[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 13 08:10:22 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7a2da0ad by security tracker role at 2023-01-13T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,201 @@
+CVE-2023-23566 (A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker t ...)
+ TODO: check
+CVE-2023-23565
+ RESERVED
+CVE-2023-23564
+ RESERVED
+CVE-2023-23563
+ RESERVED
+CVE-2023-23562
+ RESERVED
+CVE-2023-23561
+ RESERVED
+CVE-2023-23560
+ RESERVED
+CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux k ...)
+ TODO: check
+CVE-2023-23558
+ RESERVED
+CVE-2023-23557
+ RESERVED
+CVE-2023-23556
+ RESERVED
+CVE-2023-23555
+ RESERVED
+CVE-2023-23553
+ RESERVED
+CVE-2023-23552
+ RESERVED
+CVE-2023-23551
+ RESERVED
+CVE-2023-23543
+ RESERVED
+CVE-2023-23542
+ RESERVED
+CVE-2023-23541
+ RESERVED
+CVE-2023-23540
+ RESERVED
+CVE-2023-23539
+ RESERVED
+CVE-2023-23538
+ RESERVED
+CVE-2023-23537
+ RESERVED
+CVE-2023-23536
+ RESERVED
+CVE-2023-23535
+ RESERVED
+CVE-2023-23534
+ RESERVED
+CVE-2023-23533
+ RESERVED
+CVE-2023-23532
+ RESERVED
+CVE-2023-23531
+ RESERVED
+CVE-2023-23530
+ RESERVED
+CVE-2023-23529
+ RESERVED
+CVE-2023-23528
+ RESERVED
+CVE-2023-23527
+ RESERVED
+CVE-2023-23526
+ RESERVED
+CVE-2023-23525
+ RESERVED
+CVE-2023-23524
+ RESERVED
+CVE-2023-23523
+ RESERVED
+CVE-2023-23522
+ RESERVED
+CVE-2023-23521
+ RESERVED
+CVE-2023-23520
+ RESERVED
+CVE-2023-23519
+ RESERVED
+CVE-2023-23518
+ RESERVED
+CVE-2023-23517
+ RESERVED
+CVE-2023-23516
+ RESERVED
+CVE-2023-23515
+ RESERVED
+CVE-2023-23514
+ RESERVED
+CVE-2023-23513
+ RESERVED
+CVE-2023-23512
+ RESERVED
+CVE-2023-23511
+ RESERVED
+CVE-2023-23510
+ RESERVED
+CVE-2023-23509
+ RESERVED
+CVE-2023-23508
+ RESERVED
+CVE-2023-23507
+ RESERVED
+CVE-2023-23506
+ RESERVED
+CVE-2023-23505
+ RESERVED
+CVE-2023-23504
+ RESERVED
+CVE-2023-23503
+ RESERVED
+CVE-2023-23502
+ RESERVED
+CVE-2023-23501
+ RESERVED
+CVE-2023-23500
+ RESERVED
+CVE-2023-23499
+ RESERVED
+CVE-2023-23498
+ RESERVED
+CVE-2023-23497
+ RESERVED
+CVE-2023-23496
+ RESERVED
+CVE-2023-23495
+ RESERVED
+CVE-2023-23494
+ RESERVED
+CVE-2023-23493
+ RESERVED
+CVE-2023-22842
+ RESERVED
+CVE-2023-22839
+ RESERVED
+CVE-2023-22664
+ RESERVED
+CVE-2023-22657
+ RESERVED
+CVE-2023-22422
+ RESERVED
+CVE-2023-22418
+ RESERVED
+CVE-2023-22374
+ RESERVED
+CVE-2023-22358
+ RESERVED
+CVE-2023-22341
+ RESERVED
+CVE-2023-22340
+ RESERVED
+CVE-2023-22326
+ RESERVED
+CVE-2023-22323
+ RESERVED
+CVE-2023-22302
+ RESERVED
+CVE-2023-22287
+ RESERVED
+CVE-2023-22284
+ RESERVED
+CVE-2023-22283
+ RESERVED
+CVE-2023-22281
+ RESERVED
+CVE-2023-0265
+ RESERVED
+CVE-2023-0264
+ RESERVED
+CVE-2023-0263
+ RESERVED
+CVE-2023-0262
+ RESERVED
+CVE-2023-0261
+ RESERVED
+CVE-2023-0260
+ RESERVED
+CVE-2023-0259
+ RESERVED
+CVE-2023-0258 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
+ TODO: check
+CVE-2023-0257 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
+ TODO: check
+CVE-2023-0256 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
+ TODO: check
+CVE-2022-48260
+ RESERVED
+CVE-2022-48259
+ RESERVED
+CVE-2022-48258 (In Eternal Terminal 6.2.1, etserver and etclient have world-readable l ...)
+ TODO: check
+CVE-2022-48257 (In Eternal Terminal 6.2.1, etserver and etclient have predictable logf ...)
+ TODO: check
+CVE-2022-48256 (Technitium DNS Server before 10.0 allows a self-CNAME denial-of-servic ...)
+ TODO: check
+CVE-2021-46872 (An issue was discovered in Nim before 1.6.2. The RST module of the Nim ...)
+ TODO: check
CVE-2023-23492
RESERVED
CVE-2023-23491
@@ -115,11 +313,11 @@ CVE-2023-0239
CVE-2023-0238
RESERVED
CVE-2023-0237
- RESERVED
+ REJECTED
CVE-2023-0236
RESERVED
CVE-2023-0235
- RESERVED
+ REJECTED
CVE-2023-0234
RESERVED
CVE-2023-0233
@@ -1967,8 +2165,7 @@ CVE-2023-0107 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos
NOT-FOR-US: usememos
CVE-2023-0106 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
NOT-FOR-US: usememos
-CVE-2023-0105
- RESERVED
+CVE-2023-0105 (A flaw was found in Keycloak. This flaw allows impersonation and locko ...)
NOT-FOR-US: Keycloak
CVE-2018-25068 (A vulnerability has been found in devent globalpom-utils up to 4.5.0 a ...)
NOT-FOR-US: devent globalpom-utils
@@ -2402,8 +2599,7 @@ CVE-2023-22301
RESERVED
CVE-2023-22291
RESERVED
-CVE-2023-0091
- RESERVED
+CVE-2023-0091 (A flaw was found in Keycloak, where it did not properly check client t ...)
NOT-FOR-US: Keycloak
CVE-2023-0088 (The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Si ...)
NOT-FOR-US: Swifty Page Manager plugin for WordPress
@@ -2649,16 +2845,16 @@ CVE-2010-10003 (A vulnerability classified as critical was found in gesellix tit
NOT-FOR-US: gesellix titlelink
CVE-2023-22602
RESERVED
-CVE-2023-22601
- RESERVED
-CVE-2023-22600
- RESERVED
-CVE-2023-22599
- RESERVED
-CVE-2023-22598
- RESERVED
-CVE-2023-22597
- RESERVED
+CVE-2023-22601 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...)
+ TODO: check
+CVE-2023-22600 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...)
+ TODO: check
+CVE-2023-22599 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...)
+ TODO: check
+CVE-2023-22598 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...)
+ TODO: check
+CVE-2023-22597 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...)
+ TODO: check
CVE-2023-22596
RESERVED
CVE-2023-22595
@@ -3097,8 +3293,8 @@ CVE-2023-22490
RESERVED
CVE-2023-22489
RESERVED
-CVE-2023-22488
- RESERVED
+CVE-2023-22488 (Flarum is a forum software for building communities. Using the notific ...)
+ TODO: check
CVE-2023-22487 (Flarum is a forum software for building communities. Using the mention ...)
NOT-FOR-US: Flarum
CVE-2023-22486
@@ -3935,60 +4131,60 @@ CVE-2020-36635 (A vulnerability was found in OpenMRS Appointment Scheduling Modu
NOT-FOR-US: OpenMRS
CVE-2019-25091 (A vulnerability classified as problematic has been found in nsupdate.i ...)
NOT-FOR-US: nsupdate.info
-CVE-2023-22417
- RESERVED
-CVE-2023-22416
- RESERVED
-CVE-2023-22415
- RESERVED
-CVE-2023-22414
- RESERVED
-CVE-2023-22413
- RESERVED
-CVE-2023-22412
- RESERVED
-CVE-2023-22411
- RESERVED
-CVE-2023-22410
- RESERVED
-CVE-2023-22409
- RESERVED
-CVE-2023-22408
- RESERVED
-CVE-2023-22407
- RESERVED
-CVE-2023-22406
- RESERVED
-CVE-2023-22405
- RESERVED
-CVE-2023-22404
- RESERVED
-CVE-2023-22403
- RESERVED
-CVE-2023-22402
- RESERVED
-CVE-2023-22401
- RESERVED
-CVE-2023-22400
- RESERVED
-CVE-2023-22399
- RESERVED
-CVE-2023-22398
- RESERVED
-CVE-2023-22397
- RESERVED
-CVE-2023-22396
- RESERVED
-CVE-2023-22395
- RESERVED
-CVE-2023-22394
- RESERVED
-CVE-2023-22393
- RESERVED
+CVE-2023-22417 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ TODO: check
+CVE-2023-22416 (A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos O ...)
+ TODO: check
+CVE-2023-22415 (An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Netwo ...)
+ TODO: check
+CVE-2023-22414 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ TODO: check
+CVE-2023-22413 (An Improper Check or Handling of Exceptional Conditions vulnerability ...)
+ TODO: check
+CVE-2023-22412 (An Improper Locking vulnerability in the SIP ALG of Juniper Networks J ...)
+ TODO: check
+CVE-2023-22411 (An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) ...)
+ TODO: check
+CVE-2023-22410 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ TODO: check
+CVE-2023-22409 (An Unchecked Input for Loop Condition vulnerability in a NAT library o ...)
+ TODO: check
+CVE-2023-22408 (An Improper Validation of Array Index vulnerability in the SIP ALG of ...)
+ TODO: check
+CVE-2023-22407 (An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rp ...)
+ TODO: check
+CVE-2023-22406 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ TODO: check
+CVE-2023-22405 (An Improper Preservation of Consistency Between Independent Representa ...)
+ TODO: check
+CVE-2023-22404 (An Out-of-bounds Write vulnerability in the Internet Key Exchange Prot ...)
+ TODO: check
+CVE-2023-22403 (An Allocation of Resources Without Limits or Throttling vulnerability ...)
+ TODO: check
+CVE-2023-22402 (A Use After Free vulnerability in the kernel of Juniper Networks Junos ...)
+ TODO: check
+CVE-2023-22401 (An Improper Validation of Array Index vulnerability in the Advanced Fo ...)
+ TODO: check
+CVE-2023-22400 (An Uncontrolled Resource Consumption vulnerability in the PFE manageme ...)
+ TODO: check
+CVE-2023-22399 (When sFlow is enabled and it monitors a packet forwarded via ECMP, a b ...)
+ TODO: check
+CVE-2023-22398 (An Access of Uninitialized Pointer vulnerability in the Routing Protoc ...)
+ TODO: check
+CVE-2023-22397 (An Allocation of Resources Without Limits or Throttling weakness in th ...)
+ TODO: check
+CVE-2023-22396 (An Uncontrolled Resource Consumption vulnerability in TCP processing o ...)
+ TODO: check
+CVE-2023-22395 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ TODO: check
+CVE-2023-22394 (An Improper Handling of Unexpected Data Type vulnerability in the hand ...)
+ TODO: check
+CVE-2023-22393 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ TODO: check
CVE-2023-22392
RESERVED
-CVE-2023-22391
- RESERVED
+CVE-2023-22391 (A vulnerability in class-of-service (CoS) queue management in Juniper ...)
+ TODO: check
CVE-2023-22366
RESERVED
CVE-2023-22357
@@ -5322,8 +5518,8 @@ CVE-2022-47578 (** DISPUTED ** An issue was discovered in the endpoint protectio
NOT-FOR-US: Zoho
CVE-2022-47577 (** DISPUTED ** An issue was discovered in the endpoint protection agen ...)
NOT-FOR-US: Zoho
-CVE-2022-4616
- RESERVED
+CVE-2022-4616 (The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to ...)
+ TODO: check
CVE-2023-22275
RESERVED
CVE-2023-22274
@@ -8007,8 +8203,8 @@ CVE-2022-47104
RESERVED
CVE-2022-47103
RESERVED
-CVE-2022-47102
- RESERVED
+CVE-2022-47102 (A cross-site scripting (XSS) vulnerability in Student Study Center Man ...)
+ TODO: check
CVE-2022-47101
RESERVED
CVE-2022-47100
@@ -8460,12 +8656,12 @@ CVE-2021-4243 (A vulnerability was found in claviska jquery-minicolors up to 2.3
[buster] - jquery-minicolors <no-dsa> (Minor issue)
NOTE: https://github.com/claviska/jquery-minicolors/releases/tag/2.3.6
NOTE: https://github.com/claviska/jquery-minicolors/commit/ef134824a7f4110ada53ea6c173111a4fa2f48f3
-CVE-2022-4345 [The BPv6, OpenFlow, and Kafka protocol dissectors could go into an infinite loops]
+CVE-2022-4345 (Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in ...)
- wireshark 4.0.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <postponed> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-09.html
-CVE-2022-4344 [The Kafka dissector could consume excessive amounts of memory]
+CVE-2022-4344 (Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 t ...)
- wireshark 4.0.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <postponed> (Minor issue)
@@ -9483,10 +9679,10 @@ CVE-2022-46625
RESERVED
CVE-2022-46624
RESERVED
-CVE-2022-46623
- RESERVED
-CVE-2022-46622
- RESERVED
+CVE-2022-46623 (Judging Management System v1.0.0 was discovered to contain a SQL injec ...)
+ TODO: check
+CVE-2022-46622 (A cross-site scripting (XSS) vulnerability in Judging Management Syste ...)
+ TODO: check
CVE-2022-46621
RESERVED
CVE-2022-46620
@@ -9725,8 +9921,8 @@ CVE-2022-46504
RESERVED
CVE-2022-46503 (A cross-site scripting (XSS) vulnerability in the component /admin/reg ...)
NOT-FOR-US: Online Student Enrollment System
-CVE-2022-46502
- RESERVED
+CVE-2022-46502 (Online Student Enrollment System v1.0 was discovered to contain a SQL ...)
+ TODO: check
CVE-2022-46501
RESERVED
CVE-2022-46500
@@ -9777,8 +9973,8 @@ CVE-2022-46480
RESERVED
CVE-2022-46479
RESERVED
-CVE-2022-46478
- RESERVED
+CVE-2022-46478 (The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no ...)
+ TODO: check
CVE-2022-46477
RESERVED
CVE-2022-46476
@@ -9789,10 +9985,10 @@ CVE-2022-46474
RESERVED
CVE-2022-46473
RESERVED
-CVE-2022-46472
- RESERVED
-CVE-2022-46471
- RESERVED
+CVE-2022-46472 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...)
+ TODO: check
+CVE-2022-46471 (Online Health Care System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
CVE-2022-46470
RESERVED
CVE-2022-46469
@@ -9807,8 +10003,8 @@ CVE-2022-46465
RESERVED
CVE-2022-46464 (ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection ...)
NOT-FOR-US: ConcreteCMS
-CVE-2022-46463
- RESERVED
+CVE-2022-46463 (An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to ...)
+ TODO: check
CVE-2022-46462
RESERVED
CVE-2022-46461
@@ -9863,8 +10059,8 @@ CVE-2022-46440
RESERVED
CVE-2022-46439
RESERVED
-CVE-2022-46438
- RESERVED
+CVE-2022-46438 (A cross-site scripting (XSS) vulnerability in the /admin/article_categ ...)
+ TODO: check
CVE-2022-46437
RESERVED
CVE-2022-46436
@@ -12087,10 +12283,10 @@ CVE-2022-45731
RESERVED
CVE-2022-45730
RESERVED
-CVE-2022-45729
- RESERVED
-CVE-2022-45728
- RESERVED
+CVE-2022-45729 (A cross-site scripting (XSS) vulnerability in Doctor Appointment Manag ...)
+ TODO: check
+CVE-2022-45728 (Doctor Appointment Management System v1.0.0 was discovered to contain ...)
+ TODO: check
CVE-2022-45727
RESERVED
CVE-2022-45726
@@ -13916,7 +14112,7 @@ CVE-2022-45150 (A reflected cross-site scripting vulnerability was discovered in
CVE-2022-45149 (A vulnerability was found in Moodle which exists due to insufficient v ...)
- moodle <removed>
CVE-2022-45148
- RESERVED
+ REJECTED
CVE-2022-45147
RESERVED
CVE-2022-3959 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -16400,8 +16596,7 @@ CVE-2022-3842 (Use after free in Passwords in Google Chrome prior to 105.0.5195.
{DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3841
- RESERVED
+CVE-2022-3841 (RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Req ...)
NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes (RHACM)
CVE-2022-3840 (The Login for Google Apps WordPress plugin before 3.4.5 does not sanit ...)
NOT-FOR-US: WordPress plugin
@@ -23430,8 +23625,8 @@ CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30244
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-008.html
NOTE: https://git.asterisk.org/gitweb/?p=asterisk/asterisk.git;a=commit;h=7684c9e907fb85f5c58b025d9e385ad2600f12a2
-CVE-2022-42704
- RESERVED
+CVE-2022-42704 (A cross-site scripting (XSS) vulnerability in Employee Service Center ...)
+ TODO: check
CVE-2022-3437 (A heap-based buffer overflow vulnerability was found in Samba within t ...)
{DSA-5287-1 DLA-3206-1}
- samba 2:4.16.6+dfsg-1
@@ -24423,52 +24618,52 @@ CVE-2022-42292
RESERVED
CVE-2022-42291
RESERVED
-CVE-2022-42290
- RESERVED
-CVE-2022-42289
- RESERVED
-CVE-2022-42288
- RESERVED
-CVE-2022-42287
- RESERVED
-CVE-2022-42286
- RESERVED
-CVE-2022-42285
- RESERVED
-CVE-2022-42284
- RESERVED
-CVE-2022-42283
- RESERVED
-CVE-2022-42282
- RESERVED
-CVE-2022-42281
- RESERVED
-CVE-2022-42280
- RESERVED
-CVE-2022-42279
- RESERVED
-CVE-2022-42278
- RESERVED
-CVE-2022-42277
- RESERVED
-CVE-2022-42276
- RESERVED
-CVE-2022-42275
- RESERVED
-CVE-2022-42274
- RESERVED
-CVE-2022-42273
- RESERVED
-CVE-2022-42272
- RESERVED
+CVE-2022-42290 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...)
+ TODO: check
+CVE-2022-42289 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...)
+ TODO: check
+CVE-2022-42288 (NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthor ...)
+ TODO: check
+CVE-2022-42287 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...)
+ TODO: check
+CVE-2022-42286 (DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code ...)
+ TODO: check
+CVE-2022-42285 (DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization ...)
+ TODO: check
+CVE-2022-42284 (NVIDIA BMC stores user passwords in an obfuscated form in a database a ...)
+ TODO: check
+CVE-2022-42283 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...)
+ TODO: check
+CVE-2022-42282 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...)
+ TODO: check
+CVE-2022-42281 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, w ...)
+ TODO: check
+CVE-2022-42280 (NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an ...)
+ TODO: check
+CVE-2022-42279 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...)
+ TODO: check
+CVE-2022-42278 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...)
+ TODO: check
+CVE-2022-42277 (NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, ...)
+ TODO: check
+CVE-2022-42276 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, whe ...)
+ TODO: check
+CVE-2022-42275 (NVIDIA BMC IPMI handler allows an unauthenticated host to write to a h ...)
+ TODO: check
+CVE-2022-42274 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...)
+ TODO: check
+CVE-2022-42273 (NVIDIA BMC contains a vulnerability in libwebsocket, where an authoriz ...)
+ TODO: check
+CVE-2022-42272 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...)
+ TODO: check
CVE-2022-42271 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...)
TODO: check
CVE-2022-42270 (NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_tas ...)
NOT-FOR-US: NVIDIA
CVE-2022-42269 (NVIDIA Trusted OS contains a vulnerability in an SMC call handler, whe ...)
NOT-FOR-US: NVIDIA
-CVE-2022-42268
- RESERVED
+CVE-2022-42268 (Omniverse Kit contains a vulnerability in the reference applications C ...)
+ TODO: check
CVE-2022-42267 (NVIDIA GPU Display Driver for Windows contains a vulnerability where a ...)
NOT-FOR-US: NVIDIA
CVE-2022-42266 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
@@ -25740,8 +25935,8 @@ CVE-2022-41809
REJECTED
CVE-2022-41779 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
NOT-FOR-US: Delta Electronics
-CVE-2022-41778
- RESERVED
+CVE-2022-41778 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
+ TODO: check
CVE-2022-41776 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
NOT-FOR-US: Delta Electronics
CVE-2022-41773 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
@@ -29816,12 +30011,12 @@ CVE-2022-3162
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
-CVE-2022-3161
- RESERVED
-CVE-2022-3160
- RESERVED
-CVE-2022-3159
- RESERVED
+CVE-2022-3161 (The APDFL.dll contains a memory corruption vulnerability while parsing ...)
+ TODO: check
+CVE-2022-3160 (The APDFL.dll contains an out-of-bounds write past the fixed-length he ...)
+ TODO: check
+CVE-2022-3159 (The APDFL.dll contains a stack-based buffer overflow vulnerability tha ...)
+ TODO: check
CVE-2022-3158 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, ...)
NOT-FOR-US: Rockwell Automation
CVE-2022-3157 (A vulnerability exists in the Rockwell Automation controllers that all ...)
@@ -70191,8 +70386,8 @@ CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular Expr
NOT-FOR-US: AlexFlipnote/url_regex
CVE-2022-21192
RESERVED
-CVE-2022-21191
- RESERVED
+CVE-2022-21191 (Versions of the package global-modules-path before 3.0.0 are vulnerabl ...)
+ TODO: check
CVE-2022-21190 (This affects the package convict before 6.2.3. This is a bypass of [CV ...)
NOT-FOR-US: Node convict
CVE-2022-21189 (The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-al ...)
@@ -72562,10 +72757,10 @@ CVE-2022-25029
REJECTED
CVE-2022-25028 (Home Owners Collection Management System v1.0 was discovered to contai ...)
NOT-FOR-US: Home Owners Collection Management System
-CVE-2022-25027
- RESERVED
-CVE-2022-25026
- RESERVED
+CVE-2022-25027 (The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2 ...)
+ TODO: check
+CVE-2022-25026 (A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2 ...)
+ TODO: check
CVE-2022-25025
RESERVED
CVE-2022-25024
@@ -385766,8 +385961,8 @@ CVE-2017-5244 (Routes used to stop running Metasploit tasks (either particular o
NOT-FOR-US: Metasploit
CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware appliances sh ...)
NOT-FOR-US: Rapid7 Nexpose hardware appliances
-CVE-2017-5242
- RESERVED
+CVE-2017-5242 (Nexpose and InsightVM virtual appliances downloaded between April 5th, ...)
+ TODO: check
CVE-2017-5241 (Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulne ...)
NOT-FOR-US: Biscom Secure File Transfer
CVE-2017-5240 (Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a h ...)
@@ -445818,7 +446013,8 @@ CVE-2015-3209 (Heap-based buffer overflow in the PCNET controller in QEMU allows
[squeeze] - xen-qemu-dm-4.0 <end-of-life> (Not supported in Squeeze LTS)
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://xenbits.xen.org/xsa/advisory-135.html
-CVE-2015-3208 (XML external entity (XXE) vulnerability in the XPath selector componen ...)
+CVE-2015-3208
+ REJECTED
NOT-FOR-US: HornetQ
CVE-2015-3207 (In Openshift Origin 3 the cookies being set in console have no 'secure ...)
NOT-FOR-US: OpenShift
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a2da0ad17d28de48e54f1c4f0a7ef559a72293d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a2da0ad17d28de48e54f1c4f0a7ef559a72293d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230113/e17791fe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list