[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 17 08:10:26 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7914391e by security tracker role at 2023-02-17T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-25943
+ RESERVED
+CVE-2023-25942
+ RESERVED
+CVE-2023-25941
+ RESERVED
+CVE-2023-25940
+ RESERVED
+CVE-2023-25939
+ RESERVED
+CVE-2023-25938
+ RESERVED
+CVE-2023-25937
+ RESERVED
+CVE-2023-25936
+ RESERVED
+CVE-2023-25935
+ RESERVED
+CVE-2023-25934
+ RESERVED
+CVE-2023-25933
+ RESERVED
+CVE-2023-25756
+ RESERVED
+CVE-2023-25546
+ RESERVED
+CVE-2023-23904
+ RESERVED
+CVE-2023-23573
+ RESERVED
+CVE-2023-22449
+ RESERVED
+CVE-2023-22444
+ RESERVED
+CVE-2023-22356
+ RESERVED
+CVE-2023-22351
+ RESERVED
+CVE-2023-22330
+ RESERVED
+CVE-2023-22329
+ RESERVED
+CVE-2023-0882
+ RESERVED
+CVE-2023-0881
+ RESERVED
+CVE-2023-0880 (Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prio ...)
+ TODO: check
+CVE-2023-0879 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)
+ TODO: check
+CVE-2023-0878 (Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framewo ...)
+ TODO: check
+CVE-2023-0877 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11. ...)
+ TODO: check
+CVE-2023-0876
+ RESERVED
+CVE-2023-0875
+ RESERVED
+CVE-2023-0874
+ RESERVED
+CVE-2023-0873
+ RESERVED
CVE-2023-25932
RESERVED
CVE-2023-25931
@@ -56,8 +118,8 @@ CVE-2023-0868
RESERVED
CVE-2023-0867
RESERVED
-CVE-2023-0866
- RESERVED
+CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...)
+ TODO: check
CVE-2023-0865
RESERVED
CVE-2023-0864
@@ -88,14 +150,14 @@ CVE-2023-0852
RESERVED
CVE-2023-0851
RESERVED
-CVE-2022-48327
- RESERVED
-CVE-2022-48326
- RESERVED
-CVE-2022-48325
- RESERVED
-CVE-2022-48324
- RESERVED
+CVE-2022-48327 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...)
+ TODO: check
+CVE-2022-48326 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...)
+ TODO: check
+CVE-2022-48325 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...)
+ TODO: check
+CVE-2022-48324 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...)
+ TODO: check
CVE-2021-46874
RESERVED
CVE-2023-25909
@@ -460,8 +522,8 @@ CVE-2023-25758 (Onekey Touch devices through 4.0.0 and Onekey Mini devices throu
NOT-FOR-US: Onekey
CVE-2023-0822
RESERVED
-CVE-2023-0821
- RESERVED
+CVE-2023-0821 (HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 job ...)
+ TODO: check
CVE-2023-0820
RESERVED
CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2. ...)
@@ -4793,12 +4855,12 @@ CVE-2023-24223
RESERVED
CVE-2023-24222
RESERVED
-CVE-2023-24221
- RESERVED
-CVE-2023-24220
- RESERVED
-CVE-2023-24219
- RESERVED
+CVE-2023-24221 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...)
+ TODO: check
+CVE-2023-24220 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...)
+ TODO: check
+CVE-2023-24219 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...)
+ TODO: check
CVE-2023-24218
RESERVED
CVE-2023-24217
@@ -5079,8 +5141,8 @@ CVE-2023-24080
RESERVED
CVE-2023-24079
RESERVED
-CVE-2023-24078
- RESERVED
+CVE-2023-24078 (Real Time Logic FuguHub v8.1 and earlier was discovered to contain a r ...)
+ TODO: check
CVE-2023-24077
RESERVED
CVE-2023-24076
@@ -6258,8 +6320,8 @@ CVE-2023-23697 (Dell Command | Intel vPro Out of Band, versions before 4.4.0, co
NOT-FOR-US: Dell
CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain ...)
NOT-FOR-US: Dell
-CVE-2023-23695
- RESERVED
+CVE-2023-23695 (Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken ...)
+ TODO: check
CVE-2023-23694
RESERVED
CVE-2023-23693
@@ -6864,6 +6926,7 @@ CVE-2023-23530
RESERVED
CVE-2023-23529 [Processing maliciously crafted web content may lead to arbitrary code execution]
RESERVED
+ {DSA-5352-1 DSA-5351-1}
- webkit2gtk 2.38.5-1
- wpewebkit 2.38.5-1
NOTE: https://webkitgtk.org/security/WSA-2023-0002.html
@@ -9405,7 +9468,8 @@ CVE-2022-4879 (A vulnerability was found in Forged Alliance Forever up to 3746.
NOT-FOR-US: Forged Alliance Forever
CVE-2022-4878 (A vulnerability classified as critical has been found in JATOS. Affect ...)
NOT-FOR-US: JATOS
-CVE-2020-36643 (A vulnerability was found in intgr uqm-wasm. It has been classified as ...)
+CVE-2020-36643
+ REJECTED
NOT-FOR-US: intgr uqm-wasm
CVE-2020-36642 (A vulnerability was found in trampgeek jobe up to 1.6.x and classified ...)
NOT-FOR-US: trampgeek jobe
@@ -11832,8 +11896,8 @@ CVE-2020-36620 (A vulnerability was found in Brondahl EnumStringValues up to 4.0
NOT-FOR-US: Brondahl EnumStringValues
CVE-2023-22381
RESERVED
-CVE-2023-22380
- RESERVED
+CVE-2023-22380 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
+ TODO: check
CVE-2023-22373 (Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3 ...)
NOT-FOR-US: CONPROSYS
CVE-2023-22339 (Improper access control vulnerability in CONPROSYS HMI System (CHS) Ve ...)
@@ -12224,8 +12288,8 @@ CVE-2022-47705
RESERVED
CVE-2022-47704
RESERVED
-CVE-2022-47703
- RESERVED
+CVE-2022-47703 (TIANJIE CPE906-3 is vulnerable to password disclosure. This is present ...)
+ TODO: check
CVE-2022-47702
RESERVED
CVE-2022-47701 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...)
@@ -24619,8 +24683,8 @@ CVE-2022-44301
RESERVED
CVE-2022-44300
RESERVED
-CVE-2022-44299
- RESERVED
+CVE-2022-44299 (SiteServerCMS 7.1.3 sscms has a file read vulnerability. ...)
+ TODO: check
CVE-2022-44298 (SiteServer CMS 7.1.3 is vulnerable to SQL Injection. ...)
NOT-FOR-US: SiteServer CMS
CVE-2022-44297 (SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. ...)
@@ -33318,8 +33382,7 @@ CVE-2022-41646
RESERVED
CVE-2022-41628
RESERVED
-CVE-2022-41614
- RESERVED
+CVE-2022-41614 (Insufficiently protected credentials in the Intel(R) ON Event Series A ...)
NOT-FOR-US: Intel
CVE-2022-40974
RESERVED
@@ -33833,8 +33896,8 @@ CVE-2022-41558 (The Visualizations component of TIBCO Software Inc.'s TIBCO Spot
NOT-FOR-US: TIBCO
CVE-2022-41342 (Improper buffer restrictions the Intel(R) C++ Compiler Classic before ...)
NOT-FOR-US: Intel
-CVE-2022-41314
- RESERVED
+CVE-2022-41314 (Uncontrolled search path in some Intel(R) Network Adapter installer so ...)
+ TODO: check
CVE-2022-40982
RESERVED
CVE-2022-40971
@@ -37577,8 +37640,8 @@ CVE-2022-40082 (Hertz v0.3.0 ws discovered to contain a path traversal vulnerabi
NOT-FOR-US: Hertz
CVE-2022-40081
RESERVED
-CVE-2022-40080
- RESERVED
+CVE-2022-40080 (Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in th ...)
+ TODO: check
CVE-2022-40079
RESERVED
CVE-2022-40078
@@ -42076,8 +42139,7 @@ CVE-2022-38401 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier)
NOT-FOR-US: Adobe
CVE-2022-38102
RESERVED
-CVE-2022-38090
- RESERVED
+CVE-2022-38090 (Improper isolation of shared resources in some Intel(R) Processors whe ...)
- intel-microcode <unfixed> (bug #1031334)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
@@ -43115,12 +43177,12 @@ CVE-2022-38076
CVE-2022-38060 (A privilege escalation vulnerability exists in the sudo functionality ...)
- kolla <itp> (bug #804128)
NOTE: https://bugs.launchpad.net/kolla/+bug/1985784
-CVE-2022-38056
- RESERVED
+CVE-2022-38056 (Improper neutralization in the Intel(R) EMA software before version 1. ...)
+ TODO: check
CVE-2022-37336
RESERVED
-CVE-2022-37329
- RESERVED
+CVE-2022-37329 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Sta ...)
+ TODO: check
CVE-2022-36406
RESERVED
CVE-2022-36351
@@ -45128,8 +45190,8 @@ CVE-2022-37347 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to a
NOT-FOR-US: Trend Micro
CVE-2022-37341
RESERVED
-CVE-2022-37340
- RESERVED
+CVE-2022-37340 (Uncontrolled search path in some Intel(R) QAT drivers for Windows befo ...)
+ TODO: check
CVE-2022-37326
RESERVED
CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, an ...)
@@ -45180,14 +45242,14 @@ CVE-2022-37305 (The Remote Keyless Entry (RKE) receiving unit on certain Honda v
NOT-FOR-US: Remote Keyless Entry (RKE) receiving unit on Honda vehicles
CVE-2022-36426
RESERVED
-CVE-2022-36397
- RESERVED
-CVE-2022-36369
- RESERVED
+CVE-2022-36397 (Incorrect default permissions in the software installer for some Intel ...)
+ TODO: check
+CVE-2022-36369 (Improper access control in some QATzip software maintained by Intel(R) ...)
+ TODO: check
CVE-2022-36353
RESERVED
-CVE-2022-36348
- RESERVED
+CVE-2022-36348 (Active debug code in some Intel (R) SPS firmware before version SPS_E5 ...)
+ TODO: check
CVE-2022-36291
RESERVED
CVE-2022-36281
@@ -46252,16 +46314,16 @@ CVE-2022-36944 (Scala 2.13.x before 2.13.9 has a Java deserialization chain in i
- scala <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/scala/scala/pull/10118
NOTE: https://github.com/scala/scala/commit/f24c226211eb340c999d810013efbff35a49863f (v2.13.9)
-CVE-2022-36797
- RESERVED
-CVE-2022-36794
- RESERVED
+CVE-2022-36797 (Protection mechanism failure in the Intel(R) Ethernet 500 Series Contr ...)
+ TODO: check
+CVE-2022-36794 (Improper condition check in some Intel(R) SPS firmware before version ...)
+ TODO: check
CVE-2022-36792
RESERVED
CVE-2022-36421
RESERVED
-CVE-2022-36416
- RESERVED
+CVE-2022-36416 (Protection mechanism failure in the Intel(R) Ethernet 500 Series Contr ...)
+ TODO: check
CVE-2022-36393
RESERVED
CVE-2022-36366
@@ -47405,16 +47467,16 @@ CVE-2022-36392
RESERVED
CVE-2022-36384 (Unquoted search path in the installer software for some Intel(r) NUC K ...)
NOT-FOR-US: Intel
-CVE-2022-36382
- RESERVED
+CVE-2022-36382 (Out-of-bounds write in firmware for some Intel(R) Ethernet Network Con ...)
+ TODO: check
CVE-2022-36380 (Uncontrolled search path in the installer software for some Intel(r) N ...)
NOT-FOR-US: Intel
CVE-2022-36370 (Improper authentication in BIOS firmware for some Intel(R) NUC Boards ...)
NOT-FOR-US: Intel
CVE-2022-36283
RESERVED
-CVE-2022-34864
- RESERVED
+CVE-2022-34864 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector softwa ...)
+ TODO: check
CVE-2022-34859
RESERVED
CVE-2022-33963
@@ -47449,8 +47511,8 @@ CVE-2022-36409
RESERVED
CVE-2022-36408
REJECTED
-CVE-2022-36398
- RESERVED
+CVE-2022-36398 (Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool ...)
+ TODO: check
CVE-2022-36396
RESERVED
CVE-2022-36395
@@ -47459,14 +47521,14 @@ CVE-2022-36377 (Incorrect default permissions in the installer software for some
NOT-FOR-US: Intel
CVE-2022-36374
RESERVED
-CVE-2022-36287
- RESERVED
-CVE-2022-36278
- RESERVED
+CVE-2022-36287 (Uncaught exception in the FCS Server software maintained by Intel befo ...)
+ TODO: check
+CVE-2022-36278 (Insufficient control flow management in the Intel(R) Battery Life Diag ...)
+ TODO: check
CVE-2022-34855
RESERVED
-CVE-2022-34153
- RESERVED
+CVE-2022-34153 (Improper initialization in the Intel(R) Battery Life Diagnostic Tool s ...)
+ TODO: check
CVE-2022-34147
RESERVED
CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
@@ -47598,21 +47660,20 @@ CVE-2022-36364 (Apache Calcite Avatica JDBC driver creates HTTP client instances
NOT-FOR-US: Apache Calcite
CVE-2022-36298
RESERVED
-CVE-2022-35729
- RESERVED
+CVE-2022-35729 (Out of bounds read in firmware for OpenBMC in some Intel(R) platforms ...)
+ TODO: check
CVE-2022-34848
RESERVED
CVE-2022-34846
RESERVED
CVE-2022-34657
RESERVED
-CVE-2022-33196
- RESERVED
+CVE-2022-33196 (Incorrect default permissions in some memory controller configurations ...)
- intel-microcode <unfixed> (bug #1031334)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
-CVE-2022-32570
- RESERVED
+CVE-2022-32570 (Improper authentication in the Intel(R) Quartus Prime Pro and Standard ...)
+ TODO: check
CVE-2022-32232
RESERVED
CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens because of ...)
@@ -47682,12 +47743,12 @@ CVE-2022-35727
RESERVED
CVE-2022-34852
RESERVED
-CVE-2022-34849
- RESERVED
-CVE-2022-29494
- RESERVED
-CVE-2022-29493
- RESERVED
+CVE-2022-34849 (Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows ...)
+ TODO: check
+CVE-2022-29494 (Improper input validation in firmware for OpenBMC in some Intel(R) pla ...)
+ TODO: check
+CVE-2022-29493 (Uncaught exception in webserver for the Integrated BMC in some Intel(R ...)
+ TODO: check
CVE-2022-2501 (An improper access control issue in GitLab EE affecting all versions f ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-2500 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
@@ -47816,22 +47877,22 @@ CVE-2022-36294
RESERVED
CVE-2022-36290
RESERVED
-CVE-2022-36289
- RESERVED
-CVE-2022-35883
- RESERVED
+CVE-2022-36289 (Protection mechanism failure in the Intel(R) Media SDK software before ...)
+ TODO: check
+CVE-2022-35883 (NULL pointer dereference in the Intel(R) Media SDK software before ver ...)
+ TODO: check
CVE-2022-35274
RESERVED
CVE-2022-35237
RESERVED
CVE-2022-34860
RESERVED
-CVE-2022-34843
- RESERVED
+CVE-2022-34843 (Integer overflow in the Intel(R) Trace Analyzer and Collector software ...)
+ TODO: check
CVE-2022-33949
RESERVED
-CVE-2022-32575
- RESERVED
+CVE-2022-32575 (Out-of-bounds write in the Intel(R) Trace Analyzer and Collector softw ...)
+ TODO: check
CVE-2022-2485 (Any attempt (good or bad) to log into AutomationDirect Stride Field I/ ...)
NOT-FOR-US: AutomationDirect
CVE-2022-2484 (The signature check in the Nokia ASIK AirScale system module version 4 ...)
@@ -49364,8 +49425,8 @@ CVE-2022-33144
RESERVED
CVE-2022-29870
RESERVED
-CVE-2022-27170
- RESERVED
+CVE-2022-27170 (Protection mechanism failure in the Intel(R) Media SDK software before ...)
+ TODO: check
CVE-2022-2395 (The weForms WordPress plugin before 1.6.14 does not sanitise and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive parameters wh ...)
@@ -51656,16 +51717,15 @@ CVE-2022-34863
RESERVED
CVE-2022-34856
RESERVED
-CVE-2022-34854
- RESERVED
-CVE-2022-34841
- RESERVED
+CVE-2022-34854 (Improper access control in the Intel(R) SUR software before version 2. ...)
+ TODO: check
+CVE-2022-34841 (Improper buffer restrictions in the Intel(R) Media SDK software before ...)
+ TODO: check
CVE-2022-34488 (Improper buffer restrictions in the firmware for some Intel(R) NUC Lap ...)
NOT-FOR-US: Intel
-CVE-2022-34346
- RESERVED
-CVE-2022-33972
- RESERVED
+CVE-2022-34346 (Out-of-bounds read in the Intel(R) Media SDK software before version 2 ...)
+ TODO: check
+CVE-2022-33972 (Incorrect calculation in microcode keying mechanism for some 3rd Gener ...)
- intel-microcode <unfixed> (bug #1031334)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00730.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
@@ -51673,8 +51733,8 @@ CVE-2022-33197
RESERVED
CVE-2022-32581
RESERVED
-CVE-2022-30531
- RESERVED
+CVE-2022-30531 (Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows ...)
+ TODO: check
CVE-2022-2287 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. ...)
- vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284/
@@ -52599,24 +52659,24 @@ CVE-2022-34646
RESERVED
CVE-2022-34345 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...)
NOT-FOR-US: Intel
-CVE-2022-34157
- RESERVED
-CVE-2022-33964
- RESERVED
-CVE-2022-33946
- RESERVED
-CVE-2022-33190
- RESERVED
-CVE-2022-32971
- RESERVED
+CVE-2022-34157 (Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with I ...)
+ TODO: check
+CVE-2022-33964 (Improper input validation in the Intel(R) SUR software before version ...)
+ TODO: check
+CVE-2022-33946 (Improper authentication in the Intel(R) SUR software before version 2. ...)
+ TODO: check
+CVE-2022-33190 (Improper input validation in the Intel(R) SUR software before version ...)
+ TODO: check
+CVE-2022-32971 (Improper authentication in the Intel(R) SUR software before version 2. ...)
+ TODO: check
CVE-2022-32579 (Improper initialization in the firmware for some Intel(R) NUC Laptop K ...)
NOT-FOR-US: Intel
-CVE-2022-31476
- RESERVED
-CVE-2022-30692
- RESERVED
-CVE-2022-29514
- RESERVED
+CVE-2022-31476 (Improper access control in the Intel(R) SUR software before version 2. ...)
+ TODO: check
+CVE-2022-30692 (Improper conditions check in the Intel(R) SUR software before version ...)
+ TODO: check
+CVE-2022-29514 (Improper access control in the Intel(R) SUR software before version 2. ...)
+ TODO: check
CVE-2022-27168 (Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 ...)
NOT-FOR-US: LiteCart
CVE-2022-2214 (A vulnerability was found in SourceCodester Library Management System ...)
@@ -54375,16 +54435,16 @@ CVE-2022-33973 (Improper access control in the Intel(R) WAPI Security software f
NOT-FOR-US: Intel
CVE-2022-33898
RESERVED
-CVE-2022-32764
- RESERVED
+CVE-2022-32764 (Description: Race condition in the Intel(R) DSA software before versio ...)
+ TODO: check
CVE-2022-32582
RESERVED
CVE-2022-32577
RESERVED
CVE-2022-32576
RESERVED
-CVE-2022-30530
- RESERVED
+CVE-2022-30530 (Protection mechanism failure in the Intel(R) DSA software before versi ...)
+ TODO: check
CVE-2022-29895
RESERVED
CVE-2022-29871
@@ -54514,16 +54574,16 @@ CVE-2022-33945
RESERVED
CVE-2022-33942 (Protection mechanism failure in the Intel(R) DCM software before versi ...)
NOT-FOR-US: Intel
-CVE-2022-33902
- RESERVED
+CVE-2022-33902 (Insufficient control flow management in the Intel(R) Quartus Prime Pro ...)
+ TODO: check
CVE-2022-33899
RESERVED
CVE-2022-33895
RESERVED
CVE-2022-33894
RESERVED
-CVE-2022-33892
- RESERVED
+CVE-2022-33892 (Path traversal in the Intel(R) Quartus Prime Pro and Standard edition ...)
+ TODO: check
CVE-2022-33209 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...)
NOT-FOR-US: Intel
CVE-2022-33200
@@ -54550,12 +54610,12 @@ CVE-2022-32288
RESERVED
CVE-2022-32233
RESERVED
-CVE-2022-32231
- RESERVED
+CVE-2022-32231 (Improper initialization in the BIOS firmware for some Intel(R) Process ...)
+ TODO: check
CVE-2022-31477
RESERVED
-CVE-2022-30704
- RESERVED
+CVE-2022-30704 (Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R ...)
+ TODO: check
CVE-2022-30691 (Uncontrolled resource consumption in the Intel(R) Support Android appl ...)
NOT-FOR-US: Intel
CVE-2022-30606
@@ -57811,14 +57871,14 @@ CVE-2022-30601 (Insufficiently protected credentials for Intel(R) AMT and Intel(
NOT-FOR-US: Intel
CVE-2022-30542 (Improper input validation in the firmware for some Intel(R) Server Boa ...)
NOT-FOR-US: Intel
-CVE-2022-30539
- RESERVED
+CVE-2022-30539 (Use after free in the BIOS firmware for some Intel(R) Processors may a ...)
+ TODO: check
CVE-2022-29920
RESERVED
CVE-2022-29896
RESERVED
-CVE-2022-29523
- RESERVED
+CVE-2022-29523 (Improper conditions check in the Open CAS software maintained by Intel ...)
+ TODO: check
CVE-2022-28699
RESERVED
CVE-2022-28697 (Improper access control in firmware for Intel(R) AMT and Intel(R) Stan ...)
@@ -63970,8 +64030,8 @@ CVE-2022-1671 (A NULL pointer dereference flaw was found in rxrpc_preparse_s in
NOTE: Fixed by: https://git.kernel.org/linus/ff8376ade4f668130385839cef586a0990f8ef87 (5.18-rc1)
CVE-2022-30548 (Uncontrolled search path element in the Intel(R) Glorp software may al ...)
NOT-FOR-US: Intel
-CVE-2022-30339
- RESERVED
+CVE-2022-30339 (Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solu ...)
+ TODO: check
CVE-2022-30338
RESERVED
CVE-2022-30296 (Insufficiently protected credentials in the Intel(R) Datacenter Group ...)
@@ -63998,8 +64058,8 @@ CVE-2022-28693
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html
CVE-2022-27877
RESERVED
-CVE-2022-27808
- RESERVED
+CVE-2022-27808 (Insufficient control flow management in some Intel(R) Ethernet Control ...)
+ TODO: check
CVE-2022-26844 (Insufficiently protected credentials in the installation binaries for ...)
NOT-FOR-US: Intel
CVE-2022-26374 (Uncontrolled search path in the installation binaries for Intel(R) SEA ...)
@@ -69397,26 +69457,26 @@ CVE-2022-27631 (A memory corruption vulnerability exists in the httpd unescape f
NOT-FOR-US: DD-WRT
CVE-2022-27499 (Premature release of resource during expected lifetime in the Intel(R) ...)
NOT-FOR-US: Intel
-CVE-2022-27234
- RESERVED
+CVE-2022-27234 (Server-side request forgery in the CVAT software maintained by Intel(R ...)
+ TODO: check
CVE-2022-27187 (Uncontrolled search path element in the Intel(R) Quartus Prime Standar ...)
NOT-FOR-US: Intel
CVE-2022-27173
RESERVED
CVE-2022-26845 (Improper authentication in firmware for Intel(R) AMT before versions 1 ...)
NOT-FOR-US: Intel
-CVE-2022-26841
- RESERVED
-CVE-2022-26837
- RESERVED
+CVE-2022-26841 (Insufficient control flow management for the Intel(R) SGX SDK software ...)
+ TODO: check
+CVE-2022-26837 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
+ TODO: check
CVE-2022-26833 (An improper authentication vulnerability exists in the REST API functi ...)
NOT-FOR-US: Open Automation Software
CVE-2022-26515
RESERVED
CVE-2022-26513 (Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software befor ...)
NOT-FOR-US: Intel
-CVE-2022-26509
- RESERVED
+CVE-2022-26509 (Improper conditions check in the Intel(R) SGX SDK software may allow a ...)
+ TODO: check
CVE-2022-26508 (Improper authentication in the Intel(R) SDP Tool before version 3.0.0 ...)
NOT-FOR-US: Intel
CVE-2022-26376 (A memory corruption vulnerability exists in the httpd unescape functio ...)
@@ -72960,10 +73020,10 @@ CVE-2022-27180
RESERVED
CVE-2022-26889 (In Splunk Enterprise versions before 8.1.2, the uri path to load a rel ...)
NOT-FOR-US: Splunk
-CVE-2022-26888
- RESERVED
-CVE-2022-26840
- RESERVED
+CVE-2022-26888 (Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard ed ...)
+ TODO: check
+CVE-2022-26840 (Improper neutralization in the Intel(R) Quartus Prime Pro and Standard ...)
+ TODO: check
CVE-2022-26070 (When handling a mismatched pre-authentication cookie, the application ...)
NOT-FOR-US: Splunk
CVE-2022-26024 (Improper access control in the Intel(R) NUC HDMI Firmware Update Tool ...)
@@ -74975,8 +75035,7 @@ CVE-2022-26849
RESERVED
CVE-2022-26848
RESERVED
-CVE-2022-26843
- RESERVED
+CVE-2022-26843 (Insufficient visual distinction of homoglyphs presented to user in the ...)
NOT-FOR-US: Intel
CVE-2022-26832 (.NET Framework Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
@@ -75078,40 +75137,31 @@ CVE-2022-26784 (Windows Cluster Shared Volume (CSV) Denial of Service Vulnerabil
NOT-FOR-US: Microsoft
CVE-2022-26783 (Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulne ...)
NOT-FOR-US: Microsoft
-CVE-2022-26512
- RESERVED
+CVE-2022-26512 (Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel ...)
NOT-FOR-US: Intel
-CVE-2022-26425
- RESERVED
+CVE-2022-26425 (Uncontrolled search path element in the Intel(R) oneAPI Collective Com ...)
NOT-FOR-US: Intel
-CVE-2022-26421
- RESERVED
+CVE-2022-26421 (Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Comp ...)
NOT-FOR-US: Intel
CVE-2022-26342 (A buffer overflow vulnerability exists in the confsrv ucloud_set_node_ ...)
NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
-CVE-2022-26076
- RESERVED
+CVE-2022-26076 (Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Ne ...)
NOT-FOR-US: Intel
-CVE-2022-26062
- RESERVED
+CVE-2022-26062 (Uncontrolled search path element in the Intel(R) Trace Analyzer and Co ...)
NOT-FOR-US: Intel
-CVE-2022-26052
- RESERVED
+CVE-2022-26052 (Uncontrolled search path element in the Intel(R) MPI Library before ve ...)
NOT-FOR-US: Intel
-CVE-2022-26032
- RESERVED
+CVE-2022-26032 (Uncontrolled search path element in the Intel(R) Distribution for Pyth ...)
NOT-FOR-US: Intel
CVE-2022-26009 (A stack-based buffer overflow vulnerability exists in the confsrv uclo ...)
NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-25996 (A stack-based buffer overflow vulnerability exists in the confsrv addT ...)
NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
-CVE-2022-25987
- RESERVED
+CVE-2022-25987 (Improper handling of Unicode encoding in source code to be compiled by ...)
NOT-FOR-US: Intel
CVE-2022-25915 (Improper access control vulnerability in ELECOM LAN routers (WRC-1167G ...)
NOT-FOR-US: ELECOM LAN routers
-CVE-2022-25905
- RESERVED
+CVE-2022-25905 (Uncontrolled search path element in the Intel(R) oneAPI Data Analytics ...)
NOT-FOR-US: Intel
CVE-2022-0910 (A downgrade from two-factor authentication to one-factor authenticatio ...)
NOT-FOR-US: Zyxel
@@ -76383,11 +76433,10 @@ CVE-2022-26351
REJECTED
CVE-2022-26350
RESERVED
-CVE-2022-26345
- RESERVED
+CVE-2022-26345 (Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP ...)
NOT-FOR-US: Intel
-CVE-2022-26343
- RESERVED
+CVE-2022-26343 (Improper access control in the BIOS firmware for some Intel(R) Process ...)
+ TODO: check
CVE-2022-26337 (Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 a ...)
NOT-FOR-US: Trend Micro
CVE-2022-26336 (A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allow ...)
@@ -76422,8 +76471,7 @@ CVE-2022-26006 (Improper input validation in the BIOS firmware for some Intel(R)
NOT-FOR-US: Intel
CVE-2022-25999 (Uncontrolled search path element in the Intel(R) Enpirion(R) Digital P ...)
NOT-FOR-US: Intel
-CVE-2022-25992
- RESERVED
+CVE-2022-25992 (Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi- ...)
NOT-FOR-US: Intel
CVE-2022-25966 (Improper access control in the Intel(R) Edge Insights for Industrial s ...)
NOT-FOR-US: Intel
@@ -79468,8 +79516,8 @@ CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse
NOTE: https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788 (1.5.7)
CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
NOT-FOR-US: microweber
-CVE-2022-0637
- RESERVED
+CVE-2022-0637 (There was an open redirection vulnerability pollbot, which was used in ...)
+ TODO: check
CVE-2022-0636 (A denial of service vulnerability was reported in Lenovo Thin Installe ...)
NOT-FOR-US: Lenovo
CVE-2022-0635 (Versions affected: BIND 9.18.0 When a vulnerable version of named rece ...)
@@ -94961,8 +95009,8 @@ CVE-2022-21175
RESERVED
CVE-2022-21171
RESERVED
-CVE-2022-21163
- RESERVED
+CVE-2022-21163 (Improper access control in the Crypto API Toolkit for Intel(R) SGX bef ...)
+ TODO: check
CVE-2022-21162
RESERVED
CVE-2022-21161
@@ -99434,8 +99482,7 @@ CVE-2021-43746 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access
NOT-FOR-US: Adobe
CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
- snipe-it <itp> (bug #1005172)
-CVE-2022-21216
- RESERVED
+CVE-2022-21216 (Insufficient granularity of access control in out-of-band management i ...)
- intel-microcode <unfixed> (bug #1031334)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
@@ -100138,8 +100185,7 @@ CVE-2021-43531 (When a user loaded a Web Extensions context menu, the Web Extens
CVE-2021-43530 (A Universal XSS vulnerability was present in Firefox for Android resul ...)
- firefox 94.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43530
-CVE-2021-43529
- RESERVED
+CVE-2021-43529 (Thunderbird versions prior to 91.3.0 are vulnerable to the heap overfl ...)
{DSA-5034-1 DLA-2874-1}
- thunderbird 1:91.3.0-1
NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6
@@ -128704,8 +128750,8 @@ CVE-2021-33106 (Integer overflow in the Safestring library maintained by Intel(R
NOT-FOR-US: Intel
CVE-2021-33105 (Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM ...)
NOT-FOR-US: Intel
-CVE-2021-33104
- RESERVED
+CVE-2021-33104 (Improper access control in the Intel(R) OFU software before version 14 ...)
+ TODO: check
CVE-2021-33103 (Unintended intermediary in the BIOS authenticated code module for some ...)
NOT-FOR-US: Intel
CVE-2021-33102
@@ -152006,8 +152052,7 @@ CVE-2021-23981 (A texture upload of a Pixel Buffer Object could have confused th
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23981
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23981
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23981
-CVE-2021-23980 [mutation XSS via allowed math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False]
- RESERVED
+CVE-2021-23980 (A mutation XSS affects users calling bleach.clean with all of: svg or ...)
{DSA-4892-1 DLA-2620-1}
- python-bleach 3.2.1-2.1 (bug #986251)
NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq
@@ -174566,8 +174611,8 @@ CVE-2021-0189 (Use of out-of-range pointer offset in the BIOS firmware for some
NOT-FOR-US: Intel
CVE-2021-0188 (Return of pointer value outside of expected range in the BIOS firmware ...)
NOT-FOR-US: Intel
-CVE-2021-0187
- RESERVED
+CVE-2021-0187 (Improper access control in the BIOS firmware for some Intel(R) Process ...)
+ TODO: check
CVE-2021-0186 (Improper input validation in the Intel(R) SGX SDK applications compile ...)
NOT-FOR-US: Intel
CVE-2021-0185 (Improper input validation in the firmware for some Intel(R) Server Boa ...)
@@ -210867,8 +210912,7 @@ CVE-2020-12415 (When "%2F" was present in a manifest URL, Firefox's AppCache beh
CVE-2020-12414 (IndexedDB should be cleared when leaving private browsing mode and it ...)
- firefox <not-affected> (Specific to Firefox on iOS)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/#CVE-2020-12414
-CVE-2020-12413 [racoon attack for NSS]
- RESERVED
+CVE-2020-12413 (The Raccoon attack is a timing attack on DHE ciphersuites inherit in t ...)
- nss 2:3.17-1
[buster] - nss <no-dsa> (Minor issue)
[stretch] - nss <no-dsa> (Minor issue)
@@ -226664,8 +226708,7 @@ CVE-2020-6819 (Under certain conditions, when running the nsDocShell destructor,
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6819
CVE-2020-6818
RESERVED
-CVE-2020-6817 [Regular expression denial of service]
- RESERVED
+CVE-2020-6817 (bleach.clean behavior parsing style attributes could result in a regul ...)
{DLA-2167-1}
- python-bleach 3.1.4-1 (bug #955388)
[buster] - python-bleach <no-dsa> (Minor issue; some regression potential)
@@ -250994,8 +251037,8 @@ CVE-2019-17005 (The plain text serializer used a fixed-size array for the number
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17005
CVE-2019-17004
RESERVED
-CVE-2019-17003
- RESERVED
+CVE-2019-17003 (Scanning a QR code that contained a javascript: URL would have resulte ...)
+ TODO: check
CVE-2019-17002 (If upgrade-insecure-requests was specified in the Content Security Pol ...)
- firefox 70.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17002
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7914391e074c20965f51b8463904ff476ee157b7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7914391e074c20965f51b8463904ff476ee157b7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230217/7b53f8ef/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list