[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 10 21:12:40 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
74f2efb8 by security tracker role at 2023-05-10T20:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-32076 (in-toto is a framework to protect supply chain integrity. The in-toto ...)
+ TODO: check
+CVE-2023-32070 (XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, ...)
+ TODO: check
+CVE-2023-31910 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buff ...)
+ TODO: check
+CVE-2023-31908 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buff ...)
+ TODO: check
+CVE-2023-31907 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...)
+ TODO: check
+CVE-2023-31906 (Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buf ...)
+ TODO: check
+CVE-2023-31568 (Podofo v0.10.0 was discovered to contain a heap buffer overflow via th ...)
+ TODO: check
+CVE-2023-31567 (Podofo v0.10.0 was discovered to contain a heap buffer overflow via th ...)
+ TODO: check
+CVE-2023-31566 (Podofo v0.10.0 was discovered to contain a heap-use-after-free via the ...)
+ TODO: check
+CVE-2023-31557 (xpdf pdfimages v4.04 was discovered to contain a stack overflow in the ...)
+ TODO: check
+CVE-2023-31556 (podofoinfo 0.10.0 was discovered to contain a segmentation violation v ...)
+ TODO: check
+CVE-2023-31555 (podofoinfo 0.10.0 was discovered to contain a segmentation violation v ...)
+ TODO: check
+CVE-2023-31554 (xpdf pdfimages v4.04 was discovered to contain a stack overflow in the ...)
+ TODO: check
+CVE-2023-31471 (An issue was discovered on GL.iNet devices before 3.216. Through the s ...)
+ TODO: check
+CVE-2023-2630 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ TODO: check
+CVE-2023-2629 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...)
+ TODO: check
CVE-2023-XXXX [several critical memory corruption vulnerabilities]
- osslsigncode 2.3.0-1 (bug #1035875)
NOTE: https://github.com/mtrojnar/osslsigncode/releases/tag/2.3
@@ -33,6 +65,7 @@ CVE-2023-32216
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32216
CVE-2023-32215
+ {DSA-5400-1}
- firefox <unfixed>
- firefox-esr 102.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32215
@@ -43,16 +76,19 @@ CVE-2023-32214
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32214
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32214
CVE-2023-32213
+ {DSA-5400-1}
- firefox <unfixed>
- firefox-esr 102.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32213
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32213
CVE-2023-32212
+ {DSA-5400-1}
- firefox <unfixed>
- firefox-esr 102.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32212
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32212
CVE-2023-32211
+ {DSA-5400-1}
- firefox <unfixed>
- firefox-esr 102.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32211
@@ -67,16 +103,19 @@ CVE-2023-32208
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32208
CVE-2023-32207
+ {DSA-5400-1}
- firefox <unfixed>
- firefox-esr 102.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32207
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32207
CVE-2023-32206
+ {DSA-5400-1}
- firefox <unfixed>
- firefox-esr 102.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32206
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32206
CVE-2023-32205
+ {DSA-5400-1}
- firefox <unfixed>
- firefox-esr 102.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32205
@@ -677,8 +716,8 @@ CVE-2023-2312
RESERVED
CVE-2023-2311
RESERVED
-CVE-2023-2310
- RESERVED
+CVE-2023-2310 (A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer E ...)
+ TODO: check
CVE-2023-2309
RESERVED
CVE-2023-2308
@@ -874,44 +913,44 @@ CVE-2023-31168
RESERVED
CVE-2023-31167
RESERVED
-CVE-2023-31166
- RESERVED
-CVE-2023-31165
- RESERVED
-CVE-2023-31164
- RESERVED
-CVE-2023-31163
- RESERVED
-CVE-2023-31162
- RESERVED
-CVE-2023-31161
- RESERVED
-CVE-2023-31160
- RESERVED
-CVE-2023-31159
- RESERVED
-CVE-2023-31158
- RESERVED
-CVE-2023-31157
- RESERVED
-CVE-2023-31156
- RESERVED
-CVE-2023-31155
- RESERVED
-CVE-2023-31154
- RESERVED
-CVE-2023-31153
- RESERVED
-CVE-2023-31152
- RESERVED
-CVE-2023-31151
- RESERVED
-CVE-2023-31150
- RESERVED
-CVE-2023-31149
- RESERVED
-CVE-2023-31148
- RESERVED
+CVE-2023-31166 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
+ TODO: check
+CVE-2023-31165 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2023-31164 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2023-31163 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2023-31162 (An Improper Input Validation vulnerability in the Schweitzer Engineeri ...)
+ TODO: check
+CVE-2023-31161 (AnImproper Input Validation vulnerability in the Schweitzer Engineerin ...)
+ TODO: check
+CVE-2023-31160 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2023-31159 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2023-31158 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2023-31157 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2023-31156 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2023-31155 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2023-31154 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2023-31153 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2023-31152 (An Authentication Bypass Using an Alternate Path or Channel vulnerabil ...)
+ TODO: check
+CVE-2023-31151 (An Improper Certificate Validation vulnerability in the Schweitzer E ...)
+ TODO: check
+CVE-2023-31150 (A Storing Passwords in a Recoverable Format vulnerability in the Schwe ...)
+ TODO: check
+CVE-2023-31149 (An Improper Input Validation vulnerability in the Schweitzer Enginee ...)
+ TODO: check
+CVE-2023-31148 (An Improper Input Validation vulnerability in the Schweitzer Enginee ...)
+ TODO: check
CVE-2023-31147
RESERVED
CVE-2023-31146
@@ -2250,8 +2289,8 @@ CVE-2023-30748
RESERVED
CVE-2023-30747
RESERVED
-CVE-2023-30746
- RESERVED
+CVE-2023-30746 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booq ...)
+ TODO: check
CVE-2023-30745
RESERVED
CVE-2023-30744 (In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, C ...)
@@ -3470,18 +3509,18 @@ CVE-2023-30358
RESERVED
CVE-2023-30357
RESERVED
-CVE-2023-30356
- RESERVED
+CVE-2023-30356 (Missing Support for an Integrity Check in Shenzen Tenda Technology IP ...)
+ TODO: check
CVE-2023-30355
RESERVED
-CVE-2023-30354
- RESERVED
-CVE-2023-30353
- RESERVED
-CVE-2023-30352
- RESERVED
-CVE-2023-30351
- RESERVED
+CVE-2023-30354 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not d ...)
+ TODO: check
+CVE-2023-30353 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows una ...)
+ TODO: check
+CVE-2023-30352 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discov ...)
+ TODO: check
+CVE-2023-30351 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discov ...)
+ TODO: check
CVE-2023-30350
RESERVED
CVE-2023-30349 (JFinal CMS v5.1.0 was discovered to contain a remote code execution (R ...)
@@ -3798,8 +3837,8 @@ CVE-2023-30196
RESERVED
CVE-2023-30195
RESERVED
-CVE-2023-30194
- RESERVED
+CVE-2023-30194 (Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via ...)
+ TODO: check
CVE-2023-30193
RESERVED
CVE-2023-30192
@@ -4367,8 +4406,8 @@ CVE-2023-29932 (llvm-project commit fdbc55a5 was discovered to contain a segment
NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue
CVE-2023-29931
RESERVED
-CVE-2023-29930
- RESERVED
+CVE-2023-29930 (An issue was found in Genesys CIC Polycom phone provisioning TFTP Serv ...)
+ TODO: check
CVE-2023-29929
RESERVED
CVE-2023-29928
@@ -6918,8 +6957,8 @@ CVE-2023-1734 (A vulnerability classified as critical has been found in SourceCo
NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System
CVE-2023-1733 (A denial of service condition exists in the Prometheus server bundled ...)
- gitlab <unfixed>
-CVE-2023-1732
- RESERVED
+CVE-2023-1732 (When sampling randomness for a shared secret, the implementation of Ky ...)
+ TODO: check
CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file upload fun ...)
NOT-FOR-US: LTOS
CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not validate and e ...)
@@ -8099,10 +8138,10 @@ CVE-2023-28654 (Osprey Pump Controller version 1.01 has a hidden administrative
NOT-FOR-US: Osprey Pump Controller
CVE-2023-28648 (Osprey Pump Controller version 1.01 inputs passed to a GET parameter a ...)
NOT-FOR-US: Osprey Pump Controller
-CVE-2023-28411
- RESERVED
-CVE-2023-28410
- RESERVED
+CVE-2023-28411 (Double free in some Intel(R) Server Board BMC firmware before version ...)
+ TODO: check
+CVE-2023-28410 (Improper restriction of operations within the bounds of a memory buffe ...)
+ TODO: check
CVE-2023-28404
RESERVED
CVE-2023-28403
@@ -11878,18 +11917,18 @@ CVE-2023-27566 (Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds
NOT-FOR-US: Live2D Cubism Editor
CVE-2023-27565
RESERVED
-CVE-2023-27564
- RESERVED
-CVE-2023-27563
- RESERVED
-CVE-2023-27562
- RESERVED
+CVE-2023-27564 (The n8n package 0.218.0 for Node.js allows Information Disclosure.)
+ TODO: check
+CVE-2023-27563 (The n8n package 0.218.0 for Node.js allows Escalation of Privileges.)
+ TODO: check
+CVE-2023-27562 (The n8n package 0.218.0 for Node.js allows Directory Traversal.)
+ TODO: check
CVE-2023-27528
RESERVED
CVE-2023-27392
RESERVED
-CVE-2023-27382
- RESERVED
+CVE-2023-27382 (Incorrect default permissions in the Audio Service for some Intel(R) N ...)
+ TODO: check
CVE-2023-26587
RESERVED
CVE-2023-26586
@@ -12137,12 +12176,12 @@ CVE-2023-27497 (Due to missing authentication and input sanitization of code the
NOT-FOR-US: SAP
CVE-2023-27393
RESERVED
-CVE-2023-27386
- RESERVED
-CVE-2023-27298
- RESERVED
-CVE-2023-25772
- RESERVED
+CVE-2023-27386 (Uncontrolled search path in some Intel(R) Pathfinder for RISC-V softwa ...)
+ TODO: check
+CVE-2023-27298 (Uncontrolled search path in the WULT software maintained by Intel(R) b ...)
+ TODO: check
+CVE-2023-25772 (Improper input validation in the Intel(R) Retail Edge Mobile Android a ...)
+ TODO: check
CVE-2023-24460
RESERVED
CVE-2023-23572 (Cross-site scripting vulnerability in SEIKO EPSON printers/network int ...)
@@ -12282,8 +12321,8 @@ CVE-2023-27457
RESERVED
CVE-2023-27456
RESERVED
-CVE-2023-27455
- RESERVED
+CVE-2023-27455 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maui Mar ...)
+ TODO: check
CVE-2023-27454
RESERVED
CVE-2023-27453
@@ -12354,8 +12393,8 @@ CVE-2023-27421
RESERVED
CVE-2023-27420
RESERVED
-CVE-2023-27419
- RESERVED
+CVE-2023-27419 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...)
+ TODO: check
CVE-2023-27418
RESERVED
CVE-2023-27417
@@ -12416,8 +12455,8 @@ CVE-2023-24478
RESERVED
CVE-2023-24463
RESERVED
-CVE-2023-22312
- RESERVED
+CVE-2023-22312 (Improper access control for some Intel(R) NUC BIOS firmware may allow ...)
+ TODO: check
CVE-2023-1129 (The WP FEvents Book WordPress plugin through 0.46 does not ensures tha ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1128
@@ -12731,8 +12770,8 @@ CVE-2023-27292 (An open redirect vulnerability exposes OpenCATS to template inje
NOT-FOR-US: OpenCATS
CVE-2023-26594
RESERVED
-CVE-2023-25771
- RESERVED
+CVE-2023-25771 (Improper access control for some Intel(R) NUC BIOS firmware may allow ...)
+ TODO: check
CVE-2023-25769
RESERVED
CVE-2023-25079
@@ -16256,8 +16295,8 @@ CVE-2023-25546
RESERVED
CVE-2023-23904
RESERVED
-CVE-2023-23573
- RESERVED
+CVE-2023-23573 (Improper access control in the Intel(R) Unite(R) android application b ...)
+ TODO: check
CVE-2023-22449
RESERVED
CVE-2023-22444
@@ -16706,8 +16745,8 @@ CVE-2023-0837
RESERVED
CVE-2023-25780
RESERVED
-CVE-2023-25776
- RESERVED
+CVE-2023-25776 (Improper input validation in some Intel(R) Server Board BMC firmware b ...)
+ TODO: check
CVE-2023-25773
RESERVED
CVE-2023-25768 (A missing permission check in Jenkins Azure Credentials Plugin 253.v88 ...)
@@ -16726,22 +16765,22 @@ CVE-2023-25762 (Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not es
NOT-FOR-US: Jenkins plugin
CVE-2023-25761 (Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape t ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-25545
- RESERVED
+CVE-2023-25545 (Improper buffer restrictions in some Intel(R) Server Board BMC firmwar ...)
+ TODO: check
CVE-2023-25182
RESERVED
-CVE-2023-25179
- RESERVED
-CVE-2023-25175
- RESERVED
-CVE-2023-24475
- RESERVED
-CVE-2023-22661
- RESERVED
-CVE-2023-22379
- RESERVED
-CVE-2023-22297
- RESERVED
+CVE-2023-25179 (Uncontrolled resource consumption in the Intel(R) Unite(R) android app ...)
+ TODO: check
+CVE-2023-25175 (Improper input validation in some Intel(R) Server Board BMC firmware b ...)
+ TODO: check
+CVE-2023-24475 (Out of bounds read in some Intel(R) Server Board BMC firmware before v ...)
+ TODO: check
+CVE-2023-22661 (Buffer overflow in some Intel(R) Server Board BMC firmware before vers ...)
+ TODO: check
+CVE-2023-22379 (Improper input validation in some Intel(R) Server Board BMC firmware b ...)
+ TODO: check
+CVE-2023-22297 (Access of memory location after end of buffer in some Intel(R) Server ...)
+ TODO: check
CVE-2023-0836 (An information leak vulnerability was discovered in HAProxy 2.1, 2.2 b ...)
{DSA-5388-1}
- haproxy 2.6.8-1
@@ -17637,8 +17676,8 @@ CVE-2023-25570 (Apollo is a configuration management system. Prior to version 2.
NOT-FOR-US: Apollo
CVE-2023-25569 (Apollo is a configuration management system. Prior to version 2.1.0, a ...)
NOT-FOR-US: Apollo
-CVE-2023-25568
- RESERVED
+CVE-2023-25568 (Boxo, formerly known as go-libipfs, is a library for building IPFS app ...)
+ TODO: check
CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements ...)
- gss-ntlmssp 1.2.0-1 (bug #1031369)
[bullseye] - gss-ntlmssp <no-dsa> (Minor issue)
@@ -19478,22 +19517,22 @@ CVE-2023-24856 (Microsoft PostScript and PCL6 Class Printer Driver Information D
NOT-FOR-US: Microsoft
CVE-2023-24016
RESERVED
-CVE-2023-23910
- RESERVED
-CVE-2023-23909
- RESERVED
-CVE-2023-23569
- RESERVED
-CVE-2023-22447
- RESERVED
+CVE-2023-23910 (Out-of-bounds write for some Intel(R) Trace Analyzer and Collector sof ...)
+ TODO: check
+CVE-2023-23909 (Out-of-bounds read for some Intel(R) Trace Analyzer and Collector soft ...)
+ TODO: check
+CVE-2023-23569 (Stack-based buffer overflow for some Intel(R) Trace Analyzer and Colle ...)
+ TODO: check
+CVE-2023-22447 (Insertion of sensitive information into log file in the Open CAS softw ...)
+ TODO: check
CVE-2023-22446
RESERVED
-CVE-2023-22443
- RESERVED
-CVE-2023-22442
- RESERVED
-CVE-2023-22440
- RESERVED
+CVE-2023-22443 (Integer overflow in some Intel(R) Server Board BMC firmware before ver ...)
+ TODO: check
+CVE-2023-22442 (Out of bounds write in some Intel(R) Server Board BMC firmware before ...)
+ TODO: check
+CVE-2023-22440 (Incorrect default permissions in the Intel(R) SCS Add-on software inst ...)
+ TODO: check
CVE-2023-22276
RESERVED
CVE-2023-0608 (Cross-site Scripting (XSS) - DOM in GitHub repository microweber/micro ...)
@@ -20363,8 +20402,8 @@ CVE-2023-24543
RESERVED
CVE-2023-23908
RESERVED
-CVE-2023-23580
- RESERVED
+CVE-2023-23580 (Stack-based buffer overflow for some Intel(R) Trace Analyzer and Colle ...)
+ TODO: check
CVE-2023-23577
RESERVED
CVE-2023-23544
@@ -22350,8 +22389,8 @@ CVE-2023-23875 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23874 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23873
- RESERVED
+CVE-2023-23873 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23872
RESERVED
CVE-2023-23871
@@ -22566,8 +22605,8 @@ CVE-2023-23796
RESERVED
CVE-2023-23795
RESERVED
-CVE-2023-23794
- RESERVED
+CVE-2023-23794 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
+ TODO: check
CVE-2023-23793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eigh ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23792
@@ -26019,8 +26058,8 @@ CVE-2023-22445
RESERVED
CVE-2023-22430
RESERVED
-CVE-2023-22355
- RESERVED
+CVE-2023-22355 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...)
+ TODO: check
CVE-2023-22338
RESERVED
CVE-2023-22337
@@ -26315,8 +26354,8 @@ CVE-2023-22698 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in
NOT-FOR-US: WordPress plugin
CVE-2023-22697
RESERVED
-CVE-2023-22696
- RESERVED
+CVE-2023-22696 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-22695
RESERVED
CVE-2023-22694
@@ -29513,8 +29552,8 @@ CVE-2022-47608 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-47607 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in User ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47606
- RESERVED
+CVE-2022-47606 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim ...)
+ TODO: check
CVE-2022-47605 (Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plug ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47604
@@ -29525,8 +29564,8 @@ CVE-2022-47602 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2022-47601
RESERVED
-CVE-2022-47600
- RESERVED
+CVE-2022-47600 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
+ TODO: check
CVE-2022-47599
RESERVED
CVE-2022-47598 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP P ...)
@@ -29545,14 +29584,14 @@ CVE-2022-47592 (Reflected Cross-Site Scripting (XSS) vulnerability in Dmytriy.Co
NOT-FOR-US: WordPress plugin
CVE-2022-47591 (Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47590
- RESERVED
+CVE-2022-47590 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fugu Mai ...)
+ TODO: check
CVE-2022-47589 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47588
RESERVED
-CVE-2022-47587
- RESERVED
+CVE-2022-47587 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Corn ...)
+ TODO: check
CVE-2022-47586
RESERVED
CVE-2022-47585
@@ -31248,8 +31287,8 @@ CVE-2022-47443 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney
NOT-FOR-US: WordPress plugin
CVE-2022-47442
RESERVED
-CVE-2022-47441
- RESERVED
+CVE-2022-47441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitab ...)
+ TODO: check
CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket A ...)
@@ -31258,8 +31297,8 @@ CVE-2022-47438 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability
NOT-FOR-US: WordPress plugin
CVE-2022-47437 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bran ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47436
- RESERVED
+CVE-2022-47436 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mant ...)
+ TODO: check
CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB S ...)
@@ -31284,8 +31323,8 @@ CVE-2022-47425
RESERVED
CVE-2022-47424
RESERVED
-CVE-2022-47423
- RESERVED
+CVE-2022-47423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf ...)
+ TODO: check
CVE-2022-47422 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept St ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47421
@@ -32238,8 +32277,8 @@ CVE-2022-47139
RESERVED
CVE-2022-47138
RESERVED
-CVE-2022-47137
- RESERVED
+CVE-2022-47137 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMa ...)
+ TODO: check
CVE-2022-47136
RESERVED
CVE-2022-47135
@@ -33010,8 +33049,8 @@ CVE-2022-46863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-46862 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46861
- RESERVED
+CVE-2022-46861 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Zia ...)
+ TODO: check
CVE-2022-46860
RESERVED
CVE-2022-46859
@@ -33157,12 +33196,12 @@ CVE-2022-46821
RESERVED
CVE-2022-46820
RESERVED
-CVE-2022-46819
- RESERVED
+CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
+ TODO: check
CVE-2022-46818
RESERVED
-CVE-2022-46817
- RESERVED
+CVE-2022-46817 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyz ...)
+ TODO: check
CVE-2022-46816
RESERVED
CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri Karisola / WP ...)
@@ -33646,12 +33685,12 @@ CVE-2022-46676 (Wyse Management Suite 3.8 and below contain an improper access c
NOT-FOR-US: Wyse Management Suite
CVE-2022-46675 (Wyse Management Suite Repository 3.8 and below contain an information ...)
NOT-FOR-US: Wyse Management Suite
-CVE-2022-46656
- RESERVED
-CVE-2022-46645
- RESERVED
-CVE-2022-46279
- RESERVED
+CVE-2022-46656 (Insecure inherited permissions for the Intel(R) NUC Pro Software Suite ...)
+ TODO: check
+CVE-2022-46645 (Uncontrolled resource consumption in the Intel(R) Smart Campus Android ...)
+ TODO: check
+CVE-2022-46279 (Improper access control in the Intel(R) Retail Edge android applicatio ...)
+ TODO: check
CVE-2022-45112
RESERVED
CVE-2022-44607
@@ -33662,8 +33701,8 @@ CVE-2022-43502
RESERVED
CVE-2022-43498
RESERVED
-CVE-2022-43474
- RESERVED
+CVE-2022-43474 (Uncontrolled search path for the DSP Builder software installer before ...)
+ TODO: check
CVE-2022-4322 (A vulnerability, which was classified as critical, was found in maku-b ...)
NOT-FOR-US: maku-boot
CVE-2022-4321 (The PDF Generator for WordPress plugin before 1.1.2 includes a vendore ...)
@@ -34413,10 +34452,10 @@ CVE-2022-45115 (A buffer overflow vulnerability exists in the Attribute Arena fu
NOT-FOR-US: Ichitaro
CVE-2022-43665 (A denial of service vulnerability exists in the malware scan functiona ...)
NOT-FOR-US: ESTsoft Alyac
-CVE-2022-46378
- RESERVED
-CVE-2022-46377
- RESERVED
+CVE-2022-46378 (An out-of-bounds read vulnerability exists in the PORT command paramet ...)
+ TODO: check
+CVE-2022-46377 (An out-of-bounds read vulnerability exists in the PORT command paramet ...)
+ TODO: check
CVE-2022-46376
RESERVED
CVE-2022-46375
@@ -34855,8 +34894,8 @@ CVE-2022-4209 (The Chained Quiz plugin for WordPress is vulnerable to Reflected
NOT-FOR-US: Chained Quiz plugin for WordPress
CVE-2022-4208 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...)
NOT-FOR-US: Chained Quiz plugin for WordPress
-CVE-2022-41985
- RESERVED
+CVE-2022-41985 (An authentication bypass vulnerability exists in the Authentication fu ...)
+ TODO: check
CVE-2022-46337
RESERVED
CVE-2022-46336
@@ -36153,8 +36192,8 @@ CVE-2022-45848 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability inContes
NOT-FOR-US: WordPress plugin
CVE-2022-45847
RESERVED
-CVE-2022-45846
- RESERVED
+CVE-2022-45846 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pr ...)
+ TODO: check
CVE-2022-45845
RESERVED
CVE-2022-45844
@@ -38450,8 +38489,8 @@ CVE-2022-45130 (Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/c
NOT-FOR-US: Plesk
CVE-2022-45129 (Payara before 2022-11-04, when deployed to the root context, allows at ...)
NOT-FOR-US: Payara
-CVE-2022-45128
- RESERVED
+CVE-2022-45128 (Improper authorization in the Intel(R) EMA software before version 1.9 ...)
+ TODO: check
CVE-2022-45117
RESERVED
CVE-2022-45114
@@ -38466,8 +38505,8 @@ CVE-2022-43505
RESERVED
CVE-2022-43477
RESERVED
-CVE-2022-41808
- RESERVED
+CVE-2022-41808 (Improper buffer restriction in software for the Intel QAT Driver for L ...)
+ TODO: check
CVE-2022-41659
RESERVED
CVE-2022-3921 (The Listingo WordPress theme before 3.2.7 does not validate files to b ...)
@@ -39299,26 +39338,26 @@ CVE-2022-44785 (An issue was discovered in Appalti & Contratti 9.12.2. The targe
NOT-FOR-US: Appalti & Contratti
CVE-2022-44784 (An issue was discovered in Appalti & Contratti 9.12.2. The target web ...)
NOT-FOR-US: Appalti & Contratti
-CVE-2022-44619
- RESERVED
-CVE-2022-44610
- RESERVED
-CVE-2022-43507
- RESERVED
-CVE-2022-43475
- RESERVED
-CVE-2022-43465
- RESERVED
+CVE-2022-44619 (Insecure storage of sensitive information in the Intel(R) DCM software ...)
+ TODO: check
+CVE-2022-44610 (Improper authentication in the Intel(R) DCM software before version 5. ...)
+ TODO: check
+CVE-2022-43507 (Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL be ...)
+ TODO: check
+CVE-2022-43475 (Insecure storage of sensitive information in the Intel(R) DCM software ...)
+ TODO: check
+CVE-2022-43465 (Improper authorization in the Intel(R) SCS software all versions may a ...)
+ TODO: check
CVE-2022-43456
RESERVED
-CVE-2022-41998
- RESERVED
-CVE-2022-41979
- RESERVED
+CVE-2022-41998 (Uncontrolled search path in the Intel(R) DCM software before version 5 ...)
+ TODO: check
+CVE-2022-41979 (Protection mechanism failure in the Intel(R) DCM software before versi ...)
+ TODO: check
CVE-2022-41625
RESERVED
-CVE-2022-41610
- RESERVED
+CVE-2022-41610 (Improper authorization in Intel(R) EMA Configuration Tool before versi ...)
+ TODO: check
CVE-2022-3871
RESERVED
CVE-2022-3870 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -40814,8 +40853,8 @@ CVE-2022-43510
RESERVED
CVE-2022-43446
RESERVED
-CVE-2022-42465
- RESERVED
+CVE-2022-42465 (Improper access control in kernel mode driver for the Intel(R) OFU sof ...)
+ TODO: check
CVE-2022-3843 (In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an u ...)
NOT-FOR-US: WAGO
CVE-2022-3842 (Use after free in Passwords in Google Chrome prior to 105.0.5195.125 a ...)
@@ -44239,10 +44278,10 @@ CVE-2023-0010
RESERVED
CVE-2023-0009
RESERVED
-CVE-2023-0008
- RESERVED
-CVE-2023-0007
- RESERVED
+CVE-2023-0008 (A file disclosure vulnerability in Palo Alto Networks PAN-OS software ...)
+ TODO: check
+CVE-2023-0007 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...)
+ TODO: check
CVE-2023-0006 (A local file deletion vulnerability in the Palo Alto Networks GlobalPr ...)
NOT-FOR-US: Palo Alto Networks
CVE-2023-0005 (A vulnerability in Palo Alto Networks PAN-OS software enables an authe ...)
@@ -47515,8 +47554,8 @@ CVE-2022-42889 (Apache Commons Text performs variable interpolation, allowing pr
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/4
NOTE: https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/
NOTE: https://blogs.apache.org/security/entry/cve-2022-42889
-CVE-2022-42878
- RESERVED
+CVE-2022-42878 (Null pointer dereference for some Intel(R) Trace Analyzer and Collecto ...)
+ TODO: check
CVE-2022-42877
RESERVED
CVE-2022-42876
@@ -47545,14 +47584,14 @@ CVE-2022-41997
RESERVED
CVE-2022-41984
RESERVED
-CVE-2022-41982
- RESERVED
-CVE-2022-41784
- RESERVED
-CVE-2022-41693
- RESERVED
-CVE-2022-41687
- RESERVED
+CVE-2022-41982 (Uncontrolled search path element in the Intel(R) VTune(TM) Profiler so ...)
+ TODO: check
+CVE-2022-41784 (Improper access control in kernel mode driver for the Intel(R) OFU sof ...)
+ TODO: check
+CVE-2022-41693 (Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition ...)
+ TODO: check
+CVE-2022-41687 (Insecure inherited permissions in the HotKey Services for some Intel(R ...)
+ TODO: check
CVE-2022-40221
RESERVED
CVE-2022-3461 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 ma ...)
@@ -50350,22 +50389,22 @@ CVE-2022-41804
RESERVED
CVE-2022-41803
RESERVED
-CVE-2022-41801
- RESERVED
+CVE-2022-41801 (Uncontrolled resource consumption in the Intel(R) Connect M Android ap ...)
+ TODO: check
CVE-2022-41799 (Improper access control vulnerability in GROWI prior to v5.1.4 (v5 ser ...)
NOT-FOR-US: GROWI
CVE-2022-41782
RESERVED
-CVE-2022-41771
- RESERVED
-CVE-2022-41769
- RESERVED
-CVE-2022-41699
- RESERVED
-CVE-2022-41621
- RESERVED
-CVE-2022-40972
- RESERVED
+CVE-2022-41771 (Incorrect permission assignment for critical resource in some Intel(R) ...)
+ TODO: check
+CVE-2022-41769 (Improper access control in the Intel(R) Connect M Android application ...)
+ TODO: check
+CVE-2022-41699 (Incorrect permission assignment for critical resource in some Intel(R) ...)
+ TODO: check
+CVE-2022-41621 (Improper access control in some Intel(R) QAT drivers for Windows befor ...)
+ TODO: check
+CVE-2022-40972 (Improper access control in some Intel(R) QAT drivers for Windows befor ...)
+ TODO: check
CVE-2022-38973
RESERVED
CVE-2022-3367
@@ -50552,24 +50591,24 @@ CVE-2022-41744 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Ape
NOT-FOR-US: Trend Micro
CVE-2022-41700
RESERVED
-CVE-2022-41646
- RESERVED
-CVE-2022-41628
- RESERVED
+CVE-2022-41646 (Insufficient control flow management in the Intel(R) IPP Cryptography ...)
+ TODO: check
+CVE-2022-41628 (Uncontrolled search path element in the HotKey Services for some Intel ...)
+ TODO: check
CVE-2022-41614 (Insufficiently protected credentials in the Intel(R) ON Event Series A ...)
NOT-FOR-US: Intel
-CVE-2022-40974
- RESERVED
-CVE-2022-40685
- RESERVED
-CVE-2022-40207
- RESERVED
-CVE-2022-38101
- RESERVED
+CVE-2022-40974 (Incomplete cleanup in the Intel(R) IPP Cryptography software before ve ...)
+ TODO: check
+CVE-2022-40685 (Insufficiently protected credentials in the Intel(R) DCM software befo ...)
+ TODO: check
+CVE-2022-40207 (Improper access control in the Intel(R) SUR software before version 2. ...)
+ TODO: check
+CVE-2022-38101 (Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update ...)
+ TODO: check
CVE-2022-37410
RESERVED
-CVE-2022-37409
- RESERVED
+CVE-2022-37409 (Insufficient control flow management for the Intel(R) IPP Cryptography ...)
+ TODO: check
CVE-2022-41743 (NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in t ...)
NOT-FOR-US: NGINX Plus
CVE-2022-41742 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...)
@@ -50733,8 +50772,8 @@ CVE-2022-41704 (A vulnerability in Batik of Apache XML Graphics allows an attack
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1904320
CVE-2022-41703 (A vulnerability in the SQL Alchemy connector of Apache Superset allows ...)
NOT-FOR-US: Apache Superset
-CVE-2022-41690
- RESERVED
+CVE-2022-41690 (Improper access control in the Intel(R) Retail Edge Mobile iOS applica ...)
+ TODO: check
CVE-2022-41689
RESERVED
CVE-2022-41682
@@ -50749,8 +50788,8 @@ CVE-2022-41678
RESERVED
CVE-2022-41677
RESERVED
-CVE-2022-41658
- RESERVED
+CVE-2022-41658 (Insecure inherited permissions in the Intel(R) VTune(TM) Profiler soft ...)
+ TODO: check
CVE-2022-41637
RESERVED
CVE-2022-41626
@@ -50761,8 +50800,8 @@ CVE-2022-40689
RESERVED
CVE-2022-40688
RESERVED
-CVE-2022-38787
- RESERVED
+CVE-2022-38787 (Improper input validation in firmware for some Intel(R) FPGA products ...)
+ TODO: check
CVE-2022-38786
RESERVED
CVE-2022-3354 (A vulnerability has been found in Open5GS up to 2.4.10 and classified ...)
@@ -51084,14 +51123,14 @@ CVE-2022-41314 (Uncontrolled search path in some Intel(R) Network Adapter instal
NOT-FOR-US: Intel
CVE-2022-40982
RESERVED
-CVE-2022-40971
- RESERVED
+CVE-2022-40971 (Incorrect default permissions for the Intel(R) HDMI Firmware Update To ...)
+ TODO: check
CVE-2022-40970
RESERVED
CVE-2022-40964
RESERVED
-CVE-2022-40210
- RESERVED
+CVE-2022-40210 (Exposure of data element to wrong session in the Intel DCM software be ...)
+ TODO: check
CVE-2022-40196 (Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler befo ...)
NOT-FOR-US: Intel
CVE-2022-38136 (Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for ...)
@@ -60398,12 +60437,12 @@ CVE-2022-38117 (Juiker app hard-coded its AES key in the source code. A physical
NOT-FOR-US: Juiker app
CVE-2022-38116 (Le-yan Personnel and Salary Management System has hard-coded database ...)
NOT-FOR-US: Le-yan Personnel and Salary Management System
-CVE-2022-38103
- RESERVED
+CVE-2022-38103 (Insecure inherited permissions in the Intel(R) NUC Software Studio Ser ...)
+ TODO: check
CVE-2022-38092
RESERVED
-CVE-2022-38087
- RESERVED
+CVE-2022-38087 (Exposure of resource to wrong sphere in BIOS firmware for some Intel(R ...)
+ TODO: check
CVE-2022-38076
RESERVED
CVE-2022-38060 (A privilege escalation vulnerability exists in the sudo functionality ...)
@@ -62262,22 +62301,22 @@ CVE-2022-37345 (Improper authentication in BIOS firmware[A1] for some Intel(R) N
NOT-FOR-US: Intel
CVE-2022-37334 (Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro ...)
NOT-FOR-US: Intel
-CVE-2022-37327
- RESERVED
+CVE-2022-37327 (Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) ...)
+ TODO: check
CVE-2022-36789 (Improper access control in BIOS firmware for some Intel(R) NUC 10 Perf ...)
NOT-FOR-US: Intel
-CVE-2022-36391
- RESERVED
-CVE-2022-36339
- RESERVED
+CVE-2022-36391 (Incorrect default permissions for the Intel(R) NUC Pro Software Suite ...)
+ TODO: check
+CVE-2022-36339 (Improper input validation in firmware for Intel(R) NUC 8 Compute Eleme ...)
+ TODO: check
CVE-2022-35400
RESERVED
CVE-2022-35276 (Improper access control in BIOS firmware for some Intel(R) NUC 8 Compu ...)
NOT-FOR-US: Intel
CVE-2022-34152 (Improper input validation in BIOS firmware for some Intel(R) NUC Board ...)
NOT-FOR-US: Intel
-CVE-2022-32766
- RESERVED
+CVE-2022-32766 (Improper input validation for some Intel(R) BIOS firmware may allow a ...)
+ TODO: check
CVE-2022-2646 (A vulnerability, which was classified as problematic, was found in Sou ...)
NOT-FOR-US: SourceCodester Online Admission System
CVE-2022-2645 (A vulnerability has been found in SourceCodester Garage Management Sys ...)
@@ -63617,8 +63656,8 @@ CVE-2022-36939
RESERVED
CVE-2022-36938 (DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b ...)
NOT-FOR-US: ReDex (Android Bytecode Optimizer)
-CVE-2022-36937
- RESERVED
+CVE-2022-36937 (HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections ...)
+ TODO: check
CVE-2022-36936
RESERVED
CVE-2022-36935
@@ -64740,8 +64779,8 @@ CVE-2022-34864 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector
NOT-FOR-US: Intel
CVE-2022-34859
RESERVED
-CVE-2022-33963
- RESERVED
+CVE-2022-33963 (Incorrect default permissions in the software installer for Intel(R) U ...)
+ TODO: check
CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...)
- fava 1.23.1-1 (bug #1016971)
[bullseye] - fava <no-dsa> (Minor issue)
@@ -64786,12 +64825,12 @@ CVE-2022-36287 (Uncaught exception in the FCS Server software maintained by Inte
NOT-FOR-US: Intel
CVE-2022-36278 (Insufficient control flow management in the Intel(R) Battery Life Diag ...)
NOT-FOR-US: Intel
-CVE-2022-34855
- RESERVED
+CVE-2022-34855 (Path traversal for the Intel(R) NUC Pro Software Suite before version ...)
+ TODO: check
CVE-2022-34153 (Improper initialization in the Intel(R) Battery Life Diagnostic Tool s ...)
NOT-FOR-US: Intel
-CVE-2022-34147
- RESERVED
+CVE-2022-34147 (Improper input validation in BIOS firmware for some Intel(R) NUC 9 Ext ...)
+ TODO: check
CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
NOT-FOR-US: Roxy-WI
CVE-2022-2522 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
@@ -64923,8 +64962,8 @@ CVE-2022-36298
RESERVED
CVE-2022-35729 (Out of bounds read in firmware for OpenBMC in some Intel(R) platforms ...)
NOT-FOR-US: Intel
-CVE-2022-34848
- RESERVED
+CVE-2022-34848 (Uncontrolled search path for the Intel(R) NUC Pro Software Suite befor ...)
+ TODO: check
CVE-2022-34846
RESERVED
CVE-2022-34657
@@ -65044,8 +65083,8 @@ CVE-2022-36331
RESERVED
CVE-2022-36330 (A buffer overflow vulnerability was discovered on firmware version val ...)
NOT-FOR-US: Western Digital
-CVE-2022-36329
- RESERVED
+CVE-2022-36329 (An improper privilege management issue that could allow an attacker to ...)
+ TODO: check
CVE-2022-36328
RESERVED
CVE-2022-36327
@@ -69149,8 +69188,8 @@ CVE-2022-33974
RESERVED
CVE-2022-33965 (Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osama ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-33961
- RESERVED
+CVE-2022-33961 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wasp ...)
+ TODO: check
CVE-2022-33960 (Multiple Authenticated (subscriber or higher user role) SQL Injection ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33901 (Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plug ...)
@@ -69163,8 +69202,8 @@ CVE-2022-33191 (Authenticated (contributor or higher user role) Stored Cross-Sit
NOT-FOR-US: WordPress plugin
CVE-2022-33177 (Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-32970
- RESERVED
+CVE-2022-32970 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in The ...)
+ TODO: check
CVE-2022-32776 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adva ...)
NOT-FOR-US: WordPress plugin
CVE-2022-32587 (Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page ...)
@@ -71712,12 +71751,12 @@ CVE-2022-33898
RESERVED
CVE-2022-32764 (Description: Race condition in the Intel(R) DSA software before versio ...)
NOT-FOR-US: Intel
-CVE-2022-32582
- RESERVED
-CVE-2022-32577
- RESERVED
-CVE-2022-32576
- RESERVED
+CVE-2022-32582 (Improper access control in firmware for some Intel(R) NUC Boards, Inte ...)
+ TODO: check
+CVE-2022-32577 (Improper input validation in BIOS Firmware for some Intel(R) NUC Kits ...)
+ TODO: check
+CVE-2022-32576 (Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before ve ...)
+ TODO: check
CVE-2022-30530 (Protection mechanism failure in the Intel(R) DSA software before versi ...)
NOT-FOR-US: Intel
CVE-2022-29895
@@ -71855,8 +71894,8 @@ CVE-2022-33899
RESERVED
CVE-2022-33895
RESERVED
-CVE-2022-33894
- RESERVED
+CVE-2022-33894 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
+ TODO: check
CVE-2022-33892 (Path traversal in the Intel(R) Quartus Prime Pro and Standard edition ...)
NOT-FOR-US: Intel
CVE-2022-33209 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...)
@@ -71877,8 +71916,8 @@ CVE-2022-32584
RESERVED
CVE-2022-32580
RESERVED
-CVE-2022-32578
- RESERVED
+CVE-2022-32578 (Improper access control for the Intel(R) NUC Pro Software Suite before ...)
+ TODO: check
CVE-2022-32571
RESERVED
CVE-2022-32288
@@ -71887,8 +71926,8 @@ CVE-2022-32233
RESERVED
CVE-2022-32231 (Improper initialization in the BIOS firmware for some Intel(R) Process ...)
NOT-FOR-US: Intel
-CVE-2022-31477
- RESERVED
+CVE-2022-31477 (Improper initialization for some Intel(R) NUC BIOS firmware may allow ...)
+ TODO: check
CVE-2022-30704 (Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R ...)
NOT-FOR-US: Intel
CVE-2022-30691 (Uncontrolled resource consumption in the Intel(R) Support Android appl ...)
@@ -75155,8 +75194,8 @@ CVE-2022-29896
RESERVED
CVE-2022-29523 (Improper conditions check in the Open CAS software maintained by Intel ...)
NOT-FOR-US: Intel
-CVE-2022-28699
- RESERVED
+CVE-2022-28699 (Improper input validation for some Intel(R) NUC BIOS firmware may allo ...)
+ TODO: check
CVE-2022-28697 (Improper access control in firmware for Intel(R) AMT and Intel(R) Stan ...)
NOT-FOR-US: Intel
CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
@@ -81313,20 +81352,20 @@ CVE-2022-30548 (Uncontrolled search path element in the Intel(R) Glorp software
NOT-FOR-US: Intel
CVE-2022-30339 (Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solu ...)
NOT-FOR-US: Intel
-CVE-2022-30338
- RESERVED
+CVE-2022-30338 (Incorrect default permissions in the Intel(R) VROC software before ver ...)
+ TODO: check
CVE-2022-30296 (Insufficiently protected credentials in the Intel(R) Datacenter Group ...)
NOT-FOR-US: Intel
-CVE-2022-29919
- RESERVED
+CVE-2022-29919 (Use after free in the Intel(R) VROC software before version 7.7.6.1003 ...)
+ TODO: check
CVE-2022-29893 (Improper authentication in firmware for Intel(R) AMT before versions 1 ...)
NOT-FOR-US: Intel
CVE-2022-29887
RESERVED
CVE-2022-29515 (Missing release of memory after effective lifetime in firmware for Int ...)
NOT-FOR-US: Intel
-CVE-2022-29508
- RESERVED
+CVE-2022-29508 (Null pointer dereference in the Intel(R) VROC software before version ...)
+ TODO: check
CVE-2022-29507 (Insufficiently protected credentials in the Intel(R) Team Blue mobile ...)
NOT-FOR-US: Intel
CVE-2022-29478
@@ -81353,8 +81392,8 @@ CVE-2022-26373 (Non-transparent sharing of return predictor targets between cont
NOTE: https://git.kernel.org/linus/ba6e31af2be96c4d0536f2152ed6f7b6c11bca47
CVE-2022-26344 (Incorrect default permissions in the installation binaries for Intel(R ...)
NOT-FOR-US: Intel
-CVE-2022-25976
- RESERVED
+CVE-2022-25976 (Improper input validation in the Intel(R) VROC software before version ...)
+ TODO: check
CVE-2022-1670 (When generating a user invitation code in Octopus Server, the validity ...)
NOT-FOR-US: Octopus Server
CVE-2022-1669 (A buffer overflow vulnerability has been detected in the firewall func ...)
@@ -89430,8 +89469,8 @@ CVE-2022-27858 (CSV Injection vulnerability in Activity Log Team Activity Log <=
NOT-FOR-US: WordPress plugin
CVE-2022-27857
RESERVED
-CVE-2022-27856
- RESERVED
+CVE-2022-27856 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atl ...)
+ TODO: check
CVE-2022-27855 (Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analyti ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27854 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...)
@@ -90323,8 +90362,8 @@ CVE-2022-27229
RESERVED
CVE-2022-27183 (The Monitoring Console app configured in Distributed mode allows for a ...)
NOT-FOR-US: Splunk
-CVE-2022-27180
- RESERVED
+CVE-2022-27180 (Uncontrolled search path in the Intel(R) MacCPUID software before vers ...)
+ TODO: check
CVE-2022-26889 (In Splunk Enterprise versions before 8.1.2, the uri path to load a rel ...)
NOT-FOR-US: Splunk
CVE-2022-26888 (Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard ed ...)
@@ -110250,8 +110289,8 @@ CVE-2021-45346 (A Memory Leak vulnerability exists in SQLite Project SQLite3 3.3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2054793
NOTE: https://sqlite.org/forum/forumpost/056d557c2f8c452ed5bb9c215414c802b215ce437be82be047726e521342161e
NOTE: Negligible security impact
-CVE-2021-45345
- RESERVED
+CVE-2021-45345 (Buffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 all ...)
+ TODO: check
CVE-2021-45344
RESERVED
CVE-2021-45343 (In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of ...)
@@ -112417,14 +112456,14 @@ CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw was found in the NFSD in
NOTE: https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2)
CVE-2022-21812 (Improper access control in the Intel(R) HAXM software before version 7 ...)
NOT-FOR-US: Intel
-CVE-2022-21804
- RESERVED
+CVE-2022-21804 (Out-of-bounds write in software for the Intel QAT Driver for Windows b ...)
+ TODO: check
CVE-2022-21794 (Improper authentication in BIOS firmware for some Intel(R) NUC Boards, ...)
NOT-FOR-US: Intel
CVE-2022-21793 (Insufficient control flow management in the Intel(R) Ethernet 500 Seri ...)
NOT-FOR-US: Intel
-CVE-2022-21239
- RESERVED
+CVE-2022-21239 (Out-of-bounds read in software for the Intel QAT Driver for Windows be ...)
+ TODO: check
CVE-2022-21229 (Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Ki ...)
NOT-FOR-US: Intel
CVE-2022-21226 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...)
@@ -112441,8 +112480,8 @@ CVE-2022-21171
RESERVED
CVE-2022-21163 (Improper access control in the Crypto API Toolkit for Intel(R) SGX bef ...)
NOT-FOR-US: Intel
-CVE-2022-21162
- RESERVED
+CVE-2022-21162 (Uncontrolled search path for the Intel(R) HDMI Firmware Update tool fo ...)
+ TODO: check
CVE-2022-21161
RESERVED
CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer and Col ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74f2efb89a3f37cf0e4d6d5aed30aca74e001e34
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74f2efb89a3f37cf0e4d6d5aed30aca74e001e34
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230510/c4bbe762/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list