[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu May 11 09:32:56 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
89311173 by Moritz Muehlenhoff at 2023-05-11T10:32:29+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2023-32668 (LuaTeX before 1.17.0 enables the socket library by default.)
TODO: check
CVE-2023-32080 (Wings is the server control plane for Pterodactyl Panel. A vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Pterodactyl panel
CVE-2023-31477 (A path traversal issue was discovered on GL.iNet devices before 3.216. ...)
NOT-FOR-US: GL.iNet devices
CVE-2023-31442 (In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discov ...)
- TODO: check
+ NOT-FOR-US: Lightbend Akka
CVE-2023-2649 (A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been de ...)
NOT-FOR-US: Tenda
CVE-2023-2648 (A vulnerability was found in Weaver E-Office 9.5. It has been classifi ...)
@@ -17,7 +17,7 @@ CVE-2023-2646 (A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_18
CVE-2023-2645 (A vulnerability, which was classified as critical, was found in USR US ...)
NOT-FOR-US: USR USR-G806
CVE-2023-2644 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: DigitalPersona
CVE-2023-2643 (A vulnerability classified as critical was found in SourceCodester Fil ...)
NOT-FOR-US: SourceCodester File Tracker Manager System
CVE-2023-2642 (A vulnerability classified as critical has been found in SourceCodeste ...)
@@ -765,7 +765,7 @@ CVE-2023-2312
CVE-2023-2311
RESERVED
CVE-2023-2310 (A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer E ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-2309
RESERVED
CVE-2023-2308
@@ -962,43 +962,43 @@ CVE-2023-31168
CVE-2023-31167
RESERVED
CVE-2023-31166 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31165 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31164 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31163 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31162 (An Improper Input Validation vulnerability in the Schweitzer Engineeri ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31161 (AnImproper Input Validation vulnerability in the Schweitzer Engineerin ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31160 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31159 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31158 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31157 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31156 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31155 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31154 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31153 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31152 (An Authentication Bypass Using an Alternate Path or Channel vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31151 (An Improper Certificate Validation vulnerability in the Schweitzer E ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31150 (A Storing Passwords in a Recoverable Format vulnerability in the Schwe ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31149 (An Improper Input Validation vulnerability in the Schweitzer Enginee ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31148 (An Improper Input Validation vulnerability in the Schweitzer Enginee ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31147
RESERVED
CVE-2023-31146
@@ -3944,7 +3944,7 @@ CVE-2023-30174
CVE-2023-30173
RESERVED
CVE-2023-30172 (A directory traversal vulnerability in the /get-artifact API method of ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2023-30171
RESERVED
CVE-2023-30170
@@ -4323,7 +4323,7 @@ CVE-2023-29988
CVE-2023-29987
RESERVED
CVE-2023-29986 (spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibl ...)
- TODO: check
+ NOT-FOR-US: spring-boot-actuator-logview
CVE-2023-29985
RESERVED
CVE-2023-29984
@@ -7019,7 +7019,7 @@ CVE-2023-1734 (A vulnerability classified as critical has been found in SourceCo
CVE-2023-1733 (A denial of service condition exists in the Prometheus server bundled ...)
- gitlab <unfixed>
CVE-2023-1732 (When sampling randomness for a shared secret, the implementation of Ky ...)
- TODO: check
+ NOT-FOR-US: Cloudflare CIRCL
CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file upload fun ...)
NOT-FOR-US: LTOS
CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not validate and e ...)
@@ -19586,7 +19586,7 @@ CVE-2023-23909 (Out-of-bounds read for some Intel(R) Trace Analyzer and Collecto
CVE-2023-23569 (Stack-based buffer overflow for some Intel(R) Trace Analyzer and Colle ...)
NOT-FOR-US: Intel
CVE-2023-22447 (Insertion of sensitive information into log file in the Open CAS softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22446
RESERVED
CVE-2023-22443 (Integer overflow in some Intel(R) Server Board BMC firmware before ver ...)
@@ -33750,9 +33750,9 @@ CVE-2022-46675 (Wyse Management Suite Repository 3.8 and below contain an inform
CVE-2022-46656 (Insecure inherited permissions for the Intel(R) NUC Pro Software Suite ...)
NOT-FOR-US: Intel
CVE-2022-46645 (Uncontrolled resource consumption in the Intel(R) Smart Campus Android ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-46279 (Improper access control in the Intel(R) Retail Edge android applicatio ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-45112
RESERVED
CVE-2022-44607
@@ -33764,7 +33764,7 @@ CVE-2022-43502
CVE-2022-43498
RESERVED
CVE-2022-43474 (Uncontrolled search path for the DSP Builder software installer before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-4322 (A vulnerability, which was classified as critical, was found in maku-b ...)
NOT-FOR-US: maku-boot
CVE-2022-4321 (The PDF Generator for WordPress plugin before 1.1.2 includes a vendore ...)
@@ -34515,9 +34515,9 @@ CVE-2022-45115 (A buffer overflow vulnerability exists in the Attribute Arena fu
CVE-2022-43665 (A denial of service vulnerability exists in the malware scan functiona ...)
NOT-FOR-US: ESTsoft Alyac
CVE-2022-46378 (An out-of-bounds read vulnerability exists in the PORT command paramet ...)
- TODO: check
+ NOT-FOR-US: uC-FTPs
CVE-2022-46377 (An out-of-bounds read vulnerability exists in the PORT command paramet ...)
- TODO: check
+ NOT-FOR-US: uC-FTPs
CVE-2022-46376
RESERVED
CVE-2022-46375
@@ -34957,7 +34957,7 @@ CVE-2022-4209 (The Chained Quiz plugin for WordPress is vulnerable to Reflected
CVE-2022-4208 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...)
NOT-FOR-US: Chained Quiz plugin for WordPress
CVE-2022-41985 (An authentication bypass vulnerability exists in the Authentication fu ...)
- TODO: check
+ NOT-FOR-US: uC-FTPs
CVE-2022-46337
RESERVED
CVE-2022-46336
@@ -36255,7 +36255,7 @@ CVE-2022-45848 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability inContes
CVE-2022-45847
RESERVED
CVE-2022-45846 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45845
RESERVED
CVE-2022-45844
@@ -38552,7 +38552,7 @@ CVE-2022-45130 (Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/c
CVE-2022-45129 (Payara before 2022-11-04, when deployed to the root context, allows at ...)
NOT-FOR-US: Payara
CVE-2022-45128 (Improper authorization in the Intel(R) EMA software before version 1.9 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-45117
RESERVED
CVE-2022-45114
@@ -38568,7 +38568,7 @@ CVE-2022-43505
CVE-2022-43477
RESERVED
CVE-2022-41808 (Improper buffer restriction in software for the Intel QAT Driver for L ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41659
RESERVED
CVE-2022-3921 (The Listingo WordPress theme before 3.2.7 does not validate files to b ...)
@@ -39401,25 +39401,25 @@ CVE-2022-44785 (An issue was discovered in Appalti & Contratti 9.12.2. The targe
CVE-2022-44784 (An issue was discovered in Appalti & Contratti 9.12.2. The target web ...)
NOT-FOR-US: Appalti & Contratti
CVE-2022-44619 (Insecure storage of sensitive information in the Intel(R) DCM software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-44610 (Improper authentication in the Intel(R) DCM software before version 5. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-43507 (Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL be ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-43475 (Insecure storage of sensitive information in the Intel(R) DCM software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-43465 (Improper authorization in the Intel(R) SCS software all versions may a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-43456
RESERVED
CVE-2022-41998 (Uncontrolled search path in the Intel(R) DCM software before version 5 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41979 (Protection mechanism failure in the Intel(R) DCM software before versi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41625
RESERVED
CVE-2022-41610 (Improper authorization in Intel(R) EMA Configuration Tool before versi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-3871
RESERVED
CVE-2022-3870 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -40916,7 +40916,7 @@ CVE-2022-43510
CVE-2022-43446
RESERVED
CVE-2022-42465 (Improper access control in kernel mode driver for the Intel(R) OFU sof ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-3843 (In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an u ...)
NOT-FOR-US: WAGO
CVE-2022-3842 (Use after free in Passwords in Google Chrome prior to 105.0.5195.125 a ...)
@@ -44341,9 +44341,9 @@ CVE-2023-0010
CVE-2023-0009
RESERVED
CVE-2023-0008 (A file disclosure vulnerability in Palo Alto Networks PAN-OS software ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2023-0007 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2023-0006 (A local file deletion vulnerability in the Palo Alto Networks GlobalPr ...)
NOT-FOR-US: Palo Alto Networks
CVE-2023-0005 (A vulnerability in Palo Alto Networks PAN-OS software enables an authe ...)
@@ -44351,11 +44351,11 @@ CVE-2023-0005 (A vulnerability in Palo Alto Networks PAN-OS software enables an
CVE-2023-0004 (A local file deletion vulnerability in Palo Alto Networks PAN-OS softw ...)
NOT-FOR-US: Palo Alto Networks
CVE-2023-0003 (A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR ...)
- NOT-FOR-US: Palo Alto
+ NOT-FOR-US: Palo Alto Networks
CVE-2023-0002 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
- NOT-FOR-US: Palo Alto
+ NOT-FOR-US: Palo Alto Networks
CVE-2023-0001 (An information exposure vulnerability in the Palo Alto Networks Cortex ...)
- NOT-FOR-US: Palo Alto
+ NOT-FOR-US: Palo Alto Networks
CVE-2022-43958 (A vulnerability has been identified in QMS Automotive (All versions). ...)
NOT-FOR-US: QMS Automotive
CVE-2022-43957
@@ -47617,7 +47617,7 @@ CVE-2022-42889 (Apache Commons Text performs variable interpolation, allowing pr
NOTE: https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/
NOTE: https://blogs.apache.org/security/entry/cve-2022-42889
CVE-2022-42878 (Null pointer dereference for some Intel(R) Trace Analyzer and Collecto ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-42877
RESERVED
CVE-2022-42876
@@ -47647,13 +47647,13 @@ CVE-2022-41997
CVE-2022-41984
RESERVED
CVE-2022-41982 (Uncontrolled search path element in the Intel(R) VTune(TM) Profiler so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41784 (Improper access control in kernel mode driver for the Intel(R) OFU sof ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41693 (Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41687 (Insecure inherited permissions in the HotKey Services for some Intel(R ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-40221
RESERVED
CVE-2022-3461 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 ma ...)
@@ -50452,21 +50452,21 @@ CVE-2022-41804
CVE-2022-41803
RESERVED
CVE-2022-41801 (Uncontrolled resource consumption in the Intel(R) Connect M Android ap ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41799 (Improper access control vulnerability in GROWI prior to v5.1.4 (v5 ser ...)
NOT-FOR-US: GROWI
CVE-2022-41782
RESERVED
CVE-2022-41771 (Incorrect permission assignment for critical resource in some Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41769 (Improper access control in the Intel(R) Connect M Android application ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41699 (Incorrect permission assignment for critical resource in some Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41621 (Improper access control in some Intel(R) QAT drivers for Windows befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-40972 (Improper access control in some Intel(R) QAT drivers for Windows befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-38973
RESERVED
CVE-2022-3367
@@ -50654,23 +50654,23 @@ CVE-2022-41744 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Ape
CVE-2022-41700
RESERVED
CVE-2022-41646 (Insufficient control flow management in the Intel(R) IPP Cryptography ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41628 (Uncontrolled search path element in the HotKey Services for some Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41614 (Insufficiently protected credentials in the Intel(R) ON Event Series A ...)
NOT-FOR-US: Intel
CVE-2022-40974 (Incomplete cleanup in the Intel(R) IPP Cryptography software before ve ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-40685 (Insufficiently protected credentials in the Intel(R) DCM software befo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-40207 (Improper access control in the Intel(R) SUR software before version 2. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-38101 (Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-37410
RESERVED
CVE-2022-37409 (Insufficient control flow management for the Intel(R) IPP Cryptography ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41743 (NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in t ...)
NOT-FOR-US: NGINX Plus
CVE-2022-41742 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...)
@@ -50835,7 +50835,7 @@ CVE-2022-41704 (A vulnerability in Batik of Apache XML Graphics allows an attack
CVE-2022-41703 (A vulnerability in the SQL Alchemy connector of Apache Superset allows ...)
NOT-FOR-US: Apache Superset
CVE-2022-41690 (Improper access control in the Intel(R) Retail Edge Mobile iOS applica ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41689
RESERVED
CVE-2022-41682
@@ -50851,7 +50851,7 @@ CVE-2022-41678
CVE-2022-41677
RESERVED
CVE-2022-41658 (Insecure inherited permissions in the Intel(R) VTune(TM) Profiler soft ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-41637
RESERVED
CVE-2022-41626
@@ -50863,7 +50863,7 @@ CVE-2022-40689
CVE-2022-40688
RESERVED
CVE-2022-38787 (Improper input validation in firmware for some Intel(R) FPGA products ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-38786
RESERVED
CVE-2022-3354 (A vulnerability has been found in Open5GS up to 2.4.10 and classified ...)
@@ -51186,13 +51186,13 @@ CVE-2022-41314 (Uncontrolled search path in some Intel(R) Network Adapter instal
CVE-2022-40982
RESERVED
CVE-2022-40971 (Incorrect default permissions for the Intel(R) HDMI Firmware Update To ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-40970
RESERVED
CVE-2022-40964
RESERVED
CVE-2022-40210 (Exposure of data element to wrong session in the Intel DCM software be ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-40196 (Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler befo ...)
NOT-FOR-US: Intel
CVE-2022-38136 (Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for ...)
@@ -60500,11 +60500,11 @@ CVE-2022-38117 (Juiker app hard-coded its AES key in the source code. A physical
CVE-2022-38116 (Le-yan Personnel and Salary Management System has hard-coded database ...)
NOT-FOR-US: Le-yan Personnel and Salary Management System
CVE-2022-38103 (Insecure inherited permissions in the Intel(R) NUC Software Studio Ser ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-38092
RESERVED
CVE-2022-38087 (Exposure of resource to wrong sphere in BIOS firmware for some Intel(R ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-38076
RESERVED
CVE-2022-38060 (A privilege escalation vulnerability exists in the sudo functionality ...)
@@ -62364,13 +62364,13 @@ CVE-2022-37345 (Improper authentication in BIOS firmware[A1] for some Intel(R) N
CVE-2022-37334 (Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro ...)
NOT-FOR-US: Intel
CVE-2022-37327 (Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36789 (Improper access control in BIOS firmware for some Intel(R) NUC 10 Perf ...)
NOT-FOR-US: Intel
CVE-2022-36391 (Incorrect default permissions for the Intel(R) NUC Pro Software Suite ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36339 (Improper input validation in firmware for Intel(R) NUC 8 Compute Eleme ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-35400
RESERVED
CVE-2022-35276 (Improper access control in BIOS firmware for some Intel(R) NUC 8 Compu ...)
@@ -62378,7 +62378,7 @@ CVE-2022-35276 (Improper access control in BIOS firmware for some Intel(R) NUC 8
CVE-2022-34152 (Improper input validation in BIOS firmware for some Intel(R) NUC Board ...)
NOT-FOR-US: Intel
CVE-2022-32766 (Improper input validation for some Intel(R) BIOS firmware may allow a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-2646 (A vulnerability, which was classified as problematic, was found in Sou ...)
NOT-FOR-US: SourceCodester Online Admission System
CVE-2022-2645 (A vulnerability has been found in SourceCodester Garage Management Sys ...)
@@ -63719,7 +63719,7 @@ CVE-2022-36939
CVE-2022-36938 (DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b ...)
NOT-FOR-US: ReDex (Android Bytecode Optimizer)
CVE-2022-36937 (HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections ...)
- TODO: check
+ - hhvm <removed>
CVE-2022-36936
RESERVED
CVE-2022-36935
@@ -64842,7 +64842,7 @@ CVE-2022-34864 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector
CVE-2022-34859
RESERVED
CVE-2022-33963 (Incorrect default permissions in the software installer for Intel(R) U ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...)
- fava 1.23.1-1 (bug #1016971)
[bullseye] - fava <no-dsa> (Minor issue)
@@ -64888,11 +64888,11 @@ CVE-2022-36287 (Uncaught exception in the FCS Server software maintained by Inte
CVE-2022-36278 (Insufficient control flow management in the Intel(R) Battery Life Diag ...)
NOT-FOR-US: Intel
CVE-2022-34855 (Path traversal for the Intel(R) NUC Pro Software Suite before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34153 (Improper initialization in the Intel(R) Battery Life Diagnostic Tool s ...)
NOT-FOR-US: Intel
CVE-2022-34147 (Improper input validation in BIOS firmware for some Intel(R) NUC 9 Ext ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
NOT-FOR-US: Roxy-WI
CVE-2022-2522 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
@@ -65025,7 +65025,7 @@ CVE-2022-36298
CVE-2022-35729 (Out of bounds read in firmware for OpenBMC in some Intel(R) platforms ...)
NOT-FOR-US: Intel
CVE-2022-34848 (Uncontrolled search path for the Intel(R) NUC Pro Software Suite befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34846
RESERVED
CVE-2022-34657
@@ -65146,7 +65146,7 @@ CVE-2022-36331
CVE-2022-36330 (A buffer overflow vulnerability was discovered on firmware version val ...)
NOT-FOR-US: Western Digital
CVE-2022-36329 (An improper privilege management issue that could allow an attacker to ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-36328
RESERVED
CVE-2022-36327
@@ -69251,7 +69251,7 @@ CVE-2022-33974
CVE-2022-33965 (Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osama ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33961 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wasp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-33960 (Multiple Authenticated (subscriber or higher user role) SQL Injection ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33901 (Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plug ...)
@@ -69265,7 +69265,7 @@ CVE-2022-33191 (Authenticated (contributor or higher user role) Stored Cross-Sit
CVE-2022-33177 (Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins ...)
NOT-FOR-US: WordPress plugin
CVE-2022-32970 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in The ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-32776 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adva ...)
NOT-FOR-US: WordPress plugin
CVE-2022-32587 (Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page ...)
@@ -71814,11 +71814,11 @@ CVE-2022-33898
CVE-2022-32764 (Description: Race condition in the Intel(R) DSA software before versio ...)
NOT-FOR-US: Intel
CVE-2022-32582 (Improper access control in firmware for some Intel(R) NUC Boards, Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-32577 (Improper input validation in BIOS Firmware for some Intel(R) NUC Kits ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-32576 (Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before ve ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30530 (Protection mechanism failure in the Intel(R) DSA software before versi ...)
NOT-FOR-US: Intel
CVE-2022-29895
@@ -71957,7 +71957,7 @@ CVE-2022-33899
CVE-2022-33895
RESERVED
CVE-2022-33894 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33892 (Path traversal in the Intel(R) Quartus Prime Pro and Standard edition ...)
NOT-FOR-US: Intel
CVE-2022-33209 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...)
@@ -71979,7 +71979,7 @@ CVE-2022-32584
CVE-2022-32580
RESERVED
CVE-2022-32578 (Improper access control for the Intel(R) NUC Pro Software Suite before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-32571
RESERVED
CVE-2022-32288
@@ -71989,7 +71989,7 @@ CVE-2022-32233
CVE-2022-32231 (Improper initialization in the BIOS firmware for some Intel(R) Process ...)
NOT-FOR-US: Intel
CVE-2022-31477 (Improper initialization for some Intel(R) NUC BIOS firmware may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30704 (Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R ...)
NOT-FOR-US: Intel
CVE-2022-30691 (Uncontrolled resource consumption in the Intel(R) Support Android appl ...)
@@ -75257,7 +75257,7 @@ CVE-2022-29896
CVE-2022-29523 (Improper conditions check in the Open CAS software maintained by Intel ...)
NOT-FOR-US: Intel
CVE-2022-28699 (Improper input validation for some Intel(R) NUC BIOS firmware may allo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-28697 (Improper access control in firmware for Intel(R) AMT and Intel(R) Stan ...)
NOT-FOR-US: Intel
CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
@@ -81415,11 +81415,11 @@ CVE-2022-30548 (Uncontrolled search path element in the Intel(R) Glorp software
CVE-2022-30339 (Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solu ...)
NOT-FOR-US: Intel
CVE-2022-30338 (Incorrect default permissions in the Intel(R) VROC software before ver ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30296 (Insufficiently protected credentials in the Intel(R) Datacenter Group ...)
NOT-FOR-US: Intel
CVE-2022-29919 (Use after free in the Intel(R) VROC software before version 7.7.6.1003 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29893 (Improper authentication in firmware for Intel(R) AMT before versions 1 ...)
NOT-FOR-US: Intel
CVE-2022-29887
@@ -81427,7 +81427,7 @@ CVE-2022-29887
CVE-2022-29515 (Missing release of memory after effective lifetime in firmware for Int ...)
NOT-FOR-US: Intel
CVE-2022-29508 (Null pointer dereference in the Intel(R) VROC software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29507 (Insufficiently protected credentials in the Intel(R) Team Blue mobile ...)
NOT-FOR-US: Intel
CVE-2022-29478
@@ -81455,7 +81455,7 @@ CVE-2022-26373 (Non-transparent sharing of return predictor targets between cont
CVE-2022-26344 (Incorrect default permissions in the installation binaries for Intel(R ...)
NOT-FOR-US: Intel
CVE-2022-25976 (Improper input validation in the Intel(R) VROC software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-1670 (When generating a user invitation code in Octopus Server, the validity ...)
NOT-FOR-US: Octopus Server
CVE-2022-1669 (A buffer overflow vulnerability has been detected in the firewall func ...)
@@ -83498,11 +83498,11 @@ CVE-2022-29844 (A vulnerability in the FTP service of Western Digital My Cloud O
CVE-2022-29843 (A command injection vulnerability in the DDNS service configuration of ...)
NOT-FOR-US: Western Digital
CVE-2022-29842 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-29841 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-29840 (Server-Side Request Forgery (SSRF) vulnerability that could allow a ro ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-29839 (Insufficiently Protected Credentials vulnerability in the remote backu ...)
NOT-FOR-US: Western Digital
CVE-2022-29838 (Improper Authentication vulnerability in the encrypted volumes and aut ...)
@@ -89532,7 +89532,7 @@ CVE-2022-27858 (CSV Injection vulnerability in Activity Log Team Activity Log <=
CVE-2022-27857
RESERVED
CVE-2022-27856 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-27855 (Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analyti ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27854 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...)
@@ -90425,7 +90425,7 @@ CVE-2022-27229
CVE-2022-27183 (The Monitoring Console app configured in Distributed mode allows for a ...)
NOT-FOR-US: Splunk
CVE-2022-27180 (Uncontrolled search path in the Intel(R) MacCPUID software before vers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26889 (In Splunk Enterprise versions before 8.1.2, the uri path to load a rel ...)
NOT-FOR-US: Splunk
CVE-2022-26888 (Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard ed ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89311173b393cbb41d695cc86064196fc4152da1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89311173b393cbb41d695cc86064196fc4152da1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230511/b932f5ee/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list