Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 37c6d502 by security tracker role at 2022-08-19T08:10:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,169 @@ +CVE-2022-38464 + RESERVED +CVE-2022-38463 + RESERVED +CVE-2022-38462 + RESERVED +CVE-2022-38450 + RESERVED +CVE-2022-38449 + RESERVED +CVE-2022-38448 + RESERVED +CVE-2022-38447 + RESERVED +CVE-2022-38446 + RESERVED +CVE-2022-38445 + RESERVED +CVE-2022-38444 + RESERVED +CVE-2022-38443 + RESERVED +CVE-2022-38442 + RESERVED +CVE-2022-38441 + RESERVED +CVE-2022-38440 + RESERVED +CVE-2022-38439 + RESERVED +CVE-2022-38438 + RESERVED +CVE-2022-38437 + RESERVED +CVE-2022-38436 + RESERVED +CVE-2022-38435 + RESERVED +CVE-2022-38434 + RESERVED +CVE-2022-38433 + RESERVED +CVE-2022-38432 + RESERVED +CVE-2022-38431 + RESERVED +CVE-2022-38430 + RESERVED +CVE-2022-38429 + RESERVED +CVE-2022-38428 + RESERVED +CVE-2022-38427 + RESERVED +CVE-2022-38426 + RESERVED +CVE-2022-38425 + RESERVED +CVE-2022-38424 + RESERVED +CVE-2022-38423 + RESERVED +CVE-2022-38422 + RESERVED +CVE-2022-38421 + RESERVED +CVE-2022-38420 + RESERVED +CVE-2022-38419 + RESERVED +CVE-2022-38418 + RESERVED +CVE-2022-38417 + RESERVED +CVE-2022-38416 + RESERVED +CVE-2022-38415 + RESERVED +CVE-2022-38414 + RESERVED +CVE-2022-38413 + RESERVED +CVE-2022-38412 + RESERVED +CVE-2022-38411 + RESERVED +CVE-2022-38410 + RESERVED +CVE-2022-38409 + RESERVED +CVE-2022-38408 + RESERVED +CVE-2022-38407 + RESERVED +CVE-2022-38406 + RESERVED +CVE-2022-38405 + RESERVED +CVE-2022-38404 + RESERVED +CVE-2022-38403 + RESERVED +CVE-2022-38402 + RESERVED +CVE-2022-38401 + RESERVED +CVE-2022-38102 + RESERVED +CVE-2022-38090 + RESERVED +CVE-2022-38084 + RESERVED +CVE-2022-38083 + RESERVED +CVE-2022-38072 + RESERVED +CVE-2022-38071 + RESERVED +CVE-2022-37408 + RESERVED +CVE-2022-37343 + RESERVED +CVE-2022-36788 + RESERVED +CVE-2022-36420 + RESERVED +CVE-2022-36419 + RESERVED +CVE-2022-34652 + RESERVED +CVE-2022-33310 + RESERVED +CVE-2022-2899 + RESERVED +CVE-2022-2898 + RESERVED +CVE-2022-2897 + RESERVED +CVE-2022-2896 + RESERVED +CVE-2022-2895 + RESERVED +CVE-2022-2894 + RESERVED +CVE-2022-2893 + RESERVED +CVE-2022-2892 + RESERVED +CVE-2021-46834 + RESERVED +CVE-2020-36599 (lib/omniauth/failure_endpoint.rb in OmniAuth before 2.0 does not escap ...) + TODO: check +CVE-2020-36598 + RESERVED +CVE-2020-36597 + RESERVED +CVE-2020-36596 + RESERVED +CVE-2020-36595 + RESERVED +CVE-2020-36594 + RESERVED +CVE-2020-36593 + RESERVED +CVE-2020-36592 + RESERVED CVE-2022-38398 RESERVED CVE-2022-38397 @@ -1718,12 +1884,12 @@ CVE-2022-37772 RESERVED CVE-2022-37771 RESERVED -CVE-2022-37770 - RESERVED -CVE-2022-37769 - RESERVED -CVE-2022-37768 - RESERVED +CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a segmentation fault ...) + TODO: check +CVE-2022-37769 (libjpeg commit 281daa9 was discovered to contain a segmentation fault ...) + TODO: check +CVE-2022-37768 (libjpeg commit 281daa9 was discovered to contain an infinite loop via ...) + TODO: check CVE-2022-37767 RESERVED CVE-2022-37766 @@ -2863,8 +3029,7 @@ CVE-2022-36281 RESERVED CVE-2022-33940 RESERVED -CVE-2022-2625 [extension scripts replace objects not owned by the extension] - RESERVED +CVE-2022-2625 (A vulnerability found in postgresql. On this security issue an attack ...) {DLA-3072-1} - postgresql-14 14.5-1 - postgresql-13 <removed> @@ -3496,12 +3661,12 @@ CVE-2022-37051 RESERVED CVE-2022-37050 RESERVED -CVE-2022-37049 - RESERVED -CVE-2022-37048 - RESERVED -CVE-2022-37047 - RESERVED +CVE-2022-37049 (The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a ...) + TODO: check +CVE-2022-37048 (The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain ...) + TODO: check +CVE-2022-37047 (The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain ...) + TODO: check CVE-2022-37046 RESERVED CVE-2022-37045 @@ -3711,8 +3876,7 @@ CVE-2022-37009 (In JetBrains IntelliJ IDEA before 2022.2 local code execution vi - intellij-idea <itp> (bug #747616) CVE-2022-2569 RESERVED -CVE-2022-2568 - RESERVED +CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation Platfo ...) TODO: check, https://bugzilla.redhat.com/show_bug.cgi?id=2108653 unclear if this is an issue on ansible level itself CVE-2022-2567 RESERVED @@ -3846,8 +4010,8 @@ CVE-2022-36949 (In Veritas NetBackup OpsCenter, an attacker with local access to NOT-FOR-US: Veritas CVE-2022-36948 (In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affec ...) NOT-FOR-US: Veritas -CVE-2022-36947 - RESERVED +CVE-2022-36947 (Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7 ...) + TODO: check CVE-2022-36946 (nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel th ...) {DSA-5207-1} - linux 5.18.16-1 @@ -4350,22 +4514,22 @@ CVE-2022-36731 RESERVED CVE-2022-36730 RESERVED -CVE-2022-36729 - RESERVED -CVE-2022-36728 - RESERVED -CVE-2022-36727 - RESERVED +CVE-2022-36729 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + TODO: check +CVE-2022-36728 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + TODO: check +CVE-2022-36727 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + TODO: check CVE-2022-36726 RESERVED -CVE-2022-36725 - RESERVED +CVE-2022-36725 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + TODO: check CVE-2022-36724 RESERVED CVE-2022-36723 RESERVED -CVE-2022-36722 - RESERVED +CVE-2022-36722 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + TODO: check CVE-2022-36721 RESERVED CVE-2022-36720 @@ -6212,8 +6376,8 @@ CVE-2022-35978 (Minetest is a free open-source voxel game engine with easy moddi NOTE: https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13 (5.6.0) CVE-2022-35977 RESERVED -CVE-2022-35976 - RESERVED +CVE-2022-35976 (The GitOps Tools Extension for VSCode relies on kubeconfigs in order t ...) + TODO: check CVE-2022-35975 (The GitOps Tools Extension for VSCode can make it easier to manage Flu ...) NOT-FOR-US: GitOps Tools Extension for VSCode CVE-2022-35974 @@ -7271,8 +7435,8 @@ CVE-2022-35542 RESERVED CVE-2022-35541 RESERVED -CVE-2022-35540 - RESERVED +CVE-2022-35540 (Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote att ...) + TODO: check CVE-2022-35539 RESERVED CVE-2022-35538 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has ...) @@ -8090,10 +8254,10 @@ CVE-2022-35215 RESERVED CVE-2022-35214 RESERVED -CVE-2022-35213 - RESERVED -CVE-2022-35212 - RESERVED +CVE-2022-35213 (Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to ...) + TODO: check +CVE-2022-35212 (osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scr ...) + TODO: check CVE-2022-35211 RESERVED CVE-2022-35210 @@ -8108,8 +8272,8 @@ CVE-2022-35206 RESERVED CVE-2022-35205 RESERVED -CVE-2022-35204 - RESERVED +CVE-2022-35204 (Vitejs Vite before v2.9.13 was discovered to allow attackers to perfor ...) + TODO: check CVE-2022-35203 RESERVED CVE-2022-35202 @@ -8182,8 +8346,8 @@ CVE-2022-35169 (SAP BusinessObjects Business Intelligence Platform (LCM) - versi NOT-FOR-US: SAP CVE-2022-35168 (Due to improper input sanitization of XML input in SAP Business One - ...) NOT-FOR-US: SAP -CVE-2022-35167 - RESERVED +CVE-2022-35167 (Printix Cloud Print Management v1.3.1149.0 for Windows was discovered ...) + TODO: check CVE-2022-35166 (libjpeg commit 842c7ba was discovered to contain an infinite loop via ...) - libjpeg <unfixed> NOTE: https://github.com/thorfdbg/libjpeg/issues/7 @@ -8819,8 +8983,8 @@ CVE-2022-34854 RESERVED CVE-2022-34841 RESERVED -CVE-2022-34488 - RESERVED +CVE-2022-34488 (Improper buffer restrictions in the firmware for some Intel(R) NUC Lap ...) + TODO: check CVE-2022-34346 RESERVED CVE-2022-33972 @@ -9598,8 +9762,8 @@ CVE-2022-34647 RESERVED CVE-2022-34646 RESERVED -CVE-2022-34345 - RESERVED +CVE-2022-34345 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...) + TODO: check CVE-2022-34157 RESERVED CVE-2022-33964 @@ -9610,8 +9774,8 @@ CVE-2022-33190 RESERVED CVE-2022-32971 RESERVED -CVE-2022-32579 - RESERVED +CVE-2022-32579 (Improper initialization in the firmware for some Intel(R) NUC Laptop K ...) + TODO: check CVE-2022-31476 RESERVED CVE-2022-30692 @@ -11511,8 +11675,8 @@ CVE-2022-33894 RESERVED CVE-2022-33892 RESERVED -CVE-2022-33209 - RESERVED +CVE-2022-33209 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...) + TODO: check CVE-2022-33200 RESERVED CVE-2022-33188 @@ -14750,10 +14914,10 @@ CVE-2022-32553 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2. NOT-FOR-US: Pure Storage FlashArray CVE-2022-32552 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...) NOT-FOR-US: Pure Storage FlashArray -CVE-2022-30944 - RESERVED -CVE-2022-30601 - RESERVED +CVE-2022-30944 (Insufficiently protected credentials for Intel(R) AMT and Intel(R) Sta ...) + TODO: check +CVE-2022-30601 (Insufficiently protected credentials for Intel(R) AMT and Intel(R) Sta ...) + TODO: check CVE-2022-30542 RESERVED CVE-2022-30539 @@ -14766,8 +14930,8 @@ CVE-2022-29523 RESERVED CVE-2022-28699 RESERVED -CVE-2022-28697 - RESERVED +CVE-2022-28697 (Improper access control in firmware for Intel(R) AMT and Intel(R) Stan ...) + TODO: check CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...) NOT-FOR-US: francoisjacquet/rosariosis CVE-2022-32551 (Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traver ...) @@ -20810,8 +20974,8 @@ CVE-2022-30339 RESERVED CVE-2022-30338 RESERVED -CVE-2022-30296 - RESERVED +CVE-2022-30296 (Insufficiently protected credentials in the Intel(R) Datacenter Group ...) + TODO: check CVE-2022-29919 RESERVED CVE-2022-29893 @@ -20822,8 +20986,8 @@ CVE-2022-29515 RESERVED CVE-2022-29508 RESERVED -CVE-2022-29507 - RESERVED +CVE-2022-29507 (Insufficiently protected credentials in the Intel(R) Team Blue mobile ...) + TODO: check CVE-2022-29478 RESERVED CVE-2022-29470 @@ -20836,19 +21000,18 @@ CVE-2022-27877 RESERVED CVE-2022-27808 RESERVED -CVE-2022-26844 - RESERVED -CVE-2022-26374 - RESERVED -CVE-2022-26373 [Post-Barrier Return Stack Buffer Predictions (PBRSB)] - RESERVED +CVE-2022-26844 (Insufficiently protected credentials in the installation binaries for ...) + TODO: check +CVE-2022-26374 (Uncontrolled search path in the installation binaries for Intel(R) SEA ...) + TODO: check +CVE-2022-26373 (Non-transparent sharing of return predictor targets between contexts i ...) {DSA-5207-1} - linux 5.18.16-1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html NOTE: https://git.kernel.org/linus/2b1299322016731d56807aa49254a5ea3080b6b3 NOTE: https://git.kernel.org/linus/ba6e31af2be96c4d0536f2152ed6f7b6c11bca47 -CVE-2022-26344 - RESERVED +CVE-2022-26344 (Incorrect default permissions in the installation binaries for Intel(R ...) + TODO: check CVE-2022-25976 RESERVED CVE-2022-1670 (When generating a user invitation code in Octopus Server, the validity ...) @@ -23957,16 +24120,16 @@ CVE-2022-29466 RESERVED CVE-2022-29262 RESERVED -CVE-2022-28858 - RESERVED +CVE-2022-28858 (Improper buffer restriction in the firmware for some Intel(R) NUC Lapt ...) + TODO: check CVE-2022-27497 RESERVED -CVE-2022-27493 - RESERVED +CVE-2022-27493 (Improper initialization in the firmware for some Intel(R) NUC Laptop K ...) + TODO: check CVE-2022-26424 RESERVED -CVE-2022-25899 - RESERVED +CVE-2022-25899 (Authentication bypass for the Open AMT Cloud Toolkit software maintain ...) + TODO: check CVE-2022-1406 (Improper input validation in GitLab CE/EE affecting all versions from ...) - gitlab <unfixed> CVE-2022-29504 @@ -26016,8 +26179,8 @@ CVE-2022-28759 RESERVED CVE-2022-28758 RESERVED -CVE-2022-28757 - RESERVED +CVE-2022-28757 (The Zoom Client for Meetings for macOS (Standard and for IT Admin) sta ...) + TODO: check CVE-2022-28756 (The Zoom Client for Meetings for macOS (Standard and for IT Admin) sta ...) NOT-FOR-US: Zoom CVE-2022-28755 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...) @@ -26141,12 +26304,12 @@ CVE-2022-28720 RESERVED CVE-2022-28711 (A memory corruption vulnerability exists in the cgi.c unescape functio ...) NOT-FOR-US: ArduPilot APWeb -CVE-2022-28709 - RESERVED +CVE-2022-28709 (Improper access control in the firmware for some Intel(R) E810 Etherne ...) + TODO: check CVE-2022-28698 RESERVED -CVE-2022-28696 - RESERVED +CVE-2022-28696 (Uncontrolled search path in the Intel(R) Distribution for Python befor ...) + TODO: check CVE-2022-28694 RESERVED CVE-2022-28688 @@ -29752,8 +29915,8 @@ CVE-2022-27502 (RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local NOT-FOR-US: RealVNC VNC Server CVE-2022-27501 RESERVED -CVE-2022-27500 - RESERVED +CVE-2022-27500 (Incorrect default permissions for the Intel(R) Support Android applica ...) + TODO: check CVE-2022-27233 RESERVED CVE-2022-27229 @@ -29772,10 +29935,10 @@ CVE-2022-26070 (When handling a mismatched pre-authentication cookie, the applic NOT-FOR-US: Splunk CVE-2022-26024 RESERVED -CVE-2022-26017 - RESERVED -CVE-2022-25841 - RESERVED +CVE-2022-26017 (Improper access control in the Intel(R) DSA software for before versio ...) + TODO: check +CVE-2022-25841 (Uncontrolled search path elements in the Intel(R) Datacenter Group Eve ...) + TODO: check CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and Webadmin ...) NOT-FOR-US: Sophos CVE-2022-1039 (The weak password on the web user interface can be exploited via HTTP ...) @@ -33172,8 +33335,8 @@ CVE-2022-26086 RESERVED CVE-2022-26083 RESERVED -CVE-2022-26074 - RESERVED +CVE-2022-26074 (Incomplete cleanup in a firmware subsystem for Intel(R) SPS before ver ...) + TODO: check CVE-2022-26072 RESERVED CVE-2022-26056 @@ -33186,12 +33349,12 @@ CVE-2022-26028 RESERVED CVE-2022-26006 RESERVED -CVE-2022-25999 - RESERVED +CVE-2022-25999 (Uncontrolled search path element in the Intel(R) Enpirion(R) Digital P ...) + TODO: check CVE-2022-25992 RESERVED -CVE-2022-25966 - RESERVED +CVE-2022-25966 (Improper access control in the Intel(R) Edge Insights for Industrial s ...) + TODO: check CVE-2022-25922 (Power Line Communications PLC4TRUCKS J2497 trailer brake controllers i ...) NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer brake controllers CVE-2022-25917 @@ -35793,18 +35956,18 @@ CVE-2022-24436 (Observable behavioral in power management throttling for some In NOT-FOR-US: hardware vulnerability in Intel CPUs NOTE: https://www.hertzbleed.com/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html -CVE-2022-24378 - RESERVED +CVE-2022-24378 (Improper initialization in the Intel(R) Data Center Manager software b ...) + TODO: check CVE-2022-24067 RESERVED -CVE-2022-23403 - RESERVED -CVE-2022-23182 - RESERVED +CVE-2022-23403 (Improper input validation in the Intel(R) Data Center Manager software ...) + TODO: check +CVE-2022-23182 (Improper access control in the Intel(R) Data Center Manager software b ...) + TODO: check CVE-2022-22139 (Uncontrolled search path in the Intel(R) XTU software before version 7 ...) NOT-FOR-US: Intel -CVE-2022-21225 - RESERVED +CVE-2022-21225 (Improper access control in the Intel(R) Data Center Manager software b ...) + TODO: check CVE-2022-21198 RESERVED CVE-2022-21183 @@ -36293,8 +36456,8 @@ CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain NOTE: https://github.com/libexpat/libexpat/commit/6a5510bc6b7efe743356296724e0b38300f05379 CVE-2022-25229 (Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' fiel ...) NOT-FOR-US: Popcorn Time -CVE-2022-25228 - RESERVED +CVE-2022-25228 (CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQ ...) + TODO: check CVE-2022-25227 (Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS ...) NOT-FOR-US: Thinfinity VNC CVE-2022-25226 (ThinVNC version 1.0b1 allows an unauthenticated user to bypass the aut ...) @@ -38862,14 +39025,13 @@ CVE-2022-23917 RESERVED CVE-2022-23914 RESERVED -CVE-2022-22730 - RESERVED -CVE-2022-21807 - RESERVED +CVE-2022-22730 (Improper authentication in the Intel(R) Edge Insights for Industrial s ...) + TODO: check +CVE-2022-21807 (Uncontrolled search path elements in the Intel(R) VTune(TM) Profiler s ...) + TODO: check CVE-2022-21795 RESERVED -CVE-2022-21233 - RESERVED +CVE-2022-21233 (Improper isolation of shared resources in some Intel(R) Processors may ...) - intel-microcode <unfixed> NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809 @@ -51608,18 +51770,18 @@ CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw was found in the NFSD in [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025101 NOTE: https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2) -CVE-2022-21812 - RESERVED +CVE-2022-21812 (Improper access control in the Intel(R) HAXM software before version 7 ...) + TODO: check CVE-2022-21804 RESERVED CVE-2022-21794 RESERVED -CVE-2022-21793 - RESERVED +CVE-2022-21793 (Insufficient control flow management in the Intel(R) Ethernet 500 Seri ...) + TODO: check CVE-2022-21239 RESERVED -CVE-2022-21229 - RESERVED +CVE-2022-21229 (Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Ki ...) + TODO: check CVE-2022-21226 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...) NOT-FOR-US: Intel CVE-2022-21206 @@ -51640,12 +51802,12 @@ CVE-2022-21161 RESERVED CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer and Col ...) NOT-FOR-US: Intel -CVE-2022-21152 - RESERVED +CVE-2022-21152 (Improper access control in the Intel(R) Edge Insights for Industrial s ...) + TODO: check CVE-2022-21150 RESERVED -CVE-2022-21148 - RESERVED +CVE-2022-21148 (Improper access control in the Intel(R) Edge Insights for Industrial s ...) + TODO: check CVE-2022-21135 RESERVED CVE-2021-44789 @@ -51757,8 +51919,8 @@ CVE-2021-44740 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.300 NOT-FOR-US: Adobe CVE-2021-44739 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...) NOT-FOR-US: Adobe -CVE-2021-44545 - RESERVED +CVE-2021-44545 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...) + TODO: check CVE-2021-44457 RESERVED CVE-2021-44454 (Improper input validation in a third-party component for Intel(R) Quar ...) @@ -51769,12 +51931,12 @@ CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerou NOT-FOR-US: Crater CVE-2021-26946 RESERVED -CVE-2021-26254 - RESERVED -CVE-2021-23188 - RESERVED -CVE-2021-23168 - RESERVED +CVE-2021-26254 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(T ...) + TODO: check +CVE-2021-23188 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) + TODO: check +CVE-2021-23168 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(T ...) + TODO: check CVE-2021-23152 (Improper access control in the Intel(R) Advisor software before versio ...) NOT-FOR-US: Intel CVE-2021-23145 @@ -52716,28 +52878,28 @@ CVE-2021-44478 (A vulnerability has been identified in Polarion ALM (All version NOT-FOR-US: Siemens CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...) NOT-FOR-US: McAfee -CVE-2022-21240 - RESERVED +CVE-2022-21240 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi products may ...) + TODO: check CVE-2022-21237 (Improper buffer access in firmware for some Intel(R) NUCs may allow a ...) NOT-FOR-US: Intel CVE-2022-21218 (Uncaught exception in the Intel(R) Trace Analyzer and Collector before ...) NOT-FOR-US: Intel -CVE-2022-21212 - RESERVED -CVE-2022-21197 - RESERVED -CVE-2022-21172 - RESERVED -CVE-2022-21160 - RESERVED -CVE-2022-21140 - RESERVED -CVE-2022-21139 - RESERVED +CVE-2022-21212 (Improper input validation for some Intel(R) PROSet/Wireless WiFi produ ...) + TODO: check +CVE-2022-21197 (Improper input validation for some Intel(R) PROSet/Wireless WiFi produ ...) + TODO: check +CVE-2022-21172 (Out of bounds write for some Intel(R) PROSet/Wireless WiFi products ma ...) + TODO: check +CVE-2022-21160 (Improper buffer restrictions for some Intel(R) PROSet/Wireless WiFi pr ...) + TODO: check +CVE-2022-21140 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) + TODO: check +CVE-2022-21139 (Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi ...) + TODO: check CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...) NOT-FOR-US: Intel -CVE-2021-44470 - RESERVED +CVE-2021-44470 (Incorrect default permissions for the Intel(R) Connect M Android appli ...) + TODO: check CVE-2021-4037 [security regression for CVE-2018-13405] RESERVED - linux 5.14.6-1 @@ -52745,24 +52907,24 @@ CVE-2021-4037 [security regression for CVE-2018-13405] NOTE: https://git.kernel.org/linus/01ea173e103edd5ec41acec65b9261b87e123fc2 (5.12-rc1) CVE-2021-4036 RESERVED -CVE-2021-37409 - RESERVED +CVE-2021-37409 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) + TODO: check CVE-2021-37405 RESERVED -CVE-2021-33847 - RESERVED -CVE-2021-26950 - RESERVED +CVE-2021-33847 (Improper buffer restrictions in firmware for some Intel(R) Wireless Bl ...) + TODO: check +CVE-2021-26950 (Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) ...) + TODO: check CVE-2021-26258 (Improper access control for the Intel(R) Killer(TM) Control Center sof ...) NOT-FOR-US: Intel -CVE-2021-26257 - RESERVED +CVE-2021-26257 (Improper buffer restrictions in firmware for some Intel(R) Wireless Bl ...) + TODO: check CVE-2021-26251 RESERVED -CVE-2021-23223 - RESERVED -CVE-2021-23179 - RESERVED +CVE-2021-23223 (Improper initialization for some Intel(R) PROSet/Wireless WiFi and Kil ...) + TODO: check +CVE-2021-23179 (Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) ...) + TODO: check CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...) NOT-FOR-US: Vigilant Software Suite (Mastermed Dashboard) CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...) @@ -56429,8 +56591,8 @@ CVE-2022-21205 (Improper restriction of XML external entity reference in DSP Bui NOT-FOR-US: Intel CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R) Quart ...) NOT-FOR-US: Intel -CVE-2022-21181 - RESERVED +CVE-2022-21181 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...) + TODO: check CVE-2022-21180 (Improper input validation for some Intel(R) Processors may allow an au ...) NOT-FOR-US: Intel NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html @@ -85085,12 +85247,12 @@ CVE-2021-33130 (Insecure default variable initialization of Intel(R) RealSense(T NOT-FOR-US: Intel CVE-2021-33129 (Incorrect default permissions in the software installer for the Intel( ...) NOT-FOR-US: Intel -CVE-2021-33128 - RESERVED +CVE-2021-33128 (Improper access control in the firmware for some Intel(R) E810 Etherne ...) + TODO: check CVE-2021-33127 RESERVED -CVE-2021-33126 - RESERVED +CVE-2021-33126 (Improper access control in the firmware for some Intel(R) 700 and 722 ...) + TODO: check CVE-2021-33125 RESERVED CVE-2021-33124 (Out-of-bounds write in the BIOS authenticated code module for some Int ...) @@ -85233,8 +85395,8 @@ CVE-2021-33061 (Insufficient control flow management for the Intel(R) 82599 Ethe - linux 5.18.2-1 NOTE: https://git.kernel.org/linus/008ca35f6e87be1d60b6af3d1ae247c6d5c2531d (5.18-rc1) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00571.html -CVE-2021-33060 - RESERVED +CVE-2021-33060 (Out-of-bounds write in the BIOS firmware for some Intel(R) Processors ...) + TODO: check CVE-2021-33059 (Improper input validation in the Intel(R) Administrative Tools for Int ...) NOT-FOR-US: Intel CVE-2021-33058 (Improper access control in the installer Intel(R)Administrative Tools ...) @@ -85710,8 +85872,8 @@ CVE-2021-32864 RESERVED CVE-2021-32863 RESERVED -CVE-2021-32862 - RESERVED +CVE-2021-32862 (The GitHub Security Lab discovered sixteen ways to exploit a cross-sit ...) + TODO: check CVE-2021-32861 RESERVED CVE-2021-32860 @@ -130381,15 +130543,15 @@ CVE-2020-27793 CVE-2020-27792 RESERVED CVE-2020-27791 - RESERVED -CVE-2020-27790 - RESERVED + REJECTED +CVE-2020-27790 (A floating point exception issue was discovered in UPX in PackLinuxElf ...) + TODO: check CVE-2020-27789 - RESERVED -CVE-2020-27788 - RESERVED -CVE-2020-27787 - RESERVED + REJECTED +CVE-2020-27788 (An out-of-bounds read access vulnerability was discovered in UPX in Pa ...) + TODO: check +CVE-2020-27787 (A Segmentaation fault was found in UPX in invert_pt_dynamic() function ...) + TODO: check CVE-2020-27786 (A flaw was found in the Linux kernel’s implementation of MIDI, w ...) - linux 5.6.14-1 [buster] - linux 4.19.131-1 @@ -141266,8 +141428,8 @@ CVE-2020-23468 RESERVED CVE-2020-23467 RESERVED -CVE-2020-23466 - RESERVED +CVE-2020-23466 (Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Onli ...) + TODO: check CVE-2020-23465 RESERVED CVE-2020-23464 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37c6d502d1c21c34a7dc0875bf5b778f186978cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37c6d502d1c21c34a7dc0875bf5b778f186978cc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits