Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
57d69cee by security tracker role at 2025-05-28T20:12:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,93 @@
-CVE-2025-48734
+CVE-2025-5299 (A vulnerability was found in SourceCodester Client Database
Management ...)
+ TODO: check
+CVE-2025-5298 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2025-5297 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2025-5295 (A vulnerability classified as critical was found in FreeFloat
FTP Serv ...)
+ TODO: check
+CVE-2025-5287 (The Likes and Dislikes Plugin plugin for WordPress is
vulnerable to SQ ...)
+ TODO: check
+CVE-2025-5277 (aws-mcp-server MCP server is vulnerable to command injection.
An attac ...)
+ TODO: check
+CVE-2025-5257 (SummaryThis advisory addresses a security vulnerability in
Mautic wher ...)
+ TODO: check
+CVE-2025-5256 (SummaryThis advisory addresses an Open Redirection
vulnerability in Ma ...)
+ TODO: check
+CVE-2025-4963 (The WP Extended plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-4493 (Improper privilege assignment in PAM JIT privilege sets in
Devolutions ...)
+ TODO: check
+CVE-2025-4134 (Lack of file validation in do_update_vps in Avast Business
Antivirus f ...)
+ TODO: check
+CVE-2025-48931 (The TeleMessage service through 2025-05-05 relies on MD5 for
password ...)
+ TODO: check
+CVE-2025-48930 (The TeleMessage service through 2025-05-05 stores certain
cleartext in ...)
+ TODO: check
+CVE-2025-48929 (The TeleMessage service through 2025-05-05 implements
authentication t ...)
+ TODO: check
+CVE-2025-48928 (The TeleMessage service through 2025-05-05 is based on a JSP
applicati ...)
+ TODO: check
+CVE-2025-48927 (The TeleMessage service through 2025-05-05 configures Spring
Boot Actu ...)
+ TODO: check
+CVE-2025-48926 (The admin panel in the TeleMessage service through 2025-05-05
allows a ...)
+ TODO: check
+CVE-2025-48925 (The TeleMessage service through 2025-05-05 relies on the
client side ( ...)
+ TODO: check
+CVE-2025-48749 (Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0
and bef ...)
+ TODO: check
+CVE-2025-48747 (Netwrix Directory Manager (formerly Imanami GroupID) before
and includ ...)
+ TODO: check
+CVE-2025-48746 (Netwrix Directory Manager (formerly Imanami GroupID)
v.11.0.0.0 and be ...)
+ TODO: check
+CVE-2025-47748 (Netwrix Directory Manager v.11.0.0.0 and before & after
v.11.1.25134.0 ...)
+ TODO: check
+CVE-2025-45997 (Sourcecodester Web-based Pharmacy Product Management System
v.1.0 has ...)
+ TODO: check
+CVE-2025-45343 (An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker
to execut ...)
+ TODO: check
+CVE-2025-40673 (A Missing Authorization vulnerability has been found in
DinoRANK. This ...)
+ TODO: check
+CVE-2025-40651 (Reflected Cross-Site Scripting (XSS) vulnerability in Real
Easy Store. ...)
+ TODO: check
+CVE-2025-3864 (Hackney fails to properly release HTTP connections to the pool
after h ...)
+ TODO: check
+CVE-2025-3357 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack
19could all ...)
+ TODO: check
+CVE-2025-36572 (Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of
Hard-coded C ...)
+ TODO: check
+CVE-2025-1753 (LLama-Index CLI version v0.12.20 contains an OS command
injection vuln ...)
+ TODO: check
+CVE-2025-1461 (Improper neutralization of the value of the 'eventMoreText'
property o ...)
+ TODO: check
+CVE-2024-57338 (An arbitrary file upload vulnerability in M2Soft CROWNIX
Report & ERS ...)
+ TODO: check
+CVE-2024-57337 (An arbitrary file upload vulnerability in the opcode 500
functionality ...)
+ TODO: check
+CVE-2024-57336 (Incorrect access control in M2Soft CROWNIX Report & ERS
affected v7.x ...)
+ TODO: check
+CVE-2024-51453 (IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow
a remote ...)
+ TODO: check
+CVE-2024-47057 (SummaryThis advisory addresses a security vulnerability in
Mautic rela ...)
+ TODO: check
+CVE-2024-47056 (SummaryThis advisory addresses a security vulnerability in
Mautic wher ...)
+ TODO: check
+CVE-2024-47055 (SummaryThis advisory addresses a security vulnerability in
Mautic rela ...)
+ TODO: check
+CVE-2024-38341 (IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0
through 6.1 ...)
+ TODO: check
+CVE-2025-48734 (Improper Access Control vulnerability in Apache Commons. A
special ...)
- commons-beanutils 1.10.1-1
NOTE: https://www.openwall.com/lists/oss-security/2025/05/28/6
-CVE-2025-32801
+CVE-2025-32801 (Kea configuration and API directives can be used to load a
malicious h ...)
- kea <unfixed>
NOTE: https://kb.isc.org/docs/cve-2025-32801
NOTE: https://www.openwall.com/lists/oss-security/2025/05/28/8
-CVE-2025-32802
+CVE-2025-32802 (Kea configuration and API directives can be used to overwrite
arbitrar ...)
- kea <unfixed>
NOTE: https://kb.isc.org/docs/cve-2025-32802
NOTE: https://www.openwall.com/lists/oss-security/2025/05/28/8
-CVE-2025-32803
+CVE-2025-32803 (In some cases, Kea log files or lease files may be
world-readable. Thi ...)
- kea <unfixed>
NOTE: https://kb.isc.org/docs/cve-2025-32803
NOTE: https://www.openwall.com/lists/oss-security/2025/05/28/8
@@ -19,7 +97,7 @@ CVE-2025-5082 (The WP Attachments plugin for WordPress is
vulnerable to Reflecte
NOT-FOR-US: WordPress plugin
CVE-2025-4800 (The MasterStudy LMS Pro plugin for WordPress is vulnerable to
arbitrar ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-4009 (The Evertz SVDN 3080ipx-10G is a High Bandwidth Ethernet
Switching Fab ...)
+CVE-2025-4009 (The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet
Switching Fab ...)
NOT-FOR-US: Evertz SVDN 3080ipx-10G
CVE-2025-48848
REJECTED
@@ -69,11 +147,11 @@ CVE-2024-11185 (On affected platforms running Arista EOS,
ingress traffic on Lay
NOT-FOR-US: Arista Networks
CVE-2023-41839
REJECTED
-CVE-2025-27528
+CVE-2025-27528 (Deserialization of Untrusted Data vulnerability in Apache
InLong. Thi ...)
NOT-FOR-US: Apache InLong
-CVE-2025-27526
+CVE-2025-27526 (Deserialization of Untrusted Data vulnerability in Apache
InLong. Thi ...)
NOT-FOR-US: Apache InLong
-CVE-2025-27522
+CVE-2025-27522 (Deserialization of Untrusted Data vulnerability in Apache
InLong. Thi ...)
NOT-FOR-US: Apache InLong
CVE-2025-5025 (libcurl supports *pinning* of the server certificate public key
for HT ...)
- curl <unfixed> (unimportant)
@@ -221,11 +299,13 @@ CVE-2025-5272 (Memory safety bugs present in Firefox 138
and Thunderbird 138. So
- firefox 139.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5272
CVE-2025-5269 (Memory safety bug present in Firefox ESR 128.10, and
Thunderbird 128.1 ...)
+ {DSA-5926-1}
- firefox-esr 128.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5269
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5269
CVE-2025-5268 (Memory safety bugs present in Firefox 138, Thunderbird 138,
Firefox ES ...)
+ {DSA-5926-1}
- firefox 139.0-1
- firefox-esr 128.11.0esr-1
- thunderbird <unfixed>
@@ -233,6 +313,7 @@ CVE-2025-5268 (Memory safety bugs present in Firefox 138,
Thunderbird 138, Firef
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5268
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5268
CVE-2025-5267 (A clickjacking vulnerability could have been used to trick a
user into ...)
+ {DSA-5926-1}
- firefox 139.0-1
- firefox-esr 128.11.0esr-1
- thunderbird <unfixed>
@@ -246,6 +327,7 @@ CVE-2025-5270 (In certain cases, SNI could have been sent
unencrypted even when
- firefox 139.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5270
CVE-2025-5266 (Script elements loading cross-origin resources generated load
and erro ...)
+ {DSA-5926-1}
- firefox 139.0-1
- firefox-esr 128.11.0esr-1
- thunderbird <unfixed>
@@ -260,6 +342,7 @@ CVE-2025-5265 (Due to insufficient escaping of the
ampersand character in the \u
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5265
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5265
CVE-2025-5264 (Due to insufficient escaping of the newline character in the
\u201cCop ...)
+ {DSA-5926-1}
- firefox 139.0-1
- firefox-esr 128.11.0esr-1
- thunderbird <unfixed>
@@ -267,6 +350,7 @@ CVE-2025-5264 (Due to insufficient escaping of the newline
character in the \u20
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5264
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5264
CVE-2025-5263 (Error handling for script execution was incorrectly isolated
from web ...)
+ {DSA-5926-1}
- firefox 139.0-1
- firefox-esr 128.11.0esr-1
- thunderbird <unfixed>
@@ -2848,6 +2932,7 @@ CVE-2025-47945 (Donetick an open-source app for managing
tasks and chores. Prior
CVE-2025-47931 (LibreNMS is PHP/MySQL/SNMP based network monitoring software.
LibreNMS ...)
NOT-FOR-US: LibreNMS
CVE-2025-47273 (setuptools is a package that allows users to download, build,
install, ...)
+ {DLA-4183-1}
- setuptools 78.1.1-0.1 (bug #1105970)
[bookworm] - setuptools <no-dsa> (Minor issue)
NOTE:
https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf
@@ -9904,7 +9989,7 @@ CVE-2025-2817 (Thunderbird's update mechanism allowed a
medium-integrity user pr
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-2817
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-2817
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-2817
-CVE-2025-30087 [Cross Site Scripting via injection of malicious parameters in
a search URL]
+CVE-2025-30087 (Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0
through ...)
{DSA-5911-1 DSA-5909-1 DLA-4157-1}
- request-tracker5 5.0.7+dfsg-3 (bug #1104422)
- request-tracker4 <unfixed> (bug #1104424)
@@ -9919,10 +10004,10 @@ CVE-2025-2545 (Vulnerability in Best Practical
Solutions, LLC's Request Tracker
- request-tracker4 <unfixed> (bug #1104424)
NOTE: Fixed by:
https://github.com/bestpractical/rt/commit/a5042a30aaa0fcf4255d0a06ee2659d302742fc3
(rt-4.4.8)
NOTE: Fixed by:
https://github.com/bestpractical/rt/commit/a63c2534b3227de5be820cf4c1e4088dc0203020
(rt-5.0.8)
-CVE-2025-31501 [Cross Site Scripting via JavaScript injection in an Asset name]
+CVE-2025-31501 (Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows
XSS via J ...)
{DSA-5909-1}
- request-tracker5 5.0.7+dfsg-3 (bug #1104422)
-CVE-2025-31500 [Cross Site Scripting via JavaScript injection in an RT
permalink]
+CVE-2025-31500 (Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows
XSS via J ...)
{DSA-5909-1}
- request-tracker5 5.0.7+dfsg-3 (bug #1104422)
CVE-2024-58099 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
@@ -17394,6 +17479,7 @@ CVE-2025-3158 (A vulnerability, which was classified as
critical, has been found
CVE-2025-3157 (A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01.
It has ...)
NOT-FOR-US: Intelbras WRN
CVE-2025-3155 (A flaw was found in Yelp. The Gnome user help application
allows the h ...)
+ {DSA-5927-1 DLA-4185-1 DLA-4184-1}
- yelp 42.2-3 (bug #1102080)
- yelp-xsl 42.1-4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2357091
@@ -214600,7 +214686,7 @@ CVE-2022-47927 (An issue was discovered in MediaWiki
before 1.35.9, 1.36.x throu
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
NOTE: https://phabricator.wikimedia.org/T322637
CVE-2022-47914
- RESERVED
+ REJECTED
CVE-2022-4680 (The Revive Old Posts WordPress plugin before 9.0.11
unserializes user ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4679 (The Wufoo Shortcode WordPress plugin before 1.52 does not
validate and ...)
@@ -214616,11 +214702,11 @@ CVE-2022-4675 (The Mongoose Page Plugin WordPress
plugin before 1.9.0 does not v
CVE-2022-4674 (The Ibtana WordPress plugin before 1.1.8.8 does not validate
and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46739
- RESERVED
+ REJECTED
CVE-2022-46735
- RESERVED
+ REJECTED
CVE-2022-46734
- RESERVED
+ REJECTED
CVE-2022-4673 (The Rate my Post WordPress plugin before 3.3.9 does not
validate and e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4672 (The WordPress Simple Shopping Cart WordPress plugin before
4.6.2 does ...)
@@ -214642,17 +214728,17 @@ CVE-2022-4665 (Unrestricted Upload of File with
Dangerous Type in GitHub reposit
CVE-2022-4664 (The Logo Slider WordPress plugin before 3.6.0 does not validate
and es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46419
- RESERVED
+ REJECTED
CVE-2022-45878
- RESERVED
+ REJECTED
CVE-2022-45120
- RESERVED
+ REJECTED
CVE-2022-43659
- RESERVED
+ REJECTED
CVE-2022-43444
- RESERVED
+ REJECTED
CVE-2022-42702
- RESERVED
+ REJECTED
CVE-2023-0025 (SAP Solution Manager (BSP Application) - version 720, allows an
authen ...)
NOT-FOR-US: SAP
CVE-2023-0024 (SAP Solution Manager (BSP Application) - version 720, allows an
authen ...)
@@ -218133,19 +218219,19 @@ CVE-2022-47195 (An insecure default vulnerability
exists in the Post Creation fu
CVE-2022-47194 (An insecure default vulnerability exists in the Post Creation
function ...)
NOT-FOR-US: Ghost CMS
CVE-2022-46736
- RESERVED
+ REJECTED
CVE-2022-46729
- RESERVED
+ REJECTED
CVE-2022-46655
- RESERVED
+ REJECTED
CVE-2022-46296
- RESERVED
+ REJECTED
CVE-2022-45125
- RESERVED
+ REJECTED
CVE-2022-44454
- RESERVED
+ REJECTED
CVE-2022-44450
- RESERVED
+ REJECTED
CVE-2022-4441 (Incorrect Privilege Assignment vulnerability in Hitachi Storage
Plug-i ...)
NOT-FOR-US: Hitachi
CVE-2022-4440 (Use after free in Profiles in Google Chrome prior to
108.0.5359.124 al ...)
@@ -218181,11 +218267,11 @@ CVE-2022-4431 (The WOOCS WordPress plugin before
1.3.9.4 does not validate and e
CVE-2022-4430
RESERVED
CVE-2022-43669
- RESERVED
+ REJECTED
CVE-2022-43493
- RESERVED
+ REJECTED
CVE-2022-41834
- RESERVED
+ REJECTED
CVE-2020-36611 (Incorrect Default Permissions vulnerability in Hitachi Tuning
Manager ...)
NOT-FOR-US: Hitachi
CVE-2023-0011 (A flaw in the input validation in TOBY-L2 allows a user to
execute arb ...)
@@ -219796,13 +219882,13 @@ CVE-2022-46279 (Improper access control in the
Intel(R) Retail Edge android appl
CVE-2022-45112 (Improper access control in some Intel(R) VROC software before
version ...)
NOT-FOR-US: Intel
CVE-2022-44607
- RESERVED
+ REJECTED
CVE-2022-44449 (Stored cross-site scripting vulnerability in Zenphoto versions
prior t ...)
NOT-FOR-US: Zenphoto
CVE-2022-43502
- RESERVED
+ REJECTED
CVE-2022-43498
- RESERVED
+ REJECTED
CVE-2022-43474 (Uncontrolled search path for the DSP Builder software
installer before ...)
NOT-FOR-US: Intel
CVE-2022-4322 (A vulnerability, which was classified as critical, was found in
maku-b ...)
@@ -219832,7 +219918,7 @@ CVE-2022-4311 (An insertion of sensitive information
into log file vulnerability
CVE-2022-42879 (NULL pointer dereference in some Intel(R) Arc(TM) Control
software bef ...)
NOT-FOR-US: Intel
CVE-2022-42700
- RESERVED
+ REJECTED
CVE-2022-46674
RESERVED
CVE-2022-46673
@@ -219933,7 +220019,7 @@ CVE-2022-45469 (Improper input validation for some
Intel Unison software may all
CVE-2022-43666 (Exposure of sensitive system information due to uncleared
debug inform ...)
NOT-FOR-US: Intel
CVE-2022-43496
- RESERVED
+ REJECTED
CVE-2022-43473 (A blind XML External Entity (XXE) vulnerability exists in the
Add UCS ...)
NOT-FOR-US: ZoHo ManageEngine
CVE-2022-4295 (The Show All Comments WordPress plugin before 7.0.1 does not
sanitise ...)
@@ -224741,9 +224827,9 @@ CVE-2022-45129 (Payara before 2022-11-04, when
deployed to the root context, all
CVE-2022-45128 (Improper authorization in the Intel(R) EMA software before
version 1.9 ...)
NOT-FOR-US: Intel
CVE-2022-45117
- RESERVED
+ REJECTED
CVE-2022-45114
- RESERVED
+ REJECTED
CVE-2022-45109 (Improper initialization for some Intel Unison software may
allow an au ...)
NOT-FOR-US: Intel
CVE-2022-44612 (Use of hard-coded credentials in some Intel(R) Unison(TM)
software bef ...)
@@ -225608,7 +225694,7 @@ CVE-2022-41998 (Uncontrolled search path in the
Intel(R) DCM software before ver
CVE-2022-41979 (Protection mechanism failure in the Intel(R) DCM software
before versi ...)
NOT-FOR-US: Intel
CVE-2022-41625
- RESERVED
+ REJECTED
CVE-2022-41610 (Improper authorization in Intel(R) EMA Configuration Tool
before versi ...)
NOT-FOR-US: Intel
CVE-2022-3871
@@ -227099,23 +227185,23 @@ CVE-2022-44622 (In JetBrains TeamCity version
between 2021.2 and 2022.10 access
CVE-2022-44621 (Diagnosis Controller miss parameter validation, so user may
attacked b ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2022-44618
- RESERVED
+ REJECTED
CVE-2022-44614
- RESERVED
+ REJECTED
CVE-2022-44613
- RESERVED
+ REJECTED
CVE-2022-44609
- RESERVED
+ REJECTED
CVE-2022-44452
- RESERVED
+ REJECTED
CVE-2022-43661
- RESERVED
+ REJECTED
CVE-2022-43511
- RESERVED
+ REJECTED
CVE-2022-43510
- RESERVED
+ REJECTED
CVE-2022-43446
- RESERVED
+ REJECTED
CVE-2022-42465 (Improper access control in kernel mode driver for the Intel(R)
OFU sof ...)
NOT-FOR-US: Intel
CVE-2022-3843 (In WAGO Unmanaged Switch (852-111/000-001) in firmware version
01 an u ...)
@@ -233964,11 +234050,11 @@ CVE-2022-42869
CVE-2022-42868
RESERVED
CVE-2022-42487
- RESERVED
+ REJECTED
CVE-2022-42480
- RESERVED
+ REJECTED
CVE-2022-41997
- RESERVED
+ REJECTED
CVE-2022-41984 (Protection mechanism failure for some Intel(R) Arc(TM)
graphics cards ...)
NOT-FOR-US: Intel
CVE-2022-41982 (Uncontrolled search path element in the Intel(R) VTune(TM)
Profiler so ...)
@@ -233980,7 +234066,7 @@ CVE-2022-41693 (Uncontrolled search path in the
Intel(R) Quartus(R) Prime Pro ed
CVE-2022-41687 (Insecure inherited permissions in the HotKey Services for some
Intel(R ...)
NOT-FOR-US: Intel
CVE-2022-40221
- RESERVED
+ REJECTED
CVE-2022-3461 (In PHOENIX CONTACT Automationworx Software Suite up to version
1.89 ma ...)
NOT-FOR-US: PHOENIX
CVE-2022-3460 (In affected versions of Octopus Deploy it is possible for
certain type ...)
@@ -236795,13 +236881,13 @@ CVE-2022-41804 (Unauthorized error injection in
Intel(R) SGX or Intel(R) TDX for
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808
CVE-2022-41803
- RESERVED
+ REJECTED
CVE-2022-41801 (Uncontrolled resource consumption in the Intel(R) Connect M
Android ap ...)
NOT-FOR-US: Intel
CVE-2022-41799 (Improper access control vulnerability in GROWI prior to v5.1.4
(v5 ser ...)
NOT-FOR-US: GROWI
CVE-2022-41782
- RESERVED
+ REJECTED
CVE-2022-41771 (Incorrect permission assignment for critical resource in some
Intel(R) ...)
NOT-FOR-US: Intel
CVE-2022-41769 (Improper access control in the Intel(R) Connect M Android
application ...)
@@ -237210,15 +237296,15 @@ CVE-2022-41677 (An information disclosure
vulnerability was discovered in Bosch
CVE-2022-41658 (Insecure inherited permissions in the Intel(R) VTune(TM)
Profiler soft ...)
NOT-FOR-US: Intel
CVE-2022-41637
- RESERVED
+ REJECTED
CVE-2022-41626
- RESERVED
+ REJECTED
CVE-2022-41341
- RESERVED
+ REJECTED
CVE-2022-40689
- RESERVED
+ REJECTED
CVE-2022-40688
- RESERVED
+ REJECTED
CVE-2022-38787 (Improper input validation in firmware for some Intel(R) FPGA
products ...)
NOT-FOR-US: Intel
CVE-2022-38786 (Improper access control in some Intel Battery Life Diagnostic
Tool sof ...)
@@ -237552,7 +237638,7 @@ CVE-2022-40982 (Information exposure through
microarchitectural state after tran
CVE-2022-40971 (Incorrect default permissions for the Intel(R) HDMI Firmware
Update To ...)
NOT-FOR-US: Intel
CVE-2022-40970
- RESERVED
+ REJECTED
CVE-2022-40964 (Improper access control for some Intel(R) PROSet/Wireless WiFi
and Kil ...)
{DLA-3596-1}
- firmware-nonfree 20240610-1 (bug #1051892)
@@ -245929,15 +246015,15 @@ CVE-2022-38090 (Improper isolation of shared
resources in some Intel(R) Processo
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
CVE-2022-38084
- RESERVED
+ REJECTED
CVE-2022-38083 (Improper initialization in the BIOS firmware for some Intel(R)
Process ...)
NOT-FOR-US: Intel
CVE-2022-38072 (An improper array index validation vulnerability exists in the
stl_fix ...)
NOT-FOR-US: ADMesh
CVE-2022-38071
- RESERVED
+ REJECTED
CVE-2022-37408
- RESERVED
+ REJECTED
CVE-2022-37343 (Improper access control in the BIOS firmware for some Intel(R)
Process ...)
NOT-FOR-US: Intel
CVE-2022-36788 (A heap-based buffer overflow vulnerability exists in the
TriangleMesh ...)
@@ -245948,13 +246034,13 @@ CVE-2022-36788 (A heap-based buffer overflow
vulnerability exists in the Triangl
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1593
NOTE: https://github.com/slic3r/Slic3r/issues/5162
CVE-2022-36420
- RESERVED
+ REJECTED
CVE-2022-36419
- RESERVED
+ REJECTED
CVE-2022-34652 (A sql injection vulnerability exists in the ObjectYPT
functionality of ...)
NOT-FOR-US: WWBN AVideo
CVE-2022-33310
- RESERVED
+ REJECTED
CVE-2022-2899
RESERVED
CVE-2022-2898 (Measuresoft ScadaPro Server and Client (All Versions) do not
properly ...)
@@ -246966,7 +247052,7 @@ CVE-2022-38116 (Le-yan Personnel and Salary
Management System has hard-coded dat
CVE-2022-38103 (Insecure inherited permissions in the Intel(R) NUC Software
Studio Ser ...)
NOT-FOR-US: Intel
CVE-2022-38092
- RESERVED
+ REJECTED
CVE-2022-38087 (Exposure of resource to wrong sphere in BIOS firmware for some
Intel(R ...)
NOT-FOR-US: Intel
CVE-2022-38076 (Improper input validation in some Intel(R) PROSet/Wireless
WiFi and Ki ...)
@@ -246986,7 +247072,7 @@ CVE-2022-37336 (Improper input validation in BIOS
firmware for some Intel(R) NUC
CVE-2022-37329 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro
and Sta ...)
NOT-FOR-US: Intel
CVE-2022-36406
- RESERVED
+ REJECTED
CVE-2022-36351 (Improper input validation in some Intel(R) PROSet/Wireless
WiFi and Ki ...)
{DLA-3596-1}
- firmware-nonfree 20240610-1 (bug #1051892)
@@ -246995,7 +247081,7 @@ CVE-2022-36351 (Improper input validation in some
Intel(R) PROSet/Wireless WiFi
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
NOTE: Fixed upstream in linux-firmware/20230804
CVE-2022-33893
- RESERVED
+ REJECTED
CVE-2022-2759 (Delta Electronics Delta Robot Automation Studio (DRAS) versions
prior ...)
NOT-FOR-US: Delta Electronics
CVE-2022-2758 (Passwords are not adequately encrypted during the communication
proces ...)
@@ -248858,7 +248944,7 @@ CVE-2022-36391 (Incorrect default permissions for the
Intel(R) NUC Pro Software
CVE-2022-36339 (Improper input validation in firmware for Intel(R) NUC 8
Compute Eleme ...)
NOT-FOR-US: Intel
CVE-2022-35400
- RESERVED
+ REJECTED
CVE-2022-35276 (Improper access control in BIOS firmware for some Intel(R) NUC
8 Compu ...)
NOT-FOR-US: Intel
CVE-2022-34152 (Improper input validation in BIOS firmware for some Intel(R)
NUC Board ...)
@@ -249073,21 +249159,21 @@ CVE-2022-37306 (OX App Suite before 7.10.6-rev30
allows XSS via an upsell trigge
CVE-2022-37305 (The Remote Keyless Entry (RKE) receiving unit on certain Honda
vehicle ...)
NOT-FOR-US: Remote Keyless Entry (RKE) receiving unit on Honda vehicles
CVE-2022-36426
- RESERVED
+ REJECTED
CVE-2022-36397 (Incorrect default permissions in the software installer for
some Intel ...)
NOT-FOR-US: Intel
CVE-2022-36369 (Improper access control in some QATzip software maintained by
Intel(R) ...)
NOT-FOR-US: Intel
CVE-2022-36353
- RESERVED
+ REJECTED
CVE-2022-36348 (Active debug code in some Intel (R) SPS firmware before
version SPS_E5 ...)
NOT-FOR-US: Intel
CVE-2022-36291
- RESERVED
+ REJECTED
CVE-2022-36281
- RESERVED
+ REJECTED
CVE-2022-33940
- RESERVED
+ REJECTED
CVE-2022-2625 (A vulnerability was found in PostgreSQL. This attack requires
permissi ...)
{DLA-3072-1}
- postgresql-14 14.5-1
@@ -250170,21 +250256,21 @@ CVE-2022-36797 (Protection mechanism failure in the
Intel(R) Ethernet 500 Series
CVE-2022-36794 (Improper condition check in some Intel(R) SPS firmware before
version ...)
NOT-FOR-US: Intel
CVE-2022-36792
- RESERVED
+ REJECTED
CVE-2022-36421
- RESERVED
+ REJECTED
CVE-2022-36416 (Protection mechanism failure in the Intel(R) Ethernet 500
Series Contr ...)
NOT-FOR-US: Intel
CVE-2022-36393
- RESERVED
+ REJECTED
CVE-2022-36366
- RESERVED
+ REJECTED
CVE-2022-36349 (Insecure default variable initialization in BIOS firmware for
some Int ...)
NOT-FOR-US: Intel
CVE-2022-34653
- RESERVED
+ REJECTED
CVE-2022-33145
- RESERVED
+ REJECTED
CVE-2022-2562
RESERVED
CVE-2022-2561 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
@@ -251351,11 +251437,11 @@ CVE-2022-36380 (Uncontrolled search path in the
installer software for some Inte
CVE-2022-36370 (Improper authentication in BIOS firmware for some Intel(R) NUC
Boards ...)
NOT-FOR-US: Intel
CVE-2022-36283
- RESERVED
+ REJECTED
CVE-2022-34864 (Out-of-bounds read in the Intel(R) Trace Analyzer and
Collector softwa ...)
NOT-FOR-US: Intel
CVE-2022-34859
- RESERVED
+ REJECTED
CVE-2022-33963 (Incorrect default permissions in the software installer for
Intel(R) U ...)
NOT-FOR-US: Intel
CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository
beancount/ ...)
@@ -251393,7 +251479,7 @@ CVE-2022-36398 (Uncontrolled search path in the
Intel(R) Battery Life Diagnostic
CVE-2022-36396 (Improper access control in some Intel(R) Aptio* V UEFI
Firmware Integr ...)
NOT-FOR-US: Intel
CVE-2022-36395
- RESERVED
+ REJECTED
CVE-2022-36377 (Insecure inherited permissions in some Intel(R) Wireless
Adapter Drive ...)
NOT-FOR-US: Intel
CVE-2022-36374 (Improper access control in some Intel(R) Aptio* V UEFI
Firmware Integr ...)
@@ -251536,13 +251622,13 @@ CVE-2022-36367 (Incorrect default permissions in
the Intel(R) Support Android ap
CVE-2022-36364 (Apache Calcite Avatica JDBC driver creates HTTP client
instances based ...)
NOT-FOR-US: Apache Calcite
CVE-2022-36298
- RESERVED
+ REJECTED
CVE-2022-35729 (Out of bounds read in firmware for OpenBMC in some Intel(R)
platforms ...)
NOT-FOR-US: Intel
CVE-2022-34848 (Uncontrolled search path for the Intel(R) NUC Pro Software
Suite befor ...)
NOT-FOR-US: Intel
CVE-2022-34846
- RESERVED
+ REJECTED
CVE-2022-34657 (Improper input validation in firmware for some Intel(R) PCSD
BIOS befo ...)
NOT-FOR-US: Intel
CVE-2022-33196 (Incorrect default permissions in some memory controller
configurations ...)
@@ -251554,7 +251640,7 @@ CVE-2022-33196 (Incorrect default permissions in some
memory controller configur
CVE-2022-32570 (Improper authentication in the Intel(R) Quartus Prime Pro and
Standard ...)
NOT-FOR-US: Intel
CVE-2022-32232
- RESERVED
+ REJECTED
CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens
because of ...)
{DSA-5203-1 DLA-3070-1}
- gnutls28 3.7.7-1
@@ -251603,7 +251689,7 @@ CVE-2022-36359 (An issue was discovered in the HTTP
FileResponse class in Django
NOTE:
https://github.com/django/django/commit/b3e4494d759202a3b6bf247fd34455bf13be5b80
(3.2.15)
NOTE: Introduced by:
https://github.com/django/django/commit/a177f854c34718e473bcd0a2dc6c4fd935c8e327
CVE-2022-36342
- RESERVED
+ REJECTED
CVE-2022-36338 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
NOT-FOR-US: Insyde
CVE-2022-36337 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
@@ -251611,17 +251697,17 @@ CVE-2022-36337 (An issue was discovered in Insyde
InsydeH2O with kernel 5.0 thro
CVE-2022-36336 (A link following vulnerability in the scanning function of
Trend Micro ...)
NOT-FOR-US: Trend Micro
CVE-2022-36297
- RESERVED
+ REJECTED
CVE-2022-36286
- RESERVED
+ REJECTED
CVE-2022-35732
- RESERVED
+ REJECTED
CVE-2022-35731
- RESERVED
+ REJECTED
CVE-2022-35727
- RESERVED
+ REJECTED
CVE-2022-34852
- RESERVED
+ REJECTED
CVE-2022-34849 (Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for
Windows ...)
NOT-FOR-US: Intel
CVE-2022-29494 (Improper input validation in firmware for OpenBMC in some
Intel(R) pla ...)
@@ -251753,9 +251839,9 @@ CVE-2022-36307 (The AirVelocity 1500 prints SNMP
credentials on its physically a
CVE-2022-36306 (An authenticated attacker can enumerate and download sensitive
files, ...)
NOT-FOR-US: Airspan AirVelocity 1500
CVE-2022-36294
- RESERVED
+ REJECTED
CVE-2022-36290
- RESERVED
+ REJECTED
CVE-2022-36289 (Protection mechanism failure in the Intel(R) Media SDK
software before ...)
- intel-mediasdk 22.3.0-1
[bullseye] - intel-mediasdk <end-of-life> (EOL in bullseye LTS)
@@ -251765,15 +251851,15 @@ CVE-2022-35883 (NULL pointer dereference in the
Intel(R) Media SDK software befo
[bullseye] - intel-mediasdk <end-of-life> (EOL in bullseye LTS)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00731.html
CVE-2022-35274
- RESERVED
+ REJECTED
CVE-2022-35237
- RESERVED
+ REJECTED
CVE-2022-34860
- RESERVED
+ REJECTED
CVE-2022-34843 (Integer overflow in the Intel(R) Trace Analyzer and Collector
software ...)
NOT-FOR-US: Intel
CVE-2022-33949
- RESERVED
+ REJECTED
CVE-2022-32575 (Out-of-bounds write in the Intel(R) Trace Analyzer and
Collector softw ...)
NOT-FOR-US: Intel
CVE-2022-2485 (Any attempt (good or bad) to log into AutomationDirect Stride
Field I/ ...)
@@ -253279,7 +253365,7 @@ CVE-2022-35737 (SQLite 1.0.12 through 3.39.x before
3.39.2 sometimes allows an a
NOTE: Debian sqlite3 packages not compiled with -DSQLITE_ENABLE_STAT4
NOTE:
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
CVE-2022-35736
- RESERVED
+ REJECTED
CVE-2022-35724 (It is possible to provide data to be read that leads the
reader to loo ...)
NOT-FOR-US: Apache Avro
CVE-2022-35723
@@ -253303,21 +253389,21 @@ CVE-2022-35715 (IBM InfoSphere Information Server
11.7 could allow a remote atta
CVE-2022-35714 (IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site
scriptin ...)
NOT-FOR-US: IBM
CVE-2022-34861
- RESERVED
+ REJECTED
CVE-2022-34842
- RESERVED
+ REJECTED
CVE-2022-34649
- RESERVED
+ REJECTED
CVE-2022-34489
- RESERVED
+ REJECTED
CVE-2022-33979
- RESERVED
+ REJECTED
CVE-2022-33966
- RESERVED
+ REJECTED
CVE-2022-33144
- RESERVED
+ REJECTED
CVE-2022-29870
- RESERVED
+ REJECTED
CVE-2022-27170 (Protection mechanism failure in the Intel(R) Media SDK
software before ...)
- intel-mediasdk 22.3.0-1
[bullseye] - intel-mediasdk <end-of-life> (EOL in bullseye LTS)
@@ -255623,9 +255709,9 @@ CVE-2022-34905
CVE-2022-34904
RESERVED
CVE-2022-34863
- RESERVED
+ REJECTED
CVE-2022-34856
- RESERVED
+ REJECTED
CVE-2022-34854 (Improper access control in the Intel(R) SUR software before
version 2. ...)
NOT-FOR-US: Intel
CVE-2022-34841 (Improper buffer restrictions in the Intel(R) Media SDK
software before ...)
@@ -255645,9 +255731,9 @@ CVE-2022-33972 (Incorrect calculation in microcode
keying mechanism for some 3rd
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00730.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
CVE-2022-33197
- RESERVED
+ REJECTED
CVE-2022-32581
- RESERVED
+ REJECTED
CVE-2022-30531 (Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for
Windows ...)
NOT-FOR-US: Intel
CVE-2022-2287 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.)
@@ -258367,7 +258453,7 @@ CVE-2022-33983 (DMA transactions which are targeted
at input buffers used for th
CVE-2022-33982 (DMA attacks on the parameter buffer used by the
Int15ServiceSmm softwa ...)
NOT-FOR-US: Insyde
CVE-2022-33976
- RESERVED
+ REJECTED
CVE-2022-33973 (Improper access control in the Intel(R) WAPI Security software
for Win ...)
NOT-FOR-US: Intel
CVE-2022-33898 (Insecure inherited permissions in some Intel(R) NUC Watchdog
Timer ins ...)
@@ -258383,7 +258469,7 @@ CVE-2022-32576 (Uncontrolled search path in the
Intel(R) Unite(R) Plugin SDK bef
CVE-2022-30530 (Protection mechanism failure in the Intel(R) DSA software
before versi ...)
NOT-FOR-US: Intel
CVE-2022-29895
- RESERVED
+ REJECTED
CVE-2022-29871 (Improper access control in the Intel(R) CSME software
installer before ...)
NOT-FOR-US: Intel
CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is
vulnerable ...)
@@ -258516,9 +258602,9 @@ CVE-2022-33942 (Protection mechanism failure in the
Intel(R) DCM software before
CVE-2022-33902 (Insufficient control flow management in the Intel(R) Quartus
Prime Pro ...)
NOT-FOR-US: Intel
CVE-2022-33899
- RESERVED
+ REJECTED
CVE-2022-33895
- RESERVED
+ REJECTED
CVE-2022-33894 (Improper input validation in the BIOS firmware for some
Intel(R) Proce ...)
NOT-FOR-US: Intel
CVE-2022-33892 (Path traversal in the Intel(R) Quartus Prime Pro and Standard
edition ...)
@@ -258526,29 +258612,29 @@ CVE-2022-33892 (Path traversal in the Intel(R)
Quartus Prime Pro and Standard ed
CVE-2022-33209 (Improper input validation in the firmware for some Intel(R)
NUC Laptop ...)
NOT-FOR-US: Intel
CVE-2022-33200
- RESERVED
+ REJECTED
CVE-2022-33188
- RESERVED
+ REJECTED
CVE-2022-33176 (Improper input validation in BIOS firmware for some Intel(R)
NUC 11 Pe ...)
NOT-FOR-US: Intel
CVE-2022-33143
- RESERVED
+ REJECTED
CVE-2022-33141
- RESERVED
+ REJECTED
CVE-2022-32762
- RESERVED
+ REJECTED
CVE-2022-32584
- RESERVED
+ REJECTED
CVE-2022-32580
- RESERVED
+ REJECTED
CVE-2022-32578 (Improper access control for the Intel(R) NUC Pro Software
Suite before ...)
NOT-FOR-US: Intel
CVE-2022-32571
- RESERVED
+ REJECTED
CVE-2022-32288
- RESERVED
+ REJECTED
CVE-2022-32233
- RESERVED
+ REJECTED
CVE-2022-32231 (Improper initialization in the BIOS firmware for some Intel(R)
Process ...)
NOT-FOR-US: Intel
CVE-2022-31477 (Improper initialization for some Intel(R) NUC BIOS firmware
may allow ...)
@@ -258558,17 +258644,17 @@ CVE-2022-30704 (Improper initialization in the
Intel(R) TXT SINIT ACM for some I
CVE-2022-30691 (Uncontrolled resource consumption in the Intel(R) Support
Android appl ...)
NOT-FOR-US: Intel
CVE-2022-30606
- RESERVED
+ REJECTED
CVE-2022-30537
- RESERVED
+ REJECTED
CVE-2022-30297 (Cross-site scripting in the Intel(R) EMA software before
version 1.8.0 ...)
NOT-FOR-US: Intel
CVE-2022-29924
- RESERVED
+ REJECTED
CVE-2022-29921
- RESERVED
+ REJECTED
CVE-2022-26084
- RESERVED
+ REJECTED
CVE-2022-2123 (The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to
CSRF whi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2122 (DOS / potential heap overwrite in qtdemux using zlib
decompression. In ...)
@@ -261830,9 +261916,9 @@ CVE-2022-30542 (Improper input validation in the
firmware for some Intel(R) Serv
CVE-2022-30539 (Use after free in the BIOS firmware for some Intel(R)
Processors may a ...)
NOT-FOR-US: Intel
CVE-2022-29920
- RESERVED
+ REJECTED
CVE-2022-29896
- RESERVED
+ REJECTED
CVE-2022-29523 (Improper conditions check in the Open CAS software maintained
by Intel ...)
NOT-FOR-US: Intel
CVE-2022-28699 (Improper input validation for some Intel(R) NUC BIOS firmware
may allo ...)
@@ -268086,14 +268172,14 @@ CVE-2022-29508 (Null pointer dereference in the
Intel(R) VROC software before ve
CVE-2022-29507 (Insufficiently protected credentials in the Intel(R) Team Blue
mobile ...)
NOT-FOR-US: Intel
CVE-2022-29478
- RESERVED
+ REJECTED
CVE-2022-29470 (Improper access control in the Intel\xae DTT Software before
version 8 ...)
NOT-FOR-US: Intel
CVE-2022-28693 (Unprotected alternative channel of return branch target
prediction in ...)
NOT-FOR-US: Intel
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html
CVE-2022-27877
- RESERVED
+ REJECTED
CVE-2022-27808 (Insufficient control flow management in some Intel(R) Ethernet
Control ...)
NOT-FOR-US: Intel
CVE-2022-26844 (Insufficiently protected credentials in the installation
binaries for ...)
@@ -271231,7 +271317,7 @@ CVE-2022-29505 (Due to build misconfiguration in
openssl dependency, LINE for Wi
CVE-2022-29486 (Improper buffer restrictions in the Hyperscan library
maintained by In ...)
NOT-FOR-US: Intel
CVE-2022-29469
- RESERVED
+ REJECTED
CVE-2022-29466 (Improper input validation in firmware for Intel(R) SPS before
version ...)
NOT-FOR-US: Intel
CVE-2022-29262 (Improper buffer restrictions in some Intel(R) Server Board
BIOS firmwa ...)
@@ -271243,7 +271329,7 @@ CVE-2022-27497 (Null pointer dereference in firmware
for Intel(R) AMT before ver
CVE-2022-27493 (Improper initialization in the firmware for some Intel(R) NUC
Laptop K ...)
NOT-FOR-US: Intel
CVE-2022-26424
- RESERVED
+ REJECTED
CVE-2022-25899 (Authentication bypass for the Open AMT Cloud Toolkit software
maintain ...)
NOT-FOR-US: Intel
CVE-2022-1406 (Improper input validation in GitLab CE/EE affecting all
versions from ...)
@@ -273445,11 +273531,11 @@ CVE-2022-28711 (A memory corruption vulnerability
exists in the cgi.c unescape f
CVE-2022-28709 (Improper access control in the firmware for some Intel(R) E810
Etherne ...)
NOT-FOR-US: Intel
CVE-2022-28698
- RESERVED
+ REJECTED
CVE-2022-28696 (Uncontrolled search path in the Intel(R) Distribution for
Python befor ...)
NOT-FOR-US: Intel
CVE-2022-28694
- RESERVED
+ REJECTED
CVE-2022-28688 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: AVEVA
CVE-2022-28687 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
@@ -273505,7 +273591,7 @@ CVE-2022-28126 (Improper input validation in some
Intel(R) XMM(TM) 7560 Modem so
CVE-2022-27879 (Improper buffer restrictions in the BIOS firmware for some
Intel(R) Pr ...)
NOT-FOR-US: Intel
CVE-2022-27876
- RESERVED
+ REJECTED
CVE-2022-27874 (Improper authentication in some Intel(R) XMM(TM) 7560 Modem
software b ...)
NOT-FOR-US: Intel
CVE-2022-27639 (Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem
software before ...)
@@ -273521,7 +273607,7 @@ CVE-2022-27234 (Server-side request forgery in the
CVAT software maintained by I
CVE-2022-27187 (Uncontrolled search path element in the Intel(R) Quartus Prime
Standar ...)
NOT-FOR-US: Intel
CVE-2022-27173
- RESERVED
+ REJECTED
CVE-2022-26845 (Improper authentication in firmware for Intel(R) AMT before
versions 1 ...)
NOT-FOR-US: Intel
CVE-2022-26841 (Insufficient control flow management for the Intel(R) SGX SDK
software ...)
@@ -273531,7 +273617,7 @@ CVE-2022-26837 (Improper input validation in the BIOS
firmware for some Intel(R)
CVE-2022-26833 (An improper authentication vulnerability exists in the REST
API functi ...)
NOT-FOR-US: Open Automation Software
CVE-2022-26515
- RESERVED
+ REJECTED
CVE-2022-26513 (Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem
software befor ...)
NOT-FOR-US: Intel
CVE-2022-26509 (Improper conditions check in the Intel(R) SGX SDK software may
allow a ...)
@@ -273553,7 +273639,7 @@ CVE-2022-26047 (Improper input validation for some
Intel(R) PROSet/Wireless WiFi
CVE-2022-26045 (Improper buffer restrictions in some Intel(R) XMM(TM) 7560
Modem softw ...)
NOT-FOR-US: Intel
CVE-2022-25868
- RESERVED
+ REJECTED
CVE-2022-1284 (heap-use-after-free in GitHub repository radareorg/radare2
prior to 5. ...)
- radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/e98ad92c-3a64-48fb-84d4-d13afdbcbdd7
@@ -280643,7 +280729,7 @@ CVE-2022-26335 (A vulnerability has been identified
in SCALANCE X302-7 EEC (230V
CVE-2022-26334 (A vulnerability has been identified in SCALANCE X302-7 EEC
(230V), SCA ...)
NOT-FOR-US: Siemens SCALANCE
CVE-2022-26304
- RESERVED
+ REJECTED
CVE-2022-26131 (Power Line Communications PLC4TRUCKS J2497 trailer receivers
are susce ...)
NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer receivers
CVE-2022-26124 (Improper buffer restrictions in BIOS firmware for some
Intel(R) NUC Bo ...)
@@ -280656,13 +280742,13 @@ CVE-2022-26083 (Generation of weak initialization
vector in an Intel(R) IPP Cryp
CVE-2022-26074 (Incomplete cleanup in a firmware subsystem for Intel(R) SPS
before ver ...)
NOT-FOR-US: Intel
CVE-2022-26072
- RESERVED
+ REJECTED
CVE-2022-26056
- RESERVED
+ REJECTED
CVE-2022-26038
- RESERVED
+ REJECTED
CVE-2022-26037
- RESERVED
+ REJECTED
CVE-2022-26028 (Uncontrolled search path in the Intel(R) VTune(TM) Profiler
software b ...)
NOT-FOR-US: Intel
CVE-2022-26006 (Improper input validation in the BIOS firmware for some
Intel(R) Proce ...)
@@ -280678,9 +280764,9 @@ CVE-2022-25922 (Power Line Communications PLC4TRUCKS
J2497 trailer brake control
CVE-2022-25917 (Uncaught exception in the firmware for some Intel(R) Server
Board M50C ...)
NOT-FOR-US: Intel
CVE-2022-25909
- RESERVED
+ REJECTED
CVE-2022-25870
- RESERVED
+ REJECTED
CVE-2022-25864 (Uncontrolled search path in some Intel(R) oneMKL software
before versi ...)
NOT-FOR-US: Intel
CVE-2022-0822 (Cross-site Scripting (XSS) - Reflected in GitHub repository
orchardcms ...)
@@ -283331,7 +283417,7 @@ CVE-2022-25339 (ownCloud owncloud/android 2.20 has
Incorrect Access Control for
CVE-2022-25338 (ownCloud owncloud/android before 2.20 has Incorrect Access
Control for ...)
NOT-FOR-US: Owncloud client for Android
CVE-2022-24914
- RESERVED
+ REJECTED
CVE-2022-24436 (Observable behavioral in power management throttling for some
Intel(R) ...)
NOT-FOR-US: hardware vulnerability in Intel CPUs
NOTE: https://www.hertzbleed.com/
@@ -283339,7 +283425,7 @@ CVE-2022-24436 (Observable behavioral in power
management throttling for some In
CVE-2022-24378 (Improper initialization in the Intel(R) Data Center Manager
software b ...)
NOT-FOR-US: Intel
CVE-2022-24067
- RESERVED
+ REJECTED
CVE-2022-23403 (Improper input validation in the Intel(R) Data Center Manager
software ...)
NOT-FOR-US: Intel
CVE-2022-23182 (Improper access control in the Intel(R) Data Center Manager
software b ...)
@@ -283351,7 +283437,7 @@ CVE-2022-21225 (Improper neutralization in the
Intel(R) Data Center Manager soft
CVE-2022-21198 (Time-of-check time-of-use race condition in the BIOS firmware
for some ...)
NOT-FOR-US: Intel
CVE-2022-21183
- RESERVED
+ REJECTED
CVE-2016-20014 (In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt
does no ...)
- libpam-tacplus <removed> (bug #1009966)
[buster] - libpam-tacplus <no-dsa> (Minor issue)
@@ -286465,15 +286551,15 @@ CVE-2022-24379 (Improper input validation in some
Intel(R) Server System M70KLP
CVE-2022-24297 (Improper buffer restrictions in firmware for some Intel(R)
NUCs may al ...)
NOT-FOR-US: Intel
CVE-2022-23917
- RESERVED
+ REJECTED
CVE-2022-23914
- RESERVED
+ REJECTED
CVE-2022-22730 (Improper authentication in the Intel(R) Edge Insights for
Industrial s ...)
NOT-FOR-US: Intel
CVE-2022-21807 (Uncontrolled search path elements in the Intel(R) VTune(TM)
Profiler s ...)
NOT-FOR-US: Intel
CVE-2022-21795
- RESERVED
+ REJECTED
CVE-2022-21233 (Improper isolation of shared resources in some Intel(R)
Processors may ...)
{DLA-3379-1}
- intel-microcode 3.20220809.1
@@ -299392,21 +299478,21 @@ CVE-2022-21229 (Improper buffer restrictions for
some Intel(R) NUC 9 Extreme Lap
CVE-2022-21226 (Out-of-bounds read in the Intel(R) Trace Analyzer and
Collector before ...)
NOT-FOR-US: Intel
CVE-2022-21206
- RESERVED
+ REJECTED
CVE-2022-21188
- RESERVED
+ REJECTED
CVE-2022-21185
- RESERVED
+ REJECTED
CVE-2022-21175
- RESERVED
+ REJECTED
CVE-2022-21171
- RESERVED
+ REJECTED
CVE-2022-21163 (Improper access control in the Crypto API Toolkit for Intel(R)
SGX bef ...)
NOT-FOR-US: Intel
CVE-2022-21162 (Uncontrolled search path for the Intel(R) HDMI Firmware Update
tool fo ...)
NOT-FOR-US: Intel
CVE-2022-21161
- RESERVED
+ REJECTED
CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer
and Col ...)
NOT-FOR-US: Intel
CVE-2022-21152 (Improper access control in the Intel(R) Edge Insights for
Industrial s ...)
@@ -299416,7 +299502,7 @@ CVE-2022-21150
CVE-2022-21148 (Improper access control in the Intel(R) Edge Insights for
Industrial s ...)
NOT-FOR-US: Intel
CVE-2022-21135
- RESERVED
+ REJECTED
CVE-2021-44789
REJECTED
CVE-2021-44788
@@ -304304,7 +304390,7 @@ CVE-2021-3950 (django-helpdesk is vulnerable to
Improper Neutralization of Input
CVE-2022-21220 (Improper restriction of XML external entity for Intel(R)
Quartus(R) Pr ...)
NOT-FOR-US: Intel
CVE-2022-21207
- RESERVED
+ REJECTED
CVE-2022-21205 (Improper restriction of XML external entity reference in DSP
Builder P ...)
NOT-FOR-US: Intel
CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for
Intel(R) Quart ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57d69ceea5c3cb21f213b8f3b00ab65d728ffba6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57d69ceea5c3cb21f213b8f3b00ab65d728ffba6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
