[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 21 08:10:26 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e47d9609 by security tracker role at 2022-12-21T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,661 @@
-CVE-2022-47579
+CVE-2023-22381
+ RESERVED
+CVE-2023-22380
+ RESERVED
+CVE-2023-22373
+ RESERVED
+CVE-2023-22339
+ RESERVED
+CVE-2023-22334
+ RESERVED
+CVE-2023-22331
+ RESERVED
+CVE-2023-0020
+ RESERVED
+CVE-2023-0019
+ RESERVED
+CVE-2023-0018
+ RESERVED
+CVE-2023-0017
+ RESERVED
+CVE-2022-47890
+ RESERVED
+CVE-2022-47889
+ RESERVED
+CVE-2022-47888
+ RESERVED
+CVE-2022-47887
+ RESERVED
+CVE-2022-47886
+ RESERVED
+CVE-2022-47885
+ RESERVED
+CVE-2022-47884
+ RESERVED
+CVE-2022-47883
+ RESERVED
+CVE-2022-47882
+ RESERVED
+CVE-2022-47881
+ RESERVED
+CVE-2022-47880
+ RESERVED
+CVE-2022-47879
+ RESERVED
+CVE-2022-47878
+ RESERVED
+CVE-2022-47877
+ RESERVED
+CVE-2022-47876
+ RESERVED
+CVE-2022-47875
+ RESERVED
+CVE-2022-47874
+ RESERVED
+CVE-2022-47873
+ RESERVED
+CVE-2022-47872
+ RESERVED
+CVE-2022-47871
+ RESERVED
+CVE-2022-47870
+ RESERVED
+CVE-2022-47869
+ RESERVED
+CVE-2022-47868
+ RESERVED
+CVE-2022-47867
+ RESERVED
+CVE-2022-47866
+ RESERVED
+CVE-2022-47865
+ RESERVED
+CVE-2022-47864
+ RESERVED
+CVE-2022-47863
+ RESERVED
+CVE-2022-47862
+ RESERVED
+CVE-2022-47861
+ RESERVED
+CVE-2022-47860
+ RESERVED
+CVE-2022-47859
+ RESERVED
+CVE-2022-47858
+ RESERVED
+CVE-2022-47857
+ RESERVED
+CVE-2022-47856
+ RESERVED
+CVE-2022-47855
+ RESERVED
+CVE-2022-47854
+ RESERVED
+CVE-2022-47853
+ RESERVED
+CVE-2022-47852
+ RESERVED
+CVE-2022-47851
+ RESERVED
+CVE-2022-47850
+ RESERVED
+CVE-2022-47849
+ RESERVED
+CVE-2022-47848
+ RESERVED
+CVE-2022-47847
+ RESERVED
+CVE-2022-47846
+ RESERVED
+CVE-2022-47845
+ RESERVED
+CVE-2022-47844
+ RESERVED
+CVE-2022-47843
+ RESERVED
+CVE-2022-47842
+ RESERVED
+CVE-2022-47841
+ RESERVED
+CVE-2022-47840
+ RESERVED
+CVE-2022-47839
+ RESERVED
+CVE-2022-47838
+ RESERVED
+CVE-2022-47837
+ RESERVED
+CVE-2022-47836
+ RESERVED
+CVE-2022-47835
+ RESERVED
+CVE-2022-47834
+ RESERVED
+CVE-2022-47833
+ RESERVED
+CVE-2022-47832
+ RESERVED
+CVE-2022-47831
+ RESERVED
+CVE-2022-47830
+ RESERVED
+CVE-2022-47829
+ RESERVED
+CVE-2022-47828
+ RESERVED
+CVE-2022-47827
+ RESERVED
+CVE-2022-47826
+ RESERVED
+CVE-2022-47825
+ RESERVED
+CVE-2022-47824
+ RESERVED
+CVE-2022-47823
+ RESERVED
+CVE-2022-47822
+ RESERVED
+CVE-2022-47821
+ RESERVED
+CVE-2022-47820
+ RESERVED
+CVE-2022-47819
+ RESERVED
+CVE-2022-47818
+ RESERVED
+CVE-2022-47817
+ RESERVED
+CVE-2022-47816
+ RESERVED
+CVE-2022-47815
+ RESERVED
+CVE-2022-47814
+ RESERVED
+CVE-2022-47813
+ RESERVED
+CVE-2022-47812
+ RESERVED
+CVE-2022-47811
+ RESERVED
+CVE-2022-47810
+ RESERVED
+CVE-2022-47809
+ RESERVED
+CVE-2022-47808
+ RESERVED
+CVE-2022-47807
+ RESERVED
+CVE-2022-47806
+ RESERVED
+CVE-2022-47805
+ RESERVED
+CVE-2022-47804
+ RESERVED
+CVE-2022-47803
+ RESERVED
+CVE-2022-47802
+ RESERVED
+CVE-2022-47801
+ RESERVED
+CVE-2022-47800
+ RESERVED
+CVE-2022-47799
+ RESERVED
+CVE-2022-47798
+ RESERVED
+CVE-2022-47797
+ RESERVED
+CVE-2022-47796
+ RESERVED
+CVE-2022-47795
+ RESERVED
+CVE-2022-47794
+ RESERVED
+CVE-2022-47793
+ RESERVED
+CVE-2022-47792
+ RESERVED
+CVE-2022-47791
+ RESERVED
+CVE-2022-47790
+ RESERVED
+CVE-2022-47789
+ RESERVED
+CVE-2022-47788
+ RESERVED
+CVE-2022-47787
+ RESERVED
+CVE-2022-47786
+ RESERVED
+CVE-2022-47785
+ RESERVED
+CVE-2022-47784
+ RESERVED
+CVE-2022-47783
+ RESERVED
+CVE-2022-47782
+ RESERVED
+CVE-2022-47781
+ RESERVED
+CVE-2022-47780
+ RESERVED
+CVE-2022-47779
+ RESERVED
+CVE-2022-47778
+ RESERVED
+CVE-2022-47777
+ RESERVED
+CVE-2022-47776
+ RESERVED
+CVE-2022-47775
+ RESERVED
+CVE-2022-47774
+ RESERVED
+CVE-2022-47773
+ RESERVED
+CVE-2022-47772
+ RESERVED
+CVE-2022-47771
+ RESERVED
+CVE-2022-47770
+ RESERVED
+CVE-2022-47769
+ RESERVED
+CVE-2022-47768
RESERVED
-CVE-2022-47578
+CVE-2022-47767
+ RESERVED
+CVE-2022-47766
+ RESERVED
+CVE-2022-47765
+ RESERVED
+CVE-2022-47764
+ RESERVED
+CVE-2022-47763
+ RESERVED
+CVE-2022-47762
+ RESERVED
+CVE-2022-47761
+ RESERVED
+CVE-2022-47760
+ RESERVED
+CVE-2022-47759
+ RESERVED
+CVE-2022-47758
+ RESERVED
+CVE-2022-47757
+ RESERVED
+CVE-2022-47756
+ RESERVED
+CVE-2022-47755
+ RESERVED
+CVE-2022-47754
+ RESERVED
+CVE-2022-47753
+ RESERVED
+CVE-2022-47752
+ RESERVED
+CVE-2022-47751
+ RESERVED
+CVE-2022-47750
+ RESERVED
+CVE-2022-47749
+ RESERVED
+CVE-2022-47748
+ RESERVED
+CVE-2022-47747
+ RESERVED
+CVE-2022-47746
+ RESERVED
+CVE-2022-47745
+ RESERVED
+CVE-2022-47744
+ RESERVED
+CVE-2022-47743
+ RESERVED
+CVE-2022-47742
+ RESERVED
+CVE-2022-47741
+ RESERVED
+CVE-2022-47740
+ RESERVED
+CVE-2022-47739
+ RESERVED
+CVE-2022-47738
+ RESERVED
+CVE-2022-47737
+ RESERVED
+CVE-2022-47736
+ RESERVED
+CVE-2022-47735
+ RESERVED
+CVE-2022-47734
+ RESERVED
+CVE-2022-47733
+ RESERVED
+CVE-2022-47732
+ RESERVED
+CVE-2022-47731
+ RESERVED
+CVE-2022-47730
+ RESERVED
+CVE-2022-47729
+ RESERVED
+CVE-2022-47728
+ RESERVED
+CVE-2022-47727
+ RESERVED
+CVE-2022-47726
+ RESERVED
+CVE-2022-47725
+ RESERVED
+CVE-2022-47724
+ RESERVED
+CVE-2022-47723
+ RESERVED
+CVE-2022-47722
+ RESERVED
+CVE-2022-47721
+ RESERVED
+CVE-2022-47720
+ RESERVED
+CVE-2022-47719
+ RESERVED
+CVE-2022-47718
+ RESERVED
+CVE-2022-47717
+ RESERVED
+CVE-2022-47716
+ RESERVED
+CVE-2022-47715
+ RESERVED
+CVE-2022-47714
+ RESERVED
+CVE-2022-47713
+ RESERVED
+CVE-2022-47712
+ RESERVED
+CVE-2022-47711
+ RESERVED
+CVE-2022-47710
+ RESERVED
+CVE-2022-47709
+ RESERVED
+CVE-2022-47708
+ RESERVED
+CVE-2022-47707
+ RESERVED
+CVE-2022-47706
+ RESERVED
+CVE-2022-47705
+ RESERVED
+CVE-2022-47704
+ RESERVED
+CVE-2022-47703
+ RESERVED
+CVE-2022-47702
+ RESERVED
+CVE-2022-47701
+ RESERVED
+CVE-2022-47700
+ RESERVED
+CVE-2022-47699
+ RESERVED
+CVE-2022-47698
+ RESERVED
+CVE-2022-47697
+ RESERVED
+CVE-2022-47696
+ RESERVED
+CVE-2022-47695
+ RESERVED
+CVE-2022-47694
+ RESERVED
+CVE-2022-47693
+ RESERVED
+CVE-2022-47692
+ RESERVED
+CVE-2022-47691
+ RESERVED
+CVE-2022-47690
+ RESERVED
+CVE-2022-47689
+ RESERVED
+CVE-2022-47688
+ RESERVED
+CVE-2022-47687
+ RESERVED
+CVE-2022-47686
+ RESERVED
+CVE-2022-47685
+ RESERVED
+CVE-2022-47684
+ RESERVED
+CVE-2022-47683
+ RESERVED
+CVE-2022-47682
+ RESERVED
+CVE-2022-47681
+ RESERVED
+CVE-2022-47680
+ RESERVED
+CVE-2022-47679
+ RESERVED
+CVE-2022-47678
+ RESERVED
+CVE-2022-47677
+ RESERVED
+CVE-2022-47676
+ RESERVED
+CVE-2022-47675
+ RESERVED
+CVE-2022-47674
+ RESERVED
+CVE-2022-47673
+ RESERVED
+CVE-2022-47672
+ RESERVED
+CVE-2022-47671
+ RESERVED
+CVE-2022-47670
+ RESERVED
+CVE-2022-47669
+ RESERVED
+CVE-2022-47668
+ RESERVED
+CVE-2022-47667
+ RESERVED
+CVE-2022-47666
+ RESERVED
+CVE-2022-47665
+ RESERVED
+CVE-2022-47664
+ RESERVED
+CVE-2022-47663
+ RESERVED
+CVE-2022-47662
+ RESERVED
+CVE-2022-47661
+ RESERVED
+CVE-2022-47660
+ RESERVED
+CVE-2022-47659
+ RESERVED
+CVE-2022-47658
+ RESERVED
+CVE-2022-47657
+ RESERVED
+CVE-2022-47656
+ RESERVED
+CVE-2022-47655
+ RESERVED
+CVE-2022-47654
+ RESERVED
+CVE-2022-47653
+ RESERVED
+CVE-2022-47652
+ RESERVED
+CVE-2022-47651
+ RESERVED
+CVE-2022-47650
+ RESERVED
+CVE-2022-47649
+ RESERVED
+CVE-2022-47648
+ RESERVED
+CVE-2022-47647
+ RESERVED
+CVE-2022-47646
+ RESERVED
+CVE-2022-47645
+ RESERVED
+CVE-2022-47644
+ RESERVED
+CVE-2022-47643
+ RESERVED
+CVE-2022-47642
+ RESERVED
+CVE-2022-47641
+ RESERVED
+CVE-2022-47640
+ RESERVED
+CVE-2022-47639
+ RESERVED
+CVE-2022-47638
+ RESERVED
+CVE-2022-47637
+ RESERVED
+CVE-2022-47636
+ RESERVED
+CVE-2022-47635 (Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS ...)
+ TODO: check
+CVE-2022-47634
RESERVED
-CVE-2022-47577
+CVE-2022-47633
RESERVED
+CVE-2022-47632
+ RESERVED
+CVE-2022-47631
+ RESERVED
+CVE-2022-47630
+ RESERVED
+CVE-2022-47628
+ RESERVED
+CVE-2022-47627
+ RESERVED
+CVE-2022-47626
+ RESERVED
+CVE-2022-47625
+ RESERVED
+CVE-2022-47624
+ RESERVED
+CVE-2022-47623
+ RESERVED
+CVE-2022-47622
+ RESERVED
+CVE-2022-47621
+ RESERVED
+CVE-2022-47620
+ RESERVED
+CVE-2022-47619
+ RESERVED
+CVE-2022-47618
+ RESERVED
+CVE-2022-47617
+ RESERVED
+CVE-2022-47616
+ RESERVED
+CVE-2022-47615
+ RESERVED
+CVE-2022-47614
+ RESERVED
+CVE-2022-47613
+ RESERVED
+CVE-2022-47612
+ RESERVED
+CVE-2022-47611
+ RESERVED
+CVE-2022-47610
+ RESERVED
+CVE-2022-47609
+ RESERVED
+CVE-2022-47608
+ RESERVED
+CVE-2022-47607
+ RESERVED
+CVE-2022-47606
+ RESERVED
+CVE-2022-47605
+ RESERVED
+CVE-2022-47604
+ RESERVED
+CVE-2022-47603
+ RESERVED
+CVE-2022-47602
+ RESERVED
+CVE-2022-47601
+ RESERVED
+CVE-2022-47600
+ RESERVED
+CVE-2022-47599
+ RESERVED
+CVE-2022-47598
+ RESERVED
+CVE-2022-47597
+ RESERVED
+CVE-2022-47596
+ RESERVED
+CVE-2022-47595
+ RESERVED
+CVE-2022-47594
+ RESERVED
+CVE-2022-47593
+ RESERVED
+CVE-2022-47592
+ RESERVED
+CVE-2022-47591
+ RESERVED
+CVE-2022-47590
+ RESERVED
+CVE-2022-47589
+ RESERVED
+CVE-2022-47588
+ RESERVED
+CVE-2022-47587
+ RESERVED
+CVE-2022-47586
+ RESERVED
+CVE-2022-47585
+ RESERVED
+CVE-2022-47584
+ RESERVED
+CVE-2022-47583
+ RESERVED
+CVE-2022-47582
+ RESERVED
+CVE-2022-47581
+ RESERVED
+CVE-2022-47580
+ RESERVED
+CVE-2022-4622
+ RESERVED
+CVE-2022-4621
+ RESERVED
+CVE-2022-4620
+ RESERVED
+CVE-2022-4619 (The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2022-4618
+ RESERVED
+CVE-2022-4617 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
+ TODO: check
+CVE-2022-47579
+ RESERVED
+CVE-2022-47578 (An issue was discovered in the endpoint protection agent in Zoho Manag ...)
+ TODO: check
+CVE-2022-47577 (An issue was discovered in the endpoint protection agent in Zoho Manag ...)
+ TODO: check
CVE-2022-4616
RESERVED
CVE-2023-22275
@@ -1275,7 +1927,7 @@ CVE-2023-21774
CVE-2022-4580
RESERVED
CVE-2022-4579
- RESERVED
+ REJECTED
CVE-2022-4578
RESERVED
CVE-2022-4577
@@ -1590,8 +2242,7 @@ CVE-2022-4517
CVE-2022-4516
RESERVED
NOT-FOR-US: OpenShift
-CVE-2022-4515
- RESERVED
+CVE-2022-4515 (A flaw was found in Exuberant Ctags in the way it handles the "-o" opt ...)
- exuberant-ctags <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2153519
CVE-2022-4514 (A vulnerability, which was classified as problematic, was found in Ope ...)
@@ -3056,16 +3707,16 @@ CVE-2022-46916
RESERVED
CVE-2022-46915
RESERVED
-CVE-2022-46914
- RESERVED
+CVE-2022-46914 (An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA80 ...)
+ TODO: check
CVE-2022-46913
RESERVED
-CVE-2022-46912
- RESERVED
+CVE-2022-46912 (An issue in the firmware update process of TP-Link TL-WR841N / TL-WA84 ...)
+ TODO: check
CVE-2022-46911
RESERVED
-CVE-2022-46910
- RESERVED
+CVE-2022-46910 (An issue in the firmware update process of TP-Link TL-WA901ND V1 up to ...)
+ TODO: check
CVE-2022-46909
RESERVED
CVE-2022-4429
@@ -3408,7 +4059,7 @@ CVE-2022-4376
RESERVED
CVE-2022-4378
RESERVED
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
NOTE: https://www.openwall.com/lists/oss-security/2022/12/09/1
@@ -3608,8 +4259,8 @@ CVE-2022-46773
RESERVED
CVE-2022-46772
RESERVED
-CVE-2022-46771
- RESERVED
+CVE-2022-46771 (IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7 ...)
+ TODO: check
CVE-2022-46770 (qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through ...)
NOT-FOR-US: qubes-mirage-firewall
CVE-2022-46769
@@ -4251,50 +4902,50 @@ CVE-2022-46553
RESERVED
CVE-2022-46552
RESERVED
-CVE-2022-46551
- RESERVED
-CVE-2022-46550
- RESERVED
-CVE-2022-46549
- RESERVED
-CVE-2022-46548
- RESERVED
-CVE-2022-46547
- RESERVED
-CVE-2022-46546
- RESERVED
-CVE-2022-46545
- RESERVED
-CVE-2022-46544
- RESERVED
-CVE-2022-46543
- RESERVED
-CVE-2022-46542
- RESERVED
-CVE-2022-46541
- RESERVED
-CVE-2022-46540
- RESERVED
-CVE-2022-46539
- RESERVED
-CVE-2022-46538
- RESERVED
-CVE-2022-46537
- RESERVED
-CVE-2022-46536
- RESERVED
-CVE-2022-46535
- RESERVED
-CVE-2022-46534
- RESERVED
-CVE-2022-46533
- RESERVED
-CVE-2022-46532
- RESERVED
-CVE-2022-46531
- RESERVED
-CVE-2022-46530
- RESERVED
+CVE-2022-46551 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46550 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46549 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46548 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46547 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46546 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46545 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46544 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46543 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46542 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46541 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46540 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46539 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46538 (Tenda F1203 V2.0.1.6 was discovered to contain a command injection vul ...)
+ TODO: check
+CVE-2022-46537 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46536 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46535 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46534 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46533 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46532 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46531 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2022-46530 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
CVE-2022-46529
RESERVED
CVE-2022-46528
@@ -4483,34 +5134,34 @@ CVE-2022-46437
RESERVED
CVE-2022-46436
RESERVED
-CVE-2022-46435
- RESERVED
-CVE-2022-46434
- RESERVED
+CVE-2022-46435 (An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up ...)
+ TODO: check
+CVE-2022-46434 (An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12 ...)
+ TODO: check
CVE-2022-46433
RESERVED
-CVE-2022-46432
- RESERVED
+CVE-2022-46432 (An exploitable firmware modification vulnerability was discovered on T ...)
+ TODO: check
CVE-2022-46431
RESERVED
-CVE-2022-46430
- RESERVED
+CVE-2022-46430 (TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated a ...)
+ TODO: check
CVE-2022-46429
RESERVED
-CVE-2022-46428
- RESERVED
+CVE-2022-46428 (TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attack ...)
+ TODO: check
CVE-2022-46427
RESERVED
CVE-2022-46426
RESERVED
CVE-2022-46425
RESERVED
-CVE-2022-46424
- RESERVED
-CVE-2022-46423
- RESERVED
-CVE-2022-46422
- RESERVED
+CVE-2022-46424 (An exploitable firmware modification vulnerability was discovered on t ...)
+ TODO: check
+CVE-2022-46423 (An exploitable firmware modification vulnerability was discovered on t ...)
+ TODO: check
+CVE-2022-46422 (An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticate ...)
+ TODO: check
CVE-2022-43486 (Hidden functionality vulnerability in Buffalo network devices WSR-3200 ...)
NOT-FOR-US: Buffalo network devices
CVE-2022-43466 (Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, W ...)
@@ -4537,8 +5188,8 @@ CVE-2022-4289
RESERVED
CVE-2022-4288
RESERVED
-CVE-2022-4287
- RESERVED
+CVE-2022-4287 (Authentication bypass in local application lock feature in Devolutions ...)
+ TODO: check
CVE-2022-4286
RESERVED
CVE-2022-4285
@@ -4557,8 +5208,7 @@ CVE-2022-4283 (A vulnerability was found in X.Org. This security flaw occurs bec
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/ccdd431cd8f1cabae9d744f0514b6533c438908c
CVE-2022-4282 (A vulnerability was found in SpringBootCMS and classified as critical. ...)
NOT-FOR-US: SpringBootCMS
-CVE-2022-46421
- RESERVED
+CVE-2022-46421 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
NOT-FOR-US: Airflow Hive provider
CVE-2022-4281 (A vulnerability has been found in Facepay 1.0 and classified as critic ...)
NOT-FOR-US: Facepay
@@ -5122,44 +5772,44 @@ CVE-2022-46333 (The admin user interface in Proofpoint Enterprise Protection (PP
NOT-FOR-US: Proofpoint
CVE-2022-46332 (The Admin Smart Search feature in Proofpoint Enterprise Protection (PP ...)
NOT-FOR-US: Proofpoint
-CVE-2022-46328
- RESERVED
-CVE-2022-46327
- RESERVED
-CVE-2022-46326
- RESERVED
-CVE-2022-46325
- RESERVED
-CVE-2022-46324
- RESERVED
-CVE-2022-46323
- RESERVED
-CVE-2022-46322
- RESERVED
-CVE-2022-46321
- RESERVED
-CVE-2022-46320
- RESERVED
-CVE-2022-46319
- RESERVED
-CVE-2022-46318
- RESERVED
-CVE-2022-46317
- RESERVED
-CVE-2022-46316
- RESERVED
-CVE-2022-46315
- RESERVED
-CVE-2022-46314
- RESERVED
-CVE-2022-46313
- RESERVED
-CVE-2022-46312
- RESERVED
-CVE-2022-46311
- RESERVED
-CVE-2022-46310
- RESERVED
+CVE-2022-46328 (Some smartphones have the input validation vulnerability. Successful e ...)
+ TODO: check
+CVE-2022-46327 (Some smartphones have configuration issues. Successful exploitation of ...)
+ TODO: check
+CVE-2022-46326 (Some smartphones have the out-of-bounds write vulnerability. Successfu ...)
+ TODO: check
+CVE-2022-46325 (Some smartphones have the out-of-bounds write vulnerability.Successful ...)
+ TODO: check
+CVE-2022-46324 (Some smartphones have the out-of-bounds write vulnerability. Successfu ...)
+ TODO: check
+CVE-2022-46323 (Some smartphones have the out-of-bounds write vulnerability.Successful ...)
+ TODO: check
+CVE-2022-46322 (Some smartphones have the out-of-bounds write vulnerability. Successfu ...)
+ TODO: check
+CVE-2022-46321 (The Wi-Fi module has a vulnerability in permission verification. Succe ...)
+ TODO: check
+CVE-2022-46320 (The kernel module has an out-of-bounds read vulnerability. Successful ...)
+ TODO: check
+CVE-2022-46319 (Fingerprint calibration has a vulnerability of lacking boundary judgme ...)
+ TODO: check
+CVE-2022-46318 (The HAware module has a function logic error. Successful exploitation ...)
+ TODO: check
+CVE-2022-46317 (The power consumption module has an out-of-bounds read vulnerability. ...)
+ TODO: check
+CVE-2022-46316 (A thread security vulnerability exists in the authentication process. ...)
+ TODO: check
+CVE-2022-46315 (The ProfileSDK has defects introduced in the design process. Successfu ...)
+ TODO: check
+CVE-2022-46314 (The IPC module has defects introduced in the design process. Successfu ...)
+ TODO: check
+CVE-2022-46313 (The sensor privacy module has an authentication vulnerability. Success ...)
+ TODO: check
+CVE-2022-46312 (The application management module has a vulnerability in permission ve ...)
+ TODO: check
+CVE-2022-46311 (The contacts component has a free (undefined) provider vulnerability. ...)
+ TODO: check
+CVE-2022-46310 (The TelephonyProvider module has a vulnerability in obtaining values.S ...)
+ TODO: check
CVE-2022-46281
RESERVED
CVE-2022-4207 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...)
@@ -5177,8 +5827,8 @@ CVE-2022-4203
CVE-2022-4202 (A vulnerability, which was classified as problematic, was found in GPA ...)
- gpac <undetermined>
TODO: check details
-CVE-2021-46856
- RESERVED
+CVE-2021-46856 (The multi-screen collaboration module has a path traversal vulnerabili ...)
+ TODO: check
CVE-2022-46338 (g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, ...)
{DLA-3217-1}
- g810-led 0.4.2-3 (bug #1024998)
@@ -5711,8 +6361,8 @@ CVE-2022-4148
RESERVED
CVE-2022-4147 (Quarkus CORS filter allows simple GET and POST requests with invalid O ...)
NOT-FOR-US: Quarkus
-CVE-2022-46139
- RESERVED
+CVE-2022-46139 (TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers ...)
+ TODO: check
CVE-2022-46138
RESERVED
CVE-2022-46137 (AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: ob ...)
@@ -5837,8 +6487,8 @@ CVE-2022-46078
RESERVED
CVE-2022-46077
RESERVED
-CVE-2022-46076
- RESERVED
+CVE-2022-46076 (D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypas ...)
+ TODO: check
CVE-2022-46075
RESERVED
CVE-2022-46074 (Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery ...)
@@ -5949,8 +6599,8 @@ CVE-2022-46022
RESERVED
CVE-2022-46021
RESERVED
-CVE-2022-46020
- RESERVED
+CVE-2022-46020 (WBCE CMS v1.5.4 can implement getshell by modifying the upload file ty ...)
+ TODO: check
CVE-2022-46019
RESERVED
CVE-2022-46018
@@ -6105,8 +6755,8 @@ CVE-2022-45944
RESERVED
CVE-2022-45943
RESERVED
-CVE-2022-45942
- RESERVED
+CVE-2022-45942 (A Remote Code Execution (RCE) vulnerability was found in includes/baij ...)
+ TODO: check
CVE-2022-45941
RESERVED
CVE-2022-45940
@@ -6814,10 +7464,10 @@ CVE-2022-45668 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request For
NOT-FOR-US: Tenda
CVE-2022-45667 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery ( ...)
NOT-FOR-US: Tenda
-CVE-2022-45666
- RESERVED
-CVE-2022-45665
- RESERVED
+CVE-2022-45666 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...)
+ TODO: check
+CVE-2022-45665 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...)
+ TODO: check
CVE-2022-45664 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...)
NOT-FOR-US: Tenda
CVE-2022-45663 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...)
@@ -7956,7 +8606,7 @@ CVE-2022-45380 (Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HT
NOT-FOR-US: Jenkins JUnit Plugin
CVE-2022-45379 (Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier store ...)
NOT-FOR-US: Jenkins Script Security Plugin
-CVE-2022-45378 (** UNSUPPORTED WHEN ASSIGNED ** In the default configuration of Apache ...)
+CVE-2022-45378 (In the default configuration of Apache SOAP, an RPCRouterServlet is av ...)
NOT-FOR-US: Apache SOAP
CVE-2022-45377
RESERVED
@@ -10880,8 +11530,8 @@ CVE-2022-3848 (The WP User Merger WordPress plugin before 1.5.3 does not properl
NOT-FOR-US: WordPress plugin
CVE-2022-3847 (The Showing URL in QR Code WordPress plugin through 0.0.1 does not hav ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-44643
- RESERVED
+CVE-2022-44643 (A vulnerability in the label-based access control of Grafana Labs Graf ...)
+ TODO: check
CVE-2022-44642
RESERVED
CVE-2022-44641 (In Linaro Automated Validation Architecture (LAVA) before 2022.11, use ...)
@@ -14592,14 +15242,14 @@ CVE-2022-43877
RESERVED
CVE-2022-43876
RESERVED
-CVE-2022-43875
- RESERVED
+CVE-2022-43875 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
+ TODO: check
CVE-2022-43874
RESERVED
CVE-2022-43873
RESERVED
-CVE-2022-43872
- RESERVED
+CVE-2022-43872 (IBM Financial Transaction Manager 3.2.4 authorization checks are done ...)
+ TODO: check
CVE-2022-43871
RESERVED
CVE-2022-43870
@@ -14888,7 +15538,7 @@ CVE-2022-43752 (** UNSUPPORTED WHEN ASSIGNED ** Oracle Solaris version 10 1/13,
CVE-2022-43751 (McAfee Total Protection prior to version 16.0.49 contains an uncontrol ...)
NOT-FOR-US: McAfee
CVE-2022-43750 (drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 ...)
- {DLA-3173-1}
+ {DLA-3245-1 DLA-3173-1}
- linux 6.0.2-1
[bullseye] - linux 5.10.148-1
NOTE: https://git.kernel.org/linus/a659daf63d16aa883be42f3f34ff84235c302198 (6.1-rc1)
@@ -15317,7 +15967,7 @@ CVE-2022-3650 [ceph-crash.service allows local ceph user to root exploit]
NOTE: Backport to Pacific: https://github.com/ceph/ceph/pull/48804
NOTE: Backport to Quincy: https://github.com/ceph/ceph/pull/48805
CVE-2022-3649 (A vulnerability was found in Linux Kernel. It has been classified as p ...)
- {DLA-3173-1}
+ {DLA-3245-1 DLA-3173-1}
- linux 6.0.2-1
[bullseye] - linux 5.10.148-1
NOTE: https://git.kernel.org/linus/d325dc6eb763c10f591c239550b8c7e5466a5d09
@@ -15670,7 +16320,7 @@ CVE-2022-3647 (** DISPUTED ** A vulnerability, which was classified as problemat
NOTE: Crash inside the crash report when redis already crashed due to calling an invalid
NOTE: function pointer, negligible security impact
CVE-2022-3646 (A vulnerability, which was classified as problematic, has been found i ...)
- {DLA-3173-1}
+ {DLA-3245-1 DLA-3173-1}
- linux 6.0.2-1
[bullseye] - linux 5.10.148-1
NOTE: https://git.kernel.org/linus/d0d51a97063db4704a5ef6bc978dddab1636a306 (6.1-rc1)
@@ -15679,7 +16329,7 @@ CVE-2022-3645
CVE-2022-3644 (The collection remote for pulp_ansible stores tokens in plaintext inst ...)
NOT-FOR-US: Pulp (Red Hat)
CVE-2022-3643 (Guests can trigger NIC interface reset/abort/crash via netback It is p ...)
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
NOTE: https://xenbits.xen.org/xsa/advisory-423.html
@@ -15691,7 +16341,7 @@ CVE-2022-3641 (Elevation of privilege in the Azure SQL Data Source in Devolution
CVE-2022-36401
RESERVED
CVE-2022-3640 (A vulnerability, which was classified as critical, was found in Linux ...)
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.8-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/0d0e2d032811280b927650ff3c15fe5020e82533
@@ -15737,7 +16387,7 @@ CVE-2022-3629 (A vulnerability was found in Linux Kernel. It has been declared a
NOTE: https://git.kernel.org/linus/7e97cfed9929eaabc41829c395eb0d1350fccb9d (6.0-rc1)
CVE-2022-3628
RESERVED
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.8-1
[bullseye] - linux 5.10.158-1
NOTE: https://www.openwall.com/lists/oss-security/2022/10/29/1
@@ -15765,7 +16415,7 @@ CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared a
CVE-2022-3622
RESERVED
CVE-2022-3621 (A vulnerability was found in Linux Kernel. It has been classified as p ...)
- {DLA-3173-1}
+ {DLA-3245-1 DLA-3173-1}
- linux 6.0.2-1
[bullseye] - linux 5.10.148-1
NOTE: https://git.kernel.org/linus/21a87d88c2253350e115029f14fe2a10a7e6c856 (6.1-rc1)
@@ -15928,7 +16578,7 @@ CVE-2022-3595 (A vulnerability was found in Linux Kernel. It has been rated as p
- linux <not-affected> (Vulnerable code not in any released version in Debian and upstream)
NOTE: https://git.kernel.org/linus/b854b4ee66437e6e1622fda90529c814978cb4ca
CVE-2022-3594 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/93e2be344a7db169b7119de21ac1bf253b8c6907 (6.1-rc1)
@@ -16015,8 +16665,8 @@ CVE-2022-43384
RESERVED
CVE-2022-43383
RESERVED
-CVE-2022-43382
- RESERVED
+CVE-2022-43382 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with eleva ...)
+ TODO: check
CVE-2022-43381
RESERVED
CVE-2022-43380
@@ -16901,12 +17551,12 @@ CVE-2022-3566 (A vulnerability, which was classified as problematic, was found i
- linux <unfixed>
NOTE: https://git.kernel.org/linus/f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57 (6.1-rc1)
CVE-2022-3565 (A vulnerability, which was classified as critical, has been found in L ...)
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/2568a7e0832ee30b0a351016d03062ab4e0e0a3f (6.1-rc1)
CVE-2022-3564 (A vulnerability classified as critical was found in Linux Kernel. Affe ...)
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.8-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/3aff8aaca4e36dc8b17eaa011684881a80238966
@@ -17058,7 +17708,7 @@ CVE-2022-3526 (A vulnerability classified as problematic was found in Linux Kern
CVE-2022-3525 (Deserialization of Untrusted Data in GitHub repository librenms/libren ...)
NOT-FOR-US: LibreNMS
CVE-2022-3524 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.7-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/3c52c6bb831f6335c176a0fc7214e26f43adbd11
@@ -17071,7 +17721,7 @@ CVE-2022-3522 (A vulnerability was found in Linux Kernel and classified as probl
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f9bf6c03eca1077cae8de0e6d86427656fa42a9b
CVE-2022-3521 (A vulnerability has been found in Linux Kernel and classified as probl ...)
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.10-1 (unimportant)
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/ec7eede369fe5b0d085ac51fdbb95184f87bfc6c
@@ -17136,8 +17786,8 @@ CVE-2022-42951
RESERVED
CVE-2022-42950
RESERVED
-CVE-2022-42949
- RESERVED
+CVE-2022-42949 (Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissi ...)
+ TODO: check
CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in releases ...)
NOT-FOR-US: Mikrotik
CVE-2022-42948
@@ -17247,7 +17897,7 @@ CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw all
NOTE: https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6 (v3.0.5)
CVE-2022-3516 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...)
NOT-FOR-US: LibreNMS
-CVE-2022-47629 [Another integer overflow in Libksba]
+CVE-2022-47629 (Libksba before 1.6.3 is prone to an integer overflow vulnerability in ...)
- libksba 1.6.3-1
NOTE: https://dev.gnupg.org/T6284
NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 (libksba-1.6.3)
@@ -17437,14 +18087,14 @@ CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allow
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46
CVE-2022-42896 (There are use-after-free vulnerabilities in the Linux kernel's net/blu ...)
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.10-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/711f8c3fb3db61897080468586b970c87c61d9e4
NOTE: https://git.kernel.org/linus/f937b758a188d6fd328a81367087eddbb2fce50f
NOTE: https://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4
CVE-2022-42895 (There is an infoleak vulnerability in the Linux kernel's net/bluetooth ...)
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.7-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/b1a2cd50c0357f243b7435a732b4e62ba3157a2e
@@ -18822,13 +19472,13 @@ CVE-2022-42331
CVE-2022-42330
RESERVED
CVE-2022-42329 (Guests can trigger deadlock in Linux netback driver T[his CNA informat ...)
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
NOTE: https://xenbits.xen.org/xsa/advisory-424.html
NOTE: https://git.kernel.org/linus/74e7e1efdad45580cc3839f2a155174cf158f9b5
CVE-2022-42328 (Guests can trigger deadlock in Linux netback driver T[his CNA informat ...)
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
NOTE: https://xenbits.xen.org/xsa/advisory-424.html
@@ -19640,8 +20290,8 @@ CVE-2022-42048
RESERVED
CVE-2022-42047
RESERVED
-CVE-2022-42046
- RESERVED
+CVE-2022-42046 (WFS, Inc HeavenBurnsRed 2020.3.15.7141260 is vulnerable to Local Privi ...)
+ TODO: check
CVE-2022-42045
RESERVED
CVE-2022-42044 (The d8s-asns package for Python, as distributed on PyPI, included a po ...)
@@ -20240,12 +20890,12 @@ CVE-2022-3363 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior
CVE-2022-3362 (Insufficient Session Expiration in GitHub repository ikus060/rdiffweb ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel th ...)
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://lore.kernel.org/all/20220904193115.GA28134@ubuntu/t/#u
CVE-2022-41849 (drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has ...)
- {DLA-3244-1}
+ {DLA-3245-1 DLA-3244-1}
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
NOTE: https://lore.kernel.org/all/20220925133243.GA383897@ubuntu/T/
@@ -20690,14 +21340,14 @@ CVE-2022-41601 (The phones have the heap overflow, out-of-bounds read, and null
NOT-FOR-US: Huawei
CVE-2022-41600 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
NOT-FOR-US: Huawei
-CVE-2022-41599
- RESERVED
+CVE-2022-41599 (The system service has a vulnerability that causes incorrect return va ...)
+ TODO: check
CVE-2022-41598 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
NOT-FOR-US: Huawei
CVE-2022-41597 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
NOT-FOR-US: Huawei
-CVE-2022-41596
- RESERVED
+CVE-2022-41596 (The system tool has inconsistent serialization and deserialization. Su ...)
+ TODO: check
CVE-2022-41595 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
NOT-FOR-US: Huawei
CVE-2022-41594 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
@@ -20706,10 +21356,10 @@ CVE-2022-41593 (The phones have the heap overflow, out-of-bounds read, and null
NOT-FOR-US: Huawei
CVE-2022-41592 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
NOT-FOR-US: Huawei
-CVE-2022-41591
- RESERVED
-CVE-2022-41590
- RESERVED
+CVE-2022-41591 (The backup module has a path traversal vulnerability. Successful explo ...)
+ TODO: check
+CVE-2022-41590 (Some smartphones have authentication-related (including session manage ...)
+ TODO: check
CVE-2022-41589 (The DFX unwind stack module of the ArkCompiler has a vulnerability in ...)
NOT-FOR-US: Huawei
CVE-2022-41588 (The home screen module has a vulnerability in service logic processing ...)
@@ -22845,6 +23495,7 @@ CVE-2022-40770 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are
CVE-2022-40769 (profanity through 1.60 has only four billion possible RNG initializati ...)
NOT-FOR-US: profanity (not same as src:profanity)
CVE-2022-40768 (drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local us ...)
+ {DLA-3245-1}
- linux 6.0.2-1
[bullseye] - linux 5.10.148-1
NOTE: https://www.openwall.com/lists/oss-security/2022/09/09/1
@@ -23302,8 +23953,8 @@ CVE-2022-40626 (An unauthenticated user can create a link with reflected Javascr
NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/55eb14d0a394b362d5df00ed9e06a3918472deec (6.0.7rc1)
CVE-2022-40625
RESERVED
-CVE-2022-40624
- RESERVED
+CVE-2022-40624 (pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execut ...)
+ TODO: check
CVE-2022-40623 (The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030 ...)
NOT-FOR-US: WAVLINK
CVE-2022-40622 (The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030 ...)
@@ -26391,8 +27042,8 @@ CVE-2022-39306 (Grafana is an open-source platform for monitoring and observabil
- grafana <removed>
CVE-2022-39305 (Gin-vue-admin is a backstage management system based on vue and gin, w ...)
NOT-FOR-US: Gin-vue-admin
-CVE-2022-39304
- RESERVED
+CVE-2022-39304 (ghinstallation provides transport, which implements http.RoundTripper ...)
+ TODO: check
CVE-2022-39303 (Ree6 is a moderation bot. This vulnerability allows manipulation of SQ ...)
NOT-FOR-US: Ree6
CVE-2022-39302 (Ree6 is a moderation bot. This vulnerability would allow other server ...)
@@ -26809,8 +27460,8 @@ CVE-2022-39168 (IBM Robotic Process Automation Clients are vulnerable to proxy c
NOT-FOR-US: IBM
CVE-2022-39167
RESERVED
-CVE-2022-39166
- RESERVED
+CVE-2022-39166 (IBM Security Guardium 11.4 could allow a privileged user to obtain sen ...)
+ TODO: check
CVE-2022-39165
RESERVED
CVE-2022-39164
@@ -27600,8 +28251,8 @@ CVE-2022-38875
RESERVED
CVE-2022-38874
RESERVED
-CVE-2022-38873
- RESERVED
+CVE-2022-38873 (D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 an ...)
+ TODO: check
CVE-2022-38872
RESERVED
CVE-2022-38871 (In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. ...)
@@ -28123,8 +28774,8 @@ CVE-2022-38735
RESERVED
CVE-2022-38734
RESERVED
-CVE-2022-38733
- RESERVED
+CVE-2022-38733 (OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an ...)
+ TODO: check
CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content Security Poli ...)
NOT-FOR-US: SnapCenter (NetAPP)
CVE-2022-38731
@@ -28151,6 +28802,7 @@ CVE-2022-2980 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
CVE-2022-2979 (Opening a specially crafted file could cause the affected product to f ...)
NOT-FOR-US: Omron
CVE-2022-2978 (A flaw use after free in the Linux kernel NILFS file system was found ...)
+ {DLA-3245-1}
- linux 6.0.2-1
[bullseye] - linux 5.10.148-1
NOTE: https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91@hust.edu.cn/T/#u
@@ -28393,8 +29045,8 @@ CVE-2022-38657
RESERVED
CVE-2022-38656 (HCL Commerce, when using Elasticsearch, can allow a remote attacker to ...)
NOT-FOR-US: HCL
-CVE-2022-38655
- RESERVED
+CVE-2022-38655 (BigFix WebUI non-master operators are missing controls that prevent th ...)
+ TODO: check
CVE-2022-38654 (HCL Domino is susceptible to an information disclosure vulnerability. ...)
NOT-FOR-US: HCL
CVE-2022-38653 (In HCL Digital Experience, customized XSS payload can be constructed s ...)
@@ -28681,8 +29333,8 @@ CVE-2022-38548
RESERVED
CVE-2022-38547
RESERVED
-CVE-2022-38546
- RESERVED
+CVE-2022-38546 (A DNS misconfiguration was found in Zyxel NBG7510 firmware versions pr ...)
+ TODO: check
CVE-2022-38545 (Valine v1.4.18 was discovered to contain a remote code execution (RCE) ...)
NOT-FOR-US: Valine
CVE-2022-38544
@@ -29245,8 +29897,8 @@ CVE-2022-2872 (Unrestricted Upload of File with Dangerous Type in GitHub reposit
- octoprint <itp> (bug #718591)
CVE-2022-2871 (Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notr ...)
NOT-FOR-US: NotrinosERP
-CVE-2022-38391
- RESERVED
+CVE-2022-38391 (IBM Spectrum Control 5.4 uses weaker than expected cryptographic algor ...)
+ TODO: check
CVE-2022-38390 (Multiple IBM Business Automation Workflow versions are vulnerable to c ...)
NOT-FOR-US: IBM
CVE-2022-38389
@@ -37566,7 +38218,8 @@ CVE-2022-35255 (A weak randomness in WebCrypto keygen vulnerability exists in No
NOTE: Introduced by https://github.com/nodejs/node/commit/dae283d96fd31ad0f30840a7e55ac97294f505ac (v15.0.0)
CVE-2022-35254 (An unauthenticated attacker can cause a denial-of-service to the follo ...)
NOT-FOR-US: Ivanti
-CVE-2022-35253 (A vulnerability exists in Hyperledger Fabric <2.4 could allow an at ...)
+CVE-2022-35253
+ REJECTED
NOT-FOR-US: Hyperledger Fabric
CVE-2022-35252 (When curl is used to retrieve and parse cookies from a HTTP(S) server, ...)
- curl 7.85.0-1 (bug #1018831)
@@ -52847,7 +53500,7 @@ CVE-2022-29902
CVE-2022-1526 (A vulnerability, which was classified as problematic, was found in Eml ...)
NOT-FOR-US: Emlog Pro
CVE-2022-29901 (Intel microprocessor generations 6 to 8 are affected by a new Spectre ...)
- {DSA-5207-1 DLA-3102-1}
+ {DSA-5207-1 DLA-3245-1 DLA-3102-1}
- linux 5.18.14-1
NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
@@ -64319,8 +64972,8 @@ CVE-2022-25944
RESERVED
CVE-2022-25941
RESERVED
-CVE-2022-25940
- RESERVED
+CVE-2022-25940 (All versions of package lite-server are vulnerable to Denial of Servic ...)
+ TODO: check
CVE-2022-25939
RESERVED
CVE-2022-25938
@@ -64335,12 +64988,12 @@ CVE-2022-25934
RESERVED
CVE-2022-25933
RESERVED
-CVE-2022-25931
- RESERVED
+CVE-2022-25931 (All versions of package easy-static-server are vulnerable to Directory ...)
+ TODO: check
CVE-2022-25930
RESERVED
-CVE-2022-25929
- RESERVED
+CVE-2022-25929 (The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to C ...)
+ TODO: check
CVE-2022-25928
RESERVED
CVE-2022-25927
@@ -64377,8 +65030,8 @@ CVE-2022-25907 (The package ts-deepmerge before 2.0.2 are vulnerable to Prototyp
NOT-FOR-US: voodoocreation/ts-deepmerge
CVE-2022-25906
RESERVED
-CVE-2022-25904
- RESERVED
+CVE-2022-25904 (All versions of package safe-eval are vulnerable to Prototype Pollutio ...)
+ TODO: check
CVE-2022-25903 (The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) ...)
NOT-FOR-US: Rust crate opcua
CVE-2022-25902
@@ -64398,12 +65051,12 @@ CVE-2022-25896 (This affects the package passport before 0.6.0. When a user logs
NOTE: https://github.com/jaredhanson/passport/commit/42630cbd1ffd44d146ff96f0a4be6f3c12f81d75 (v0.6.0)
NOTE: https://github.com/jaredhanson/passport/pull/900
NOTE: https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631
-CVE-2022-25895
- RESERVED
+CVE-2022-25895 (All versions of package lite-dev-server are vulnerable to Directory Tr ...)
+ TODO: check
CVE-2022-25894
RESERVED
-CVE-2022-25893
- RESERVED
+CVE-2022-25893 (The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Executi ...)
+ TODO: check
CVE-2022-25892 (The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all v ...)
NOT-FOR-US: Muhammara Nodejs module
CVE-2022-25891 (The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are v ...)
@@ -64596,8 +65249,8 @@ CVE-2022-25232
RESERVED
CVE-2022-25231 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...)
NOT-FOR-US: node-opcua/node-opcua
-CVE-2022-25171
- RESERVED
+CVE-2022-25171 (The package p4 before 0.0.7 are vulnerable to Command Injection via th ...)
+ TODO: check
CVE-2022-24913
RESERVED
CVE-2022-24912 (The package github.com/runatlantis/atlantis/server/controllers/events ...)
@@ -64625,8 +65278,8 @@ CVE-2022-24434 (This affects all versions of package dicer. A malicious attacker
NOTE: https://snyk.io/vuln/SNYK-JS-DICER-2311764
CVE-2022-24433 (The package simple-git before 3.3.0 are vulnerable to Command Injectio ...)
NOT-FOR-US: simple-git
-CVE-2022-24431
- RESERVED
+CVE-2022-24431 (All versions of package abacus-ext-cmdline are vulnerable to Command I ...)
+ TODO: check
CVE-2022-24430
RESERVED
CVE-2022-24429 (The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary ...)
@@ -72413,8 +73066,8 @@ CVE-2022-23544
RESERVED
CVE-2022-23543 (Silverware Games is a social network where people can play games onlin ...)
TODO: check
-CVE-2022-23542
- RESERVED
+CVE-2022-23542 (OpenFGA is an authorization/permission engine built for developers and ...)
+ TODO: check
CVE-2022-23541
RESERVED
CVE-2022-23540
@@ -72423,8 +73076,8 @@ CVE-2022-23539
RESERVED
CVE-2022-23538
RESERVED
-CVE-2022-23537
- RESERVED
+CVE-2022-23537 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
CVE-2022-23536 (Cortex provides multi-tenant, long term storage for Prometheus. A loca ...)
TODO: check
CVE-2022-23535
@@ -91266,6 +91919,7 @@ CVE-2022-20371 (In dm_bow_dtr and related functions of dm-bow.c, there is a poss
CVE-2022-20370 (Product: AndroidVersions: Android kernelAndroid ID: A-215730643Referen ...)
NOT-FOR-US: Android
CVE-2022-20369 (In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bou ...)
+ {DLA-3245-1}
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
NOTE: https://git.kernel.org/linus/8310ca94075e784bbb06593cd6c068ee6b6e4ca6 (5.18-rc1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e47d96093c937e9ffb1aab9c2bbd52fa5b987aa0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e47d96093c937e9ffb1aab9c2bbd52fa5b987aa0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221221/6cb0f9cd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list