[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 13 20:10:46 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c13a72a8 by security tracker role at 2022-12-13T20:10:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,145 @@
+CVE-2023-21723
+ RESERVED
+CVE-2023-21722
+ RESERVED
+CVE-2023-21721
+ RESERVED
+CVE-2023-21720
+ RESERVED
+CVE-2023-21719
+ RESERVED
+CVE-2023-21718
+ RESERVED
+CVE-2023-21717
+ RESERVED
+CVE-2023-21716
+ RESERVED
+CVE-2023-21715
+ RESERVED
+CVE-2023-21714
+ RESERVED
+CVE-2023-21713
+ RESERVED
+CVE-2023-21712
+ RESERVED
+CVE-2023-21711
+ RESERVED
+CVE-2023-21710
+ RESERVED
+CVE-2023-21709
+ RESERVED
+CVE-2023-21708
+ RESERVED
+CVE-2023-21707
+ RESERVED
+CVE-2023-21706
+ RESERVED
+CVE-2023-21705
+ RESERVED
+CVE-2023-21704
+ RESERVED
+CVE-2023-21703
+ RESERVED
+CVE-2023-21702
+ RESERVED
+CVE-2023-21701
+ RESERVED
+CVE-2023-21700
+ RESERVED
+CVE-2023-21699
+ RESERVED
+CVE-2023-21698
+ RESERVED
+CVE-2023-21697
+ RESERVED
+CVE-2023-21696
+ RESERVED
+CVE-2023-21695
+ RESERVED
+CVE-2023-21694
+ RESERVED
+CVE-2023-21693
+ RESERVED
+CVE-2023-21692
+ RESERVED
+CVE-2023-21691
+ RESERVED
+CVE-2023-21690
+ RESERVED
+CVE-2023-21689
+ RESERVED
+CVE-2023-21688
+ RESERVED
+CVE-2023-21687
+ RESERVED
+CVE-2023-21686
+ RESERVED
+CVE-2023-21685
+ RESERVED
+CVE-2023-21684
+ RESERVED
+CVE-2023-21683
+ RESERVED
+CVE-2023-21682
+ RESERVED
+CVE-2023-21681
+ RESERVED
+CVE-2023-21680
+ RESERVED
+CVE-2023-21679
+ RESERVED
+CVE-2023-21678
+ RESERVED
+CVE-2023-21677
+ RESERVED
+CVE-2023-21676
+ RESERVED
+CVE-2023-21675
+ RESERVED
+CVE-2023-21674
+ RESERVED
+CVE-2022-47375
+ RESERVED
+CVE-2022-47374
+ RESERVED
+CVE-2022-47373
+ RESERVED
+CVE-2022-47372
+ RESERVED
+CVE-2022-4457
+ RESERVED
+CVE-2022-4456 (A vulnerability has been found in falling-fruit and classified as prob ...)
+ TODO: check
+CVE-2022-4455 (A vulnerability, which was classified as problematic, was found in spr ...)
+ TODO: check
+CVE-2022-4454 (A vulnerability, which was classified as critical, has been found in m ...)
+ TODO: check
+CVE-2022-4453
+ RESERVED
+CVE-2022-4452
+ RESERVED
+CVE-2022-4451
+ RESERVED
+CVE-2022-4450
+ RESERVED
+CVE-2022-4449
+ RESERVED
+CVE-2022-4448
+ RESERVED
+CVE-2022-4447
+ RESERVED
+CVE-2022-4446 (PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior ...)
+ TODO: check
+CVE-2022-4445
+ RESERVED
+CVE-2022-4444 (A vulnerability was found in ipti br.tag. It has been declared as prob ...)
+ TODO: check
+CVE-2022-4443
+ RESERVED
+CVE-2022-4442
+ RESERVED
+CVE-2019-25078 (A vulnerability classified as problematic was found in pacparser up to ...)
+ TODO: check
CVE-2022-47371
RESERVED
CVE-2022-47370
@@ -292,12 +434,12 @@ CVE-2022-47215
RESERVED
CVE-2022-47214
RESERVED
-CVE-2022-47213
- RESERVED
-CVE-2022-47212
- RESERVED
-CVE-2022-47211
- RESERVED
+CVE-2022-47213 (Microsoft Office Graphics Remote Code Execution Vulnerability. This CV ...)
+ TODO: check
+CVE-2022-47212 (Microsoft Office Graphics Remote Code Execution Vulnerability. This CV ...)
+ TODO: check
+CVE-2022-47211 (Microsoft Office Graphics Remote Code Execution Vulnerability. This CV ...)
+ TODO: check
CVE-2022-47210
RESERVED
CVE-2022-47209
@@ -1272,12 +1414,12 @@ CVE-2022-4378
NOTE: https://git.kernel.org/linus/e6cfaf34be9fcd1a8285a294e18986bfc41a409c
CVE-2022-46835
RESERVED
-CVE-2022-46834
- RESERVED
-CVE-2022-46833
- RESERVED
-CVE-2022-46832
- RESERVED
+CVE-2022-46834 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmwa ...)
+ TODO: check
+CVE-2022-46833 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmwa ...)
+ TODO: check
+CVE-2022-46832 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmwa ...)
+ TODO: check
CVE-2022-4375 (A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been cl ...)
NOT-FOR-US: Mingsoft MCMS
CVE-2022-4374
@@ -1853,8 +1995,8 @@ CVE-2022-46666
RESERVED
CVE-2022-46665
RESERVED
-CVE-2022-46664
- RESERVED
+CVE-2022-46664 (A vulnerability has been identified in Mendix Workflow Commons (All ve ...)
+ TODO: check
CVE-2022-46662
RESERVED
CVE-2022-4310
@@ -2541,11 +2683,9 @@ CVE-2022-46367
RESERVED
CVE-2022-46365
RESERVED
-CVE-2022-46364
- RESERVED
+CVE-2022-46364 (A SSRF vulnerability in parsing the href attribute of XOP:Include in M ...)
NOT-FOR-US: Apache CXF
-CVE-2022-46363
- RESERVED
+CVE-2022-46363 (A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows ...)
NOT-FOR-US: Apache CXF
CVE-2022-4271 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...)
NOT-FOR-US: osTicket
@@ -2835,28 +2975,28 @@ CVE-2022-46357
RESERVED
CVE-2022-46356
RESERVED
-CVE-2022-46355
- RESERVED
-CVE-2022-46354
- RESERVED
-CVE-2022-46353
- RESERVED
-CVE-2022-46352
- RESERVED
-CVE-2022-46351
- RESERVED
-CVE-2022-46350
- RESERVED
-CVE-2022-46349
- RESERVED
-CVE-2022-46348
- RESERVED
-CVE-2022-46347
- RESERVED
-CVE-2022-46346
- RESERVED
-CVE-2022-46345
- RESERVED
+CVE-2022-46355 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...)
+ TODO: check
+CVE-2022-46354 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...)
+ TODO: check
+CVE-2022-46353 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...)
+ TODO: check
+CVE-2022-46352 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...)
+ TODO: check
+CVE-2022-46351 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...)
+ TODO: check
+CVE-2022-46350 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...)
+ TODO: check
+CVE-2022-46349 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-46348 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-46347 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-46346 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-46345 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
CVE-2022-4239
RESERVED
CVE-2022-4238
@@ -2903,8 +3043,7 @@ CVE-2022-46339
RESERVED
CVE-2022-4224
RESERVED
-CVE-2022-4223
- RESERVED
+CVE-2022-4223 (The pgAdmin server includes an HTTP API that is intended to be used to ...)
- pgadmin4 <itp> (bug #834129)
CVE-2022-4222 (A vulnerability was found in SourceCodester Canteen Management System. ...)
NOT-FOR-US: SourceCodester Canteen Management System
@@ -3210,8 +3349,8 @@ CVE-2022-40973
RESERVED
CVE-2022-37331
RESERVED
-CVE-2022-46265
- RESERVED
+CVE-2022-46265 (A vulnerability has been identified in Polarion ALM (All versions). Th ...)
+ TODO: check
CVE-2022-46264
RESERVED
CVE-2022-46263
@@ -3468,16 +3607,16 @@ CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build export
NOTE: https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5 (v0.8.2)
CVE-2022-46145 (authentik is an open-source identity provider. Versions prior to 2022. ...)
NOT-FOR-US: authentik
-CVE-2022-46144
- RESERVED
-CVE-2022-46143
- RESERVED
-CVE-2022-46142
- RESERVED
+CVE-2022-46144 (A vulnerability has been identified in SCALANCE SC622-2C (All versions ...)
+ TODO: check
+CVE-2022-46143 (Affected devices do not check the TFTP blocksize correctly. This could ...)
+ TODO: check
+CVE-2022-46142 (Affected devices store the CLI user passwords encrypted in flash memor ...)
+ TODO: check
CVE-2022-46141
RESERVED
-CVE-2022-46140
- RESERVED
+CVE-2022-46140 (Affected devices use a weak encryption scheme to encrypt the debug zip ...)
+ TODO: check
CVE-2022-44620 (Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1 ...)
NOT-FOR-US: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware
CVE-2022-44606 (OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 ...)
@@ -3693,16 +3832,16 @@ CVE-2022-46064
RESERVED
CVE-2022-46063
RESERVED
-CVE-2022-46062
- RESERVED
-CVE-2022-46061
- RESERVED
+CVE-2022-46062 (Gym Management System v0.0.1 is vulnerable to Cross Site Request Forge ...)
+ TODO: check
+CVE-2022-46061 (AeroCMS v0.0.1 is vulnerable to ClickJacking. ...)
+ TODO: check
CVE-2022-46060
RESERVED
-CVE-2022-46059
- RESERVED
-CVE-2022-46058
- RESERVED
+CVE-2022-46059 (AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). ...)
+ TODO: check
+CVE-2022-46058 (AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) ...)
+ TODO: check
CVE-2022-46057
RESERVED
CVE-2022-46056
@@ -3715,16 +3854,16 @@ CVE-2022-46053
RESERVED
CVE-2022-46052
RESERVED
-CVE-2022-46051
- RESERVED
+CVE-2022-46051 (The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable ...)
+ TODO: check
CVE-2022-46050
RESERVED
CVE-2022-46049
RESERVED
CVE-2022-46048
RESERVED
-CVE-2022-46047
- RESERVED
+CVE-2022-46047 (AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter ...)
+ TODO: check
CVE-2022-46046
RESERVED
CVE-2022-46045
@@ -3944,10 +4083,10 @@ CVE-2022-45939 (GNU Emacs through 28.2 allows attackers to execute commands via
NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51
CVE-2022-45938
RESERVED
-CVE-2022-45937
- RESERVED
-CVE-2022-45936
- RESERVED
+CVE-2022-45937 (A vulnerability has been identified in APOGEE PXC Series (BACnet) (All ...)
+ TODO: check
+CVE-2022-45936 (A vulnerability has been identified in Mendix Email Connector (All ver ...)
+ TODO: check
CVE-2022-4146
RESERVED
CVE-2022-45935
@@ -4122,8 +4261,8 @@ CVE-2022-45873 (systemd 250 and 251 allows local users to achieve a systemd-core
NOTE: Introduced by: https://github.com/systemd/systemd/commit/61aea456c12c54f49c4a76259af130e576130ce9 (v250-rc1)
CVE-2022-45872 (iTerm2 before 3.4.18 mishandles a DECRQSS response. ...)
NOT-FOR-US: iTerm2
-CVE-2022-45871
- RESERVED
+CVE-2022-45871 (A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd ...)
+ TODO: check
CVE-2022-45870
RESERVED
CVE-2022-45869 (A race condition in the x86 KVM subsystem in the Linux kernel through ...)
@@ -4579,24 +4718,24 @@ CVE-2022-45695
RESERVED
CVE-2022-45694
RESERVED
-CVE-2022-45693
- RESERVED
+CVE-2022-45693 (Jettison before v1.5.2 was discovered to contain a stack overflow via ...)
+ TODO: check
CVE-2022-45692
RESERVED
CVE-2022-45691
RESERVED
-CVE-2022-45690
- RESERVED
-CVE-2022-45689
- RESERVED
-CVE-2022-45688
- RESERVED
+CVE-2022-45690 (A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.ja ...)
+ TODO: check
+CVE-2022-45689 (hutool-json v5.8.10 was discovered to contain an out of memory error. ...)
+ TODO: check
+CVE-2022-45688 (A stack overflow in the XML.toJSONObject component of hutool-json v5.8 ...)
+ TODO: check
CVE-2022-45687
RESERVED
CVE-2022-45686
RESERVED
-CVE-2022-45685
- RESERVED
+CVE-2022-45685 (A stack overflow in Jettison before v1.5.2 allows attackers to cause a ...)
+ TODO: check
CVE-2022-45684
RESERVED
CVE-2022-45683
@@ -4997,8 +5136,8 @@ CVE-2022-45486
RESERVED
CVE-2022-45485
RESERVED
-CVE-2022-45484
- RESERVED
+CVE-2022-45484 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+ TODO: check
CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run malicious javascript which co ...)
NOT-FOR-US: kiwi Test Plan
CVE-2022-4104 (A loop with an unreachable exit condition can be triggered by passing ...)
@@ -5013,8 +5152,8 @@ CVE-2022-4100
RESERVED
CVE-2022-4099
RESERVED
-CVE-2022-4098
- RESERVED
+CVE-2022-4098 (Multiple Wiesemann&Theis products of the ComServer Series are pron ...)
+ TODO: check
CVE-2022-4097 (The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is suscep ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4096 (Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/ap ...)
@@ -5340,8 +5479,7 @@ CVE-2022-3998 (A vulnerability, which was classified as critical, was found in M
NOT-FOR-US: MonikaBrzica scm
CVE-2022-3997 (A vulnerability, which was classified as critical, has been found in M ...)
NOT-FOR-US: MonikaBrzica scm
-CVE-2022-3996 [openssl: X.509 Policy Constraints Double Locking]
- RESERVED
+CVE-2022-3996 (If an X.509 certificate contains a malformed policy constraint and pol ...)
- openssl <unfixed>
[bullseye] - openssl <not-affected> (Only affects 3.0.x)
[buster] - openssl <not-affected> (Only affects 3.0.x)
@@ -6750,8 +6888,8 @@ CVE-2022-3885 (Use after free in V8 in Google Chrome prior to 107.0.5304.106 all
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3884
RESERVED
-CVE-2022-45044
- RESERVED
+CVE-2022-45044 (A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU v ...)
+ TODO: check
CVE-2022-3883 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3882 (The Memory Usage, Memory Limit, PHP and Server Memory Health Check and ...)
@@ -6811,8 +6949,8 @@ CVE-2022-45030
RESERVED
CVE-2022-45029
RESERVED
-CVE-2022-45028
- RESERVED
+CVE-2022-45028 (A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 ...)
+ TODO: check
CVE-2022-45027
RESERVED
CVE-2022-45026 (An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode an ...)
@@ -6857,8 +6995,8 @@ CVE-2022-45007
RESERVED
CVE-2022-45006
RESERVED
-CVE-2022-45005
- RESERVED
+CVE-2022-45005 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injec ...)
+ TODO: check
CVE-2022-45004
RESERVED
CVE-2022-45003
@@ -7484,8 +7622,8 @@ CVE-2022-44749 (A directory traversal vulnerability in the ZIP archive extractio
NOT-FOR-US: KNIME
CVE-2022-44748 (A directory traversal vulnerability in the ZIP archive extraction rout ...)
NOT-FOR-US: KNIME
-CVE-2022-44731
- RESERVED
+CVE-2022-44731 (A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All ver ...)
+ TODO: check
CVE-2022-44730
RESERVED
CVE-2022-44729
@@ -8537,102 +8675,102 @@ CVE-2023-20904
RESERVED
CVE-2022-44714
RESERVED
-CVE-2022-44713
- RESERVED
+CVE-2022-44713 (Microsoft Outlook for Mac Spoofing Vulnerability. ...)
+ TODO: check
CVE-2022-44712
RESERVED
CVE-2022-44711
RESERVED
-CVE-2022-44710
- RESERVED
+CVE-2022-44710 (DirectX Graphics Kernel Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-44709
RESERVED
-CVE-2022-44708
- RESERVED
-CVE-2022-44707
- RESERVED
+CVE-2022-44708 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-44707 (Windows Kernel Denial of Service Vulnerability. ...)
+ TODO: check
CVE-2022-44706
RESERVED
CVE-2022-44705
RESERVED
-CVE-2022-44704
- RESERVED
+CVE-2022-44704 (Microsoft Windows Sysmon Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-44703
RESERVED
-CVE-2022-44702
- RESERVED
+CVE-2022-44702 (Windows Terminal Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-44701
RESERVED
CVE-2022-44700
RESERVED
-CVE-2022-44699
- RESERVED
-CVE-2022-44698
- RESERVED
-CVE-2022-44697
- RESERVED
-CVE-2022-44696
- RESERVED
-CVE-2022-44695
- RESERVED
-CVE-2022-44694
- RESERVED
-CVE-2022-44693
- RESERVED
-CVE-2022-44692
- RESERVED
-CVE-2022-44691
- RESERVED
-CVE-2022-44690
- RESERVED
-CVE-2022-44689
- RESERVED
-CVE-2022-44688
- RESERVED
-CVE-2022-44687
- RESERVED
+CVE-2022-44699 (Azure Network Watcher Agent Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-44698 (Windows SmartScreen Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-44697 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...)
+ TODO: check
+CVE-2022-44696 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-44695 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-44694 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-44693 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
+ TODO: check
+CVE-2022-44692 (Microsoft Office Graphics Remote Code Execution Vulnerability. This CV ...)
+ TODO: check
+CVE-2022-44691 (Microsoft Office OneNote Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-44690 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
+ TODO: check
+CVE-2022-44689 (Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulne ...)
+ TODO: check
+CVE-2022-44688 (Microsoft Edge (Chromium-based) Spoofing Vulnerability. ...)
+ TODO: check
+CVE-2022-44687 (Raw Image Extension Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-44686
RESERVED
CVE-2022-44685
RESERVED
CVE-2022-44684
RESERVED
-CVE-2022-44683
- RESERVED
-CVE-2022-44682
- RESERVED
-CVE-2022-44681
- RESERVED
-CVE-2022-44680
- RESERVED
-CVE-2022-44679
- RESERVED
-CVE-2022-44678
- RESERVED
-CVE-2022-44677
- RESERVED
-CVE-2022-44676
- RESERVED
-CVE-2022-44675
- RESERVED
-CVE-2022-44674
- RESERVED
-CVE-2022-44673
- RESERVED
+CVE-2022-44683 (Windows Kernel Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-44682 (Windows Hyper-V Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-44681 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-44680 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...)
+ TODO: check
+CVE-2022-44679 (Windows Graphics Component Information Disclosure Vulnerability. This ...)
+ TODO: check
+CVE-2022-44678 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-44677 (Windows Projected File System Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-44676 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
+ TODO: check
+CVE-2022-44675 (Windows Bluetooth Driver Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-44674 (Windows Bluetooth Driver Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-44673 (Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privileg ...)
+ TODO: check
CVE-2022-44672
RESERVED
-CVE-2022-44671
- RESERVED
-CVE-2022-44670
- RESERVED
-CVE-2022-44669
- RESERVED
-CVE-2022-44668
- RESERVED
-CVE-2022-44667
- RESERVED
-CVE-2022-44666
- RESERVED
+CVE-2022-44671 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...)
+ TODO: check
+CVE-2022-44670 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
+ TODO: check
+CVE-2022-44669 (Windows Error Reporting Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-44668 (Windows Media Remote Code Execution Vulnerability. This CVE ID is uniq ...)
+ TODO: check
+CVE-2022-44667 (Windows Media Remote Code Execution Vulnerability. This CVE ID is uniq ...)
+ TODO: check
+CVE-2022-44666 (Windows Contacts Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-44665
RESERVED
CVE-2022-3855
@@ -8723,8 +8861,8 @@ CVE-2022-44638 (In libpixman in Pixman before 0.42.2, there is an out-of-bounds
CVE-2022-44637 (Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in i ...)
- redmine <unfixed> (bug #1026048)
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
-CVE-2022-44636
- RESERVED
+CVE-2022-44636 (The Samsung TV (2021 and 2022 model) smart remote control allows attac ...)
+ TODO: check
CVE-2022-3846 (The Workreap WordPress theme before 2.6.3 has a vulnerability with the ...)
NOT-FOR-US: WordPress theme
CVE-2022-3845 (A vulnerability has been found in phpipam and classified as problemati ...)
@@ -9023,8 +9161,8 @@ CVE-2022-44577
REJECTED
CVE-2022-44576 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Agen ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-44575
- RESERVED
+CVE-2022-44575 (A vulnerability has been identified in PLM Help Server V4.2 (All versi ...)
+ TODO: check
CVE-2022-44574
RESERVED
CVE-2022-44573
@@ -9331,7 +9469,7 @@ CVE-2022-44459
RESERVED
CVE-2022-44458
RESERVED
-CVE-2022-44457 (A vulnerability has been identified in Mendix SAML Module (Mendix 7 co ...)
+CVE-2022-44457 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...)
NOT-FOR-US: Siemens
CVE-2022-43506 (SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie v ...)
NOT-FOR-US: Delta Electronics
@@ -9693,8 +9831,8 @@ CVE-2022-44305
RESERVED
CVE-2022-44304
RESERVED
-CVE-2022-44303
- RESERVED
+CVE-2022-44303 (Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting ...)
+ TODO: check
CVE-2022-44302
RESERVED
CVE-2022-44301
@@ -12773,12 +12911,12 @@ CVE-2022-43726
RESERVED
CVE-2022-43725
RESERVED
-CVE-2022-43724
- RESERVED
-CVE-2022-43723
- RESERVED
-CVE-2022-43722
- RESERVED
+CVE-2022-43724 (A vulnerability has been identified in SICAM PAS/PQS (All versions < ...)
+ TODO: check
+CVE-2022-43723 (A vulnerability has been identified in SICAM PAS/PQS (All versions < ...)
+ TODO: check
+CVE-2022-43722 (A vulnerability has been identified in SICAM PAS/PQS (All versions < ...)
+ TODO: check
CVE-2022-43721
RESERVED
CVE-2022-43720
@@ -13315,8 +13453,8 @@ CVE-2022-43519
RESERVED
CVE-2022-43518 (An authenticated path traversal vulnerability exists in the Aruba Edge ...)
NOT-FOR-US: Aruba
-CVE-2022-43517
- RESERVED
+CVE-2022-43517 (A vulnerability has been identified in Simcenter STAR-CCM+ (All versio ...)
+ TODO: check
CVE-2022-43516 (A Firewall Rule which allows all incoming TCP connections to all progr ...)
TODO: check
CVE-2022-43515 (Zabbix Frontend provides a feature that allows admins to maintain the ...)
@@ -18661,12 +18799,12 @@ CVE-2022-41565
RESERVED
CVE-2022-41564
RESERVED
-CVE-2022-41563
- RESERVED
-CVE-2022-41562
- RESERVED
-CVE-2022-41561
- RESERVED
+CVE-2022-41563 (The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports S ...)
+ TODO: check
+CVE-2022-41562 (The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperRepor ...)
+ TODO: check
+CVE-2022-41561 (The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperR ...)
+ TODO: check
CVE-2022-41560 (The Statement Set Upload via the Web Client component of TIBCO Softwar ...)
TODO: check
CVE-2022-41559 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contain ...)
@@ -19480,28 +19618,28 @@ CVE-2022-41290
RESERVED
CVE-2022-41289
RESERVED
-CVE-2022-41288
- RESERVED
-CVE-2022-41287
- RESERVED
-CVE-2022-41286
- RESERVED
-CVE-2022-41285
- RESERVED
-CVE-2022-41284
- RESERVED
-CVE-2022-41283
- RESERVED
-CVE-2022-41282
- RESERVED
-CVE-2022-41281
- RESERVED
-CVE-2022-41280
- RESERVED
-CVE-2022-41279
- RESERVED
-CVE-2022-41278
- RESERVED
+CVE-2022-41288 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+ TODO: check
+CVE-2022-41287 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+ TODO: check
+CVE-2022-41286 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+ TODO: check
+CVE-2022-41285 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+ TODO: check
+CVE-2022-41284 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+ TODO: check
+CVE-2022-41283 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+ TODO: check
+CVE-2022-41282 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+ TODO: check
+CVE-2022-41281 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+ TODO: check
+CVE-2022-41280 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+ TODO: check
+CVE-2022-41279 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+ TODO: check
+CVE-2022-41278 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+ TODO: check
CVE-2022-41277
RESERVED
CVE-2022-41276
@@ -19864,8 +20002,8 @@ CVE-2022-41129
RESERVED
CVE-2022-41128 (Windows Scripting Languages Remote Code Execution Vulnerability. This ...)
NOT-FOR-US: Microsoft
-CVE-2022-41127
- RESERVED
+CVE-2022-41127 (Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On ...)
+ TODO: check
CVE-2022-41126
RESERVED
CVE-2022-41125 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability ...)
@@ -19876,8 +20014,8 @@ CVE-2022-41123 (Microsoft Exchange Server Elevation of Privilege Vulnerability.
NOT-FOR-US: Microsoft
CVE-2022-41122 (Microsoft SharePoint Server Spoofing Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-41121
- RESERVED
+CVE-2022-41121 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...)
+ TODO: check
CVE-2022-41120 (Microsoft Windows Sysmon Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-41119 (Visual Studio Remote Code Execution Vulnerability. ...)
@@ -19888,8 +20026,8 @@ CVE-2022-41117
RESERVED
CVE-2022-41116 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...)
NOT-FOR-US: Microsoft
-CVE-2022-41115
- RESERVED
+CVE-2022-41115 (Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerab ...)
+ TODO: check
CVE-2022-41114 (Windows Bind Filter Driver Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-41113 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. ...)
@@ -19930,8 +20068,8 @@ CVE-2022-41096 (Microsoft DWM Core Library Elevation of Privilege Vulnerability.
NOT-FOR-US: Microsoft
CVE-2022-41095 (Windows Digital Media Receiver Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-41094
- RESERVED
+CVE-2022-41094 (Windows Hyper-V Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-41093 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...)
NOT-FOR-US: Microsoft
CVE-2022-41092 (Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is un ...)
@@ -19940,8 +20078,8 @@ CVE-2022-41091 (Windows Mark of the Web Security Feature Bypass Vulnerability. T
NOT-FOR-US: Microsoft
CVE-2022-41090 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...)
NOT-FOR-US: Microsoft
-CVE-2022-41089
- RESERVED
+CVE-2022-41089 (.NET Framework Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-41088 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
CVE-2022-41087
@@ -19964,14 +20102,14 @@ CVE-2022-41079 (Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is
NOT-FOR-US: Microsoft
CVE-2022-41078 (Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is uniqu ...)
NOT-FOR-US: Microsoft
-CVE-2022-41077
- RESERVED
-CVE-2022-41076
- RESERVED
+CVE-2022-41077 (Windows Fax Compose Form Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-41076 (PowerShell Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-41075
RESERVED
-CVE-2022-41074
- RESERVED
+CVE-2022-41074 (Windows Graphics Component Information Disclosure Vulnerability. This ...)
+ TODO: check
CVE-2022-41073 (Windows Print Spooler Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-41072
@@ -24269,6 +24407,7 @@ CVE-2022-39261 (Twig is a template language for PHP. Versions 1.x prior to 1.44.
NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
NOTE: https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b (v1.44.7, v2.15.3, v3.4.3)
CVE-2022-39260 (Git is an open source, scalable, distributed revision control system. ...)
+ {DLA-3239-1}
- git 1:2.38.1-1 (bug #1022046)
[bullseye] - git <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
@@ -24292,6 +24431,7 @@ CVE-2022-39254 (matrix-nio is a Python Matrix client library, designed according
NOTE: https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh
NOTE: https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0 (0.20.0)
CVE-2022-39253 (Git is an open source, scalable, distributed revision control system. ...)
+ {DLA-3239-1}
- git 1:2.38.1-1 (bug #1022046)
[bullseye] - git <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
@@ -27098,7 +27238,7 @@ CVE-2022-38373 (An improper neutralization of input during web page generation v
NOT-FOR-US: FortiGuard
CVE-2022-38372 (A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3 ...)
NOT-FOR-US: FortiGuard
-CVE-2022-38371 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+CVE-2022-38371 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
NOT-FOR-US: Siemens
CVE-2022-38370 (Apache IoTDB grafana-connector version 0.13.0 contains an interface wi ...)
NOT-FOR-US: Apache IoTDB
@@ -27828,8 +27968,8 @@ CVE-2022-38126
REJECTED
CVE-2022-38125
RESERVED
-CVE-2022-38124
- RESERVED
+CVE-2022-38124 (Debug tool in Secomea SiteManager allows logged-in administrator to mo ...)
+ TODO: check
CVE-2022-38123 (Improper Input Validation of plugin files in Administrator Interface o ...)
TODO: check
CVE-2022-38122 (UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. A ...)
@@ -30792,7 +30932,7 @@ CVE-2022-37013
RESERVED
CVE-2022-37012
RESERVED
-CVE-2022-37011 (A vulnerability has been identified in Mendix SAML Module (Mendix 7 co ...)
+CVE-2022-37011 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...)
NOT-FOR-US: Siemens
CVE-2022-37010 (In JetBrains IntelliJ IDEA before 2022.2 email address validation in t ...)
- intellij-idea <itp> (bug #747616)
@@ -36633,7 +36773,7 @@ CVE-2022-2255 (A vulnerability was found in mod_wsgi. The X-Client-IP header is
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100563
NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/af3c0c2736bc0b0b01fa0f0aad3c904b7fa9c751 (4.9.3)
NOTE: WSGITrustedProxies and vulnerable code introduced in https://github.com/GrahamDumpleton/mod_wsgi/commit/543fc33c23b4cb5e623d574b7efbf85c8dedb396 (4.4.10)
-CVE-2022-34821 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...)
+CVE-2022-34821 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...)
NOT-FOR-US: Siemens
CVE-2022-34820 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...)
NOT-FOR-US: Siemens
@@ -40847,8 +40987,8 @@ CVE-2022-33270
RESERVED
CVE-2022-33269
RESERVED
-CVE-2022-33268
- RESERVED
+CVE-2022-33268 (Information disclosure due to buffer over-read in Bluetooth HOST while ...)
+ TODO: check
CVE-2022-33267
RESERVED
CVE-2022-33266
@@ -40907,14 +41047,14 @@ CVE-2022-33240
RESERVED
CVE-2022-33239 (Transient DOS due to loop with unreachable exit condition in WLAN firm ...)
NOT-FOR-US: Snapdragon
-CVE-2022-33238
- RESERVED
+CVE-2022-33238 (Transient DOS due to loop with unreachable exit condition in WLAN whil ...)
+ TODO: check
CVE-2022-33237 (Transient DOS due to buffer over-read in WLAN firmware while processin ...)
NOT-FOR-US: Snapdragon
CVE-2022-33236 (Transient DOS due to buffer over-read in WLAN firmware while parsing c ...)
NOT-FOR-US: Snapdragon
-CVE-2022-33235
- RESERVED
+CVE-2022-33235 (Information disclosure due to buffer over-read in WLAN firmware while ...)
+ TODO: check
CVE-2022-33234 (Memory corruption in video due to configuration weakness. in Snapdrago ...)
NOT-FOR-US: Snapdragon
CVE-2022-33233
@@ -45174,14 +45314,14 @@ CVE-2022-31701
RESERVED
CVE-2022-31700
RESERVED
-CVE-2022-31699
- RESERVED
-CVE-2022-31698
- RESERVED
-CVE-2022-31697
- RESERVED
-CVE-2022-31696
- RESERVED
+CVE-2022-31699 (VMware ESXi contains a heap-overflow vulnerability. A malicious local ...)
+ TODO: check
+CVE-2022-31698 (The vCenter Server contains a denial-of-service vulnerability in the c ...)
+ TODO: check
+CVE-2022-31697 (The vCenter Server contains an information disclosure vulnerability du ...)
+ TODO: check
+CVE-2022-31696 (VMware ESXi contains a memory corruption vulnerability that exists in ...)
+ TODO: check
CVE-2022-31695
RESERVED
CVE-2022-31694 (InstallBuilder Qt installers built with versions previous to 22.10 try ...)
@@ -51576,8 +51716,8 @@ CVE-2022-29581 (Improper Update of Reference Count vulnerability in net/sched of
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3db09e762dc79584a69c10d74a6b98f89a9979f8 (5.18-rc4)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/18/2
-CVE-2022-29580
- RESERVED
+CVE-2022-29580 (There exists a path traversal vulnerability in the Android Google Sear ...)
+ TODO: check
CVE-2022-29579
RESERVED
CVE-2022-1440 (Command Injection vulnerability in git-interface at 2.1.1 in GitHub repos ...)
@@ -52741,6 +52881,7 @@ CVE-2022-29189 (Pion DTLS is a Go implementation of Datagram Transport Layer Sec
CVE-2022-29188 (Smokescreen is an HTTP proxy. The primary use case for Smokescreen is ...)
NOT-FOR-US: Smokescreen
CVE-2022-29187 (Git is a distributed revision control system. Git prior to versions 2. ...)
+ {DLA-3239-1}
- git 1:2.37.2-1 (bug #1014848)
[bullseye] - git <no-dsa> (Minor issue)
NOTE: https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html
@@ -57490,8 +57631,8 @@ CVE-2022-27583 (A remote unprivileged attacker can interact with the configurati
NOT-FOR-US: Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2
CVE-2022-27582 (Password recovery vulnerability in SICK SICK SIM4000 (PPC) Partnumber ...)
NOT-FOR-US: SICK SICK SIM4000 (PPC) Partnumber 1078787
-CVE-2022-27581
- RESERVED
+CVE-2022-27581 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmwa ...)
+ TODO: check
CVE-2022-27580 (A deserialization vulnerability in a .NET framework class used and not ...)
NOT-FOR-US: SICK
CVE-2022-27579 (A deserialization vulnerability in a .NET framework class used and not ...)
@@ -57619,8 +57760,8 @@ CVE-2022-27520
RESERVED
CVE-2022-27519
RESERVED
-CVE-2022-27518
- RESERVED
+CVE-2022-27518 (Unauthenticated remote arbitrary code execution ...)
+ TODO: check
CVE-2022-27517
RESERVED
CVE-2022-27516 (User login brute force protection functionality bypass ...)
@@ -59736,12 +59877,12 @@ CVE-2022-26808 (Windows File Explorer Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-26807 (Windows Work Folder Service Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-26806
- RESERVED
-CVE-2022-26805
- RESERVED
-CVE-2022-26804
- RESERVED
+CVE-2022-26806 (Microsoft Office Graphics Remote Code Execution Vulnerability. This CV ...)
+ TODO: check
+CVE-2022-26805 (Microsoft Office Graphics Remote Code Execution Vulnerability. This CV ...)
+ TODO: check
+CVE-2022-26804 (Microsoft Office Graphics Remote Code Execution Vulnerability. This CV ...)
+ TODO: check
CVE-2022-26803 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
NOT-FOR-US: Microsoft
CVE-2022-26802 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
@@ -62811,10 +62952,10 @@ CVE-2022-25714
RESERVED
CVE-2022-25713
RESERVED
-CVE-2022-25712
- RESERVED
-CVE-2022-25711
- RESERVED
+CVE-2022-25712 (Memory corruption in camera due to buffer copy without checking size o ...)
+ TODO: check
+CVE-2022-25711 (Memory corruption in camera due to improper validation of array index ...)
+ TODO: check
CVE-2022-25710 (Denial of service due to null pointer dereference when GATT is disconn ...)
NOT-FOR-US: Snapdragon
CVE-2022-25709
@@ -62831,68 +62972,68 @@ CVE-2022-25704
RESERVED
CVE-2022-25703
RESERVED
-CVE-2022-25702
- RESERVED
+CVE-2022-25702 (Denial of service in modem due to reachable assertion while processing ...)
+ TODO: check
CVE-2022-25701
RESERVED
CVE-2022-25700
RESERVED
CVE-2022-25699
RESERVED
-CVE-2022-25698
- RESERVED
-CVE-2022-25697
- RESERVED
+CVE-2022-25698 (Memory corruption in SPI buses due to improper input validation while ...)
+ TODO: check
+CVE-2022-25697 (Memory corruption in i2c buses due to improper input validation while ...)
+ TODO: check
CVE-2022-25696 (Memory corruption in display due to time-of-check time-of-use race con ...)
NOT-FOR-US: Qualcomm
-CVE-2022-25695
- RESERVED
+CVE-2022-25695 (Memory corruption in MODEM due to Improper Validation of Array Index w ...)
+ TODO: check
CVE-2022-25694
RESERVED
CVE-2022-25693 (Memory corruption in graphics due to use-after-free while graphics pro ...)
NOT-FOR-US: Qualcomm
-CVE-2022-25692
- RESERVED
-CVE-2022-25691
- RESERVED
+CVE-2022-25692 (Denial of service in Modem due to reachable assertion while processing ...)
+ TODO: check
+CVE-2022-25691 (Denial of service in Modem due to reachable assertion while processing ...)
+ TODO: check
CVE-2022-25690 (Information disclosure in WLAN due to improper validation of array ind ...)
NOT-FOR-US: Qualcomm
-CVE-2022-25689
- RESERVED
+CVE-2022-25689 (Denial of service in Modem due to reachable assertion in Snapdragon Mo ...)
+ TODO: check
CVE-2022-25688 (Memory corruption in video due to buffer overflow while parsing ps vid ...)
NOT-FOR-US: Qualcomm
CVE-2022-25687 (memory corruption in video due to buffer overflow while parsing asf cl ...)
NOT-FOR-US: Snapdragon
CVE-2022-25686 (Memory corruption in video module due to buffer overflow while process ...)
NOT-FOR-US: Qualcomm
-CVE-2022-25685
- RESERVED
+CVE-2022-25685 (Denial of service in Modem module due to improper authorization while ...)
+ TODO: check
CVE-2022-25684
RESERVED
CVE-2022-25683
RESERVED
-CVE-2022-25682
- RESERVED
-CVE-2022-25681
- RESERVED
+CVE-2022-25682 (Memory corruption in MODEM UIM due to usage of out of range pointer of ...)
+ TODO: check
+CVE-2022-25681 (Possible memory corruption in kernel while performing memory access du ...)
+ TODO: check
CVE-2022-25680 (Memory corruption in multimedia due to buffer overflow while processin ...)
NOT-FOR-US: Snapdragon
CVE-2022-25679 (Denial of service in video due to improper access control in broadcast ...)
NOT-FOR-US: Snapdragon
CVE-2022-25678
RESERVED
-CVE-2022-25677
- RESERVED
+CVE-2022-25677 (Memory corruption in diag due to use after free while processing dci p ...)
+ TODO: check
CVE-2022-25676 (Information disclosure in video due to buffer over-read while parsing ...)
NOT-FOR-US: Snapdragon
-CVE-2022-25675
- RESERVED
+CVE-2022-25675 (Denial of service due to reachable assertion in modem while processing ...)
+ TODO: check
CVE-2022-25674 (Cryptographic issues in WLAN during the group key handshake of the WPA ...)
NOT-FOR-US: Snapdragon
-CVE-2022-25673
- RESERVED
-CVE-2022-25672
- RESERVED
+CVE-2022-25673 (Denial of service in MODEM due to reachable assertion while processing ...)
+ TODO: check
+CVE-2022-25672 (Denial of service in MODEM due to reachable assertion while processing ...)
+ TODO: check
CVE-2022-25671 (Denial of service in MODEM due to reachable assertion in Snapdragon Mo ...)
NOT-FOR-US: Snapdragon
CVE-2022-25670 (Denial of service in WLAN HOST due to buffer over read while unpacking ...)
@@ -63085,7 +63226,7 @@ CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/2
NOTE: https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
-CVE-2022-25622 (A vulnerability has been identified in SIMATIC CFU DIQ, SIMATIC CFU PA ...)
+CVE-2022-25622 (A vulnerability has been identified in SIMATIC CFU DIQ (All versions), ...)
NOT-FOR-US: Siemens
CVE-2022-25621 (UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and ...)
NOT-FOR-US: UUNIVERGE
@@ -65651,6 +65792,7 @@ CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy.
NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3
NOTE: https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b (v8.0.0)
CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific patches. ...)
+ {DLA-3239-1}
- git 1:2.35.2-1
[bullseye] - git <no-dsa> (Minor issue)
[stretch] - git <no-dsa> (Minor issue)
@@ -66609,8 +66751,8 @@ CVE-2022-24482 (Windows ALPC Elevation of Privilege Vulnerability. This CVE ID i
NOT-FOR-US: Microsoft
CVE-2022-24481 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-24480
- RESERVED
+CVE-2022-24480 (Outlook for Android Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-24479 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...)
NOT-FOR-US: Microsoft
CVE-2022-24478
@@ -70173,8 +70315,8 @@ CVE-2022-23525
RESERVED
CVE-2022-23524
RESERVED
-CVE-2022-23523
- RESERVED
+CVE-2022-23523 (In versions prior to 0.8.1, the linux-loader crate uses the offsets an ...)
+ TODO: check
CVE-2022-23522
RESERVED
CVE-2022-23521
@@ -79940,12 +80082,12 @@ CVE-2021-44697 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlie
NOT-FOR-US: Adobe
CVE-2021-44696
RESERVED
-CVE-2021-44695
- RESERVED
-CVE-2021-44694
- RESERVED
-CVE-2021-44693
- RESERVED
+CVE-2021-44695 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ TODO: check
+CVE-2021-44694 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ TODO: check
+CVE-2021-44693 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ TODO: check
CVE-2021-4079 (Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 a ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
@@ -88458,8 +88600,8 @@ CVE-2021-3888 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...)
NOTE: https://github.com/bfabiszewski/libmobi/commit/c78e186739b50d156cb3da5d08d70294f0490853 (v0.8)
CVE-2021-3887
REJECTED
-CVE-2022-20611
- RESERVED
+CVE-2022-20611 (In deletePackageVersionedInternal of DeletePackageHelper.java, there i ...)
+ TODO: check
CVE-2022-20610
RESERVED
CVE-2022-20609
@@ -88689,80 +88831,80 @@ CVE-2022-20504
RESERVED
CVE-2022-20503
RESERVED
-CVE-2022-20502
- RESERVED
-CVE-2022-20501
- RESERVED
-CVE-2022-20500
- RESERVED
+CVE-2022-20502 (In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible us ...)
+ TODO: check
+CVE-2022-20501 (In onCreate of EnableAccountPreferenceActivity.java, there is a possib ...)
+ TODO: check
+CVE-2022-20500 (In loadFromXml of ShortcutPackage.java, there is a possible crash on b ...)
+ TODO: check
CVE-2022-20499
RESERVED
-CVE-2022-20498
- RESERVED
-CVE-2022-20497
- RESERVED
-CVE-2022-20496
- RESERVED
-CVE-2022-20495
- RESERVED
+CVE-2022-20498 (In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bou ...)
+ TODO: check
+CVE-2022-20497 (In updatePublicMode of NotificationLockscreenUserManagerImpl.java, the ...)
+ TODO: check
+CVE-2022-20496 (In setDataSource of initMediaExtractor.cpp, there is a possibility of ...)
+ TODO: check
+CVE-2022-20495 (In getEnabledAccessibilityServiceList of AccessibilityManager.java, th ...)
+ TODO: check
CVE-2022-20494
RESERVED
CVE-2022-20493
RESERVED
CVE-2022-20492
RESERVED
-CVE-2022-20491
- RESERVED
+CVE-2022-20491 (In NotificationChannel of NotificationChannel.java, there is a possibl ...)
+ TODO: check
CVE-2022-20490
RESERVED
CVE-2022-20489
RESERVED
-CVE-2022-20488
- RESERVED
-CVE-2022-20487
- RESERVED
-CVE-2022-20486
- RESERVED
-CVE-2022-20485
- RESERVED
-CVE-2022-20484
- RESERVED
-CVE-2022-20483
- RESERVED
-CVE-2022-20482
- RESERVED
+CVE-2022-20488 (In NotificationChannel of NotificationChannel.java, there is a possibl ...)
+ TODO: check
+CVE-2022-20487 (In NotificationChannel of NotificationChannel.java, there is a possibl ...)
+ TODO: check
+CVE-2022-20486 (In NotificationChannel of NotificationChannel.java, there is a possibl ...)
+ TODO: check
+CVE-2022-20485 (In NotificationChannel of NotificationChannel.java, there is a possibl ...)
+ TODO: check
+CVE-2022-20484 (In NotificationChannel of NotificationChannel.java, there is a possibl ...)
+ TODO: check
+CVE-2022-20483 (In several functions that parse avrc response in avrc_pars_ct.cc and r ...)
+ TODO: check
+CVE-2022-20482 (In createNotificationChannel of NotificationManager.java, there is a p ...)
+ TODO: check
CVE-2022-20481
RESERVED
-CVE-2022-20480
- RESERVED
-CVE-2022-20479
- RESERVED
-CVE-2022-20478
- RESERVED
-CVE-2022-20477
- RESERVED
-CVE-2022-20476
- RESERVED
-CVE-2022-20475
- RESERVED
-CVE-2022-20474
- RESERVED
-CVE-2022-20473
- RESERVED
-CVE-2022-20472
- RESERVED
-CVE-2022-20471
- RESERVED
-CVE-2022-20470
- RESERVED
-CVE-2022-20469
- RESERVED
-CVE-2022-20468
- RESERVED
+CVE-2022-20480 (In NotificationChannel of NotificationChannel.java, there is a possibl ...)
+ TODO: check
+CVE-2022-20479 (In NotificationChannel of NotificationChannel.java, there is a possibl ...)
+ TODO: check
+CVE-2022-20478 (In NotificationChannel of NotificationChannel.java, there is a possibl ...)
+ TODO: check
+CVE-2022-20477 (In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt ...)
+ TODO: check
+CVE-2022-20476 (In setEnabledSetting of PackageManager.java, there is a possible way t ...)
+ TODO: check
+CVE-2022-20475 (In test of ResetTargetTaskHelper.java, there is a possible hijacking o ...)
+ TODO: check
+CVE-2022-20474 (In readLazyValue of Parcel.java, there is a possible loading of arbitr ...)
+ TODO: check
+CVE-2022-20473 (In toLanguageTag of LocaleListCache.cpp, there is a possible out of bo ...)
+ TODO: check
+CVE-2022-20472 (In toLanguageTag of LocaleListCache.cpp, there is a possible out of bo ...)
+ TODO: check
+CVE-2022-20471 (In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible o ...)
+ TODO: check
+CVE-2022-20470 (In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a pos ...)
+ TODO: check
+CVE-2022-20469 (In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of b ...)
+ TODO: check
+CVE-2022-20468 (In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds ...)
+ TODO: check
CVE-2022-20467
RESERVED
-CVE-2022-20466
- RESERVED
+CVE-2022-20466 (In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, t ...)
+ TODO: check
CVE-2022-20465 (In dismiss and related functions of KeyguardHostViewController.java an ...)
NOT-FOR-US: Android
CVE-2022-20464 (In various functions of ap_input_processor.c, there is a possible way ...)
@@ -88795,8 +88937,8 @@ CVE-2022-20451 (In onCallRedirectionComplete of CallsManager.java, there is a po
NOT-FOR-US: Android
CVE-2022-20450 (In restorePermissionState of PermissionManagerServiceImpl.java, there ...)
NOT-FOR-US: Android
-CVE-2022-20449
- RESERVED
+CVE-2022-20449 (In writeApplicationRestrictionsLAr of UserManagerService.java, there i ...)
+ TODO: check
CVE-2022-20448 (In buzzBeepBlinkLocked of NotificationManagerService.java, there is a ...)
NOT-FOR-US: Android
CVE-2022-20447 (In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read ...)
@@ -88805,12 +88947,12 @@ CVE-2022-20446 (In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, ther
NOT-FOR-US: Android
CVE-2022-20445 (In process_service_search_rsp of sdp_discovery.cc, there is a possible ...)
NOT-FOR-US: Android
-CVE-2022-20444
- RESERVED
+CVE-2022-20444 (In several functions of inputDispatcher.cpp, there is a possible way t ...)
+ TODO: check
CVE-2022-20443
RESERVED
-CVE-2022-20442
- RESERVED
+CVE-2022-20442 (In onCreate of ReviewPermissionsActivity.java, there is a possible way ...)
+ TODO: check
CVE-2022-20441 (In navigateUpTo of Task.java, there is a possible way to launch an une ...)
NOT-FOR-US: Android
CVE-2022-20440 (In Messaging, There has unauthorized broadcast, this could cause Local ...)
@@ -88884,8 +89026,8 @@ CVE-2022-20413 (In start of Threads.cpp, there is a possible way to record audio
NOT-FOR-US: Android
CVE-2022-20412 (In fdt_next_tag of fdt.c, there is a possible out of bounds read due t ...)
NOT-FOR-US: Android
-CVE-2022-20411
- RESERVED
+CVE-2022-20411 (In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds wr ...)
+ TODO: check
CVE-2022-20410 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible o ...)
NOT-FOR-US: Android
CVE-2022-20409 (In io_identity_cow of io_uring.c, there is a possible way to corrupt m ...)
@@ -89235,8 +89377,8 @@ CVE-2022-20242 (In Telephony, there is a possible way to determine whether an ap
NOT-FOR-US: Android
CVE-2022-20241 (In Messaging, there is a possible way to attach a private file to an S ...)
NOT-FOR-US: Android
-CVE-2022-20240
- RESERVED
+CVE-2022-20240 (In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a p ...)
+ TODO: check
CVE-2022-20239 (remap_pfn_range' here may map out of size kernel memory (for example, ...)
NOT-FOR-US: Unisoc
CVE-2022-20238 ('remap_pfn_range' here may map out of size kernel memory (for example, ...)
@@ -95327,8 +95469,8 @@ CVE-2021-40367
RESERVED
CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...)
NOT-FOR-US: Siemens
-CVE-2021-40365
- RESERVED
+CVE-2021-40365 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ TODO: check
CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...)
NOT-FOR-US: Siemens
CVE-2021-40363 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...)
@@ -96987,8 +97129,8 @@ CVE-2021-39662 (In checkUriPermission of MediaProvider.java , there is a possibl
NOT-FOR-US: Android
CVE-2021-39661 (In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, the ...)
NOT-FOR-US: Android
-CVE-2021-39660
- RESERVED
+CVE-2021-39660 (In TBD of TBD, there is a possible way to archive arbitrary code execu ...)
+ TODO: check
CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, ...)
NOT-FOR-US: Android
CVE-2021-39658 (ismsEx service is a vendor service in unisoc equipment。ismsEx s ...)
@@ -97095,8 +97237,8 @@ CVE-2021-39619 (In updatePackageMappingsData of UsageStatsService.java, there is
NOT-FOR-US: Android
CVE-2021-39618 (In multiple methods of EuiccNotificationManager.java, there is a possi ...)
NOT-FOR-US: Android
-CVE-2021-39617
- RESERVED
+CVE-2021-39617 (In the user interface buttons of PermissionController, there is a poss ...)
+ TODO: check
CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 ...)
NOT-FOR-US: Android
CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker ...)
@@ -103338,7 +103480,7 @@ CVE-2021-37211 (The bulletin function of Flygo does not filter special character
NOT-FOR-US: Flygo
CVE-2021-37210
RESERVED
-CVE-2021-37209 (A vulnerability has been identified in RUGGEDCOM ROS M2100, RUGGEDCOM ...)
+CVE-2021-37209 (A vulnerability has been identified in RUGGEDCOM ROS RMC30 V4.X (All v ...)
NOT-FOR-US: Siemens
CVE-2021-37208 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
NOT-FOR-US: Siemens
@@ -115185,8 +115327,8 @@ CVE-2021-32417
RESERVED
CVE-2021-32416
RESERVED
-CVE-2021-32415
- RESERVED
+CVE-2021-32415 (EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since versio ...)
+ TODO: check
CVE-2021-32414
RESERVED
CVE-2021-32413
@@ -148073,7 +148215,7 @@ CVE-2020-35512 (A use-after-free flaw was found in D-Bus Development branch <
NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60 (dbus-1.12.20)
NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd (dbus-1.10.32)
CVE-2020-35511 (A global buffer overflow was discovered in pngcheck function in pngche ...)
- {DSA-5300-1}
+ {DSA-5300-1 DLA-3238-1}
- pngcheck 3.0.2-2 (bug #1021278)
NOTE: http://www.libpng.org/pub/png/apps/pngcheck.html
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1202662#c2
@@ -155429,7 +155571,7 @@ CVE-2020-28397 (A vulnerability has been identified in SIMATIC Drive Controller
NOT-FOR-US: Siemens
CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 (All versio ...)
NOT-FOR-US: Siemens
-CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...)
+CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-200RNA switch family ...)
NOT-FOR-US: Siemens
CVE-2020-28394 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
NOT-FOR-US: Siemens
@@ -155443,7 +155585,7 @@ CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core (
NOT-FOR-US: Siemens
CVE-2020-28389
RESERVED
-CVE-2020-28388 (A vulnerability has been identified in Capital VSTAR (All versions), N ...)
+CVE-2020-28388 (A vulnerability has been identified in APOGEE PXC Series (BACnet) (All ...)
NOT-FOR-US: Siemens
CVE-2020-28387 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
NOT-FOR-US: Siemens
@@ -155842,8 +155984,8 @@ CVE-2021-0935 (In ip6_xmit of ip6_output.c, there is a possible out of bounds wr
NOTE: https://git.kernel.org/linus/2f987a76a97773beafbc615b9c4d8fe79129a7f4
NOTE: https://git.kernel.org/linus/b954f94023dcc61388c8384f0f14eb8e42c863c5
NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
-CVE-2021-0934
- RESERVED
+CVE-2021-0934 (In findAllDeAccounts of AccountsDb.java, there is a possible denial of ...)
+ TODO: check
CVE-2021-0933 (In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.j ...)
NOT-FOR-US: Android
CVE-2021-0932 (In showNotification of NavigationModeController.java, there is a possi ...)
@@ -245572,7 +245714,7 @@ CVE-2019-13935 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: Siemens
CVE-2019-13934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Siemens
-CVE-2019-13933 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...)
+CVE-2019-13933 (A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANC ...)
NOT-FOR-US: Siemens
CVE-2019-13932 (A vulnerability has been identified in XHQ (All versions < V6.0.0.2 ...)
NOT-FOR-US: Siemens
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c13a72a82438355376c1df4535386d957fe2d386
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c13a72a82438355376c1df4535386d957fe2d386
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221213/1187a11b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list