Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c4d03aa0 by security tracker role at 2023-01-24T20:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,95 @@ +CVE-2023-24495 + RESERVED +CVE-2023-24494 + RESERVED +CVE-2023-24493 + RESERVED +CVE-2023-24492 + RESERVED +CVE-2023-24491 + RESERVED +CVE-2023-24490 + RESERVED +CVE-2023-24489 + RESERVED +CVE-2023-24488 + RESERVED +CVE-2023-24487 + RESERVED +CVE-2023-24486 + RESERVED +CVE-2023-24485 + RESERVED +CVE-2023-24484 + RESERVED +CVE-2023-24483 + RESERVED +CVE-2023-24482 + RESERVED +CVE-2023-24477 + RESERVED +CVE-2023-24471 + RESERVED +CVE-2023-24015 + RESERVED +CVE-2023-23903 + RESERVED +CVE-2023-23574 + RESERVED +CVE-2023-22843 + RESERVED +CVE-2023-22378 + RESERVED +CVE-2023-0479 + RESERVED +CVE-2023-0478 + RESERVED +CVE-2023-0477 + RESERVED +CVE-2023-0476 + RESERVED +CVE-2023-0475 + RESERVED +CVE-2023-0474 + RESERVED +CVE-2023-0473 + RESERVED +CVE-2023-0472 + RESERVED +CVE-2023-0471 + RESERVED +CVE-2023-0470 + RESERVED +CVE-2023-0469 + RESERVED +CVE-2023-0468 + RESERVED +CVE-2023-0467 + RESERVED +CVE-2023-0466 + RESERVED +CVE-2023-0465 + RESERVED +CVE-2023-0464 + RESERVED +CVE-2023-0463 (The force offline MFA prompt setting is not respected when switching t ...) + TODO: check +CVE-2023-0462 + RESERVED +CVE-2023-0461 + RESERVED +CVE-2023-0460 + RESERVED +CVE-2023-0459 + RESERVED +CVE-2023-0458 + RESERVED +CVE-2023-0457 + RESERVED +CVE-2022-4896 + RESERVED +CVE-2020-36656 + RESERVED CVE-2023-24470 RESERVED CVE-2023-24469 @@ -26,118 +118,81 @@ CVE-2023-0454 RESERVED CVE-2023-0453 RESERVED -CVE-2023-24459 - RESERVED -CVE-2023-24458 - RESERVED +CVE-2023-24459 (A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earli ...) + TODO: check +CVE-2023-24458 (A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24457 - RESERVED +CVE-2023-24457 (A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24456 - RESERVED +CVE-2023-24456 (Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not inva ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24455 - RESERVED +CVE-2023-24455 (Jenkins visualexpert Plugin 1.3 and earlier does not restrict the name ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24454 - RESERVED +CVE-2023-24454 (Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQual ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24453 - RESERVED +CVE-2023-24453 (A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24452 - RESERVED +CVE-2023-24452 (A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuali ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24451 - RESERVED +CVE-2023-24451 (A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1. ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24450 - RESERVED +CVE-2023-24450 (Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypte ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24449 - RESERVED +CVE-2023-24449 (Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24448 - RESERVED +CVE-2023-24448 (A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24447 - RESERVED +CVE-2023-24447 (A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24446 - RESERVED +CVE-2023-24446 (A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Pl ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24445 - RESERVED +CVE-2023-24445 (Jenkins OpenID Plugin 2.4 and earlier improperly determines that a red ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24444 - RESERVED +CVE-2023-24444 (Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24443 - RESERVED +CVE-2023-24443 (Jenkins TestComplete support Plugin 2.8.1 and earlier does not configu ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24442 - RESERVED +CVE-2023-24442 (Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier s ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24441 - RESERVED +CVE-2023-24441 (Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML par ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24440 - RESERVED +CVE-2023-24440 (Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier t ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24439 - RESERVED +CVE-2023-24439 (Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier s ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24438 - RESERVED +CVE-2023-24438 (A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.1 ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24437 - RESERVED +CVE-2023-24437 (A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipe ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24436 - RESERVED +CVE-2023-24436 (A missing permission check in Jenkins GitHub Pull Request Builder Plug ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24435 - RESERVED +CVE-2023-24435 (A missing permission check in Jenkins GitHub Pull Request Builder Plug ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24434 - RESERVED +CVE-2023-24434 (A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pu ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24433 - RESERVED +CVE-2023-24433 (Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 an ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24432 - RESERVED +CVE-2023-24432 (A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by M ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24431 - RESERVED +CVE-2023-24431 (A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 a ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24430 - RESERVED +CVE-2023-24430 (Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24429 - RESERVED +CVE-2023-24429 (Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24428 - RESERVED +CVE-2023-24428 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24427 - RESERVED +CVE-2023-24427 (Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate th ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24426 - RESERVED +CVE-2023-24426 (Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invali ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24425 - RESERVED +CVE-2023-24425 (Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24424 - RESERVED +CVE-2023-24424 (Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24423 - RESERVED +CVE-2023-24423 (A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Tr ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24422 - RESERVED +CVE-2023-24422 (A sandbox bypass vulnerability involving map constructors in Jenkins S ...) NOT-FOR-US: Jenkins plugin CVE-2023-24421 RESERVED @@ -889,9 +944,9 @@ CVE-2023-24071 RESERVED CVE-2023-24070 (app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an X ...) NOT-FOR-US: MISP -CVE-2023-24069 (Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an att ...) +CVE-2023-24069 (** DISPUTED ** Signal Desktop before 6.2.0 on Windows, Linux, and macO ...) - signal-desktop <itp> (bug #842943) -CVE-2023-24068 (Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an att ...) +CVE-2023-24068 (** DISPUTED ** Signal Desktop before 6.2.0 on Windows, Linux, and macO ...) - signal-desktop <itp> (bug #842943) CVE-2023-24067 RESERVED @@ -1235,12 +1290,12 @@ CVE-2023-23953 RESERVED CVE-2023-23952 RESERVED -CVE-2023-23951 - RESERVED -CVE-2023-23950 - RESERVED -CVE-2023-23949 - RESERVED +CVE-2023-23951 (Ability to enumerate the Oracle LDAP attributes for the current user b ...) + TODO: check +CVE-2023-23950 (User’s supplied input (usually a CRLF sequence) can be used to s ...) + TODO: check +CVE-2023-23949 (An authenticated user can supply malicious HTML and JavaScript code th ...) + TODO: check CVE-2023-23948 RESERVED CVE-2023-23947 @@ -1663,8 +1718,7 @@ CVE-2023-22294 RESERVED CVE-2023-22288 RESERVED -CVE-2023-0394 [ipv6: raw: Deduct extension header length in rawv6_push_pending_frames] - RESERVED +CVE-2023-0394 (A NULL pointer dereference flaw was found in rawv6_push_pending_frames ...) {DSA-5324-1} - linux 6.1.7-1 NOTE: https://www.openwall.com/lists/oss-security/2023/01/18/2 @@ -1806,8 +1860,8 @@ CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV. NOTE: https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b CVE-2023-0357 RESERVED -CVE-2023-0356 - RESERVED +CVE-2023-0356 (SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encry ...) + TODO: check CVE-2023-0355 RESERVED CVE-2023-0354 @@ -2484,8 +2538,8 @@ CVE-2023-0286 RESERVED CVE-2023-0285 RESERVED -CVE-2023-0284 - RESERVED +CVE-2023-0284 (Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows a ...) + TODO: check CVE-2023-0283 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Flight Booking Management System CVE-2023-0282 @@ -6999,6 +7053,7 @@ CVE-2022-47951 NOTE: https://bugs.launchpad.net/nova/+bug/1996188 NOTE: https://bugs.launchpad.net/nova/+bug/1996188 CVE-2022-47950 (An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x befor ...) + {DSA-5327-1} - swift 2.30.0-4 (bug #1029154) NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/1 CVE-2022-47949 (The Nintendo NetworkBuffer class, as used in Animal Crossing: New Hori ...) @@ -8090,8 +8145,8 @@ CVE-2022-47617 RESERVED CVE-2022-47616 RESERVED -CVE-2022-47615 - RESERVED +CVE-2022-47615 (Local File Inclusion vulnerability in LearnPress – WordPress LMS ...) + TODO: check CVE-2022-47614 RESERVED CVE-2022-47613 @@ -9554,8 +9609,8 @@ CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and classifi NOTE: https://github.com/Alinto/sogo/commit/efac49ae91a4a325df9931e78e543f707a0f8e5e (SOGo-5.8.0) CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to authorization bypa ...) NOT-FOR-US: WP Shamsi plugin for WordPress -CVE-2022-4554 - RESERVED +CVE-2022-4554 (B2B Customer Ordering System developed by ID Software Project and Cons ...) + TODO: check CVE-2022-4553 RESERVED CVE-2022-4552 @@ -14716,8 +14771,8 @@ CVE-2022-45822 (Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking C NOT-FOR-US: WordPress plugin CVE-2022-45821 RESERVED -CVE-2022-45820 - RESERVED +CVE-2022-45820 (SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS ...) + TODO: check CVE-2022-45819 RESERVED CVE-2022-45818 @@ -14740,8 +14795,8 @@ CVE-2022-45810 RESERVED CVE-2022-45809 RESERVED -CVE-2022-45808 - RESERVED +CVE-2022-45808 (SQL Injection vulnerability in LearnPress – WordPress LMS Plugin ...) + TODO: check CVE-2022-45807 RESERVED CVE-2022-45806 @@ -18961,8 +19016,7 @@ CVE-2023-20930 RESERVED CVE-2023-20929 RESERVED -CVE-2023-20928 - RESERVED +CVE-2023-20928 (In binder_vma_close of binder.c, there is a possible use after free du ...) - linux 5.19.6-1 [bullseye] - linux 5.10.158-1 [buster] - linux <not-affected> (Vulnerable code not present) @@ -18972,42 +19026,34 @@ CVE-2023-20927 RESERVED CVE-2023-20926 RESERVED -CVE-2023-20925 - RESERVED -CVE-2023-20924 - RESERVED -CVE-2023-20923 - RESERVED -CVE-2023-20922 - RESERVED +CVE-2023-20925 (In setUclampMinLocked of PowerSessionManager.cpp, there is a possible ...) + TODO: check +CVE-2023-20924 (In (TBD) of (TBD), there is a possible way to bypass the lockscreen du ...) + TODO: check +CVE-2023-20923 (In exported content providers of ShannonRcs, there is a possible way t ...) + TODO: check +CVE-2023-20922 (In setMimeGroup of PackageManagerService.java, there is a possible cra ...) NOT-FOR-US: Android -CVE-2023-20921 - RESERVED +CVE-2023-20921 (In onPackageRemoved of AccessibilityManagerService.java, there is a po ...) NOT-FOR-US: Android -CVE-2023-20920 - RESERVED +CVE-2023-20920 (In queue of UsbRequest.java, there is a possible way to corrupt memory ...) NOT-FOR-US: Android -CVE-2023-20919 - RESERVED +CVE-2023-20919 (In getStringsForPrefix of Settings.java, there is a possible preventio ...) NOT-FOR-US: Android CVE-2023-20918 RESERVED NOT-FOR-US: Android CVE-2023-20917 RESERVED -CVE-2023-20916 - RESERVED +CVE-2023-20916 (In getMainActivityLaunchIntent of LauncherAppsService.java, there is a ...) NOT-FOR-US: Android -CVE-2023-20915 - RESERVED +CVE-2023-20915 (In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a ...) NOT-FOR-US: Android CVE-2023-20914 RESERVED -CVE-2023-20913 - RESERVED +CVE-2023-20913 (In onCreate of PhoneAccountSettingsActivity.java and related files, th ...) NOT-FOR-US: Android -CVE-2023-20912 - RESERVED +CVE-2023-20912 (In onActivityResult of AvatarPickerActivity.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-20911 RESERVED @@ -19015,18 +19061,15 @@ CVE-2023-20910 RESERVED CVE-2023-20909 RESERVED -CVE-2023-20908 - RESERVED +CVE-2023-20908 (In several functions of SettingsState.java, there is a possible system ...) NOT-FOR-US: Android CVE-2023-20907 RESERVED CVE-2023-20906 RESERVED -CVE-2023-20905 - RESERVED +CVE-2023-20905 (In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out ...) NOT-FOR-US: Android -CVE-2023-20904 - RESERVED +CVE-2023-20904 (In getTrampolineIntent of SettingsActivity.java, there is a possible l ...) NOT-FOR-US: Android CVE-2022-44714 RESERVED @@ -23787,6 +23830,7 @@ CVE-2022-43550 CVE-2022-43549 (Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 ...) NOT-FOR-US: Veeam CVE-2022-43548 (A OS Command Injection vulnerability exists in Node.js versions <14 ...) + {DSA-5326-1} - nodejs 18.12.1+dfsg-1 (bug #1023518) NOTE: https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 CVE-2022-43547 @@ -25421,7 +25465,8 @@ CVE-2022-3524 (A vulnerability was found in Linux Kernel. It has been declared a CVE-2022-3523 (A vulnerability was found in Linux Kernel. It has been classified as p ...) - linux 6.1.4-1 NOTE: https://git.kernel.org/linus/16ce101db85db694a91380aa4c89b25530871d33 -CVE-2022-3522 (A vulnerability was found in Linux Kernel and classified as problemati ...) +CVE-2022-3522 + REJECTED - linux 6.1.4-1 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) @@ -36387,10 +36432,10 @@ CVE-2022-38777 RESERVED CVE-2022-38776 RESERVED -CVE-2022-38775 - RESERVED -CVE-2022-38774 - RESERVED +CVE-2022-38775 (An issue was discovered in the rollback feature of Elastic Endpoint Se ...) + TODO: check +CVE-2022-38774 (An issue was discovered in the quarantine feature of Elastic Endpoint ...) + TODO: check CVE-2022-38773 (Affected devices do not contain an Immutable Root of Trust in Hardware ...) NOT-FOR-US: Siemens CVE-2022-3010 @@ -46028,6 +46073,7 @@ CVE-2022-35258 (An unauthenticated attacker can cause a denial-of-service to the CVE-2022-35257 (A local privilege escalation vulnerability in UI Desktop for Windows ( ...) NOT-FOR-US: UI Desktop for Windows CVE-2022-35256 (The llhttp parser in the http module in Node v18.7.0 does not correctl ...) + {DSA-5326-1} - nodejs 18.10.0+dfsg-1 [buster] - nodejs <not-affected> (llhttp dependency/embedding introduced in 12.x) - llhttp <itp> (bug #977716) @@ -46035,6 +46081,7 @@ CVE-2022-35256 (The llhttp parser in the http module in Node v18.7.0 does not co NOTE: https://github.com/nodejs/node/commit/2e92e5b71d071cb989d8d109d278427041a47e44 (main) NOTE: https://github.com/nodejs/node/commit/a9f1146b8827855e342834458a71f2367346ace0 (v14.20.1) CVE-2022-35255 (A weak randomness in WebCrypto keygen vulnerability exists in Node.js ...) + {DSA-5326-1} - nodejs 18.10.0+dfsg-1 [buster] - nodejs <not-affected> (Vulnerable code introduced later) NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#weak-randomness-in-webcrypto-keygen-high-cve-2022-35255 @@ -47969,7 +48016,8 @@ CVE-2022-2222 (The Download Monitor WordPress plugin before 4.5.91 does not ensu NOT-FOR-US: WordPress plugin CVE-2022-2221 (Information Exposure vulnerability in My Account Settings of Devolutio ...) NOT-FOR-US: Devolutions Remote Desktop Manager -CVE-2022-2220 (OpenShift doesn't properly verify subdomain ownership, which allows ro ...) +CVE-2022-2220 + REJECTED NOT-FOR-US: OpenShift CVE-2022-2219 (The Unyson WordPress plugin before 2.7.27 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin @@ -54313,6 +54361,7 @@ CVE-2022-32217 (A cleartext storage of sensitive information exists in Rocket.Ch CVE-2022-32216 RESERVED CVE-2022-32215 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the ht ...) + {DSA-5326-1} - nodejs 18.6.0+dfsg-3 [buster] - nodejs <not-affected> (llhttp dependency/embedding introduced in 12.x) - llhttp <itp> (bug #977716) @@ -54321,6 +54370,7 @@ CVE-2022-32215 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main) NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-multi-line-transfer-encoding-medium-improper-fix-for-cve-2022-32215 CVE-2022-32214 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the ht ...) + {DSA-5326-1} - nodejs 18.6.0+dfsg-3 [buster] - nodejs <not-affected> (llhttp dependency/embedding introduced in 12.x) - llhttp <itp> (bug #977716) @@ -54328,6 +54378,7 @@ CVE-2022-32214 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in NOTE: https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd (v14.x) NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main) CVE-2022-32213 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the ht ...) + {DSA-5326-1} - nodejs 18.6.0+dfsg-3 [buster] - nodejs <not-affected> (llhttp dependency/embedding introduced in 12.x) - llhttp <itp> (bug #977716) @@ -54336,7 +54387,7 @@ CVE-2022-32213 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main) NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#cve-2022-32213-bypass-via-obs-fold-mechanic-medium-cve-2022-32213 CVE-2022-32212 (A OS Command Injection vulnerability exists in Node.js versions <14 ...) - {DLA-3137-1} + {DSA-5326-1 DLA-3137-1} - nodejs 18.6.0+dfsg-3 NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-ip-addresses-high-cve-2022-32212 NOTE: https://github.com/nodejs/node/commit/48c5aa5cab718d04473fa2761d532657c84b8131 (v14.x) @@ -68351,10 +68402,10 @@ CVE-2022-27510 (Unauthorized access to Gateway user capabilities ...) NOT-FOR-US: Citrix CVE-2022-27509 (Unauthenticated redirection to a malicious website ...) NOT-FOR-US: Citrix -CVE-2022-27508 - RESERVED -CVE-2022-27507 - RESERVED +CVE-2022-27508 (Unauthenticated denial of service ...) + TODO: check +CVE-2022-27507 (Authenticated denial of service ...) + TODO: check CVE-2022-27506 (Hard-coded credentials allow administrators to access the shell via th ...) NOT-FOR-US: Citrix CVE-2022-27505 (Reflected cross site scripting (XSS) ...) @@ -99423,22 +99474,17 @@ CVE-2022-20496 (In setDataSource of initMediaExtractor.cpp, there is a possibili NOT-FOR-US: Android CVE-2022-20495 (In getEnabledAccessibilityServiceList of AccessibilityManager.java, th ...) NOT-FOR-US: Android -CVE-2022-20494 - RESERVED +CVE-2022-20494 (In AutomaticZenRule of AutomaticZenRule.java, there is a possible pers ...) NOT-FOR-US: Android -CVE-2022-20493 - RESERVED +CVE-2022-20493 (In Condition of Condition.java, there is a possible way to grant notif ...) NOT-FOR-US: Android -CVE-2022-20492 - RESERVED +CVE-2022-20492 (In many functions of AutomaticZenRule.java, there is a possible failur ...) NOT-FOR-US: Android CVE-2022-20491 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) NOT-FOR-US: Android -CVE-2022-20490 - RESERVED +CVE-2022-20490 (In multiple functions of AutomaticZenRule.java, there is a possible fa ...) NOT-FOR-US: Android -CVE-2022-20489 - RESERVED +CVE-2022-20489 (In many functions of AutomaticZenRule.java, there is a possible failur ...) NOT-FOR-US: Android CVE-2022-20488 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) NOT-FOR-US: Android @@ -99494,19 +99540,17 @@ CVE-2022-20463 REJECTED CVE-2022-20462 (In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible o ...) NOT-FOR-US: Android -CVE-2022-20461 - RESERVED +CVE-2022-20461 (In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cp ...) NOT-FOR-US: Android CVE-2022-20460 (In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the ...) NOT-FOR-US: Google Pixel CVE-2022-20459 (In (TBD) of (TBD), there is a possible way to redirect code execution ...) NOT-FOR-US: Google Pixel -CVE-2022-20458 - RESERVED +CVE-2022-20458 (The logs of sensitive information (PII) or hardware identifier should ...) + TODO: check CVE-2022-20457 (In getMountModeInternal of StorageManagerService.java, there is a poss ...) NOT-FOR-US: Android -CVE-2022-20456 - RESERVED +CVE-2022-20456 (In AutomaticZenRule of AutomaticZenRule.java, there is a possible fail ...) NOT-FOR-US: Android CVE-2022-20455 RESERVED @@ -99971,8 +100015,8 @@ CVE-2022-20237 (In BuildDevIDResponse of miscdatabuilder.cpp, there is a possibl NOT-FOR-US: Android CVE-2022-20236 (A drm driver have oob problem, could cause the system crash or EOPProd ...) NOT-FOR-US: Unisoc -CVE-2022-20235 - RESERVED +CVE-2022-20235 (The PowerVR GPU kernel driver maintains an "Information Page" used by ...) + TODO: check CVE-2022-20234 (In Car Settings app, the NotificationAccessConfirmationActivity is exp ...) NOT-FOR-US: Android CVE-2022-20233 (In param_find_digests_internal and related functions of the Titan-M so ...) @@ -100012,12 +100056,12 @@ CVE-2022-20217 (There is a unauthorized broadcast in the SprdContactsProvider. A NOT-FOR-US: Unisoc CVE-2022-20216 (android exported is used to set third-party app access permissions, an ...) NOT-FOR-US: Unisoc -CVE-2022-20215 - RESERVED -CVE-2022-20214 - RESERVED -CVE-2022-20213 - RESERVED +CVE-2022-20215 (In onCreate of MasterClearConfirmFragment.java, there is a possible fa ...) + TODO: check +CVE-2022-20214 (In Car Settings app, the toggle button in Modify system settings is vu ...) + TODO: check +CVE-2022-20213 (In ApplicationsDetailsActivity of AndroidManifest.xml, there is a poss ...) + TODO: check CVE-2022-20212 (In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a p ...) NOT-FOR-US: Android CVE-2022-20211 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4d03aa0ef699942614b249e6b172b7b25e05934 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4d03aa0ef699942614b249e6b172b7b25e05934 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits