[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 10 08:10:22 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f00a0f47 by security tracker role at 2022-11-10T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2022-45134
+ RESERVED
+CVE-2022-45133
+ RESERVED
+CVE-2022-45132
+ RESERVED
+CVE-2022-45131
+ RESERVED
+CVE-2022-45130 (Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/command ...)
+ TODO: check
+CVE-2022-45129 (Payara before 2022-11-04, when deployed to the root context, allows at ...)
+ TODO: check
+CVE-2022-45128
+ RESERVED
+CVE-2022-45117
+ RESERVED
+CVE-2022-45114
+ RESERVED
+CVE-2022-45109
+ RESERVED
+CVE-2022-44612
+ RESERVED
+CVE-2022-44611
+ RESERVED
+CVE-2022-43505
+ RESERVED
+CVE-2022-43477
+ RESERVED
+CVE-2022-41808
+ RESERVED
+CVE-2022-41659
+ RESERVED
+CVE-2022-3921
+ RESERVED
+CVE-2022-3920
+ RESERVED
CVE-2022-45108
RESERVED
CVE-2022-45107
@@ -906,10 +942,10 @@ CVE-2022-44733 (Local privilege escalation due to insecure folder permissions. T
NOT-FOR-US: Acronis
CVE-2022-44732 (Local privilege escalation due to insecure folder permissions. The fol ...)
NOT-FOR-US: Acronis
-CVE-2022-3867
- RESERVED
-CVE-2022-3866
- RESERVED
+CVE-2022-3867 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream su ...)
+ TODO: check
+CVE-2022-3866 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identi ...)
+ TODO: check
CVE-2022-3865
RESERVED
CVE-2022-3864
@@ -2298,11 +2334,9 @@ CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in format_tim
NOTE: https://github.com/systemd/systemd-stable/commit/72d4c15a946d20143cd4c6783c802124bc894dc7 (v251.3)
CVE-2022-3820
RESERVED
-CVE-2022-3819
- RESERVED
+CVE-2022-3819 (An improper authorization issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
-CVE-2022-3818
- RESERVED
+CVE-2022-3818 (An uncontrolled resource consumption issue when parsing URLs in GitLab ...)
- gitlab <unfixed>
CVE-2022-3817 (A vulnerability has been found in Axiomatic Bento4 and classified as p ...)
NOT-FOR-US: Bento4
@@ -2448,8 +2482,8 @@ CVE-2022-44592
RESERVED
CVE-2022-44591
RESERVED
-CVE-2022-44590
- RESERVED
+CVE-2022-44590 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2022-44589
RESERVED
CVE-2022-44588
@@ -2538,8 +2572,7 @@ CVE-2022-3795
RESERVED
CVE-2022-3794
RESERVED
-CVE-2022-3793
- RESERVED
+CVE-2022-3793 (An improper authorization issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
CVE-2022-3792
RESERVED
@@ -2561,42 +2594,42 @@ CVE-2022-3786 (A buffer overrun can be triggered in X.509 certificate verificati
NOTE: https://www.openssl.org/news/secadv/20221101.txt
NOTE: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a (openssl-3.0.7)
-CVE-2022-44563
- RESERVED
-CVE-2022-44562
- RESERVED
-CVE-2022-44561
- RESERVED
-CVE-2022-44560
- RESERVED
-CVE-2022-44559
- RESERVED
-CVE-2022-44558
- RESERVED
-CVE-2022-44557
- RESERVED
+CVE-2022-44563 (There is a race condition vulnerability in SD upgrade mode. Successful ...)
+ TODO: check
+CVE-2022-44562 (The system framework layer has a vulnerability of serialization/deseri ...)
+ TODO: check
+CVE-2022-44561 (The preset launcher module has a permission verification vulnerability ...)
+ TODO: check
+CVE-2022-44560 (The launcher module has an Intent redirection vulnerability. Successfu ...)
+ TODO: check
+CVE-2022-44559 (The AMS module has a vulnerability of serialization/deserialization mi ...)
+ TODO: check
+CVE-2022-44558 (The AMS module has a vulnerability of serialization/deserialization mi ...)
+ TODO: check
+CVE-2022-44557 (The SmartTrimProcessEvent module has a vulnerability of obtaining the ...)
+ TODO: check
CVE-2022-44556 (Missing parameter type validation in the DRM module. Successful exploi ...)
NOT-FOR-US: Huawei
-CVE-2022-44555
- RESERVED
-CVE-2022-44554
- RESERVED
-CVE-2022-44553
- RESERVED
-CVE-2022-44552
- RESERVED
-CVE-2022-44551
- RESERVED
-CVE-2022-44550
- RESERVED
-CVE-2022-44549
- RESERVED
-CVE-2022-44548
- RESERVED
-CVE-2022-44547
- RESERVED
-CVE-2022-44546
- RESERVED
+CVE-2022-44555 (The DDMP/ODMF module has a service hijacking vulnerability. Successful ...)
+ TODO: check
+CVE-2022-44554 (The power module has a vulnerability in permission verification. Succe ...)
+ TODO: check
+CVE-2022-44553 (The HiView module has a vulnerability of not filtering third-party app ...)
+ TODO: check
+CVE-2022-44552 (The lock screen module has defects introduced in the design process. S ...)
+ TODO: check
+CVE-2022-44551 (The iaware module has a vulnerability in thread security. Successful e ...)
+ TODO: check
+CVE-2022-44550 (The graphics display module has a UAF vulnerability when traversing gr ...)
+ TODO: check
+CVE-2022-44549 (The LBS module has a vulnerability in geofencing API access. Successfu ...)
+ TODO: check
+CVE-2022-44548 (There is a vulnerability in permission verification during the Bluetoo ...)
+ TODO: check
+CVE-2022-44547 (The Display Service module has a UAF vulnerability. Successful exploit ...)
+ TODO: check
+CVE-2022-44546 (The kernel module has the vulnerability that the mapping is not cleare ...)
+ TODO: check
CVE-2022-44545
RESERVED
CVE-2022-44544 (Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04. ...)
@@ -2635,10 +2668,10 @@ CVE-2022-3782
RESERVED
CVE-2022-3781 (Dashlane password and Keepass Server password in My Account Settings a ...)
NOT-FOR-US: Devolutions Remote Desktop Manager
-CVE-2021-46852
- RESERVED
-CVE-2021-46851
- RESERVED
+CVE-2021-46852 (The memory management module has the logic bypass vulnerability. Succe ...)
+ TODO: check
+CVE-2021-46851 (The DRM module has a vulnerability in verifying the secure memory attr ...)
+ TODO: check
CVE-2022-44531
RESERVED
CVE-2022-44530
@@ -3264,8 +3297,8 @@ CVE-2022-44246
RESERVED
CVE-2022-44245
RESERVED
-CVE-2022-44244
- RESERVED
+CVE-2022-44244 (An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalat ...)
+ TODO: check
CVE-2022-44243
RESERVED
CVE-2022-44242
@@ -5661,8 +5694,7 @@ CVE-2022-43946
RESERVED
CVE-2022-3727
RESERVED
-CVE-2022-3726
- RESERVED
+CVE-2022-3726 (Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all ...)
- gitlab <unfixed>
CVE-2022-3725 (Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allow ...)
- wireshark 4.0.0-1
@@ -5746,8 +5778,7 @@ CVE-2022-3707
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137979
NOTE: https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/
-CVE-2022-3706
- RESERVED
+CVE-2022-3706 (Improper authorization in GitLab CE/EE affecting all versions from 7.1 ...)
- gitlab <unfixed>
CVE-2022-43932
RESERVED
@@ -7422,8 +7453,8 @@ CVE-2022-43312
RESERVED
CVE-2022-43311
RESERVED
-CVE-2022-43310
- RESERVED
+CVE-2022-43310 (An Uncontrolled Search Path Element in Foxit Software released Foxit R ...)
+ TODO: check
CVE-2022-43309
RESERVED
CVE-2022-43308
@@ -7959,8 +7990,8 @@ CVE-2022-43060
RESERVED
CVE-2022-43059
RESERVED
-CVE-2022-43058
- RESERVED
+CVE-2022-43058 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
+ TODO: check
CVE-2022-43057
RESERVED
CVE-2022-43056
@@ -8037,8 +8068,8 @@ CVE-2022-43033 (An issue was discovered in Bento4 1.6.0-639. There is a bad free
NOT-FOR-US: Bento4
CVE-2022-43032 (An issue was discovered in Bento4 v1.6.0-639. There is a memory leak i ...)
NOT-FOR-US: Bento4
-CVE-2022-43031
- RESERVED
+CVE-2022-43031 (DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery ...)
+ TODO: check
CVE-2022-43030
RESERVED
CVE-2022-43029 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...)
@@ -8310,12 +8341,12 @@ CVE-2022-42968 (Gitea before 1.17.3 does not sanitize and escape refs in the git
- gitea <removed>
CVE-2022-42967
RESERVED
-CVE-2022-42966
- RESERVED
-CVE-2022-42965
- RESERVED
-CVE-2022-42964
- RESERVED
+CVE-2022-42966 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
+ TODO: check
+CVE-2022-42965 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
+ TODO: check
+CVE-2022-42964 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
+ TODO: check
CVE-2022-3520
RESERVED
CVE-2022-3519 (A vulnerability classified as problematic was found in SourceCodester ...)
@@ -8575,15 +8606,13 @@ CVE-2022-3488
RESERVED
CVE-2022-3487
RESERVED
-CVE-2022-3486
- RESERVED
+CVE-2022-3486 (An open redirect vulnerability in GitLab EE/CE affecting all versions ...)
- gitlab <unfixed>
CVE-2022-3485
RESERVED
CVE-2022-3484
RESERVED
-CVE-2022-3483
- RESERVED
+CVE-2022-3483 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2022-3482
RESERVED
@@ -9713,8 +9742,7 @@ CVE-2022-3415
RESERVED
CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...)
NOT-FOR-US: SourceCodester Web-Based Student Clearance System
-CVE-2022-3413
- RESERVED
+CVE-2022-3413 (Incorrect authorization during display of Audit Events in GitLab EE af ...)
- gitlab <unfixed>
CVE-2022-3412
RESERVED
@@ -11010,8 +11038,8 @@ CVE-2022-41876
RESERVED
CVE-2022-41875
RESERVED
-CVE-2022-41874
- RESERVED
+CVE-2022-41874 (Tauri is a framework for building binaries for all major desktop platf ...)
+ TODO: check
CVE-2022-41873
RESERVED
CVE-2022-41872
@@ -12467,8 +12495,7 @@ CVE-2022-3287 (When creating an OPERATOR user account on the BMC, the redfish pl
NOTE: https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091 (1.8.5)
CVE-2022-3286 (Lack of IP address checking in GitLab EE affecting all versions from 1 ...)
- gitlab <not-affected> (Only affects Gitlab EE)
-CVE-2022-3285
- RESERVED
+CVE-2022-3285 (Bypass of healthcheck endpoint allow list affecting all versions from ...)
- gitlab <unfixed>
CVE-2022-3284
RESERVED
@@ -12501,8 +12528,7 @@ CVE-2022-41316 (HashiCorp Vault and Vault Enterprise’s TLS certificate aut
NOT-FOR-US: HashiCorp Vault and Vault Enterprise
CVE-2022-3281 (WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller ...)
NOT-FOR-US: WAGO
-CVE-2022-3280
- RESERVED
+CVE-2022-3280 (An open redirect in GitLab CE/EE affecting all versions from 10.1 prio ...)
- gitlab <unfixed>
CVE-2022-3279 (An unhandled exception in job log parsing in GitLab CE/EE affecting al ...)
- gitlab <unfixed>
@@ -12583,8 +12609,7 @@ CVE-2022-40691
RESERVED
CVE-2022-40214
RESERVED
-CVE-2022-3265
- RESERVED
+CVE-2022-3265 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
- gitlab <unfixed>
CVE-2022-3264
RESERVED
@@ -13013,94 +13038,94 @@ CVE-2022-41130
RESERVED
CVE-2022-41129
RESERVED
-CVE-2022-41128
- RESERVED
+CVE-2022-41128 (Windows Scripting Languages Remote Code Execution Vulnerability. This ...)
+ TODO: check
CVE-2022-41127
RESERVED
CVE-2022-41126
RESERVED
-CVE-2022-41125
- RESERVED
+CVE-2022-41125 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2022-41124
RESERVED
-CVE-2022-41123
- RESERVED
-CVE-2022-41122
- RESERVED
+CVE-2022-41123 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
+ TODO: check
+CVE-2022-41122 (Microsoft SharePoint Server Spoofing Vulnerability. ...)
+ TODO: check
CVE-2022-41121
RESERVED
-CVE-2022-41120
- RESERVED
-CVE-2022-41119
- RESERVED
-CVE-2022-41118
- RESERVED
+CVE-2022-41120 (Microsoft Windows Sysmon Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-41119 (Visual Studio Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-41118 (Windows Scripting Languages Remote Code Execution Vulnerability. This ...)
+ TODO: check
CVE-2022-41117
RESERVED
-CVE-2022-41116
- RESERVED
+CVE-2022-41116 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...)
+ TODO: check
CVE-2022-41115
RESERVED
-CVE-2022-41114
- RESERVED
-CVE-2022-41113
- RESERVED
+CVE-2022-41114 (Windows Bind Filter Driver Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-41113 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-41112
RESERVED
CVE-2022-41111
RESERVED
CVE-2022-41110
RESERVED
-CVE-2022-41109
- RESERVED
+CVE-2022-41109 (Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
CVE-2022-41108
RESERVED
-CVE-2022-41107
- RESERVED
-CVE-2022-41106
- RESERVED
-CVE-2022-41105
- RESERVED
-CVE-2022-41104
- RESERVED
-CVE-2022-41103
- RESERVED
-CVE-2022-41102
- RESERVED
-CVE-2022-41101
- RESERVED
-CVE-2022-41100
- RESERVED
-CVE-2022-41099
- RESERVED
-CVE-2022-41098
- RESERVED
-CVE-2022-41097
- RESERVED
-CVE-2022-41096
- RESERVED
-CVE-2022-41095
- RESERVED
+CVE-2022-41107 (Microsoft Office Graphics Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-41106 (Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-41105 (Microsoft Excel Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-41104 (Microsoft Excel Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-41103 (Microsoft Word Information Disclosure Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-41102 (Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ...)
+ TODO: check
+CVE-2022-41101 (Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ...)
+ TODO: check
+CVE-2022-41100 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...)
+ TODO: check
+CVE-2022-41099 (BitLocker Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-41098 (Windows GDI+ Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-41097 (Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vul ...)
+ TODO: check
+CVE-2022-41096 (Microsoft DWM Core Library Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-41095 (Windows Digital Media Receiver Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-41094
RESERVED
-CVE-2022-41093
- RESERVED
-CVE-2022-41092
- RESERVED
-CVE-2022-41091
- RESERVED
-CVE-2022-41090
- RESERVED
+CVE-2022-41093 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...)
+ TODO: check
+CVE-2022-41092 (Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-41091 (Windows Mark of the Web Security Feature Bypass Vulnerability. This CV ...)
+ TODO: check
+CVE-2022-41090 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...)
+ TODO: check
CVE-2022-41089
RESERVED
-CVE-2022-41088
- RESERVED
+CVE-2022-41088 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
+ TODO: check
CVE-2022-41087
RESERVED
-CVE-2022-41086
- RESERVED
-CVE-2022-41085
- RESERVED
+CVE-2022-41086 (Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-41085 (Azure CycleCloud Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-41084
RESERVED
CVE-2022-41083 (Visual Studio Code Elevation of Privilege Vulnerability. ...)
@@ -13109,12 +13134,12 @@ CVE-2022-41082 (Microsoft Exchange Server Remote Code Execution Vulnerability. .
NOT-FOR-US: Microsoft
CVE-2022-41081 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2022-41080
- RESERVED
-CVE-2022-41079
- RESERVED
-CVE-2022-41078
- RESERVED
+CVE-2022-41080 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
+ TODO: check
+CVE-2022-41079 (Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
+CVE-2022-41078 (Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
CVE-2022-41077
RESERVED
CVE-2022-41076
@@ -13123,8 +13148,8 @@ CVE-2022-41075
RESERVED
CVE-2022-41074
RESERVED
-CVE-2022-41073
- RESERVED
+CVE-2022-41073 (Windows Print Spooler Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-41072
RESERVED
CVE-2022-41071
@@ -13137,52 +13162,52 @@ CVE-2022-41068
RESERVED
CVE-2022-41067
RESERVED
-CVE-2022-41066
- RESERVED
+CVE-2022-41066 (Microsoft Business Central Information Disclosure Vulnerability. ...)
+ TODO: check
CVE-2022-41065
RESERVED
-CVE-2022-41064
- RESERVED
-CVE-2022-41063
- RESERVED
-CVE-2022-41062
- RESERVED
-CVE-2022-41061
- RESERVED
-CVE-2022-41060
- RESERVED
+CVE-2022-41064 (.NET Framework Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-41063 (Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-41062 (Microsoft SharePoint Server Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-41061 (Microsoft Word Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-41060 (Microsoft Word Information Disclosure Vulnerability. This CVE ID is un ...)
+ TODO: check
CVE-2022-41059
RESERVED
-CVE-2022-41058
- RESERVED
-CVE-2022-41057
- RESERVED
-CVE-2022-41056
- RESERVED
-CVE-2022-41055
- RESERVED
-CVE-2022-41054
- RESERVED
-CVE-2022-41053
- RESERVED
-CVE-2022-41052
- RESERVED
-CVE-2022-41051
- RESERVED
-CVE-2022-41050
- RESERVED
-CVE-2022-41049
- RESERVED
-CVE-2022-41048
- RESERVED
-CVE-2022-41047
- RESERVED
+CVE-2022-41058 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...)
+ TODO: check
+CVE-2022-41057 (Windows HTTP.sys Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-41056 (Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerab ...)
+ TODO: check
+CVE-2022-41055 (Windows Human Interface Device Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-41054 (Windows Resilient File System (ReFS) Elevation of Privilege Vulnerabil ...)
+ TODO: check
+CVE-2022-41053 (Windows Kerberos Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-41052 (Windows Graphics Component Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-41051 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-41050 (Windows Extensible File Allocation Table Elevation of Privilege Vulner ...)
+ TODO: check
+CVE-2022-41049 (Windows Mark of the Web Security Feature Bypass Vulnerability. This CV ...)
+ TODO: check
+CVE-2022-41048 (Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-41047 (Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
CVE-2022-41046
RESERVED
-CVE-2022-41045
- RESERVED
-CVE-2022-41044
- RESERVED
+CVE-2022-41045 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...)
+ TODO: check
+CVE-2022-41044 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
+ TODO: check
CVE-2022-41043 (Microsoft Office Information Disclosure Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-41042 (Visual Studio Code Information Disclosure Vulnerability. ...)
@@ -13191,8 +13216,8 @@ CVE-2022-41041
RESERVED
CVE-2022-41040 (Microsoft Exchange Server Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-41039
- RESERVED
+CVE-2022-41039 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
+ TODO: check
CVE-2022-41038 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
NOT-FOR-US: Microsoft
CVE-2022-41037 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
@@ -15926,36 +15951,36 @@ CVE-2022-39895
RESERVED
CVE-2022-39894
RESERVED
-CVE-2022-39893
- RESERVED
-CVE-2022-39892
- RESERVED
-CVE-2022-39891
- RESERVED
-CVE-2022-39890
- RESERVED
-CVE-2022-39889
- RESERVED
+CVE-2022-39893 (Sensitive information exposure vulnerability in FmmBaseModel in Galaxy ...)
+ TODO: check
+CVE-2022-39892 (Improper access control in Samsung Pass prior to version 4.0.05.1 allo ...)
+ TODO: check
+CVE-2022-39891 (Heap overflow vulnerability in parse_pce function in libsavsaudio.so i ...)
+ TODO: check
+CVE-2022-39890 (Improper Authorization in Samsung Billing prior to version 5.0.56.0 al ...)
+ TODO: check
+CVE-2022-39889 (Improper access control vulnerability in GalaxyWatch4Plugin prior to v ...)
+ TODO: check
CVE-2022-39888
RESERVED
-CVE-2022-39887
- RESERVED
-CVE-2022-39886
- RESERVED
-CVE-2022-39885
- RESERVED
-CVE-2022-39884
- RESERVED
-CVE-2022-39883
- RESERVED
-CVE-2022-39882
- RESERVED
-CVE-2022-39881
- RESERVED
-CVE-2022-39880
- RESERVED
-CVE-2022-39879
- RESERVED
+CVE-2022-39887 (Improper access control vulnerability in clearAllGlobalProxy in MiscPo ...)
+ TODO: check
+CVE-2022-39886 (Improper access control vulnerability in IpcRxServiceModeBigDataInfo i ...)
+ TODO: check
+CVE-2022-39885 (Improper access control vulnerability in BootCompletedReceiver_CMCC in ...)
+ TODO: check
+CVE-2022-39884 (Improper access control vulnerability in IImsService prior to SMR Nov- ...)
+ TODO: check
+CVE-2022-39883 (Improper authorization vulnerability in StorageManagerService prior to ...)
+ TODO: check
+CVE-2022-39882 (Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsm ...)
+ TODO: check
+CVE-2022-39881 (Improper input validation vulnerability for processing SIB12 PDU in Ex ...)
+ TODO: check
+CVE-2022-39880 (Improper input validation vulnerability in DualOutFocusViewer prior to ...)
+ TODO: check
+CVE-2022-39879 (Improper authorization vulnerability in?CallBGProvider prior to SMR No ...)
+ TODO: check
CVE-2022-39878 (Improper access control vulnerability in Samsung Checkout prior to ver ...)
NOT-FOR-US: Samsung
CVE-2022-39877 (Improper access control vulnerability in ProfileSharingAccount in Grou ...)
@@ -17026,12 +17051,12 @@ CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
- openjdk-17 17.0.5+8-1
[bullseye] - openjdk-17 <postponed> (Minor issue, fix along with next CPU)
-CVE-2022-39398
- RESERVED
+CVE-2022-39398 (tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2 ...)
+ TODO: check
CVE-2022-39397
RESERVED
-CVE-2022-39396
- RESERVED
+CVE-2022-39396 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
CVE-2022-39395
RESERVED
CVE-2022-39394
@@ -17042,7 +17067,8 @@ CVE-2022-39392
RESERVED
CVE-2022-39391
RESERVED
-CVE-2022-39390 (Octocat.js is a library used to render a set of options into an SVG. V ...)
+CVE-2022-39390
+ REJECTED
NOT-FOR-US: Octocat.js
CVE-2022-39389
RESERVED
@@ -17101,8 +17127,8 @@ CVE-2022-39369 (phpCAS is an authentication library that allows PHP applications
- php-cas 1.6.0-1 (bug #1023571)
NOTE: https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64
NOTE: Fixed by: https://github.com/apereo/phpCAS/commit/b759361d904a2cb2a3bcee9411fc348cfde5d163 (1.6.0)
-CVE-2022-39368
- RESERVED
+CVE-2022-39368 (Eclipse Californium is a Java implementation of RFC7252 - Constrained ...)
+ TODO: check
CVE-2022-39367 (QTIWorks is a software suite for standards-based assessment delivery. ...)
NOT-FOR-US: QTIWorks
CVE-2022-39366 (DataHub is an open-source metadata platform. Prior to version 0.8.45, ...)
@@ -17232,10 +17258,10 @@ CVE-2022-39309 (GoCD is a continuous delivery server. GoCD helps you automate an
NOT-FOR-US: GoCD
CVE-2022-39308 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...)
NOT-FOR-US: GoCD
-CVE-2022-39307
- RESERVED
-CVE-2022-39306
- RESERVED
+CVE-2022-39307 (Grafana is an open-source platform for monitoring and observability. W ...)
+ TODO: check
+CVE-2022-39306 (Grafana is an open-source platform for monitoring and observability. V ...)
+ TODO: check
CVE-2022-39305 (Gin-vue-admin is a backstage management system based on vue and gin, w ...)
NOT-FOR-US: Gin-vue-admin
CVE-2022-39304
@@ -18011,12 +18037,12 @@ CVE-2022-39040
RESERVED
CVE-2022-39039
RESERVED
-CVE-2022-39038
- RESERVED
-CVE-2022-39037
- RESERVED
-CVE-2022-39036
- RESERVED
+CVE-2022-39038 (Agentflow BPM enterprise management system has improper authentication ...)
+ TODO: check
+CVE-2022-39037 (Agentflow BPM file download function has a path traversal vulnerabilit ...)
+ TODO: check
+CVE-2022-39036 (The file upload function of Agentflow BPM has insufficient filtering f ...)
+ TODO: check
CVE-2022-39035 (Smart eVision has insufficient filtering for special characters in the ...)
NOT-FOR-US: Smart eVision
CVE-2022-39034 (Smart eVision has a path traversal vulnerability in the Report API fun ...)
@@ -20832,8 +20858,7 @@ CVE-2022-2763 (The WP Socializer WordPress plugin before 7.3 does not sanitise a
NOT-FOR-US: WordPress plugin
CVE-2022-2762 (The AdminPad WordPress plugin before 2.2 does not have CSRF check when ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2761
- RESERVED
+CVE-2022-2761 (An information disclosure issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
CVE-2022-2760 (In affected versions of Octopus Deploy it is possible to reveal the Sp ...)
NOT-FOR-US: Octopus Deploy
@@ -20920,14 +20945,14 @@ CVE-2022-38124
RESERVED
CVE-2022-38123
RESERVED
-CVE-2022-38122
- RESERVED
-CVE-2022-38121
- RESERVED
-CVE-2022-38120
- RESERVED
-CVE-2022-38119
- RESERVED
+CVE-2022-38122 (UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. A ...)
+ TODO: check
+CVE-2022-38121 (UPSMON PRO configuration file stores user password in plaintext under ...)
+ TODO: check
+CVE-2022-38120 (UPSMON PRO’s has a path traversal vulnerability. A remote attack ...)
+ TODO: check
+CVE-2022-38119 (UPSMON Pro login function has insufficient authentication. An unauthen ...)
+ TODO: check
CVE-2022-38118 (OAKlouds Portal website’s Meeting Room has insufficient validati ...)
NOT-FOR-US: OAKlouds
CVE-2022-38117 (Juiker app hard-coded its AES key in the source code. A physical attac ...)
@@ -21221,8 +21246,8 @@ CVE-2022-38025 (Windows Distributed File System (DFS) Information Disclosure Vul
NOT-FOR-US: Microsoft
CVE-2022-38024
RESERVED
-CVE-2022-38023
- RESERVED
+CVE-2022-38023 (Netlogon RPC Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-38022 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
NOT-FOR-US: Microsoft
CVE-2022-38021 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...)
@@ -21237,10 +21262,10 @@ CVE-2022-38017 (StorSimple 8000 Series Elevation of Privilege Vulnerability. ...
NOT-FOR-US: Microsoft
CVE-2022-38016 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...)
NOT-FOR-US: Microsoft
-CVE-2022-38015
- RESERVED
-CVE-2022-38014
- RESERVED
+CVE-2022-38015 (Windows Hyper-V Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-38014 (Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulne ...)
+ TODO: check
CVE-2022-38013 (.NET Core and Visual Studio Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-38012 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. ...)
@@ -21283,8 +21308,8 @@ CVE-2022-37994 (Windows Group Policy Preference Client Elevation of Privilege Vu
NOT-FOR-US: Microsoft
CVE-2022-37993 (Windows Group Policy Preference Client Elevation of Privilege Vulnerab ...)
NOT-FOR-US: Microsoft
-CVE-2022-37992
- RESERVED
+CVE-2022-37992 (Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
CVE-2022-37991 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
NOT-FOR-US: Microsoft
CVE-2022-37990 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
@@ -21333,10 +21358,10 @@ CVE-2022-37969 (Windows Common Log File System Driver Elevation of Privilege Vul
NOT-FOR-US: Microsoft
CVE-2022-37968 (Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vu ...)
NOT-FOR-US: Microsoft
-CVE-2022-37967
- RESERVED
-CVE-2022-37966
- RESERVED
+CVE-2022-37967 (Windows Kerberos Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-37966 (Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-37965 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...)
NOT-FOR-US: Microsoft
CVE-2022-37964 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
@@ -38077,16 +38102,16 @@ CVE-2022-31691 (Spring Tools 4 for Eclipse version 4.16.0 and below as well as V
TODO: check
CVE-2022-31690 (Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, ...)
TODO: check
-CVE-2022-31689
- RESERVED
-CVE-2022-31688
- RESERVED
-CVE-2022-31687
- RESERVED
-CVE-2022-31686
- RESERVED
-CVE-2022-31685
- RESERVED
+CVE-2022-31689 (VMware Workspace ONE Assist prior to 22.10 contains a Session fixation ...)
+ TODO: check
+CVE-2022-31688 (VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross- ...)
+ TODO: check
+CVE-2022-31687 (VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Co ...)
+ TODO: check
+CVE-2022-31686 (VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentic ...)
+ TODO: check
+CVE-2022-31685 (VMware Workspace ONE Assist prior to 22.10 contains an Authentication ...)
+ TODO: check
CVE-2022-31684 (Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log reques ...)
TODO: check
CVE-2022-31683
@@ -43648,8 +43673,8 @@ CVE-2022-29838
RESERVED
CVE-2022-29837
RESERVED
-CVE-2022-29836
- RESERVED
+CVE-2022-29836 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2022-29835 (WD Discovery software executable files were signed with an unsafe SHA- ...)
NOT-FOR-US: WD Discovery software
CVE-2022-29834 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -50101,10 +50126,10 @@ CVE-2022-27676
RESERVED
CVE-2022-27675
RESERVED
-CVE-2022-27674
- RESERVED
-CVE-2022-27673
- RESERVED
+CVE-2022-27674 (Insufficient validation in the IOCTL input/output buffer in AMD μ ...)
+ TODO: check
+CVE-2022-27673 (Insufficient access controls in the AMD Link Android app may potential ...)
+ TODO: check
CVE-2022-27672
RESERVED
CVE-2022-27671 (A CSRF token visible in the URL may possibly lead to information discl ...)
@@ -62177,8 +62202,8 @@ CVE-2022-23833 (An issue was discovered in MultiPartParser in Django 2.2 before
NOTE: https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a (2.2.27)
CVE-2022-23832
RESERVED
-CVE-2022-23831
- RESERVED
+CVE-2022-23831 (Insufficient validation of the IOCTL input buffer in AMD μProf ma ...)
+ TODO: check
CVE-2022-23830
RESERVED
CVE-2022-23829
@@ -62201,8 +62226,7 @@ CVE-2022-23825 (Aliases in the branch predictor may cause some AMD processors to
NOTE: Followup (which did not got a new CVE allocated by AMD):
NOTE: https://xenbits.xen.org/xsa/advisory-422.html
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1044
-CVE-2022-23824 [x86: Multiple speculative security issues]
- RESERVED
+CVE-2022-23824 (IBPB may not prevent return branch predictions from being specified by ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://xenbits.xen.org/xsa/advisory-422.html
@@ -91361,7 +91385,7 @@ CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to ve
NOT-FOR-US: IBM
CVE-2021-39078 (IBM Security Guardium 10.5 stores user credentials in plain clear text ...)
NOT-FOR-US: IBM
-CVE-2021-39077 ("IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 st ...)
+CVE-2021-39077 (IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 sto ...)
NOT-FOR-US: IBM
CVE-2021-39076 (IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptogr ...)
NOT-FOR-US: IBM
@@ -123508,12 +123532,12 @@ CVE-2021-26395
RESERVED
CVE-2021-26394
RESERVED
-CVE-2021-26393
- RESERVED
-CVE-2021-26392
- RESERVED
-CVE-2021-26391
- RESERVED
+CVE-2021-26393 (Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted ...)
+ TODO: check
+CVE-2021-26392 (Insufficient verification of missing size check in 'LoadModule' may le ...)
+ TODO: check
+CVE-2021-26391 (Insufficient verification of multiple header signatures while loading ...)
+ TODO: check
CVE-2021-26390 (A malicious or compromised UApp or ABL may coerce the bootloader into ...)
NOT-FOR-US: AMD
CVE-2021-26389
@@ -123574,8 +123598,8 @@ CVE-2021-26362 (A malicious or compromised UApp or ABL may be used by an attacke
NOT-FOR-US: AMD
CVE-2021-26361 (A malicious or compromised User Application (UApp) or AGESA Boot Loade ...)
NOT-FOR-US: AMD
-CVE-2021-26360
- RESERVED
+CVE-2021-26360 (An attacker with local access to the system can make unauthorized modi ...)
+ TODO: check
CVE-2021-26359
RESERVED
CVE-2021-26358
@@ -186812,10 +186836,10 @@ CVE-2020-12933 (A denial of service vulnerability exists in the D3DKMTEscape han
NOT-FOR-US: AMD ATIKMDAG.SYS
CVE-2020-12932
RESERVED
-CVE-2020-12931
- RESERVED
-CVE-2020-12930
- RESERVED
+CVE-2020-12931 (Improper parameters handling in the AMD Secure Processor (ASP) kernel ...)
+ TODO: check
+CVE-2020-12930 (Improper parameters handling in AMD Secure Processor (ASP) drivers may ...)
+ TODO: check
CVE-2020-12929 (Improper parameters validation in some trusted applications of the PSP ...)
NOT-FOR-US: AMD
CVE-2020-12928 (A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f00a0f4767ec40912258bc889ef8246d9fc4e6f2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f00a0f4767ec40912258bc889ef8246d9fc4e6f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221110/9db1f8e0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list