[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 21 21:10:28 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8c6c3d29 by security tracker role at 2022-10-21T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,110 +1,529 @@
-CVE-2022-43435
+CVE-2022-43607
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43434
+CVE-2022-43606
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43433
+CVE-2022-43605
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43432
+CVE-2022-43604
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43431
+CVE-2022-43603
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43430
+CVE-2022-43602
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43429
+CVE-2022-43601
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43428
+CVE-2022-43600
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43427
+CVE-2022-43599
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43426
+CVE-2022-43598
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43425
+CVE-2022-43597
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43424
+CVE-2022-43596
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43423
+CVE-2022-43595
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43422
+CVE-2022-43594
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43421
+CVE-2022-43593
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43420
+CVE-2022-43592
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43419
+CVE-2022-43591
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43418
+CVE-2022-43590
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43417
+CVE-2022-43589
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43416
+CVE-2022-43588
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43415
+CVE-2022-43587
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43414
+CVE-2022-43586
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43413
+CVE-2022-43585
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43412
+CVE-2022-43584
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43411
+CVE-2022-43583
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43410
+CVE-2022-43582
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43409
+CVE-2022-43581
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43408
+CVE-2022-43580
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43407
+CVE-2022-43579
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43406
+CVE-2022-43578
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43405
+CVE-2022-43577
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43404
+CVE-2022-43576
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43403
+CVE-2022-43575
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43402
+CVE-2022-43574
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43401
+CVE-2022-43573
RESERVED
- NOT-FOR-US: Jenkins plugin
-CVE-2022-43400
+CVE-2022-43572
+ RESERVED
+CVE-2022-43571
+ RESERVED
+CVE-2022-43570
+ RESERVED
+CVE-2022-43569
+ RESERVED
+CVE-2022-43568
+ RESERVED
+CVE-2022-43567
+ RESERVED
+CVE-2022-43566
+ RESERVED
+CVE-2022-43565
+ RESERVED
+CVE-2022-43564
+ RESERVED
+CVE-2022-43563
+ RESERVED
+CVE-2022-43562
+ RESERVED
+CVE-2022-43561
+ RESERVED
+CVE-2022-43560
+ RESERVED
+CVE-2022-43559
+ RESERVED
+CVE-2022-43558
+ RESERVED
+CVE-2022-43557
+ RESERVED
+CVE-2022-43556
+ RESERVED
+CVE-2022-43555
+ RESERVED
+CVE-2022-43554
+ RESERVED
+CVE-2022-43553
+ RESERVED
+CVE-2022-43552
+ RESERVED
+CVE-2022-43551
+ RESERVED
+CVE-2022-43550
+ RESERVED
+CVE-2022-43549
+ RESERVED
+CVE-2022-43548
+ RESERVED
+CVE-2022-43547
+ RESERVED
+CVE-2022-43546
+ RESERVED
+CVE-2022-43545
+ RESERVED
+CVE-2022-43542
+ RESERVED
+CVE-2022-43541
+ RESERVED
+CVE-2022-43540
+ RESERVED
+CVE-2022-43539
+ RESERVED
+CVE-2022-43538
+ RESERVED
+CVE-2022-43537
+ RESERVED
+CVE-2022-43536
+ RESERVED
+CVE-2022-43535
+ RESERVED
+CVE-2022-43534
+ RESERVED
+CVE-2022-43533
+ RESERVED
+CVE-2022-43532
+ RESERVED
+CVE-2022-43531
+ RESERVED
+CVE-2022-43530
+ RESERVED
+CVE-2022-43529
+ RESERVED
+CVE-2022-43528
+ RESERVED
+CVE-2022-43527
+ RESERVED
+CVE-2022-43526
+ RESERVED
+CVE-2022-43525
+ RESERVED
+CVE-2022-43524
+ RESERVED
+CVE-2022-43523
+ RESERVED
+CVE-2022-43522
+ RESERVED
+CVE-2022-43521
+ RESERVED
+CVE-2022-43520
+ RESERVED
+CVE-2022-43519
+ RESERVED
+CVE-2022-43518
+ RESERVED
+CVE-2022-43517
+ RESERVED
+CVE-2022-43516
+ RESERVED
+CVE-2022-43515
+ RESERVED
+CVE-2022-43514
+ RESERVED
+CVE-2022-43513
+ RESERVED
+CVE-2022-43499
+ RESERVED
+CVE-2022-43492
+ RESERVED
+CVE-2022-43491
+ RESERVED
+CVE-2022-43490
+ RESERVED
+CVE-2022-43488
+ RESERVED
+CVE-2022-43482
+ RESERVED
+CVE-2022-43481
+ RESERVED
+CVE-2022-43480
+ RESERVED
+CVE-2022-43479
+ RESERVED
+CVE-2022-43476
+ RESERVED
+CVE-2022-43472
+ RESERVED
+CVE-2022-43471
+ RESERVED
+CVE-2022-43469
+ RESERVED
+CVE-2022-43463
+ RESERVED
+CVE-2022-43462
+ RESERVED
+CVE-2022-43461
+ RESERVED
+CVE-2022-43459
+ RESERVED
+CVE-2022-43458
+ RESERVED
+CVE-2022-43453
+ RESERVED
+CVE-2022-43450
+ RESERVED
+CVE-2022-43445
+ RESERVED
+CVE-2022-43441
+ RESERVED
+CVE-2022-43439
+ RESERVED
+CVE-2022-43438
+ RESERVED
+CVE-2022-43437
+ RESERVED
+CVE-2022-43436
+ RESERVED
+CVE-2022-42888
+ RESERVED
+CVE-2022-42884
+ RESERVED
+CVE-2022-42883
+ RESERVED
+CVE-2022-42882
+ RESERVED
+CVE-2022-42880
+ RESERVED
+CVE-2022-42699
+ RESERVED
+CVE-2022-42698
+ RESERVED
+CVE-2022-42497
+ RESERVED
+CVE-2022-42494
+ RESERVED
+CVE-2022-42485
+ RESERVED
+CVE-2022-42479
+ RESERVED
+CVE-2022-42462
+ RESERVED
+CVE-2022-42461
+ RESERVED
+CVE-2022-42460
+ RESERVED
+CVE-2022-42459
+ RESERVED
+CVE-2022-41996
RESERVED
+CVE-2022-41995
+ RESERVED
+CVE-2022-41992
+ RESERVED
+CVE-2022-41990
+ RESERVED
+CVE-2022-41987
+ RESERVED
+CVE-2022-41980
+ RESERVED
+CVE-2022-41978
+ RESERVED
+CVE-2022-41840
+ RESERVED
+CVE-2022-41839
+ RESERVED
+CVE-2022-41831
+ RESERVED
+CVE-2022-41805
+ RESERVED
+CVE-2022-41791
+ RESERVED
+CVE-2022-41790
+ RESERVED
+CVE-2022-41788
+ RESERVED
+CVE-2022-41786
+ RESERVED
+CVE-2022-41785
+ RESERVED
+CVE-2022-41781
+ RESERVED
+CVE-2022-41698
+ RESERVED
+CVE-2022-41695
+ RESERVED
+CVE-2022-41692
+ RESERVED
+CVE-2022-41685
+ RESERVED
+CVE-2022-41652
+ RESERVED
+CVE-2022-41619
+ RESERVED
+CVE-2022-41554
+ RESERVED
+CVE-2022-40968
+ RESERVED
+CVE-2022-40963
+ RESERVED
+CVE-2022-40698
+ RESERVED
+CVE-2022-40695
+ RESERVED
+CVE-2022-40692
+ RESERVED
+CVE-2022-40687
+ RESERVED
+CVE-2022-40686
+ RESERVED
+CVE-2022-38971
+ RESERVED
+CVE-2022-38716
+ RESERVED
+CVE-2022-38702
+ RESERVED
+CVE-2022-38356
+ RESERVED
+CVE-2022-38075
+ RESERVED
+CVE-2022-3648
+ RESERVED
+CVE-2022-3647 (A vulnerability, which was classified as problematic, was found in Red ...)
+ TODO: check
+CVE-2022-3646 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-3645
+ RESERVED
+CVE-2022-3644
+ RESERVED
+CVE-2022-3643
+ RESERVED
+CVE-2022-3642 (A vulnerability classified as problematic has been found in Linux Kern ...)
+ TODO: check
+CVE-2022-3641
+ RESERVED
+CVE-2022-36401
+ RESERVED
+CVE-2022-3640 (A vulnerability, which was classified as critical, was found in Linux ...)
+ TODO: check
+CVE-2022-3639 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...)
+ TODO: check
+CVE-2022-3638 (A vulnerability was found in Nginx and classified as problematic. This ...)
+ TODO: check
+CVE-2022-3637 (A vulnerability has been found in Linux Kernel and classified as probl ...)
+ TODO: check
+CVE-2022-3636 (A vulnerability, which was classified as critical, was found in Linux ...)
+ TODO: check
+CVE-2022-3635 (A vulnerability, which was classified as critical, has been found in L ...)
+ TODO: check
+CVE-2022-3634
+ RESERVED
+CVE-2022-3633 (A vulnerability classified as problematic has been found in Linux Kern ...)
+ TODO: check
+CVE-2022-3632
+ RESERVED
+CVE-2022-3631
+ RESERVED
+CVE-2022-3630 (A vulnerability was found in Linux Kernel. It has been rated as proble ...)
+ TODO: check
+CVE-2022-3629 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
+ TODO: check
+CVE-2022-3628
+ RESERVED
+CVE-2022-3627 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...)
+ TODO: check
+CVE-2022-3626 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif ...)
+ TODO: check
+CVE-2022-3625 (A vulnerability was found in Linux Kernel. It has been classified as c ...)
+ TODO: check
+CVE-2022-3624 (A vulnerability was found in Linux Kernel and classified as problemati ...)
+ TODO: check
+CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
+ TODO: check
+CVE-2022-3622
+ RESERVED
+CVE-2022-3621 (A vulnerability was found in Linux Kernel. It has been classified as p ...)
+ TODO: check
+CVE-2022-3620 (A vulnerability was found in Exim and classified as problematic. This ...)
+ TODO: check
+CVE-2022-3619 (A vulnerability has been found in Linux Kernel and classified as probl ...)
+ TODO: check
+CVE-2022-3618
+ RESERVED
+CVE-2022-3617
+ RESERVED
+CVE-2022-3616
+ RESERVED
+CVE-2022-3615
+ RESERVED
+CVE-2022-3614
+ RESERVED
+CVE-2022-3613
+ RESERVED
+CVE-2022-3612
+ RESERVED
+CVE-2022-3611
+ RESERVED
+CVE-2022-3610
+ RESERVED
+CVE-2022-3609
+ RESERVED
+CVE-2022-3608 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
+CVE-2022-3607 (Failure to Sanitize Special Elements into a Different Plane (Special E ...)
+ TODO: check
+CVE-2022-3606 (A vulnerability was found in Linux Kernel. It has been classified as p ...)
+ TODO: check
+CVE-2022-3605
+ RESERVED
+CVE-2022-3604
+ RESERVED
+CVE-2022-3603
+ RESERVED
+CVE-2022-3602
+ RESERVED
+CVE-2022-3601
+ RESERVED
+CVE-2022-3600
+ RESERVED
+CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools ...)
+ TODO: check
+CVE-2022-3598 (LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifte ...)
+ TODO: check
+CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...)
+ TODO: check
+CVE-2021-46846
+ RESERVED
+CVE-2020-36607
+ RESERVED
+CVE-2016-20017 (D-Link DSL-2750B devices before 1.05 allow remote unauthenticated comm ...)
+ TODO: check
+CVE-2016-20016 (MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108 ...)
+ TODO: check
+CVE-2022-43435 (Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disable ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43434 (Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier progra ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43433 (Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disable ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43432 (Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically di ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43431 (Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43430 (Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does n ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43429 (Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implem ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43428 (Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implem ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43427 (Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does n ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43426 (Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SEC ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43425 (Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not esca ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43424 (Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier impl ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43423 (Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plug ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43422 (Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43421 (A missing permission check in Jenkins Tuleap Git Branch Source Plugin ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43420 (Jenkins Contrast Continuous Application Security Plugin 3.9 and earlie ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43419 (Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43418 (A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon P ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43417 (Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43416 (Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controll ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43415 (Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML pars ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43414 (Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controlle ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43413 (Jenkins Job Import Plugin 3.5 and earlier does not perform a permissio ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43412 (Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-c ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43411 (Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comp ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43410 (Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides inf ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43409 (Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earl ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43408 (Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctl ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43407 (Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier do ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43406 (A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43405 (A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries P ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43404 (A sandbox bypass vulnerability involving crafted constructor bodies an ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43403 (A sandbox bypass vulnerability involving casting an array-like value t ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43402 (A sandbox bypass vulnerability involving various casts performed impli ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43401 (A sandbox bypass vulnerability involving various casts performed impli ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-43400 (A vulnerability has been identified in Siveillance Video Mobile Server ...)
+ TODO: check
CVE-2022-3596
RESERVED
CVE-2022-3595 (A vulnerability was found in Linux Kernel. It has been rated as proble ...)
@@ -136,8 +555,7 @@ CVE-2022-3588
RESERVED
CVE-2022-3587 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...)
NOT-FOR-US: SourceCodester Simple Cold Storage Management System
-CVE-2022-3586
- RESERVED
+CVE-2022-3586 (A flaw was found in the Linux kernel’s networking code. A use-af ...)
- linux 5.19.11-1
[bullseye] - linux 5.10.148-1
[buster] - linux 4.19.260-1
@@ -158,14 +576,13 @@ CVE-2022-3579 (A vulnerability classified as critical was found in SourceCodeste
NOT-FOR-US: SourceCodester Cashier Queuing System
CVE-2022-3578
RESERVED
-CVE-2022-3577
- RESERVED
+CVE-2022-3577 (An out-of-bounds memory write flaw was found in the Linux kernel’ ...)
- linux 5.18.5-1
[bullseye] - linux 5.10.127-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fc4ef9d5724973193bfa5ebed181dba6de3a56db (5.19-rc1)
-CVE-2022-3576
- RESERVED
+CVE-2022-3576 (A vulnerability regarding out-of-bounds read is found in the session p ...)
+ TODO: check
CVE-2022-43395
RESERVED
CVE-2022-43394
@@ -216,8 +633,8 @@ CVE-2022-3572
RESERVED
CVE-2022-3571
RESERVED
-CVE-2022-3570
- RESERVED
+CVE-2022-3570 (Multiple heap buffer overflows in tiffcrop.c utility in libtiff librar ...)
+ TODO: check
CVE-2022-3569 (Due to an issue with incorrect sudo permissions, Zimbra Collaboration ...)
NOT-FOR-US: Zimbra
CVE-2022-3568
@@ -608,10 +1025,10 @@ CVE-2022-43187
RESERVED
CVE-2022-43186
RESERVED
-CVE-2022-43185
- RESERVED
-CVE-2022-43184
- RESERVED
+CVE-2022-43185 (A stored cross-site scripting (XSS) vulnerability in the Configuration ...)
+ TODO: check
+CVE-2022-43184 (D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command in ...)
+ TODO: check
CVE-2022-43183
RESERVED
CVE-2022-43182
@@ -888,70 +1305,70 @@ CVE-2022-43047
RESERVED
CVE-2022-43046
RESERVED
-CVE-2022-43045
- RESERVED
-CVE-2022-43044
- RESERVED
-CVE-2022-43043
- RESERVED
-CVE-2022-43042
- RESERVED
+CVE-2022-43045 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
+ TODO: check
+CVE-2022-43044 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
+ TODO: check
+CVE-2022-43043 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
+ TODO: check
+CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...)
+ TODO: check
CVE-2022-43041
RESERVED
-CVE-2022-43040
- RESERVED
-CVE-2022-43039
- RESERVED
-CVE-2022-43038
- RESERVED
-CVE-2022-43037
- RESERVED
+CVE-2022-43040 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...)
+ TODO: check
+CVE-2022-43039 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
+ TODO: check
+CVE-2022-43038 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...)
+ TODO: check
+CVE-2022-43037 (An issue was discovered in Bento4 1.6.0-639. There is a memory leak in ...)
+ TODO: check
CVE-2022-43036
RESERVED
-CVE-2022-43035
- RESERVED
-CVE-2022-43034
- RESERVED
-CVE-2022-43033
- RESERVED
-CVE-2022-43032
- RESERVED
+CVE-2022-43035 (An issue was discovered in Bento4 v1.6.0-639. There is a heap-buffer-o ...)
+ TODO: check
+CVE-2022-43034 (An issue was discovered in Bento4 v1.6.0-639. There is a heap buffer o ...)
+ TODO: check
+CVE-2022-43033 (An issue was discovered in Bento4 1.6.0-639. There is a bad free in th ...)
+ TODO: check
+CVE-2022-43032 (An issue was discovered in Bento4 v1.6.0-639. There is a memory leak i ...)
+ TODO: check
CVE-2022-43031
RESERVED
CVE-2022-43030
RESERVED
-CVE-2022-43029
- RESERVED
-CVE-2022-43028
- RESERVED
-CVE-2022-43027
- RESERVED
-CVE-2022-43026
- RESERVED
-CVE-2022-43025
- RESERVED
-CVE-2022-43024
- RESERVED
-CVE-2022-43023
- RESERVED
-CVE-2022-43022
- RESERVED
-CVE-2022-43021
- RESERVED
-CVE-2022-43020
- RESERVED
-CVE-2022-43019
- RESERVED
-CVE-2022-43018
- RESERVED
-CVE-2022-43017
- RESERVED
-CVE-2022-43016
- RESERVED
-CVE-2022-43015
- RESERVED
-CVE-2022-43014
- RESERVED
+CVE-2022-43029 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...)
+ TODO: check
+CVE-2022-43028 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...)
+ TODO: check
+CVE-2022-43027 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...)
+ TODO: check
+CVE-2022-43026 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...)
+ TODO: check
+CVE-2022-43025 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...)
+ TODO: check
+CVE-2022-43024 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...)
+ TODO: check
+CVE-2022-43023 (OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2022-43022 (OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2022-43021 (OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2022-43020 (OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2022-43019 (OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE ...)
+ TODO: check
+CVE-2022-43018 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...)
+ TODO: check
+CVE-2022-43017 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...)
+ TODO: check
+CVE-2022-43016 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...)
+ TODO: check
+CVE-2022-43015 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...)
+ TODO: check
+CVE-2022-43014 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...)
+ TODO: check
CVE-2022-43013
RESERVED
CVE-2022-43012
@@ -1028,7 +1445,7 @@ CVE-2022-3561
RESERVED
CVE-2022-3560
RESERVED
-CVE-2022-3559 (A vulnerability was found in Exim and classified as critical. This iss ...)
+CVE-2022-3559 (A vulnerability was found in Exim and classified as problematic. This ...)
- exim4 4.96-4
NOTE: https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2
CVE-2022-3558
@@ -1243,30 +1660,30 @@ CVE-2022-42946
RESERVED
CVE-2022-42945
RESERVED
-CVE-2022-42944
- RESERVED
-CVE-2022-42943
- RESERVED
-CVE-2022-42942
- RESERVED
-CVE-2022-42941
- RESERVED
-CVE-2022-42940
- RESERVED
-CVE-2022-42939
- RESERVED
-CVE-2022-42938
- RESERVED
-CVE-2022-42937
- RESERVED
-CVE-2022-42936
- RESERVED
-CVE-2022-42935
- RESERVED
-CVE-2022-42934
- RESERVED
-CVE-2022-42933
- RESERVED
+CVE-2022-42944 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...)
+ TODO: check
+CVE-2022-42943 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...)
+ TODO: check
+CVE-2022-42942 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...)
+ TODO: check
+CVE-2022-42941 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...)
+ TODO: check
+CVE-2022-42940 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...)
+ TODO: check
+CVE-2022-42939 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...)
+ TODO: check
+CVE-2022-42938 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...)
+ TODO: check
+CVE-2022-42937 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...)
+ TODO: check
+CVE-2022-42936 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...)
+ TODO: check
+CVE-2022-42935 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...)
+ TODO: check
+CVE-2022-42934 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...)
+ TODO: check
+CVE-2022-42933 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...)
+ TODO: check
CVE-2022-42932
RESERVED
{DSA-5259-1 DLA-3156-1}
@@ -2492,11 +2909,9 @@ CVE-2022-3419
RESERVED
CVE-2022-42468
RESERVED
-CVE-2022-42467
- RESERVED
+CVE-2022-42467 (When running in prototype mode, the h2 webconsole module (accessible f ...)
NOT-FOR-US: Apache Isis
-CVE-2022-42466
- RESERVED
+CVE-2022-42466 (Prior to 2.0.0-M9, it was possible for an end-user to set the value of ...)
NOT-FOR-US: Apache Isis
CVE-2022-42458
RESERVED
@@ -2762,8 +3177,8 @@ CVE-2022-42346
RESERVED
CVE-2022-42345
RESERVED
-CVE-2022-42344
- RESERVED
+CVE-2022-42344 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
+ TODO: check
CVE-2022-42343
RESERVED
CVE-2022-42342 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...)
@@ -3016,8 +3431,8 @@ CVE-2022-42235 (A Stored XSS issue in Student Clearance System v.1.0 allows the
NOT-FOR-US: Student Clearance System
CVE-2022-42234 (There is a file inclusion vulnerability in the template management mod ...)
NOT-FOR-US: UCMS
-CVE-2022-42233
- RESERVED
+CVE-2022-42233 (Tenda 11N with firmware version V5.07.33_cn suffers from an Authentica ...)
+ TODO: check
CVE-2022-42232 (Simple Cold Storage Management System v1.0 is vulnerable to SQL Inject ...)
NOT-FOR-US: Simple Cold Storage Management System
CVE-2022-42231
@@ -3028,8 +3443,8 @@ CVE-2022-42229 (Wedding Planner v1.0 is vulnerable to Arbitrary code execution v
NOT-FOR-US: Wedding Planner
CVE-2022-42228
RESERVED
-CVE-2022-42227
- RESERVED
+CVE-2022-42227 (jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/json ...)
+ TODO: check
CVE-2022-42226
RESERVED
CVE-2022-42225
@@ -3070,26 +3485,26 @@ CVE-2022-42208
RESERVED
CVE-2022-42207
RESERVED
-CVE-2022-42206
- RESERVED
-CVE-2022-42205
- RESERVED
+CVE-2022-42206 (PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cr ...)
+ TODO: check
+CVE-2022-42205 (PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cr ...)
+ TODO: check
CVE-2022-42204
RESERVED
CVE-2022-42203
RESERVED
CVE-2022-42202 (TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to ...)
NOT-FOR-US: TP-Link
-CVE-2022-42201
- RESERVED
-CVE-2022-42200
- RESERVED
-CVE-2022-42199
- RESERVED
-CVE-2022-42198
- RESERVED
-CVE-2022-42197
- RESERVED
+CVE-2022-42201 (Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure ...)
+ TODO: check
+CVE-2022-42200 (Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2022-42199 (Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Sit ...)
+ TODO: check
+CVE-2022-42198 (In Simple Exam Reviewer Management System v1.0 the User List function ...)
+ TODO: check
+CVE-2022-42197 (In Simple Exam Reviewer Management System v1.0 the User List function ...)
+ TODO: check
CVE-2022-42196
RESERVED
CVE-2022-42195
@@ -3104,8 +3519,8 @@ CVE-2022-42191
RESERVED
CVE-2022-42190
RESERVED
-CVE-2022-42189
- RESERVED
+CVE-2022-42189 (Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (R ...)
+ TODO: check
CVE-2022-42188 (In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path travers ...)
NOT-FOR-US: Lavalite CMS
CVE-2022-42187
@@ -3130,8 +3545,8 @@ CVE-2022-42178
RESERVED
CVE-2022-42177
RESERVED
-CVE-2022-42176
- RESERVED
+CVE-2022-42176 (In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in con ...)
+ TODO: check
CVE-2022-42175
RESERVED
CVE-2022-42174
@@ -3440,8 +3855,8 @@ CVE-2022-42023
RESERVED
CVE-2022-42022
RESERVED
-CVE-2022-42021
- RESERVED
+CVE-2022-42021 (Best Student Result Management System v1.0 is vulnerable to SQL Inject ...)
+ TODO: check
CVE-2022-42020
RESERVED
CVE-2022-42019
@@ -3529,8 +3944,8 @@ CVE-2022-3383
RESERVED
CVE-2022-3382 (HIWIN Robot System Software version 3.3.21.9869 does not properly addr ...)
NOT-FOR-US: HIWIN Robot System Software
-CVE-2022-41983
- RESERVED
+CVE-2022-41983 (On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1. ...)
+ TODO: check
CVE-2022-41976
RESERVED
CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Win ...)
@@ -3786,38 +4201,38 @@ CVE-2022-41852 (Those using JXPath to interpret untrusted XPath expressions may
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133
CVE-2022-41851 (A vulnerability has been identified in JTTK (All versions < V11.1.1 ...)
NOT-FOR-US: JTTK
-CVE-2022-41836
- RESERVED
-CVE-2022-41835
- RESERVED
-CVE-2022-41833
- RESERVED
-CVE-2022-41832
- RESERVED
-CVE-2022-41813
- RESERVED
-CVE-2022-41806
- RESERVED
+CVE-2022-41836 (When an 'Attack Signature False Positive Mode' enabled security policy ...)
+ TODO: check
+CVE-2022-41835 (In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0 ...)
+ TODO: check
+CVE-2022-41833 (In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::coll ...)
+ TODO: check
+CVE-2022-41832 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...)
+ TODO: check
+CVE-2022-41813 (In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x bef ...)
+ TODO: check
+CVE-2022-41806 (In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BI ...)
+ TODO: check
CVE-2022-41800
RESERVED
-CVE-2022-41787
- RESERVED
-CVE-2022-41780
- RESERVED
-CVE-2022-41770
- RESERVED
-CVE-2022-41694
- RESERVED
-CVE-2022-41691
- RESERVED
-CVE-2022-41624
- RESERVED
+CVE-2022-41787 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...)
+ TODO: check
+CVE-2022-41780 (In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0 ...)
+ TODO: check
+CVE-2022-41770 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...)
+ TODO: check
+CVE-2022-41694 (In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1. ...)
+ TODO: check
+CVE-2022-41691 (When a BIG-IP Advanced WAF/ASM security policy is configured on a virt ...)
+ TODO: check
+CVE-2022-41624 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15. ...)
+ TODO: check
CVE-2022-41622
RESERVED
-CVE-2022-41617
- RESERVED
-CVE-2022-36795
- RESERVED
+CVE-2022-41617 (In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x bef ...)
+ TODO: check
+CVE-2022-36795 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...)
+ TODO: check
CVE-2022-3381
RESERVED
CVE-2022-3380
@@ -4122,12 +4537,12 @@ CVE-2022-37410
RESERVED
CVE-2022-37409
RESERVED
-CVE-2022-41743
- RESERVED
-CVE-2022-41742
- RESERVED
-CVE-2022-41741
- RESERVED
+CVE-2022-41743 (NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in t ...)
+ TODO: check
+CVE-2022-41742 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...)
+ TODO: check
+CVE-2022-41741 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...)
+ TODO: check
CVE-2022-41740
RESERVED
CVE-2022-41739
@@ -4197,12 +4612,12 @@ CVE-2022-41711
RESERVED
CVE-2022-41710
RESERVED
-CVE-2022-41709
- RESERVED
-CVE-2022-41708
- RESERVED
-CVE-2022-41707
- RESERVED
+CVE-2022-41709 (Markdownify version 1.4.1 allows an external attacker to execute arbit ...)
+ TODO: check
+CVE-2022-41708 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...)
+ TODO: check
+CVE-2022-41707 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...)
+ TODO: check
CVE-2022-41706
RESERVED
CVE-2022-41705
@@ -4312,8 +4727,8 @@ CVE-2022-41643
RESERVED
CVE-2022-41640
RESERVED
-CVE-2022-41638
- RESERVED
+CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin < ...)
+ TODO: check
CVE-2022-41635
RESERVED
CVE-2022-41634
@@ -4399,8 +4814,8 @@ CVE-2022-41577 (The kernel server has a vulnerability of not verifying the lengt
NOT-FOR-US: Huawei
CVE-2022-41576 (The rphone module has a script that can be maliciously modified.Succes ...)
NOT-FOR-US: Huawei
-CVE-2022-41575
- RESERVED
+CVE-2022-41575 (A credential-exposure vulnerability in the support-bundle mechanism in ...)
+ TODO: check
CVE-2022-41574 (An access-control vulnerability in Gradle Enterprise 2022.4 through 20 ...)
NOT-FOR-US: Gradle Enterprise
CVE-2022-41573
@@ -4439,8 +4854,8 @@ CVE-2022-40697
RESERVED
CVE-2022-40694
RESERVED
-CVE-2022-40311
- RESERVED
+CVE-2022-40311 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analyt ...)
+ TODO: check
CVE-2022-40218
RESERVED
CVE-2022-40216
@@ -4571,8 +4986,8 @@ CVE-2022-38099
RESERVED
CVE-2022-3328
RESERVED
-CVE-2022-3327
- RESERVED
+CVE-2022-3327 (Missing Authentication for Critical Function in GitHub repository ikus ...)
+ TODO: check
CVE-2022-3326 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3325 (Improper access control in the GitLab CE/EE API affecting all versions ...)
@@ -4969,8 +5384,8 @@ CVE-2022-41417
RESERVED
CVE-2022-41416 (Online Tours & Travels Management System v1.0 was discovered to co ...)
NOT-FOR-US: Online Tours & Travels Management System
-CVE-2022-41415
- RESERVED
+CVE-2022-41415 (Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a sta ...)
+ TODO: check
CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled of Life ...)
NOT-FOR-US: Liferay
CVE-2022-41413
@@ -5084,8 +5499,8 @@ CVE-2022-41360
RESERVED
CVE-2022-41359
RESERVED
-CVE-2022-41358
- RESERVED
+CVE-2022-41358 (A stored cross-site scripting (XSS) vulnerability in Garage Management ...)
+ TODO: check
CVE-2022-41357
RESERVED
CVE-2022-41356
@@ -5303,10 +5718,10 @@ CVE-2022-3265
RESERVED
CVE-2022-3264
RESERVED
-CVE-2022-41310
- RESERVED
-CVE-2022-41309
- RESERVED
+CVE-2022-41310 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...)
+ TODO: check
+CVE-2022-41309 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...)
+ TODO: check
CVE-2022-41308 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
NOT-FOR-US: Autodesk
CVE-2022-41307 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
@@ -6254,10 +6669,10 @@ CVE-2022-40887 (SourceCodester Best Student Result Management System 1.0 is vuln
NOT-FOR-US: SourceCodester Best Student Result Management System
CVE-2022-40886 (DedeCMS 5.7.98 has a file upload vulnerability in the background. ...)
NOT-FOR-US: DedeCMS
-CVE-2022-40885
- RESERVED
-CVE-2022-40884
- RESERVED
+CVE-2022-40885 (Bento4 v1.6.0-639 has a memory allocation issue that can cause denial ...)
+ TODO: check
+CVE-2022-40884 (Bento4 1.6.0 has memory leaks via the mp4fragment. ...)
+ TODO: check
CVE-2022-40883
RESERVED
CVE-2022-40882
@@ -6428,8 +6843,8 @@ CVE-2022-40800
RESERVED
CVE-2022-40799
RESERVED
-CVE-2022-40798
- RESERVED
+CVE-2022-40798 (OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a req ...)
+ TODO: check
CVE-2022-40797
RESERVED
CVE-2022-40796
@@ -6733,8 +7148,8 @@ CVE-2022-38461
RESERVED
CVE-2022-38454 (Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Opt ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38104
- RESERVED
+CVE-2022-38104 (Auth. WordPress Options Change (siteurl, users_can_register, default_r ...)
+ TODO: check
CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38074
@@ -6884,8 +7299,8 @@ CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack' (NRDeleg
[buster] - unbound <no-dsa> (Minor issue)
NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt
NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/137719522a8ea5b380fbb6206d2466f402f5b554 (release-1.16.3)
-CVE-2022-3203
- RESERVED
+CVE-2022-3203 (On ORing net IAP-420(+) with FW version 2.0m a telnet server is enable ...)
+ TODO: check
CVE-2022-3202 (A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journal ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
@@ -8207,8 +8622,8 @@ CVE-2022-40086
RESERVED
CVE-2022-40085
RESERVED
-CVE-2022-40084
- RESERVED
+CVE-2022-40084 (OpenCRX before v5.2.2 was discovered to be vulnerable to password enum ...)
+ TODO: check
CVE-2022-40083 (Labstack Echo v4.8.0 was discovered to contain an open redirect vulner ...)
NOT-FOR-US: Labstack Echo
CVE-2022-40082 (Hertz v0.3.0 ws discovered to contain a path traversal vulnerability v ...)
@@ -8791,8 +9206,8 @@ CVE-2022-39825
RESERVED
CVE-2022-39824 (Server-side JavaScript injection in Appsmith through 1.7.14 allows rem ...)
NOT-FOR-US: Appsmith
-CVE-2022-39823
- RESERVED
+CVE-2022-39823 (An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x bef ...)
+ TODO: check
CVE-2022-39822
RESERVED
CVE-2022-39821 (In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an ...)
@@ -9904,8 +10319,8 @@ CVE-2022-39303 (Ree6 is a moderation bot. This vulnerability allows manipulation
NOT-FOR-US: Ree6
CVE-2022-39302 (Ree6 is a moderation bot. This vulnerability would allow other server ...)
NOT-FOR-US: Ree6
-CVE-2022-39301
- RESERVED
+CVE-2022-39301 (sra-admin is a background rights management system that separates the ...)
+ TODO: check
CVE-2022-39300 (node SAML is a SAML 2.0 library based on the SAML implementation of pa ...)
NOT-FOR-US: Node saml
CVE-2022-39299 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the ...)
@@ -9998,8 +10413,8 @@ CVE-2022-39269 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc
CVE-2022-39268 (### Impact In a CSRF attack, an innocent end user is tricked by an att ...)
NOT-FOR-US: orchest/orchest
-CVE-2022-39267
- RESERVED
+CVE-2022-39267 (Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB ...)
+ TODO: check
CVE-2022-39266 (isolated-vm is a library for nodejs which gives the user access to v8' ...)
NOT-FOR-US: isolated-vm
CVE-2022-39265 (MyBB is a free and open source forum software. The _Mail Settings_  ...)
@@ -10018,8 +10433,7 @@ CVE-2022-39261 (Twig is a template language for PHP. Versions 1.x prior to 1.44.
- twig <removed>
NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
NOTE: https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b (v1.44.7, v2.15.3, v3.4.3)
-CVE-2022-39260
- RESERVED
+CVE-2022-39260 (Git is an open source, scalable, distributed revision control system. ...)
- git <unfixed> (bug #1022046)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u
@@ -10041,8 +10455,7 @@ CVE-2022-39254 (matrix-nio is a Python Matrix client library, designed according
[bullseye] - python-matrix-nio <ignored> (Doesn't work with current Matrix servers, to be removed from stable)
NOTE: https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh
NOTE: https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0 (0.20.0)
-CVE-2022-39253
- RESERVED
+CVE-2022-39253 (Git is an open source, scalable, distributed revision control system. ...)
- git <unfixed> (bug #1022046)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u
@@ -10116,8 +10529,8 @@ CVE-2022-39235
RESERVED
CVE-2022-39234
RESERVED
-CVE-2022-39233
- RESERVED
+CVE-2022-39233 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
+ TODO: check
CVE-2022-39232 (Discourse is an open source discussion platform. Starting with version ...)
NOT-FOR-US: Discourse
CVE-2022-39231 (Parse Server is an open source backend that can be deployed to any inf ...)
@@ -13341,8 +13754,7 @@ CVE-2022-2807
RESERVED
CVE-2022-2806 (It was found that the ovirt-log-collector/sosreport collects the RHV a ...)
NOT-FOR-US: ovirt-log-collector
-CVE-2022-2805
- RESERVED
+CVE-2022-2805 (A flaw was found in ovirt-engine, which leads to the logging of plaint ...)
NOT-FOR-US: ovirt-engine
CVE-2022-2804 (A vulnerability was found in SourceCodester Zoo Management System. It ...)
NOT-FOR-US: SourceCodester Zoo Management System
@@ -13637,10 +14049,10 @@ CVE-2022-38110
RESERVED
CVE-2022-38109
RESERVED
-CVE-2022-38108
- RESERVED
-CVE-2022-38107
- RESERVED
+CVE-2022-38108 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
+ TODO: check
+CVE-2022-38107 (Sensitive information could be displayed when a detailed technical err ...)
+ TODO: check
CVE-2022-38106
RESERVED
CVE-2022-38093 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in O ...)
@@ -14415,7 +14827,7 @@ CVE-2022-37768 (libjpeg commit 281daa9 was discovered to contain an infinite loo
NOTE: https://github.com/thorfdbg/libjpeg/issues/77
NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
NOTE: Hang in CLI tool, no security impact
-CVE-2022-37767 (Pebble Templates 3.1.5 allows attackers to bypass a protection mechani ...)
+CVE-2022-37767 (** DISPUTED ** Pebble Templates 3.1.5 allows attackers to bypass a pro ...)
NOT-FOR-US: Pebble Templates
CVE-2022-37766
RESERVED
@@ -14766,8 +15178,8 @@ CVE-2022-37600
RESERVED
CVE-2022-37599 (A Regular expression denial of service (ReDoS) flaw was found in Funct ...)
NOT-FOR-US: loader-utils
-CVE-2022-37598
- RESERVED
+CVE-2022-37598 (Prototype pollution vulnerability in function DEFNODE in ast.js in mis ...)
+ TODO: check
CVE-2022-37597
RESERVED
CVE-2022-37596
@@ -15054,12 +15466,11 @@ CVE-2022-37456
RESERVED
CVE-2022-37455
RESERVED
-CVE-2022-37454 [SHA-3 Buffer Overflow]
- RESERVED
+CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...)
NOTE: https://mouha.be/sha-3-buffer-overflow/
TODO: check affected packages
-CVE-2022-37453
- RESERVED
+CVE-2022-37453 (An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffe ...)
+ TODO: check
CVE-2022-2708 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester Gym Management System
CVE-2022-2707 (A vulnerability classified as critical was found in SourceCodester Onl ...)
@@ -15721,8 +16132,8 @@ CVE-2022-2593 (The Better Search Replace WordPress plugin before 1.4.1 does not
NOT-FOR-US: WordPress plugin
CVE-2022-37299 (An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal ...)
NOT-FOR-US: Shirne CMS
-CVE-2022-37298
- RESERVED
+CVE-2022-37298 (Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnera ...)
+ TODO: check
CVE-2022-37297
RESERVED
CVE-2022-37296
@@ -16554,8 +16965,8 @@ CVE-2022-36968 (In Progress WS_FTP Server prior to version 8.7.3, forms within t
NOT-FOR-US: Progress WS_FTP Server
CVE-2022-36967 (In Progress WS_FTP Server prior to version 8.7.3, multiple reflected c ...)
NOT-FOR-US: Progress WS_FTP Server
-CVE-2022-36966
- RESERVED
+CVE-2022-36966 (Users with Node Management rights were able to view and edit all nodes ...)
+ TODO: check
CVE-2022-36965 (Insufficient sanitization of inputs in QoE application input field cou ...)
NOT-FOR-US: Solarwinds
CVE-2022-36964
@@ -16570,10 +16981,10 @@ CVE-2022-36960
RESERVED
CVE-2022-36959
RESERVED
-CVE-2022-36958
- RESERVED
-CVE-2022-36957
- RESERVED
+CVE-2022-36958 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
+ TODO: check
+CVE-2022-36957 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
+ TODO: check
CVE-2022-36956 (In Veritas NetBackup, the NetBackup Client allows arbitrary command ex ...)
NOT-FOR-US: Veritas
CVE-2022-36955 (In Veritas NetBackup, an attacker with unprivileged local access to a ...)
@@ -18713,8 +19124,8 @@ CVE-2022-36123 (The Linux kernel before 5.18.13 lacks a certain clear operation
[buster] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md
NOTE: https://sick.codes/sick-2022-128
-CVE-2022-36122
- RESERVED
+CVE-2022-36122 (The Automox Agent before 40 on Windows incorrectly sets permissions on ...)
+ TODO: check
CVE-2022-36121 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...)
NOT-FOR-US: Blue Prism Enterprise
CVE-2022-36120 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...)
@@ -19389,8 +19800,8 @@ CVE-2022-35862
RESERVED
CVE-2022-35861 (pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a ...)
- pyenv <itp> (bug #978149)
-CVE-2022-35860
- RESERVED
+CVE-2022-35860 (Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically ...)
+ TODO: check
CVE-2022-35859
RESERVED
CVE-2022-35858 (The TEE_PopulateTransientObject and __utee_from_attr functions in Sams ...)
@@ -23383,12 +23794,12 @@ CVE-2022-34441
RESERVED
CVE-2022-34440
RESERVED
-CVE-2022-34439
- RESERVED
-CVE-2022-34438
- RESERVED
-CVE-2022-34437
- RESERVED
+CVE-2022-34439 (Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of ...)
+ TODO: check
+CVE-2022-34438 (Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege con ...)
+ TODO: check
+CVE-2022-34437 (Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command inj ...)
+ TODO: check
CVE-2022-34436
RESERVED
CVE-2022-34435
@@ -26729,8 +27140,8 @@ CVE-2022-33079
RESERVED
CVE-2022-33078
RESERVED
-CVE-2022-33077
- RESERVED
+CVE-2022-33077 (An access control issue in nopcommerce v4.50.2 allows attackers to arb ...)
+ TODO: check
CVE-2022-33076
RESERVED
CVE-2022-33075 (A stored cross-site scripting (XSS) vulnerability in the Add Classific ...)
@@ -26962,8 +27373,8 @@ CVE-2022-2071 (The Name Directory WordPress plugin before 1.25.4 does not have C
NOT-FOR-US: WordPress plugin
CVE-2022-2070 (In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to over ...)
NOT-FOR-US: Grandstream
-CVE-2022-2069
- RESERVED
+CVE-2022-2069 (The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcent ...)
+ TODO: check
CVE-2022-2068 (In addition to the c_rehash shell command injection identified in CVE- ...)
{DSA-5169-1}
- openssl 3.0.4-1
@@ -29146,7 +29557,7 @@ CVE-2022-32203
CVE-2022-1971 (The NextCellent Gallery WordPress plugin through 1.9.35 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1970
- RESERVED
+ REJECTED
NOT-FOR-US: Keycloak
CVE-2022-1969 (The Mobile browser color select plugin for WordPress is vulnerable to ...)
NOT-FOR-US: Mobile browser color select plugin for WordPress
@@ -30655,8 +31066,8 @@ CVE-2022-31686
RESERVED
CVE-2022-31685
RESERVED
-CVE-2022-31684
- RESERVED
+CVE-2022-31684 (Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log reques ...)
+ TODO: check
CVE-2022-31683
RESERVED
CVE-2022-31682 (VMware Aria Operations contains an arbitrary file read vulnerability. ...)
@@ -31636,8 +32047,8 @@ CVE-2022-31368
RESERVED
CVE-2022-31367 (Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attribute ...)
NOT-FOR-US: Strapi
-CVE-2022-31366
- RESERVED
+CVE-2022-31366 (An arbitrary file upload vulnerability in the apiImportLabs function i ...)
+ TODO: check
CVE-2022-31365
RESERVED
CVE-2022-31364
@@ -31993,8 +32404,8 @@ CVE-2022-1802
NOTE: https://www.zerodayinitiative.com/blog/2022/8/17/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-1
CVE-2020-36522
RESERVED
-CVE-2022-31239
- RESERVED
+CVE-2022-31239 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...)
+ TODO: check
CVE-2022-31238 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...)
NOT-FOR-US: Dell
CVE-2022-31237 (Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and ...)
@@ -32896,8 +33307,8 @@ CVE-2022-1740 (The tested version of Dominion Voting Systems ImageCast X’s
NOT-FOR-US: Dominion
CVE-2022-1739 (The tested version of Dominion Voting Systems ImageCast X does not val ...)
NOT-FOR-US: Dominion
-CVE-2022-1738
- RESERVED
+CVE-2022-1738 (Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an ou ...)
+ TODO: check
CVE-2022-1737 (Pyramid Solutions' affected products, the Developer and DLL kits for E ...)
NOT-FOR-US: Pyramid Solutions
CVE-2013-10001 (A vulnerability was found in HTC One/Sense 4.x. It has been rated as p ...)
@@ -36101,8 +36512,8 @@ CVE-2022-1525 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3
NOT-FOR-US: Cognex 3D-A1000 Dimensioning System
CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A malicio ...)
NOT-FOR-US: LRM
-CVE-2022-1523
- RESERVED
+CVE-2022-1523 (Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a wri ...)
+ TODO: check
CVE-2022-1522 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (335 ...)
NOT-FOR-US: Cognex 3D-A1000 Dimensioning System
CVE-2022-1521 (LRM does not implement authentication or authorization by default. A m ...)
@@ -37230,8 +37641,8 @@ CVE-2022-1416 (Missing sanitization of data in Pipeline error messages in GitLab
- gitlab <unfixed>
CVE-2022-1415
RESERVED
-CVE-2022-1414
- RESERVED
+CVE-2022-1414 (3scale API Management 2 does not perform adequate sanitation for user ...)
+ TODO: check
CVE-2022-1413 (Missing input masking in GitLab CE/EE affecting all versions starting ...)
- gitlab <unfixed>
CVE-2022-1412 (The Log WP_Mail WordPress plugin through 0.1 saves sent email in a pub ...)
@@ -41548,7 +41959,7 @@ CVE-2022-28113 (An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.
NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
CVE-2022-28112
RESERVED
-CVE-2022-28111 (MyBatis PageHelper v1.x.x-v5.x.x was discovered to contain a time-blin ...)
+CVE-2022-28111 (MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was disco ...)
NOT-FOR-US: MyBatis PageHelper
CVE-2022-28110 (Hotel Management System v1.0 was discovered to contain a SQL injection ...)
NOT-FOR-US: Hotel Management System
@@ -42176,18 +42587,18 @@ CVE-2022-1073 (A vulnerability was found in Automatic Question Paper Generator 1
NOT-FOR-US: Automatic Question Paper Generator
CVE-2022-1072
REJECTED
-CVE-2022-27494
- RESERVED
-CVE-2022-26423
- RESERVED
+CVE-2022-27494 (Aethon TUG Home Base Server versions prior to version 24 are affected ...)
+ TODO: check
+CVE-2022-26423 (Aethon TUG Home Base Server versions prior to version 24 are affected ...)
+ TODO: check
CVE-2022-1071 (User after free in mrb_vm_exec in GitHub repository mruby/mruby prior ...)
- mruby <unfixed> (bug #1014968)
[bullseye] - mruby <no-dsa> (Minor issue)
[buster] - mruby <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/6597ece9-07af-415b-809b-919ce0a17cf3
NOTE: https://github.com/mruby/mruby/commit/aaa28a508903041dd7399d4159a8ace9766b022f
-CVE-2022-1070
- RESERVED
+CVE-2022-1070 (Aethon TUG Home Base Server versions prior to version 24 are affected ...)
+ TODO: check
CVE-2022-1069 (A crafted HTTP packet with a large content-length header can create a ...)
NOT-FOR-US: Softing Industrial Automation
CVE-2022-1068 (Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to ...)
@@ -42234,8 +42645,8 @@ CVE-2022-27845 (Authenticated (admin or higher user role) Stored Cross-Site Scri
NOT-FOR-US: WordPress plugin
CVE-2022-27844 (Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, S ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1066
- RESERVED
+CVE-2022-1066 (Aethon TUG Home Base Server versions prior to version 24 are affected ...)
+ TODO: check
CVE-2022-1065 (A vulnerability within the authentication process of Abacus ERP allows ...)
NOT-FOR-US: Abacus ERP
CVE-2022-1064 (SQL injection through marking blog comments on bulk as spam in GitHub ...)
@@ -42673,8 +43084,8 @@ CVE-2022-27668 (Depending on the configuration of the route permission table in
NOT-FOR-US: SAP
CVE-2022-27667 (Under certain conditions, SAP BusinessObjects Business Intelligence pl ...)
NOT-FOR-US: SAP
-CVE-2022-1059
- RESERVED
+CVE-2022-1059 (Aethon TUG Home Base Server versions prior to version 24 are affected ...)
+ TODO: check
CVE-2022-1058 (Open Redirect on login in GitHub repository go-gitea/gitea prior to 1. ...)
- gitea <removed>
CVE-2022-1057 (The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 do ...)
@@ -42825,12 +43236,12 @@ CVE-2022-1041 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulner
NOT-FOR-US: Zyphyr
CVE-2022-27635
RESERVED
-CVE-2022-27626
- RESERVED
-CVE-2022-27625
- RESERVED
-CVE-2022-27624
- RESERVED
+CVE-2022-27626 (A vulnerability regarding concurrent execution using shared resource w ...)
+ TODO: check
+CVE-2022-27625 (A vulnerability regarding improper restriction of operations within th ...)
+ TODO: check
+CVE-2022-27624 (A vulnerability regarding improper restriction of operations within th ...)
+ TODO: check
CVE-2022-27623
RESERVED
CVE-2022-27622
@@ -44788,8 +45199,8 @@ CVE-2022-26955
RESERVED
CVE-2022-0937 (Stored xss in showdoc through file upload in GitHub repository star7th ...)
NOT-FOR-US: ShowDoc
-CVE-2022-26954
- RESERVED
+CVE-2022-26954 (Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.5 ...)
+ TODO: check
CVE-2022-26953 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflo ...)
NOT-FOR-US: Digi Passport Firmware
CVE-2022-26952 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflo ...)
@@ -44985,8 +45396,8 @@ CVE-2022-26872
RESERVED
CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex Central cou ...)
NOT-FOR-US: Trend Micro
-CVE-2022-26870
- RESERVED
+CVE-2022-26870 (Dell PowerStore versions 2.1.0.x contain an Authentication bypass vuln ...)
+ TODO: check
CVE-2022-26869 (Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open ...)
NOT-FOR-US: Dell
CVE-2022-26868 (Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnera ...)
@@ -48136,10 +48547,10 @@ CVE-2022-25751 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V
NOT-FOR-US: Siemens SCALANCE
CVE-2022-25750 (Memory corruption in BTHOST due to double free while music playback an ...)
NOT-FOR-US: Qualcomm
-CVE-2022-25749
- RESERVED
-CVE-2022-25748
- RESERVED
+CVE-2022-25749 (Transient Denial-of-Service in WLAN due to buffer over-read while pars ...)
+ TODO: check
+CVE-2022-25748 (Memory corruption in WLAN due to integer overflow to buffer overflow w ...)
+ TODO: check
CVE-2022-25747
RESERVED
CVE-2022-25746
@@ -48162,8 +48573,8 @@ CVE-2022-25738
RESERVED
CVE-2022-25737
RESERVED
-CVE-2022-25736
- RESERVED
+CVE-2022-25736 (Denial of service in WLAN due to out-of-bound read happens while proce ...)
+ TODO: check
CVE-2022-25735
RESERVED
CVE-2022-25734
@@ -48194,12 +48605,12 @@ CVE-2022-25722
RESERVED
CVE-2022-25721
RESERVED
-CVE-2022-25720
- RESERVED
-CVE-2022-25719
- RESERVED
-CVE-2022-25718
- RESERVED
+CVE-2022-25720 (Memory corruption in WLAN due to out of bound array access during conn ...)
+ TODO: check
+CVE-2022-25719 (Information disclosure in WLAN due to improper length check while proc ...)
+ TODO: check
+CVE-2022-25718 (Cryptographic issue in WLAN due to improper check on return value whil ...)
+ TODO: check
CVE-2022-25717
RESERVED
CVE-2022-25716
@@ -48260,8 +48671,8 @@ CVE-2022-25689
RESERVED
CVE-2022-25688 (Memory corruption in video due to buffer overflow while parsing ps vid ...)
NOT-FOR-US: Qualcomm
-CVE-2022-25687
- RESERVED
+CVE-2022-25687 (memory corruption in video due to buffer overflow while parsing asf cl ...)
+ TODO: check
CVE-2022-25686 (Memory corruption in video module due to buffer overflow while process ...)
NOT-FOR-US: Qualcomm
CVE-2022-25685
@@ -48302,8 +48713,8 @@ CVE-2022-25668 (Memory corruption in video driver due to double free while parsi
NOT-FOR-US: Snapdragon
CVE-2022-25667
RESERVED
-CVE-2022-25666
- RESERVED
+CVE-2022-25666 (Memory corruption due to use after free in service while trying to acc ...)
+ TODO: check
CVE-2022-25665 (Information disclosure due to buffer over read in kernel in Snapdragon ...)
NOT-FOR-US: Snapdragon
CVE-2022-25664 (Information disclosure due to exposure of information while GPU reads ...)
@@ -55088,8 +55499,8 @@ CVE-2022-23736
RESERVED
CVE-2022-23735
RESERVED
-CVE-2022-23734
- RESERVED
+CVE-2022-23734 (A deserialization of untrusted data vulnerability was identified in Gi ...)
+ TODO: check
CVE-2022-23733 (A stored XSS vulnerability was identified in GitHub Enterprise Server ...)
NOT-FOR-US: Github Enterprise Server
CVE-2022-23732 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
@@ -56226,7 +56637,7 @@ CVE-2021-46388
REJECTED
CVE-2021-46387 (ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross S ...)
NOT-FOR-US: ZyXEL
-CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File U ...)
+CVE-2021-46386 (File upload vulnerability in mingSoft MCMS through 5.2.5, allows remot ...)
NOT-FOR-US: MCMS
CVE-2021-46385 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...)
NOT-FOR-US: MCMS
@@ -56687,8 +57098,8 @@ CVE-2022-23243
RESERVED
CVE-2022-23242 (TeamViewer Linux versions before 15.28 do not properly execute a delet ...)
NOT-FOR-US: TeamViewer
-CVE-2022-23241
- RESERVED
+CVE-2022-23241 (Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock co ...)
+ TODO: check
CVE-2022-23240
RESERVED
CVE-2022-23239
@@ -73707,8 +74118,8 @@ CVE-2022-0001 (Non-transparent sharing of branch predictor selectors between con
NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
NOTE: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/technical-documentation/branch-history-injection.html
-CVE-2021-42553
- RESERVED
+CVE-2021-42553 (A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectro ...)
+ TODO: check
CVE-2021-42552 (Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient al ...)
NOT-FOR-US: ArchivistaBox
CVE-2021-42551 (Cross-site Scripting (XSS) vulnerability in the search functionality o ...)
@@ -74177,7 +74588,7 @@ CVE-2022-20426
CVE-2022-20425 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...)
NOT-FOR-US: Android
CVE-2022-20424
- RESERVED
+ REJECTED
CVE-2022-20423 (In rndis_set_response of rndis.c, there is a possible out of bounds wr ...)
- linux 5.16.18-1
[bullseye] - linux 5.10.113-1
@@ -98265,8 +98676,8 @@ CVE-2021-33233
RESERVED
CVE-2021-33232
RESERVED
-CVE-2021-33231
- RESERVED
+CVE-2021-33231 (Cross Site Scripting (XSS) vulnerability in New equipment page in Easy ...)
+ TODO: check
CVE-2021-33230
RESERVED
CVE-2021-33229
@@ -154492,8 +154903,8 @@ CVE-2020-23650
RESERVED
CVE-2020-23649
RESERVED
-CVE-2020-23648
- RESERVED
+CVE-2020-23648 (Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulne ...)
+ TODO: check
CVE-2020-23647
RESERVED
CVE-2020-23646
@@ -179889,8 +180300,8 @@ CVE-2020-12746 (An issue was discovered on Samsung mobile devices with O(8.X), P
NOT-FOR-US: Samsung mobile devices
CVE-2020-12745 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
NOT-FOR-US: Samsung mobile devices
-CVE-2020-12744
- RESERVED
+CVE-2020-12744 (The MSI installer in Verint Desktop Resources 15.2 allows an unprivile ...)
+ TODO: check
CVE-2020-12743 (An issue was discovered in Gazie 7.32. A successful installation does ...)
NOT-FOR-US: Gazie
CVE-2020-12742 (The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does ...)
@@ -190390,8 +190801,8 @@ CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online ins
NOT-FOR-US: Fortiguard
CVE-2020-9286 (An improper authorization vulnerability in FortiADC may allow a remote ...)
NOT-FOR-US: Fortiguard
-CVE-2020-9285
- RESERVED
+CVE-2020-9285 (Some versions of Sonos One (1st and 2nd generation) allow partial or f ...)
+ TODO: check
CVE-2020-9284
RESERVED
CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...)
@@ -200313,8 +200724,8 @@ CVE-2020-5357 (Dell Dock Firmware Update Utilities for Dell Client Consumer and
NOT-FOR-US: Dell
CVE-2020-5356 (Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell ...)
NOT-FOR-US: Dell
-CVE-2020-5355
- RESERVED
+CVE-2020-5355 (The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improper ...)
+ TODO: check
CVE-2020-5354
RESERVED
CVE-2020-5353 (The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...)
@@ -466328,8 +466739,8 @@ CVE-2013-4282 (Stack-based buffer overflow in the reds_handle_ticket function in
{DSA-2839-1}
- spice 0.12.4-0nocelt2 (bug #728314)
NOTE: http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2
-CVE-2013-4281
- RESERVED
+CVE-2013-4281 (In Red Hat Openshift 1, weak default permissions are applied to the /e ...)
+ TODO: check
CVE-2013-4280 (Insecure temporary file vulnerability in RedHat vsdm 4.9.6. ...)
- vdsm <itp> (bug #668538)
CVE-2013-4279 (imapsync 1.564 and earlier performs a release check by default, which ...)
@@ -466413,8 +466824,8 @@ CVE-2013-4254 (The validate_event function in arch/arm/kernel/perf_event.c in th
- linux 3.10.11-1
[wheezy] - linux 3.2.51-1
- linux-2.6 <not-affected> (No perf support on arm)
-CVE-2013-4253
- RESERVED
+CVE-2013-4253 (The deployment script in the unsupported "OpenShift Extras" set of add ...)
+ TODO: check
CVE-2013-4252
REJECTED
CVE-2013-4251 (The scipy.weave component in SciPy before 0.12.1 creates insecure temp ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c6c3d290544b79531795714469159a6b5a26180
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c6c3d290544b79531795714469159a6b5a26180
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221021/4b9b71ad/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list