[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Apr 30 09:12:51 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fea605be by security tracker role at 2023-04-30T08:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2023-2429 (Improper Access Control in GitHub repository thorsten/phpmyfaq prior t ...)
+ TODO: check
+CVE-2023-2428 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
+CVE-2023-2426 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
+ TODO: check
CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates when con ...)
- libgitlab-api-v4-perl <unfixed> (bug #954051)
[bullseye] - libgitlab-api-v4-perl <no-dsa> (Minor issue)
@@ -1236,6 +1242,7 @@ CVE-2023-2196
CVE-2023-2195
RESERVED
CVE-2023-2194 (An out-of-bounds write vulnerability was found in the Linux kernel's S ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.25-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/92fbb6d1296f81f41f65effd7f5f8c0f74943d15 (6.3-rc4)
@@ -1528,6 +1535,7 @@ CVE-2023-2164
CVE-2023-2163
RESERVED
CVE-2023-2162 (A use-after-free vulnerability was found in iscsi_sw_tcp_session_creat ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.11-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3 (6.2-rc6)
@@ -1814,6 +1822,7 @@ CVE-2023-2078
CVE-2021-46880 (x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 er ...)
- libressl <itp> (bug #754513)
CVE-2023-30772 (The Linux kernel before 6.2.9 has a race condition and resultant use-a ...)
+ {DLA-3403-1}
- linux 6.1.25-1 (unimportant)
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/06615d11cc78162dfd5116efb71f29eb29502d37 (6.3-rc4)
@@ -2637,6 +2646,7 @@ CVE-2023-30502
CVE-2023-30501
RESERVED
CVE-2023-1998 (The Linux kernel allows userspace processes to enable mitigations by c ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/6921ed9049bc7457f66c1596c5b78aec0dae4a9d (6.3-rc1)
@@ -2728,12 +2738,14 @@ CVE-2023-30471
CVE-2023-30470
RESERVED
CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/n ...)
+ {DLA-3403-1}
- linux 6.1.25-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/5000fe6c27827a61d8250a7e4a1d26c3298ef4f6 (6.3-rc3)
NOTE: STMicroelectronics ST NCI NFC driver (NFC_ST_NCI_I2C, NFC_ST_NCI_SPI) not
NOTE: enabled in Debian
CVE-2023-1989 (A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\ ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.25-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/1e9ac114c4428fdb7ff4635b45d4f46017e8916f (6.3-rc4)
@@ -2820,6 +2832,7 @@ CVE-2023-30458 (A username enumeration issue was discovered in Medicine Tracker
CVE-2023-30457
RESERVED
CVE-2023-30456 (An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kern ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.25-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/112e66017bff7f2837030f34c2bc19501e9212d5 (6.3-rc3)
@@ -5352,6 +5365,7 @@ CVE-2023-1874 (The WP Data Access plugin for WordPress is vulnerable to privileg
CVE-2023-1873 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Faturamatik Bircard
CVE-2023-1872 (A use-after-free vulnerability in the Linux Kernel io_uring system can ...)
+ {DLA-3404-1}
- linux 5.17.3-1
[bullseye] - linux 5.10.178-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -5635,6 +5649,7 @@ CVE-2023-1860 (A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It
NOT-FOR-US: Keysight IXIA Hawkeye
CVE-2023-1859
RESERVED
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.25-1
[bullseye] - linux 5.10.178-1
NOTE: https://lore.kernel.org/all/20230313090002.3308025-1-zyytlz.wz@163.com/
@@ -5645,6 +5660,7 @@ CVE-2023-1857 (A vulnerability was found in SourceCodester Online Computer and L
CVE-2023-1856 (A vulnerability has been found in SourceCodester Air Cargo Management ...)
NOT-FOR-US: SourceCodester Air Cargo Management System
CVE-2023-1855 (A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.20-2
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/cb090e64cf25602b9adaf32d5dfc9c8bec493cd1 (6.3-rc3)
@@ -5770,6 +5786,7 @@ CVE-2023-1831 (Mattermost fails to redact from audit logsthe user password durin
CVE-2023-1830
RESERVED
CVE-2023-1829 (A use-after-free vulnerability in the Linux Kernel traffic control ind ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/11/3
@@ -6798,6 +6815,7 @@ CVE-2023-1672
CVE-2023-1671 (A pre-auth command injection vulnerability in the warn-proceed handler ...)
NOT-FOR-US: Sophos
CVE-2023-1670 (A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-car ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.20-2
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/e8d20c3ded59a092532513c9bd030d1ea66f5f44
@@ -7357,6 +7375,7 @@ CVE-2023-1613 (A vulnerability has been found in Rebuild up to 3.2.3 and classif
CVE-2023-1612 (A vulnerability, which was classified as critical, was found in Rebuil ...)
NOT-FOR-US: Rebuild
CVE-2023-1611 (A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree ...)
+ {DLA-3404-1}
- linux 6.1.25-1
[bullseye] - linux 5.10.178-1
NOTE: https://lore.kernel.org/linux-btrfs/35b9a70650ea947387cf352914a8774b4f7e8a6f.1679481128.git.fdmanana@suse.com/
@@ -7909,6 +7928,7 @@ CVE-2023-1515 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
CVE-2023-1514
RESERVED
CVE-2023-1513 (A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.15-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/2c10b61421a28e95a46ab489fd56c0f442ff6952 (6.2)
@@ -8517,6 +8537,7 @@ CVE-2019-25127
CVE-2019-25126
RESERVED
CVE-2023-28466 (do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6. ...)
+ {DLA-3404-1}
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
[buster] - linux <ignored> (Minor issue; CONFIG_TLS not enabled in Debian)
@@ -8923,6 +8944,7 @@ CVE-2023-28330 (Insufficient sanitizing in backup resulted in an arbitrary file
CVE-2023-28329 (Insufficient validation of profile field availability condition result ...)
- moodle <removed>
CVE-2023-28328 (A NULL pointer dereference flaw was found in the az6027 driver in driv ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/0ed554fd769a19ea8464bb83e9ac201002ef74ad (6.2-rc1)
@@ -10128,6 +10150,7 @@ CVE-2023-1283 (Code Injection in GitHub repository builderio/qwik prior to 0.21.
CVE-2023-1282 (The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard W ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1281 (Use After Free vulnerability in Linux kernel traffic control index fil ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.15-1
[bullseye] - linux 5.10.178-1
NOTE: https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2
@@ -11911,6 +11934,7 @@ CVE-2023-1120 (The Simple Giveaways WordPress plugin before 2.45.1 does not sani
CVE-2023-1119
RESERVED
CVE-2023-1118 (A flaw use after free in the Linux kernel integrated infrared receiver ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/29b0589a865b6f66d141d79b2dd1373e4e50fe17
@@ -12278,20 +12302,24 @@ CVE-2023-27264 (A missing permissions check in Mattermost Playbooks in Mattermos
CVE-2023-27263 (A missing permissions check in the /plugins/playbooks/api/v0/runs API ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-1079 (A flaw was found in the Linux kernel. A use-after-free may be triggere ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/4ab3a086d10eeec1424f2e8a968827a6336203df
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/4
CVE-2023-1078 (A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.12-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/f753a68980cf4b59a80fe677619da2b1804f526d
CVE-2023-1077 (In the Linux kernel, pick_next_rt_entity() may return a type confused ...)
+ {DLA-3404-1}
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/7
CVE-2023-1076 (A flaw was found in the Linux Kernel. The tun/tap sockets have their s ...)
+ {DLA-3404-1}
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/66b2c338adce580dfce2199591e65e2bab889cff
@@ -12303,11 +12331,13 @@ CVE-2023-1075 (A flaw was found in the Linux Kernel. The tls_is_tx_ready() incor
NOTE: https://git.kernel.org/linus/ffe2a22562444720b05bdfeb999c03e810d84cbb
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/6
CVE-2023-1074 (A memory leak flaw was found in the Linux kernel's Stream Control Tran ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.11-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/458e279f861d3f61796894cd158b780765a1569f
NOTE: https://www.openwall.com/lists/oss-security/2023/01/23/1
CVE-2023-1073 (A memory corruption flaw was found in the Linux kernel\u2019s human in ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.11-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/b12fece4c64857e5fab4290bf01b2e0317a88456
@@ -13954,6 +13984,7 @@ CVE-2015-10087 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found i
CVE-2015-10086 (A vulnerability, which was classified as critical, was found in OpenCy ...)
NOT-FOR-US: OpenCycleCompass
CVE-2023-26545 (In the Linux kernel before 6.1.13, there is a double free in net/mpls/ ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.15-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/fda6c89fe3d9aca073495a664e1d5aea28cd4377 (6.2)
@@ -18537,6 +18568,7 @@ CVE-2023-25014 (An issue was discovered in the femanager extension before 5.5.3,
CVE-2023-25013 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...)
NOT-FOR-US: TYPO3 extension
CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove i ...)
+ {DLA-3404-1}
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -20284,6 +20316,7 @@ CVE-2023-0462
RESERVED
- foreman <itp> (bug #663101)
CVE-2023-0461 (There is a use-after-free vulnerability in the Linux Kernel which can ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.7-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/2c02d41d71f90a5168391b6a5f2954112ba2307c
@@ -20291,11 +20324,13 @@ CVE-2023-0460 (The YouTube Embedded 1.2 SDK binds to a service within the YouTub
NOT-FOR-US: YouTube Embedded 1.2 SDK
CVE-2023-0459
RESERVED
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.15-1
[bullseye] - linux 5.10.178-1
NOTE: https://github.com/google/security-research/security/advisories/GHSA-m7j5-797w-vmrh
NOTE: https://git.kernel.org/linus/74e19ef0ff8061ef55957c3abd71614ef0f42f47 (6.3-rc1)
CVE-2023-0458 (A speculative pointer dereference problem exists in the Linux Kernel o ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://github.com/google/security-research/security/advisories/GHSA-m7j5-797w-vmrh
@@ -22042,7 +22077,7 @@ CVE-2023-22294 (Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 a
CVE-2023-22288 (HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and al ...)
- check-mk <removed>
CVE-2023-0394 (A NULL pointer dereference flaw was found in rawv6_push_pending_frames ...)
- {DSA-5324-1 DLA-3349-1}
+ {DSA-5324-1 DLA-3403-1 DLA-3349-1}
- linux 6.1.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/18/2
NOTE: https://git.kernel.org/linus/cb3e9864cdbe35ff6378966660edbcbac955fe17 (6.2-rc4)
@@ -22948,6 +22983,7 @@ CVE-2023-23561
CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur because ...)
NOT-FOR-US: Lexmark
CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux k ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.11-1
[bullseye] - linux 5.10.178-1
NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/
@@ -23111,7 +23147,7 @@ CVE-2023-22283 (On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijackin
CVE-2023-22281 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-0266 (A use after free vulnerability exists in the ALSA PCM package in the L ...)
- {DSA-5324-1 DLA-3349-1}
+ {DSA-5324-1 DLA-3403-1 DLA-3349-1}
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/56b88b50565cd8b946a2d00b0c83927b7ebb055e
CVE-2023-0265 (Uvdesk version 1.1.1 allows an authenticated remote attacker to execut ...)
@@ -23295,11 +23331,11 @@ CVE-2013-10011 (A vulnerability was found in aeharding classroom-engagement-syst
CVE-2012-10005 (A vulnerability has been found in manikandan170890 php-form-builder-cl ...)
NOT-FOR-US: manikandan170890 php-form-builder-class
CVE-2023-23455 (atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1. ...)
- {DSA-5324-1 DLA-3349-1}
+ {DSA-5324-1 DLA-3403-1 DLA-3349-1}
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/a2965c7be0522eaa18808684b7b82b248515511b
CVE-2023-23454 (cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 ...)
- {DSA-5324-1 DLA-3349-1}
+ {DSA-5324-1 DLA-3403-1 DLA-3349-1}
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12
CVE-2023-23453 (Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmw ...)
@@ -24315,6 +24351,7 @@ CVE-2023-23005 (In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets
[buster] - linux <not-affected> (Vulnerble code not present)
NOTE: https://git.kernel.org/linus/4a625ceee8a0ab0273534cb6b432ce6b331db5ee (6.2-rc1)
CVE-2023-23004 (In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c m ...)
+ {DLA-3404-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/15342f930ebebcfe36f2415049736a77d7d2e045 (5.19-rc1)
@@ -24339,6 +24376,7 @@ CVE-2023-22999 (In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c
[bullseye] - linux 5.10.103-1
NOTE: https://git.kernel.org/linus/b52fe2dbb3e655eb1483000adfab68a219549e13
CVE-2023-22998 (In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_objec ...)
+ {DLA-3404-1}
- linux 6.0.3-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/c24968734abfed81c8f93dc5f44a7b7a9aecadfa (6.0-rc1)
@@ -26154,6 +26192,7 @@ CVE-2023-0047
CVE-2023-0046 (Improper Restriction of Names for Files and Other Resources in GitHub ...)
NOT-FOR-US: lirantal/daloradius
CVE-2023-0045 (The current implementation of the prctl syscall does not issue an IBPB ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.7-1
[bullseye] - linux 5.10.178-1
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/1
@@ -27723,6 +27762,7 @@ CVE-2021-4281 (A vulnerability was found in Brave UX for-the-badge and classifie
CVE-2022-47908 (Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and ea ...)
NOT-FOR-US: Fuji Electric
CVE-2022-4744 (A double-free flaw was found in the Linux kernel\u2019s TUN/TAP device ...)
+ {DLA-3403-1}
- linux 5.15.15-1
[bullseye] - linux 5.10.136-1
NOTE: https://git.kernel.org/linus/158b515f703e75e7d68289bf4d98c664e1d632df (5.16-rc7)
@@ -28002,7 +28042,7 @@ CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a collision of hash values
CVE-2022-47930 (An issue was discovered in IO FinNet tss-lib before 2.0.0. The paramet ...)
NOT-FOR-US: io.finnet tss-lib
CVE-2022-47929 (In the Linux kernel before 6.1.6, a NULL pointer dereference bug in th ...)
- {DSA-5324-1 DLA-3349-1}
+ {DSA-5324-1 DLA-3403-1 DLA-3349-1}
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/96398560f26aa07e8f2969d73c8197e6a6d10407 (6.2-rc4)
CVE-2022-47928 (In MISP before 2.4.167, there is XSS in the template file uploads in a ...)
@@ -32493,6 +32533,7 @@ CVE-2022-4381 (The Popup Maker WordPress plugin before 1.16.9 does not validate
CVE-2022-4380
RESERVED
CVE-2022-4379 (A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/n ...)
+ {DLA-3404-1}
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -35302,7 +35343,7 @@ CVE-2022-4146
CVE-2022-45935 (Usage of temporary files with insecure permissions by the Apache James ...)
NOT-FOR-US: Apache James
CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10. l2cap_conf ...)
- {DSA-5324-1 DLA-3349-1}
+ {DSA-5324-1 DLA-3403-1 DLA-3349-1}
- linux 6.1.4-1
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d
CVE-2022-45933 (KubeView through 0.1.31 allows attackers to obtain control of a Kubern ...)
@@ -35659,6 +35700,7 @@ CVE-2022-4131 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2022-4130 (A blind site-to-site request forgery vulnerability was found in Satell ...)
NOT-FOR-US: Red Hat Satellite server
CVE-2022-4129 (A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2T ...)
+ {DLA-3404-1}
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
NOTE: https://lore.kernel.org/all/20221114191619.124659-1-jakub@cloudflare.com/t
@@ -43748,6 +43790,7 @@ CVE-2022-3709 (A stored XSS vulnerability allows admin to super-admin privilege
CVE-2022-3708 (The Web Stories plugin for WordPress is vulnerable to Server-Side Requ ...)
NOT-FOR-US: Web Stories plugin for WordPress
CVE-2022-3707 (A double-free memory flaw was found in the Linux kernel. The Intel GVT ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.7-1
[bullseye] - linux 5.10.178-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137979
@@ -46355,7 +46398,7 @@ CVE-2022-3547 (A vulnerability was found in SourceCodester Simple Cold Storage M
CVE-2022-3546 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...)
NOT-FOR-US: SourceCodester Simple Cold Storage Management System
CVE-2022-3545 (A vulnerability has been found in Linux Kernel and classified as criti ...)
- {DSA-5324-1 DLA-3349-1}
+ {DSA-5324-1 DLA-3403-1 DLA-3349-1}
- linux 6.0.2-1
NOTE: https://git.kernel.org/linus/02e1a114fdb71e59ee6770294166c30d437bf86a (6.0-rc1)
CVE-2022-3544 (A vulnerability, which was classified as problematic, was found in Lin ...)
@@ -47925,6 +47968,7 @@ CVE-2022-3426 (The Advanced WP Columns WordPress plugin through 2.0.6 does not s
CVE-2022-3425 (The Analyticator WordPress plugin before 6.5.6 unserializes user input ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3424 (A use-after-free flaw was found in the Linux kernel\u2019s SGI GRU dri ...)
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.4-1 (unimportant)
[bullseye] - linux 5.10.178-1
NOTE: https://lore.kernel.org/all/20221006152643.1694235-1-zyytlz.wz@163.com/
@@ -51433,7 +51477,7 @@ CVE-2022-41220 (md2roff 1.9 has a stack-based buffer overflow via a Markdown fil
CVE-2022-41219
RESERVED
CVE-2022-41218 (In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10 ...)
- {DSA-5324-1 DLA-3349-1}
+ {DSA-5324-1 DLA-3403-1 DLA-3349-1}
- linux 6.1.4-1
NOTE: https://lore.kernel.org/all/87sfklgozd.wl-tiwai@suse.de/
NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/4
@@ -54079,7 +54123,7 @@ CVE-2022-36402 (An integer overflow vulnerability was found in vmwgfx driver in
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2072
NOTE: Might be OpenAnolis specific issues, check when Bugzilla entries are public
CVE-2022-36280 (An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx ...)
- {DSA-5324-1 DLA-3349-1}
+ {DSA-5324-1 DLA-3403-1 DLA-3349-1}
- linux 6.1.4-1
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2071
NOTE: https://git.kernel.org/linus/4cf949c7fafe21e085a4ee386bb2dade9067316e
@@ -58884,7 +58928,7 @@ CVE-2022-2874 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
NOTE: https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d (v9.0.0224)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2873 (An out-of-bounds memory access flaw was found in the Linux kernel Inte ...)
- {DSA-5324-1 DLA-3349-1}
+ {DSA-5324-1 DLA-3403-1 DLA-3349-1}
- linux 6.1.4-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2119048
NOTE: https://lore.kernel.org/lkml/20220729093451.551672-1-zheyuma97@gmail.com/T/
@@ -69836,6 +69880,7 @@ CVE-2022-2198 (The WPQA Builder WordPress plugin before 5.7 which is a companion
CVE-2022-2197 (By using a specific credential string, an attacker with network access ...)
NOT-FOR-US: Exemys
CVE-2022-2196 (A regression exists in the Linux Kernel within KVM: nVMX that allowed ...)
+ {DLA-3404-1}
- linux 6.1.15-1
[bullseye] - linux 5.10.178-1
[buster] - linux <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fea605be74844111d215a08ba28948229c32125d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fea605be74844111d215a08ba28948229c32125d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230430/229bc534/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list