[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 10 09:10:25 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c84f2b60 by security tracker role at 2022-08-10T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,161 @@
+CVE-2022-38115
+ RESERVED
+CVE-2022-38114
+ RESERVED
+CVE-2022-38113
+ RESERVED
+CVE-2022-38112
+ RESERVED
+CVE-2022-38111
+ RESERVED
+CVE-2022-38110
+ RESERVED
+CVE-2022-38109
+ RESERVED
+CVE-2022-38108
+ RESERVED
+CVE-2022-38107
+ RESERVED
+CVE-2022-38106
+ RESERVED
+CVE-2022-38093
+ RESERVED
+CVE-2022-38070
+ RESERVED
+CVE-2022-38068
+ RESERVED
+CVE-2022-38067
+ RESERVED
+CVE-2022-38062
+ RESERVED
+CVE-2022-38061
+ RESERVED
+CVE-2022-38059
+ RESERVED
+CVE-2022-38058
+ RESERVED
+CVE-2022-38054
+ RESERVED
+CVE-2022-37412
+ RESERVED
+CVE-2022-37411
+ RESERVED
+CVE-2022-37407
+ RESERVED
+CVE-2022-37405
+ RESERVED
+CVE-2022-37404
+ RESERVED
+CVE-2022-37403
+ RESERVED
+CVE-2022-37402
+ RESERVED
+CVE-2022-37344
+ RESERVED
+CVE-2022-37339
+ RESERVED
+CVE-2022-37338
+ RESERVED
+CVE-2022-37335
+ RESERVED
+CVE-2022-37330
+ RESERVED
+CVE-2022-37328
+ RESERVED
+CVE-2022-36798
+ RESERVED
+CVE-2022-36796
+ RESERVED
+CVE-2022-36793
+ RESERVED
+CVE-2022-36791
+ RESERVED
+CVE-2022-36428
+ RESERVED
+CVE-2022-36427
+ RESERVED
+CVE-2022-36425
+ RESERVED
+CVE-2022-36422
+ RESERVED
+CVE-2022-36405
+ RESERVED
+CVE-2022-36394
+ RESERVED
+CVE-2022-36390
+ RESERVED
+CVE-2022-36387
+ RESERVED
+CVE-2022-36383
+ RESERVED
+CVE-2022-36376
+ RESERVED
+CVE-2022-36373
+ RESERVED
+CVE-2022-36365
+ RESERVED
+CVE-2022-36358
+ RESERVED
+CVE-2022-36355
+ RESERVED
+CVE-2022-36352
+ RESERVED
+CVE-2022-36347
+ RESERVED
+CVE-2022-36345
+ RESERVED
+CVE-2022-35726
+ RESERVED
+CVE-2022-35725
+ RESERVED
+CVE-2022-35277
+ RESERVED
+CVE-2022-35275
+ RESERVED
+CVE-2022-35242
+ RESERVED
+CVE-2022-35235
+ RESERVED
+CVE-2022-31474
+ RESERVED
+CVE-2022-29476
+ RESERVED
+CVE-2022-2743
+ RESERVED
+CVE-2022-2742
+ RESERVED
+CVE-2022-2741
+ RESERVED
+CVE-2022-2740
+ RESERVED
+CVE-2022-2739
+ RESERVED
+CVE-2022-2738
+ RESERVED
+CVE-2022-2737
+ RESERVED
+CVE-2022-2736
+ RESERVED
+CVE-2022-2735
+ RESERVED
+CVE-2022-2734 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
+ TODO: check
+CVE-2022-2733 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...)
+ TODO: check
+CVE-2022-2732 (Improper Privilege Management in GitHub repository openemr/openemr pri ...)
+ TODO: check
+CVE-2022-2731 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...)
+ TODO: check
+CVE-2022-2730 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
+ TODO: check
+CVE-2022-2729 (Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr ...)
+ TODO: check
+CVE-2022-2728 (A vulnerability was found in SourceCodester Gym Management System. It ...)
+ TODO: check
+CVE-2022-2727 (A vulnerability was found in SourceCodester Gym Management System. It ...)
+ TODO: check
+CVE-2022-2726 (A vulnerability classified as critical has been found in SEMCMS. This ...)
+ TODO: check
CVE-2022-38053
RESERVED
CVE-2022-38052
@@ -352,14 +510,14 @@ CVE-2022-37878
RESERVED
CVE-2022-37877
RESERVED
-CVE-2022-2725
- RESERVED
-CVE-2022-2724
- RESERVED
-CVE-2022-2723
- RESERVED
-CVE-2022-2722
- RESERVED
+CVE-2022-2725 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...)
+ TODO: check
+CVE-2022-2724 (A vulnerability was found in SourceCodester Employee Management System ...)
+ TODO: check
+CVE-2022-2723 (A vulnerability was found in SourceCodester Employee Management System ...)
+ TODO: check
+CVE-2022-2722 (A vulnerability was found in SourceCodester Simple Student Information ...)
+ TODO: check
CVE-2022-2721
RESERVED
CVE-2022-2720
@@ -396,8 +554,7 @@ CVE-2022-37864
RESERVED
CVE-2022-35733
RESERVED
-CVE-2022-2719 [Assertion Failure could lead to DoS due to attempted writing of NULL image list]
- RESERVED
+CVE-2022-2719 (In ImageMagick, a crafted file could trigger an assertion failure when ...)
- imagemagick <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2116537
NOTE: https://github.com/ImageMagick/ImageMagick/commit/716496e6df0add89e9679d6da9c0afca814cfe49
@@ -408,8 +565,8 @@ CVE-2022-2717
RESERVED
CVE-2022-2716
RESERVED
-CVE-2022-2715
- RESERVED
+CVE-2022-2715 (A vulnerability has been found in SourceCodester Employee Management S ...)
+ TODO: check
CVE-2022-2714
RESERVED
CVE-2022-2713 (Insufficient Session Expiration in GitHub repository cockpit-hq/cockpi ...)
@@ -1574,8 +1731,8 @@ CVE-2022-2635
RESERVED
CVE-2022-37393
RESERVED
-CVE-2022-2634
- RESERVED
+CVE-2022-2634 (An attacker may be able to execute malicious actions due to the lack o ...)
+ TODO: check
CVE-2022-37392
RESERVED
CVE-2022-37391
@@ -2463,8 +2620,8 @@ CVE-2022-37026
RESERVED
CVE-2022-37025
RESERVED
-CVE-2022-37024
- RESERVED
+CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
+ TODO: check
CVE-2022-2588
RESERVED
- linux <unfixed>
@@ -2616,22 +2773,22 @@ CVE-2022-2564 (Prototype Pollution in GitHub repository automattic/mongoose prio
NOT-FOR-US: Mongoose
CVE-2022-2563
RESERVED
-CVE-2022-37008
- RESERVED
-CVE-2022-37007
- RESERVED
-CVE-2022-37006
- RESERVED
-CVE-2022-37005
- RESERVED
-CVE-2022-37004
- RESERVED
-CVE-2022-37003
- RESERVED
-CVE-2022-37002
- RESERVED
-CVE-2022-37001
- RESERVED
+CVE-2022-37008 (The recovery module has a vulnerability of bypassing the verification ...)
+ TODO: check
+CVE-2022-37007 (The chinadrm module has an out-of-bounds read vulnerability. Successfu ...)
+ TODO: check
+CVE-2022-37006 (Permission control vulnerability in the network module. Successful exp ...)
+ TODO: check
+CVE-2022-37005 (The Settings application has an argument injection vulnerability. Succ ...)
+ TODO: check
+CVE-2022-37004 (The Settings application has a vulnerability of bypassing the out-of-b ...)
+ TODO: check
+CVE-2022-37003 (The AOD module has a vulnerability in permission assignment. Successfu ...)
+ TODO: check
+CVE-2022-37002 (The SystemUI module has a privilege escalation vulnerability. Successf ...)
+ TODO: check
+CVE-2022-37001 (The diag-router module has a vulnerability in intercepting excessive l ...)
+ TODO: check
CVE-2022-37000 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...)
NOT-FOR-US: Veritas
CVE-2022-36999 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...)
@@ -4424,11 +4581,9 @@ CVE-2022-2460 (The WPDating WordPress plugin through 7.1.9 does not properly esc
NOT-FOR-US: WordPress plugin
CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all versions befor ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2022-2458
- RESERVED
+CVE-2022-2458 (XML external entity injection(XXE) is a vulnerability that allows an a ...)
NOT-FOR-US: Red Hat Process Automation Manager
-CVE-2022-2457
- RESERVED
+CVE-2022-2457 (A flaw was found in Red Hat Process Automation Manager 7 where an atta ...)
NOT-FOR-US: Red Hat Process Automation Manager
CVE-2022-2456 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- gitlab <unfixed>
@@ -4772,11 +4927,9 @@ CVE-2016-15003 (A vulnerability has been found in FileZilla Client 3.17.0.0 and
- filezilla <not-affected> (Installer not relevant to Debian)
CVE-2015-10003 (A vulnerability, which was classified as problematic, was found in Fil ...)
NOT-FOR-US: FileZilla server
-CVE-2022-36125
- RESERVED
+CVE-2022-36125 (It is possible to crash (panic) an application by providing a corrupte ...)
NOT-FOR-US: Apache Avro
-CVE-2022-36124
- RESERVED
+CVE-2022-36124 (It is possible for a Reader to consume memory beyond the allowed const ...)
NOT-FOR-US: Apache Avro
CVE-2022-36123 (The Linux kernel before 5.18.13 lacks a certain clear operation for th ...)
- linux 5.18.14-1
@@ -5468,142 +5621,142 @@ CVE-2022-35829
RESERVED
CVE-2022-35828
RESERVED
-CVE-2022-35827
- RESERVED
-CVE-2022-35826
- RESERVED
-CVE-2022-35825
- RESERVED
-CVE-2022-35824
- RESERVED
+CVE-2022-35827 (Visual Studio Remote Code Execution Vulnerability. This CVE ID is uniq ...)
+ TODO: check
+CVE-2022-35826 (Visual Studio Remote Code Execution Vulnerability. This CVE ID is uniq ...)
+ TODO: check
+CVE-2022-35825 (Visual Studio Remote Code Execution Vulnerability. This CVE ID is uniq ...)
+ TODO: check
+CVE-2022-35824 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
+ TODO: check
CVE-2022-35823
RESERVED
CVE-2022-35822
RESERVED
-CVE-2022-35821
- RESERVED
-CVE-2022-35820
- RESERVED
-CVE-2022-35819
- RESERVED
-CVE-2022-35818
- RESERVED
-CVE-2022-35817
- RESERVED
-CVE-2022-35816
- RESERVED
-CVE-2022-35815
- RESERVED
-CVE-2022-35814
- RESERVED
-CVE-2022-35813
- RESERVED
-CVE-2022-35812
- RESERVED
-CVE-2022-35811
- RESERVED
-CVE-2022-35810
- RESERVED
-CVE-2022-35809
- RESERVED
-CVE-2022-35808
- RESERVED
-CVE-2022-35807
- RESERVED
-CVE-2022-35806
- RESERVED
+CVE-2022-35821 (Azure Sphere Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-35820 (Windows Bluetooth Driver Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-35819 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35818 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35817 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35816 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35815 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35814 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35813 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35812 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35811 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35810 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35809 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35808 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35807 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35806 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
CVE-2022-35805
RESERVED
-CVE-2022-35804
- RESERVED
+CVE-2022-35804 (SMB Client and Server Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-35803
RESERVED
-CVE-2022-35802
- RESERVED
-CVE-2022-35801
- RESERVED
-CVE-2022-35800
- RESERVED
-CVE-2022-35799
- RESERVED
+CVE-2022-35802 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35801 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35800 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35799 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
CVE-2022-35798
RESERVED
-CVE-2022-35797
- RESERVED
-CVE-2022-35796
- RESERVED
-CVE-2022-35795
- RESERVED
-CVE-2022-35794
- RESERVED
-CVE-2022-35793
- RESERVED
-CVE-2022-35792
- RESERVED
-CVE-2022-35791
- RESERVED
-CVE-2022-35790
- RESERVED
-CVE-2022-35789
- RESERVED
-CVE-2022-35788
- RESERVED
-CVE-2022-35787
- RESERVED
-CVE-2022-35786
- RESERVED
-CVE-2022-35785
- RESERVED
-CVE-2022-35784
- RESERVED
-CVE-2022-35783
- RESERVED
-CVE-2022-35782
- RESERVED
-CVE-2022-35781
- RESERVED
-CVE-2022-35780
- RESERVED
-CVE-2022-35779
- RESERVED
+CVE-2022-35797 (Windows Hello Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-35796 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-35795 (Windows Error Reporting Service Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-35794 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
+ TODO: check
+CVE-2022-35793 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-35792 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-35791 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35790 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35789 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35788 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35787 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35786 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35785 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35784 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35783 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35782 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35781 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35780 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35779 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
CVE-2022-35778
RESERVED
-CVE-2022-35777
- RESERVED
-CVE-2022-35776
- RESERVED
-CVE-2022-35775
- RESERVED
-CVE-2022-35774
- RESERVED
-CVE-2022-35773
- RESERVED
-CVE-2022-35772
- RESERVED
-CVE-2022-35771
- RESERVED
+CVE-2022-35777 (Visual Studio Remote Code Execution Vulnerability. This CVE ID is uniq ...)
+ TODO: check
+CVE-2022-35776 (Azure Site Recovery Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-35775 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35774 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-35773 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-35772 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
+ TODO: check
+CVE-2022-35771 (Windows Defender Credential Guard Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2022-35770
RESERVED
-CVE-2022-35769
- RESERVED
-CVE-2022-35768
- RESERVED
-CVE-2022-35767
- RESERVED
-CVE-2022-35766
- RESERVED
-CVE-2022-35765
- RESERVED
-CVE-2022-35764
- RESERVED
-CVE-2022-35763
- RESERVED
-CVE-2022-35762
- RESERVED
-CVE-2022-35761
- RESERVED
-CVE-2022-35760
- RESERVED
+CVE-2022-35769 (Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-35768 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-35767 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
+ TODO: check
+CVE-2022-35766 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
+ TODO: check
+CVE-2022-35765 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-35764 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-35763 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-35762 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-35761 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-35760 (Microsoft ATA Port Driver Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-35759
RESERVED
CVE-2022-35758
@@ -5672,8 +5825,7 @@ CVE-2022-35737 (SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an a
NOTE: Debian sqlite3 packages not compiled with -DSQLITE_ENABLE_STAT4
CVE-2022-35736
RESERVED
-CVE-2022-35724
- RESERVED
+CVE-2022-35724 (It is possible to provide data to be read that leads the reader to loo ...)
NOT-FOR-US: Apache Avro
CVE-2022-35723
RESERVED
@@ -5751,8 +5903,8 @@ CVE-2022-35699
RESERVED
CVE-2022-35698
RESERVED
-CVE-2022-35697
- RESERVED
+CVE-2022-35697 (Adobe Experience Manager Core Components version 2.20.6 (and earlier) ...)
+ TODO: check
CVE-2022-35696
RESERVED
CVE-2022-35695
@@ -6135,18 +6287,18 @@ CVE-2022-35540
RESERVED
CVE-2022-35539
RESERVED
-CVE-2022-35538
- RESERVED
-CVE-2022-35537
- RESERVED
-CVE-2022-35536
- RESERVED
-CVE-2022-35535
- RESERVED
-CVE-2022-35534
- RESERVED
-CVE-2022-35533
- RESERVED
+CVE-2022-35538 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has ...)
+ TODO: check
+CVE-2022-35537 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has ...)
+ TODO: check
+CVE-2022-35536 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no fi ...)
+ TODO: check
+CVE-2022-35535 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has ...)
+ TODO: check
+CVE-2022-35534 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has ...)
+ TODO: check
+CVE-2022-35533 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no fi ...)
+ TODO: check
CVE-2022-35532
RESERVED
CVE-2022-35531
@@ -6159,26 +6311,26 @@ CVE-2022-35528
RESERVED
CVE-2022-35527
RESERVED
-CVE-2022-35526
- RESERVED
-CVE-2022-35525
- RESERVED
-CVE-2022-35524
- RESERVED
-CVE-2022-35523
- RESERVED
-CVE-2022-35522
- RESERVED
-CVE-2022-35521
- RESERVED
-CVE-2022-35520
- RESERVED
-CVE-2022-35519
- RESERVED
-CVE-2022-35518
- RESERVED
-CVE-2022-35517
- RESERVED
+CVE-2022-35526 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no ...)
+ TODO: check
+CVE-2022-35525 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no fi ...)
+ TODO: check
+CVE-2022-35524 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no fi ...)
+ TODO: check
+CVE-2022-35523 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has ...)
+ TODO: check
+CVE-2022-35522 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no fi ...)
+ TODO: check
+CVE-2022-35521 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has ...)
+ TODO: check
+CVE-2022-35520 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no fi ...)
+ TODO: check
+CVE-2022-35519 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has ...)
+ TODO: check
+CVE-2022-35518 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no fi ...)
+ TODO: check
+CVE-2022-35517 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no fi ...)
+ TODO: check
CVE-2022-35516
RESERVED
CVE-2022-35515
@@ -6193,8 +6345,8 @@ CVE-2022-35511
RESERVED
CVE-2022-35510
RESERVED
-CVE-2022-35509
- RESERVED
+CVE-2022-35509 (An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulne ...)
+ TODO: check
CVE-2022-35508
RESERVED
CVE-2022-35507
@@ -6229,8 +6381,8 @@ CVE-2022-35493 (A Cross-site scripting (XSS) vulnerability in json search parse
NOT-FOR-US: eShop - Multipurpose Ecommerce Store Website
CVE-2022-35492
RESERVED
-CVE-2022-35491
- RESERVED
+CVE-2022-35491 (TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for ro ...)
+ TODO: check
CVE-2022-35490 (Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a preve ...)
- zammad <itp> (bug #841355)
CVE-2022-35489 (In Zammad 5.2.0, customers who have secondary organizations assigned w ...)
@@ -6359,8 +6511,8 @@ CVE-2022-35428
RESERVED
CVE-2022-35427
RESERVED
-CVE-2022-35426
- RESERVED
+CVE-2022-35426 (UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file P ...)
+ TODO: check
CVE-2022-35425
RESERVED
CVE-2022-35424
@@ -6711,14 +6863,14 @@ CVE-2022-35295
RESERVED
CVE-2022-35294
RESERVED
-CVE-2022-35293
- RESERVED
+CVE-2022-35293 (Due to insecure session management, SAP Enable Now allows an unauthent ...)
+ TODO: check
CVE-2022-35292
RESERVED
CVE-2022-35291 (Due to misconfigured application endpoints, SAP SuccessFactors attachm ...)
NOT-FOR-US: SAP
-CVE-2022-35290
- RESERVED
+CVE-2022-35290 (Under certain conditions SAP Authenticator for Android allows an attac ...)
+ TODO: check
CVE-2022-35289
RESERVED
CVE-2022-35288 (IBM Security Verify Information Queue 10.0.2 could allow a user to obt ...)
@@ -8254,72 +8406,72 @@ CVE-2022-34719
RESERVED
CVE-2022-34718
RESERVED
-CVE-2022-34717
- RESERVED
-CVE-2022-34716
- RESERVED
-CVE-2022-34715
- RESERVED
-CVE-2022-34714
- RESERVED
-CVE-2022-34713
- RESERVED
-CVE-2022-34712
- RESERVED
+CVE-2022-34717 (Microsoft Office Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-34716 (.NET Spoofing Vulnerability. ...)
+ TODO: check
+CVE-2022-34715 (Windows Network File System Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-34714 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
+ TODO: check
+CVE-2022-34713 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution ...)
+ TODO: check
+CVE-2022-34712 (Windows Defender Credential Guard Information Disclosure Vulnerability ...)
+ TODO: check
CVE-2022-34711
RESERVED
-CVE-2022-34710
- RESERVED
-CVE-2022-34709
- RESERVED
-CVE-2022-34708
- RESERVED
-CVE-2022-34707
- RESERVED
-CVE-2022-34706
- RESERVED
-CVE-2022-34705
- RESERVED
-CVE-2022-34704
- RESERVED
-CVE-2022-34703
- RESERVED
-CVE-2022-34702
- RESERVED
-CVE-2022-34701
- RESERVED
+CVE-2022-34710 (Windows Defender Credential Guard Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2022-34709 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...)
+ TODO: check
+CVE-2022-34708 (Windows Kernel Information Disclosure Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-34707 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-34706 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...)
+ TODO: check
+CVE-2022-34705 (Windows Defender Credential Guard Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2022-34704 (Windows Defender Credential Guard Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2022-34703 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...)
+ TODO: check
+CVE-2022-34702 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
+ TODO: check
+CVE-2022-34701 (Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vuln ...)
+ TODO: check
CVE-2022-34700
RESERVED
-CVE-2022-34699
- RESERVED
+CVE-2022-34699 (Windows Win32k Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-34698
RESERVED
CVE-2022-34697
RESERVED
-CVE-2022-34696
- RESERVED
+CVE-2022-34696 (Windows Hyper-V Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-34695
RESERVED
CVE-2022-34694
RESERVED
CVE-2022-34693
RESERVED
-CVE-2022-34692
- RESERVED
-CVE-2022-34691
- RESERVED
-CVE-2022-34690
- RESERVED
+CVE-2022-34692 (Microsoft Exchange Information Disclosure Vulnerability. This CVE ID i ...)
+ TODO: check
+CVE-2022-34691 (Active Directory Domain Services Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-34690 (Windows Fax Service Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-34689
RESERVED
CVE-2022-34688
RESERVED
-CVE-2022-34687
- RESERVED
-CVE-2022-34686
- RESERVED
-CVE-2022-34685
- RESERVED
+CVE-2022-34687 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-34686 (Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE ...)
+ TODO: check
+CVE-2022-34685 (Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE ...)
+ TODO: check
CVE-2022-34684
RESERVED
CVE-2022-34683
@@ -10393,6 +10545,7 @@ CVE-2022-26084
CVE-2022-2123 (The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF whi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2122 (DOS / potential heap overwrite in qtdemux using zlib decompression. In ...)
+ {DSA-5204-1 DLA-3069-1}
- gst-plugins-good1.0 1.20.3-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0003.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
@@ -11133,8 +11286,8 @@ CVE-2022-33672 (Azure Site Recovery Elevation of Privilege Vulnerability. This C
NOT-FOR-US: Microsoft
CVE-2022-33671 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
-CVE-2022-33670
- RESERVED
+CVE-2022-33670 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...)
+ TODO: check
CVE-2022-33669 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-33668 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
@@ -11175,14 +11328,14 @@ CVE-2022-33651 (Azure Site Recovery Elevation of Privilege Vulnerability. This C
NOT-FOR-US: Microsoft
CVE-2022-33650 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
-CVE-2022-33649
- RESERVED
-CVE-2022-33648
- RESERVED
+CVE-2022-33649 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-33648 (Microsoft Excel Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-33647
RESERVED
-CVE-2022-33646
- RESERVED
+CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-33645
RESERVED
CVE-2022-33644 (Xbox Live Save Service Elevation of Privilege Vulnerability. ...)
@@ -11193,16 +11346,16 @@ CVE-2022-33642 (Azure Site Recovery Elevation of Privilege Vulnerability. This C
NOT-FOR-US: Microsoft
CVE-2022-33641 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
-CVE-2022-33640
- RESERVED
+CVE-2022-33640 (System Center Operations Manager: Open Management Infrastructure (OMI) ...)
+ TODO: check
CVE-2022-33639 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-33638 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-33637 (Microsoft Defender for Endpoint Tampering Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-33636
- RESERVED
+CVE-2022-33636 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-33635
RESERVED
CVE-2022-33634
@@ -11211,8 +11364,8 @@ CVE-2022-33633 (Skype for Business and Lync Remote Code Execution Vulnerability.
NOT-FOR-US: Skype for Business and Lync
CVE-2022-33632 (Microsoft Office Security Feature Bypass Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-33631
- RESERVED
+CVE-2022-33631 (Microsoft Excel Security Feature Bypass Vulnerability. ...)
+ TODO: check
CVE-2022-33630
RESERVED
CVE-2022-33629
@@ -14021,8 +14174,8 @@ CVE-2022-32431
RESERVED
CVE-2022-32430 (An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers ...)
NOT-FOR-US: Lin CMS
-CVE-2022-32429
- RESERVED
+CVE-2022-32429 (An authentication-bypass issue in the component http://MYDEVICEIP/cgi- ...)
+ TODO: check
CVE-2022-32428
RESERVED
CVE-2022-32427
@@ -14548,8 +14701,8 @@ CVE-2022-32247 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.3
NOT-FOR-US: SAP
CVE-2022-32246 (SAP Busines Objects Business Intelligence Platform (Visual Difference ...)
NOT-FOR-US: SAP
-CVE-2022-32245
- RESERVED
+CVE-2022-32245 (SAP BusinessObjects Business Intelligence Platform (Open Document) - v ...)
+ TODO: check
CVE-2022-32244
RESERVED
CVE-2022-32243 (When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) ...)
@@ -14804,8 +14957,7 @@ CVE-2022-32191
RESERVED
CVE-2022-32190
RESERVED
-CVE-2022-32189
- RESERVED
+CVE-2022-32189 (A too-short encoded message can cause a panic in Float.GobDecode and R ...)
- golang-1.19 1.19-1
- golang-1.18 1.18.5-1
- golang-1.17 <unfixed>
@@ -14900,8 +15052,7 @@ CVE-2022-32150
RESERVED
CVE-2022-32149
RESERVED
-CVE-2022-32148
- RESERVED
+CVE-2022-32148 (Improper exposure of client IP addresses in net/http before Go 1.17.12 ...)
- golang-1.19 1.19~rc1-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -14939,8 +15090,7 @@ CVE-2022-30997 (Use of hard-coded credentials vulnerability exists in STARDOM FC
NOT-FOR-US: Yokogawa Electric Corporation
CVE-2022-29519 (Cleartext transmission of sensitive information vulnerability exists i ...)
NOT-FOR-US: Yokogawa Electric Corporation
-CVE-2022-1962
- RESERVED
+CVE-2022-1962 (Uncontrolled recursion in the Parse functions in go/parser before Go 1 ...)
- golang-1.19 1.19~rc2-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -15872,36 +16022,42 @@ CVE-2022-31765
CVE-2022-31764
RESERVED
CVE-2022-1925 (DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decom ...)
+ {DSA-5204-1 DLA-3069-1}
- gst-plugins-good1.0 1.20.3-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b (1.20.3)
CVE-2022-1924 (DOS / potential heap overwrite in mkv demuxing using lzo decompression ...)
+ {DSA-5204-1 DLA-3069-1}
- gst-plugins-good1.0 1.20.3-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b (1.20.3)
CVE-2022-1923 (DOS / potential heap overwrite in mkv demuxing using bzip decompressio ...)
+ {DSA-5204-1 DLA-3069-1}
- gst-plugins-good1.0 1.20.3-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b (1.20.3)
CVE-2022-1922 (DOS / potential heap overwrite in mkv demuxing using zlib decompressio ...)
+ {DSA-5204-1 DLA-3069-1}
- gst-plugins-good1.0 1.20.3-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b (1.20.3)
CVE-2022-1921 (Integer overflow in avidemux element in gst_avi_demux_invert function ...)
+ {DSA-5204-1 DLA-3069-1}
- gst-plugins-good1.0 1.20.3-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0001.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f503caad676971933dc0b52c4b313e5ef0d6dbb0
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0d9ce6c9412006c7bf2aefd1992e7d6ba16e93b7 (1.20.3)
CVE-2022-1920 (Integer overflow in matroskademux element in gst_matroska_demux_add_wv ...)
+ {DSA-5204-1 DLA-3069-1}
- gst-plugins-good1.0 1.20.3-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0004.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226
@@ -16241,14 +16397,14 @@ CVE-2022-31677
RESERVED
CVE-2022-31676
RESERVED
-CVE-2022-31675
- RESERVED
-CVE-2022-31674
- RESERVED
-CVE-2022-31673
- RESERVED
-CVE-2022-31672
- RESERVED
+CVE-2022-31675 (VMware vRealize Operations contains an authentication bypass vulnerabi ...)
+ TODO: check
+CVE-2022-31674 (VMware vRealize Operations contains an information disclosure vulnerab ...)
+ TODO: check
+CVE-2022-31673 (VMware vRealize Operations contains an information disclosure vulnerab ...)
+ TODO: check
+CVE-2022-31672 (VMware vRealize Operations contains a privilege escalation vulnerabili ...)
+ TODO: check
CVE-2022-31671
RESERVED
CVE-2022-31670
@@ -19224,8 +19380,7 @@ CVE-2022-30637
RESERVED
CVE-2022-30636
RESERVED
-CVE-2022-30635
- RESERVED
+CVE-2022-30635 (Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.1 ...)
- golang-1.19 1.19~rc2-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -19246,8 +19401,7 @@ CVE-2022-30634 (Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.
NOTE: https://go.dev/issue/52561
NOTE: https://github.com/golang/go/commit/32dedaa69e22f1a058ae90b9484fd4c3b46fbcbf (go1.18.3)
NOTE: https://github.com/golang/go/commit/2be03d789de905a4b050ff5f3a51b724e1b09494 (go1.17.11)
-CVE-2022-30633
- RESERVED
+CVE-2022-30633 (Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 ...)
- golang-1.19 1.19~rc2-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -19257,8 +19411,7 @@ CVE-2022-30633
NOTE: https://github.com/golang/go/commit/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08 (go1.19rc2)
NOTE: https://github.com/golang/go/commit/2924ced71d16297320e8ff18829c2038e6ad8d9b (go1.18.4)
NOTE: https://github.com/golang/go/commit/2678d0c957193dceef336c969a9da74dd716a827 (go1.17.12)
-CVE-2022-30632
- RESERVED
+CVE-2022-30632 (Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and ...)
- golang-1.19 1.19~rc2-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -19268,8 +19421,7 @@ CVE-2022-30632
NOTE: https://github.com/golang/go/commit/ac68c6c683409f98250d34ad282b9e1b0c9095ef (go1.19rc2)
NOTE: https://github.com/golang/go/commit/5ebd862b1714dad1544bd10a24c47cdb53ad7f46 (go1.18.4)
NOTE: https://github.com/golang/go/commit/76f8b7304d1f7c25834e2a0cc9e88c55276c47df (go1.17.12)
-CVE-2022-30631
- RESERVED
+CVE-2022-30631 (Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17. ...)
- golang-1.19 1.19~rc2-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -19279,8 +19431,7 @@ CVE-2022-30631
NOTE: https://github.com/golang/go/commit/b2b8872c876201eac2d0707276c6999ff3eb185e (go1.19rc2)
NOTE: https://github.com/golang/go/commit/8e27a8ac4c001c27713810b75925aa3794049c48 (go1.18.4)
NOTE: https://github.com/golang/go/commit/0117dee7dccbbd7803d88f65a2ce8bd686219ad3 (go1.17.12)
-CVE-2022-30630
- RESERVED
+CVE-2022-30630 (Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18. ...)
- golang-1.19 1.19~rc2-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -19290,8 +19441,7 @@ CVE-2022-30630
NOTE: https://github.com/golang/go/commit/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 (go1.19rc2)
NOTE: https://github.com/golang/go/commit/315e80d293b684ac2902819e58f618f1b5a14d49 (go1.18.4)
NOTE: https://github.com/golang/go/commit/8c1d8c836270615cfb5b229932269048ef59ac07 (go1.17.12)
-CVE-2022-30629
- RESERVED
+CVE-2022-30629 (Non-random values for ticket_age_add in session tickets in crypto/tls ...)
- golang-1.18 1.18.3-1
- golang-1.17 1.17.11-1
- golang-1.15 <removed>
@@ -19336,8 +19486,7 @@ CVE-2022-28704 (Improper access control vulnerability in Rakuten Casa version AP
NOT-FOR-US: Rakuten Casa
CVE-2022-26834 (Improper access control vulnerability in Rakuten Casa version AP_F_V1_ ...)
NOT-FOR-US: Rakuten Casa
-CVE-2022-1705
- RESERVED
+CVE-2022-1705 (Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 cli ...)
- golang-1.19 1.19~rc1-1
- golang-1.18 1.18.4-1
- golang-1.17 <unfixed>
@@ -19490,8 +19639,7 @@ CVE-2022-30582
RESERVED
CVE-2022-30581
RESERVED
-CVE-2022-30580
- RESERVED
+CVE-2022-30580 (Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 ...)
- golang-1.18 <not-affected> (Only affects Go on Windows)
- golang-1.17 <not-affected> (Only affects Go on Windows)
- golang-1.15 <not-affected> (Only affects Go on Windows)
@@ -19509,10 +19657,10 @@ CVE-2022-30576
RESERVED
CVE-2022-30575
RESERVED
-CVE-2022-30574
- RESERVED
-CVE-2022-30573
- RESERVED
+CVE-2022-30574 (The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community ...)
+ TODO: check
+CVE-2022-30573 (The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community ...)
+ TODO: check
CVE-2022-30572 (The iWay Service Manager Console component of TIBCO Software Inc.'s TI ...)
NOT-FOR-US: TIBCO
CVE-2022-30571 (The iWay Service Manager Console component of TIBCO Software Inc.'s TI ...)
@@ -20710,14 +20858,14 @@ CVE-2022-30199
RESERVED
CVE-2022-30198
RESERVED
-CVE-2022-30197
- RESERVED
+CVE-2022-30197 (Windows Kernel Information Disclosure Vulnerability. This CVE ID is un ...)
+ TODO: check
CVE-2022-30196
RESERVED
CVE-2022-30195
RESERVED
-CVE-2022-30194
- RESERVED
+CVE-2022-30194 (Windows WebBrowser Control Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-30193 (AV1 Video Extension Remote Code Execution Vulnerability. This CVE ID i ...)
NOT-FOR-US: Microsoft
CVE-2022-30192 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
@@ -20752,10 +20900,10 @@ CVE-2022-30178 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This
NOT-FOR-US: Microsoft
CVE-2022-30177 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
NOT-FOR-US: Microsoft
-CVE-2022-30176
- RESERVED
-CVE-2022-30175
- RESERVED
+CVE-2022-30176 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-30175 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
CVE-2022-30174 (Microsoft Office Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-30173 (Microsoft Excel Remote Code Execution Vulnerability. ...)
@@ -20816,8 +20964,8 @@ CVE-2022-30146 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code
NOT-FOR-US: Microsoft
CVE-2022-30145 (Windows Encrypting File System (EFS) Remote Code Execution Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2022-30144
- RESERVED
+CVE-2022-30144 (Windows Bluetooth Service Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-30143 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...)
NOT-FOR-US: Microsoft
CVE-2022-30142 (Windows File History Remote Code Execution Vulnerability. ...)
@@ -20836,10 +20984,10 @@ CVE-2022-30136 (Windows Network File System Remote Code Execution Vulnerability.
NOT-FOR-US: Microsoft
CVE-2022-30135 (Windows Media Center Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-30134
- RESERVED
-CVE-2022-30133
- RESERVED
+CVE-2022-30134 (Microsoft Exchange Information Disclosure Vulnerability. This CVE ID i ...)
+ TODO: check
+CVE-2022-30133 (Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerabil ...)
+ TODO: check
CVE-2022-30132 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2022-30131 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...)
@@ -21959,8 +22107,7 @@ CVE-2022-29806 (ZoneMinder before 1.36.13 allows remote code execution via an in
NOTE: Only supported for trusted users/behind auth, see README.debian.security
CVE-2022-29805
RESERVED
-CVE-2022-29804
- RESERVED
+CVE-2022-29804 (Incorrect conversion of certain invalid paths to valid, absolute paths ...)
- golang-1.18 <not-affected> (Only affects Go on Windows)
- golang-1.17 <not-affected> (Only affects Go on Windows)
- golang-1.15 <not-affected> (Only affects Go on Windows)
@@ -23969,8 +24116,8 @@ CVE-2022-29085 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5
NOT-FOR-US: Dell
CVE-2022-29084 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5 ...)
NOT-FOR-US: Dell
-CVE-2022-29083
- RESERVED
+CVE-2022-29083 (Prior Dell BIOS versions contain an Improper Authentication vulnerabil ...)
+ TODO: check
CVE-2022-29082 (Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0 ...)
NOT-FOR-US: EMC
CVE-2022-1332 (One of the API in Mattermost version 6.4.1 and earlier fails to proper ...)
@@ -26251,8 +26398,7 @@ CVE-2022-1192 (The Turn off all comments WordPress plugin through 1.0 does not s
NOT-FOR-US: WordPress plugin
CVE-2021-46779
RESERVED
-CVE-2021-46778
- RESERVED
+CVE-2021-46778 (Execution unit scheduler contention may lead to a side channel vulnera ...)
NOT-FOR-US: AMD
CVE-2021-46777
RESERVED
@@ -26835,8 +26981,7 @@ CVE-2022-28133 (Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier do
NOT-FOR-US: Jenkins plugin
CVE-2022-28132
RESERVED
-CVE-2022-28131
- RESERVED
+CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17. ...)
- golang-1.18 1.18.4-1
- golang-1.15 <removed>
- golang-1.11 <removed>
@@ -37333,8 +37478,8 @@ CVE-2022-24518 (Azure Site Recovery Elevation of Privilege Vulnerability. This C
NOT-FOR-US: Microsoft
CVE-2022-24517 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
NOT-FOR-US: Microsoft
-CVE-2022-24516
- RESERVED
+CVE-2022-24516 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
+ TODO: check
CVE-2022-24515 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-24514
@@ -37411,8 +37556,8 @@ CVE-2022-24479 (Connected User Experiences and Telemetry Elevation of Privilege
NOT-FOR-US: Microsoft
CVE-2022-24478
RESERVED
-CVE-2022-24477
- RESERVED
+CVE-2022-24477 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
+ TODO: check
CVE-2022-24476
RESERVED
CVE-2022-24475 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
@@ -42089,8 +42234,8 @@ CVE-2022-23240
RESERVED
CVE-2022-23239
RESERVED
-CVE-2022-23238
- RESERVED
+CVE-2022-23238 (Linux deployments of StorageGRID (formerly StorageGRID Webscale) versi ...)
+ TODO: check
CVE-2022-23237 (E-Series SANtricity OS Controller Software 11.x versions through 11.70 ...)
NOT-FOR-US: E-Series SANtricity OS Controller Software
CVE-2022-23236 (E-Series SANtricity OS Controller Software versions 11.40 through 11.7 ...)
@@ -42995,8 +43140,8 @@ CVE-2021-4204 [eBPF Improper Input Validation Vulnerability]
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/4
-CVE-2022-22983
- RESERVED
+CVE-2022-22983 (VMware Workstation (16.x prior to 16.2.4) contains an unprotected stor ...)
+ TODO: check
CVE-2022-22982 (The vCenter Server contains a server-side request forgery (SSRF) vulne ...)
NOT-FOR-US: VMWare
CVE-2022-22981
@@ -48705,10 +48850,10 @@ CVE-2022-21982
RESERVED
CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-21980
- RESERVED
-CVE-2022-21979
- RESERVED
+CVE-2022-21980 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
+ TODO: check
+CVE-2022-21979 (Microsoft Exchange Information Disclosure Vulnerability. This CVE ID i ...)
+ TODO: check
CVE-2022-21978 (Microsoft Exchange Server Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-21977 (Media Foundation Information Disclosure Vulnerability. This CVE ID is ...)
@@ -59606,42 +59751,42 @@ CVE-2022-20363
RESERVED
CVE-2022-20362
RESERVED
-CVE-2022-20361
- RESERVED
-CVE-2022-20360
- RESERVED
-CVE-2022-20359
- RESERVED
-CVE-2022-20358
- RESERVED
-CVE-2022-20357
- RESERVED
-CVE-2022-20356
- RESERVED
-CVE-2022-20355
- RESERVED
-CVE-2022-20354
- RESERVED
-CVE-2022-20353
- RESERVED
-CVE-2022-20352
- RESERVED
+CVE-2022-20361 (In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerabil ...)
+ TODO: check
+CVE-2022-20360 (In setChecked of SecureNfcPreferenceController.java, there is a missin ...)
+ TODO: check
+CVE-2022-20359 (In various methods of NotificationManagerService.java, there is a poss ...)
+ TODO: check
+CVE-2022-20358 (In startSync of AbstractThreadedSyncAdapter.java, there is a possible ...)
+ TODO: check
+CVE-2022-20357 (In writeToParcel of SurfaceControl.cpp, there is a possible informatio ...)
+ TODO: check
+CVE-2022-20356 (In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, th ...)
+ TODO: check
+CVE-2022-20355 (In get of PacProxyService.java, there is a possible system service cra ...)
+ TODO: check
+CVE-2022-20354 (In onDefaultNetworkChanged of Vpn.java, there is a possible way to dis ...)
+ TODO: check
+CVE-2022-20353 (In onSaveRingtone of DefaultRingtonePreference.java, there is a possib ...)
+ TODO: check
+CVE-2022-20352 (In addProviderRequestListener of LocationManagerService.java, there is ...)
+ TODO: check
CVE-2022-20351
RESERVED
-CVE-2022-20350
- RESERVED
-CVE-2022-20349
- RESERVED
-CVE-2022-20348
- RESERVED
-CVE-2022-20347
- RESERVED
-CVE-2022-20346
- RESERVED
-CVE-2022-20345
- RESERVED
-CVE-2022-20344
- RESERVED
+CVE-2022-20350 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...)
+ TODO: check
+CVE-2022-20349 (In WifiScanningPreferenceController and BluetoothScanningPreferenceCon ...)
+ TODO: check
+CVE-2022-20348 (In updateState of LocationServicesWifiScanningPreferenceController.jav ...)
+ TODO: check
+CVE-2022-20347 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a possi ...)
+ TODO: check
+CVE-2022-20346 (In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, ther ...)
+ TODO: check
+CVE-2022-20345 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...)
+ TODO: check
+CVE-2022-20344 (In stealReceiveChannel of EventThread.cpp, there is a possible way to ...)
+ TODO: check
CVE-2022-20343
RESERVED
CVE-2022-20342
@@ -59850,8 +59995,8 @@ CVE-2022-20241
RESERVED
CVE-2022-20240
RESERVED
-CVE-2022-20239
- RESERVED
+CVE-2022-20239 ('remap_pfn_range' here may map out of size kernel memory (for example, ...)
+ TODO: check
CVE-2022-20238 ('remap_pfn_range' here may map out of size kernel memory (for example, ...)
NOT-FOR-US: Unisoc
CVE-2022-20237
@@ -66715,8 +66860,8 @@ CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huaw
NOT-FOR-US: Huawei
CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n pr ...)
NOT-FOR-US: Huawei
-CVE-2021-40040
- RESERVED
+CVE-2021-40040 (Vulnerability of writing data to an arbitrary address in the HW_KEYMAS ...)
+ TODO: check
CVE-2021-40039 (There is a Null pointer dereference vulnerability in the camera module ...)
NOT-FOR-US: Huawei
CVE-2021-40038 (There is a Double free vulnerability in the AOD module in smartphones. ...)
@@ -66727,16 +66872,16 @@ CVE-2021-40036 (The bone voice ID TA has a memory overwrite vulnerability. Succe
NOT-FOR-US: Huawei
CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary error with ...)
NOT-FOR-US: Huawei
-CVE-2021-40034
- RESERVED
+CVE-2021-40034 (The video framework has the memory overwriting vulnerability caused by ...)
+ TODO: check
CVE-2021-40033 (There is an information exposure vulnerability on several Huawei Produ ...)
NOT-FOR-US: Huawei
CVE-2021-40032 (The bone voice ID TA has a vulnerability in information management,Suc ...)
NOT-FOR-US: Huawei
CVE-2021-40031 (There is a Null pointer dereference vulnerability in the camera module ...)
NOT-FOR-US: Huawei
-CVE-2021-40030
- RESERVED
+CVE-2021-40030 (The My HUAWEI app has a defect in the design. Successful exploitation ...)
+ TODO: check
CVE-2021-40029 (There is a Buffer overflow vulnerability due to a boundary error with ...)
NOT-FOR-US: Huawei
CVE-2021-40028 (The eID module has an out-of-bounds memory write vulnerability,Success ...)
@@ -67471,8 +67616,8 @@ CVE-2021-39698 (In aio_poll_complete_work of aio.c, there is a possible memory c
NOTE: https://source.android.com/security/bulletin/2022-03-01
CVE-2021-39697 (In checkFileUriDestination of DownloadProvider.java, there is a possib ...)
NOT-FOR-US: Android
-CVE-2021-39696
- RESERVED
+CVE-2021-39696 (In Task.java, there is a possible escalation of privilege due to a con ...)
+ TODO: check
CVE-2021-39695 (In createOrUpdate of BasePermission.java, there is a possible permissi ...)
NOT-FOR-US: Android
CVE-2021-39694 (In parse of RoleParser.java, there is a possible way for default apps ...)
@@ -82437,14 +82582,14 @@ CVE-2021-33648 (When performing the inference shape operation of Affine, Concat,
NOT-FOR-US: Mindspore deep learning
CVE-2021-33647 (When performing the inference shape operation of the Tile operator, if ...)
NOT-FOR-US: Mindspore deep learning
-CVE-2021-33646
- RESERVED
-CVE-2021-33645
- RESERVED
-CVE-2021-33644
- RESERVED
-CVE-2021-33643
- RESERVED
+CVE-2021-33646 (The th_read() function doesn’t free a variable t->th_buf.gnu_ ...)
+ TODO: check
+CVE-2021-33645 (The th_read() function doesn’t free a variable t->th_buf.gnu_ ...)
+ TODO: check
+CVE-2021-33644 (An attacker who submits a crafted tar file with size in header struct ...)
+ TODO: check
+CVE-2021-33643 (An attacker who submits a crafted tar file with size in header struct ...)
+ TODO: check
CVE-2021-33642
RESERVED
CVE-2021-33641
@@ -125884,7 +126029,7 @@ CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain sens
- xen 4.14.0+80-gd101b417b7-1
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-351.html
-CVE-2020-28367 (Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. ...)
+CVE-2020-28367 (Code injection in the go command with cgo before Go 1.14.12 and Go 1.1 ...)
{DLA-2460-1}
- golang-1.15 1.15.5-1
- golang-1.11 <removed>
@@ -160638,7 +160783,7 @@ CVE-2020-14360 (A flaw was found in the X.Org Server before version 1.20.10. An
{DSA-4803-1 DLA-2486-1}
- xorg-server 2:1.20.10-1 (bug #976216)
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b
-CVE-2020-14359 (A vulnerability was found in all versions of keycloak, where on using ...)
+CVE-2020-14359 (A vulnerability was found in all versions of Keycloak Gatekeeper, wher ...)
NOT-FOR-US: Keycloak
CVE-2020-14358
REJECTED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c84f2b60b8442253e9811a8ed5227b9c575e51d4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c84f2b60b8442253e9811a8ed5227b9c575e51d4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220810/fe572ae1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list