-2022-42909 (WEPA Print Away does not verify that a user has authorization
to acces ...)
- TODO: check
+ NOT-FOR-US: WEPA Print Away
CVE-2022-42908 (WEPA Print Away is vulnerable to a stored XSS. It does not
properly sa ...)
- TODO: check
+ NOT-FOR-US: WEPA Print Away
CVE-2022-3499 (An authenticated attacker could utilize the identical agent and
cluste ...)
NOT-FOR-US: Nessus
CVE-2022-3498
@@ -29584,7 +29588,7 @@ CVE-2022-3453 (A vulnerability was found in
SourceCodester Book Store Management
CVE-2022-3452 (A vulnerability was found in SourceCodester Book Store
Management Syst ...)
NOT-FOR-US: SourceCodester Book Store Management System
CVE-2022-42783 (In wlan driver, there is a possible missing params check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-42782 (In wlan driver, there is a possible missing permission check,
This cou ...)
NOT-FOR-US: Unisoc
CVE-2022-42781 (In wlan driver, there is a possible missing bounds check, This
could l ...)
@@ -30282,15 +30286,15 @@ CVE-2022-3431
CVE-2022-3430 (A potential vulnerability in the WMI Setup driver on some
consumer Len ...)
NOT-FOR-US: Lenovo
CVE-2022-42493 (Several OS command injection vulnerabilities exist in the m2m
binary o ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-42492 (Several OS command injection vulnerabilities exist in the m2m
binary o ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-42491 (Several OS command injection vulnerabilities exist in the m2m
binary o ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-42490 (Several OS command injection vulnerabilities exist in the m2m
binary o ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-42484 (An OS command injection vulnerability exists in the httpd
logs/view.cg ...)
- TODO: check
+ NOT-FOR-US: FreshTomato
CVE-2022-42483
RESERVED
CVE-2022-42482
@@ -30323,7 +30327,7 @@ CVE-2022-41999 (A denial of service vulnerability
exists in the DDS native tile
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635
NOTE: https://github.com/OpenImageIO/oiio/pull/3625
CVE-2022-41991 (A heap-based buffer overflow vulnerability exists in the m2m
DELETE_FI ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41988 (An information disclosure vulnerability exists in the
OpenImageIO::dec ...)
- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643
@@ -30340,11 +30344,11 @@ CVE-2022-41632
CVE-2022-41630
RESERVED
CVE-2022-41154 (A directory traversal vulnerability exists in the m2m
DELETE_FILE cmd ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40222 (An OS command injection vulnerability exists in the m2m
DELETE_FILE cm ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-38451 (A directory traversal vulnerability exists in the httpd
update.cgi fun ...)
- TODO: check
+ NOT-FOR-US: FreshTomato
CVE-2022-38091
RESERVED
CVE-2022-3429
@@ -30818,7 +30822,7 @@ CVE-2022-42293
CVE-2022-42292
RESERVED
CVE-2022-42291 (NVIDIA GeForce Experience contains a vulnerability in the
installer, w ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2022-42290 (NVIDIA BMC contains a vulnerability in SPX REST API, where an
authoriz ...)
NOT-FOR-US: NVIDIA
CVE-2022-42289 (NVIDIA BMC contains a vulnerability in SPX REST API, where an
authoriz ...)
@@ -32574,7 +32578,7 @@ CVE-2022-41633
CVE-2022-41623 (Sensitive Data Exposure in Villatheme ALD - AliExpress
Dropshipping an ...)
NOT-FOR-US: Villatheme ALD
CVE-2022-41620 (Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba
for WordPr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41618 (Unauthenticated Error Log Disclosure vulnerability in Media
Library As ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41616
@@ -32774,7 +32778,7 @@ CVE-2022-3329
CVE-2022-30544 (Cross-Site Request Forgery (CSRF) in MiKa's OSM –
OpenStreetMap ...)
NOT-FOR-US: MiKa
CVE-2022-27628 (Cross-Site Request Forgery (CSRF) vulnerability in AA-Team
WZone ̵ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-26375 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Mamm ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46840 (The HW_KEYMASTER module has an out-of-bounds access
vulnerability in p ...)
@@ -32806,7 +32810,7 @@ CVE-2022-41559 (The Web Client component of TIBCO
Software Inc.'s TIBCO Nimbus c
CVE-2022-41558 (The Visualizations component of TIBCO Software Inc.'s TIBCO
Spotfire A ...)
NOT-FOR-US: TIBCO
CVE-2022-41342 (Improper buffer restrictions the Intel(R) C++ Compiler Classic
before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41314
RESERVED
CVE-2022-40982
@@ -32820,9 +32824,9 @@ CVE-2022-40964
CVE-2022-40210
RESERVED
CVE-2022-40196 (Improper access control in the Intel(R) oneAPI DPC++/C++
Compiler befo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-38136 (Uncontrolled search path in the Intel(R) oneAPI DPC++/C++
Compiler bef ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-38099 (Improper input validation in BIOS firmware for some Intel(R)
NUC 11 Co ...)
NOT-FOR-US: Intel
CVE-2022-3328
@@ -33039,7 +33043,7 @@ CVE-2022-41507
CVE-2022-41506
RESERVED
CVE-2022-41505 (An access control issue on TP-LInk Tapo C200 V1 devices allows
physica ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-41504 (An arbitrary file upload vulnerability in the component
/php_action/ed ...)
NOT-FOR-US: Billing System Project
CVE-2022-41503
@@ -33167,7 +33171,7 @@ CVE-2022-41443 (phpipam v1.5.0 was discovered to
contain a header injection vuln
CVE-2022-41442 (PicUploader v2.6.3 was discovered to contain cross-site
scripting (XSS ...)
NOT-FOR-US: PicUploader
CVE-2022-41441 (Multiple cross-site scripting (XSS) vulnerabilities in
ReQlogic v11.3 ...)
- TODO: check
+ NOT-FOR-US: ReQlogic
CVE-2022-41440 (Billing System Project v1.0 was discovered to contain a SQL
injection ...)
NOT-FOR-US: Billing System Project
CVE-2022-41439 (Billing System Project v1.0 was discovered to contain a SQL
injection ...)
@@ -33561,13 +33565,13 @@ CVE-2022-41317 (An issue was discovered in Squid 4.9
through 4.17 and 5.0.6 thro
NOTE: Squid 4:
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch
NOTE: Squid 5:
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch (5.7)
CVE-2022-41313 (A stored cross-site scripting vulnerability exists in the web
applicat ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2022-41312 (A stored cross-site scripting vulnerability exists in the web
applicat ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2022-41311 (A stored cross-site scripting vulnerability exists in the web
applicat ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2022-40691 (An information disclosure vulnerability exists in the web
application ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2022-40214
RESERVED
CVE-2022-3265 (A cross-site scripting issue has been discovered in GitLab
CE/EE affec ...)
@@ -33689,7 +33693,7 @@ CVE-2022-41223 (The Director database component of
MiVoice Connect through 19.3
CVE-2022-41221
RESERVED
CVE-2022-40224 (A denial of service vulnerability exists in the web server
functionali ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version
6.7 has ...)
NOT-FOR-US: Measuresoft ScadaPro Server
CVE-2022-3262 (A flaw was found in Openshift. A pod with a DNSPolicy of
"ClusterFirst ...)
@@ -33913,33 +33917,33 @@ CVE-2022-41157 (A specific file on the sERP server if
Kyungrinara(ERP solution)
CVE-2022-41156 (Remote code execution vulnerability due to insufficient
verification o ...)
NOT-FOR-US: OndiskPlayerAgent
CVE-2022-41153 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41152 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41151 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41150 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41149 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41148 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41147 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41146 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41145 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41144 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41143 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41142 (This vulnerability allows remote attackers to escalate
privileges on a ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2022-41141 (This vulnerability allows local attackers to escalate
privileges on af ...)
- TODO: check
+ NOT-FOR-US: Windscribe
CVE-2022-41140 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-40983 (An integer overflow vulnerability exists in the QML QtScript
Reflect A ...)
- qt6-declarative 6.4.2+dfsg~rc1-2 (unimportant)
- qtdeclarative-opensource-src <unfixed> (unimportant)
@@ -33950,7 +33954,7 @@ CVE-2022-40983 (An integer overflow vulnerability
exists in the QML QtScript Ref
NOTE: https://bugreports.qt.io/browse/QTBUG-107619
NOTE: https://codereview.qt-project.org/c/qt/qtdeclarative/+/437921
CVE-2022-40693 (A cleartext transmission vulnerability exists in the web
application f ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2022-41222 (mm/mremap.c in the Linux kernel before 5.13.3 has a
use-after-free via ...)
{DLA-3173-1}
- linux 5.14.6-1
@@ -33970,7 +33974,7 @@ CVE-2022-40704 (A XSS vulnerability was found in
phoromatic_r_add_test_details.p
CVE-2022-40208
RESERVED
CVE-2022-38066 (An OS command injection vulnerability exists in the httpd SNMP
functio ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-3253
RESERVED
CVE-2022-3252 (Improper detection of complete HTTP body decompression SwiftNIO
Extras ...)
@@ -34210,97 +34214,97 @@ CVE-2022-41031 (Microsoft Word Remote Code Execution
Vulnerability. ...)
CVE-2022-40129 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
NOT-FOR-US: Foxit
CVE-2022-41030 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41029 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41028 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41027 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41026 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41025 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41024 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41023 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41022 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41021 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41020 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41019 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41018 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41017 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41016 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41015 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41014 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41013 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41012 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41011 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41010 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41009 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41008 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41007 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41006 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41005 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41004 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41003 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41002 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41001 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41000 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40999 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40998 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40997 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40996 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40995 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40994 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40993 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40992 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40991 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40990 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40989 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40988 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40987 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40986 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40985 (Several stack-based buffer overflow vulnerabilities exist in
the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40980 (A potential unathenticated file deletion vulnerabilty on Trend
Micro M ...)
NOT-FOR-US: Trend Micro
CVE-2022-40979 (In JetBrains TeamCity before 2022.04.4 environmental variables
of "pas ...)
@@ -34312,7 +34316,7 @@ CVE-2022-40977 (A path traversal vulnerability was
discovered in Pilz PASvisu Se
CVE-2022-40976 (A path traversal vulnerability was discovered in multiple Pilz
product ...)
NOT-FOR-US: Pilz
CVE-2022-40969 (An os command injection vulnerability exists in the httpd
delfile.cgi ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40962 (Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian
Hengst, And ...)
{DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1}
- firefox 105.0-1
@@ -34369,19 +34373,19 @@ CVE-2022-40955 (In versions of Apache InLong prior to
1.3.0, an attacker with su
CVE-2022-40954 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
NOT-FOR-US: Airflow Spark provider
CVE-2022-40701 (A directory traversal vulnerability exists in the httpd
delfile.cgi fu ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40220 (An OS command injection vulnerability exists in the httpd
txt/restore. ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-39045 (A file write vulnerability exists in the httpd upload.cgi
functionalit ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-38715 (A leftover debug code vulnerability exists in the httpd
shell.cgi func ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-38459 (A stack-based buffer overflow vulnerability exists in the
httpd downfi ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-38088 (A directory traversal vulnerability exists in the httpd
downfile.cgi f ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-36279 (A stack-based buffer overflow vulnerability exists in the
httpd delfil ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-3240 (The "Follow Me Plugin" plugin for WordPress is vulnerable to
Cross-Sit ...)
NOT-FOR-US: "Follow Me Plugin" plugin for WordPress
CVE-2022-3239 (A flaw use after free in the Linux kernel video4linux driver
was found ...)
@@ -34854,7 +34858,7 @@ CVE-2022-3231 (Cross-site Scripting (XSS) - Stored in
GitHub repository librenms
CVE-2022-3230
RESERVED
CVE-2022-3229 (Because the web management interface for Unified Intents'
Unified Remo ...)
- TODO: check
+ NOT-FOR-US: Unified Remote
CVE-2022-3228 (Using custom code, an attacker can write into name or
description fiel ...)
NOT-FOR-US: Host Engineering
CVE-2022-40742 (Mail SQR Expert system has a Local File Inclusion
vulnerability. An un ...)
@@ -34922,13 +34926,13 @@ CVE-2022-40722
CVE-2022-40721 (Arbitrary file upload vulnerability in php uploader ...)
NOT-FOR-US: php uploader
CVE-2022-40720 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-40719 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-40718 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-40717 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4,
and 1.13. ...)
- consul <unfixed> (bug #1027161)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628
@@ -35483,11 +35487,11 @@ CVE-2022-40516 (Memory corruption in Core due to
stack-based buffer overflow. ..
CVE-2022-40515
RESERVED
CVE-2022-40514 (Memory corruption due to buffer copy without checking the size
of inpu ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-40513 (Transient DOS due to uncontrolled resource consumption in WLAN
firmwar ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-40512 (Transient DOS in WLAN Firmware due to buffer over-read while
processin ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-40511
RESERVED
CVE-2022-40510
@@ -35507,7 +35511,7 @@ CVE-2022-40504
CVE-2022-40503
RESERVED
CVE-2022-40502 (Transient DOS due to improper input validation in WLAN Host.
...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-3181 (An Improper Input Validation vulnerability exists in Trihedral
VTScada ...)
NOT-FOR-US: Trihedral VTScada
CVE-2022-3180
@@ -35572,7 +35576,7 @@ CVE-2022-40482
CVE-2022-40481
RESERVED
CVE-2022-40480 (Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112
was dis ...)
- TODO: check
+ NOT-FOR-US: Microchip Technology NRF5340-DK DT100112
CVE-2022-40479
RESERVED
CVE-2022-40478
@@ -36037,11 +36041,11 @@ CVE-2022-40271
CVE-2022-40270
REJECTED
CVE-2022-40269 (Authentication Bypass by Spoofing vulnerability in Mitsubishi
Electric ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2022-40268 (Improper Restriction of Rendered UI Layers or Frames
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2022-40267 (Predictable Seed in Pseudo-Random Number Generator (PRNG)
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2022-40266 (Improper Input Validation vulnerability in Mitsubishi Electric
GOT2000 ...)
NOT-FOR-US: Mitsubishi
CVE-2022-40265 (Improper Input Validation vulnerability in Mitsubishi Electric
Corpora ...)
@@ -36059,7 +36063,7 @@ CVE-2022-40260
CVE-2022-40259 (MegaRAC Default Credentials Vulnerability ...)
NOT-FOR-US: AMI MegaRAC Redfish
CVE-2022-40258 (AMI Megarac Weak password hashes for Redfish & API ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2022-40257 (An HTML injection vulnerability exists in CERT/CC VINCE
software prior ...)
NOT-FOR-US: CERT/CC VINCE
CVE-2022-40256
@@ -36427,13 +36431,13 @@ CVE-2022-3144 (The Wordfence Security –
Firewall & Malware Scan plugin
CVE-2022-3143 (wildfly-elytron: possible timing attacks via use of unsafe
comparator. ...)
NOT-FOR-US: WildFly Elytron
CVE-2022-40137 (A buffer overflow in the WMI SMI Handler in some Lenovo models
may all ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-40136 (An information leak vulnerability in SMI Handler used to
configure pla ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-40135 (An information leak vulnerability in the Smart USB Protection
SMI Hand ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-40134 (An information leak vulnerability in the SMI Set BIOS Password
SMI Han ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-40127 (A vulnerability in Example Dags of Apache Airflow allows an
attacker w ...)
- airflow <itp> (bug #819700)
CVE-2022-38972 (Cross-site scripting vulnerability in Movable Type plugin
A-Form versi ...)
@@ -36633,13 +36637,13 @@ CVE-2022-40039
CVE-2022-40038
RESERVED
CVE-2022-40037 (An issue discovered in Rawchen blog-ssm v1.0 allows remote
attacker to ...)
- TODO: check
+ NOT-FOR-US: Rawchen blog-ssm
CVE-2022-40036 (An issue was discovered in Rawchen blog-ssm v1.0 allows an
attacker to ...)
- TODO: check
+ NOT-FOR-US: Rawchen blog-ssm
CVE-2022-40035 (File Upload Vulnerability found in Rawchen Blog-ssm v1.0
allowing atta ...)
- TODO: check
+ NOT-FOR-US: Rawchen blog-ssm
CVE-2022-40034 (Cross-Site Scripting (XSS) vulnerability found in Rawchen
blog-ssm v1. ...)
- TODO: check
+ NOT-FOR-US: Rawchen blog-ssm
CVE-2022-40033
RESERVED
CVE-2022-40032
@@ -37149,11 +37153,11 @@ CVE-2022-39815 (In NOKIA 1350 OMS R14.2, multiple OS
Command Injection vulnerabi
CVE-2022-39814 (In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs
is the ...)
NOT-FOR-US: NOKIA
CVE-2022-39813 (Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple
Reflected/Stored ...)
- TODO: check
+ NOT-FOR-US: Italtel NetMatch-S CI
CVE-2022-39812 (Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path
Traversal un ...)
- TODO: check
+ NOT-FOR-US: Italtel NetMatch-S CI
CVE-2022-39811 (Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access
Control unde ...)
- TODO: check
+ NOT-FOR-US: Italtel NetMatch-S CI
CVE-2022-39810 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A
Reflect ...)
NOT-FOR-US: WSO2 Enterprise Integrator
CVE-2022-39809 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A
Reflect ...)
@@ -38789,7 +38793,7 @@ CVE-2022-3085 (Fuji Electric Tellus Lite V-Simulator
versions 4.0.12.0 and prior
CVE-2022-3084 (GE CIMPICITY versions 2022 and prior is vulnerable when data
from a fa ...)
NOT-FOR-US: GE CIMPICITY
CVE-2022-3083 (All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to
CWE-784: Re ...)
- TODO: check
+ NOT-FOR-US: Landis+Gyr E850
CVE-2022-39189 (An issue was discovered the x86 KVM subsystem in the Linux
kernel befo ...)
- linux 5.19.6-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
@@ -39056,11 +39060,11 @@ CVE-2022-39063 (When Open5GS UPF receives a PFCP
Session Establishment Request,
CVE-2022-39062
RESERVED
CVE-2022-39061 (ChangingTech MegaServiSignAdapter component has a
vulnerability of Out ...)
- TODO: check
+ NOT-FOR-US: ChangingTech MegaServiSignAdapter
CVE-2022-39060 (ChangingTech MegaServiSignAdapter component has a
vulnerability of imp ...)
- TODO: check
+ NOT-FOR-US: ChangingTech MegaServiSignAdapter
CVE-2022-39059 (ChangingTech MegaServiSignAdapter component has a path
traversal vulne ...)
- TODO: check
+ NOT-FOR-US: ChangingTech MegaServiSignAdapter
CVE-2022-39058 (RAVA certification validation system has a path traversal
vulnerabilit ...)
NOT-FOR-US: RAVA certification validation system
CVE-2022-39057 (RAVA certificate validation system has insufficient filtering
for spec ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e55830534d2280e2862ab255f32f818e6ed4796f...4e5d15c47c64db8848e54a2e4220c1fa231cdc08
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e55830534d2280e2862ab255f32f818e6ed4796f...4e5d15c47c64db8848e54a2e4220c1fa231cdc08
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
