Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
28e170d8 by security tracker role at 2023-08-11T08:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2023-4304 (Business Logic Errors in GitHub repository froxlor/froxlor
prior to 2. ...)
+ TODO: check
+CVE-2023-4108 (Mattermost fails to sanitize post metadata during audit logging
result ...)
+ TODO: check
+CVE-2023-4107 (Mattermost fails to properly validate the requesting user
permissions ...)
+ TODO: check
+CVE-2023-4106 (Mattermost fails to check if the requesting user is a guest
before per ...)
+ TODO: check
+CVE-2023-4105 (Mattermost fails to delete the attachments when deleting a
message in ...)
+ TODO: check
+CVE-2023-40267 (GitPython before 3.1.32 does not block insecure non-multi
options in c ...)
+ TODO: check
+CVE-2023-40260 (EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA
(multi ...)
+ TODO: check
+CVE-2023-40256 (A vulnerability was discovered in Veritas NetBackup Snapshot
Manager b ...)
+ TODO: check
+CVE-2023-40254 (Download of Code Without Integrity Check vulnerability in
Genians Geni ...)
+ TODO: check
+CVE-2023-40253 (Improper Authentication vulnerability in Genians Genian NAC
V4.0, Geni ...)
+ TODO: check
+CVE-2023-40235 (An NTLM Hash Disclosure was discovered in ArchiMate Archi
before 5.1.0 ...)
+ TODO: check
+CVE-2023-40224 (MISP 2.4174 allows XSS in app/View/Events/index.ctp.)
+ TODO: check
+CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
+ TODO: check
+CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and
8.2.* bef ...)
+ TODO: check
+CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and
8.2.* be ...)
+ TODO: check
+CVE-2023-39553 (Improper Input Validation vulnerability in Apache Software
Foundation ...)
+ TODO: check
+CVE-2023-38333 (Zoho ManageEngine Applications Manager through 16530 allows
reflected ...)
+ TODO: check
+CVE-2023-37513 (When the app is put to the background and the user goes to the
task sw ...)
+ TODO: check
+CVE-2023-37512 (When the app is put to the background and the user goes to the
task sw ...)
+ TODO: check
+CVE-2023-37511 (If certain App Transport Security (ATS) settings are set in a
certain ...)
+ TODO: check
+CVE-2023-35179 (A vulnerability has been identified within Serv-U 15.4 that,
if exploi ...)
+ TODO: check
+CVE-2023-34438 (Race condition in some Intel(R) NUC BIOS firmware may allow a
privileg ...)
+ TODO: check
+CVE-2023-34427 (Protection mechanism failure in some Intel(R) RealSense(TM) ID
softwar ...)
+ TODO: check
+CVE-2023-34355 (Uncontrolled search path element for some Intel(R) Server
Board M10JNP ...)
+ TODO: check
+CVE-2023-34349 (Race condition in some Intel(R) NUC BIOS firmware may allow a
privileg ...)
+ TODO: check
+CVE-2023-34086 (Improper input validation in some Intel(R) NUC BIOS firmware
may allow ...)
+ TODO: check
+CVE-2023-33877 (Out-of-bounds write in some Intel(R) RealSense(TM) ID software
for Int ...)
+ TODO: check
+CVE-2023-33867 (Improper buffer restrictions in some Intel(R) RealSense(TM) ID
softwar ...)
+ TODO: check
+CVE-2023-32663 (Incorrect default permissions in some Intel(R) RealSense(TM)
SDKs in v ...)
+ TODO: check
+CVE-2023-32656 (Improper buffer restrictions in some Intel(R) RealSense(TM) ID
softwar ...)
+ TODO: check
+CVE-2023-32617 (Improper input validation in some Intel(R) NUC Rugged Kit,
Intel(R) NU ...)
+ TODO: check
+CVE-2023-32609 (Improper access control in the Intel Unite(R) android
application befo ...)
+ TODO: check
+CVE-2023-32547 (Incorrect default permissions in the MAVinci Desktop Software
for Inte ...)
+ TODO: check
+CVE-2023-32543 (Incorrect default permissions in the Intel(R) ITS sofware
before versi ...)
+ TODO: check
+CVE-2023-32285 (Improper access control in some Intel(R) NUC BIOS firmware may
allow a ...)
+ TODO: check
+CVE-2023-31246 (Incorrect default permissions in some Intel(R) SDP Tool
software befor ...)
+ TODO: check
+CVE-2023-30760 (Out-of-bounds read in some Intel(R) RealSense(TM) ID software
for Inte ...)
+ TODO: check
+CVE-2023-29494 (Improper input validation in BIOS firmware for some Intel(R)
NUCs may ...)
+ TODO: check
+CVE-2023-29243 (Unchecked return value in some Intel(R) RealSense(TM) ID
software for ...)
+ TODO: check
+CVE-2023-29151 (Uncontrolled search path element in some Intel(R) PSR SDK
before versi ...)
+ TODO: check
+CVE-2023-27887 (Improper initialization in BIOS firmware for some Intel(R)
NUCs may al ...)
+ TODO: check
CVE-2023-XXXX [ZDI-CAN-21444: Integer overflow leading to heap overwrite in
RealMedia file handling]
- gst-plugins-ugly1.0 <unfixed>
- gst-plugins-ugly0.10 <removed>
@@ -6,7 +88,7 @@ CVE-2023-XXXX [ZDI-CAN-21443: Integer overflow leading to heap
overwrite in Real
- gst-plugins-ugly1.0 <unfixed>
- gst-plugins-ugly0.10 <removed>
NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0004.html
-CVE-2023-40225 [BUG/MAJOR: http: reject any empty content-length header value]
+CVE-2023-40225 (HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x
and 2.4. ...)
- haproxy <unfixed>
NOTE: https://github.com/haproxy/haproxy/issues/2237
NOTE:
https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856
@@ -13709,8 +13791,8 @@ CVE-2023-30571 (Libarchive through 3.6.2 can cause
directories to have world-wri
NOTE: https://github.com/libarchive/libarchive/issues/1876
CVE-2023-29504
RESERVED
-CVE-2023-29500
- RESERVED
+CVE-2023-29500 (Exposure of sensitive information to an unauthorized actor in
BIOS fir ...)
+ TODO: check
CVE-2023-29162
RESERVED
CVE-2023-28740
@@ -16632,8 +16714,8 @@ CVE-2023-29244
RESERVED
CVE-2023-29165
RESERVED
-CVE-2023-28823
- RESERVED
+CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and
component ...)
+ TODO: check
CVE-2023-28741
RESERVED
CVE-2023-28715
@@ -16642,8 +16724,8 @@ CVE-2023-28397
RESERVED
CVE-2023-28396
RESERVED
-CVE-2023-27391
- RESERVED
+CVE-2023-27391 (Improper access control in some Intel(R) oneAPI Toolkit and
component ...)
+ TODO: check
CVE-2023-22313
RESERVED
CVE-2023-22310
@@ -17776,22 +17858,22 @@ CVE-2023-1791 (A vulnerability has been found in
SourceCodester Simple Task Allo
NOT-FOR-US: SourceCodester Simple Task Allocation System
CVE-2023-1790 (A vulnerability, which was classified as problematic, was found
in Sou ...)
NOT-FOR-US: SourceCodester Simple Task Allocation System
-CVE-2023-28938
- RESERVED
-CVE-2023-28736
- RESERVED
+CVE-2023-28938 (Uncontrolled resource consumption in some Intel(R) SSD Tools
software ...)
+ TODO: check
+CVE-2023-28736 (Buffer overflow in some Intel(R) SSD Tools software before
version mda ...)
+ TODO: check
CVE-2023-28717
RESERVED
-CVE-2023-28711
- RESERVED
-CVE-2023-28405
- RESERVED
-CVE-2023-28380
- RESERVED
+CVE-2023-28711 (Insufficient control flow management in the Hyperscan Library
maintain ...)
+ TODO: check
+CVE-2023-28405 (Uncontrolled search path in the Intel(R) Distribution of
OpenVINO(TM) ...)
+ TODO: check
+CVE-2023-28380 (Uncontrolled search path for the Intel(R) AI Hackathon
software before ...)
+ TODO: check
CVE-2023-27883
RESERVED
-CVE-2023-27515
- RESERVED
+CVE-2023-27515 (Cross-site scripting (XSS) for the Intel(R) DSA software
before versio ...)
+ TODO: check
CVE-2023-24592
RESERVED
CVE-2023-24591
@@ -18488,8 +18570,8 @@ CVE-2023-28738
RESERVED
CVE-2023-28721
RESERVED
-CVE-2023-28658
- RESERVED
+CVE-2023-28658 (Insecure inherited permissions in some Intel(R) oneMKL
software before ...)
+ TODO: check
CVE-2023-27517
RESERVED
CVE-2023-26589
@@ -19361,8 +19443,8 @@ CVE-2023-28723
RESERVED
CVE-2023-28718 (Osprey Pump Controller version 1.01 allows users to perform
certain ac ...)
NOT-FOR-US: Osprey Pump Controller
-CVE-2023-28714
- RESERVED
+CVE-2023-28714 (Improper access control in firmware for some Intel(R)
PROSet/Wireless ...)
+ TODO: check
CVE-2023-28712 (Osprey Pump Controller version 1.01 contains an
unauthenticated comman ...)
NOT-FOR-US: Osprey Pump Controller
CVE-2023-28710 (Improper Input Validation vulnerability in Apache Software
Foundation ...)
@@ -19391,8 +19473,8 @@ CVE-2023-28398 (Osprey Pump Controller version 1.01
could allow an unauthenticat
NOT-FOR-US: Osprey Pump Controller
CVE-2023-28395 (Osprey Pump Controller version 1.01 is vulnerable to a weak
session to ...)
NOT-FOR-US: Osprey Pump Controller
-CVE-2023-28385
- RESERVED
+CVE-2023-28385 (Improper authorization in the Intel(R) NUC Pro Software Suite
for Wind ...)
+ TODO: check
CVE-2023-28376
RESERVED
CVE-2023-28375 (Osprey Pump Controller version 1.01 is vulnerable to an
unauthenticate ...)
@@ -23269,18 +23351,18 @@ CVE-2023-27562 (The n8n package 0.218.0 for Node.js
allows Directory Traversal.)
NOT-FOR-US: n8n Node module
CVE-2023-27528
RESERVED
-CVE-2023-27392
- RESERVED
+CVE-2023-27392 (Incorrect default permissions in the Intel(R) Support android
applicat ...)
+ TODO: check
CVE-2023-27382 (Incorrect default permissions in the Audio Service for some
Intel(R) N ...)
NOT-FOR-US: Intel
-CVE-2023-26587
- RESERVED
+CVE-2023-26587 (Improper input validation for the Intel(R) Easy Streaming
Wizard softw ...)
+ TODO: check
CVE-2023-26586
RESERVED
CVE-2023-25951
RESERVED
-CVE-2023-25757
- RESERVED
+CVE-2023-25757 (Improper access control in some Intel(R) Unison(TM) software
before ve ...)
+ TODO: check
CVE-2023-25174
RESERVED
CVE-2023-24596
@@ -23499,14 +23581,14 @@ CVE-2023-27520 (Cross-site request forgery (CSRF)
vulnerability in SEIKO EPSON p
NOT-FOR-US: Epson
CVE-2023-27511
RESERVED
-CVE-2023-27509
- RESERVED
+CVE-2023-27509 (Improper access control in some Intel(R) ISPC software
installers befo ...)
+ TODO: check
CVE-2023-27508
RESERVED
-CVE-2023-27506
- RESERVED
-CVE-2023-27505
- RESERVED
+CVE-2023-27506 (Improper buffer restrictions in the Intel(R) Optimization for
Tensorfl ...)
+ TODO: check
+CVE-2023-27505 (Incorrect default permissions in some Intel(R) Advanced Link
Analyzer ...)
+ TODO: check
CVE-2023-27501 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 700,
701, 702, ...)
NOT-FOR-US: SAP
CVE-2023-27500 (An attacker with non-administrative authorizations can exploit
a direc ...)
@@ -26170,14 +26252,14 @@ CVE-2023-26466 (A user with non-Admin access can
change a configuration file on
NOT-FOR-US: RPA: Synchronization Engine
CVE-2023-26465 (Pega Platform versions 7.2 to 8.8.1 are affected by an XSS
issue.)
NOT-FOR-US: Pega Platform
-CVE-2023-25944
- RESERVED
+CVE-2023-25944 (Uncontrolled search path element in some Intel(R) VCUST Tool
software ...)
+ TODO: check
CVE-2023-25779
RESERVED
CVE-2023-25777
RESERVED
-CVE-2023-25775
- RESERVED
+CVE-2023-25775 (Improper access control in the Intel(R) Ethernet Controller
RDMA drive ...)
+ TODO: check
CVE-2023-25075
RESERVED
CVE-2023-25073
@@ -27701,16 +27783,16 @@ CVE-2023-23904
RESERVED
CVE-2023-23573 (Improper access control in the Intel(R) Unite(R) android
application b ...)
NOT-FOR-US: Intel
-CVE-2023-22449
- RESERVED
-CVE-2023-22444
- RESERVED
-CVE-2023-22356
- RESERVED
+CVE-2023-22449 (Improper input validation in some Intel(R) NUC BIOS firmware
may allow ...)
+ TODO: check
+CVE-2023-22444 (Improper initialization in some Intel(R) NUC 13 Extreme
Compute Elemen ...)
+ TODO: check
+CVE-2023-22356 (Improper initialization in some Intel(R) NUC BIOS firmware may
allow a ...)
+ TODO: check
CVE-2023-22351
RESERVED
-CVE-2023-22330
- RESERVED
+CVE-2023-22330 (Use of uninitialized resource in some Intel(R) NUC BIOS
firmware may a ...)
+ TODO: check
CVE-2023-22329
RESERVED
CVE-2023-0882 (Improper Input Validation, Authorization Bypass Through
User-Controlle ...)
@@ -28155,8 +28237,8 @@ CVE-2023-25780 (It is identified a vulnerability of
insufficient authentication
NOT-FOR-US: Intel
CVE-2023-25776 (Improper input validation in some Intel(R) Server Board BMC
firmware b ...)
NOT-FOR-US: Intel
-CVE-2023-25773
- RESERVED
+CVE-2023-25773 (Improper access control in the Intel(R) Unite(R) Hub software
installe ...)
+ TODO: check
CVE-2023-25768 (A missing permission check in Jenkins Azure Credentials Plugin
253.v88 ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-25767 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Azure Cre ...)
@@ -28175,8 +28257,8 @@ CVE-2023-25761 (Jenkins JUnit Plugin
1166.va_436e268e972 and earlier does not es
NOT-FOR-US: Jenkins plugin
CVE-2023-25545 (Improper buffer restrictions in some Intel(R) Server Board BMC
firmwar ...)
NOT-FOR-US: Intel
-CVE-2023-25182
- RESERVED
+CVE-2023-25182 (Uncontrolled search path element in the Intel(R) Unite(R)
Client softw ...)
+ TODO: check
CVE-2023-25179 (Uncontrolled resource consumption in the Intel(R) Unite(R)
android app ...)
NOT-FOR-US: Intel
CVE-2023-25175 (Improper input validation in some Intel(R) Server Board BMC
firmware b ...)
@@ -31099,8 +31181,8 @@ CVE-2023-24857 (Microsoft PostScript and PCL6 Class
Printer Driver Information D
NOT-FOR-US: Microsoft
CVE-2023-24856 (Microsoft PostScript and PCL6 Class Printer Driver Information
Disclos ...)
NOT-FOR-US: Microsoft
-CVE-2023-24016
- RESERVED
+CVE-2023-24016 (Uncontrolled search path element in some Intel(R) Quartus(R)
Prime Pro ...)
+ TODO: check
CVE-2023-23910 (Out-of-bounds write for some Intel(R) Trace Analyzer and
Collector sof ...)
NOT-FOR-US: Intel
CVE-2023-23909 (Out-of-bounds read for some Intel(R) Trace Analyzer and
Collector soft ...)
@@ -31117,8 +31199,8 @@ CVE-2023-22442 (Out of bounds write in some Intel(R)
Server Board BMC firmware b
NOT-FOR-US: Intel
CVE-2023-22440 (Incorrect default permissions in the Intel(R) SCS Add-on
software inst ...)
NOT-FOR-US: Intel
-CVE-2023-22276
- RESERVED
+CVE-2023-22276 (Race condition in firmware for some Intel(R) Ethernet
Controllers and ...)
+ TODO: check
CVE-2023-0608 (Cross-site Scripting (XSS) - DOM in GitHub repository
microweber/micro ...)
NOT-FOR-US: microweber
CVE-2023-0607 (Cross-site Scripting (XSS) - Stored in GitHub repository
projectsend/p ...)
@@ -31991,22 +32073,21 @@ CVE-2023-24577 (McAfee Total Protection prior to
16.0.50 allows attackers to ele
NOT-FOR-US: McAfee
CVE-2023-24543
RESERVED
-CVE-2023-23908
- RESERVED
+CVE-2023-23908 (Improper access control in some 3rd Generation Intel(R)
Xeon(R) Scalab ...)
{DSA-5474-1}
- intel-microcode 3.20230808.1 (bug #1043305)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808
CVE-2023-23580 (Stack-based buffer overflow for some Intel(R) Trace Analyzer
and Colle ...)
NOT-FOR-US: Intel
-CVE-2023-23577
- RESERVED
+CVE-2023-23577 (Uncontrolled search path element for some ITE Tech consumer
infrared d ...)
+ TODO: check
CVE-2023-23544
RESERVED
-CVE-2023-22841
- RESERVED
-CVE-2023-22840
- RESERVED
+CVE-2023-22841 (Unquoted search path in the software installer for the System
Firmware ...)
+ TODO: check
+CVE-2023-22840 (Improper neutralization in software for the Intel(R) oneVPL
GPU softwa ...)
+ TODO: check
CVE-2023-22655
RESERVED
CVE-2023-22431
@@ -37715,8 +37796,8 @@ CVE-2023-22430
RESERVED
CVE-2023-22355 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and
component ...)
NOT-FOR-US: Intel
-CVE-2023-22338
- RESERVED
+CVE-2023-22338 (Out-of-bounds read in some Intel(R) oneVPL GPU software before
version ...)
+ TODO: check
CVE-2023-22337
RESERVED
CVE-2023-22292
@@ -45420,8 +45501,8 @@ CVE-2022-46645 (Uncontrolled resource consumption in
the Intel(R) Smart Campus A
NOT-FOR-US: Intel
CVE-2022-46279 (Improper access control in the Intel(R) Retail Edge android
applicatio ...)
NOT-FOR-US: Intel
-CVE-2022-45112
- RESERVED
+CVE-2022-45112 (Improper access control in some Intel(R) VROC software before
version ...)
+ TODO: check
CVE-2022-44607
RESERVED
CVE-2022-44449 (Stored cross-site scripting vulnerability in Zenphoto versions
prior t ...)
@@ -45539,8 +45620,8 @@ CVE-2022-46647
RESERVED
CVE-2022-46646
RESERVED
-CVE-2022-46329
- RESERVED
+CVE-2022-46329 (Protection mechanism failure for some Intel(R) PROSet/Wireless
WiFi so ...)
+ TODO: check
CVE-2022-46301
RESERVED
CVE-2022-46299
@@ -50292,12 +50373,12 @@ CVE-2022-45114
RESERVED
CVE-2022-45109
RESERVED
-CVE-2022-44612
- RESERVED
-CVE-2022-44611
- RESERVED
-CVE-2022-43505
- RESERVED
+CVE-2022-44612 (Use of hard-coded credentials in some Intel(R) Unison(TM)
software bef ...)
+ TODO: check
+CVE-2022-44611 (Improper input validation in the BIOS firmware for some
Intel(R) Proce ...)
+ TODO: check
+CVE-2022-43505 (Insufficient control flow management in the BIOS firmware for
some Int ...)
+ TODO: check
CVE-2022-43477
RESERVED
CVE-2022-41808 (Improper buffer restriction in software for the Intel QAT
Driver for L ...)
@@ -51142,8 +51223,8 @@ CVE-2022-43475 (Insecure storage of sensitive
information in the Intel(R) DCM so
NOT-FOR-US: Intel
CVE-2022-43465 (Improper authorization in the Intel(R) SCS software all
versions may a ...)
NOT-FOR-US: Intel
-CVE-2022-43456
- RESERVED
+CVE-2022-43456 (Uncontrolled search path in some Intel(R) RST software before
versions ...)
+ TODO: check
CVE-2022-41998 (Uncontrolled search path in the Intel(R) DCM software before
version 5 ...)
NOT-FOR-US: Intel
CVE-2022-41979 (Protection mechanism failure in the Intel(R) DCM software
before versi ...)
@@ -59424,8 +59505,8 @@ CVE-2022-42480
RESERVED
CVE-2022-41997
RESERVED
-CVE-2022-41984
- RESERVED
+CVE-2022-41984 (Protection mechanism failure for some Intel(R) Arc(TM)
graphics cards ...)
+ TODO: check
CVE-2022-41982 (Uncontrolled search path element in the Intel(R) VTune(TM)
Profiler so ...)
NOT-FOR-US: Intel
CVE-2022-41784 (Improper access control in kernel mode driver for the Intel(R)
OFU sof ...)
@@ -62245,8 +62326,7 @@ CVE-2022-41816
RESERVED
CVE-2022-41815
RESERVED
-CVE-2022-41804
- RESERVED
+CVE-2022-41804 (Unauthorized error injection in Intel(R) SGX or Intel(R) TDX
for some ...)
{DSA-5474-1}
- intel-microcode 3.20230808.1 (bug #1043305)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html
@@ -62269,8 +62349,8 @@ CVE-2022-41621 (Improper access control in some
Intel(R) QAT drivers for Windows
NOT-FOR-US: Intel
CVE-2022-40972 (Improper access control in some Intel(R) QAT drivers for
Windows befor ...)
NOT-FOR-US: Intel
-CVE-2022-38973
- RESERVED
+CVE-2022-38973 (Improper access control for some Intel(R) Arc(TM) graphics
cards A770 ...)
+ TODO: check
CVE-2022-3367
RESERVED
CVE-2022-3366 (The PublishPress Capabilities WordPress plugin before 2.5.2,
PublishPr ...)
@@ -62993,8 +63073,7 @@ CVE-2022-41342 (Improper buffer restrictions in the
Intel(R) C++ Compiler Classi
NOT-FOR-US: Intel
CVE-2022-41314 (Uncontrolled search path in some Intel(R) Network Adapter
installer so ...)
NOT-FOR-US: Intel
-CVE-2022-40982
- RESERVED
+CVE-2022-40982 (Information exposure through microarchitectural state after
transient ...)
{DSA-5475-1 DSA-5474-1 DLA-3525-1 DLA-3524-1}
- linux 6.4.4-3
- intel-microcode 3.20230808.1 (bug #1043305)
@@ -63007,8 +63086,8 @@ CVE-2022-40971 (Incorrect default permissions for the
Intel(R) HDMI Firmware Upd
NOT-FOR-US: Intel
CVE-2022-40970
RESERVED
-CVE-2022-40964
- RESERVED
+CVE-2022-40964 (Improper access control for some Intel(R) PROSet/Wireless WiFi
and Kil ...)
+ TODO: check
CVE-2022-40210 (Exposure of data element to wrong session in the Intel DCM
software be ...)
NOT-FOR-US: Intel
CVE-2022-40196 (Improper access control in the Intel(R) oneAPI DPC++/C++
Compiler befo ...)
@@ -71319,8 +71398,8 @@ CVE-2022-38402 (Adobe InCopy version 17.3 (and earlier)
and 16.4.2 (and earlier)
NOT-FOR-US: Adobe
CVE-2022-38401 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and
earlier) are a ...)
NOT-FOR-US: Adobe
-CVE-2022-38102
- RESERVED
+CVE-2022-38102 (Improper Input validation in firmware for some Intel(R)
Converged Secu ...)
+ TODO: check
CVE-2022-38090 (Improper isolation of shared resources in some Intel(R)
Processors whe ...)
{DLA-3379-1}
- intel-microcode 3.20230214.1 (bug #1031334)
@@ -71329,16 +71408,16 @@ CVE-2022-38090 (Improper isolation of shared
resources in some Intel(R) Processo
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
CVE-2022-38084
RESERVED
-CVE-2022-38083
- RESERVED
+CVE-2022-38083 (Improper initialization in the BIOS firmware for some Intel(R)
Process ...)
+ TODO: check
CVE-2022-38072 (An improper array index validation vulnerability exists in the
stl_fix ...)
NOT-FOR-US: ADMesh
CVE-2022-38071
RESERVED
CVE-2022-37408
RESERVED
-CVE-2022-37343
- RESERVED
+CVE-2022-37343 (Improper access control in the BIOS firmware for some Intel(R)
Process ...)
+ TODO: check
CVE-2022-36788 (A heap-based buffer overflow vulnerability exists in the
TriangleMesh ...)
- slic3r <unfixed> (bug #1034848)
[bookworm] - slic3r <no-dsa> (Minor issue)
@@ -72363,21 +72442,21 @@ CVE-2022-38092
RESERVED
CVE-2022-38087 (Exposure of resource to wrong sphere in BIOS firmware for some
Intel(R ...)
NOT-FOR-US: Intel
-CVE-2022-38076
- RESERVED
+CVE-2022-38076 (Improper input validation in some Intel(R) PROSet/Wireless
WiFi and Ki ...)
+ TODO: check
CVE-2022-38060 (A privilege escalation vulnerability exists in the sudo
functionality ...)
- kolla <itp> (bug #804128)
NOTE: https://bugs.launchpad.net/kolla/+bug/1985784
CVE-2022-38056 (Improper neutralization in the Intel(R) EMA software before
version 1. ...)
NOT-FOR-US: Intel
-CVE-2022-37336
- RESERVED
+CVE-2022-37336 (Improper input validation in BIOS firmware for some Intel(R)
NUC may a ...)
+ TODO: check
CVE-2022-37329 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro
and Sta ...)
NOT-FOR-US: Intel
CVE-2022-36406
RESERVED
-CVE-2022-36351
- RESERVED
+CVE-2022-36351 (Improper input validation in some Intel(R) PROSet/Wireless
WiFi and Ki ...)
+ TODO: check
CVE-2022-33893
RESERVED
CVE-2022-2759 (Delta Electronics Delta Robot Automation Studio (DRAS) versions
prior ...)
@@ -76680,8 +76759,8 @@ CVE-2017-20144 (A vulnerability has been found in
Anvsoft PDFMate PDF Converter
NOT-FOR-US: Anvsoft PDFMate PDF Converter Pro
CVE-2022-36400 (Path traversal in the installer software for some Intel(r) NUC
Kit Wir ...)
NOT-FOR-US: Intel
-CVE-2022-36392
- RESERVED
+CVE-2022-36392 (Improper input validation in some firmware for Intel(R) AMT
and Intel( ...)
+ TODO: check
CVE-2022-36384 (Unquoted search path in the installer software for some
Intel(r) NUC K ...)
NOT-FOR-US: Intel
CVE-2022-36382 (Out-of-bounds write in firmware for some Intel(R) Ethernet
Network Con ...)
@@ -76869,8 +76948,8 @@ CVE-2022-2511 (Cross-site Scripting (XSS) vulnerability
in the "commonuserinterf
NOT-FOR-US: BlueSpice
CVE-2022-2510 (Cross-site Scripting (XSS) vulnerability in
"Extension:ExtendedSearch" ...)
NOT-FOR-US: BlueSpice
-CVE-2022-36372
- RESERVED
+CVE-2022-36372 (Improper buffer restrictions in some Intel(R) NUC BIOS
firmware may al ...)
+ TODO: check
CVE-2022-36367 (Incorrect default permissions in the Intel(R) Support Android
applicat ...)
NOT-FOR-US: Intel
CVE-2022-36364 (Apache Calcite Avatica JDBC driver creates HTTP client
instances based ...)
@@ -76883,8 +76962,8 @@ CVE-2022-34848 (Uncontrolled search path for the
Intel(R) NUC Pro Software Suite
NOT-FOR-US: Intel
CVE-2022-34846
RESERVED
-CVE-2022-34657
- RESERVED
+CVE-2022-34657 (Improper input validation in firmware for some Intel(R) PCSD
BIOS befo ...)
+ TODO: check
CVE-2022-33196 (Incorrect default permissions in some memory controller
configurations ...)
{DLA-3379-1}
- intel-microcode 3.20230214.1 (bug #1031334)
@@ -83708,8 +83787,8 @@ CVE-2022-30530 (Protection mechanism failure in the
Intel(R) DSA software before
NOT-FOR-US: Intel
CVE-2022-29895
RESERVED
-CVE-2022-29871
- RESERVED
+CVE-2022-29871 (Improper access control in the Intel(R) CSME software
installer before ...)
+ TODO: check
CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is
vulnerable ...)
{DSA-5173-1 DLA-3065-1}
- linux 5.17.6-1
@@ -93337,8 +93416,8 @@ CVE-2022-29919 (Use after free in the Intel(R) VROC
software before version 7.7.
NOT-FOR-US: Intel
CVE-2022-29893 (Improper authentication in firmware for Intel(R) AMT before
versions 1 ...)
NOT-FOR-US: Intel
-CVE-2022-29887
- RESERVED
+CVE-2022-29887 (Cross-site Scripting (XSS) in some Intel(R) Manageability
Commander so ...)
+ TODO: check
CVE-2022-29515 (Missing release of memory after effective lifetime in firmware
for Int ...)
NOT-FOR-US: Intel
CVE-2022-29508 (Null pointer dereference in the Intel(R) VROC software before
version ...)
@@ -93347,8 +93426,8 @@ CVE-2022-29507 (Insufficiently protected credentials in
the Intel(R) Team Blue m
NOT-FOR-US: Intel
CVE-2022-29478
RESERVED
-CVE-2022-29470
- RESERVED
+CVE-2022-29470 (Improper access control in the Intel DTT Software before
version 8.7.1 ...)
+ TODO: check
CVE-2022-28693
RESERVED
NOT-FOR-US: Intel
@@ -98752,8 +98831,8 @@ CVE-2022-28611 (Improper input validation in some
Intel(R) XMM(TM) 7560 Modem so
NOT-FOR-US: Intel
CVE-2022-28126 (Improper input validation in some Intel(R) XMM(TM) 7560 Modem
software ...)
NOT-FOR-US: Intel
-CVE-2022-27879
- RESERVED
+CVE-2022-27879 (Improper buffer restrictions in the BIOS firmware for some
Intel(R) Pr ...)
+ TODO: check
CVE-2022-27876
RESERVED
CVE-2022-27874 (Improper authentication in some Intel(R) XMM(TM) 7560 Modem
software b ...)
@@ -102098,8 +102177,8 @@ CVE-2022-1042 (In Zephyr bluetooth mesh core stack,
an out-of-bound write vulner
NOT-FOR-US: Zyphyr
CVE-2022-1041 (In Zephyr bluetooth mesh core stack, an out-of-bound write
vulnerabili ...)
NOT-FOR-US: Zyphyr
-CVE-2022-27635
- RESERVED
+CVE-2022-27635 (Improper access control for some Intel(R) PROSet/Wireless WiFi
and Kil ...)
+ TODO: check
CVE-2022-27626 (A vulnerability regarding concurrent execution using shared
resource w ...)
NOT-FOR-US: Synology
CVE-2022-27625 (A vulnerability regarding improper restriction of operations
within th ...)
@@ -105848,8 +105927,8 @@ CVE-2022-25909
RESERVED
CVE-2022-25870
RESERVED
-CVE-2022-25864
- RESERVED
+CVE-2022-25864 (Uncontrolled search path in some Intel(R) oneMKL software
before versi ...)
+ TODO: check
CVE-2022-0822 (Cross-site Scripting (XSS) - Reflected in GitHub repository
orchardcms ...)
NOT-FOR-US: Orchard CMS
CVE-2022-0821 (Improper Authorization in GitHub repository
orchardcms/orchardcore pri ...)
@@ -136666,7 +136745,7 @@ CVE-2021-41770 (Ping Identity PingFederate before
10.3.1 mishandles pre-parsing
NOT-FOR-US: Ping Identity PingFederate
CVE-2021-3838 [Deserialization of Untrusted Data using PHAR deserialization]
RESERVED
- {DLA-3495-1}
+ {DLA-3495-2 DLA-3495-1}
- php-dompdf 2.0.2+dfsg-1
[bullseye] - php-dompdf <no-dsa> (Minor issue)
NOTE: https://github.com/dompdf/dompdf/issues/2564
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e170d81edf3b65abb0ae9cfdd9b1ff3cfa670c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e170d81edf3b65abb0ae9cfdd9b1ff3cfa670c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
