[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 4 08:10:33 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
db1c6f02 by security tracker role at 2023-01-04T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2023-22602
+ RESERVED
+CVE-2023-22601
+ RESERVED
+CVE-2023-22600
+ RESERVED
+CVE-2023-22599
+ RESERVED
+CVE-2023-22598
+ RESERVED
+CVE-2023-22597
+ RESERVED
+CVE-2023-22596
+ RESERVED
+CVE-2023-22595
+ RESERVED
+CVE-2023-22594
+ RESERVED
+CVE-2023-22593
+ RESERVED
+CVE-2023-22592
+ RESERVED
+CVE-2023-22591
+ RESERVED
+CVE-2023-22590
+ RESERVED
+CVE-2023-22589
+ RESERVED
+CVE-2023-22588
+ RESERVED
+CVE-2023-22587
+ RESERVED
+CVE-2023-0043
+ RESERVED
+CVE-2023-0042
+ RESERVED
+CVE-2023-0041
+ RESERVED
CVE-2023-22586
RESERVED
CVE-2023-22585
@@ -8460,8 +8498,8 @@ CVE-2022-46083
RESERVED
CVE-2022-46082
RESERVED
-CVE-2022-46081
- RESERVED
+CVE-2022-46081 (In Garmin Connect 4.61, terminating a LiveTrack session wouldn't preve ...)
+ TODO: check
CVE-2022-46080
RESERVED
CVE-2022-46079
@@ -8946,8 +8984,8 @@ CVE-2022-45868 (The web-based admin console in H2 Database Engine through 2.1.21
- h2database <unfixed> (unimportant)
NOTE: Not cosidered a vulnerability of H2 Console by vendor. Passwords should never be
NOTE: passed on the command line.
-CVE-2022-45867
- RESERVED
+CVE-2022-45867 (MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages ...)
+ TODO: check
CVE-2022-45866 (qpress before PierreLvx/qpress 20220819 and before version 11.3, as us ...)
NOT-FOR-US: qpress
CVE-2022-4136 (Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4 ...)
@@ -10075,6 +10113,7 @@ CVE-2022-4027 (The Simple:Press plugin for WordPress is vulnerable to Stored Cro
CVE-2022-4026
RESERVED
CVE-2022-4025 (Inappropriate implementation in Paint in Google Chrome prior to 98.0.4 ...)
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-4024 (The Registration Forms WordPress plugin before 3.8.1.3 does not have a ...)
@@ -12200,17 +12239,17 @@ CVE-2022-44757
RESERVED
CVE-2022-44756 (Insights for Vulnerability Remediation (IVR) is vulnerable to improper ...)
NOT-FOR-US: HCL
-CVE-2022-44755 (IBM Notes is susceptible to a stack based buffer overflow vulnerabilit ...)
+CVE-2022-44755 (HCL Notes is susceptible to a stack based buffer overflow vulnerabilit ...)
NOT-FOR-US: IBM
-CVE-2022-44754 (IBM Domino is susceptible to a stack based buffer overflow vulnerabili ...)
+CVE-2022-44754 (HCL Domino is susceptible to a stack based buffer overflow vulnerabili ...)
NOT-FOR-US: IBM
-CVE-2022-44753 (IBM Notes is susceptible to a stack based buffer overflow vulnerabilit ...)
+CVE-2022-44753 (HCL Notes is susceptible to a stack based buffer overflow vulnerabilit ...)
NOT-FOR-US: IBM
-CVE-2022-44752 (IBM Domino is susceptible to a stack based buffer overflow vulnerabili ...)
+CVE-2022-44752 (HCL Domino is susceptible to a stack based buffer overflow vulnerabili ...)
NOT-FOR-US: IBM
-CVE-2022-44751 (IBM Notes is susceptible to a stack based buffer overflow vulnerabilit ...)
+CVE-2022-44751 (HCL Notes is susceptible to a stack based buffer overflow vulnerabilit ...)
NOT-FOR-US: IBM
-CVE-2022-44750 (IBM Domino is susceptible to a stack based buffer overflow vulnerabili ...)
+CVE-2022-44750 (HCL Domino is susceptible to a stack based buffer overflow vulnerabili ...)
NOT-FOR-US: IBM
CVE-2022-44747 (Local privilege escalation due to improper soft link handling. The fol ...)
NOT-FOR-US: Acronis
@@ -12255,6 +12294,7 @@ CVE-2022-3865 (The WP User Merger WordPress plugin before 1.5.3 does not properl
CVE-2022-3864
RESERVED
CVE-2022-3863 (Use after free in Browser History in Google Chrome prior to 100.0.4896 ...)
+ {DSA-5114-1}
- chromium 100.0.4896.75-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-21418
@@ -13604,6 +13644,7 @@ CVE-2022-42465
CVE-2022-3843
RESERVED
CVE-2022-3842 (Use after free in Passwords in Google Chrome prior to 105.0.5195.125 a ...)
+ {DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3841
@@ -13975,10 +14016,10 @@ CVE-2022-44537
RESERVED
CVE-2022-44536
RESERVED
-CVE-2022-44535
- RESERVED
-CVE-2022-44534
- RESERVED
+CVE-2022-44535 (A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-b ...)
+ TODO: check
+CVE-2022-44534 (A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-b ...)
+ TODO: check
CVE-2022-44533 (A vulnerability in the Aruba EdgeConnect Enterprise web management int ...)
NOT-FOR-US: Aruba
CVE-2022-44532 (An authenticated path traversal vulnerability exists in the Aruba Edge ...)
@@ -15040,8 +15081,8 @@ CVE-2022-44038 (Russound XSourcePlayer 777D v06.08.03 was discovered to contain
NOT-FOR-US: Russound XSourcePlayer 777D
CVE-2022-44037 (An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) ...)
NOT-FOR-US: APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software
-CVE-2022-44036
- RESERVED
+CVE-2022-44036 (** DISPUTED ** In b2evolution 7.2.5, if configured with admins_can_man ...)
+ TODO: check
CVE-2022-44035
RESERVED
CVE-2022-44034 (An issue was discovered in the Linux kernel through 6.0.6. drivers/cha ...)
@@ -18106,42 +18147,42 @@ CVE-2022-43542 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line
NOT-FOR-US: Aruba
CVE-2022-43541 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...)
NOT-FOR-US: Aruba
-CVE-2022-43540
- RESERVED
-CVE-2022-43539
- RESERVED
-CVE-2022-43538
- RESERVED
-CVE-2022-43537
- RESERVED
-CVE-2022-43536
- RESERVED
-CVE-2022-43535
- RESERVED
-CVE-2022-43534
- RESERVED
-CVE-2022-43533
- RESERVED
-CVE-2022-43532
- RESERVED
-CVE-2022-43531
- RESERVED
-CVE-2022-43530
- RESERVED
-CVE-2022-43529
- RESERVED
-CVE-2022-43528
- RESERVED
-CVE-2022-43527
- RESERVED
-CVE-2022-43526
- RESERVED
-CVE-2022-43525
- RESERVED
-CVE-2022-43524
- RESERVED
-CVE-2022-43523
- RESERVED
+CVE-2022-43540 (A vulnerability exists in the ClearPass OnGuard macOS agent that allow ...)
+ TODO: check
+CVE-2022-43539 (A vulnerability exists in the ClearPass Policy Manager cluster communi ...)
+ TODO: check
+CVE-2022-43538 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
+ TODO: check
+CVE-2022-43537 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
+ TODO: check
+CVE-2022-43536 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
+ TODO: check
+CVE-2022-43535 (A vulnerability in the ClearPass OnGuard Windows agent could allow mal ...)
+ TODO: check
+CVE-2022-43534 (A vulnerability in the ClearPass OnGuard Linux agent could allow malic ...)
+ TODO: check
+CVE-2022-43533 (A vulnerability in the ClearPass OnGuard macOS agent could allow malic ...)
+ TODO: check
+CVE-2022-43532 (A vulnerability in the web-based management interface of ClearPass Pol ...)
+ TODO: check
+CVE-2022-43531 (Vulnerabilities in the web-based management interface of ClearPass Pol ...)
+ TODO: check
+CVE-2022-43530 (Vulnerabilities in the web-based management interface of ClearPass Pol ...)
+ TODO: check
+CVE-2022-43529 (A vulnerability in the web-based management interface of Aruba EdgeCon ...)
+ TODO: check
+CVE-2022-43528 (Under certain configurations, an attacker can login to Aruba EdgeConne ...)
+ TODO: check
+CVE-2022-43527 (Multiple vulnerabilities within the web-based management interface of ...)
+ TODO: check
+CVE-2022-43526 (Multiple vulnerabilities within the web-based management interface of ...)
+ TODO: check
+CVE-2022-43525 (Multiple vulnerabilities within the web-based management interface of ...)
+ TODO: check
+CVE-2022-43524 (A vulnerability in the web-based management interface of Aruba EdgeCon ...)
+ TODO: check
+CVE-2022-43523 (Multiple vulnerabilities in the web-based management interface of Arub ...)
+ TODO: check
CVE-2022-43522 (Multiple vulnerabilities in the web-based management interface of Arub ...)
NOT-FOR-US: Aruba
CVE-2022-43521 (Multiple vulnerabilities in the web-based management interface of Arub ...)
@@ -20619,8 +20660,8 @@ CVE-2022-42712
RESERVED
CVE-2022-42711 (In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application ...)
NOT-FOR-US: Progress WhatsUp Gold
-CVE-2022-42710
- RESERVED
+CVE-2022-42710 (Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.3 ...)
+ TODO: check
CVE-2022-42709
RESERVED
CVE-2022-42708
@@ -21282,8 +21323,8 @@ CVE-2022-42437
RESERVED
CVE-2022-42436
RESERVED
-CVE-2022-42435
- RESERVED
+CVE-2022-42435 (IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0. ...)
+ TODO: check
CVE-2022-42433
RESERVED
CVE-2022-42432
@@ -30872,8 +30913,8 @@ CVE-2022-38725
RESERVED
CVE-2022-38724 (Silverstripe silverstripe/framework through 4.11.0, silverstripe/asset ...)
NOT-FOR-US: SilverStripe CMS
-CVE-2022-38723
- RESERVED
+CVE-2022-38723 (Gravitee API Management before 3.15.13 allows path traversal through H ...)
+ TODO: check
CVE-2022-38722
RESERVED
CVE-2022-38721
@@ -30947,8 +30988,8 @@ CVE-2022-2969 (Delta Industrial Automation DIALink versions prior to v1.5.0.0 Be
NOT-FOR-US: Delta Industrial Automation DIALink
CVE-2022-2968
RESERVED
-CVE-2022-2967
- RESERVED
+CVE-2022-2967 (Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modb ...)
+ TODO: check
CVE-2022-2966 (Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This iss ...)
NOT-FOR-US: Delta Electronics DOPSoft
CVE-2022-2965 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
@@ -31219,8 +31260,8 @@ CVE-2022-38629
RESERVED
CVE-2022-38628 (Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, ...)
NOT-FOR-US: Nortek Linear eMerge E3-Series
-CVE-2022-38627
- RESERVED
+CVE-2022-38627 (Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, ...)
+ TODO: check
CVE-2022-38626
RESERVED
CVE-2022-38625 (** DISPUTED ** Patlite NH-FB v1.46 and below was discovered to contain ...)
@@ -35969,8 +36010,8 @@ CVE-2022-2557 (The Team WordPress plugin before 4.1.2 contains a file which coul
NOT-FOR-US: WordPress plugin
CVE-2021-46830 (A path traversal vulnerability exists within GoAnywhere MFT before 6.8 ...)
NOT-FOR-US: GoAnywhere MFT
-CVE-2022-36943
- RESERVED
+CVE-2022-36943 (SSZipArchive versions 2.5.3 and older contain an arbitrary file write ...)
+ TODO: check
CVE-2022-36942
RESERVED
CVE-2022-36941
@@ -47273,10 +47314,10 @@ CVE-2022-32667
RESERVED
CVE-2022-32666
RESERVED
-CVE-2022-32665
- RESERVED
-CVE-2022-32664
- RESERVED
+CVE-2022-32665 (In Boa, there is a possible command injection due to improper input va ...)
+ TODO: check
+CVE-2022-32664 (In Config Manager, there is a possible command injection due to improp ...)
+ TODO: check
CVE-2022-32663
RESERVED
CVE-2022-32662
@@ -47285,56 +47326,56 @@ CVE-2022-32661
RESERVED
CVE-2022-32660
RESERVED
-CVE-2022-32659
- RESERVED
-CVE-2022-32658
- RESERVED
-CVE-2022-32657
- RESERVED
+CVE-2022-32659 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...)
+ TODO: check
+CVE-2022-32658 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...)
+ TODO: check
+CVE-2022-32657 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...)
+ TODO: check
CVE-2022-32656
RESERVED
CVE-2022-32655
RESERVED
CVE-2022-32654
RESERVED
-CVE-2022-32653
- RESERVED
-CVE-2022-32652
- RESERVED
-CVE-2022-32651
- RESERVED
-CVE-2022-32650
- RESERVED
-CVE-2022-32649
- RESERVED
-CVE-2022-32648
- RESERVED
-CVE-2022-32647
- RESERVED
-CVE-2022-32646
- RESERVED
-CVE-2022-32645
- RESERVED
-CVE-2022-32644
- RESERVED
+CVE-2022-32653 (In mtk-aie, there is a possible use after free due to a logic error. T ...)
+ TODO: check
+CVE-2022-32652 (In mtk-aie, there is a possible use after free due to a logic error. T ...)
+ TODO: check
+CVE-2022-32651 (In mtk-aie, there is a possible use after free due to a logic error. T ...)
+ TODO: check
+CVE-2022-32650 (In mtk-isp, there is a possible use after free due to a logic error. T ...)
+ TODO: check
+CVE-2022-32649 (In jpeg, there is a possible use after free due to a logic error. This ...)
+ TODO: check
+CVE-2022-32648 (In disp, there is a possible use after free due to a race condition. T ...)
+ TODO: check
+CVE-2022-32647 (In ccu, there is a possible out of bounds write due to improper input ...)
+ TODO: check
+CVE-2022-32646 (In gpu drm, there is a possible stack overflow due to a missing bounds ...)
+ TODO: check
+CVE-2022-32645 (In vow, there is a possible information disclosure due to a race condi ...)
+ TODO: check
+CVE-2022-32644 (In vow, there is a possible use after free due to a race condition. Th ...)
+ TODO: check
CVE-2022-32643
RESERVED
CVE-2022-32642
RESERVED
-CVE-2022-32641
- RESERVED
-CVE-2022-32640
- RESERVED
-CVE-2022-32639
- RESERVED
-CVE-2022-32638
- RESERVED
-CVE-2022-32637
- RESERVED
-CVE-2022-32636
- RESERVED
-CVE-2022-32635
- RESERVED
+CVE-2022-32641 (In meta wifi, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2022-32640 (In meta wifi, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2022-32639 (In watchdog, there is a possible out of bounds read due to a missing b ...)
+ TODO: check
+CVE-2022-32638 (In isp, there is a possible out of bounds write due to a race conditio ...)
+ TODO: check
+CVE-2022-32637 (In hevc decoder, there is a possible out of bounds write due to a miss ...)
+ TODO: check
+CVE-2022-32636 (In keyinstall, there is a possible out of bounds write due to an integ ...)
+ TODO: check
+CVE-2022-32635 (In gps, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
CVE-2022-32634 (In ccci, there is a possible out of bounds write due to improper input ...)
NOT-FOR-US: Mediatek
CVE-2022-32633 (In Wi-Fi, there is a possible memory access violation due to a logic e ...)
@@ -47357,8 +47398,8 @@ CVE-2022-32625 (In display, there is a possible out of bounds write due to an in
NOT-FOR-US: Mediatek
CVE-2022-32624 (In throttling, there is a possible out of bounds write due to an incor ...)
NOT-FOR-US: Mediatek
-CVE-2022-32623
- RESERVED
+CVE-2022-32623 (In mdp, there is a possible out of bounds write due to incorrect error ...)
+ TODO: check
CVE-2022-32622 (In gz, there is a possible memory corruption due to a missing bounds c ...)
NOT-FOR-US: Mediatek
CVE-2022-32621 (In isp, there is a possible out of bounds write due to a race conditio ...)
@@ -75156,8 +75197,8 @@ CVE-2022-23508
RESERVED
CVE-2022-23507 (Tendermint is a high-performance blockchain consensus engine for Byzan ...)
TODO: check
-CVE-2022-23506
- RESERVED
+CVE-2022-23506 (Spinnaker is an open source, multi-cloud continuous delivery platform ...)
+ TODO: check
CVE-2022-23505 (Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens auth ...)
TODO: check
CVE-2022-23504 (TYPO3 is an open source PHP based web content management system. Versi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db1c6f02f8c8e78e0934cf588b215729d46545ae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db1c6f02f8c8e78e0934cf588b215729d46545ae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230104/77b795ab/attachment.htm>
More information about the debian-security-tracker-commits
mailing list