[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 9 09:12:28 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
de9ecb6e by security tracker role at 2023-05-09T08:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2023-32113 (SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attack ...)
+ TODO: check
+CVE-2023-32112 (Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APP ...)
+ TODO: check
+CVE-2023-32111 (In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a cr ...)
+ TODO: check
+CVE-2023-31407 (SAP Business Planning and Consolidation - versions 740, 750, allows an ...)
+ TODO: check
+CVE-2023-31406 (Due to insufficient input validation, SAP BusinessObjects Business Int ...)
+ TODO: check
+CVE-2023-31404 (Under certain conditions,SAP BusinessObjects Business Intelligence Pla ...)
+ TODO: check
+CVE-2023-2590 (Missing Authorization in GitHub repository answerdev/answer prior to 1 ...)
+ TODO: check
+CVE-2023-2478 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.)
TODO: check
CVE-2023-2582 (A prototype pollution vulnerability exists in Strikingly CMS which can ...)
@@ -80,7 +96,7 @@ CVE-2023-2520 (A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(2023
NOT-FOR-US: Caton Prime
CVE-2023-2519 (A vulnerability has been found in Caton CTP Relay Server 1.2.9 and cla ...)
NOT-FOR-US: Caton CTP Relay Server
-CVE-2023-2513
+CVE-2023-2513 (A use-after-free vulnerability was found in the Linux kernel's ext4 fi ...)
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
[buster] - linux 4.19.260-1
@@ -658,18 +674,18 @@ CVE-2023-31185
RESERVED
CVE-2023-31184
RESERVED
-CVE-2023-31183
- RESERVED
-CVE-2023-31182
- RESERVED
-CVE-2023-31181
- RESERVED
-CVE-2023-31180
- RESERVED
-CVE-2023-31179
- RESERVED
-CVE-2023-31178
- RESERVED
+CVE-2023-31183 (Cybonet PineApp Mail SecureA reflected cross-site scripting (XSS) vuln ...)
+ TODO: check
+CVE-2023-31182 (EasyTor Applications \u2013 Authorization Bypass - EasyTor Application ...)
+ TODO: check
+CVE-2023-31181 (WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Trav ...)
+ TODO: check
+CVE-2023-31180 (WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-s ...)
+ TODO: check
+CVE-2023-31179 (AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal -Vulnerability allow ...)
+ TODO: check
+CVE-2023-31178 (AgilePoint NX v8.0 SU2.2 & SU2.3 \u2013 Arbitrary File DeleteVulnerabi ...)
+ TODO: check
CVE-2023-31177
RESERVED
CVE-2023-31176
@@ -742,10 +758,10 @@ CVE-2023-31143
RESERVED
CVE-2023-31142
RESERVED
-CVE-2023-31141
- RESERVED
-CVE-2023-31140
- RESERVED
+CVE-2023-31141 (OpenSearch is open-source software suite for search, analytics, and ob ...)
+ TODO: check
+CVE-2023-31140 (OpenProject is open source project management software. Starting with ...)
+ TODO: check
CVE-2023-31139
RESERVED
CVE-2023-31138
@@ -758,24 +774,24 @@ CVE-2023-31135
RESERVED
CVE-2023-31134
RESERVED
-CVE-2023-31133
- RESERVED
+CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a website, ...)
+ TODO: check
CVE-2023-31132
RESERVED
CVE-2023-31131
RESERVED
CVE-2023-31130
RESERVED
-CVE-2023-31129
- RESERVED
+CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be triggere ...)
+ TODO: check
CVE-2023-31128
RESERVED
CVE-2023-31127 (libspdm is a sample implementation that follows the DMTF SPDM specific ...)
TODO: check
CVE-2023-31126
RESERVED
-CVE-2023-31125
- RESERVED
+CVE-2023-31125 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
+ TODO: check
CVE-2023-31124
RESERVED
CVE-2023-31123 (`effectindex/tripreporter` is a community-powered, universal platform ...)
@@ -2070,16 +2086,16 @@ CVE-2023-30746
RESERVED
CVE-2023-30745
RESERVED
-CVE-2023-30744
- RESERVED
-CVE-2023-30743
- RESERVED
-CVE-2023-30742
- RESERVED
-CVE-2023-30741
- RESERVED
-CVE-2023-30740
- RESERVED
+CVE-2023-30744 (In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, C ...)
+ TODO: check
+CVE-2023-30743 (Due to improper neutralization of input in SAPUI5 - versions SAP_UI 75 ...)
+ TODO: check
+CVE-2023-30742 (SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4F ...)
+ TODO: check
+CVE-2023-30741 (Due to insufficient input validation, SAP BusinessObjects Business Int ...)
+ TODO: check
+CVE-2023-30740 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...)
+ TODO: check
CVE-2023-30739
RESERVED
CVE-2023-30738
@@ -3330,8 +3346,8 @@ CVE-2023-30336
RESERVED
CVE-2023-30335
RESERVED
-CVE-2023-30334
- RESERVED
+CVE-2023-30334 (AsmBB v2.9.1 was discovered to contain multiple cross-site scripting ( ...)
+ TODO: check
CVE-2023-30333
RESERVED
CVE-2023-30332
@@ -3528,8 +3544,8 @@ CVE-2023-30239
RESERVED
CVE-2023-30238
RESERVED
-CVE-2023-30237
- RESERVED
+CVE-2023-30237 (CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to co ...)
+ TODO: check
CVE-2023-30236
RESERVED
CVE-2023-30235
@@ -6262,8 +6278,8 @@ CVE-2023-29190
RESERVED
CVE-2023-29189 (SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, ...)
NOT-FOR-US: SAP
-CVE-2023-29188
- RESERVED
+CVE-2023-29188 (SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4 ...)
+ TODO: check
CVE-2023-29187 (A Windows user with basic user authorization can exploit a DLL hijacki ...)
NOT-FOR-US: SAP
CVE-2023-29186 (In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an att ...)
@@ -6543,8 +6559,8 @@ CVE-2023-1766 (Improper Neutralization of Input During Web Page Generation ('Cro
NOT-FOR-US: Akbim Computer Panon
CVE-2023-1765 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Akbim Computer Panon
-CVE-2023-29092
- RESERVED
+CVE-2023-29092 (An issue was discovered in Exynos Mobile Processor and Modem for Exyno ...)
+ TODO: check
CVE-2023-29091 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
NOT-FOR-US: Samsung
CVE-2023-29090 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
@@ -7736,12 +7752,12 @@ CVE-2023-XXXX [RUSTSEC-2022-0092]
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0092.html
CVE-2023-28765 (An attacker with basic privileges in SAP BusinessObjects Business Inte ...)
NOT-FOR-US: SAP
-CVE-2023-28764
- RESERVED
+CVE-2023-28764 (SAP BusinessObjects Platform - versions 420, 430, Information design t ...)
+ TODO: check
CVE-2023-28763 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, ...)
NOT-FOR-US: SAP
-CVE-2023-28762
- RESERVED
+CVE-2023-28762 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...)
+ TODO: check
CVE-2023-28761 (InSAP NetWeaver Enterprise Portal - version 7.50,an unauthenticated at ...)
NOT-FOR-US: SAP
CVE-2023-28760
@@ -9848,50 +9864,50 @@ CVE-2022-48391
RESERVED
CVE-2022-48390
RESERVED
-CVE-2022-48389
- RESERVED
-CVE-2022-48388
- RESERVED
-CVE-2022-48387
- RESERVED
-CVE-2022-48386
- RESERVED
-CVE-2022-48385
- RESERVED
-CVE-2022-48384
- RESERVED
-CVE-2022-48383
- RESERVED
-CVE-2022-48382
- RESERVED
-CVE-2022-48381
- RESERVED
-CVE-2022-48380
- RESERVED
-CVE-2022-48379
- RESERVED
-CVE-2022-48378
- RESERVED
-CVE-2022-48377
- RESERVED
-CVE-2022-48376
- RESERVED
-CVE-2022-48375
- RESERVED
-CVE-2022-48374
- RESERVED
-CVE-2022-48373
- RESERVED
-CVE-2022-48372
- RESERVED
-CVE-2022-48371
- RESERVED
-CVE-2022-48370
- RESERVED
-CVE-2022-48369
- RESERVED
-CVE-2022-48368
- RESERVED
+CVE-2022-48389 (In modem control device, there is a possible out of bounds write due t ...)
+ TODO: check
+CVE-2022-48388 (In powerEx service, there is a possible missing permission check. This ...)
+ TODO: check
+CVE-2022-48387 (the apipe driver, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-48386 (the apipe driver, there is a possible use after free due to a logic er ...)
+ TODO: check
+CVE-2022-48385 (In cp_dump driver, there is a possible out of bounds write due to a mi ...)
+ TODO: check
+CVE-2022-48384 (In srtd service, there is a possible missing permission check. This co ...)
+ TODO: check
+CVE-2022-48383 (.In srtd service, there is a possible missing permission check. This c ...)
+ TODO: check
+CVE-2022-48382 (In log service, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-48381 (In modem control device, there is a possible out of bounds write due t ...)
+ TODO: check
+CVE-2022-48380 (In modem control device, there is a possible out of bounds write due t ...)
+ TODO: check
+CVE-2022-48379 (In dialer service, there is a possible missing permission check. This ...)
+ TODO: check
+CVE-2022-48378 (In engineermode service, there is a possible missing permission check. ...)
+ TODO: check
+CVE-2022-48377 (In dialer service, there is a possible missing permission check. This ...)
+ TODO: check
+CVE-2022-48376 (In dialer service, there is a possible missing permission check. This ...)
+ TODO: check
+CVE-2022-48375 (In contacts service, there is a possible missing permission check. Thi ...)
+ TODO: check
+CVE-2022-48374 (In tee service, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-48373 (In tee service, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-48372 (In bootcp service, there is a possible out of bounds write due to a mi ...)
+ TODO: check
+CVE-2022-48371 (In dialer service, there is a possible missing permission check. This ...)
+ TODO: check
+CVE-2022-48370 (In dialer service, there is a possible missing permission check. This ...)
+ TODO: check
+CVE-2022-48369 (In audio service, there is a possible missing permission check. This c ...)
+ TODO: check
+CVE-2022-48368 (In audio service, there is a possible missing permission check. This c ...)
+ TODO: check
CVE-2023-1360 (A vulnerability was found in SourceCodester Employee Payslip Generator ...)
NOT-FOR-US: SourceCodester Employee Payslip Generator with Sending Mail
CVE-2023-1359 (A vulnerability has been found in SourceCodester Gadget Works Online O ...)
@@ -20487,12 +20503,12 @@ CVE-2023-24509 (On affected modular platforms running Arista EOS equipped with b
NOT-FOR-US: Arista
CVE-2023-24508 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 ...)
NOT-FOR-US: Baicells
-CVE-2023-24507
- RESERVED
-CVE-2023-24506
- RESERVED
-CVE-2023-24505
- RESERVED
+CVE-2023-24507 (AgilePoint NX v8.0 SU2.2 & SU2.3 \u2013 Insecure File Upload -Vulnerab ...)
+ TODO: check
+CVE-2023-24506 (Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through a ...)
+ TODO: check
+CVE-2023-24505 (Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive informati ...)
+ TODO: check
CVE-2023-24504 (Electra Central AC unit \u2013 Adjacent attacker may cause the unit to ...)
NOT-FOR-US: Electra Central
CVE-2023-24503 (Electra Central AC unit \u2013 Adjacent attacker may cause the unit to ...)
@@ -20888,8 +20904,8 @@ CVE-2023-24378 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-24377 (Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecw ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24376
- RESERVED
+CVE-2023-24376 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Nico ...)
+ TODO: check
CVE-2023-24375
RESERVED
CVE-2023-24374 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -22112,8 +22128,8 @@ CVE-2023-23896
RESERVED
CVE-2023-23895
RESERVED
-CVE-2023-23894
- RESERVED
+CVE-2023-23894 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23893
RESERVED
CVE-2023-23892 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -22174,8 +22190,8 @@ CVE-2023-23865 (Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plug
NOT-FOR-US: WordPress plugin
CVE-2023-23864 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Micha ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23863
- RESERVED
+CVE-2023-23863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Blac ...)
+ TODO: check
CVE-2023-23862
RESERVED
CVE-2023-23861 (Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce ...)
@@ -25539,46 +25555,46 @@ CVE-2022-4883 (A flaw was found in libXpm. When processing files with .Z or .gz
NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/8178eb0834d82242e1edbc7d4fb0d1b397569c68 (libXpm-3.5.15)
CVE-2022-4882 (A vulnerability was found in kaltura mwEmbed up to 2.91. It has been r ...)
NOT-FOR-US: Kaltura
-CVE-2022-48250
- RESERVED
-CVE-2022-48249
- RESERVED
-CVE-2022-48248
- RESERVED
-CVE-2022-48247
- RESERVED
-CVE-2022-48246
- RESERVED
-CVE-2022-48245
- RESERVED
-CVE-2022-48244
- RESERVED
-CVE-2022-48243
- RESERVED
-CVE-2022-48242
- RESERVED
-CVE-2022-48241
- RESERVED
-CVE-2022-48240
- RESERVED
-CVE-2022-48239
- RESERVED
-CVE-2022-48238
- RESERVED
-CVE-2022-48237
- RESERVED
-CVE-2022-48236
- RESERVED
-CVE-2022-48235
- RESERVED
-CVE-2022-48234
- RESERVED
-CVE-2022-48233
- RESERVED
-CVE-2022-48232
- RESERVED
-CVE-2022-48231
- RESERVED
+CVE-2022-48250 (In audio service, there is a possible missing permission check. This c ...)
+ TODO: check
+CVE-2022-48249 (In audio service, there is a possible missing permission check. This c ...)
+ TODO: check
+CVE-2022-48248 (In audio service, there is a possible missing permission check. This c ...)
+ TODO: check
+CVE-2022-48247 (In audio service, there is a possible missing permission check. This c ...)
+ TODO: check
+CVE-2022-48246 (In audio service, there is a possible missing permission check. This c ...)
+ TODO: check
+CVE-2022-48245 (In audio service, there is a possible missing permission check. This c ...)
+ TODO: check
+CVE-2022-48244 (In audio service, there is a possible missing permission check. This c ...)
+ TODO: check
+CVE-2022-48243 (In audio service, there is a possible missing permission check. This c ...)
+ TODO: check
+CVE-2022-48242 (In telephony service, there is a possible missing permission check. Th ...)
+ TODO: check
+CVE-2022-48241 (In telephony service, there is a possible missing permission check. Th ...)
+ TODO: check
+CVE-2022-48240 (In camera driver, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-48239 (In camera driver, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-48238 (In Image filter, there is a possible out of bounds write due to a miss ...)
+ TODO: check
+CVE-2022-48237 (In Image filter, there is a possible out of bounds write due to a miss ...)
+ TODO: check
+CVE-2022-48236 (In MP3 encoder, there is a possible out of bounds read due to a missin ...)
+ TODO: check
+CVE-2022-48235 (In MP3 encoder, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-48234 (In FM service , there is a possible missing params check. This could l ...)
+ TODO: check
+CVE-2022-48233 (In FM service , there is a possible missing params check. This could l ...)
+ TODO: check
+CVE-2022-48232 (In FM service , there is a possible missing params check. This could l ...)
+ TODO: check
+CVE-2022-48231 (In soter service, there is a possible missing permission check. This c ...)
+ TODO: check
CVE-2022-48230 (There is a misinterpretation of input vulnerability in BiSheng-WNM FW ...)
NOT-FOR-US: Huawei
CVE-2022-46285 (A flaw was found in libXpm. This issue occurs when parsing a file with ...)
@@ -25798,8 +25814,8 @@ CVE-2023-22815
RESERVED
CVE-2023-22814
RESERVED
-CVE-2023-22813
- RESERVED
+CVE-2023-22813 (A device API endpoint was missing access controls onWestern Digital My ...)
+ TODO: check
CVE-2023-22812 (SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 ...)
NOT-FOR-US: SanDisk PrivateAccess
CVE-2023-22811
@@ -26091,8 +26107,8 @@ CVE-2023-22712 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-22711
RESERVED
-CVE-2023-22710
- RESERVED
+CVE-2023-22710 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidev ...)
+ TODO: check
CVE-2023-22709
RESERVED
CVE-2023-22708
@@ -30831,8 +30847,8 @@ CVE-2022-4539
RESERVED
CVE-2022-4538
RESERVED
-CVE-2022-4537
- RESERVED
+CVE-2022-4537 (The Hide My WP Ghost \u2013 Security Plugin plugin for WordPress is vu ...)
+ TODO: check
CVE-2022-4536
RESERVED
CVE-2022-4535
@@ -30897,36 +30913,36 @@ CVE-2022-47501 (Arbitrary file reading vulnerability in Apache Software Foundati
NOT-FOR-US: Apache OFBiz
CVE-2022-47500 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in A ...)
NOT-FOR-US: Apache Helix
-CVE-2022-47499
- RESERVED
-CVE-2022-47498
- RESERVED
-CVE-2022-47497
- RESERVED
-CVE-2022-47496
- RESERVED
-CVE-2022-47495
- RESERVED
-CVE-2022-47494
- RESERVED
-CVE-2022-47493
- RESERVED
-CVE-2022-47492
- RESERVED
-CVE-2022-47491
- RESERVED
-CVE-2022-47490
- RESERVED
-CVE-2022-47489
- RESERVED
-CVE-2022-47488
- RESERVED
-CVE-2022-47487
- RESERVED
-CVE-2022-47486
- RESERVED
-CVE-2022-47485
- RESERVED
+CVE-2022-47499 (In soter service, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-47498 (In soter service, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-47497 (In soter service, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-47496 (In soter service, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-47495 (In soter service, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-47494 (In soter service, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-47493 (In soter service, there is a possible missing permission check. This c ...)
+ TODO: check
+CVE-2022-47492 (In soter service, there is a possible missing permission check. This c ...)
+ TODO: check
+CVE-2022-47491 (In soter service, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-47490 (In soter service, there is a possible missing permission check. This c ...)
+ TODO: check
+CVE-2022-47489 (In soter service, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-47488 (In spipe drive, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-47487 (In thermal service, there is a possible out of bounds write due to a m ...)
+ TODO: check
+CVE-2022-47486 (In ext4fsfilter driver, there is a possible out of bounds read due to ...)
+ TODO: check
+CVE-2022-47485 (In modem control device, there is a possible out of bounds write due t ...)
+ TODO: check
CVE-2022-47484 (In telephony service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
CVE-2022-47483 (In telephony service, there is a missing permission check. This could ...)
@@ -30955,10 +30971,10 @@ CVE-2022-47472 (In telephony service, there is a missing permission check. This
NOT-FOR-US: Unisoc
CVE-2022-47471 (In telephony service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
-CVE-2022-47470
- RESERVED
-CVE-2022-47469
- RESERVED
+CVE-2022-47470 (In ext4fsfilter driver, there is a possible out of bounds read due to ...)
+ TODO: check
+CVE-2022-47469 (In ext4fsfilter driver, there is a possible out of bounds read due to ...)
+ TODO: check
CVE-2022-47468 (In telecom service, there is a missing permission check. This could le ...)
NOT-FOR-US: Unisoc
CVE-2022-47467 (In telecom service, there is a missing permission check. This could le ...)
@@ -31600,8 +31616,8 @@ CVE-2022-47342 (In engineermode services, there is a missing permission check. T
NOT-FOR-US: Unisoc
CVE-2022-47341 (In engineermode services, there is a missing permission check. This co ...)
NOT-FOR-US: Unisoc
-CVE-2022-47340
- RESERVED
+CVE-2022-47340 (In h265 codec firmware, there is a possible out of bounds write due to ...)
+ TODO: check
CVE-2022-47339 (In cmd services, there is a OS command injection issue due to missing ...)
NOT-FOR-US: Unisoc
CVE-2022-47338 (In telecom service, there is a missing permission check. This could le ...)
@@ -31612,8 +31628,8 @@ CVE-2022-47336 (In telecom service, there is a missing permission check. This co
NOT-FOR-US: Unisoc
CVE-2022-47335 (In telecom service, there is a missing permission check. This could le ...)
NOT-FOR-US: Unisoc
-CVE-2022-47334
- RESERVED
+CVE-2022-47334 (In phasecheck server, there is a possible out of bounds read due to a ...)
+ TODO: check
CVE-2022-47333 (In wlan driver, there is a possible missing permission check. This cou ...)
NOT-FOR-US: Unisoc
CVE-2022-47332 (In wlan driver, there is a possible missing permission check. This cou ...)
@@ -39273,8 +39289,8 @@ CVE-2023-21406
RESERVED
CVE-2023-21405
RESERVED
-CVE-2023-21404
- RESERVED
+CVE-2023-21404 (AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components ...)
+ TODO: check
CVE-2022-44749 (A directory traversal vulnerability in the ZIP archive extraction rout ...)
NOT-FOR-US: KNIME
CVE-2022-44748 (A directory traversal vulnerability in the ZIP archive extraction rout ...)
@@ -41276,8 +41292,8 @@ CVE-2022-44435 (In messaging service, there is a missing permission check. This
NOT-FOR-US: Unisoc
CVE-2022-44434 (In messaging service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
-CVE-2022-44433
- RESERVED
+CVE-2022-44433 (In phoneEx service, there is a possible missing permission check. This ...)
+ TODO: check
CVE-2022-44432 (In wlan driver, there is a possible missing bounds check. This could l ...)
NOT-FOR-US: Unisoc
CVE-2022-44431 (In wlan driver, there is a possible missing bounds check. This could l ...)
@@ -41302,10 +41318,10 @@ CVE-2022-44422 (In music service, there is a missing permission check. This coul
NOT-FOR-US: Unisoc
CVE-2022-44421 (In wlan driver, there is a possible missing permission check. This cou ...)
NOT-FOR-US: Unisoc
-CVE-2022-44420
- RESERVED
-CVE-2022-44419
- RESERVED
+CVE-2022-44420 (In modem, there is a possible missing verification of HashMME value in ...)
+ TODO: check
+CVE-2022-44419 (In modem, there is a possible missing verification of NAS Security Mod ...)
+ TODO: check
CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Mia-Med
CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -57049,8 +57065,8 @@ CVE-2022-39091 (In power management service, there is a missing permission check
NOT-FOR-US: Unisoc
CVE-2022-39090 (In power management service, there is a missing permission check. This ...)
NOT-FOR-US: Unisoc
-CVE-2022-39089
- RESERVED
+CVE-2022-39089 (In mlog service, there is a possible out of bounds read due to a missi ...)
+ TODO: check
CVE-2022-39088 (In network service, there is a missing permission check. This could le ...)
NOT-FOR-US: Unisoc
CVE-2022-39087 (In network service, there is a missing permission check. This could le ...)
@@ -58390,8 +58406,8 @@ CVE-2022-38687 (In messaging service, there is a missing permission check. This
NOT-FOR-US: Unisoc
CVE-2022-38686 (In wlan driver, there is a possible missing params check. This could l ...)
NOT-FOR-US: Unisoc
-CVE-2022-38685
- RESERVED
+CVE-2022-38685 (In bluetooth service, there is a possible missing permission check. Th ...)
+ TODO: check
CVE-2022-38684 (In contacts service, there is a missing permission check. This could l ...)
NOT-FOR-US: Unisoc
CVE-2022-38683 (In contacts service, there is a missing permission check. This could l ...)
@@ -113813,8 +113829,8 @@ CVE-2021-44285
RESERVED
CVE-2021-44284
RESERVED
-CVE-2021-44283
- RESERVED
+CVE-2021-44283 (A buffer overflow in the component /Enclave.cpp of Electronics and Tel ...)
+ TODO: check
CVE-2021-44282
RESERVED
CVE-2021-44281
@@ -151115,8 +151131,8 @@ CVE-2021-31241
RESERVED
CVE-2021-31240
RESERVED
-CVE-2021-31239
- RESERVED
+CVE-2021-31239 (An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacke ...)
+ TODO: check
CVE-2021-31238
RESERVED
CVE-2021-31237
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de9ecb6ed692e289fefff3ca22250b1513506ef3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de9ecb6ed692e289fefff3ca22250b1513506ef3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230509/17f73557/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list