Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
37c6d502 by security tracker role at 2022-08-19T08:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,169 @@
+CVE-2022-38464
+ RESERVED
+CVE-2022-38463
+ RESERVED
+CVE-2022-38462
+ RESERVED
+CVE-2022-38450
+ RESERVED
+CVE-2022-38449
+ RESERVED
+CVE-2022-38448
+ RESERVED
+CVE-2022-38447
+ RESERVED
+CVE-2022-38446
+ RESERVED
+CVE-2022-38445
+ RESERVED
+CVE-2022-38444
+ RESERVED
+CVE-2022-38443
+ RESERVED
+CVE-2022-38442
+ RESERVED
+CVE-2022-38441
+ RESERVED
+CVE-2022-38440
+ RESERVED
+CVE-2022-38439
+ RESERVED
+CVE-2022-38438
+ RESERVED
+CVE-2022-38437
+ RESERVED
+CVE-2022-38436
+ RESERVED
+CVE-2022-38435
+ RESERVED
+CVE-2022-38434
+ RESERVED
+CVE-2022-38433
+ RESERVED
+CVE-2022-38432
+ RESERVED
+CVE-2022-38431
+ RESERVED
+CVE-2022-38430
+ RESERVED
+CVE-2022-38429
+ RESERVED
+CVE-2022-38428
+ RESERVED
+CVE-2022-38427
+ RESERVED
+CVE-2022-38426
+ RESERVED
+CVE-2022-38425
+ RESERVED
+CVE-2022-38424
+ RESERVED
+CVE-2022-38423
+ RESERVED
+CVE-2022-38422
+ RESERVED
+CVE-2022-38421
+ RESERVED
+CVE-2022-38420
+ RESERVED
+CVE-2022-38419
+ RESERVED
+CVE-2022-38418
+ RESERVED
+CVE-2022-38417
+ RESERVED
+CVE-2022-38416
+ RESERVED
+CVE-2022-38415
+ RESERVED
+CVE-2022-38414
+ RESERVED
+CVE-2022-38413
+ RESERVED
+CVE-2022-38412
+ RESERVED
+CVE-2022-38411
+ RESERVED
+CVE-2022-38410
+ RESERVED
+CVE-2022-38409
+ RESERVED
+CVE-2022-38408
+ RESERVED
+CVE-2022-38407
+ RESERVED
+CVE-2022-38406
+ RESERVED
+CVE-2022-38405
+ RESERVED
+CVE-2022-38404
+ RESERVED
+CVE-2022-38403
+ RESERVED
+CVE-2022-38402
+ RESERVED
+CVE-2022-38401
+ RESERVED
+CVE-2022-38102
+ RESERVED
+CVE-2022-38090
+ RESERVED
+CVE-2022-38084
+ RESERVED
+CVE-2022-38083
+ RESERVED
+CVE-2022-38072
+ RESERVED
+CVE-2022-38071
+ RESERVED
+CVE-2022-37408
+ RESERVED
+CVE-2022-37343
+ RESERVED
+CVE-2022-36788
+ RESERVED
+CVE-2022-36420
+ RESERVED
+CVE-2022-36419
+ RESERVED
+CVE-2022-34652
+ RESERVED
+CVE-2022-33310
+ RESERVED
+CVE-2022-2899
+ RESERVED
+CVE-2022-2898
+ RESERVED
+CVE-2022-2897
+ RESERVED
+CVE-2022-2896
+ RESERVED
+CVE-2022-2895
+ RESERVED
+CVE-2022-2894
+ RESERVED
+CVE-2022-2893
+ RESERVED
+CVE-2022-2892
+ RESERVED
+CVE-2021-46834
+ RESERVED
+CVE-2020-36599 (lib/omniauth/failure_endpoint.rb in OmniAuth before 2.0 does
not escap ...)
+ TODO: check
+CVE-2020-36598
+ RESERVED
+CVE-2020-36597
+ RESERVED
+CVE-2020-36596
+ RESERVED
+CVE-2020-36595
+ RESERVED
+CVE-2020-36594
+ RESERVED
+CVE-2020-36593
+ RESERVED
+CVE-2020-36592
+ RESERVED
CVE-2022-38398
RESERVED
CVE-2022-38397
@@ -1718,12 +1884,12 @@ CVE-2022-37772
RESERVED
CVE-2022-37771
RESERVED
-CVE-2022-37770
- RESERVED
-CVE-2022-37769
- RESERVED
-CVE-2022-37768
- RESERVED
+CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a
segmentation fault ...)
+ TODO: check
+CVE-2022-37769 (libjpeg commit 281daa9 was discovered to contain a
segmentation fault ...)
+ TODO: check
+CVE-2022-37768 (libjpeg commit 281daa9 was discovered to contain an infinite
loop via ...)
+ TODO: check
CVE-2022-37767
RESERVED
CVE-2022-37766
@@ -2863,8 +3029,7 @@ CVE-2022-36281
RESERVED
CVE-2022-33940
RESERVED
-CVE-2022-2625 [extension scripts replace objects not owned by the extension]
- RESERVED
+CVE-2022-2625 (A vulnerability found in postgresql. On this security issue an
attack ...)
{DLA-3072-1}
- postgresql-14 14.5-1
- postgresql-13 <removed>
@@ -3496,12 +3661,12 @@ CVE-2022-37051
RESERVED
CVE-2022-37050
RESERVED
-CVE-2022-37049
- RESERVED
-CVE-2022-37048
- RESERVED
-CVE-2022-37047
- RESERVED
+CVE-2022-37049 (The component tcpprep in Tcpreplay v4.4.1 was discovered to
contain a ...)
+ TODO: check
+CVE-2022-37048 (The component tcprewrite in Tcpreplay v4.4.1 was discovered to
contain ...)
+ TODO: check
+CVE-2022-37047 (The component tcprewrite in Tcpreplay v4.4.1 was discovered to
contain ...)
+ TODO: check
CVE-2022-37046
RESERVED
CVE-2022-37045
@@ -3711,8 +3876,7 @@ CVE-2022-37009 (In JetBrains IntelliJ IDEA before 2022.2
local code execution vi
- intellij-idea <itp> (bug #747616)
CVE-2022-2569
RESERVED
-CVE-2022-2568
- RESERVED
+CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation
Platfo ...)
TODO: check, https://bugzilla.redhat.com/show_bug.cgi?id=2108653
unclear if this is an issue on ansible level itself
CVE-2022-2567
RESERVED
@@ -3846,8 +4010,8 @@ CVE-2022-36949 (In Veritas NetBackup OpsCenter, an
attacker with local access to
NOT-FOR-US: Veritas
CVE-2022-36948 (In Veritas NetBackup OpsCenter, a DOM XSS attack can occur.
This affec ...)
NOT-FOR-US: Veritas
-CVE-2022-36947
- RESERVED
+CVE-2022-36947 (Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer
through 7 ...)
+ TODO: check
CVE-2022-36946 (nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux
kernel th ...)
{DSA-5207-1}
- linux 5.18.16-1
@@ -4350,22 +4514,22 @@ CVE-2022-36731
RESERVED
CVE-2022-36730
RESERVED
-CVE-2022-36729
- RESERVED
-CVE-2022-36728
- RESERVED
-CVE-2022-36727
- RESERVED
+CVE-2022-36729 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2022-36728 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2022-36727 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
CVE-2022-36726
RESERVED
-CVE-2022-36725
- RESERVED
+CVE-2022-36725 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
CVE-2022-36724
RESERVED
CVE-2022-36723
RESERVED
-CVE-2022-36722
- RESERVED
+CVE-2022-36722 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
CVE-2022-36721
RESERVED
CVE-2022-36720
@@ -6212,8 +6376,8 @@ CVE-2022-35978 (Minetest is a free open-source voxel game
engine with easy moddi
NOTE:
https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13
(5.6.0)
CVE-2022-35977
RESERVED
-CVE-2022-35976
- RESERVED
+CVE-2022-35976 (The GitOps Tools Extension for VSCode relies on kubeconfigs in
order t ...)
+ TODO: check
CVE-2022-35975 (The GitOps Tools Extension for VSCode can make it easier to
manage Flu ...)
NOT-FOR-US: GitOps Tools Extension for VSCode
CVE-2022-35974
@@ -7271,8 +7435,8 @@ CVE-2022-35542
RESERVED
CVE-2022-35541
RESERVED
-CVE-2022-35540
- RESERVED
+CVE-2022-35540 (Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows
remote att ...)
+ TODO: check
CVE-2022-35539
RESERVED
CVE-2022-35538 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3
wireless.cgi has ...)
@@ -8090,10 +8254,10 @@ CVE-2022-35215
RESERVED
CVE-2022-35214
RESERVED
-CVE-2022-35213
- RESERVED
-CVE-2022-35212
- RESERVED
+CVE-2022-35213 (Ecommerce-CodeIgniter-Bootstrap before commit 56465f was
discovered to ...)
+ TODO: check
+CVE-2022-35212 (osCommerce2 before v2.3.4.1 was discovered to contain a
cross-site scr ...)
+ TODO: check
CVE-2022-35211
RESERVED
CVE-2022-35210
@@ -8108,8 +8272,8 @@ CVE-2022-35206
RESERVED
CVE-2022-35205
RESERVED
-CVE-2022-35204
- RESERVED
+CVE-2022-35204 (Vitejs Vite before v2.9.13 was discovered to allow attackers
to perfor ...)
+ TODO: check
CVE-2022-35203
RESERVED
CVE-2022-35202
@@ -8182,8 +8346,8 @@ CVE-2022-35169 (SAP BusinessObjects Business Intelligence
Platform (LCM) - versi
NOT-FOR-US: SAP
CVE-2022-35168 (Due to improper input sanitization of XML input in SAP
Business One - ...)
NOT-FOR-US: SAP
-CVE-2022-35167
- RESERVED
+CVE-2022-35167 (Printix Cloud Print Management v1.3.1149.0 for Windows was
discovered ...)
+ TODO: check
CVE-2022-35166 (libjpeg commit 842c7ba was discovered to contain an infinite
loop via ...)
- libjpeg <unfixed>
NOTE: https://github.com/thorfdbg/libjpeg/issues/7
@@ -8819,8 +8983,8 @@ CVE-2022-34854
RESERVED
CVE-2022-34841
RESERVED
-CVE-2022-34488
- RESERVED
+CVE-2022-34488 (Improper buffer restrictions in the firmware for some Intel(R)
NUC Lap ...)
+ TODO: check
CVE-2022-34346
RESERVED
CVE-2022-33972
@@ -9598,8 +9762,8 @@ CVE-2022-34647
RESERVED
CVE-2022-34646
RESERVED
-CVE-2022-34345
- RESERVED
+CVE-2022-34345 (Improper input validation in the firmware for some Intel(R)
NUC Laptop ...)
+ TODO: check
CVE-2022-34157
RESERVED
CVE-2022-33964
@@ -9610,8 +9774,8 @@ CVE-2022-33190
RESERVED
CVE-2022-32971
RESERVED
-CVE-2022-32579
- RESERVED
+CVE-2022-32579 (Improper initialization in the firmware for some Intel(R) NUC
Laptop K ...)
+ TODO: check
CVE-2022-31476
RESERVED
CVE-2022-30692
@@ -11511,8 +11675,8 @@ CVE-2022-33894
RESERVED
CVE-2022-33892
RESERVED
-CVE-2022-33209
- RESERVED
+CVE-2022-33209 (Improper input validation in the firmware for some Intel(R)
NUC Laptop ...)
+ TODO: check
CVE-2022-33200
RESERVED
CVE-2022-33188
@@ -14750,10 +14914,10 @@ CVE-2022-32553 (Pure Storage FlashArray products
running Purity//FA 6.2.0 - 6.2.
NOT-FOR-US: Pure Storage FlashArray
CVE-2022-32552 (Pure Storage FlashArray products running Purity//FA 6.2.0 -
6.2.3, 6.1 ...)
NOT-FOR-US: Pure Storage FlashArray
-CVE-2022-30944
- RESERVED
-CVE-2022-30601
- RESERVED
+CVE-2022-30944 (Insufficiently protected credentials for Intel(R) AMT and
Intel(R) Sta ...)
+ TODO: check
+CVE-2022-30601 (Insufficiently protected credentials for Intel(R) AMT and
Intel(R) Sta ...)
+ TODO: check
CVE-2022-30542
RESERVED
CVE-2022-30539
@@ -14766,8 +14930,8 @@ CVE-2022-29523
RESERVED
CVE-2022-28699
RESERVED
-CVE-2022-28697
- RESERVED
+CVE-2022-28697 (Improper access control in firmware for Intel(R) AMT and
Intel(R) Stan ...)
+ TODO: check
CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository
francoisjacqu ...)
NOT-FOR-US: francoisjacquet/rosariosis
CVE-2022-32551 (Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows
path traver ...)
@@ -20810,8 +20974,8 @@ CVE-2022-30339
RESERVED
CVE-2022-30338
RESERVED
-CVE-2022-30296
- RESERVED
+CVE-2022-30296 (Insufficiently protected credentials in the Intel(R)
Datacenter Group ...)
+ TODO: check
CVE-2022-29919
RESERVED
CVE-2022-29893
@@ -20822,8 +20986,8 @@ CVE-2022-29515
RESERVED
CVE-2022-29508
RESERVED
-CVE-2022-29507
- RESERVED
+CVE-2022-29507 (Insufficiently protected credentials in the Intel(R) Team Blue
mobile ...)
+ TODO: check
CVE-2022-29478
RESERVED
CVE-2022-29470
@@ -20836,19 +21000,18 @@ CVE-2022-27877
RESERVED
CVE-2022-27808
RESERVED
-CVE-2022-26844
- RESERVED
-CVE-2022-26374
- RESERVED
-CVE-2022-26373 [Post-Barrier Return Stack Buffer Predictions (PBRSB)]
- RESERVED
+CVE-2022-26844 (Insufficiently protected credentials in the installation
binaries for ...)
+ TODO: check
+CVE-2022-26374 (Uncontrolled search path in the installation binaries for
Intel(R) SEA ...)
+ TODO: check
+CVE-2022-26373 (Non-transparent sharing of return predictor targets between
contexts i ...)
{DSA-5207-1}
- linux 5.18.16-1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html
NOTE:
https://git.kernel.org/linus/2b1299322016731d56807aa49254a5ea3080b6b3
NOTE:
https://git.kernel.org/linus/ba6e31af2be96c4d0536f2152ed6f7b6c11bca47
-CVE-2022-26344
- RESERVED
+CVE-2022-26344 (Incorrect default permissions in the installation binaries for
Intel(R ...)
+ TODO: check
CVE-2022-25976
RESERVED
CVE-2022-1670 (When generating a user invitation code in Octopus Server, the
validity ...)
@@ -23957,16 +24120,16 @@ CVE-2022-29466
RESERVED
CVE-2022-29262
RESERVED
-CVE-2022-28858
- RESERVED
+CVE-2022-28858 (Improper buffer restriction in the firmware for some Intel(R)
NUC Lapt ...)
+ TODO: check
CVE-2022-27497
RESERVED
-CVE-2022-27493
- RESERVED
+CVE-2022-27493 (Improper initialization in the firmware for some Intel(R) NUC
Laptop K ...)
+ TODO: check
CVE-2022-26424
RESERVED
-CVE-2022-25899
- RESERVED
+CVE-2022-25899 (Authentication bypass for the Open AMT Cloud Toolkit software
maintain ...)
+ TODO: check
CVE-2022-1406 (Improper input validation in GitLab CE/EE affecting all
versions from ...)
- gitlab <unfixed>
CVE-2022-29504
@@ -26016,8 +26179,8 @@ CVE-2022-28759
RESERVED
CVE-2022-28758
RESERVED
-CVE-2022-28757
- RESERVED
+CVE-2022-28757 (The Zoom Client for Meetings for macOS (Standard and for IT
Admin) sta ...)
+ TODO: check
CVE-2022-28756 (The Zoom Client for Meetings for macOS (Standard and for IT
Admin) sta ...)
NOT-FOR-US: Zoom
CVE-2022-28755 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS,
and Wind ...)
@@ -26141,12 +26304,12 @@ CVE-2022-28720
RESERVED
CVE-2022-28711 (A memory corruption vulnerability exists in the cgi.c unescape
functio ...)
NOT-FOR-US: ArduPilot APWeb
-CVE-2022-28709
- RESERVED
+CVE-2022-28709 (Improper access control in the firmware for some Intel(R) E810
Etherne ...)
+ TODO: check
CVE-2022-28698
RESERVED
-CVE-2022-28696
- RESERVED
+CVE-2022-28696 (Uncontrolled search path in the Intel(R) Distribution for
Python befor ...)
+ TODO: check
CVE-2022-28694
RESERVED
CVE-2022-28688
@@ -29752,8 +29915,8 @@ CVE-2022-27502 (RealVNC VNC Server 6.9.0 through 5.1.0
for Windows allows local
NOT-FOR-US: RealVNC VNC Server
CVE-2022-27501
RESERVED
-CVE-2022-27500
- RESERVED
+CVE-2022-27500 (Incorrect default permissions for the Intel(R) Support Android
applica ...)
+ TODO: check
CVE-2022-27233
RESERVED
CVE-2022-27229
@@ -29772,10 +29935,10 @@ CVE-2022-26070 (When handling a mismatched
pre-authentication cookie, the applic
NOT-FOR-US: Splunk
CVE-2022-26024
RESERVED
-CVE-2022-26017
- RESERVED
-CVE-2022-25841
- RESERVED
+CVE-2022-26017 (Improper access control in the Intel(R) DSA software for
before versio ...)
+ TODO: check
+CVE-2022-25841 (Uncontrolled search path elements in the Intel(R) Datacenter
Group Eve ...)
+ TODO: check
CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and
Webadmin ...)
NOT-FOR-US: Sophos
CVE-2022-1039 (The weak password on the web user interface can be exploited
via HTTP ...)
@@ -33172,8 +33335,8 @@ CVE-2022-26086
RESERVED
CVE-2022-26083
RESERVED
-CVE-2022-26074
- RESERVED
+CVE-2022-26074 (Incomplete cleanup in a firmware subsystem for Intel(R) SPS
before ver ...)
+ TODO: check
CVE-2022-26072
RESERVED
CVE-2022-26056
@@ -33186,12 +33349,12 @@ CVE-2022-26028
RESERVED
CVE-2022-26006
RESERVED
-CVE-2022-25999
- RESERVED
+CVE-2022-25999 (Uncontrolled search path element in the Intel(R) Enpirion(R)
Digital P ...)
+ TODO: check
CVE-2022-25992
RESERVED
-CVE-2022-25966
- RESERVED
+CVE-2022-25966 (Improper access control in the Intel(R) Edge Insights for
Industrial s ...)
+ TODO: check
CVE-2022-25922 (Power Line Communications PLC4TRUCKS J2497 trailer brake
controllers i ...)
NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer brake
controllers
CVE-2022-25917
@@ -35793,18 +35956,18 @@ CVE-2022-24436 (Observable behavioral in power
management throttling for some In
NOT-FOR-US: hardware vulnerability in Intel CPUs
NOTE: https://www.hertzbleed.com/
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html
-CVE-2022-24378
- RESERVED
+CVE-2022-24378 (Improper initialization in the Intel(R) Data Center Manager
software b ...)
+ TODO: check
CVE-2022-24067
RESERVED
-CVE-2022-23403
- RESERVED
-CVE-2022-23182
- RESERVED
+CVE-2022-23403 (Improper input validation in the Intel(R) Data Center Manager
software ...)
+ TODO: check
+CVE-2022-23182 (Improper access control in the Intel(R) Data Center Manager
software b ...)
+ TODO: check
CVE-2022-22139 (Uncontrolled search path in the Intel(R) XTU software before
version 7 ...)
NOT-FOR-US: Intel
-CVE-2022-21225
- RESERVED
+CVE-2022-21225 (Improper access control in the Intel(R) Data Center Manager
software b ...)
+ TODO: check
CVE-2022-21198
RESERVED
CVE-2022-21183
@@ -36293,8 +36456,8 @@ CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat)
before 2.4.5 lacks certain
NOTE:
https://github.com/libexpat/libexpat/commit/6a5510bc6b7efe743356296724e0b38300f05379
CVE-2022-25229 (Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API
Server(s)' fiel ...)
NOT-FOR-US: Popcorn Time
-CVE-2022-25228
- RESERVED
+CVE-2022-25228 (CandidATS Version 3.0.0 Beta allows an authenticated user to
inject SQ ...)
+ TODO: check
CVE-2022-25227 (Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource
Sharing (CORS ...)
NOT-FOR-US: Thinfinity VNC
CVE-2022-25226 (ThinVNC version 1.0b1 allows an unauthenticated user to bypass
the aut ...)
@@ -38862,14 +39025,13 @@ CVE-2022-23917
RESERVED
CVE-2022-23914
RESERVED
-CVE-2022-22730
- RESERVED
-CVE-2022-21807
- RESERVED
+CVE-2022-22730 (Improper authentication in the Intel(R) Edge Insights for
Industrial s ...)
+ TODO: check
+CVE-2022-21807 (Uncontrolled search path elements in the Intel(R) VTune(TM)
Profiler s ...)
+ TODO: check
CVE-2022-21795
RESERVED
-CVE-2022-21233
- RESERVED
+CVE-2022-21233 (Improper isolation of shared resources in some Intel(R)
Processors may ...)
- intel-microcode <unfixed>
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809
@@ -51608,18 +51770,18 @@ CVE-2021-4090 (An out-of-bounds (OOB) memory write
flaw was found in the NFSD in
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025101
NOTE:
https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2)
-CVE-2022-21812
- RESERVED
+CVE-2022-21812 (Improper access control in the Intel(R) HAXM software before
version 7 ...)
+ TODO: check
CVE-2022-21804
RESERVED
CVE-2022-21794
RESERVED
-CVE-2022-21793
- RESERVED
+CVE-2022-21793 (Insufficient control flow management in the Intel(R) Ethernet
500 Seri ...)
+ TODO: check
CVE-2022-21239
RESERVED
-CVE-2022-21229
- RESERVED
+CVE-2022-21229 (Improper buffer restrictions for some Intel(R) NUC 9 Extreme
Laptop Ki ...)
+ TODO: check
CVE-2022-21226 (Out-of-bounds read in the Intel(R) Trace Analyzer and
Collector before ...)
NOT-FOR-US: Intel
CVE-2022-21206
@@ -51640,12 +51802,12 @@ CVE-2022-21161
RESERVED
CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer
and Col ...)
NOT-FOR-US: Intel
-CVE-2022-21152
- RESERVED
+CVE-2022-21152 (Improper access control in the Intel(R) Edge Insights for
Industrial s ...)
+ TODO: check
CVE-2022-21150
RESERVED
-CVE-2022-21148
- RESERVED
+CVE-2022-21148 (Improper access control in the Intel(R) Edge Insights for
Industrial s ...)
+ TODO: check
CVE-2022-21135
RESERVED
CVE-2021-44789
@@ -51757,8 +51919,8 @@ CVE-2021-44740 (Acrobat Reader DC version 21.007.20099
(and earlier), 20.004.300
NOT-FOR-US: Adobe
CVE-2021-44739 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and
earlier), ...)
NOT-FOR-US: Adobe
-CVE-2021-44545
- RESERVED
+CVE-2021-44545 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi and K ...)
+ TODO: check
CVE-2021-44457
RESERVED
CVE-2021-44454 (Improper input validation in a third-party component for
Intel(R) Quar ...)
@@ -51769,12 +51931,12 @@ CVE-2021-4080 (crater is vulnerable to Unrestricted
Upload of File with Dangerou
NOT-FOR-US: Crater
CVE-2021-26946
RESERVED
-CVE-2021-26254
- RESERVED
-CVE-2021-23188
- RESERVED
-CVE-2021-23168
- RESERVED
+CVE-2021-26254 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and
Killer(T ...)
+ TODO: check
+CVE-2021-23188 (Improper access control for some Intel(R) PROSet/Wireless WiFi
and Kil ...)
+ TODO: check
+CVE-2021-23168 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and
Killer(T ...)
+ TODO: check
CVE-2021-23152 (Improper access control in the Intel(R) Advisor software
before versio ...)
NOT-FOR-US: Intel
CVE-2021-23145
@@ -52716,28 +52878,28 @@ CVE-2021-44478 (A vulnerability has been identified
in Polarion ALM (All version
NOT-FOR-US: Siemens
CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network
Security Ma ...)
NOT-FOR-US: McAfee
-CVE-2022-21240
- RESERVED
+CVE-2022-21240 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi
products may ...)
+ TODO: check
CVE-2022-21237 (Improper buffer access in firmware for some Intel(R) NUCs may
allow a ...)
NOT-FOR-US: Intel
CVE-2022-21218 (Uncaught exception in the Intel(R) Trace Analyzer and
Collector before ...)
NOT-FOR-US: Intel
-CVE-2022-21212
- RESERVED
-CVE-2022-21197
- RESERVED
-CVE-2022-21172
- RESERVED
-CVE-2022-21160
- RESERVED
-CVE-2022-21140
- RESERVED
-CVE-2022-21139
- RESERVED
+CVE-2022-21212 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi produ ...)
+ TODO: check
+CVE-2022-21197 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi produ ...)
+ TODO: check
+CVE-2022-21172 (Out of bounds write for some Intel(R) PROSet/Wireless WiFi
products ma ...)
+ TODO: check
+CVE-2022-21160 (Improper buffer restrictions for some Intel(R) PROSet/Wireless
WiFi pr ...)
+ TODO: check
+CVE-2022-21140 (Improper access control for some Intel(R) PROSet/Wireless WiFi
and Kil ...)
+ TODO: check
+CVE-2022-21139 (Inadequate encryption strength for some Intel(R)
PROSet/Wireless WiFi ...)
+ TODO: check
CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and
Collector before ...)
NOT-FOR-US: Intel
-CVE-2021-44470
- RESERVED
+CVE-2021-44470 (Incorrect default permissions for the Intel(R) Connect M
Android appli ...)
+ TODO: check
CVE-2021-4037 [security regression for CVE-2018-13405]
RESERVED
- linux 5.14.6-1
@@ -52745,24 +52907,24 @@ CVE-2021-4037 [security regression for CVE-2018-13405]
NOTE:
https://git.kernel.org/linus/01ea173e103edd5ec41acec65b9261b87e123fc2 (5.12-rc1)
CVE-2021-4036
RESERVED
-CVE-2021-37409
- RESERVED
+CVE-2021-37409 (Improper access control for some Intel(R) PROSet/Wireless WiFi
and Kil ...)
+ TODO: check
CVE-2021-37405
RESERVED
-CVE-2021-33847
- RESERVED
-CVE-2021-26950
- RESERVED
+CVE-2021-33847 (Improper buffer restrictions in firmware for some Intel(R)
Wireless Bl ...)
+ TODO: check
+CVE-2021-26950 (Out of bounds read in firmware for some Intel(R) Wireless
Bluetooth(R) ...)
+ TODO: check
CVE-2021-26258 (Improper access control for the Intel(R) Killer(TM) Control
Center sof ...)
NOT-FOR-US: Intel
-CVE-2021-26257
- RESERVED
+CVE-2021-26257 (Improper buffer restrictions in firmware for some Intel(R)
Wireless Bl ...)
+ TODO: check
CVE-2021-26251
RESERVED
-CVE-2021-23223
- RESERVED
-CVE-2021-23179
- RESERVED
+CVE-2021-23223 (Improper initialization for some Intel(R) PROSet/Wireless WiFi
and Kil ...)
+ TODO: check
+CVE-2021-23179 (Out of bounds read in firmware for some Intel(R) Wireless
Bluetooth(R) ...)
+ TODO: check
CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3
contains ...)
NOT-FOR-US: Vigilant Software Suite (Mastermed Dashboard)
CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable
debug interf ...)
@@ -56429,8 +56591,8 @@ CVE-2022-21205 (Improper restriction of XML external
entity reference in DSP Bui
NOT-FOR-US: Intel
CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for
Intel(R) Quart ...)
NOT-FOR-US: Intel
-CVE-2022-21181
- RESERVED
+CVE-2022-21181 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi and K ...)
+ TODO: check
CVE-2022-21180 (Improper input validation for some Intel(R) Processors may
allow an au ...)
NOT-FOR-US: Intel
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html
@@ -85085,12 +85247,12 @@ CVE-2021-33130 (Insecure default variable
initialization of Intel(R) RealSense(T
NOT-FOR-US: Intel
CVE-2021-33129 (Incorrect default permissions in the software installer for
the Intel( ...)
NOT-FOR-US: Intel
-CVE-2021-33128
- RESERVED
+CVE-2021-33128 (Improper access control in the firmware for some Intel(R) E810
Etherne ...)
+ TODO: check
CVE-2021-33127
RESERVED
-CVE-2021-33126
- RESERVED
+CVE-2021-33126 (Improper access control in the firmware for some Intel(R) 700
and 722 ...)
+ TODO: check
CVE-2021-33125
RESERVED
CVE-2021-33124 (Out-of-bounds write in the BIOS authenticated code module for
some Int ...)
@@ -85233,8 +85395,8 @@ CVE-2021-33061 (Insufficient control flow management
for the Intel(R) 82599 Ethe
- linux 5.18.2-1
NOTE:
https://git.kernel.org/linus/008ca35f6e87be1d60b6af3d1ae247c6d5c2531d (5.18-rc1)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00571.html
-CVE-2021-33060
- RESERVED
+CVE-2021-33060 (Out-of-bounds write in the BIOS firmware for some Intel(R)
Processors ...)
+ TODO: check
CVE-2021-33059 (Improper input validation in the Intel(R) Administrative Tools
for Int ...)
NOT-FOR-US: Intel
CVE-2021-33058 (Improper access control in the installer
Intel(R)Administrative Tools ...)
@@ -85710,8 +85872,8 @@ CVE-2021-32864
RESERVED
CVE-2021-32863
RESERVED
-CVE-2021-32862
- RESERVED
+CVE-2021-32862 (The GitHub Security Lab discovered sixteen ways to exploit a
cross-sit ...)
+ TODO: check
CVE-2021-32861
RESERVED
CVE-2021-32860
@@ -130381,15 +130543,15 @@ CVE-2020-27793
CVE-2020-27792
RESERVED
CVE-2020-27791
- RESERVED
-CVE-2020-27790
- RESERVED
+ REJECTED
+CVE-2020-27790 (A floating point exception issue was discovered in UPX in
PackLinuxElf ...)
+ TODO: check
CVE-2020-27789
- RESERVED
-CVE-2020-27788
- RESERVED
-CVE-2020-27787
- RESERVED
+ REJECTED
+CVE-2020-27788 (An out-of-bounds read access vulnerability was discovered in
UPX in Pa ...)
+ TODO: check
+CVE-2020-27787 (A Segmentaation fault was found in UPX in invert_pt_dynamic()
function ...)
+ TODO: check
CVE-2020-27786 (A flaw was found in the Linux kernel’s implementation of
MIDI, w ...)
- linux 5.6.14-1
[buster] - linux 4.19.131-1
@@ -141266,8 +141428,8 @@ CVE-2020-23468
RESERVED
CVE-2020-23467
RESERVED
-CVE-2020-23466
- RESERVED
+CVE-2020-23466 (Cross Site Scripting (XSS) vulnerability exists in the
phpgurukul Onli ...)
+ TODO: check
CVE-2020-23465
RESERVED
CVE-2020-23464
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37c6d502d1c21c34a7dc0875bf5b778f186978cc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37c6d502d1c21c34a7dc0875bf5b778f186978cc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
