[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 15 08:10:31 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eb0c7653 by security tracker role at 2022-11-15T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2022-45435
+ RESERVED
+CVE-2022-45434
+ RESERVED
+CVE-2022-45433
+ RESERVED
+CVE-2022-45432
+ RESERVED
+CVE-2022-45431
+ RESERVED
+CVE-2022-45430
+ RESERVED
+CVE-2022-45429
+ RESERVED
+CVE-2022-45428
+ RESERVED
+CVE-2022-45427
+ RESERVED
+CVE-2022-45426
+ RESERVED
+CVE-2022-45425
+ RESERVED
+CVE-2022-45424
+ RESERVED
+CVE-2022-45423
+ RESERVED
+CVE-2022-45422
+ RESERVED
+CVE-2022-45122
+ RESERVED
+CVE-2022-45113
+ RESERVED
+CVE-2022-43660
+ RESERVED
+CVE-2022-3995
+ RESERVED
+CVE-2022-3994
+ RESERVED
CVE-2023-21518
RESERVED
CVE-2023-21517
@@ -1141,8 +1179,7 @@ CVE-2022-3905
RESERVED
CVE-2022-3904
RESERVED
-CVE-2022-3903 [An invalid pipe direction in the mceusb driver cause the kernel to DOS]
- RESERVED
+CVE-2022-3903 (An incorrect read request flaw was found in the Infrared Transceiver U ...)
- linux <unfixed>
CVE-2022-3902
RESERVED
@@ -3971,14 +4008,14 @@ CVE-2022-44392
RESERVED
CVE-2022-44391
RESERVED
-CVE-2022-44390
- RESERVED
-CVE-2022-44389
- RESERVED
+CVE-2022-44390 (A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 ...)
+ TODO: check
+CVE-2022-44389 (EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request ...)
+ TODO: check
CVE-2022-44388
RESERVED
-CVE-2022-44387
- RESERVED
+CVE-2022-44387 (EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request ...)
+ TODO: check
CVE-2022-44386
RESERVED
CVE-2022-44385
@@ -5373,10 +5410,10 @@ CVE-2022-43970
RESERVED
CVE-2022-43969
RESERVED
-CVE-2022-43968
- RESERVED
-CVE-2022-43967
- RESERVED
+CVE-2022-43968 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
+ TODO: check
+CVE-2022-43967 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
+ TODO: check
CVE-2022-43966
RESERVED
CVE-2022-43965
@@ -7283,26 +7320,26 @@ CVE-2022-43697
RESERVED
CVE-2022-43696
RESERVED
-CVE-2022-43695
- RESERVED
+CVE-2022-43695 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
+ TODO: check
CVE-2022-43694 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
NOT-FOR-US: Concrete CMS
CVE-2022-43693 (Concrete CMS is vulnerable to CSRF due to the lack of "State" paramete ...)
NOT-FOR-US: Concrete CMS
CVE-2022-43692 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
NOT-FOR-US: Concrete CMS
-CVE-2022-43691
- RESERVED
-CVE-2022-43690
- RESERVED
-CVE-2022-43689
- RESERVED
-CVE-2022-43688
- RESERVED
-CVE-2022-43687
- RESERVED
-CVE-2022-43686
- RESERVED
+CVE-2022-43691 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
+ TODO: check
+CVE-2022-43690 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
+ TODO: check
+CVE-2022-43689 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
+ TODO: check
+CVE-2022-43688 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
+ TODO: check
+CVE-2022-43687 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
+ TODO: check
+CVE-2022-43686 (In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 an ...)
+ TODO: check
CVE-2022-43685
RESERVED
CVE-2022-43684
@@ -8402,8 +8439,8 @@ CVE-2022-43325
RESERVED
CVE-2022-43324
RESERVED
-CVE-2022-43323
- RESERVED
+CVE-2022-43323 (EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request ...)
+ TODO: check
CVE-2022-43322
RESERVED
CVE-2022-43321 (Shopwind v3.4.3 was discovered to contain a reflected cross-site scrip ...)
@@ -8458,10 +8495,10 @@ CVE-2022-43297
RESERVED
CVE-2022-43296
RESERVED
-CVE-2022-43295
- RESERVED
-CVE-2022-43294
- RESERVED
+CVE-2022-43295 (XPDF v4.04 was discovered to contain a stack overflow via the function ...)
+ TODO: check
+CVE-2022-43294 (Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was dis ...)
+ TODO: check
CVE-2022-43293
RESERVED
CVE-2022-43292 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
@@ -8789,8 +8826,8 @@ CVE-2022-43148 (rtf2html v0.2.0 was discovered to contain a heap overflow in the
NOT-FOR-US: rtf2html
CVE-2022-43147
RESERVED
-CVE-2022-43146
- RESERVED
+CVE-2022-43146 (An arbitrary file upload vulnerability in the image upload function of ...)
+ TODO: check
CVE-2022-43145
RESERVED
CVE-2022-43144 (A cross-site scripting (XSS) vulnerability in Canteen Management Syste ...)
@@ -9045,8 +9082,8 @@ CVE-2022-43032 (An issue was discovered in Bento4 v1.6.0-639. There is a memory
NOT-FOR-US: Bento4
CVE-2022-43031 (DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery ...)
NOT-FOR-US: DedeCMS
-CVE-2022-43030
- RESERVED
+CVE-2022-43030 (Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) ...)
+ TODO: check
CVE-2022-43029 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...)
NOT-FOR-US: Tenda
CVE-2022-43028 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...)
@@ -9231,8 +9268,8 @@ CVE-2022-42986
RESERVED
CVE-2022-42985
RESERVED
-CVE-2022-42984
- RESERVED
+CVE-2022-42984 (WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL ...)
+ TODO: check
CVE-2022-42983 (anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login au ...)
NOT-FOR-US: anji-plus AJ-Report
CVE-2022-42982
@@ -9243,10 +9280,10 @@ CVE-2022-42980 (go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a pro
NOT-FOR-US: go-admin (aka GO Admin)
CVE-2022-42979
RESERVED
-CVE-2022-42978
- RESERVED
-CVE-2022-42977
- RESERVED
+CVE-2022-42978 (In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, ...)
+ TODO: check
+CVE-2022-42977 (The Netic User Export add-on before 1.3.5 for Atlassian Confluence has ...)
+ TODO: check
CVE-2022-42976
RESERVED
CVE-2022-42975 (socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin w ...)
@@ -11482,36 +11519,36 @@ CVE-2022-42134
RESERVED
CVE-2022-42133
RESERVED
-CVE-2022-42132
- RESERVED
-CVE-2022-42131
- RESERVED
-CVE-2022-42130
- RESERVED
-CVE-2022-42129
- RESERVED
-CVE-2022-42128
- RESERVED
-CVE-2022-42127
- RESERVED
-CVE-2022-42126
- RESERVED
-CVE-2022-42125
- RESERVED
-CVE-2022-42124
- RESERVED
-CVE-2022-42123
- RESERVED
-CVE-2022-42122
- RESERVED
-CVE-2022-42121
- RESERVED
-CVE-2022-42120
- RESERVED
-CVE-2022-42119
- RESERVED
-CVE-2022-42118
- RESERVED
+CVE-2022-42132 (The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4. ...)
+ TODO: check
+CVE-2022-42131 (Certain Liferay products are affected by: Missing SSL Certificate Vali ...)
+ TODO: check
+CVE-2022-42130 (The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3. ...)
+ TODO: check
+CVE-2022-42129 (An Insecure direct object reference (IDOR) vulnerability in the Dynami ...)
+ TODO: check
+CVE-2022-42128 (The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3. ...)
+ TODO: check
+CVE-2022-42127 (The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, an ...)
+ TODO: check
+CVE-2022-42126 (The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, a ...)
+ TODO: check
+CVE-2022-42125 (Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 thr ...)
+ TODO: check
+CVE-2022-42124 (ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Lifera ...)
+ TODO: check
+CVE-2022-42123 (A Zip slip vulnerability in the Elasticsearch Connector in Liferay Por ...)
+ TODO: check
+CVE-2022-42122 (A SQL injection vulnerability in the Friendly Url module in Liferay Po ...)
+ TODO: check
+CVE-2022-42121 (A SQL injection vulnerability in the Layout module in Liferay Portal 7 ...)
+ TODO: check
+CVE-2022-42120 (A SQL injection vulnerability in the Fragment module in Liferay Portal ...)
+ TODO: check
+CVE-2022-42119 (Certain Liferay products are vulnerable to Cross Site Scripting (XSS) ...)
+ TODO: check
+CVE-2022-42118 (A Cross-site scripting (XSS) vulnerability in the Portal Search module ...)
+ TODO: check
CVE-2022-42117 (A Cross-site scripting (XSS) vulnerability in the Frontend Taglib modu ...)
NOT-FOR-US: Frontend Taglib module in Liferay
CVE-2022-42116 (A Cross-site scripting (XSS) vulnerability in the Frontend Editor modu ...)
@@ -11524,10 +11561,10 @@ CVE-2022-42113 (A Cross-site scripting (XSS) vulnerability in Document Library m
NOT-FOR-US: module in Liferay
CVE-2022-42112 (A Cross-site scripting (XSS) vulnerability in the Portal Search module ...)
NOT-FOR-US: module in Liferay
-CVE-2022-42111
- RESERVED
-CVE-2022-42110
- RESERVED
+CVE-2022-42111 (A Cross-site scripting (XSS) vulnerability in the Sharing module's use ...)
+ TODO: check
+CVE-2022-42110 (A Cross-site scripting (XSS) vulnerability in the Announcements module ...)
+ TODO: check
CVE-2022-42109
RESERVED
CVE-2022-42108
@@ -11626,12 +11663,12 @@ CVE-2022-42062
RESERVED
CVE-2022-42061
RESERVED
-CVE-2022-42060
- RESERVED
+CVE-2022-42060 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...)
+ TODO: check
CVE-2022-42059
RESERVED
-CVE-2022-42058
- RESERVED
+CVE-2022-42058 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...)
+ TODO: check
CVE-2022-42057
RESERVED
CVE-2022-42056
@@ -11640,8 +11677,8 @@ CVE-2022-42055 (Multiple command injection vulnerabilities in GL.iNet GoodCloud
NOT-FOR-US: GL.iNet GoodCloud IoT Device Management System
CVE-2022-42054 (Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet ...)
NOT-FOR-US: GL.iNet GoodCloud IoT Device Management System
-CVE-2022-42053
- RESERVED
+CVE-2022-42053 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...)
+ TODO: check
CVE-2022-42052
RESERVED
CVE-2022-42051
@@ -11943,8 +11980,8 @@ CVE-2022-41915
RESERVED
CVE-2022-41914
RESERVED
-CVE-2022-41913
- RESERVED
+CVE-2022-41913 (Discourse-calendar is a plugin for the Discourse messaging platform wh ...)
+ TODO: check
CVE-2022-41912
RESERVED
CVE-2022-41911
@@ -12226,8 +12263,8 @@ CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub re
- rdiffweb <itp> (bug #969974)
CVE-2022-3363 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2 ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-3362
- RESERVED
+CVE-2022-3362 (Insufficient Session Expiration in GitHub repository ikus060/rdiffweb ...)
+ TODO: check
CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel th ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/all/20220904193115.GA28134@ubuntu/t/#u
@@ -13302,10 +13339,10 @@ CVE-2022-41398
RESERVED
CVE-2022-41397
RESERVED
-CVE-2022-41396
- RESERVED
-CVE-2022-41395
- RESERVED
+CVE-2022-41396 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...)
+ TODO: check
+CVE-2022-41395 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...)
+ TODO: check
CVE-2022-41394
RESERVED
CVE-2022-41393
@@ -14419,8 +14456,7 @@ CVE-2022-3239 (A flaw use after free in the Linux kernel video4linux driver was
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
NOTE: https://git.kernel.org/linus/c08eadca1bdfa099e20a32f8fa4b52b2f672236d (5.18-rc1)
-CVE-2022-3238
- RESERVED
+CVE-2022-3238 (A double-free flaw was found in the Linux kernel’s NTFS3 subsyst ...)
- linux <unfixed> (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -14528,8 +14564,8 @@ CVE-2022-40905
RESERVED
CVE-2022-40904
RESERVED
-CVE-2022-40903
- RESERVED
+CVE-2022-40903 (Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 d ...)
+ TODO: check
CVE-2022-40902
RESERVED
CVE-2022-40901
@@ -14640,16 +14676,16 @@ CVE-2022-40849
RESERVED
CVE-2022-40848
RESERVED
-CVE-2022-40847
- RESERVED
-CVE-2022-40846
- RESERVED
-CVE-2022-40845
- RESERVED
-CVE-2022-40844
- RESERVED
-CVE-2022-40843
- RESERVED
+CVE-2022-40847 (In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a ...)
+ TODO: check
+CVE-2022-40846 (In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross ...)
+ TODO: check
+CVE-2022-40845 (The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by ...)
+ TODO: check
+CVE-2022-40844 (In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15E ...)
+ TODO: check
+CVE-2022-40843 (The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to im ...)
+ TODO: check
CVE-2022-40842
RESERVED
CVE-2022-40841
@@ -14909,8 +14945,8 @@ CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer ov
NOT-FOR-US: Bento4
CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...)
NOT-FOR-US: Bento4
-CVE-2022-40735
- RESERVED
+CVE-2022-40735 (Using long exponents in the Diffie-Hellman Key Agreement Protocol allo ...)
+ TODO: check
CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 a ...)
NOT-FOR-US: Laravel Filemanager
CVE-2022-40733
@@ -15743,8 +15779,8 @@ CVE-2022-40407 (A zip slip vulnerability in the file upload function of Chamilo
NOT-FOR-US: Chamilo LMS
CVE-2022-40406
RESERVED
-CVE-2022-40405
- RESERVED
+CVE-2022-40405 (WoWonder Social Network Platform v4.1.2 was discovered to contain a SQ ...)
+ TODO: check
CVE-2022-40404 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
NOT-FOR-US: Wedding Planner
CVE-2022-40403 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
@@ -18077,8 +18113,8 @@ CVE-2022-39387 (XWiki OIDC has various tools to manipulate OpenID Connect protoc
NOT-FOR-US: XWiki
CVE-2022-39386 (@fastify/websocket provides WebSocket support for Fastify. Any applica ...)
NOT-FOR-US: @fastify/websocket
-CVE-2022-39385
- RESERVED
+CVE-2022-39385 (Discourse is the an open source discussion platform. In some rare case ...)
+ TODO: check
CVE-2022-39384 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
NOT-FOR-US: OpenZeppelin
CVE-2022-39383
@@ -21875,8 +21911,8 @@ CVE-2022-38169
RESERVED
CVE-2022-38168 (Broken Access Control in User Authentication in Avaya Scopia Pathfinde ...)
NOT-FOR-US: Avaya Scopia Pathfinder
-CVE-2022-38167
- RESERVED
+CVE-2022-38167 (The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. ...)
+ TODO: check
CVE-2022-38166
RESERVED
CVE-2022-38165
@@ -21985,7 +22021,7 @@ CVE-2022-33893
RESERVED
CVE-2022-2759 (Delta Electronics Delta Robot Automation Studio (DRAS) versions prior ...)
NOT-FOR-US: Delta Electronics
-CVE-2022-2758 (All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs ...)
+CVE-2022-2758 (Passwords are not adequately encrypted during the communication proces ...)
NOT-FOR-US: LS Industrial Systems (LSIS) Co. Ltd
CVE-2022-2757
RESERVED
@@ -22994,9 +23030,9 @@ CVE-2022-37683
RESERVED
CVE-2022-37682
RESERVED
-CVE-2022-37681 (Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below ...)
+CVE-2022-37681 (Hitachi Kokusai Electric Newtork products for monitoring system (Camer ...)
NOT-FOR-US: Hitachi Kokusai Electric Inc ISnex HC-IP9100HD
-CVE-2022-37680 (An access control issue in Hitachi Kokusai Electric Inc ISnex HC-IP910 ...)
+CVE-2022-37680 (An improper authentication for critical function issue in Hitachi Koku ...)
NOT-FOR-US: Hitachi
CVE-2022-37679 (Miniblog.Core v1.0 was discovered to contain a cross-site scripting (X ...)
NOT-FOR-US: Miniblog.Core
@@ -24545,8 +24581,8 @@ CVE-2022-37111 (BlueCMS 1.6 has SQL injection in line 132 of admin/article.php .
NOT-FOR-US: Bluecms
CVE-2022-37110
RESERVED
-CVE-2022-37109
- RESERVED
+CVE-2022-37109 (patrickfuller camp up to and including commit bbd53a256ed70e79bd875808 ...)
+ TODO: check
CVE-2022-37108 (An injection vulnerability in the syslog-ng configuration wizard in Se ...)
NOT-FOR-US: Securonix Snypr
CVE-2022-37107
@@ -28417,8 +28453,8 @@ CVE-2022-35615
RESERVED
CVE-2022-35614
RESERVED
-CVE-2022-35613
- RESERVED
+CVE-2022-35613 (Konker v2.3.9 was to discovered to contain a Cross-Site Request Forger ...)
+ TODO: check
CVE-2022-35612 (A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below ...)
NOT-FOR-US: MQTTRoute
CVE-2022-35611 (A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows ...)
@@ -32110,8 +32146,8 @@ CVE-2022-34327
RESERVED
CVE-2022-34326 (In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek R ...)
NOT-FOR-US: Realtek
-CVE-2022-34325
- RESERVED
+CVE-2022-34325 (DMA transactions which are targeted at input buffers used for the Stor ...)
+ TODO: check
CVE-2022-34324
RESERVED
CVE-2022-34323
@@ -32120,14 +32156,14 @@ CVE-2022-34322
RESERVED
CVE-2022-34321
RESERVED
-CVE-2022-34320
- RESERVED
+CVE-2022-34320 (IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms th ...)
+ TODO: check
CVE-2022-34319 (IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms th ...)
NOT-FOR-US: IBM
CVE-2022-34318 (IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking ...)
NOT-FOR-US: IBM
-CVE-2022-34317
- RESERVED
+CVE-2022-34317 (IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerabi ...)
+ TODO: check
CVE-2022-34316 (IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web sc ...)
NOT-FOR-US: IBM
CVE-2022-34315 (IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerabi ...)
@@ -32997,16 +33033,16 @@ CVE-2022-33987 (The got package before 12.1.0 (also fixed in 11.8.5) for Node.js
[buster] - node-got <no-dsa> (Minor issue)
NOTE: https://github.com/sindresorhus/got/pull/2047
NOTE: Fixed by: https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc (v12.1.0)
-CVE-2022-33986
- RESERVED
-CVE-2022-33985
- RESERVED
-CVE-2022-33984
- RESERVED
-CVE-2022-33983
- RESERVED
-CVE-2022-33982
- RESERVED
+CVE-2022-33986 (DMA attacks on the parameter buffer used by the VariableRuntimeDxe sof ...)
+ TODO: check
+CVE-2022-33985 (DMA transactions which are targeted at input buffers used for the NvmE ...)
+ TODO: check
+CVE-2022-33984 (DMA transactions which are targeted at input buffers used for the SdMm ...)
+ TODO: check
+CVE-2022-33983 (DMA transactions which are targeted at input buffers used for the NvmE ...)
+ TODO: check
+CVE-2022-33982 (DMA attacks on the parameter buffer used by the Int15ServiceSmm softwa ...)
+ TODO: check
CVE-2022-33976
RESERVED
CVE-2022-33973 (Improper access control in the Intel(R) WAPI Security software for Win ...)
@@ -33380,16 +33416,16 @@ CVE-2022-33911 (An issue was discovered in Couchbase Server 7.x before 7.0.4. Fi
NOT-FOR-US: Couchbase Server
CVE-2022-33910 (An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers ...)
- mantis <removed>
-CVE-2022-33909
- RESERVED
-CVE-2022-33908
- RESERVED
-CVE-2022-33907
- RESERVED
-CVE-2022-33906
- RESERVED
-CVE-2022-33905
- RESERVED
+CVE-2022-33909 (DMA transactions which are targeted at input buffers used for the HddP ...)
+ TODO: check
+CVE-2022-33908 (DMA transactions which are targeted at input buffers used for the SdHo ...)
+ TODO: check
+CVE-2022-33907 (DMA transactions which are targeted at input buffers used for the soft ...)
+ TODO: check
+CVE-2022-33906 (DMA transactions which are targeted at input buffers used for the FwBl ...)
+ TODO: check
+CVE-2022-33905 (DMA transactions which are targeted at input buffers used for the Ahci ...)
+ TODO: check
CVE-2022-33904
RESERVED
CVE-2022-33903 (Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging ...)
@@ -37368,10 +37404,10 @@ CVE-2022-32269 (In Real Player 20.0.8.310, the G2 Control allows injection of un
NOT-FOR-US: Real Player
CVE-2022-32268 (StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A fl ...)
NOT-FOR-US: StarWind SAN and NAS
-CVE-2022-32267
- RESERVED
-CVE-2022-32266
- RESERVED
+CVE-2022-32267 (DMA transactions which are targeted at input buffers used for the SmmR ...)
+ TODO: check
+CVE-2022-32266 (DMA attacks on the parameter buffer used by a software SMI handler use ...)
+ TODO: check
CVE-2022-32265 (qDecoder before 12.1.0 does not ensure that the percent character is f ...)
NOT-FOR-US: qDecoder
CVE-2022-32264 (** UNSUPPORTED WHEN ASSIGNED ** sys/netinet/tcp_timer.h in FreeBSD bef ...)
@@ -40453,8 +40489,8 @@ CVE-2022-31245 (mailcow before 2022-05d allows a remote authenticated user to in
NOT-FOR-US: mailcow
CVE-2022-31244
RESERVED
-CVE-2022-31243
- RESERVED
+CVE-2022-31243 (Update description and links DMA transactions which are targeted at in ...)
+ TODO: check
CVE-2022-31242
RESERVED
CVE-2022-31241
@@ -41958,10 +41994,10 @@ CVE-2022-30776 (atmail 6.5.0 allows XSS via the index.php/admin/index/ error par
- atmailopen <removed>
CVE-2022-30775 (xpdf 4.04 allocates excessive memory when presented with crafted input ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
-CVE-2022-30774
- RESERVED
-CVE-2022-30773
- RESERVED
+CVE-2022-30774 (DMA attacks on the parameter buffer used by the PnpSmm driver could ch ...)
+ TODO: check
+CVE-2022-30773 (DMA attacks on the parameter buffer used by the IhisiSmm driver could ...)
+ TODO: check
CVE-2022-30772
RESERVED
CVE-2022-30771
@@ -47801,8 +47837,8 @@ CVE-2022-28766
RESERVED
CVE-2022-28765
RESERVED
-CVE-2022-28764
- RESERVED
+CVE-2022-28764 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...)
+ TODO: check
CVE-2022-28763 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...)
NOT-FOR-US: Zoom
CVE-2022-28762 (Zoom Client for Meetings for macOS (Standard and for IT Admin) startin ...)
@@ -50523,8 +50559,8 @@ CVE-2022-27898
RESERVED
CVE-2022-27897
RESERVED
-CVE-2022-27896
- RESERVED
+CVE-2022-27896 (Information Exposure Through Log Files vulnerability discovered in Fou ...)
+ TODO: check
CVE-2022-27895
RESERVED
CVE-2022-27894 (The Foundry Blobster service was found to have a cross-site scripting ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb0c76535fb504845c4b7f9c16377b15cbd954f5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb0c76535fb504845c4b7f9c16377b15cbd954f5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221115/b34ce7a7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list