[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 6 08:10:26 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
272931f4 by security tracker role at 2023-02-06T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2023-25198
+	RESERVED
+CVE-2023-25197
+	RESERVED
+CVE-2023-25196
+	RESERVED
+CVE-2023-25195
+	RESERVED
+CVE-2022-48314
+	RESERVED
+CVE-2022-48313
+	RESERVED
+CVE-2022-48312
+	RESERVED
 CVE-2023-25194
 	RESERVED
 CVE-2022-4902
@@ -12,12 +26,12 @@ CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attack
 	- harfbuzz <unfixed> (bug #1030612)
 	[bullseye] - harfbuzz <no-dsa> (Minor issue)
 	NOTE: https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
-CVE-2014-125086
-	RESERVED
-CVE-2014-125085
-	RESERVED
-CVE-2014-125084
-	RESERVED
+CVE-2014-125086 (A vulnerability has been found in Gimmie Plugin 1.2.2 and classified a ...)
+	TODO: check
+CVE-2014-125085 (A vulnerability, which was classified as critical, was found in Gimmie ...)
+	TODO: check
+CVE-2014-125084 (A vulnerability, which was classified as critical, has been found in G ...)
+	TODO: check
 CVE-2023-25192
 	RESERVED
 CVE-2023-25191
@@ -36,10 +50,10 @@ CVE-2023-0674 (A vulnerability, which was classified as problematic, has been fo
 	NOT-FOR-US: XXL-JOB
 CVE-2023-0673 (A vulnerability classified as critical was found in SourceCodester Onl ...)
 	NOT-FOR-US: SourceCodester Online Eyewear Shop
-CVE-2017-20176
-	RESERVED
-CVE-2017-20175
-	RESERVED
+CVE-2017-20176 (A vulnerability classified as problematic was found in ciubotaru share ...)
+	TODO: check
+CVE-2017-20175 (A vulnerability classified as problematic has been found in DaSchTour  ...)
+	TODO: check
 CVE-2023-25189
 	RESERVED
 CVE-2023-25188
@@ -11851,12 +11865,12 @@ CVE-2022-47454
 	RESERVED
 CVE-2022-47453
 	RESERVED
-CVE-2022-47452
-	RESERVED
-CVE-2022-47451
-	RESERVED
-CVE-2022-47450
-	RESERVED
+CVE-2022-47452 (In gnss driver, there is a possible out of bounds write due to a missi ...)
+	TODO: check
+CVE-2022-47451 (In wlan driver, there is a possible missing params check. This could l ...)
+	TODO: check
+CVE-2022-47450 (In wlan driver, there is a possible missing permission check. This cou ...)
+	TODO: check
 CVE-2022-46732 (Even if the authentication fails for local service authentication, the ...)
 	NOT-FOR-US: GE Digital
 CVE-2022-46660 (An unauthorized user could alter or write files with full control over ...)
@@ -12389,42 +12403,42 @@ CVE-2019-25078 (A vulnerability classified as problematic was found in pacparser
 	[buster] - pacparser <no-dsa> (Minor issue)
 	NOTE: https://github.com/manugarg/pacparser/issues/99
 	NOTE: https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9 (v1.4.0)
-CVE-2022-47371
-	RESERVED
-CVE-2022-47370
-	RESERVED
-CVE-2022-47369
-	RESERVED
-CVE-2022-47368
-	RESERVED
-CVE-2022-47367
-	RESERVED
-CVE-2022-47366
-	RESERVED
-CVE-2022-47365
-	RESERVED
-CVE-2022-47364
-	RESERVED
-CVE-2022-47363
-	RESERVED
+CVE-2022-47371 (In bt driver, there is a thread competition leads to early release of  ...)
+	TODO: check
+CVE-2022-47370 (In wlan driver, there is a possible missing params check. This could l ...)
+	TODO: check
+CVE-2022-47369 (In wlan driver, there is a possible missing params check. This could l ...)
+	TODO: check
+CVE-2022-47368 (In wlan driver, there is a possible missing params check. This could l ...)
+	TODO: check
+CVE-2022-47367 (In bluetooth driver, there is a missing permission check. This could l ...)
+	TODO: check
+CVE-2022-47366 (In wlan driver, there is a possible out of bounds write due to a missi ...)
+	TODO: check
+CVE-2022-47365 (In wlan driver, there is a possible out of bounds write due to a missi ...)
+	TODO: check
+CVE-2022-47364 (In wlan driver, there is a possible out of bounds write due to a missi ...)
+	TODO: check
+CVE-2022-47363 (In wlan driver, there is a possible out of bounds read due to a missin ...)
+	TODO: check
 CVE-2022-47362
 	RESERVED
-CVE-2022-47361
-	RESERVED
-CVE-2022-47360
-	RESERVED
-CVE-2022-47359
-	RESERVED
-CVE-2022-47358
-	RESERVED
-CVE-2022-47357
-	RESERVED
-CVE-2022-47356
-	RESERVED
-CVE-2022-47355
-	RESERVED
-CVE-2022-47354
-	RESERVED
+CVE-2022-47361 (In firewall service, there is a missing permission check. This could l ...)
+	TODO: check
+CVE-2022-47360 (In log service, there is a missing permission check. This could lead t ...)
+	TODO: check
+CVE-2022-47359 (In log service, there is a missing permission check. This could lead t ...)
+	TODO: check
+CVE-2022-47358 (In log service, there is a missing permission check. This could lead t ...)
+	TODO: check
+CVE-2022-47357 (In log service, there is a missing permission check. This could lead t ...)
+	TODO: check
+CVE-2022-47356 (In log service, there is a missing permission check. This could lead t ...)
+	TODO: check
+CVE-2022-47355 (In log service, there is a missing permission check. This could lead t ...)
+	TODO: check
+CVE-2022-47354 (In log service, there is a missing permission check. This could lead t ...)
+	TODO: check
 CVE-2022-47353
 	RESERVED
 CVE-2022-47352
@@ -12435,26 +12449,26 @@ CVE-2022-47350
 	RESERVED
 CVE-2022-47349
 	RESERVED
-CVE-2022-47348
-	RESERVED
-CVE-2022-47347
-	RESERVED
-CVE-2022-47346
-	RESERVED
-CVE-2022-47345
-	RESERVED
-CVE-2022-47344
-	RESERVED
-CVE-2022-47343
-	RESERVED
-CVE-2022-47342
-	RESERVED
-CVE-2022-47341
-	RESERVED
+CVE-2022-47348 (In engineermode services, there is a missing permission check. This co ...)
+	TODO: check
+CVE-2022-47347 (In engineermode services, there is a missing permission check. This co ...)
+	TODO: check
+CVE-2022-47346 (In engineermode services, there is a missing permission check. This co ...)
+	TODO: check
+CVE-2022-47345 (In engineermode services, there is a missing permission check. This co ...)
+	TODO: check
+CVE-2022-47344 (In engineermode services, there is a missing permission check. This co ...)
+	TODO: check
+CVE-2022-47343 (In engineermode services, there is a missing permission check. This co ...)
+	TODO: check
+CVE-2022-47342 (In engineermode services, there is a missing permission check. This co ...)
+	TODO: check
+CVE-2022-47341 (In engineermode services, there is a missing permission check. This co ...)
+	TODO: check
 CVE-2022-47340
 	RESERVED
-CVE-2022-47339
-	RESERVED
+CVE-2022-47339 (In cmd services, there is a OS command injection issue due to missing  ...)
+	TODO: check
 CVE-2022-47338
 	RESERVED
 CVE-2022-47337
@@ -12465,30 +12479,30 @@ CVE-2022-47335
 	RESERVED
 CVE-2022-47334
 	RESERVED
-CVE-2022-47333
-	RESERVED
-CVE-2022-47332
-	RESERVED
-CVE-2022-47331
-	RESERVED
-CVE-2022-47330
-	RESERVED
-CVE-2022-47329
-	RESERVED
-CVE-2022-47328
-	RESERVED
-CVE-2022-47327
-	RESERVED
-CVE-2022-47326
-	RESERVED
-CVE-2022-47325
-	RESERVED
-CVE-2022-47324
-	RESERVED
-CVE-2022-47323
-	RESERVED
-CVE-2022-47322
-	RESERVED
+CVE-2022-47333 (In wlan driver, there is a possible missing permission check. This cou ...)
+	TODO: check
+CVE-2022-47332 (In wlan driver, there is a possible missing permission check. This cou ...)
+	TODO: check
+CVE-2022-47331 (In wlan driver, there is a race condition. This could lead to local de ...)
+	TODO: check
+CVE-2022-47330 (In wlan driver, there is a possible missing permission check. This cou ...)
+	TODO: check
+CVE-2022-47329 (In wlan driver, there is a possible missing permission check. This cou ...)
+	TODO: check
+CVE-2022-47328 (In wlan driver, there is a possible missing permission check. This cou ...)
+	TODO: check
+CVE-2022-47327 (In wlan driver, there is a possible missing permission check. This cou ...)
+	TODO: check
+CVE-2022-47326 (In wlan driver, there is a possible missing permission check. This cou ...)
+	TODO: check
+CVE-2022-47325 (In wlan driver, there is a possible missing permission check. This cou ...)
+	TODO: check
+CVE-2022-47324 (In wlan driver, there is a possible missing permission check. This cou ...)
+	TODO: check
+CVE-2022-47323 (In wlan driver, there is a possible missing params check. This could l ...)
+	TODO: check
+CVE-2022-47322 (In wlan driver, there is a possible missing params check. This could l ...)
+	TODO: check
 CVE-2022-47310
 	RESERVED
 CVE-2022-47309
@@ -22015,10 +22029,10 @@ CVE-2023-20853
 	RESERVED
 CVE-2023-20852
 	RESERVED
-CVE-2022-44448
-	RESERVED
-CVE-2022-44447
-	RESERVED
+CVE-2022-44448 (In wlan driver, there is a possible missing params check. This could l ...)
+	TODO: check
+CVE-2022-44447 (In wlan driver, there is a possible null pointer dereference issue due ...)
+	TODO: check
 CVE-2022-44446 (In wlan driver, there is a possible missing bounds check. This could l ...)
 	NOT-FOR-US: Unisoc
 CVE-2022-44445 (In wlan driver, there is a possible missing bounds check. This could l ...)
@@ -22069,8 +22083,8 @@ CVE-2022-44423 (In music service, there is a missing permission check. This coul
 	NOT-FOR-US: Unisoc
 CVE-2022-44422 (In music service, there is a missing permission check. This could lead ...)
 	NOT-FOR-US: Unisoc
-CVE-2022-44421
-	RESERVED
+CVE-2022-44421 (In wlan driver, there is a possible missing permission check. This cou ...)
+	TODO: check
 CVE-2022-44420
 	RESERVED
 CVE-2022-44419
@@ -28250,8 +28264,8 @@ CVE-2022-3453 (A vulnerability was found in SourceCodester Book Store Management
 	NOT-FOR-US: SourceCodester Book Store Management System
 CVE-2022-3452 (A vulnerability was found in SourceCodester Book Store Management Syst ...)
 	NOT-FOR-US: SourceCodester Book Store Management System
-CVE-2022-42783
-	RESERVED
+CVE-2022-42783 (In wlan driver, there is a possible missing params check. This could l ...)
+	TODO: check
 CVE-2022-42782 (In wlan driver, there is a possible missing permission check, This cou ...)
 	NOT-FOR-US: Unisoc
 CVE-2022-42781 (In wlan driver, there is a possible missing bounds check, This could l ...)
@@ -38933,8 +38947,8 @@ CVE-2022-38688 (In telephony service, there is a missing permission check. This
 	NOT-FOR-US: Unisoc
 CVE-2022-38687 (In messaging service, there is a missing permission check. This could  ...)
 	NOT-FOR-US: Unisoc
-CVE-2022-38686
-	RESERVED
+CVE-2022-38686 (In wlan driver, there is a possible missing params check. This could l ...)
+	TODO: check
 CVE-2022-38685
 	RESERVED
 CVE-2022-38684 (In contacts service, there is a missing permission check. This could l ...)
@@ -38943,10 +38957,10 @@ CVE-2022-38683 (In contacts service, there is a missing permission check. This c
 	NOT-FOR-US: Unisoc
 CVE-2022-38682 (In contacts service, there is a missing permission check. This could l ...)
 	NOT-FOR-US: Unisoc
-CVE-2022-38681
-	RESERVED
-CVE-2022-38680
-	RESERVED
+CVE-2022-38681 (In wlan driver, there is a possible missing params check. This could l ...)
+	TODO: check
+CVE-2022-38680 (In wlan driver, there is a possible missing params check. This could l ...)
+	TODO: check
 CVE-2022-38679 (In music service, there is a missing permission check. This could lead ...)
 	NOT-FOR-US: Unisoc
 CVE-2022-38678 (In contacts service, there is a missing permission check. This could l ...)
@@ -38955,10 +38969,10 @@ CVE-2022-38677 (In cell service, there is a missing permission check. This could
 	NOT-FOR-US: Unisoc
 CVE-2022-38676 (In gpu driver, there is a possible out of bounds write due to a missin ...)
 	NOT-FOR-US: Unisoc
-CVE-2022-38675
-	RESERVED
-CVE-2022-38674
-	RESERVED
+CVE-2022-38675 (In gpu driver, there is a possible out of bounds write due to a missin ...)
+	TODO: check
+CVE-2022-38674 (In wlan driver, there is a possible missing params check. This could l ...)
+	TODO: check
 CVE-2022-38673 (In face detect driver, there is a possible out of bounds write due to  ...)
 	NOT-FOR-US: Unisoc
 CVE-2022-38672 (In face detect driver, there is a possible out of bounds write due to  ...)
@@ -75100,12 +75114,12 @@ CVE-2022-25857 (The package org.yaml:snakeyaml from 0 and before 1.31 are vulner
 	NOTE: https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360
 CVE-2022-25856 (The package github.com/argoproj/argo-events/sensors/artifacts before 1 ...)
 	NOT-FOR-US: github.com/argoproj/argo-events/sensors/artifacts
-CVE-2022-25855
-	RESERVED
+CVE-2022-25855 (All versions of the package create-choo-app3 are vulnerable to Command ...)
+	TODO: check
 CVE-2022-25854 (This affects the package @yaireo/tagify before 4.9.8. The package is u ...)
 	NOT-FOR-US: Tagify
-CVE-2022-25853
-	RESERVED
+CVE-2022-25853 (All versions of the package semver-tags are vulnerable to Command Inje ...)
+	TODO: check
 CVE-2022-25852 (All versions of package pg-native; all versions of package libpq are v ...)
 	NOT-FOR-US: Node pgnative
 CVE-2022-25851 (The package jpeg-js before 0.4.4 are vulnerable to Denial of Service ( ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/272931f4b76e18f9d3a7d4917d4473d557dce939

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/272931f4b76e18f9d3a7d4917d4473d557dce939
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230206/97e4c9f8/attachment.htm>


More information about the debian-security-tracker-commits mailing list