[Git][security-tracker-team/security-tracker][master] 2 commits: new gpac issue
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Feb 10 14:20:50 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bd79d6fd by Moritz Muehlenhoff at 2023-02-10T15:20:26+01:00
new gpac issue
- - - - -
4e5d15c4 by Moritz Muehlenhoff at 2023-02-10T15:20:26+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -71,7 +71,10 @@ CVE-2023-25642
CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,deve ...)
- ampache <removed>
CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
- TODO: check
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
+ NOTE: https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26
CVE-2023-0769
RESERVED
CVE-2023-0768
@@ -150,10 +153,11 @@ CVE-2023-0761
RESERVED
CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2. ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21
NOTE: https://github.com/gpac/gpac/commit/ea7395f39f601a7750d48d606e9d10ea0b7beefe
CVE-2023-0759 (Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-0758 (A vulnerability was found in glorylion JFinalOA 1.0.2 and classified a ...)
NOT-FOR-US: glorylion JFinalOA
CVE-2023-0757
@@ -5445,9 +5449,9 @@ CVE-2023-23627 (Sanitize is an allowlist-based HTML and CSS sanitizer. Versions
NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7
NOTE: https://github.com/rgrove/sanitize/commit/ec14265e530dc3fe31ce2ef773594d3a97778d22 (v6.0.1)
CVE-2023-23626 (go-bitfield is a simple bitfield package for the go language aiming to ...)
- TODO: check
+ NOT-FOR-US: go-bitfield
CVE-2023-23625 (go-unixfs is an implementation of a unix-like filesystem on top of an ...)
- TODO: check
+ NOT-FOR-US: go-unixfs
CVE-2023-23624 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
NOT-FOR-US: Discourse
CVE-2023-23623
@@ -6534,7 +6538,7 @@ CVE-2023-23288
CVE-2023-23287
RESERVED
CVE-2023-23286 (Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows ...)
- TODO: check
+ NOT-FOR-US: Provide server
CVE-2023-23285
RESERVED
CVE-2023-23284
@@ -26581,15 +26585,15 @@ CVE-2022-43767
CVE-2022-43766 (Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable ...)
NOT-FOR-US: Apache IoTDB
CVE-2022-43765 (B&R APROL versions < R 4.2-07 doesn’t process correctly s ...)
- TODO: check
+ NOT-FOR-US: B&R APROL
CVE-2022-43764 (Insufficient validation of input parameters when changing configuratio ...)
- TODO: check
+ NOT-FOR-US: B&R APROL
CVE-2022-43763 (Insufficient check of preconditions could lead to Denial of Service co ...)
- TODO: check
+ NOT-FOR-US: B&R APROL
CVE-2022-43762 (Lack of verification in B&R APROL Tbase server versions < R 4.2 ...)
- TODO: check
+ NOT-FOR-US: B&R APROL
CVE-2022-43761 (Missing authentication when creating and managing the B&R APROL da ...)
- TODO: check
+ NOT-FOR-US: B&R APROL
CVE-2022-3705 (A vulnerability was found in vim and classified as problematic. Affect ...)
{DLA-3182-1}
- vim 2:9.0.0813-1 (unimportant)
@@ -26638,15 +26642,15 @@ CVE-2022-3688 (The WPQA Builder WordPress plugin before 5.9 does not have CSRF c
CVE-2022-43760
RESERVED
CVE-2022-43759 (A Improper Privilege Management vulnerability in SUSE Rancher, allows ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-43758 (A Improper Neutralization of Special Elements used in an OS Command (' ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-43757 (A Cleartext Storage of Sensitive Information vulnerability in SUSE Ran ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-43756 (A Improper Neutralization of Special Elements in Output Used by a Down ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-43755 (A Insufficient Entropy vulnerability in SUSE Rancher allows attackers ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-43754 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
NOT-FOR-US: Uyuni
CVE-2022-43753 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...)
@@ -27239,7 +27243,7 @@ CVE-2022-43551 (A vulnerability exists in curl <7.87.0 HSTS check that could
NOTE: Enabled by default since: https://github.com/curl/curl/commit/d71ff2b9db566b3f4b2eb29441c2df86715d4339 (curl-7_77_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/9e71901634e276dd050481c4320f046bebb1bc28 (curl-7_87_0)
CVE-2022-43550 (A command injection vulnerability exists in Jitsi before commit 8aa7be ...)
- TODO: check
+ - jitsi <removed>
CVE-2022-43549 (Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 ...)
NOT-FOR-US: Veeam
CVE-2022-43548 (A OS Command Injection vulnerability exists in Node.js versions <14 ...)
@@ -27453,7 +27457,7 @@ CVE-2022-40698 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in
CVE-2022-40695 (Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirectio ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40692 (Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40687 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40686 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugi ...)
@@ -27495,7 +27499,7 @@ CVE-2022-3642
CVE-2022-3641 (Elevation of privilege in the Azure SQL Data Source in Devolutions Rem ...)
NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2022-36401 (Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – ...)
- TODO: check
+ NOT-FOR-US: TeraWallet
CVE-2022-3640 (A vulnerability, which was classified as critical, was found in Linux ...)
{DLA-3245-1 DLA-3244-1}
- linux 6.0.8-1
@@ -27859,7 +27863,7 @@ CVE-2022-3570 (Multiple heap buffer overflows in tiffcrop.c utility in libtiff l
CVE-2022-3569 (Due to an issue with incorrect sudo permissions, Zimbra Collaboration ...)
NOT-FOR-US: Zimbra
CVE-2022-3568 (The ImageMagick Engine plugin for WordPress is vulnerable to deseriali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43378
RESERVED
CVE-2022-43377
@@ -28854,13 +28858,13 @@ CVE-2022-42975 (socket/transport.ex in Phoenix before 1.6.14 mishandles check_or
CVE-2022-42974
RESERVED
CVE-2022-42973 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-42972 (A CWE-732: Incorrect Permission Assignment for Critical Resource vulne ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-42971 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-42970 (A CWE-306: Missing Authentication for Critical Function The software d ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-3535
REJECTED
CVE-2022-3534 (A vulnerability classified as critical has been found in Linux Kernel. ...)
@@ -29168,9 +29172,9 @@ CVE-2022-42911
CVE-2022-42910
RESERVED
CVE-2022-42909 (WEPA Print Away does not verify that a user has authorization to acces ...)
- TODO: check
+ NOT-FOR-US: WEPA Print Away
CVE-2022-42908 (WEPA Print Away is vulnerable to a stored XSS. It does not properly sa ...)
- TODO: check
+ NOT-FOR-US: WEPA Print Away
CVE-2022-3499 (An authenticated attacker could utilize the identical agent and cluste ...)
NOT-FOR-US: Nessus
CVE-2022-3498
@@ -29584,7 +29588,7 @@ CVE-2022-3453 (A vulnerability was found in SourceCodester Book Store Management
CVE-2022-3452 (A vulnerability was found in SourceCodester Book Store Management Syst ...)
NOT-FOR-US: SourceCodester Book Store Management System
CVE-2022-42783 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-42782 (In wlan driver, there is a possible missing permission check, This cou ...)
NOT-FOR-US: Unisoc
CVE-2022-42781 (In wlan driver, there is a possible missing bounds check, This could l ...)
@@ -30282,15 +30286,15 @@ CVE-2022-3431
CVE-2022-3430 (A potential vulnerability in the WMI Setup driver on some consumer Len ...)
NOT-FOR-US: Lenovo
CVE-2022-42493 (Several OS command injection vulnerabilities exist in the m2m binary o ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-42492 (Several OS command injection vulnerabilities exist in the m2m binary o ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-42491 (Several OS command injection vulnerabilities exist in the m2m binary o ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-42490 (Several OS command injection vulnerabilities exist in the m2m binary o ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-42484 (An OS command injection vulnerability exists in the httpd logs/view.cg ...)
- TODO: check
+ NOT-FOR-US: FreshTomato
CVE-2022-42483
RESERVED
CVE-2022-42482
@@ -30323,7 +30327,7 @@ CVE-2022-41999 (A denial of service vulnerability exists in the DDS native tile
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635
NOTE: https://github.com/OpenImageIO/oiio/pull/3625
CVE-2022-41991 (A heap-based buffer overflow vulnerability exists in the m2m DELETE_FI ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41988 (An information disclosure vulnerability exists in the OpenImageIO::dec ...)
- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643
@@ -30340,11 +30344,11 @@ CVE-2022-41632
CVE-2022-41630
RESERVED
CVE-2022-41154 (A directory traversal vulnerability exists in the m2m DELETE_FILE cmd ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40222 (An OS command injection vulnerability exists in the m2m DELETE_FILE cm ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-38451 (A directory traversal vulnerability exists in the httpd update.cgi fun ...)
- TODO: check
+ NOT-FOR-US: FreshTomato
CVE-2022-38091
RESERVED
CVE-2022-3429
@@ -30818,7 +30822,7 @@ CVE-2022-42293
CVE-2022-42292
RESERVED
CVE-2022-42291 (NVIDIA GeForce Experience contains a vulnerability in the installer, w ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2022-42290 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...)
NOT-FOR-US: NVIDIA
CVE-2022-42289 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...)
@@ -32574,7 +32578,7 @@ CVE-2022-41633
CVE-2022-41623 (Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping an ...)
NOT-FOR-US: Villatheme ALD
CVE-2022-41620 (Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41618 (Unauthenticated Error Log Disclosure vulnerability in Media Library As ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41616
@@ -32774,7 +32778,7 @@ CVE-2022-3329
CVE-2022-30544 (Cross-Site Request Forgery (CSRF) in MiKa's OSM – OpenStreetMap ...)
NOT-FOR-US: MiKa
CVE-2022-27628 (Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone ̵ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-26375 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mamm ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46840 (The HW_KEYMASTER module has an out-of-bounds access vulnerability in p ...)
@@ -32806,7 +32810,7 @@ CVE-2022-41559 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus c
CVE-2022-41558 (The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire A ...)
NOT-FOR-US: TIBCO
CVE-2022-41342 (Improper buffer restrictions the Intel(R) C++ Compiler Classic before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41314
RESERVED
CVE-2022-40982
@@ -32820,9 +32824,9 @@ CVE-2022-40964
CVE-2022-40210
RESERVED
CVE-2022-40196 (Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler befo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-38136 (Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler bef ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-38099 (Improper input validation in BIOS firmware for some Intel(R) NUC 11 Co ...)
NOT-FOR-US: Intel
CVE-2022-3328
@@ -33039,7 +33043,7 @@ CVE-2022-41507
CVE-2022-41506
RESERVED
CVE-2022-41505 (An access control issue on TP-LInk Tapo C200 V1 devices allows physica ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-41504 (An arbitrary file upload vulnerability in the component /php_action/ed ...)
NOT-FOR-US: Billing System Project
CVE-2022-41503
@@ -33167,7 +33171,7 @@ CVE-2022-41443 (phpipam v1.5.0 was discovered to contain a header injection vuln
CVE-2022-41442 (PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS ...)
NOT-FOR-US: PicUploader
CVE-2022-41441 (Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 ...)
- TODO: check
+ NOT-FOR-US: ReQlogic
CVE-2022-41440 (Billing System Project v1.0 was discovered to contain a SQL injection ...)
NOT-FOR-US: Billing System Project
CVE-2022-41439 (Billing System Project v1.0 was discovered to contain a SQL injection ...)
@@ -33561,13 +33565,13 @@ CVE-2022-41317 (An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 thro
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch
NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch (5.7)
CVE-2022-41313 (A stored cross-site scripting vulnerability exists in the web applicat ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2022-41312 (A stored cross-site scripting vulnerability exists in the web applicat ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2022-41311 (A stored cross-site scripting vulnerability exists in the web applicat ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2022-40691 (An information disclosure vulnerability exists in the web application ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2022-40214
RESERVED
CVE-2022-3265 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
@@ -33689,7 +33693,7 @@ CVE-2022-41223 (The Director database component of MiVoice Connect through 19.3
CVE-2022-41221
RESERVED
CVE-2022-40224 (A denial of service vulnerability exists in the web server functionali ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version 6.7 has ...)
NOT-FOR-US: Measuresoft ScadaPro Server
CVE-2022-3262 (A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst ...)
@@ -33913,33 +33917,33 @@ CVE-2022-41157 (A specific file on the sERP server if Kyungrinara(ERP solution)
CVE-2022-41156 (Remote code execution vulnerability due to insufficient verification o ...)
NOT-FOR-US: OndiskPlayerAgent
CVE-2022-41153 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41152 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41151 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41150 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41149 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41148 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41147 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41146 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41145 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41144 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41143 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2022-41142 (This vulnerability allows remote attackers to escalate privileges on a ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2022-41141 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Windscribe
CVE-2022-41140 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-40983 (An integer overflow vulnerability exists in the QML QtScript Reflect A ...)
- qt6-declarative 6.4.2+dfsg~rc1-2 (unimportant)
- qtdeclarative-opensource-src <unfixed> (unimportant)
@@ -33950,7 +33954,7 @@ CVE-2022-40983 (An integer overflow vulnerability exists in the QML QtScript Ref
NOTE: https://bugreports.qt.io/browse/QTBUG-107619
NOTE: https://codereview.qt-project.org/c/qt/qtdeclarative/+/437921
CVE-2022-40693 (A cleartext transmission vulnerability exists in the web application f ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2022-41222 (mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via ...)
{DLA-3173-1}
- linux 5.14.6-1
@@ -33970,7 +33974,7 @@ CVE-2022-40704 (A XSS vulnerability was found in phoromatic_r_add_test_details.p
CVE-2022-40208
RESERVED
CVE-2022-38066 (An OS command injection vulnerability exists in the httpd SNMP functio ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-3253
RESERVED
CVE-2022-3252 (Improper detection of complete HTTP body decompression SwiftNIO Extras ...)
@@ -34210,97 +34214,97 @@ CVE-2022-41031 (Microsoft Word Remote Code Execution Vulnerability. ...)
CVE-2022-40129 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
CVE-2022-41030 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41029 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41028 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41027 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41026 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41025 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41024 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41023 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41022 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41021 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41020 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41019 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41018 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41017 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41016 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41015 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41014 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41013 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41012 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41011 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41010 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41009 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41008 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41007 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41006 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41005 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41004 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41003 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41002 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41001 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-41000 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40999 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40998 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40997 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40996 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40995 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40994 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40993 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40992 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40991 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40990 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40989 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40988 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40987 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40986 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40985 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40980 (A potential unathenticated file deletion vulnerabilty on Trend Micro M ...)
NOT-FOR-US: Trend Micro
CVE-2022-40979 (In JetBrains TeamCity before 2022.04.4 environmental variables of "pas ...)
@@ -34312,7 +34316,7 @@ CVE-2022-40977 (A path traversal vulnerability was discovered in Pilz PASvisu Se
CVE-2022-40976 (A path traversal vulnerability was discovered in multiple Pilz product ...)
NOT-FOR-US: Pilz
CVE-2022-40969 (An os command injection vulnerability exists in the httpd delfile.cgi ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40962 (Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, And ...)
{DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1}
- firefox 105.0-1
@@ -34369,19 +34373,19 @@ CVE-2022-40955 (In versions of Apache InLong prior to 1.3.0, an attacker with su
CVE-2022-40954 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
NOT-FOR-US: Airflow Spark provider
CVE-2022-40701 (A directory traversal vulnerability exists in the httpd delfile.cgi fu ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-40220 (An OS command injection vulnerability exists in the httpd txt/restore. ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-39045 (A file write vulnerability exists in the httpd upload.cgi functionalit ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-38715 (A leftover debug code vulnerability exists in the httpd shell.cgi func ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-38459 (A stack-based buffer overflow vulnerability exists in the httpd downfi ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-38088 (A directory traversal vulnerability exists in the httpd downfile.cgi f ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-36279 (A stack-based buffer overflow vulnerability exists in the httpd delfil ...)
- TODO: check
+ NOT-FOR-US: Siretta
CVE-2022-3240 (The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Sit ...)
NOT-FOR-US: "Follow Me Plugin" plugin for WordPress
CVE-2022-3239 (A flaw use after free in the Linux kernel video4linux driver was found ...)
@@ -34854,7 +34858,7 @@ CVE-2022-3231 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms
CVE-2022-3230
RESERVED
CVE-2022-3229 (Because the web management interface for Unified Intents' Unified Remo ...)
- TODO: check
+ NOT-FOR-US: Unified Remote
CVE-2022-3228 (Using custom code, an attacker can write into name or description fiel ...)
NOT-FOR-US: Host Engineering
CVE-2022-40742 (Mail SQR Expert system has a Local File Inclusion vulnerability. An un ...)
@@ -34922,13 +34926,13 @@ CVE-2022-40722
CVE-2022-40721 (Arbitrary file upload vulnerability in php uploader ...)
NOT-FOR-US: php uploader
CVE-2022-40720 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-40719 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-40718 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-40717 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13. ...)
- consul <unfixed> (bug #1027161)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628
@@ -35483,11 +35487,11 @@ CVE-2022-40516 (Memory corruption in Core due to stack-based buffer overflow. ..
CVE-2022-40515
RESERVED
CVE-2022-40514 (Memory corruption due to buffer copy without checking the size of inpu ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-40513 (Transient DOS due to uncontrolled resource consumption in WLAN firmwar ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-40512 (Transient DOS in WLAN Firmware due to buffer over-read while processin ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-40511
RESERVED
CVE-2022-40510
@@ -35507,7 +35511,7 @@ CVE-2022-40504
CVE-2022-40503
RESERVED
CVE-2022-40502 (Transient DOS due to improper input validation in WLAN Host. ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-3181 (An Improper Input Validation vulnerability exists in Trihedral VTScada ...)
NOT-FOR-US: Trihedral VTScada
CVE-2022-3180
@@ -35572,7 +35576,7 @@ CVE-2022-40482
CVE-2022-40481
RESERVED
CVE-2022-40480 (Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was dis ...)
- TODO: check
+ NOT-FOR-US: Microchip Technology NRF5340-DK DT100112
CVE-2022-40479
RESERVED
CVE-2022-40478
@@ -36037,11 +36041,11 @@ CVE-2022-40271
CVE-2022-40270
REJECTED
CVE-2022-40269 (Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2022-40268 (Improper Restriction of Rendered UI Layers or Frames vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2022-40267 (Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2022-40266 (Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 ...)
NOT-FOR-US: Mitsubishi
CVE-2022-40265 (Improper Input Validation vulnerability in Mitsubishi Electric Corpora ...)
@@ -36059,7 +36063,7 @@ CVE-2022-40260
CVE-2022-40259 (MegaRAC Default Credentials Vulnerability ...)
NOT-FOR-US: AMI MegaRAC Redfish
CVE-2022-40258 (AMI Megarac Weak password hashes for Redfish & API ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2022-40257 (An HTML injection vulnerability exists in CERT/CC VINCE software prior ...)
NOT-FOR-US: CERT/CC VINCE
CVE-2022-40256
@@ -36427,13 +36431,13 @@ CVE-2022-3144 (The Wordfence Security – Firewall & Malware Scan plugin
CVE-2022-3143 (wildfly-elytron: possible timing attacks via use of unsafe comparator. ...)
NOT-FOR-US: WildFly Elytron
CVE-2022-40137 (A buffer overflow in the WMI SMI Handler in some Lenovo models may all ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-40136 (An information leak vulnerability in SMI Handler used to configure pla ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-40135 (An information leak vulnerability in the Smart USB Protection SMI Hand ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-40134 (An information leak vulnerability in the SMI Set BIOS Password SMI Han ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-40127 (A vulnerability in Example Dags of Apache Airflow allows an attacker w ...)
- airflow <itp> (bug #819700)
CVE-2022-38972 (Cross-site scripting vulnerability in Movable Type plugin A-Form versi ...)
@@ -36633,13 +36637,13 @@ CVE-2022-40039
CVE-2022-40038
RESERVED
CVE-2022-40037 (An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to ...)
- TODO: check
+ NOT-FOR-US: Rawchen blog-ssm
CVE-2022-40036 (An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to ...)
- TODO: check
+ NOT-FOR-US: Rawchen blog-ssm
CVE-2022-40035 (File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing atta ...)
- TODO: check
+ NOT-FOR-US: Rawchen blog-ssm
CVE-2022-40034 (Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1. ...)
- TODO: check
+ NOT-FOR-US: Rawchen blog-ssm
CVE-2022-40033
RESERVED
CVE-2022-40032
@@ -37149,11 +37153,11 @@ CVE-2022-39815 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabi
CVE-2022-39814 (In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the ...)
NOT-FOR-US: NOKIA
CVE-2022-39813 (Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored ...)
- TODO: check
+ NOT-FOR-US: Italtel NetMatch-S CI
CVE-2022-39812 (Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal un ...)
- TODO: check
+ NOT-FOR-US: Italtel NetMatch-S CI
CVE-2022-39811 (Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control unde ...)
- TODO: check
+ NOT-FOR-US: Italtel NetMatch-S CI
CVE-2022-39810 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflect ...)
NOT-FOR-US: WSO2 Enterprise Integrator
CVE-2022-39809 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflect ...)
@@ -38789,7 +38793,7 @@ CVE-2022-3085 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior
CVE-2022-3084 (GE CIMPICITY versions 2022 and prior is vulnerable when data from a fa ...)
NOT-FOR-US: GE CIMPICITY
CVE-2022-3083 (All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Re ...)
- TODO: check
+ NOT-FOR-US: Landis+Gyr E850
CVE-2022-39189 (An issue was discovered the x86 KVM subsystem in the Linux kernel befo ...)
- linux 5.19.6-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
@@ -39056,11 +39060,11 @@ CVE-2022-39063 (When Open5GS UPF receives a PFCP Session Establishment Request,
CVE-2022-39062
RESERVED
CVE-2022-39061 (ChangingTech MegaServiSignAdapter component has a vulnerability of Out ...)
- TODO: check
+ NOT-FOR-US: ChangingTech MegaServiSignAdapter
CVE-2022-39060 (ChangingTech MegaServiSignAdapter component has a vulnerability of imp ...)
- TODO: check
+ NOT-FOR-US: ChangingTech MegaServiSignAdapter
CVE-2022-39059 (ChangingTech MegaServiSignAdapter component has a path traversal vulne ...)
- TODO: check
+ NOT-FOR-US: ChangingTech MegaServiSignAdapter
CVE-2022-39058 (RAVA certification validation system has a path traversal vulnerabilit ...)
NOT-FOR-US: RAVA certification validation system
CVE-2022-39057 (RAVA certificate validation system has insufficient filtering for spec ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e55830534d2280e2862ab255f32f818e6ed4796f...4e5d15c47c64db8848e54a2e4220c1fa231cdc08
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e55830534d2280e2862ab255f32f818e6ed4796f...4e5d15c47c64db8848e54a2e4220c1fa231cdc08
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230210/a0b60d43/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list