[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 24 20:10:34 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c4d03aa0 by security tracker role at 2023-01-24T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2023-24495
+ RESERVED
+CVE-2023-24494
+ RESERVED
+CVE-2023-24493
+ RESERVED
+CVE-2023-24492
+ RESERVED
+CVE-2023-24491
+ RESERVED
+CVE-2023-24490
+ RESERVED
+CVE-2023-24489
+ RESERVED
+CVE-2023-24488
+ RESERVED
+CVE-2023-24487
+ RESERVED
+CVE-2023-24486
+ RESERVED
+CVE-2023-24485
+ RESERVED
+CVE-2023-24484
+ RESERVED
+CVE-2023-24483
+ RESERVED
+CVE-2023-24482
+ RESERVED
+CVE-2023-24477
+ RESERVED
+CVE-2023-24471
+ RESERVED
+CVE-2023-24015
+ RESERVED
+CVE-2023-23903
+ RESERVED
+CVE-2023-23574
+ RESERVED
+CVE-2023-22843
+ RESERVED
+CVE-2023-22378
+ RESERVED
+CVE-2023-0479
+ RESERVED
+CVE-2023-0478
+ RESERVED
+CVE-2023-0477
+ RESERVED
+CVE-2023-0476
+ RESERVED
+CVE-2023-0475
+ RESERVED
+CVE-2023-0474
+ RESERVED
+CVE-2023-0473
+ RESERVED
+CVE-2023-0472
+ RESERVED
+CVE-2023-0471
+ RESERVED
+CVE-2023-0470
+ RESERVED
+CVE-2023-0469
+ RESERVED
+CVE-2023-0468
+ RESERVED
+CVE-2023-0467
+ RESERVED
+CVE-2023-0466
+ RESERVED
+CVE-2023-0465
+ RESERVED
+CVE-2023-0464
+ RESERVED
+CVE-2023-0463 (The force offline MFA prompt setting is not respected when switching t ...)
+ TODO: check
+CVE-2023-0462
+ RESERVED
+CVE-2023-0461
+ RESERVED
+CVE-2023-0460
+ RESERVED
+CVE-2023-0459
+ RESERVED
+CVE-2023-0458
+ RESERVED
+CVE-2023-0457
+ RESERVED
+CVE-2022-4896
+ RESERVED
+CVE-2020-36656
+ RESERVED
CVE-2023-24470
RESERVED
CVE-2023-24469
@@ -26,118 +118,81 @@ CVE-2023-0454
RESERVED
CVE-2023-0453
RESERVED
-CVE-2023-24459
- RESERVED
-CVE-2023-24458
- RESERVED
+CVE-2023-24459 (A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earli ...)
+ TODO: check
+CVE-2023-24458 (A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24457
- RESERVED
+CVE-2023-24457 (A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24456
- RESERVED
+CVE-2023-24456 (Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not inva ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24455
- RESERVED
+CVE-2023-24455 (Jenkins visualexpert Plugin 1.3 and earlier does not restrict the name ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24454
- RESERVED
+CVE-2023-24454 (Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQual ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24453
- RESERVED
+CVE-2023-24453 (A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24452
- RESERVED
+CVE-2023-24452 (A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuali ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24451
- RESERVED
+CVE-2023-24451 (A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1. ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24450
- RESERVED
+CVE-2023-24450 (Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypte ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24449
- RESERVED
+CVE-2023-24449 (Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24448
- RESERVED
+CVE-2023-24448 (A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24447
- RESERVED
+CVE-2023-24447 (A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24446
- RESERVED
+CVE-2023-24446 (A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Pl ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24445
- RESERVED
+CVE-2023-24445 (Jenkins OpenID Plugin 2.4 and earlier improperly determines that a red ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24444
- RESERVED
+CVE-2023-24444 (Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24443
- RESERVED
+CVE-2023-24443 (Jenkins TestComplete support Plugin 2.8.1 and earlier does not configu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24442
- RESERVED
+CVE-2023-24442 (Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier s ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24441
- RESERVED
+CVE-2023-24441 (Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML par ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24440
- RESERVED
+CVE-2023-24440 (Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier t ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24439
- RESERVED
+CVE-2023-24439 (Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier s ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24438
- RESERVED
+CVE-2023-24438 (A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.1 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24437
- RESERVED
+CVE-2023-24437 (A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipe ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24436
- RESERVED
+CVE-2023-24436 (A missing permission check in Jenkins GitHub Pull Request Builder Plug ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24435
- RESERVED
+CVE-2023-24435 (A missing permission check in Jenkins GitHub Pull Request Builder Plug ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24434
- RESERVED
+CVE-2023-24434 (A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24433
- RESERVED
+CVE-2023-24433 (Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 an ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24432
- RESERVED
+CVE-2023-24432 (A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by M ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24431
- RESERVED
+CVE-2023-24431 (A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24430
- RESERVED
+CVE-2023-24430 (Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24429
- RESERVED
+CVE-2023-24429 (Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24428
- RESERVED
+CVE-2023-24428 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24427
- RESERVED
+CVE-2023-24427 (Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate th ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24426
- RESERVED
+CVE-2023-24426 (Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invali ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24425
- RESERVED
+CVE-2023-24425 (Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24424
- RESERVED
+CVE-2023-24424 (Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24423
- RESERVED
+CVE-2023-24423 (A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Tr ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24422
- RESERVED
+CVE-2023-24422 (A sandbox bypass vulnerability involving map constructors in Jenkins S ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-24421
RESERVED
@@ -889,9 +944,9 @@ CVE-2023-24071
RESERVED
CVE-2023-24070 (app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an X ...)
NOT-FOR-US: MISP
-CVE-2023-24069 (Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an att ...)
+CVE-2023-24069 (** DISPUTED ** Signal Desktop before 6.2.0 on Windows, Linux, and macO ...)
- signal-desktop <itp> (bug #842943)
-CVE-2023-24068 (Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an att ...)
+CVE-2023-24068 (** DISPUTED ** Signal Desktop before 6.2.0 on Windows, Linux, and macO ...)
- signal-desktop <itp> (bug #842943)
CVE-2023-24067
RESERVED
@@ -1235,12 +1290,12 @@ CVE-2023-23953
RESERVED
CVE-2023-23952
RESERVED
-CVE-2023-23951
- RESERVED
-CVE-2023-23950
- RESERVED
-CVE-2023-23949
- RESERVED
+CVE-2023-23951 (Ability to enumerate the Oracle LDAP attributes for the current user b ...)
+ TODO: check
+CVE-2023-23950 (User’s supplied input (usually a CRLF sequence) can be used to s ...)
+ TODO: check
+CVE-2023-23949 (An authenticated user can supply malicious HTML and JavaScript code th ...)
+ TODO: check
CVE-2023-23948
RESERVED
CVE-2023-23947
@@ -1663,8 +1718,7 @@ CVE-2023-22294
RESERVED
CVE-2023-22288
RESERVED
-CVE-2023-0394 [ipv6: raw: Deduct extension header length in rawv6_push_pending_frames]
- RESERVED
+CVE-2023-0394 (A NULL pointer dereference flaw was found in rawv6_push_pending_frames ...)
{DSA-5324-1}
- linux 6.1.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/18/2
@@ -1806,8 +1860,8 @@ CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.
NOTE: https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b
CVE-2023-0357
RESERVED
-CVE-2023-0356
- RESERVED
+CVE-2023-0356 (SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encry ...)
+ TODO: check
CVE-2023-0355
RESERVED
CVE-2023-0354
@@ -2484,8 +2538,8 @@ CVE-2023-0286
RESERVED
CVE-2023-0285
RESERVED
-CVE-2023-0284
- RESERVED
+CVE-2023-0284 (Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows a ...)
+ TODO: check
CVE-2023-0283 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Online Flight Booking Management System
CVE-2023-0282
@@ -6999,6 +7053,7 @@ CVE-2022-47951
NOTE: https://bugs.launchpad.net/nova/+bug/1996188
NOTE: https://bugs.launchpad.net/nova/+bug/1996188
CVE-2022-47950 (An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x befor ...)
+ {DSA-5327-1}
- swift 2.30.0-4 (bug #1029154)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/1
CVE-2022-47949 (The Nintendo NetworkBuffer class, as used in Animal Crossing: New Hori ...)
@@ -8090,8 +8145,8 @@ CVE-2022-47617
RESERVED
CVE-2022-47616
RESERVED
-CVE-2022-47615
- RESERVED
+CVE-2022-47615 (Local File Inclusion vulnerability in LearnPress – WordPress LMS ...)
+ TODO: check
CVE-2022-47614
RESERVED
CVE-2022-47613
@@ -9554,8 +9609,8 @@ CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and classifi
NOTE: https://github.com/Alinto/sogo/commit/efac49ae91a4a325df9931e78e543f707a0f8e5e (SOGo-5.8.0)
CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to authorization bypa ...)
NOT-FOR-US: WP Shamsi plugin for WordPress
-CVE-2022-4554
- RESERVED
+CVE-2022-4554 (B2B Customer Ordering System developed by ID Software Project and Cons ...)
+ TODO: check
CVE-2022-4553
RESERVED
CVE-2022-4552
@@ -14716,8 +14771,8 @@ CVE-2022-45822 (Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking C
NOT-FOR-US: WordPress plugin
CVE-2022-45821
RESERVED
-CVE-2022-45820
- RESERVED
+CVE-2022-45820 (SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS ...)
+ TODO: check
CVE-2022-45819
RESERVED
CVE-2022-45818
@@ -14740,8 +14795,8 @@ CVE-2022-45810
RESERVED
CVE-2022-45809
RESERVED
-CVE-2022-45808
- RESERVED
+CVE-2022-45808 (SQL Injection vulnerability in LearnPress – WordPress LMS Plugin ...)
+ TODO: check
CVE-2022-45807
RESERVED
CVE-2022-45806
@@ -18961,8 +19016,7 @@ CVE-2023-20930
RESERVED
CVE-2023-20929
RESERVED
-CVE-2023-20928
- RESERVED
+CVE-2023-20928 (In binder_vma_close of binder.c, there is a possible use after free du ...)
- linux 5.19.6-1
[bullseye] - linux 5.10.158-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -18972,42 +19026,34 @@ CVE-2023-20927
RESERVED
CVE-2023-20926
RESERVED
-CVE-2023-20925
- RESERVED
-CVE-2023-20924
- RESERVED
-CVE-2023-20923
- RESERVED
-CVE-2023-20922
- RESERVED
+CVE-2023-20925 (In setUclampMinLocked of PowerSessionManager.cpp, there is a possible ...)
+ TODO: check
+CVE-2023-20924 (In (TBD) of (TBD), there is a possible way to bypass the lockscreen du ...)
+ TODO: check
+CVE-2023-20923 (In exported content providers of ShannonRcs, there is a possible way t ...)
+ TODO: check
+CVE-2023-20922 (In setMimeGroup of PackageManagerService.java, there is a possible cra ...)
NOT-FOR-US: Android
-CVE-2023-20921
- RESERVED
+CVE-2023-20921 (In onPackageRemoved of AccessibilityManagerService.java, there is a po ...)
NOT-FOR-US: Android
-CVE-2023-20920
- RESERVED
+CVE-2023-20920 (In queue of UsbRequest.java, there is a possible way to corrupt memory ...)
NOT-FOR-US: Android
-CVE-2023-20919
- RESERVED
+CVE-2023-20919 (In getStringsForPrefix of Settings.java, there is a possible preventio ...)
NOT-FOR-US: Android
CVE-2023-20918
RESERVED
NOT-FOR-US: Android
CVE-2023-20917
RESERVED
-CVE-2023-20916
- RESERVED
+CVE-2023-20916 (In getMainActivityLaunchIntent of LauncherAppsService.java, there is a ...)
NOT-FOR-US: Android
-CVE-2023-20915
- RESERVED
+CVE-2023-20915 (In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a ...)
NOT-FOR-US: Android
CVE-2023-20914
RESERVED
-CVE-2023-20913
- RESERVED
+CVE-2023-20913 (In onCreate of PhoneAccountSettingsActivity.java and related files, th ...)
NOT-FOR-US: Android
-CVE-2023-20912
- RESERVED
+CVE-2023-20912 (In onActivityResult of AvatarPickerActivity.java, there is a possible ...)
NOT-FOR-US: Android
CVE-2023-20911
RESERVED
@@ -19015,18 +19061,15 @@ CVE-2023-20910
RESERVED
CVE-2023-20909
RESERVED
-CVE-2023-20908
- RESERVED
+CVE-2023-20908 (In several functions of SettingsState.java, there is a possible system ...)
NOT-FOR-US: Android
CVE-2023-20907
RESERVED
CVE-2023-20906
RESERVED
-CVE-2023-20905
- RESERVED
+CVE-2023-20905 (In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out ...)
NOT-FOR-US: Android
-CVE-2023-20904
- RESERVED
+CVE-2023-20904 (In getTrampolineIntent of SettingsActivity.java, there is a possible l ...)
NOT-FOR-US: Android
CVE-2022-44714
RESERVED
@@ -23787,6 +23830,7 @@ CVE-2022-43550
CVE-2022-43549 (Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 ...)
NOT-FOR-US: Veeam
CVE-2022-43548 (A OS Command Injection vulnerability exists in Node.js versions <14 ...)
+ {DSA-5326-1}
- nodejs 18.12.1+dfsg-1 (bug #1023518)
NOTE: https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548
CVE-2022-43547
@@ -25421,7 +25465,8 @@ CVE-2022-3524 (A vulnerability was found in Linux Kernel. It has been declared a
CVE-2022-3523 (A vulnerability was found in Linux Kernel. It has been classified as p ...)
- linux 6.1.4-1
NOTE: https://git.kernel.org/linus/16ce101db85db694a91380aa4c89b25530871d33
-CVE-2022-3522 (A vulnerability was found in Linux Kernel and classified as problemati ...)
+CVE-2022-3522
+ REJECTED
- linux 6.1.4-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -36387,10 +36432,10 @@ CVE-2022-38777
RESERVED
CVE-2022-38776
RESERVED
-CVE-2022-38775
- RESERVED
-CVE-2022-38774
- RESERVED
+CVE-2022-38775 (An issue was discovered in the rollback feature of Elastic Endpoint Se ...)
+ TODO: check
+CVE-2022-38774 (An issue was discovered in the quarantine feature of Elastic Endpoint ...)
+ TODO: check
CVE-2022-38773 (Affected devices do not contain an Immutable Root of Trust in Hardware ...)
NOT-FOR-US: Siemens
CVE-2022-3010
@@ -46028,6 +46073,7 @@ CVE-2022-35258 (An unauthenticated attacker can cause a denial-of-service to the
CVE-2022-35257 (A local privilege escalation vulnerability in UI Desktop for Windows ( ...)
NOT-FOR-US: UI Desktop for Windows
CVE-2022-35256 (The llhttp parser in the http module in Node v18.7.0 does not correctl ...)
+ {DSA-5326-1}
- nodejs 18.10.0+dfsg-1
[buster] - nodejs <not-affected> (llhttp dependency/embedding introduced in 12.x)
- llhttp <itp> (bug #977716)
@@ -46035,6 +46081,7 @@ CVE-2022-35256 (The llhttp parser in the http module in Node v18.7.0 does not co
NOTE: https://github.com/nodejs/node/commit/2e92e5b71d071cb989d8d109d278427041a47e44 (main)
NOTE: https://github.com/nodejs/node/commit/a9f1146b8827855e342834458a71f2367346ace0 (v14.20.1)
CVE-2022-35255 (A weak randomness in WebCrypto keygen vulnerability exists in Node.js ...)
+ {DSA-5326-1}
- nodejs 18.10.0+dfsg-1
[buster] - nodejs <not-affected> (Vulnerable code introduced later)
NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#weak-randomness-in-webcrypto-keygen-high-cve-2022-35255
@@ -47969,7 +48016,8 @@ CVE-2022-2222 (The Download Monitor WordPress plugin before 4.5.91 does not ensu
NOT-FOR-US: WordPress plugin
CVE-2022-2221 (Information Exposure vulnerability in My Account Settings of Devolutio ...)
NOT-FOR-US: Devolutions Remote Desktop Manager
-CVE-2022-2220 (OpenShift doesn't properly verify subdomain ownership, which allows ro ...)
+CVE-2022-2220
+ REJECTED
NOT-FOR-US: OpenShift
CVE-2022-2219 (The Unyson WordPress plugin before 2.7.27 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
@@ -54313,6 +54361,7 @@ CVE-2022-32217 (A cleartext storage of sensitive information exists in Rocket.Ch
CVE-2022-32216
RESERVED
CVE-2022-32215 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the ht ...)
+ {DSA-5326-1}
- nodejs 18.6.0+dfsg-3
[buster] - nodejs <not-affected> (llhttp dependency/embedding introduced in 12.x)
- llhttp <itp> (bug #977716)
@@ -54321,6 +54370,7 @@ CVE-2022-32215 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in
NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main)
NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-multi-line-transfer-encoding-medium-improper-fix-for-cve-2022-32215
CVE-2022-32214 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the ht ...)
+ {DSA-5326-1}
- nodejs 18.6.0+dfsg-3
[buster] - nodejs <not-affected> (llhttp dependency/embedding introduced in 12.x)
- llhttp <itp> (bug #977716)
@@ -54328,6 +54378,7 @@ CVE-2022-32214 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in
NOTE: https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd (v14.x)
NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main)
CVE-2022-32213 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the ht ...)
+ {DSA-5326-1}
- nodejs 18.6.0+dfsg-3
[buster] - nodejs <not-affected> (llhttp dependency/embedding introduced in 12.x)
- llhttp <itp> (bug #977716)
@@ -54336,7 +54387,7 @@ CVE-2022-32213 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in
NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main)
NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#cve-2022-32213-bypass-via-obs-fold-mechanic-medium-cve-2022-32213
CVE-2022-32212 (A OS Command Injection vulnerability exists in Node.js versions <14 ...)
- {DLA-3137-1}
+ {DSA-5326-1 DLA-3137-1}
- nodejs 18.6.0+dfsg-3
NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-ip-addresses-high-cve-2022-32212
NOTE: https://github.com/nodejs/node/commit/48c5aa5cab718d04473fa2761d532657c84b8131 (v14.x)
@@ -68351,10 +68402,10 @@ CVE-2022-27510 (Unauthorized access to Gateway user capabilities ...)
NOT-FOR-US: Citrix
CVE-2022-27509 (Unauthenticated redirection to a malicious website ...)
NOT-FOR-US: Citrix
-CVE-2022-27508
- RESERVED
-CVE-2022-27507
- RESERVED
+CVE-2022-27508 (Unauthenticated denial of service ...)
+ TODO: check
+CVE-2022-27507 (Authenticated denial of service ...)
+ TODO: check
CVE-2022-27506 (Hard-coded credentials allow administrators to access the shell via th ...)
NOT-FOR-US: Citrix
CVE-2022-27505 (Reflected cross site scripting (XSS) ...)
@@ -99423,22 +99474,17 @@ CVE-2022-20496 (In setDataSource of initMediaExtractor.cpp, there is a possibili
NOT-FOR-US: Android
CVE-2022-20495 (In getEnabledAccessibilityServiceList of AccessibilityManager.java, th ...)
NOT-FOR-US: Android
-CVE-2022-20494
- RESERVED
+CVE-2022-20494 (In AutomaticZenRule of AutomaticZenRule.java, there is a possible pers ...)
NOT-FOR-US: Android
-CVE-2022-20493
- RESERVED
+CVE-2022-20493 (In Condition of Condition.java, there is a possible way to grant notif ...)
NOT-FOR-US: Android
-CVE-2022-20492
- RESERVED
+CVE-2022-20492 (In many functions of AutomaticZenRule.java, there is a possible failur ...)
NOT-FOR-US: Android
CVE-2022-20491 (In NotificationChannel of NotificationChannel.java, there is a possibl ...)
NOT-FOR-US: Android
-CVE-2022-20490
- RESERVED
+CVE-2022-20490 (In multiple functions of AutomaticZenRule.java, there is a possible fa ...)
NOT-FOR-US: Android
-CVE-2022-20489
- RESERVED
+CVE-2022-20489 (In many functions of AutomaticZenRule.java, there is a possible failur ...)
NOT-FOR-US: Android
CVE-2022-20488 (In NotificationChannel of NotificationChannel.java, there is a possibl ...)
NOT-FOR-US: Android
@@ -99494,19 +99540,17 @@ CVE-2022-20463
REJECTED
CVE-2022-20462 (In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible o ...)
NOT-FOR-US: Android
-CVE-2022-20461
- RESERVED
+CVE-2022-20461 (In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cp ...)
NOT-FOR-US: Android
CVE-2022-20460 (In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the ...)
NOT-FOR-US: Google Pixel
CVE-2022-20459 (In (TBD) of (TBD), there is a possible way to redirect code execution ...)
NOT-FOR-US: Google Pixel
-CVE-2022-20458
- RESERVED
+CVE-2022-20458 (The logs of sensitive information (PII) or hardware identifier should ...)
+ TODO: check
CVE-2022-20457 (In getMountModeInternal of StorageManagerService.java, there is a poss ...)
NOT-FOR-US: Android
-CVE-2022-20456
- RESERVED
+CVE-2022-20456 (In AutomaticZenRule of AutomaticZenRule.java, there is a possible fail ...)
NOT-FOR-US: Android
CVE-2022-20455
RESERVED
@@ -99971,8 +100015,8 @@ CVE-2022-20237 (In BuildDevIDResponse of miscdatabuilder.cpp, there is a possibl
NOT-FOR-US: Android
CVE-2022-20236 (A drm driver have oob problem, could cause the system crash or EOPProd ...)
NOT-FOR-US: Unisoc
-CVE-2022-20235
- RESERVED
+CVE-2022-20235 (The PowerVR GPU kernel driver maintains an "Information Page" used by ...)
+ TODO: check
CVE-2022-20234 (In Car Settings app, the NotificationAccessConfirmationActivity is exp ...)
NOT-FOR-US: Android
CVE-2022-20233 (In param_find_digests_internal and related functions of the Titan-M so ...)
@@ -100012,12 +100056,12 @@ CVE-2022-20217 (There is a unauthorized broadcast in the SprdContactsProvider. A
NOT-FOR-US: Unisoc
CVE-2022-20216 (android exported is used to set third-party app access permissions, an ...)
NOT-FOR-US: Unisoc
-CVE-2022-20215
- RESERVED
-CVE-2022-20214
- RESERVED
-CVE-2022-20213
- RESERVED
+CVE-2022-20215 (In onCreate of MasterClearConfirmFragment.java, there is a possible fa ...)
+ TODO: check
+CVE-2022-20214 (In Car Settings app, the toggle button in Modify system settings is vu ...)
+ TODO: check
+CVE-2022-20213 (In ApplicationsDetailsActivity of AndroidManifest.xml, there is a poss ...)
+ TODO: check
CVE-2022-20212 (In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a p ...)
NOT-FOR-US: Android
CVE-2022-20211
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4d03aa0ef699942614b249e6b172b7b25e05934
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4d03aa0ef699942614b249e6b172b7b25e05934
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230124/9a830476/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list