[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 5 20:10:38 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eeedeb5b by security tracker role at 2022-12-05T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,485 @@
-CVE-2022-46421
+CVE-2022-46644
+ RESERVED
+CVE-2022-46643
+ RESERVED
+CVE-2022-46642
+ RESERVED
+CVE-2022-46641
+ RESERVED
+CVE-2022-46640
+ RESERVED
+CVE-2022-46639
+ RESERVED
+CVE-2022-46638
+ RESERVED
+CVE-2022-46637
+ RESERVED
+CVE-2022-46636
+ RESERVED
+CVE-2022-46635
+ RESERVED
+CVE-2022-46634
+ RESERVED
+CVE-2022-46633
+ RESERVED
+CVE-2022-46632
+ RESERVED
+CVE-2022-46631
+ RESERVED
+CVE-2022-46630
+ RESERVED
+CVE-2022-46629
+ RESERVED
+CVE-2022-46628
+ RESERVED
+CVE-2022-46627
+ RESERVED
+CVE-2022-46626
+ RESERVED
+CVE-2022-46625
+ RESERVED
+CVE-2022-46624
+ RESERVED
+CVE-2022-46623
+ RESERVED
+CVE-2022-46622
+ RESERVED
+CVE-2022-46621
+ RESERVED
+CVE-2022-46620
+ RESERVED
+CVE-2022-46619
+ RESERVED
+CVE-2022-46618
+ RESERVED
+CVE-2022-46617
+ RESERVED
+CVE-2022-46616
+ RESERVED
+CVE-2022-46615
+ RESERVED
+CVE-2022-46614
+ RESERVED
+CVE-2022-46613
+ RESERVED
+CVE-2022-46612
+ RESERVED
+CVE-2022-46611
+ RESERVED
+CVE-2022-46610
+ RESERVED
+CVE-2022-46609
+ RESERVED
+CVE-2022-46608
+ RESERVED
+CVE-2022-46607
+ RESERVED
+CVE-2022-46606
+ RESERVED
+CVE-2022-46605
+ RESERVED
+CVE-2022-46604
+ RESERVED
+CVE-2022-46603
+ RESERVED
+CVE-2022-46602
+ RESERVED
+CVE-2022-46601
+ RESERVED
+CVE-2022-46600
+ RESERVED
+CVE-2022-46599
+ RESERVED
+CVE-2022-46598
+ RESERVED
+CVE-2022-46597
+ RESERVED
+CVE-2022-46596
+ RESERVED
+CVE-2022-46595
+ RESERVED
+CVE-2022-46594
+ RESERVED
+CVE-2022-46593
+ RESERVED
+CVE-2022-46592
+ RESERVED
+CVE-2022-46591
+ RESERVED
+CVE-2022-46590
+ RESERVED
+CVE-2022-46589
+ RESERVED
+CVE-2022-46588
+ RESERVED
+CVE-2022-46587
+ RESERVED
+CVE-2022-46586
+ RESERVED
+CVE-2022-46585
+ RESERVED
+CVE-2022-46584
+ RESERVED
+CVE-2022-46583
+ RESERVED
+CVE-2022-46582
+ RESERVED
+CVE-2022-46581
+ RESERVED
+CVE-2022-46580
+ RESERVED
+CVE-2022-46579
+ RESERVED
+CVE-2022-46578
+ RESERVED
+CVE-2022-46577
+ RESERVED
+CVE-2022-46576
+ RESERVED
+CVE-2022-46575
+ RESERVED
+CVE-2022-46574
+ RESERVED
+CVE-2022-46573
+ RESERVED
+CVE-2022-46572
+ RESERVED
+CVE-2022-46571
+ RESERVED
+CVE-2022-46570
+ RESERVED
+CVE-2022-46569
+ RESERVED
+CVE-2022-46568
+ RESERVED
+CVE-2022-46567
+ RESERVED
+CVE-2022-46566
+ RESERVED
+CVE-2022-46565
+ RESERVED
+CVE-2022-46564
+ RESERVED
+CVE-2022-46563
+ RESERVED
+CVE-2022-46562
+ RESERVED
+CVE-2022-46561
+ RESERVED
+CVE-2022-46560
+ RESERVED
+CVE-2022-46559
+ RESERVED
+CVE-2022-46558
+ RESERVED
+CVE-2022-46557
+ RESERVED
+CVE-2022-46556
+ RESERVED
+CVE-2022-46555
+ RESERVED
+CVE-2022-46554
+ RESERVED
+CVE-2022-46553
+ RESERVED
+CVE-2022-46552
+ RESERVED
+CVE-2022-46551
+ RESERVED
+CVE-2022-46550
+ RESERVED
+CVE-2022-46549
+ RESERVED
+CVE-2022-46548
+ RESERVED
+CVE-2022-46547
+ RESERVED
+CVE-2022-46546
+ RESERVED
+CVE-2022-46545
+ RESERVED
+CVE-2022-46544
+ RESERVED
+CVE-2022-46543
+ RESERVED
+CVE-2022-46542
+ RESERVED
+CVE-2022-46541
+ RESERVED
+CVE-2022-46540
+ RESERVED
+CVE-2022-46539
+ RESERVED
+CVE-2022-46538
+ RESERVED
+CVE-2022-46537
+ RESERVED
+CVE-2022-46536
+ RESERVED
+CVE-2022-46535
+ RESERVED
+CVE-2022-46534
+ RESERVED
+CVE-2022-46533
+ RESERVED
+CVE-2022-46532
+ RESERVED
+CVE-2022-46531
+ RESERVED
+CVE-2022-46530
+ RESERVED
+CVE-2022-46529
+ RESERVED
+CVE-2022-46528
+ RESERVED
+CVE-2022-46527
+ RESERVED
+CVE-2022-46526
+ RESERVED
+CVE-2022-46525
+ RESERVED
+CVE-2022-46524
+ RESERVED
+CVE-2022-46523
+ RESERVED
+CVE-2022-46522
+ RESERVED
+CVE-2022-46521
+ RESERVED
+CVE-2022-46520
+ RESERVED
+CVE-2022-46519
+ RESERVED
+CVE-2022-46518
+ RESERVED
+CVE-2022-46517
+ RESERVED
+CVE-2022-46516
+ RESERVED
+CVE-2022-46515
+ RESERVED
+CVE-2022-46514
+ RESERVED
+CVE-2022-46513
+ RESERVED
+CVE-2022-46512
+ RESERVED
+CVE-2022-46511
+ RESERVED
+CVE-2022-46510
+ RESERVED
+CVE-2022-46509
+ RESERVED
+CVE-2022-46508
+ RESERVED
+CVE-2022-46507
+ RESERVED
+CVE-2022-46506
+ RESERVED
+CVE-2022-46505
+ RESERVED
+CVE-2022-46504
+ RESERVED
+CVE-2022-46503
+ RESERVED
+CVE-2022-46502
+ RESERVED
+CVE-2022-46501
+ RESERVED
+CVE-2022-46500
+ RESERVED
+CVE-2022-46499
+ RESERVED
+CVE-2022-46498
+ RESERVED
+CVE-2022-46497
+ RESERVED
+CVE-2022-46496
+ RESERVED
+CVE-2022-46495
+ RESERVED
+CVE-2022-46494
+ RESERVED
+CVE-2022-46493
+ RESERVED
+CVE-2022-46492
+ RESERVED
+CVE-2022-46491
+ RESERVED
+CVE-2022-46490
+ RESERVED
+CVE-2022-46489
+ RESERVED
+CVE-2022-46488
+ RESERVED
+CVE-2022-46487
+ RESERVED
+CVE-2022-46486
+ RESERVED
+CVE-2022-46485
+ RESERVED
+CVE-2022-46484
+ RESERVED
+CVE-2022-46483
RESERVED
-CVE-2022-4281
+CVE-2022-46482
RESERVED
+CVE-2022-46481
+ RESERVED
+CVE-2022-46480
+ RESERVED
+CVE-2022-46479
+ RESERVED
+CVE-2022-46478
+ RESERVED
+CVE-2022-46477
+ RESERVED
+CVE-2022-46476
+ RESERVED
+CVE-2022-46475
+ RESERVED
+CVE-2022-46474
+ RESERVED
+CVE-2022-46473
+ RESERVED
+CVE-2022-46472
+ RESERVED
+CVE-2022-46471
+ RESERVED
+CVE-2022-46470
+ RESERVED
+CVE-2022-46469
+ RESERVED
+CVE-2022-46468
+ RESERVED
+CVE-2022-46467
+ RESERVED
+CVE-2022-46466
+ RESERVED
+CVE-2022-46465
+ RESERVED
+CVE-2022-46464
+ RESERVED
+CVE-2022-46463
+ RESERVED
+CVE-2022-46462
+ RESERVED
+CVE-2022-46461
+ RESERVED
+CVE-2022-46460
+ RESERVED
+CVE-2022-46459
+ RESERVED
+CVE-2022-46458
+ RESERVED
+CVE-2022-46457
+ RESERVED
+CVE-2022-46456
+ RESERVED
+CVE-2022-46455
+ RESERVED
+CVE-2022-46454
+ RESERVED
+CVE-2022-46453
+ RESERVED
+CVE-2022-46452
+ RESERVED
+CVE-2022-46451
+ RESERVED
+CVE-2022-46450
+ RESERVED
+CVE-2022-46449
+ RESERVED
+CVE-2022-46448
+ RESERVED
+CVE-2022-46447
+ RESERVED
+CVE-2022-46446
+ RESERVED
+CVE-2022-46445
+ RESERVED
+CVE-2022-46444
+ RESERVED
+CVE-2022-46443
+ RESERVED
+CVE-2022-46442
+ RESERVED
+CVE-2022-46441
+ RESERVED
+CVE-2022-46440
+ RESERVED
+CVE-2022-46439
+ RESERVED
+CVE-2022-46438
+ RESERVED
+CVE-2022-46437
+ RESERVED
+CVE-2022-46436
+ RESERVED
+CVE-2022-46435
+ RESERVED
+CVE-2022-46434
+ RESERVED
+CVE-2022-46433
+ RESERVED
+CVE-2022-46432
+ RESERVED
+CVE-2022-46431
+ RESERVED
+CVE-2022-46430
+ RESERVED
+CVE-2022-46429
+ RESERVED
+CVE-2022-46428
+ RESERVED
+CVE-2022-46427
+ RESERVED
+CVE-2022-46426
+ RESERVED
+CVE-2022-46425
+ RESERVED
+CVE-2022-46424
+ RESERVED
+CVE-2022-46423
+ RESERVED
+CVE-2022-46422
+ RESERVED
+CVE-2022-43486
+ RESERVED
+CVE-2022-43466
+ RESERVED
+CVE-2022-43443
+ RESERVED
+CVE-2022-4294
+ RESERVED
+CVE-2022-4293 (Floating Point Comparison with Incorrect Operator in GitHub repository ...)
+ TODO: check
+CVE-2022-4292 (Use After Free in GitHub repository vim/vim prior to 9.0.0882. ...)
+ TODO: check
+CVE-2022-4291
+ RESERVED
+CVE-2022-4290
+ RESERVED
+CVE-2022-4289
+ RESERVED
+CVE-2022-4288
+ RESERVED
+CVE-2022-4287
+ RESERVED
+CVE-2022-4286
+ RESERVED
+CVE-2022-4285
+ RESERVED
+CVE-2022-4284
+ RESERVED
+CVE-2022-4283
+ RESERVED
+CVE-2022-4282 (A vulnerability was found in SpringBootCMS and classified as critical. ...)
+ TODO: check
+CVE-2022-46421
+ RESERVED
+CVE-2022-4281 (A vulnerability has been found in Facepay 1.0 and classified as critic ...)
+ TODO: check
CVE-2022-46288
RESERVED
CVE-2022-46287
@@ -59,6 +537,7 @@ CVE-2022-46393
CVE-2022-46392
RESERVED
CVE-2022-46391 (AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to print ...)
+ {DLA-3225-1}
- awstats 7.8-3 (bug #1025410)
[bullseye] - awstats <no-dsa> (Minor issue)
NOTE: https://github.com/eldy/AWStats/pull/226
@@ -141,8 +620,7 @@ CVE-2022-4271 (Cross-site Scripting (XSS) - Reflected in GitHub repository ostic
NOT-FOR-US: osTicket
CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files Web ver ...)
NOT-FOR-US: M-Files Web
-CVE-2022-4269
- RESERVED
+CVE-2022-4269 (A flaw was found in the Linux kernel Traffic Control (TC) subsystem. U ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti@redhat.com/
CVE-2022-4268
@@ -1826,12 +2304,12 @@ CVE-2022-45826
RESERVED
CVE-2022-45825
RESERVED
-CVE-2022-45824
- RESERVED
+CVE-2022-45824 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Ca ...)
+ TODO: check
CVE-2022-45823
RESERVED
-CVE-2022-45822
- RESERVED
+CVE-2022-45822 (Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calenda ...)
+ TODO: check
CVE-2022-45821
RESERVED
CVE-2022-45820
@@ -2693,11 +3171,11 @@ CVE-2022-45480 (PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in
TODO: check
CVE-2022-45479
RESERVED
-CVE-2022-45478
- RESERVED
-CVE-2022-45477
- RESERVED
-CVE-2022-45476 (Tiny File Manager version 2.4.8 allows an unauthenticated remote attac ...)
+CVE-2022-45478 (Telepad allows an attacker (in a man-in-the-middle position between th ...)
+ TODO: check
+CVE-2022-45477 (Telepad allows remote unauthenticated users to send instructions to th ...)
+ TODO: check
+CVE-2022-45476 (Tiny File Manager version 2.4.8 executes the code of files uploaded by ...)
NOT-FOR-US: Tiny File Manager
CVE-2022-45475 (Tiny File Manager version 2.4.8 allows an unauthenticated remote attac ...)
NOT-FOR-US: Tiny File Manager
@@ -3483,12 +3961,12 @@ CVE-2022-45317
RESERVED
CVE-2022-45316
RESERVED
-CVE-2022-45315
- RESERVED
+CVE-2022-45315 (Mikrotik RouterOs before stable v7.6 was discovered to contain an out- ...)
+ TODO: check
CVE-2022-45314
RESERVED
-CVE-2022-45313
- RESERVED
+CVE-2022-45313 (Mikrotik RouterOs before stable v7.5 was discovered to contain an out- ...)
+ TODO: check
CVE-2022-45312
RESERVED
CVE-2022-45311
@@ -4026,8 +4504,8 @@ CVE-2022-3928
RESERVED
CVE-2022-3927
RESERVED
-CVE-2022-3926
- RESERVED
+CVE-2022-3926 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4 ...)
+ TODO: check
CVE-2022-3925
RESERVED
CVE-2022-3924
@@ -4190,8 +4668,8 @@ CVE-2022-3910 (Use After Free vulnerability in Linux Kernel allows Privilege Esc
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fc7222c3a9f56271fba02aabbfbae999042f1679 (6.0-rc6)
-CVE-2022-3909
- RESERVED
+CVE-2022-3909 (The Add Comments WordPress plugin through 1.0.1 does not sanitise and ...)
+ TODO: check
CVE-2022-45063 (xterm before 375 allows code execution via font ops, e.g., because an ...)
- xterm 375-1
[bullseye] - xterm <no-dsa> (Minor issue; mitigated by default in Debian)
@@ -4235,8 +4713,8 @@ CVE-2022-45059 (An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.
NOTE: https://github.com/varnishcache/varnish-cache/commit/fcf5722af75fdbf58dd425dd68d0beaa49bab4f4
CVE-2022-3908
RESERVED
-CVE-2022-3907
- RESERVED
+CVE-2022-3907 (The Clerk WordPress plugin before 4.0.0 is affected by time-based atta ...)
+ TODO: check
CVE-2022-3906
RESERVED
CVE-2022-3905
@@ -4277,8 +4755,7 @@ CVE-2022-45048
RESERVED
CVE-2022-45047 (Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvide ...)
NOT-FOR-US: Apache Mina SSHD
-CVE-2022-45046
- RESERVED
+CVE-2022-45046 (The camel-ldap component allows LDAP Injection when using the filter o ...)
NOT-FOR-US: Apache Camel
CVE-2022-3899
RESERVED
@@ -4294,8 +4771,8 @@ CVE-2022-3894
RESERVED
CVE-2022-3893 (Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extens ...)
NOT-FOR-US: BlueSpice
-CVE-2022-3892
- RESERVED
+CVE-2022-3892 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2 ...)
+ TODO: check
CVE-2022-3891
RESERVED
CVE-2022-45045 (Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.1 ...)
@@ -5102,15 +5579,15 @@ CVE-2022-3860
RESERVED
CVE-2022-3859 (An uncontrolled search path vulnerability exists in Trellix Agent (TA) ...)
NOT-FOR-US: Trellix
-CVE-2022-3858
- RESERVED
+CVE-2022-3858 (The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeC ...)
+ TODO: check
CVE-2022-3857 [Null pointer dereference leads to segmentation fault]
RESERVED
- libpng1.6 <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2142600
NOTE: https://sourceforge.net/p/libpng/bugs/300/
-CVE-2022-3856
- RESERVED
+CVE-2022-3856 (The Comic Book Management System WordPress plugin before 2.2.0 does no ...)
+ TODO: check
CVE-2023-21403
RESERVED
CVE-2023-21402
@@ -6299,8 +6776,8 @@ CVE-2022-44637
RESERVED
CVE-2022-44636
RESERVED
-CVE-2022-3846
- RESERVED
+CVE-2022-3846 (The Workreap WordPress theme before 2.6.3 has a vulnerability with the ...)
+ TODO: check
CVE-2022-3845 (A vulnerability has been found in phpipam and classified as problemati ...)
- phpipam <itp> (bug #731713)
CVE-2022-3844 (A vulnerability, which was classified as problematic, was found in Web ...)
@@ -6373,10 +6850,10 @@ CVE-2022-3840
RESERVED
CVE-2022-3839 (The Analytics for WP WordPress plugin through 1.5.1 does not sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3838
- RESERVED
-CVE-2022-3837
- RESERVED
+CVE-2022-3838 (The WPUpper Share Buttons WordPress plugin through 3.42 does not sanit ...)
+ TODO: check
+CVE-2022-3837 (The Uji Countdown WordPress plugin through 2.2 does not sanitise and e ...)
+ TODO: check
CVE-2022-3836
RESERVED
CVE-2022-3835
@@ -6389,8 +6866,8 @@ CVE-2022-3832
RESERVED
CVE-2022-3831 (The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3830
- RESERVED
+CVE-2022-3830 (The WP Page Builder WordPress plugin through 1.2.8 does not sanitise a ...)
+ TODO: check
CVE-2022-3829
RESERVED
CVE-2022-3828 (The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise ...)
@@ -10232,8 +10709,8 @@ CVE-2022-3696 (A post-auth code injection vulnerability allows admins to execute
NOT-FOR-US: Sophos
CVE-2022-3695
RESERVED
-CVE-2022-3694
- RESERVED
+CVE-2022-3694 (The Syncee WordPress plugin before 1.0.10 leaks the administrator toke ...)
+ TODO: check
CVE-2022-3693
RESERVED
CVE-2022-3692
@@ -10498,8 +10975,8 @@ CVE-2022-3679
RESERVED
CVE-2022-3678
RESERVED
-CVE-2022-3677
- RESERVED
+CVE-2022-3677 (The Advanced Import WordPress plugin before 1.3.8 does not have CSRF c ...)
+ TODO: check
CVE-2022-3676 (In Eclipse Openj9 before version 0.35.0, interface calls can be inline ...)
NOT-FOR-US: Eclipse Openj9
CVE-2022-3675 (Fedora CoreOS supports setting a GRUB bootloader password using a Buta ...)
@@ -10881,8 +11358,8 @@ CVE-2022-43517
RESERVED
CVE-2022-43516
RESERVED
-CVE-2022-43515
- RESERVED
+CVE-2022-43515 (Zabbix Frontend provides a feature that allows admins to maintain the ...)
+ TODO: check
CVE-2022-43514
RESERVED
CVE-2022-43513
@@ -13837,8 +14314,8 @@ CVE-2022-3428
RESERVED
CVE-2022-3427
RESERVED
-CVE-2022-3426
- RESERVED
+CVE-2022-3426 (The Advanced WP Columns WordPress plugin through 2.0.6 does not saniti ...)
+ TODO: check
CVE-2022-3425
RESERVED
CVE-2022-3424 [misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os]
@@ -17357,8 +17834,8 @@ CVE-2022-3251 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in G
NOT-FOR-US: minarca
CVE-2022-3250 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-3249
- RESERVED
+CVE-2022-3249 (The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sa ...)
+ TODO: check
CVE-2022-3248
RESERVED
CVE-2022-3247 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plug ...)
@@ -39892,38 +40369,38 @@ CVE-2022-32636
RESERVED
CVE-2022-32635
RESERVED
-CVE-2022-32634
- RESERVED
-CVE-2022-32633
- RESERVED
-CVE-2022-32632
- RESERVED
-CVE-2022-32631
- RESERVED
-CVE-2022-32630
- RESERVED
-CVE-2022-32629
- RESERVED
-CVE-2022-32628
- RESERVED
+CVE-2022-32634 (In ccci, there is a possible out of bounds write due to improper input ...)
+ TODO: check
+CVE-2022-32633 (In Wi-Fi, there is a possible memory access violation due to a logic e ...)
+ TODO: check
+CVE-2022-32632 (In Wi-Fi, there is a possible out of bounds write due to improper inpu ...)
+ TODO: check
+CVE-2022-32631 (In Wi-Fi, there is a possible out of bounds write due to improper inpu ...)
+ TODO: check
+CVE-2022-32630 (In throttling, there is a possible out of bounds write due to an incor ...)
+ TODO: check
+CVE-2022-32629 (In isp, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2022-32628 (In isp, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
CVE-2022-32627
RESERVED
-CVE-2022-32626
- RESERVED
-CVE-2022-32625
- RESERVED
-CVE-2022-32624
- RESERVED
+CVE-2022-32626 (In display, there is a possible out of bounds write due to an incorrec ...)
+ TODO: check
+CVE-2022-32625 (In display, there is a possible out of bounds write due to an incorrec ...)
+ TODO: check
+CVE-2022-32624 (In throttling, there is a possible out of bounds write due to an incor ...)
+ TODO: check
CVE-2022-32623
RESERVED
-CVE-2022-32622
- RESERVED
-CVE-2022-32621
- RESERVED
-CVE-2022-32620
- RESERVED
-CVE-2022-32619
- RESERVED
+CVE-2022-32622 (In gz, there is a possible memory corruption due to a missing bounds c ...)
+ TODO: check
+CVE-2022-32621 (In isp, there is a possible out of bounds write due to a race conditio ...)
+ TODO: check
+CVE-2022-32620 (In mpu, there is a possible memory corruption due to a logic error. Th ...)
+ TODO: check
+CVE-2022-32619 (In keyinstall, there is a possible out of bounds write due to an incor ...)
+ TODO: check
CVE-2022-32618 (In typec, there is a possible out of bounds write due to an incorrect ...)
NOT-FOR-US: Mediatek
CVE-2022-32617 (In typec, there is a possible out of bounds write due to an incorrect ...)
@@ -39964,16 +40441,16 @@ CVE-2022-32600
RESERVED
CVE-2022-32599
RESERVED
-CVE-2022-32598
- RESERVED
-CVE-2022-32597
- RESERVED
-CVE-2022-32596
- RESERVED
+CVE-2022-32598 (In widevine, there is a possible out of bounds write due to an incorre ...)
+ TODO: check
+CVE-2022-32597 (In widevine, there is a possible out of bounds write due to an incorre ...)
+ TODO: check
+CVE-2022-32596 (In widevine, there is a possible out of bounds write due to an incorre ...)
+ TODO: check
CVE-2022-32595
RESERVED
-CVE-2022-32594
- RESERVED
+CVE-2022-32594 (In widevine, there is a possible out of bounds write due to an incorre ...)
+ TODO: check
CVE-2022-32593 (In vowe, there is a possible out of bounds write due to a missing boun ...)
NOT-FOR-US: Mediatek
CVE-2022-32592 (In cpu dvfs, there is a possible out of bounds write due to a missing ...)
@@ -48030,8 +48507,8 @@ CVE-2022-1542 (The HPB Dashboard WordPress plugin through 1.3.1 does not sanitis
NOT-FOR-US: WordPress plugin
CVE-2022-1541 (The Video Slider WordPress plugin before 1.4.8 does not sanitize or es ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1540
- RESERVED
+CVE-2022-1540 (The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not ...)
+ TODO: check
CVE-2022-1539 (The Exports and Reports WordPress plugin before 0.9.2 does not sanitiz ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1538
@@ -205013,7 +205490,7 @@ CVE-2020-8289 (Backblaze for Windows before 7.0.1.433 and Backblaze for macOS be
CVE-2020-8288 (The `specializedRendering` function in Rocket.Chat server before 3.9.2 ...)
NOT-FOR-US: Rocket.Chat
CVE-2020-8287 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two co ...)
- {DSA-4826-1}
+ {DSA-4826-1 DLA-3224-1}
- http-parser 2.9.4-5 (bug #1016690)
[bullseye] - http-parser 2.9.4-4+deb11u1
- nodejs 12.20.1~dfsg-1 (bug #979364)
@@ -238653,6 +239130,7 @@ CVE-2019-15135 (The handshake protocol in Object Management Group (OMG) DDS Secu
CVE-2019-15134 (RIOT through 2019.07 contains a memory leak in the TCP implementation ...)
NOT-FOR-US: RIOT RIOT-OS
CVE-2019-15133 (In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by ...)
+ {DLA-3223-1}
[experimental] - giflib 5.1.8-1
- giflib 5.1.9-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13008
@@ -305201,6 +305679,7 @@ CVE-2018-11492 (ASUS HG100 devices allow denial of service via an IPv4 packet fl
CVE-2018-11491 (ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated ...)
NOT-FOR-US: ASUS HG100 devices
CVE-2018-11490 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly vers ...)
+ {DLA-3223-1}
[experimental] - giflib 5.1.7-1
- giflib 5.1.9-1 (bug #904114)
NOTE: https://github.com/pts/sam2p/issues/38
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eeedeb5b63d77d7674dfffcfbe8bf248dec8ebe3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eeedeb5b63d77d7674dfffcfbe8bf248dec8ebe3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221205/76cc73aa/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list