Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 28e170d8 by security tracker role at 2023-08-11T08:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,85 @@ +CVE-2023-4304 (Business Logic Errors in GitHub repository froxlor/froxlor prior to 2. ...) + TODO: check +CVE-2023-4108 (Mattermost fails to sanitize post metadata during audit logging result ...) + TODO: check +CVE-2023-4107 (Mattermost fails to properly validate the requesting user permissions ...) + TODO: check +CVE-2023-4106 (Mattermost fails to check if the requesting user is a guest before per ...) + TODO: check +CVE-2023-4105 (Mattermost fails to delete the attachments when deleting a message in ...) + TODO: check +CVE-2023-40267 (GitPython before 3.1.32 does not block insecure non-multi options in c ...) + TODO: check +CVE-2023-40260 (EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi ...) + TODO: check +CVE-2023-40256 (A vulnerability was discovered in Veritas NetBackup Snapshot Manager b ...) + TODO: check +CVE-2023-40254 (Download of Code Without Integrity Check vulnerability in Genians Geni ...) + TODO: check +CVE-2023-40253 (Improper Authentication vulnerability in Genians Genian NAC V4.0, Geni ...) + TODO: check +CVE-2023-40235 (An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0 ...) + TODO: check +CVE-2023-40224 (MISP 2.4174 allows XSS in app/View/Events/index.ctp.) + TODO: check +CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract developm ...) + TODO: check +CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ...) + TODO: check +CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* be ...) + TODO: check +CVE-2023-39553 (Improper Input Validation vulnerability in Apache Software Foundation ...) + TODO: check +CVE-2023-38333 (Zoho ManageEngine Applications Manager through 16530 allows reflected ...) + TODO: check +CVE-2023-37513 (When the app is put to the background and the user goes to the task sw ...) + TODO: check +CVE-2023-37512 (When the app is put to the background and the user goes to the task sw ...) + TODO: check +CVE-2023-37511 (If certain App Transport Security (ATS) settings are set in a certain ...) + TODO: check +CVE-2023-35179 (A vulnerability has been identified within Serv-U 15.4 that, if exploi ...) + TODO: check +CVE-2023-34438 (Race condition in some Intel(R) NUC BIOS firmware may allow a privileg ...) + TODO: check +CVE-2023-34427 (Protection mechanism failure in some Intel(R) RealSense(TM) ID softwar ...) + TODO: check +CVE-2023-34355 (Uncontrolled search path element for some Intel(R) Server Board M10JNP ...) + TODO: check +CVE-2023-34349 (Race condition in some Intel(R) NUC BIOS firmware may allow a privileg ...) + TODO: check +CVE-2023-34086 (Improper input validation in some Intel(R) NUC BIOS firmware may allow ...) + TODO: check +CVE-2023-33877 (Out-of-bounds write in some Intel(R) RealSense(TM) ID software for Int ...) + TODO: check +CVE-2023-33867 (Improper buffer restrictions in some Intel(R) RealSense(TM) ID softwar ...) + TODO: check +CVE-2023-32663 (Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in v ...) + TODO: check +CVE-2023-32656 (Improper buffer restrictions in some Intel(R) RealSense(TM) ID softwar ...) + TODO: check +CVE-2023-32617 (Improper input validation in some Intel(R) NUC Rugged Kit, Intel(R) NU ...) + TODO: check +CVE-2023-32609 (Improper access control in the Intel Unite(R) android application befo ...) + TODO: check +CVE-2023-32547 (Incorrect default permissions in the MAVinci Desktop Software for Inte ...) + TODO: check +CVE-2023-32543 (Incorrect default permissions in the Intel(R) ITS sofware before versi ...) + TODO: check +CVE-2023-32285 (Improper access control in some Intel(R) NUC BIOS firmware may allow a ...) + TODO: check +CVE-2023-31246 (Incorrect default permissions in some Intel(R) SDP Tool software befor ...) + TODO: check +CVE-2023-30760 (Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Inte ...) + TODO: check +CVE-2023-29494 (Improper input validation in BIOS firmware for some Intel(R) NUCs may ...) + TODO: check +CVE-2023-29243 (Unchecked return value in some Intel(R) RealSense(TM) ID software for ...) + TODO: check +CVE-2023-29151 (Uncontrolled search path element in some Intel(R) PSR SDK before versi ...) + TODO: check +CVE-2023-27887 (Improper initialization in BIOS firmware for some Intel(R) NUCs may al ...) + TODO: check CVE-2023-XXXX [ZDI-CAN-21444: Integer overflow leading to heap overwrite in RealMedia file handling] - gst-plugins-ugly1.0 <unfixed> - gst-plugins-ugly0.10 <removed> @@ -6,7 +88,7 @@ CVE-2023-XXXX [ZDI-CAN-21443: Integer overflow leading to heap overwrite in Real - gst-plugins-ugly1.0 <unfixed> - gst-plugins-ugly0.10 <removed> NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0004.html -CVE-2023-40225 [BUG/MAJOR: http: reject any empty content-length header value] +CVE-2023-40225 (HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ...) - haproxy <unfixed> NOTE: https://github.com/haproxy/haproxy/issues/2237 NOTE: https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856 @@ -13709,8 +13791,8 @@ CVE-2023-30571 (Libarchive through 3.6.2 can cause directories to have world-wri NOTE: https://github.com/libarchive/libarchive/issues/1876 CVE-2023-29504 RESERVED -CVE-2023-29500 - RESERVED +CVE-2023-29500 (Exposure of sensitive information to an unauthorized actor in BIOS fir ...) + TODO: check CVE-2023-29162 RESERVED CVE-2023-28740 @@ -16632,8 +16714,8 @@ CVE-2023-29244 RESERVED CVE-2023-29165 RESERVED -CVE-2023-28823 - RESERVED +CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...) + TODO: check CVE-2023-28741 RESERVED CVE-2023-28715 @@ -16642,8 +16724,8 @@ CVE-2023-28397 RESERVED CVE-2023-28396 RESERVED -CVE-2023-27391 - RESERVED +CVE-2023-27391 (Improper access control in some Intel(R) oneAPI Toolkit and component ...) + TODO: check CVE-2023-22313 RESERVED CVE-2023-22310 @@ -17776,22 +17858,22 @@ CVE-2023-1791 (A vulnerability has been found in SourceCodester Simple Task Allo NOT-FOR-US: SourceCodester Simple Task Allocation System CVE-2023-1790 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Simple Task Allocation System -CVE-2023-28938 - RESERVED -CVE-2023-28736 - RESERVED +CVE-2023-28938 (Uncontrolled resource consumption in some Intel(R) SSD Tools software ...) + TODO: check +CVE-2023-28736 (Buffer overflow in some Intel(R) SSD Tools software before version mda ...) + TODO: check CVE-2023-28717 RESERVED -CVE-2023-28711 - RESERVED -CVE-2023-28405 - RESERVED -CVE-2023-28380 - RESERVED +CVE-2023-28711 (Insufficient control flow management in the Hyperscan Library maintain ...) + TODO: check +CVE-2023-28405 (Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) ...) + TODO: check +CVE-2023-28380 (Uncontrolled search path for the Intel(R) AI Hackathon software before ...) + TODO: check CVE-2023-27883 RESERVED -CVE-2023-27515 - RESERVED +CVE-2023-27515 (Cross-site scripting (XSS) for the Intel(R) DSA software before versio ...) + TODO: check CVE-2023-24592 RESERVED CVE-2023-24591 @@ -18488,8 +18570,8 @@ CVE-2023-28738 RESERVED CVE-2023-28721 RESERVED -CVE-2023-28658 - RESERVED +CVE-2023-28658 (Insecure inherited permissions in some Intel(R) oneMKL software before ...) + TODO: check CVE-2023-27517 RESERVED CVE-2023-26589 @@ -19361,8 +19443,8 @@ CVE-2023-28723 RESERVED CVE-2023-28718 (Osprey Pump Controller version 1.01 allows users to perform certain ac ...) NOT-FOR-US: Osprey Pump Controller -CVE-2023-28714 - RESERVED +CVE-2023-28714 (Improper access control in firmware for some Intel(R) PROSet/Wireless ...) + TODO: check CVE-2023-28712 (Osprey Pump Controller version 1.01 contains an unauthenticated comman ...) NOT-FOR-US: Osprey Pump Controller CVE-2023-28710 (Improper Input Validation vulnerability in Apache Software Foundation ...) @@ -19391,8 +19473,8 @@ CVE-2023-28398 (Osprey Pump Controller version 1.01 could allow an unauthenticat NOT-FOR-US: Osprey Pump Controller CVE-2023-28395 (Osprey Pump Controller version 1.01 is vulnerable to a weak session to ...) NOT-FOR-US: Osprey Pump Controller -CVE-2023-28385 - RESERVED +CVE-2023-28385 (Improper authorization in the Intel(R) NUC Pro Software Suite for Wind ...) + TODO: check CVE-2023-28376 RESERVED CVE-2023-28375 (Osprey Pump Controller version 1.01 is vulnerable to an unauthenticate ...) @@ -23269,18 +23351,18 @@ CVE-2023-27562 (The n8n package 0.218.0 for Node.js allows Directory Traversal.) NOT-FOR-US: n8n Node module CVE-2023-27528 RESERVED -CVE-2023-27392 - RESERVED +CVE-2023-27392 (Incorrect default permissions in the Intel(R) Support android applicat ...) + TODO: check CVE-2023-27382 (Incorrect default permissions in the Audio Service for some Intel(R) N ...) NOT-FOR-US: Intel -CVE-2023-26587 - RESERVED +CVE-2023-26587 (Improper input validation for the Intel(R) Easy Streaming Wizard softw ...) + TODO: check CVE-2023-26586 RESERVED CVE-2023-25951 RESERVED -CVE-2023-25757 - RESERVED +CVE-2023-25757 (Improper access control in some Intel(R) Unison(TM) software before ve ...) + TODO: check CVE-2023-25174 RESERVED CVE-2023-24596 @@ -23499,14 +23581,14 @@ CVE-2023-27520 (Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON p NOT-FOR-US: Epson CVE-2023-27511 RESERVED -CVE-2023-27509 - RESERVED +CVE-2023-27509 (Improper access control in some Intel(R) ISPC software installers befo ...) + TODO: check CVE-2023-27508 RESERVED -CVE-2023-27506 - RESERVED -CVE-2023-27505 - RESERVED +CVE-2023-27506 (Improper buffer restrictions in the Intel(R) Optimization for Tensorfl ...) + TODO: check +CVE-2023-27505 (Incorrect default permissions in some Intel(R) Advanced Link Analyzer ...) + TODO: check CVE-2023-27501 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, ...) NOT-FOR-US: SAP CVE-2023-27500 (An attacker with non-administrative authorizations can exploit a direc ...) @@ -26170,14 +26252,14 @@ CVE-2023-26466 (A user with non-Admin access can change a configuration file on NOT-FOR-US: RPA: Synchronization Engine CVE-2023-26465 (Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.) NOT-FOR-US: Pega Platform -CVE-2023-25944 - RESERVED +CVE-2023-25944 (Uncontrolled search path element in some Intel(R) VCUST Tool software ...) + TODO: check CVE-2023-25779 RESERVED CVE-2023-25777 RESERVED -CVE-2023-25775 - RESERVED +CVE-2023-25775 (Improper access control in the Intel(R) Ethernet Controller RDMA drive ...) + TODO: check CVE-2023-25075 RESERVED CVE-2023-25073 @@ -27701,16 +27783,16 @@ CVE-2023-23904 RESERVED CVE-2023-23573 (Improper access control in the Intel(R) Unite(R) android application b ...) NOT-FOR-US: Intel -CVE-2023-22449 - RESERVED -CVE-2023-22444 - RESERVED -CVE-2023-22356 - RESERVED +CVE-2023-22449 (Improper input validation in some Intel(R) NUC BIOS firmware may allow ...) + TODO: check +CVE-2023-22444 (Improper initialization in some Intel(R) NUC 13 Extreme Compute Elemen ...) + TODO: check +CVE-2023-22356 (Improper initialization in some Intel(R) NUC BIOS firmware may allow a ...) + TODO: check CVE-2023-22351 RESERVED -CVE-2023-22330 - RESERVED +CVE-2023-22330 (Use of uninitialized resource in some Intel(R) NUC BIOS firmware may a ...) + TODO: check CVE-2023-22329 RESERVED CVE-2023-0882 (Improper Input Validation, Authorization Bypass Through User-Controlle ...) @@ -28155,8 +28237,8 @@ CVE-2023-25780 (It is identified a vulnerability of insufficient authentication NOT-FOR-US: Intel CVE-2023-25776 (Improper input validation in some Intel(R) Server Board BMC firmware b ...) NOT-FOR-US: Intel -CVE-2023-25773 - RESERVED +CVE-2023-25773 (Improper access control in the Intel(R) Unite(R) Hub software installe ...) + TODO: check CVE-2023-25768 (A missing permission check in Jenkins Azure Credentials Plugin 253.v88 ...) NOT-FOR-US: Jenkins plugin CVE-2023-25767 (A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Cre ...) @@ -28175,8 +28257,8 @@ CVE-2023-25761 (Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not es NOT-FOR-US: Jenkins plugin CVE-2023-25545 (Improper buffer restrictions in some Intel(R) Server Board BMC firmwar ...) NOT-FOR-US: Intel -CVE-2023-25182 - RESERVED +CVE-2023-25182 (Uncontrolled search path element in the Intel(R) Unite(R) Client softw ...) + TODO: check CVE-2023-25179 (Uncontrolled resource consumption in the Intel(R) Unite(R) android app ...) NOT-FOR-US: Intel CVE-2023-25175 (Improper input validation in some Intel(R) Server Board BMC firmware b ...) @@ -31099,8 +31181,8 @@ CVE-2023-24857 (Microsoft PostScript and PCL6 Class Printer Driver Information D NOT-FOR-US: Microsoft CVE-2023-24856 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft -CVE-2023-24016 - RESERVED +CVE-2023-24016 (Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro ...) + TODO: check CVE-2023-23910 (Out-of-bounds write for some Intel(R) Trace Analyzer and Collector sof ...) NOT-FOR-US: Intel CVE-2023-23909 (Out-of-bounds read for some Intel(R) Trace Analyzer and Collector soft ...) @@ -31117,8 +31199,8 @@ CVE-2023-22442 (Out of bounds write in some Intel(R) Server Board BMC firmware b NOT-FOR-US: Intel CVE-2023-22440 (Incorrect default permissions in the Intel(R) SCS Add-on software inst ...) NOT-FOR-US: Intel -CVE-2023-22276 - RESERVED +CVE-2023-22276 (Race condition in firmware for some Intel(R) Ethernet Controllers and ...) + TODO: check CVE-2023-0608 (Cross-site Scripting (XSS) - DOM in GitHub repository microweber/micro ...) NOT-FOR-US: microweber CVE-2023-0607 (Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/p ...) @@ -31991,22 +32073,21 @@ CVE-2023-24577 (McAfee Total Protection prior to 16.0.50 allows attackers to ele NOT-FOR-US: McAfee CVE-2023-24543 RESERVED -CVE-2023-23908 - RESERVED +CVE-2023-23908 (Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalab ...) {DSA-5474-1} - intel-microcode 3.20230808.1 (bug #1043305) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808 CVE-2023-23580 (Stack-based buffer overflow for some Intel(R) Trace Analyzer and Colle ...) NOT-FOR-US: Intel -CVE-2023-23577 - RESERVED +CVE-2023-23577 (Uncontrolled search path element for some ITE Tech consumer infrared d ...) + TODO: check CVE-2023-23544 RESERVED -CVE-2023-22841 - RESERVED -CVE-2023-22840 - RESERVED +CVE-2023-22841 (Unquoted search path in the software installer for the System Firmware ...) + TODO: check +CVE-2023-22840 (Improper neutralization in software for the Intel(R) oneVPL GPU softwa ...) + TODO: check CVE-2023-22655 RESERVED CVE-2023-22431 @@ -37715,8 +37796,8 @@ CVE-2023-22430 RESERVED CVE-2023-22355 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...) NOT-FOR-US: Intel -CVE-2023-22338 - RESERVED +CVE-2023-22338 (Out-of-bounds read in some Intel(R) oneVPL GPU software before version ...) + TODO: check CVE-2023-22337 RESERVED CVE-2023-22292 @@ -45420,8 +45501,8 @@ CVE-2022-46645 (Uncontrolled resource consumption in the Intel(R) Smart Campus A NOT-FOR-US: Intel CVE-2022-46279 (Improper access control in the Intel(R) Retail Edge android applicatio ...) NOT-FOR-US: Intel -CVE-2022-45112 - RESERVED +CVE-2022-45112 (Improper access control in some Intel(R) VROC software before version ...) + TODO: check CVE-2022-44607 RESERVED CVE-2022-44449 (Stored cross-site scripting vulnerability in Zenphoto versions prior t ...) @@ -45539,8 +45620,8 @@ CVE-2022-46647 RESERVED CVE-2022-46646 RESERVED -CVE-2022-46329 - RESERVED +CVE-2022-46329 (Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi so ...) + TODO: check CVE-2022-46301 RESERVED CVE-2022-46299 @@ -50292,12 +50373,12 @@ CVE-2022-45114 RESERVED CVE-2022-45109 RESERVED -CVE-2022-44612 - RESERVED -CVE-2022-44611 - RESERVED -CVE-2022-43505 - RESERVED +CVE-2022-44612 (Use of hard-coded credentials in some Intel(R) Unison(TM) software bef ...) + TODO: check +CVE-2022-44611 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...) + TODO: check +CVE-2022-43505 (Insufficient control flow management in the BIOS firmware for some Int ...) + TODO: check CVE-2022-43477 RESERVED CVE-2022-41808 (Improper buffer restriction in software for the Intel QAT Driver for L ...) @@ -51142,8 +51223,8 @@ CVE-2022-43475 (Insecure storage of sensitive information in the Intel(R) DCM so NOT-FOR-US: Intel CVE-2022-43465 (Improper authorization in the Intel(R) SCS software all versions may a ...) NOT-FOR-US: Intel -CVE-2022-43456 - RESERVED +CVE-2022-43456 (Uncontrolled search path in some Intel(R) RST software before versions ...) + TODO: check CVE-2022-41998 (Uncontrolled search path in the Intel(R) DCM software before version 5 ...) NOT-FOR-US: Intel CVE-2022-41979 (Protection mechanism failure in the Intel(R) DCM software before versi ...) @@ -59424,8 +59505,8 @@ CVE-2022-42480 RESERVED CVE-2022-41997 RESERVED -CVE-2022-41984 - RESERVED +CVE-2022-41984 (Protection mechanism failure for some Intel(R) Arc(TM) graphics cards ...) + TODO: check CVE-2022-41982 (Uncontrolled search path element in the Intel(R) VTune(TM) Profiler so ...) NOT-FOR-US: Intel CVE-2022-41784 (Improper access control in kernel mode driver for the Intel(R) OFU sof ...) @@ -62245,8 +62326,7 @@ CVE-2022-41816 RESERVED CVE-2022-41815 RESERVED -CVE-2022-41804 - RESERVED +CVE-2022-41804 (Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some ...) {DSA-5474-1} - intel-microcode 3.20230808.1 (bug #1043305) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html @@ -62269,8 +62349,8 @@ CVE-2022-41621 (Improper access control in some Intel(R) QAT drivers for Windows NOT-FOR-US: Intel CVE-2022-40972 (Improper access control in some Intel(R) QAT drivers for Windows befor ...) NOT-FOR-US: Intel -CVE-2022-38973 - RESERVED +CVE-2022-38973 (Improper access control for some Intel(R) Arc(TM) graphics cards A770 ...) + TODO: check CVE-2022-3367 RESERVED CVE-2022-3366 (The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPr ...) @@ -62993,8 +63073,7 @@ CVE-2022-41342 (Improper buffer restrictions in the Intel(R) C++ Compiler Classi NOT-FOR-US: Intel CVE-2022-41314 (Uncontrolled search path in some Intel(R) Network Adapter installer so ...) NOT-FOR-US: Intel -CVE-2022-40982 - RESERVED +CVE-2022-40982 (Information exposure through microarchitectural state after transient ...) {DSA-5475-1 DSA-5474-1 DLA-3525-1 DLA-3524-1} - linux 6.4.4-3 - intel-microcode 3.20230808.1 (bug #1043305) @@ -63007,8 +63086,8 @@ CVE-2022-40971 (Incorrect default permissions for the Intel(R) HDMI Firmware Upd NOT-FOR-US: Intel CVE-2022-40970 RESERVED -CVE-2022-40964 - RESERVED +CVE-2022-40964 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) + TODO: check CVE-2022-40210 (Exposure of data element to wrong session in the Intel DCM software be ...) NOT-FOR-US: Intel CVE-2022-40196 (Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler befo ...) @@ -71319,8 +71398,8 @@ CVE-2022-38402 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) NOT-FOR-US: Adobe CVE-2022-38401 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) NOT-FOR-US: Adobe -CVE-2022-38102 - RESERVED +CVE-2022-38102 (Improper Input validation in firmware for some Intel(R) Converged Secu ...) + TODO: check CVE-2022-38090 (Improper isolation of shared resources in some Intel(R) Processors whe ...) {DLA-3379-1} - intel-microcode 3.20230214.1 (bug #1031334) @@ -71329,16 +71408,16 @@ CVE-2022-38090 (Improper isolation of shared resources in some Intel(R) Processo NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214 CVE-2022-38084 RESERVED -CVE-2022-38083 - RESERVED +CVE-2022-38083 (Improper initialization in the BIOS firmware for some Intel(R) Process ...) + TODO: check CVE-2022-38072 (An improper array index validation vulnerability exists in the stl_fix ...) NOT-FOR-US: ADMesh CVE-2022-38071 RESERVED CVE-2022-37408 RESERVED -CVE-2022-37343 - RESERVED +CVE-2022-37343 (Improper access control in the BIOS firmware for some Intel(R) Process ...) + TODO: check CVE-2022-36788 (A heap-based buffer overflow vulnerability exists in the TriangleMesh ...) - slic3r <unfixed> (bug #1034848) [bookworm] - slic3r <no-dsa> (Minor issue) @@ -72363,21 +72442,21 @@ CVE-2022-38092 RESERVED CVE-2022-38087 (Exposure of resource to wrong sphere in BIOS firmware for some Intel(R ...) NOT-FOR-US: Intel -CVE-2022-38076 - RESERVED +CVE-2022-38076 (Improper input validation in some Intel(R) PROSet/Wireless WiFi and Ki ...) + TODO: check CVE-2022-38060 (A privilege escalation vulnerability exists in the sudo functionality ...) - kolla <itp> (bug #804128) NOTE: https://bugs.launchpad.net/kolla/+bug/1985784 CVE-2022-38056 (Improper neutralization in the Intel(R) EMA software before version 1. ...) NOT-FOR-US: Intel -CVE-2022-37336 - RESERVED +CVE-2022-37336 (Improper input validation in BIOS firmware for some Intel(R) NUC may a ...) + TODO: check CVE-2022-37329 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Sta ...) NOT-FOR-US: Intel CVE-2022-36406 RESERVED -CVE-2022-36351 - RESERVED +CVE-2022-36351 (Improper input validation in some Intel(R) PROSet/Wireless WiFi and Ki ...) + TODO: check CVE-2022-33893 RESERVED CVE-2022-2759 (Delta Electronics Delta Robot Automation Studio (DRAS) versions prior ...) @@ -76680,8 +76759,8 @@ CVE-2017-20144 (A vulnerability has been found in Anvsoft PDFMate PDF Converter NOT-FOR-US: Anvsoft PDFMate PDF Converter Pro CVE-2022-36400 (Path traversal in the installer software for some Intel(r) NUC Kit Wir ...) NOT-FOR-US: Intel -CVE-2022-36392 - RESERVED +CVE-2022-36392 (Improper input validation in some firmware for Intel(R) AMT and Intel( ...) + TODO: check CVE-2022-36384 (Unquoted search path in the installer software for some Intel(r) NUC K ...) NOT-FOR-US: Intel CVE-2022-36382 (Out-of-bounds write in firmware for some Intel(R) Ethernet Network Con ...) @@ -76869,8 +76948,8 @@ CVE-2022-2511 (Cross-site Scripting (XSS) vulnerability in the "commonuserinterf NOT-FOR-US: BlueSpice CVE-2022-2510 (Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" ...) NOT-FOR-US: BlueSpice -CVE-2022-36372 - RESERVED +CVE-2022-36372 (Improper buffer restrictions in some Intel(R) NUC BIOS firmware may al ...) + TODO: check CVE-2022-36367 (Incorrect default permissions in the Intel(R) Support Android applicat ...) NOT-FOR-US: Intel CVE-2022-36364 (Apache Calcite Avatica JDBC driver creates HTTP client instances based ...) @@ -76883,8 +76962,8 @@ CVE-2022-34848 (Uncontrolled search path for the Intel(R) NUC Pro Software Suite NOT-FOR-US: Intel CVE-2022-34846 RESERVED -CVE-2022-34657 - RESERVED +CVE-2022-34657 (Improper input validation in firmware for some Intel(R) PCSD BIOS befo ...) + TODO: check CVE-2022-33196 (Incorrect default permissions in some memory controller configurations ...) {DLA-3379-1} - intel-microcode 3.20230214.1 (bug #1031334) @@ -83708,8 +83787,8 @@ CVE-2022-30530 (Protection mechanism failure in the Intel(R) DSA software before NOT-FOR-US: Intel CVE-2022-29895 RESERVED -CVE-2022-29871 - RESERVED +CVE-2022-29871 (Improper access control in the Intel(R) CSME software installer before ...) + TODO: check CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable ...) {DSA-5173-1 DLA-3065-1} - linux 5.17.6-1 @@ -93337,8 +93416,8 @@ CVE-2022-29919 (Use after free in the Intel(R) VROC software before version 7.7. NOT-FOR-US: Intel CVE-2022-29893 (Improper authentication in firmware for Intel(R) AMT before versions 1 ...) NOT-FOR-US: Intel -CVE-2022-29887 - RESERVED +CVE-2022-29887 (Cross-site Scripting (XSS) in some Intel(R) Manageability Commander so ...) + TODO: check CVE-2022-29515 (Missing release of memory after effective lifetime in firmware for Int ...) NOT-FOR-US: Intel CVE-2022-29508 (Null pointer dereference in the Intel(R) VROC software before version ...) @@ -93347,8 +93426,8 @@ CVE-2022-29507 (Insufficiently protected credentials in the Intel(R) Team Blue m NOT-FOR-US: Intel CVE-2022-29478 RESERVED -CVE-2022-29470 - RESERVED +CVE-2022-29470 (Improper access control in the Intel DTT Software before version 8.7.1 ...) + TODO: check CVE-2022-28693 RESERVED NOT-FOR-US: Intel @@ -98752,8 +98831,8 @@ CVE-2022-28611 (Improper input validation in some Intel(R) XMM(TM) 7560 Modem so NOT-FOR-US: Intel CVE-2022-28126 (Improper input validation in some Intel(R) XMM(TM) 7560 Modem software ...) NOT-FOR-US: Intel -CVE-2022-27879 - RESERVED +CVE-2022-27879 (Improper buffer restrictions in the BIOS firmware for some Intel(R) Pr ...) + TODO: check CVE-2022-27876 RESERVED CVE-2022-27874 (Improper authentication in some Intel(R) XMM(TM) 7560 Modem software b ...) @@ -102098,8 +102177,8 @@ CVE-2022-1042 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulner NOT-FOR-US: Zyphyr CVE-2022-1041 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerabili ...) NOT-FOR-US: Zyphyr -CVE-2022-27635 - RESERVED +CVE-2022-27635 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) + TODO: check CVE-2022-27626 (A vulnerability regarding concurrent execution using shared resource w ...) NOT-FOR-US: Synology CVE-2022-27625 (A vulnerability regarding improper restriction of operations within th ...) @@ -105848,8 +105927,8 @@ CVE-2022-25909 RESERVED CVE-2022-25870 RESERVED -CVE-2022-25864 - RESERVED +CVE-2022-25864 (Uncontrolled search path in some Intel(R) oneMKL software before versi ...) + TODO: check CVE-2022-0822 (Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms ...) NOT-FOR-US: Orchard CMS CVE-2022-0821 (Improper Authorization in GitHub repository orchardcms/orchardcore pri ...) @@ -136666,7 +136745,7 @@ CVE-2021-41770 (Ping Identity PingFederate before 10.3.1 mishandles pre-parsing NOT-FOR-US: Ping Identity PingFederate CVE-2021-3838 [Deserialization of Untrusted Data using PHAR deserialization] RESERVED - {DLA-3495-1} + {DLA-3495-2 DLA-3495-1} - php-dompdf 2.0.2+dfsg-1 [bullseye] - php-dompdf <no-dsa> (Minor issue) NOTE: https://github.com/dompdf/dompdf/issues/2564 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e170d81edf3b65abb0ae9cfdd9b1ff3cfa670c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e170d81edf3b65abb0ae9cfdd9b1ff3cfa670c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits