[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 12 21:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
38089891 by security tracker role at 2022-05-12T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2022-30616
+ RESERVED
+CVE-2022-30615
+ RESERVED
+CVE-2022-30614
+ RESERVED
+CVE-2022-30613
+ RESERVED
+CVE-2022-30612
+ RESERVED
+CVE-2022-30611
+ RESERVED
+CVE-2022-30610
+ RESERVED
+CVE-2022-30609
+ RESERVED
+CVE-2022-30608
+ RESERVED
+CVE-2022-30607
+ RESERVED
+CVE-2022-30546
+ RESERVED
+CVE-2022-30538
+ RESERVED
+CVE-2022-29925
+ RESERVED
+CVE-2022-29522
+ RESERVED
+CVE-2022-29482
+ RESERVED
+CVE-2022-27231
+ RESERVED
+CVE-2022-26302
+ RESERVED
+CVE-2022-1699 (Uncontrolled Resource Consumption in GitHub repository causefx/organiz ...)
+ TODO: check
+CVE-2022-1698 (Allowing long password leads to denial of service in GitHub repository ...)
+ TODO: check
+CVE-2022-1697
+ RESERVED
+CVE-2022-1696
+ RESERVED
+CVE-2022-1695
+ RESERVED
+CVE-2022-1694
+ RESERVED
+CVE-2022-1693
+ RESERVED
+CVE-2022-1692
+ RESERVED
+CVE-2022-1691
+ RESERVED
+CVE-2022-1690
+ RESERVED
+CVE-2022-1689
+ RESERVED
+CVE-2022-1688
+ RESERVED
+CVE-2022-1687
+ RESERVED
+CVE-2022-1686
+ RESERVED
+CVE-2022-1685
+ RESERVED
+CVE-2022-1684
+ RESERVED
+CVE-2022-1683
+ RESERVED
+CVE-2022-1682 (Reflected Xss using url based payload in GitHub repository neorazorx/f ...)
+ TODO: check
+CVE-2022-1681 (Authentication Bypass Using an Alternate Path or Channel in GitHub rep ...)
+ TODO: check
CVE-2022-XXXX [RUSTSEC-2022-0022]
- rust-hyper <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0022.html
@@ -127,8 +199,8 @@ CVE-2022-1676
RESERVED
CVE-2022-1675
RESERVED
-CVE-2022-1674
- RESERVED
+CVE-2022-1674 (NULL Pointer Dereference in function vim_regexec_string at regexp.c:27 ...)
+ TODO: check
CVE-2022-1673
RESERVED
CVE-2022-1672
@@ -236,8 +308,8 @@ CVE-2022-1651
RESERVED
- linux 5.17.3-1
NOTE: https://git.kernel.org/linus/ecd1735f14d6ac868ae5d8b7a2bf193fa11f388b (5.18-rc1)
-CVE-2022-1650
- RESERVED
+CVE-2022-1650 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+ TODO: check
CVE-2022-1649 (Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/c07e4918-cf86-4d2e-8969-5fb63575b449
@@ -248,8 +320,8 @@ CVE-2022-1647
RESERVED
CVE-2022-30526
RESERVED
-CVE-2022-30525
- RESERVED
+CVE-2022-30525 (A OS command injection vulnerability in the CGI program of Zyxel USG F ...)
+ TODO: check
CVE-2022-1646
RESERVED
CVE-2022-1645
@@ -268,46 +340,55 @@ CVE-2022-1642
RESERVED
CVE-2022-1641
RESERVED
+ {DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1640
RESERVED
+ {DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1639
RESERVED
+ {DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1638
RESERVED
+ {DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1637
RESERVED
+ {DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1636
RESERVED
+ {DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1635
RESERVED
+ {DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1634
RESERVED
+ {DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1633
RESERVED
+ {DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -926,8 +1007,8 @@ CVE-2022-30281
RESERVED
CVE-2022-30280
RESERVED
-CVE-2022-30279
- RESERVED
+CVE-2022-30279 (An issue was discovered in Stormshield Network Security (SNS) 4.3.x be ...)
+ TODO: check
CVE-2022-30278 (A vulnerability in Black Duck Hub’s embedded MadCap Flare docume ...)
NOT-FOR-US: Black Duck Hub
CVE-2022-30277
@@ -1352,6 +1433,7 @@ CVE-2022-1553
RESERVED
CVE-2022-1552
RESERVED
+ {DSA-5136-1 DSA-5135-1}
- postgresql-14 14.3-1
- postgresql-13 <removed>
- postgresql-11 <removed>
@@ -1625,54 +1707,54 @@ CVE-2022-30004
RESERVED
CVE-2022-30003
RESERVED
-CVE-2022-30002
- RESERVED
-CVE-2022-30001
- RESERVED
-CVE-2022-30000
- RESERVED
-CVE-2022-29999
- RESERVED
-CVE-2022-29998
- RESERVED
+CVE-2022-30002 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...)
+ TODO: check
+CVE-2022-30001 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...)
+ TODO: check
+CVE-2022-30000 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...)
+ TODO: check
+CVE-2022-29999 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...)
+ TODO: check
+CVE-2022-29998 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...)
+ TODO: check
CVE-2022-29997
RESERVED
CVE-2022-29996
RESERVED
-CVE-2022-29995
- RESERVED
-CVE-2022-29994
- RESERVED
-CVE-2022-29993
- RESERVED
-CVE-2022-29992
- RESERVED
+CVE-2022-29995 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2022-29994 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2022-29993 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2022-29992 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
CVE-2022-29991
RESERVED
-CVE-2022-29990
- RESERVED
-CVE-2022-29989
- RESERVED
-CVE-2022-29988
- RESERVED
-CVE-2022-29987
- RESERVED
-CVE-2022-29986
- RESERVED
-CVE-2022-29985
- RESERVED
-CVE-2022-29984
- RESERVED
-CVE-2022-29983
- RESERVED
-CVE-2022-29982
- RESERVED
-CVE-2022-29981
- RESERVED
-CVE-2022-29980
- RESERVED
-CVE-2022-29979
- RESERVED
+CVE-2022-29990 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2022-29989 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2022-29988 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2022-29987 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2022-29986 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2022-29985 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2022-29984 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-29983 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-29982 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-29981 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-29980 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-29979 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
CVE-2022-29978 (There is a floating point exception error in sixel_encoder_do_resize, ...)
- libsixel <unfixed>
[bullseye] - libsixel <no-dsa> (Minor issue)
@@ -1794,14 +1876,14 @@ CVE-2022-29932 (The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allo
NOT-FOR-US: PRIMEUR
CVE-2022-29931
RESERVED
-CVE-2022-29930
- RESERVED
-CVE-2022-29929
- RESERVED
-CVE-2022-29928
- RESERVED
-CVE-2022-29927
- RESERVED
+CVE-2022-29930 (SHA1 implementation in JetBrains Ktor Native before 2.0.1 was returnin ...)
+ TODO: check
+CVE-2022-29929 (In JetBrains TeamCity before 2022.04 potential XSS via Referrer header ...)
+ TODO: check
+CVE-2022-29928 (In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent ...)
+ TODO: check
+CVE-2022-29927 (In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain ...)
+ TODO: check
CVE-2022-29922
RESERVED
CVE-2022-29918
@@ -1948,8 +2030,8 @@ CVE-2022-29897 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin
NOT-FOR-US: RAD-ISM-900-EN
CVE-2022-29892
RESERVED
-CVE-2022-29885
- RESERVED
+CVE-2022-29885 (The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 ...)
+ TODO: check
CVE-2022-29884
RESERVED
CVE-2022-29883 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
@@ -2532,34 +2614,34 @@ CVE-2022-29753
RESERVED
CVE-2022-29752
RESERVED
-CVE-2022-29751
- RESERVED
-CVE-2022-29750
- RESERVED
-CVE-2022-29749
- RESERVED
-CVE-2022-29748
- RESERVED
-CVE-2022-29747
- RESERVED
-CVE-2022-29746
- RESERVED
-CVE-2022-29745
- RESERVED
+CVE-2022-29751 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-29750 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-29749 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-29748 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-29747 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-29746 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...)
+ TODO: check
+CVE-2022-29745 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...)
+ TODO: check
CVE-2022-29744
RESERVED
CVE-2022-29743
RESERVED
CVE-2022-29742
RESERVED
-CVE-2022-29741
- RESERVED
+CVE-2022-29741 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...)
+ TODO: check
CVE-2022-29740
RESERVED
-CVE-2022-29739
- RESERVED
-CVE-2022-29738
- RESERVED
+CVE-2022-29739 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...)
+ TODO: check
+CVE-2022-29738 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...)
+ TODO: check
CVE-2022-29737
RESERVED
CVE-2022-29736
@@ -3064,10 +3146,10 @@ CVE-2022-29541
RESERVED
CVE-2022-29540
RESERVED
-CVE-2022-29539
- RESERVED
-CVE-2022-29538
- RESERVED
+CVE-2022-29539 (resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Inject ...)
+ TODO: check
+CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control in auth ...)
+ TODO: check
CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a hea ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
@@ -3536,10 +3618,10 @@ CVE-2022-29371
RESERVED
CVE-2022-29370
RESERVED
-CVE-2022-29369
- RESERVED
-CVE-2022-29368
- RESERVED
+CVE-2022-29369 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation vi ...)
+ TODO: check
+CVE-2022-29368 (Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was di ...)
+ TODO: check
CVE-2022-29367
RESERVED
CVE-2022-29366
@@ -3548,8 +3630,8 @@ CVE-2022-29365
RESERVED
CVE-2022-29364
RESERVED
-CVE-2022-29363
- RESERVED
+CVE-2022-29363 (Phpok v6.1 was discovered to contain a deserialization vulnerability v ...)
+ TODO: check
CVE-2022-29362
RESERVED
CVE-2022-29361
@@ -3668,26 +3750,26 @@ CVE-2022-29309
RESERVED
CVE-2022-29308
RESERVED
-CVE-2022-29307
- RESERVED
-CVE-2022-29306
- RESERVED
+CVE-2022-29307 (IonizeCMS v1.0.8.1 was discovered to contain a command injection vulne ...)
+ TODO: check
+CVE-2022-29306 (IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerabi ...)
+ TODO: check
CVE-2022-29305
RESERVED
CVE-2022-29304
RESERVED
-CVE-2022-29303
- RESERVED
-CVE-2022-29302
- RESERVED
+CVE-2022-29303 (SolarView Compact ver.6.00 was discovered to contain a command injecti ...)
+ TODO: check
+CVE-2022-29302 (SolarView Compact ver.6.00 was discovered to contain a local file disc ...)
+ TODO: check
CVE-2022-29301
RESERVED
CVE-2022-29300
RESERVED
CVE-2022-29299
RESERVED
-CVE-2022-29298
- RESERVED
+CVE-2022-29298 (SolarView Compact ver.6.00 allows attackers to access sensitive files ...)
+ TODO: check
CVE-2022-29297
RESERVED
CVE-2022-29296
@@ -4746,10 +4828,10 @@ CVE-2022-28922
RESERVED
CVE-2022-28921
RESERVED
-CVE-2022-28920
- RESERVED
-CVE-2022-28919
- RESERVED
+CVE-2022-28920 (Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting ...)
+ TODO: check
+CVE-2022-28919 (HTMLCreator release_stable_2020-07-29 was discovered to contain a cros ...)
+ TODO: check
CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletio ...)
NOT-FOR-US: GreenCMS
CVE-2022-28917
@@ -4866,10 +4948,10 @@ CVE-2022-28875
RESERVED
CVE-2022-28874
RESERVED
-CVE-2022-28873
- RESERVED
-CVE-2022-28872
- RESERVED
+CVE-2022-28873 (A vulnerability affecting F-Secure SAFE browser was discovered. An att ...)
+ TODO: check
+CVE-2022-28872 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...)
+ TODO: check
CVE-2022-28871 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
NOT-FOR-US: F-Secure
CVE-2022-28870 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...)
@@ -4972,10 +5054,10 @@ CVE-2022-28821
RESERVED
CVE-2022-28820 (ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross ...)
NOT-FOR-US: Adobe
-CVE-2022-28819
- RESERVED
-CVE-2022-28818
- RESERVED
+CVE-2022-28819 (Adobe Character Animator versions 4.4.2 (and earlier) and 22.3 (and ea ...)
+ TODO: check
+CVE-2022-28818 (ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected ...)
+ TODO: check
CVE-2022-28817
RESERVED
CVE-2022-28816
@@ -8339,14 +8421,14 @@ CVE-2022-27655 (When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) r
NOT-FOR-US: SAP
CVE-2022-27654 (When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) rece ...)
NOT-FOR-US: SAP
-CVE-2022-26518
- RESERVED
+CVE-2022-26518 (An OS command injection vulnerability exists in the console infactory_ ...)
+ TODO: check
CVE-2022-26422
RESERVED
-CVE-2022-26420
- RESERVED
-CVE-2022-26075
- RESERVED
+CVE-2022-26420 (An OS command injection vulnerability exists in the console infactory_ ...)
+ TODO: check
+CVE-2022-26075 (An OS command injection vulnerability exists in the console infactory_ ...)
+ TODO: check
CVE-2022-1056 (Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers ...)
- tiff <unfixed> (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/391
@@ -8436,8 +8518,8 @@ CVE-2022-1046 (The Visual Form Builder WordPress plugin before 3.0.7 does not sa
NOT-FOR-US: WordPress plugin
CVE-2022-1045 (Stored XSS viva .svg file upload in GitHub repository polonel/trudesk ...)
NOT-FOR-US: Trudesk
-CVE-2022-1044
- RESERVED
+CVE-2022-1044 (Sensitive Data Exposure Due To Insecure Storage Of Profile Image in Gi ...)
+ TODO: check
CVE-2022-1043 [Linux Kernel io_uring Use-After-Free Privilege Escalation Vulnerability]
RESERVED
- linux 5.14.6-1
@@ -9472,8 +9554,8 @@ CVE-2022-1019 (Automated Logic's WebCtrl Server Version 6.1 'Help' index pages a
NOT-FOR-US: Automated Logic WebCtrl Server
CVE-2022-1018 (When opening a malicious solution file provided by an attacker, the ap ...)
NOT-FOR-US: Rockwell Automation
-CVE-2022-27172
- RESERVED
+CVE-2022-27172 (A hard-coded password vulnerability exists in the console infactory fu ...)
+ TODO: check
CVE-2022-1017
RESERVED
CVE-2022-1016
@@ -9819,8 +9901,8 @@ CVE-2022-27166
RESERVED
CVE-2022-26511 (WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening ...)
NOT-FOR-US: WPS Presentation
-CVE-2022-26510
- RESERVED
+CVE-2022-26510 (A firmware update vulnerability exists in the iburn firmware checks fu ...)
+ TODO: check
CVE-2022-26303
RESERVED
CVE-2022-26082
@@ -10816,12 +10898,12 @@ CVE-2022-0907 (Unchecked Return Value to NULL Pointer Dereference in tiffcrop in
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/392
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/314
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/40b00cfb32256d377608b4d4cd30fac338d0a0bc
-CVE-2022-26782
- RESERVED
-CVE-2022-26781
- RESERVED
-CVE-2022-26780
- RESERVED
+CVE-2022-26782 (Multiple improper input validation vulnerabilities exists in the libnv ...)
+ TODO: check
+CVE-2022-26781 (Multiple improper input validation vulnerabilities exists in the libnv ...)
+ TODO: check
+CVE-2022-26780 (Multiple improper input validation vulnerabilities exists in the libnv ...)
+ TODO: check
CVE-2022-26779 (Apache CloudStack prior to 4.16.1.0 used insecure random number genera ...)
NOT-FOR-US: Apache CloudStack
CVE-2022-0906 (Unrestricted file upload leads to stored XSS in GitHub repository micr ...)
@@ -12743,14 +12825,14 @@ CVE-2022-26113
RESERVED
CVE-2022-26112
RESERVED
-CVE-2022-26042
- RESERVED
-CVE-2022-26007
- RESERVED
-CVE-2022-26002
- RESERVED
-CVE-2022-25995
- RESERVED
+CVE-2022-26042 (An OS command injection vulnerability exists in the daretools binary f ...)
+ TODO: check
+CVE-2022-26007 (An OS command injection vulnerability exists in the console factory fu ...)
+ TODO: check
+CVE-2022-26002 (A stack-based buffer overflow vulnerability exists in the console fact ...)
+ TODO: check
+CVE-2022-25995 (A command execution vulnerability exists in the console inhand functio ...)
+ TODO: check
CVE-2022-0765 (The Loco Translate WordPress plugin before 2.6.1 does not properly rem ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0764 (Arbitrary Command Injection in GitHub repository strapi/strapi prior t ...)
@@ -12826,8 +12908,8 @@ CVE-2022-0759 (A flaw was found in all versions of kubeclient up to (but not inc
NOTE: https://github.com/ManageIQ/kubeclient/pull/556
NOTE: https://github.com/ManageIQ/kubeclient/issues/555
NOTE: https://github.com/ManageIQ/kubeclient/pull/556
-CVE-2022-26085
- RESERVED
+CVE-2022-26085 (An OS command injection vulnerability exists in the httpd wlscan_ASP f ...)
+ TODO: check
CVE-2022-26068 (This affects the package pistacheio/pistache before 0.0.3.20220425. It ...)
- pistache <itp> (bug #929593)
CVE-2022-26066
@@ -12862,8 +12944,8 @@ CVE-2022-26025
RESERVED
CVE-2022-26021
RESERVED
-CVE-2022-26020
- RESERVED
+CVE-2022-26020 (An information disclosure vulnerability exists in the router configura ...)
+ TODO: check
CVE-2022-26018
RESERVED
CVE-2022-26016
@@ -13557,8 +13639,8 @@ CVE-2022-25768
RESERVED
CVE-2022-25763
RESERVED
-CVE-2022-21182
- RESERVED
+CVE-2022-21182 (A privilege escalation vulnerability exists in the router configuratio ...)
+ TODO: check
CVE-2022-0734
RESERVED
CVE-2022-0733
@@ -13790,18 +13872,18 @@ CVE-2022-25651
RESERVED
CVE-2022-25650 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Siemens
-CVE-2022-25172
- RESERVED
+CVE-2022-25172 (An information disclosure vulnerability exists in the web interface se ...)
+ TODO: check
CVE-2022-25170 (The affected product is vulnerable to a stack-based buffer overflow wh ...)
NOT-FOR-US: FATEK Automation
-CVE-2022-24910
- RESERVED
+CVE-2022-24910 (A buffer overflow vulnerability exists in the httpd parse_ping_result ...)
+ TODO: check
CVE-2022-23985 (The affected product is vulnerable to an out-of-bounds write while pro ...)
NOT-FOR-US: FATEK Automation
-CVE-2022-21809
- RESERVED
-CVE-2022-21238
- RESERVED
+CVE-2022-21809 (A file write vulnerability exists in the httpd upload.cgi functionalit ...)
+ TODO: check
+CVE-2022-21238 (A cross-site scripting (xss) vulnerability exists in the info.jsp func ...)
+ TODO: check
CVE-2022-21209 (The affected product is vulnerable to an out-of-bounds read while proc ...)
NOT-FOR-US: FATEK Automation
CVE-2022-0730 (Under certain ldap conditions, Cacti authentication can be bypassed wi ...)
@@ -14615,8 +14697,7 @@ CVE-2022-23403
RESERVED
CVE-2022-23182
RESERVED
-CVE-2022-22139
- RESERVED
+CVE-2022-22139 (Uncontrolled search path in the Intel(R) XTU software before version 7 ...)
NOT-FOR-US: Intel
CVE-2022-21225
RESERVED
@@ -17550,13 +17631,11 @@ CVE-2022-24401
RESERVED
CVE-2022-24400
RESERVED
-CVE-2022-24382
- RESERVED
+CVE-2022-24382 (Improper input validation in firmware for some Intel(R) NUCs may allow ...)
NOT-FOR-US: Intel
CVE-2022-24379
RESERVED
-CVE-2022-24297
- RESERVED
+CVE-2022-24297 (Improper buffer restrictions in firmware for some Intel(R) NUCs may al ...)
NOT-FOR-US: Intel
CVE-2022-23917
RESERVED
@@ -17570,8 +17649,7 @@ CVE-2022-21795
RESERVED
CVE-2022-21233
RESERVED
-CVE-2022-21128
- RESERVED
+CVE-2022-21128 (Insufficient control flow management in the Intel(R) Advisor software ...)
NOT-FOR-US: Intel
CVE-2022-0492 (A vulnerability was found in the Linux kernel’s cgroup_release_a ...)
{DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1}
@@ -20227,8 +20305,8 @@ CVE-2022-23781
RESERVED
CVE-2022-23780
RESERVED
-CVE-2022-21147
- RESERVED
+CVE-2022-21147 (An out of bounds read vulnerability exists in the malware scan functio ...)
+ TODO: check
CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template Engine ...)
NOT-FOR-US: Mustache (implementation in PHP)
CVE-2022-0322 (A flaw was found in the sctp_make_strreset_req function in net/sctp/sm ...)
@@ -24962,8 +25040,8 @@ CVE-2022-22415 (A vulnerability exists where an IBM Robotic Process Automation 2
NOT-FOR-US: IBM
CVE-2022-22414
RESERVED
-CVE-2022-22413
- RESERVED
+CVE-2022-22413 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerabl ...)
+ TODO: check
CVE-2022-22412
RESERVED
CVE-2022-22411
@@ -31206,8 +31284,7 @@ CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network Securi
NOT-FOR-US: McAfee
CVE-2022-21240
RESERVED
-CVE-2022-21237
- RESERVED
+CVE-2022-21237 (Improper buffer access in firmware for some Intel(R) NUCs may allow a ...)
NOT-FOR-US: Intel
CVE-2022-21218 (Uncaught exception in the Intel(R) Trace Analyzer and Collector before ...)
NOT-FOR-US: Intel
@@ -31242,8 +31319,7 @@ CVE-2021-33847
RESERVED
CVE-2021-26950
RESERVED
-CVE-2021-26258
- RESERVED
+CVE-2021-26258 (Improper access control for the Intel(R) Killer(TM) Control Center sof ...)
NOT-FOR-US: Intel
CVE-2021-26257
RESERVED
@@ -33933,7 +34009,6 @@ CVE-2022-21451 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2022-21450 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub produc ...)
NOT-FOR-US: Oracle
CVE-2022-21449 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5131-1 DSA-5128-1}
- openjdk-17 17.0.3+7-1
- openjdk-18 18.0.1+10-1
CVE-2022-21448 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
@@ -34479,17 +34554,16 @@ CVE-2022-21157 (Improper access control in the Intel(R) Smart Campus Android app
NOT-FOR-US: Intel
CVE-2022-21153 (Improper access control in the Intel(R) Capital Global Summit Android ...)
NOT-FOR-US: Intel
-CVE-2022-21151
- RESERVED
+CVE-2022-21151 (Processor optimization removal or modification of security-critical co ...)
- intel-microcode <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510
CVE-2022-21138
RESERVED
-CVE-2022-21136
- RESERVED
-CVE-2022-21131
- RESERVED
+CVE-2022-21136 (Improper input validation for some Intel(R) Xeon(R) Processors may all ...)
+ TODO: check
+CVE-2022-21131 (Improper access control for some Intel(R) Xeon(R) Processors may allow ...)
+ TODO: check
CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: Bitdefender
CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
@@ -37848,8 +37922,8 @@ CVE-2021-42865
RESERVED
CVE-2021-42864
RESERVED
-CVE-2021-42863
- RESERVED
+CVE-2021-42863 (A buffer overflow in ecma_builtin_typedarray_prototype_filter() in Jer ...)
+ TODO: check
CVE-2021-42862
RESERVED
CVE-2021-42861
@@ -38312,7 +38386,7 @@ CVE-2021-42696
RESERVED
CVE-2021-42695
RESERVED
-CVE-2021-42694 (An issue was discovered in the character definitions of the Unicode Sp ...)
+CVE-2021-42694 (** DISPUTED ** An issue was discovered in the character definitions of ...)
NOT-FOR-US: Unicode spec
CVE-2021-42693
RESERVED
@@ -38558,7 +38632,7 @@ CVE-2021-42576 (The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8
NOTE: https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/
CVE-2021-42575 (The OWASP Java HTML Sanitizer before 20211018.1 does not properly enfo ...)
NOT-FOR-US: OWASP HTML Sanitizer
-CVE-2021-42574 (An issue was discovered in the Bidirectional Algorithm in the Unicode ...)
+CVE-2021-42574 (** DISPUTED ** An issue was discovered in the Bidirectional Algorithm ...)
- rustc <unfixed>
[bullseye] - rustc <no-dsa> (Minor issue)
[buster] - rustc <no-dsa> (Minor issue)
@@ -38621,10 +38695,10 @@ CVE-2021-23225 (Cacti 1.1.38 allows authenticated users with User Management per
NOTE: https://github.com/Cacti/cacti/issues/1882
NOTE: overlap with CVE-2020-7106 (registered earlier, but issue above is from 2018) which refactors user_admin.php XSS protection
NOTE: input (not output) validation not addressed, malicious username still can be created after fix
-CVE-2022-0005
- RESERVED
-CVE-2022-0004
- RESERVED
+CVE-2022-0005 (Sensitive information accessible by physical probing of JTAG interface ...)
+ TODO: check
+CVE-2022-0004 (Hardware debug modes and processor INIT setting that allow override of ...)
+ TODO: check
CVE-2022-0003
RESERVED
CVE-2022-0002 (Non-transparent sharing of branch predictor within a context in some I ...)
@@ -45291,8 +45365,8 @@ CVE-2021-40400 (An out-of-bounds read vulnerability exists in the RS-274X apertu
- gerbv <unfixed>
NOTE: https://github.com/gerbv/gerbv/issues/79
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413
-CVE-2021-40399
- RESERVED
+CVE-2021-40399 (An exploitable use-after-free vulnerability exists in WPS Spreadsheets ...)
+ TODO: check
CVE-2021-40398 (An out-of-bounds write vulnerability exists in the parse_raster_data f ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2021-40397 (A privilege escalation vulnerability exists in the installation of Adv ...)
@@ -47941,7 +48015,7 @@ CVE-2021-39300 (Potential vulnerabilities have been identified in UEFI firmware
NOT-FOR-US: HP
CVE-2021-39299 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
NOT-FOR-US: HP
-CVE-2021-39298 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+CVE-2021-39298 (A potential vulnerability in AMD System Management Mode (SMM) interrup ...)
NOT-FOR-US: HP
CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
NOT-FOR-US: HP
@@ -63143,8 +63217,8 @@ CVE-2021-33151
RESERVED
CVE-2021-33150 (Hardware allows activation of test or debug logic at runtime for some ...)
NOT-FOR-US: Intel
-CVE-2021-33149
- RESERVED
+CVE-2021-33149 (Observable behavioral discrepancy in some Intel(R) Processors may allo ...)
+ TODO: check
CVE-2021-33148
RESERVED
CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library before ve ...)
@@ -63173,8 +63247,8 @@ CVE-2021-33137 (Out-of-bounds write in the Intel(R) Kernelflinger project may al
NOT-FOR-US: Intel
CVE-2021-33136
RESERVED
-CVE-2021-33135
- RESERVED
+CVE-2021-33135 (Uncontrolled resource consumption in the Linux kernel drivers for Inte ...)
+ TODO: check
CVE-2021-33134
RESERVED
CVE-2021-33133
@@ -63183,8 +63257,7 @@ CVE-2021-33132
RESERVED
CVE-2021-33131
RESERVED
-CVE-2021-33130
- RESERVED
+CVE-2021-33130 (Insecure default variable initialization of Intel(R) RealSense(TM) ID ...)
NOT-FOR-US: Intel
CVE-2021-33129 (Incorrect default permissions in the software installer for the Intel( ...)
NOT-FOR-US: Intel
@@ -63196,14 +63269,11 @@ CVE-2021-33126
RESERVED
CVE-2021-33125
RESERVED
-CVE-2021-33124
- RESERVED
+CVE-2021-33124 (Out-of-bounds write in the BIOS authenticated code module for some Int ...)
NOT-FOR-US: Intel
-CVE-2021-33123
- RESERVED
+CVE-2021-33123 (Improper access control in the BIOS authenticated code module for some ...)
NOT-FOR-US: Intel
-CVE-2021-33122
- RESERVED
+CVE-2021-33122 (Insufficient control flow management in the BIOS firmware for some Int ...)
NOT-FOR-US: Intel
CVE-2021-33121
RESERVED
@@ -63216,8 +63286,7 @@ CVE-2021-33119 (Improper access control in the Intel(R) RealSense(TM) DCM before
NOT-FOR-US: Intel
CVE-2021-33118 (Improper access control in the software installer for the Intel(R) Ser ...)
NOT-FOR-US: Intel
-CVE-2021-33117
- RESERVED
+CVE-2021-33117 (Improper access control for some 3rd Generation Intel(R) Xeon(R) Scala ...)
- intel-microcode 3.20220207.1
[bullseye] - intel-microcode 3.20220207.1~deb11u1
[buster] - intel-microcode 3.20220207.1~deb10u1
@@ -63239,8 +63308,7 @@ CVE-2021-33110 (Improper input validation for some Intel(R) Wireless Bluetooth(R
NOT-FOR-US: Intel
CVE-2021-33109
RESERVED
-CVE-2021-33108
- RESERVED
+CVE-2021-33108 (Improper input validation in the Intel(R) In-Band Manageability softwa ...)
NOT-FOR-US: Intel
CVE-2021-33107 (Insufficiently protected credentials in USB provisioning for Intel(R) ...)
NOT-FOR-US: Intel
@@ -63250,8 +63318,7 @@ CVE-2021-33105 (Out-of-bounds read in some Intel(R) Core(TM) processors with Rad
NOT-FOR-US: Intel
CVE-2021-33104
RESERVED
-CVE-2021-33103
- RESERVED
+CVE-2021-33103 (Unintended intermediary in the BIOS authenticated code module for some ...)
NOT-FOR-US: Intel
CVE-2021-33102
RESERVED
@@ -63294,32 +63361,25 @@ CVE-2021-33085
RESERVED
CVE-2021-33084
RESERVED
-CVE-2021-33083
- RESERVED
+CVE-2021-33083 (Improper authentication in firmware for some Intel(R) SSD, Intel(R) Op ...)
NOT-FOR-US: Intel
-CVE-2021-33082
- RESERVED
+CVE-2021-33082 (Sensitive information in resource not removed before reuse in firmware ...)
NOT-FOR-US: Intel
CVE-2021-33081
RESERVED
-CVE-2021-33080
- RESERVED
+CVE-2021-33080 (Exposure of sensitive system information due to uncleared debug inform ...)
NOT-FOR-US: Intel
CVE-2021-33079
RESERVED
-CVE-2021-33078
- RESERVED
+CVE-2021-33078 (Race condition within a thread in firmware for some Intel(R) Optane(TM ...)
NOT-FOR-US: Intel
-CVE-2021-33077
- RESERVED
+CVE-2021-33077 (Insufficient control flow management in firmware for some Intel(R) SSD ...)
NOT-FOR-US: Intel
CVE-2021-33076
RESERVED
-CVE-2021-33075
- RESERVED
+CVE-2021-33075 (Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) ...)
NOT-FOR-US: Intel
-CVE-2021-33074
- RESERVED
+CVE-2021-33074 (Protection mechanism failure in firmware for some Intel(R) SSD, Intel( ...)
NOT-FOR-US: Intel
CVE-2021-33073 (Uncontrolled resource consumption in the Intel(R) Distribution of Open ...)
NOT-FOR-US: Intel
@@ -63329,8 +63389,7 @@ CVE-2021-33071 (Incorrect default permissions in the installer for the Intel(R)
NOT-FOR-US: Intel
CVE-2021-33070
RESERVED
-CVE-2021-33069
- RESERVED
+CVE-2021-33069 (Improper resource shutdown or release in firmware for some Intel(R) SS ...)
NOT-FOR-US: Intel
CVE-2021-33068 (Null pointer dereference in subsystem for Intel(R) AMT before versions ...)
NOT-FOR-US: Intel
@@ -80623,8 +80682,8 @@ CVE-2021-26388 (Improper validation of the BIOS directory may allow for searches
TODO: check
CVE-2021-26387
RESERVED
-CVE-2021-26386
- RESERVED
+CVE-2021-26386 (A malicious or compromised UApp or ABL may be used by an attacker to i ...)
+ TODO: check
CVE-2021-26385
RESERVED
CVE-2021-26384
@@ -80657,24 +80716,24 @@ CVE-2021-26371
RESERVED
CVE-2021-26370 (Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INS ...)
TODO: check
-CVE-2021-26369
- RESERVED
-CVE-2021-26368
- RESERVED
+CVE-2021-26369 (A malicious or compromised UApp or ABL may be used by an attacker to s ...)
+ TODO: check
+CVE-2021-26368 (Insufficient check of the process type in Trusted OS (TOS) may allow a ...)
+ TODO: check
CVE-2021-26367
RESERVED
-CVE-2021-26366
- RESERVED
+CVE-2021-26366 (An attacker, who gained elevated privileges via some other vulnerabili ...)
+ TODO: check
CVE-2021-26365
RESERVED
CVE-2021-26364 (Insufficient bounds checking in an SMU mailbox register could allow an ...)
TODO: check
-CVE-2021-26363
- RESERVED
-CVE-2021-26362
- RESERVED
-CVE-2021-26361
- RESERVED
+CVE-2021-26363 (A malicious or compromised UApp or ABL could potentially change the va ...)
+ TODO: check
+CVE-2021-26362 (A malicious or compromised UApp or ABL may be used by an attacker to i ...)
+ TODO: check
+CVE-2021-26361 (A malicious or compromised User Application (UApp) or AGESA Boot Loade ...)
+ TODO: check
CVE-2021-26360
RESERVED
CVE-2021-26359
@@ -80693,8 +80752,8 @@ CVE-2021-26353 (Due to a mishandled error, it is possible to leave the DRTM UApp
TODO: check
CVE-2021-26352 (Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plu ...)
TODO: check
-CVE-2021-26351
- RESERVED
+CVE-2021-26351 (Insufficient DRAM address validation in System Management Unit (SMU) m ...)
+ TODO: check
CVE-2021-26350 (A TOCTOU race condition in SMU may allow for the caller to obtain and ...)
TODO: check
CVE-2021-26349 (Failure to assign a new report ID to an imported guest may potentially ...)
@@ -80728,7 +80787,7 @@ CVE-2021-26337 (Insufficient DRAM address validation in System Management Unit (
NOT-FOR-US: AMD
CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU) may cause ...)
NOT-FOR-US: AMD
-CVE-2021-26335 (Improper input and range checking in the Platform Security Processor ( ...)
+CVE-2021-26335 (Improper input and range checking in the AMD Secure Processor (ASP) bo ...)
NOT-FOR-US: AMD
CVE-2021-26334 (The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower ...)
NOT-FOR-US: AMD
@@ -80765,8 +80824,8 @@ CVE-2021-26319
CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...)
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017
TODO: check details and if mitigation in microcode/kernel exists
-CVE-2021-26317
- RESERVED
+CVE-2021-26317 (Failure to verify the protocol in SMM may allow an attacker to control ...)
+ TODO: check
CVE-2021-26316
RESERVED
CVE-2021-26315 (When the AMD Platform Security Processor (PSP) boot rom loads, authent ...)
@@ -90035,8 +90094,8 @@ CVE-2021-22533
RESERVED
CVE-2021-22532
RESERVED
-CVE-2021-22531
- RESERVED
+CVE-2021-22531 (A bug exist in the input parameter of Access Manager that allows suppl ...)
+ TODO: check
CVE-2021-22530
RESERVED
CVE-2021-22529
@@ -108914,24 +108973,19 @@ CVE-2021-0196 (Improper access control in kernel mode driver for some Intel(R) N
NOT-FOR-US: Intel
CVE-2021-0195
RESERVED
-CVE-2021-0194
- RESERVED
+CVE-2021-0194 (Improper access control in the Intel(R) In-Band Manageability software ...)
NOT-FOR-US: Intel
-CVE-2021-0193
- RESERVED
+CVE-2021-0193 (Improper authentication in the Intel(R) In-Band Manageability software ...)
NOT-FOR-US: Intel
CVE-2021-0192
RESERVED
CVE-2021-0191
RESERVED
-CVE-2021-0190
- RESERVED
+CVE-2021-0190 (Uncaught exception in the BIOS firmware for some Intel(R) Processors m ...)
NOT-FOR-US: Intel
-CVE-2021-0189
- RESERVED
+CVE-2021-0189 (Use of out-of-range pointer offset in the BIOS firmware for some Intel ...)
NOT-FOR-US: Intel
-CVE-2021-0188
- RESERVED
+CVE-2021-0188 (Return of pointer value outside of expected range in the BIOS firmware ...)
NOT-FOR-US: Intel
CVE-2021-0187
RESERVED
@@ -109069,8 +109123,7 @@ CVE-2021-0161 (Improper input validation in firmware for Intel(R) PROSet/Wireles
TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
CVE-2021-0160 (Uncontrolled search path in some Intel(R) NUC Pro Chassis Element Aver ...)
NOT-FOR-US: Intel
-CVE-2021-0159
- RESERVED
+CVE-2021-0159 (Improper input validation in the BIOS authenticated code module for so ...)
NOT-FOR-US: Intel
CVE-2021-0158 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
NOT-FOR-US: Intel
@@ -109078,14 +109131,11 @@ CVE-2021-0157 (Insufficient control flow management in the BIOS firmware for som
NOT-FOR-US: Intel
CVE-2021-0156 (Improper input validation in the firmware for some Intel(R) Processors ...)
NOT-FOR-US: Intel
-CVE-2021-0155
- RESERVED
+CVE-2021-0155 (Unchecked return value in the BIOS firmware for some Intel(R) Processo ...)
NOT-FOR-US: Intel
-CVE-2021-0154
- RESERVED
+CVE-2021-0154 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
NOT-FOR-US: Intel
-CVE-2021-0153
- RESERVED
+CVE-2021-0153 (Out-of-bounds write in the BIOS firmware for some Intel(R) Processors ...)
NOT-FOR-US: Intel
CVE-2021-0152 (Improper verification of cryptographic signature in the installer for ...)
NOT-FOR-US: Intel
@@ -109160,8 +109210,7 @@ CVE-2021-0127 (Insufficient control flow management in some Intel(R) Processors
[buster] - intel-microcode 3.20220207.1~deb10u1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
-CVE-2021-0126
- RESERVED
+CVE-2021-0126 (Improper input validation for the Intel(R) Manageability Commander bef ...)
NOT-FOR-US: Intel
CVE-2021-0125 (Improper initialization in the firmware for some Intel(R) Processors m ...)
NOT-FOR-US: Intel
@@ -143804,7 +143853,7 @@ CVE-2020-12953
REJECTED
CVE-2020-12952
REJECTED
-CVE-2020-12951 (Race condition in PSP FW could allow less privileged x86 code to perfo ...)
+CVE-2020-12951 (Race condition in ASP firmware could allow less privileged x86 code to ...)
NOT-FOR-US: AMD
CVE-2020-12950
REJECTED
@@ -143814,7 +143863,7 @@ CVE-2020-12948
REJECTED
CVE-2020-12947
REJECTED
-CVE-2020-12946 (Insufficient input validation in PSP firmware for discrete TPM command ...)
+CVE-2020-12946 (Insufficient input validation in ASP firmware for discrete TPM command ...)
NOT-FOR-US: AMD
CVE-2020-12945
REJECTED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38089891b8eca442c84999dd1f12b70c69cf8aa9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38089891b8eca442c84999dd1f12b70c69cf8aa9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220512/d6af2a5b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list