[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 11 21:10:27 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a5fc868e by security tracker role at 2022-08-11T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2022-38170
+ RESERVED
+CVE-2022-38082
+ RESERVED
+CVE-2022-2786
+ RESERVED
+CVE-2022-2785
+ RESERVED
+CVE-2022-2784
+ RESERVED
+CVE-2022-2783
+ RESERVED
+CVE-2022-2782
+ RESERVED
+CVE-2022-2781
+ RESERVED
+CVE-2022-2780
+ RESERVED
+CVE-2022-2779
+ RESERVED
+CVE-2022-2778
+ RESERVED
+CVE-2022-2777 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
+ TODO: check
+CVE-2022-2776 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2022-2775
+ RESERVED
+CVE-2022-2774 (A vulnerability was found in SourceCodester Library Management System. ...)
+ TODO: check
+CVE-2022-2773 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...)
+ TODO: check
+CVE-2022-2772 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...)
+ TODO: check
+CVE-2022-2771 (A vulnerability has been found in SourceCodester Simple Online Book St ...)
+ TODO: check
+CVE-2022-2770 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2022-2769 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-2768 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2022-2767 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2022-2766 (A vulnerability was found in SourceCodester Loan Management System. It ...)
+ TODO: check
+CVE-2022-2765 (A vulnerability was found in SourceCodester Company Website CMS 1.0. I ...)
+ TODO: check
+CVE-2022-2764
+ RESERVED
+CVE-2022-2763
+ RESERVED
+CVE-2022-2762
+ RESERVED
+CVE-2022-2761
+ RESERVED
+CVE-2022-2760
+ RESERVED
CVE-2022-38169
RESERVED
CVE-2022-38168
@@ -2052,6 +2110,7 @@ CVE-2022-33940
RESERVED
CVE-2022-2625 [extension scripts replace objects not owned by the extension]
RESERVED
+ {DLA-3072-1}
- postgresql-14 14.5-1
- postgresql-13 <removed>
- postgresql-11 <removed>
@@ -4378,7 +4437,7 @@ CVE-2022-32570
CVE-2022-32232
RESERVED
CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens because of ...)
- {DSA-5203-1}
+ {DSA-5203-1 DLA-3070-1}
- gnutls28 3.7.7-1
NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted)
@@ -4559,7 +4618,7 @@ CVE-2022-2487 (A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and
CVE-2022-2486 (A vulnerability, which was classified as critical, was found in WAVLIN ...)
NOT-FOR-US: WAVLINK
CVE-2021-46828 (In libtirpc before 1.3.3rc1, remote attackers could exhaust the file d ...)
- {DSA-5200-1}
+ {DSA-5200-1 DLA-3071-1}
- libtirpc 1.3.2-2.1 (bug #1015873)
NOTE: Fixed by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed (libtirpc-1-3-3-rc1)
NOTE: Introduced by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=b2c9430f46c4ac848957fb8adaac176a3f6ac03f (libtirpc-0-3-3-rc3)
@@ -6091,34 +6150,34 @@ CVE-2022-35680
RESERVED
CVE-2022-35679
RESERVED
-CVE-2022-35678
- RESERVED
-CVE-2022-35677
- RESERVED
-CVE-2022-35676
- RESERVED
-CVE-2022-35675
- RESERVED
-CVE-2022-35674
- RESERVED
-CVE-2022-35673
- RESERVED
+CVE-2022-35678 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...)
+ TODO: check
+CVE-2022-35677 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...)
+ TODO: check
+CVE-2022-35676 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...)
+ TODO: check
+CVE-2022-35675 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...)
+ TODO: check
+CVE-2022-35674 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...)
+ TODO: check
+CVE-2022-35673 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...)
+ TODO: check
CVE-2022-35672 (Adobe Acrobat Reader version 22.001.20085 (and earlier), 20.005.30314 ...)
NOT-FOR-US: Adobe
-CVE-2022-35671
- RESERVED
-CVE-2022-35670
- RESERVED
+CVE-2022-35671 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...)
+ TODO: check
+CVE-2022-35670 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...)
+ TODO: check
CVE-2022-35669 (Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and ...)
NOT-FOR-US: Adobe
-CVE-2022-35668
- RESERVED
-CVE-2022-35667
- RESERVED
-CVE-2022-35666
- RESERVED
-CVE-2022-35665
- RESERVED
+CVE-2022-35668 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...)
+ TODO: check
+CVE-2022-35667 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...)
+ TODO: check
+CVE-2022-35666 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...)
+ TODO: check
+CVE-2022-35665 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...)
+ TODO: check
CVE-2022-35664
RESERVED
CVE-2022-35663
@@ -6391,20 +6450,20 @@ CVE-2022-35563
RESERVED
CVE-2022-35562
RESERVED
-CVE-2022-35561
- RESERVED
-CVE-2022-35560
- RESERVED
-CVE-2022-35559
- RESERVED
-CVE-2022-35558
- RESERVED
-CVE-2022-35557
- RESERVED
+CVE-2022-35561 (A stack overflow vulnerability exists in /goform/WifiMacFilterSet in T ...)
+ TODO: check
+CVE-2022-35560 (A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda ...)
+ TODO: check
+CVE-2022-35559 (A stack overflow vulnerability exists in /goform/setAutoPing in Tenda ...)
+ TODO: check
+CVE-2022-35558 (A stack overflow vulnerability exists in /goform/WifiMacFilterGet in T ...)
+ TODO: check
+CVE-2022-35557 (A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda ...)
+ TODO: check
CVE-2022-35556
RESERVED
-CVE-2022-35555
- RESERVED
+CVE-2022-35555 (A command injection vulnerability exists in /goform/exeCommand in Tend ...)
+ TODO: check
CVE-2022-35554
RESERVED
CVE-2022-35553
@@ -9794,16 +9853,16 @@ CVE-2022-34265 (An issue was discovered in Django 3.2 before 3.2.14 and 4.0 befo
NOTE: https://github.com/django/django/commit/54eb8a374d5d98594b264e8ec22337819b37443c (main)
NOTE: https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492 (4.0.6)
NOTE: https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e (3.2.14)
-CVE-2022-34264
- RESERVED
-CVE-2022-34263
- RESERVED
-CVE-2022-34262
- RESERVED
-CVE-2022-34261
- RESERVED
-CVE-2022-34260
- RESERVED
+CVE-2022-34264 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...)
+ TODO: check
+CVE-2022-34263 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...)
+ TODO: check
+CVE-2022-34262 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...)
+ TODO: check
+CVE-2022-34261 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...)
+ TODO: check
+CVE-2022-34260 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...)
+ TODO: check
CVE-2022-34259
RESERVED
CVE-2022-34258
@@ -9852,8 +9911,8 @@ CVE-2022-34237 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005
NOT-FOR-US: Adobe
CVE-2022-34236 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
-CVE-2022-34235
- RESERVED
+CVE-2022-34235 (Adobe Premiere Elements version 2020v20 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-34234 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34233 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
@@ -13490,16 +13549,19 @@ CVE-2022-32747
RESERVED
CVE-2022-32746 [Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request]
RESERVED
+ {DSA-5205-1}
- samba 2:4.16.4+dfsg-1 (bug #1016449)
[buster] - samba <no-dsa> (Minor issue; affects Samba as AD DC)
NOTE: https://www.samba.org/samba/security/CVE-2022-32746.html
CVE-2022-32745 [Samba AD users can crash the server process with an LDAP add or modify request]
RESERVED
+ {DSA-5205-1}
- samba 2:4.16.4+dfsg-1 (bug #1016449)
[buster] - samba <not-affected> (Only affects 4.13 and later)
NOTE: https://www.samba.org/samba/security/CVE-2022-32745.html
CVE-2022-32744 [Samba AD users can forge password change requests for any user]
RESERVED
+ {DSA-5205-1}
- samba 2:4.16.4+dfsg-1 (bug #1016449)
[buster] - samba <no-dsa> (Minor issue; affects Samba as AD DC)
NOTE: https://www.samba.org/samba/security/CVE-2022-32744.html
@@ -13507,6 +13569,7 @@ CVE-2022-32743
RESERVED
CVE-2022-32742 [Server memory information leak via SMB1]
RESERVED
+ {DSA-5205-1}
- samba 2:4.16.4+dfsg-1 (bug #1016449)
NOTE: https://www.samba.org/samba/security/CVE-2022-32742.html
CVE-2022-32741 (Attacker is able to determine if the provided username exists (and it' ...)
@@ -13932,6 +13995,7 @@ CVE-2022-2032 (In Pandora FMS v7.0NG.761 and below, in the file manager section,
NOT-FOR-US: Pandora FMS
CVE-2022-2031 [Samba AD users can bypass certain restrictions associated with changing passwords]
RESERVED
+ {DSA-5205-1}
- samba 2:4.16.4+dfsg-1 (bug #1016449)
[buster] - samba <no-dsa> (Minor issue; affects Samba as AD DC)
NOTE: https://www.samba.org/samba/security/CVE-2022-2031.html
@@ -25129,18 +25193,18 @@ CVE-2022-28757
RESERVED
CVE-2022-28756
RESERVED
-CVE-2022-28755
- RESERVED
-CVE-2022-28754
- RESERVED
-CVE-2022-28753
- RESERVED
+CVE-2022-28755 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...)
+ TODO: check
+CVE-2022-28754 (Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 ...)
+ TODO: check
+CVE-2022-28753 (Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 ...)
+ TODO: check
CVE-2022-28752
RESERVED
CVE-2022-28751
RESERVED
-CVE-2022-28750
- RESERVED
+CVE-2022-28750 (Zoom On-Premise Meeting Connector Zone Controller (ZC) before version ...)
+ TODO: check
CVE-2022-28749 (Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 ...)
NOT-FOR-US: Zoom
CVE-2022-28748
@@ -25575,28 +25639,28 @@ CVE-2022-28638
RESERVED
CVE-2022-28637
RESERVED
-CVE-2022-28636
- RESERVED
-CVE-2022-28635
- RESERVED
-CVE-2022-28634
- RESERVED
-CVE-2022-28633
- RESERVED
-CVE-2022-28632
- RESERVED
-CVE-2022-28631
- RESERVED
-CVE-2022-28630
- RESERVED
-CVE-2022-28629
- RESERVED
-CVE-2022-28628
- RESERVED
-CVE-2022-28627
- RESERVED
-CVE-2022-28626
- RESERVED
+CVE-2022-28636 (A potential local arbitrary code execution and a local denial of servi ...)
+ TODO: check
+CVE-2022-28635 (A potential local arbitrary code execution and a local denial of servi ...)
+ TODO: check
+CVE-2022-28634 (A local arbitrary code execution vulnerability was discovered in HPE I ...)
+ TODO: check
+CVE-2022-28633 (A local disclosure of sensitive information and a local unauthorized d ...)
+ TODO: check
+CVE-2022-28632 (A potential arbitrary code execution and a denial of service (DoS) vul ...)
+ TODO: check
+CVE-2022-28631 (A potential arbitrary code execution and a denial of service (DoS) vul ...)
+ TODO: check
+CVE-2022-28630 (A local arbitrary code execution vulnerability was discovered in HPE I ...)
+ TODO: check
+CVE-2022-28629 (A local arbitrary code execution vulnerability was discovered in HPE I ...)
+ TODO: check
+CVE-2022-28628 (A local arbitrary code execution vulnerability was discovered in HPE I ...)
+ TODO: check
+CVE-2022-28627 (A local arbitrary code execution vulnerability was discovered in HPE I ...)
+ TODO: check
+CVE-2022-28626 (A local arbitrary code execution vulnerability was discovered in HPE I ...)
+ TODO: check
CVE-2022-28625
RESERVED
CVE-2022-28624 (A potential security vulnerability has been identified in certain HPE ...)
@@ -40372,6 +40436,7 @@ CVE-2022-0340
RESERVED
CVE-2021-4209
RESERVED
+ {DLA-3070-1}
- gnutls28 3.7.3-2
[bullseye] - gnutls28 3.7.1-5+deb11u1
[stretch] - gnutls28 <postponed> (Minor issue)
@@ -50929,8 +50994,8 @@ CVE-2021-44722
RESERVED
CVE-2021-44721
RESERVED
-CVE-2021-44720
- RESERVED
+CVE-2021-44720 (In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the a ...)
+ TODO: check
CVE-2021-44719 (Docker Desktop 4.3.0 has Incorrect Access Control. ...)
NOT-FOR-US: Docker Desktop on MacOS
CVE-2021-44718
@@ -59841,24 +59906,24 @@ CVE-2022-20410
RESERVED
CVE-2022-20409
RESERVED
-CVE-2022-20408
- RESERVED
-CVE-2022-20407
- RESERVED
-CVE-2022-20406
- RESERVED
-CVE-2022-20405
- RESERVED
-CVE-2022-20404
- RESERVED
-CVE-2022-20403
- RESERVED
-CVE-2022-20402
- RESERVED
-CVE-2022-20401
- RESERVED
-CVE-2022-20400
- RESERVED
+CVE-2022-20408 (Product: AndroidVersions: Android kernelAndroid ID: A-204782372Referen ...)
+ TODO: check
+CVE-2022-20407 (Product: AndroidVersions: Android kernelAndroid ID: A-210916981Referen ...)
+ TODO: check
+CVE-2022-20406 (Product: AndroidVersions: Android kernelAndroid ID: A-184676385Referen ...)
+ TODO: check
+CVE-2022-20405 (Product: AndroidVersions: Android kernelAndroid ID: A-216363416Referen ...)
+ TODO: check
+CVE-2022-20404 (Product: AndroidVersions: Android kernelAndroid ID: A-205714161Referen ...)
+ TODO: check
+CVE-2022-20403 (Product: AndroidVersions: Android kernelAndroid ID: A-207975764Referen ...)
+ TODO: check
+CVE-2022-20402 (Product: AndroidVersions: Android kernelAndroid ID: A-218701042Referen ...)
+ TODO: check
+CVE-2022-20401 (In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a pos ...)
+ TODO: check
+CVE-2022-20400 (In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write d ...)
+ TODO: check
CVE-2022-20399
RESERVED
CVE-2022-20398
@@ -59889,59 +59954,57 @@ CVE-2022-20386
RESERVED
CVE-2022-20385
RESERVED
-CVE-2022-20384
- RESERVED
-CVE-2022-20383
- RESERVED
-CVE-2022-20382
- RESERVED
-CVE-2022-20381
- RESERVED
-CVE-2022-20380
- RESERVED
-CVE-2022-20379
- RESERVED
-CVE-2022-20378
- RESERVED
-CVE-2022-20377
- RESERVED
-CVE-2022-20376
- RESERVED
-CVE-2022-20375
- RESERVED
-CVE-2022-20374
- RESERVED
-CVE-2022-20373
- RESERVED
-CVE-2022-20372
- RESERVED
-CVE-2022-20371
- RESERVED
-CVE-2022-20370
- RESERVED
-CVE-2022-20369
- RESERVED
+CVE-2022-20384 (Product: AndroidVersions: Android kernelAndroid ID: A-211727306Referen ...)
+ TODO: check
+CVE-2022-20383 (In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a pos ...)
+ TODO: check
+CVE-2022-20382 (In (TBD) of (TBD), there is a possible out of bounds write due to kern ...)
+ TODO: check
+CVE-2022-20381 (Product: AndroidVersions: Android kernelAndroid ID: A-188935887Referen ...)
+ TODO: check
+CVE-2022-20380 (Product: AndroidVersions: Android kernelAndroid ID: A-212625740Referen ...)
+ TODO: check
+CVE-2022-20379 (In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary c ...)
+ TODO: check
+CVE-2022-20378 (Product: AndroidVersions: Android kernelAndroid ID: A-234657153Referen ...)
+ TODO: check
+CVE-2022-20377 (In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, ...)
+ TODO: check
+CVE-2022-20376 (In trusty_log_seq_start of trusty-log.c, there is a possible use after ...)
+ TODO: check
+CVE-2022-20375 (In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out o ...)
+ TODO: check
+CVE-2022-20374 (On specific devices, there is a possible bypass of configuration integ ...)
+ TODO: check
+CVE-2022-20373 (In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible u ...)
+ TODO: check
+CVE-2022-20372 (In exynos5_i2c_irq of (TBD), there is a possible out of bounds write d ...)
+ TODO: check
+CVE-2022-20371 (In dm_bow_dtr and related functions of dm-bow.c, there is a possible u ...)
+ TODO: check
+CVE-2022-20370 (Product: AndroidVersions: Android kernelAndroid ID: A-215730643Referen ...)
+ TODO: check
+CVE-2022-20369 (In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bou ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
NOTE: https://git.kernel.org/linus/8310ca94075e784bbb06593cd6c068ee6b6e4ca6 (5.18-rc1)
-CVE-2022-20368
- RESERVED
+CVE-2022-20368 (Product: AndroidVersions: Android kernelAndroid ID: A-224546354Referen ...)
- linux 5.16.18-1
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
NOTE: https://git.kernel.org/linus/c700525fcc06b05adfea78039de02628af79e07a (5.17)
-CVE-2022-20367
- RESERVED
-CVE-2022-20366
- RESERVED
-CVE-2022-20365
- RESERVED
+CVE-2022-20367 (In construct_transaction of lwis_ioctl.c, there is a possible out of b ...)
+ TODO: check
+CVE-2022-20366 (In ioctl_dpm_clk_update of lwis_ioctl.c, there is a possible out of bo ...)
+ TODO: check
+CVE-2022-20365 (Product: AndroidVersions: Android kernelAndroid ID: A-229632566Referen ...)
+ TODO: check
CVE-2022-20364
RESERVED
CVE-2022-20363
RESERVED
-CVE-2022-20362
- RESERVED
+CVE-2022-20362 (In Bluetooth, there is a possible out of bounds write due to an intege ...)
+ TODO: check
CVE-2022-20361 (In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerabil ...)
NOT-FOR-US: Android
CVE-2022-20360 (In setChecked of SecureNfcPreferenceController.java, there is a missin ...)
@@ -59980,218 +60043,218 @@ CVE-2022-20344 (In stealReceiveChannel of EventThread.cpp, there is a possible w
NOT-FOR-US: Android
CVE-2022-20343
RESERVED
-CVE-2022-20342
- RESERVED
-CVE-2022-20341
- RESERVED
-CVE-2022-20340
- RESERVED
-CVE-2022-20339
- RESERVED
-CVE-2022-20338
- RESERVED
+CVE-2022-20342 (In WiFi, there is a possible disclosure of WiFi password to the end us ...)
+ TODO: check
+CVE-2022-20341 (In ConnectivityService, there is a possible bypass of network permissi ...)
+ TODO: check
+CVE-2022-20340 (In SELinux policy, there is a possible way of inferring which websites ...)
+ TODO: check
+CVE-2022-20339 (In Android, there is a possible access of network neighbor table infor ...)
+ TODO: check
+CVE-2022-20338 (In Core Utilities, there is a possible way to craft a malformed Uri ob ...)
+ TODO: check
CVE-2022-20337
RESERVED
-CVE-2022-20336
- RESERVED
-CVE-2022-20335
- RESERVED
-CVE-2022-20334
- RESERVED
-CVE-2022-20333
- RESERVED
-CVE-2022-20332
- RESERVED
-CVE-2022-20331
- RESERVED
-CVE-2022-20330
- RESERVED
-CVE-2022-20329
- RESERVED
-CVE-2022-20328
- RESERVED
-CVE-2022-20327
- RESERVED
-CVE-2022-20326
- RESERVED
-CVE-2022-20325
- RESERVED
-CVE-2022-20324
- RESERVED
-CVE-2022-20323
- RESERVED
-CVE-2022-20322
- RESERVED
-CVE-2022-20321
- RESERVED
-CVE-2022-20320
- RESERVED
-CVE-2022-20319
- RESERVED
-CVE-2022-20318
- RESERVED
-CVE-2022-20317
- RESERVED
-CVE-2022-20316
- RESERVED
-CVE-2022-20315
- RESERVED
-CVE-2022-20314
- RESERVED
-CVE-2022-20313
- RESERVED
-CVE-2022-20312
- RESERVED
-CVE-2022-20311
- RESERVED
-CVE-2022-20310
- RESERVED
-CVE-2022-20309
- RESERVED
-CVE-2022-20308
- RESERVED
-CVE-2022-20307
- RESERVED
-CVE-2022-20306
- RESERVED
-CVE-2022-20305
- RESERVED
-CVE-2022-20304
- RESERVED
-CVE-2022-20303
- RESERVED
-CVE-2022-20302
- RESERVED
-CVE-2022-20301
- RESERVED
-CVE-2022-20300
- RESERVED
-CVE-2022-20299
- RESERVED
-CVE-2022-20298
- RESERVED
-CVE-2022-20297
- RESERVED
-CVE-2022-20296
- RESERVED
-CVE-2022-20295
- RESERVED
-CVE-2022-20294
- RESERVED
-CVE-2022-20293
- RESERVED
-CVE-2022-20292
- RESERVED
-CVE-2022-20291
- RESERVED
-CVE-2022-20290
- RESERVED
-CVE-2022-20289
- RESERVED
-CVE-2022-20288
- RESERVED
-CVE-2022-20287
- RESERVED
-CVE-2022-20286
- RESERVED
-CVE-2022-20285
- RESERVED
-CVE-2022-20284
- RESERVED
-CVE-2022-20283
- RESERVED
-CVE-2022-20282
- RESERVED
-CVE-2022-20281
- RESERVED
-CVE-2022-20280
- RESERVED
-CVE-2022-20279
- RESERVED
-CVE-2022-20278
- RESERVED
-CVE-2022-20277
- RESERVED
-CVE-2022-20276
- RESERVED
-CVE-2022-20275
- RESERVED
-CVE-2022-20274
- RESERVED
-CVE-2022-20273
- RESERVED
-CVE-2022-20272
- RESERVED
-CVE-2022-20271
- RESERVED
-CVE-2022-20270
- RESERVED
-CVE-2022-20269
- RESERVED
-CVE-2022-20268
- RESERVED
-CVE-2022-20267
- RESERVED
-CVE-2022-20266
- RESERVED
-CVE-2022-20265
- RESERVED
+CVE-2022-20336 (In Settings, there is a possible installed application disclosure due ...)
+ TODO: check
+CVE-2022-20335 (In Wifi Slice, there is a possible way to adjust Wi-Fi settings even w ...)
+ TODO: check
+CVE-2022-20334 (In Bluetooth, there are possible process crashes due to dereferencing ...)
+ TODO: check
+CVE-2022-20333 (In Bluetooth, there is a possible crash due to a missing null check. T ...)
+ TODO: check
+CVE-2022-20332 (In PackageManager, there is a possible way to determine whether an app ...)
+ TODO: check
+CVE-2022-20331 (In the Framework, there is a possible way to enable a work profile wit ...)
+ TODO: check
+CVE-2022-20330 (In Bluetooth, there is a possible way to connect or disconnect bluetoo ...)
+ TODO: check
+CVE-2022-20329 (In Wifi, there is a possible way to enable Wifi without permissions du ...)
+ TODO: check
+CVE-2022-20328 (In PackageManager, there is a possible way to determine whether an app ...)
+ TODO: check
+CVE-2022-20327 (In Wi-Fi, there is a possible way to retrieve the WiFi SSID without lo ...)
+ TODO: check
+CVE-2022-20326 (In Telephony, there is a possible disclosure of SIM identifiers due to ...)
+ TODO: check
+CVE-2022-20325 (In Media, there is a possible code execution due to a use after free. ...)
+ TODO: check
+CVE-2022-20324 (In Framework, there is a possible way to determine whether an app is i ...)
+ TODO: check
+CVE-2022-20323 (In PackageManager, there is a possible package installation disclosure ...)
+ TODO: check
+CVE-2022-20322 (In PackageManager, there is a possible installed package disclosure du ...)
+ TODO: check
+CVE-2022-20321 (In Settings, there is a possible way for an application without permis ...)
+ TODO: check
+CVE-2022-20320 (In ActivityManager, there is a possible way to determine whether an ap ...)
+ TODO: check
+CVE-2022-20319 (In DreamServices, there is a possible way to launch arbitrary protecte ...)
+ TODO: check
+CVE-2022-20318 (In PackageInstaller, there is a possible way to determine whether an a ...)
+ TODO: check
+CVE-2022-20317 (In SystemUI, there is a possible way to unexpectedly enable the extern ...)
+ TODO: check
+CVE-2022-20316 (In ContentResolver, there is a possible way to determine whether an ap ...)
+ TODO: check
+CVE-2022-20315 (In ActivityManager, there is a possible disclosure of installed packag ...)
+ TODO: check
+CVE-2022-20314 (In KeyChain, there is a possible spoof keychain chooser activity reque ...)
+ TODO: check
+CVE-2022-20313 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2022-20312 (In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address w ...)
+ TODO: check
+CVE-2022-20311 (In Telecomm, there is a possible disclosure of registered self managed ...)
+ TODO: check
+CVE-2022-20310 (In Telecomm, there is a possible disclosure of registered self managed ...)
+ TODO: check
+CVE-2022-20309 (In PackageInstaller, there is a possible way to determine whether an a ...)
+ TODO: check
+CVE-2022-20308 (In hostapd, there is a possible insecure configuration due to an insec ...)
+ TODO: check
+CVE-2022-20307 (In AlarmManagerService, there is a possible way to determine whether a ...)
+ TODO: check
+CVE-2022-20306 (In Camera Provider HAL, there is a possible memory corruption due to a ...)
+ TODO: check
+CVE-2022-20305 (In ContentService, there is a possible disclosure of available account ...)
+ TODO: check
+CVE-2022-20304 (In Content, there is a possible way to determinate the user's account ...)
+ TODO: check
+CVE-2022-20303 (In ContentService, there is a possible way to determine if an account ...)
+ TODO: check
+CVE-2022-20302 (In Settings, there is a possible way to bypass factory reset protectio ...)
+ TODO: check
+CVE-2022-20301 (In Content, there is a possible way to check if an account exists on t ...)
+ TODO: check
+CVE-2022-20300 (In Content, there is a possible way to check if the given account exis ...)
+ TODO: check
+CVE-2022-20299 (In ContentService, there is a possible way to check if the given accou ...)
+ TODO: check
+CVE-2022-20298 (In ContentService, there is a possible way to check if an account exis ...)
+ TODO: check
+CVE-2022-20297 (In Settings, there is a possible way to bypass factory reset protectio ...)
+ TODO: check
+CVE-2022-20296 (In ContentService, there is a possible way to check if an account exis ...)
+ TODO: check
+CVE-2022-20295 (In ContentService, there is a possible way to check if an account exis ...)
+ TODO: check
+CVE-2022-20294 (In Content, there is a possible way to learn about an account present ...)
+ TODO: check
+CVE-2022-20293 (In LauncherApps, there is a possible way to determine whether an app i ...)
+ TODO: check
+CVE-2022-20292 (In Settings, there is a possible way to bypass factory reset protectio ...)
+ TODO: check
+CVE-2022-20291 (In AppOpsService, there is a possible way to determine whether an app ...)
+ TODO: check
+CVE-2022-20290 (In Midi, there is a possible way to learn about private midi devices d ...)
+ TODO: check
+CVE-2022-20289 (In PackageInstaller, there is a possible way to determine whether an a ...)
+ TODO: check
+CVE-2022-20288 (In AppSearchManagerService, there is a possible way to determine wheth ...)
+ TODO: check
+CVE-2022-20287 (In AppSearchManagerService, there is a possible way to determine wheth ...)
+ TODO: check
+CVE-2022-20286 (In Connectivity, there is a possible bypass the restriction of startin ...)
+ TODO: check
+CVE-2022-20285 (In PackageManager, there is a possible way to determine whether an app ...)
+ TODO: check
+CVE-2022-20284 (In Telephony, there is a possible information disclosure due to a miss ...)
+ TODO: check
+CVE-2022-20283 (In Bluetooth, there is a possible out of bounds write due to an intege ...)
+ TODO: check
+CVE-2022-20282 (In AppWidget, there is a possible way to start an activity from the ba ...)
+ TODO: check
+CVE-2022-20281 (In Core, there is a possible way to start an activity from the backgro ...)
+ TODO: check
+CVE-2022-20280 (In MMSProvider, there is a possible read of protected data due to impr ...)
+ TODO: check
+CVE-2022-20279 (In DevicePolicyManager, there is a possible way to determine whether a ...)
+ TODO: check
+CVE-2022-20278 (In Accounts, there is a possible way to write sensitive information to ...)
+ TODO: check
+CVE-2022-20277 (In DevicePolicyManager, there is a possible way to determine whether a ...)
+ TODO: check
+CVE-2022-20276 (In DevicePolicyManager, there is a possible way to determine whether a ...)
+ TODO: check
+CVE-2022-20275 (In DevicePolicyManager, there is a possible way to determine whether a ...)
+ TODO: check
+CVE-2022-20274 (In Keyguard, there is a missing permission check. This could lead to l ...)
+ TODO: check
+CVE-2022-20273 (In Bluetooth, there is a possible out of bounds read due to a heap buf ...)
+ TODO: check
+CVE-2022-20272 (In PermissionController, there is a possible misunderstanding about th ...)
+ TODO: check
+CVE-2022-20271 (In PermissionController, there is a possible way to grant some permiss ...)
+ TODO: check
+CVE-2022-20270 (In Content, there is a possible way to learn gmail account name on the ...)
+ TODO: check
+CVE-2022-20269 (In Bluetooth, there is a possible out of bounds write due to an incorr ...)
+ TODO: check
+CVE-2022-20268 (In RestrictionsManager, there is a possible way to send a broadcast th ...)
+ TODO: check
+CVE-2022-20267 (In bluetooth, there is a possible way to enable or disable bluetooth c ...)
+ TODO: check
+CVE-2022-20266 (In Companion, there is a possible way to keep a service running with e ...)
+ TODO: check
+CVE-2022-20265 (In Settings, there is a possible way to bypass factory reset permissio ...)
+ TODO: check
CVE-2022-20264
RESERVED
-CVE-2022-20263
- RESERVED
-CVE-2022-20262
- RESERVED
-CVE-2022-20261
- RESERVED
-CVE-2022-20260
- RESERVED
-CVE-2022-20259
- RESERVED
-CVE-2022-20258
- RESERVED
-CVE-2022-20257
- RESERVED
-CVE-2022-20256
- RESERVED
-CVE-2022-20255
- RESERVED
-CVE-2022-20254
- RESERVED
-CVE-2022-20253
- RESERVED
-CVE-2022-20252
- RESERVED
-CVE-2022-20251
- RESERVED
-CVE-2022-20250
- RESERVED
-CVE-2022-20249
- RESERVED
-CVE-2022-20248
- RESERVED
-CVE-2022-20247
- RESERVED
-CVE-2022-20246
- RESERVED
-CVE-2022-20245
- RESERVED
-CVE-2022-20244
- RESERVED
-CVE-2022-20243
- RESERVED
-CVE-2022-20242
- RESERVED
-CVE-2022-20241
- RESERVED
+CVE-2022-20263 (In ActivityManager, there is a way to read process state for other use ...)
+ TODO: check
+CVE-2022-20262 (In ActivityManager, there is a possible way to check another process's ...)
+ TODO: check
+CVE-2022-20261 (In LocationManager, there is a possible way to get location informatio ...)
+ TODO: check
+CVE-2022-20260 (In the Phone app, there is a possible crash loop due to resource exhau ...)
+ TODO: check
+CVE-2022-20259 (In Telephony, there is a possible leak of ICCID and EID due to a missi ...)
+ TODO: check
+CVE-2022-20258 (In Bluetooth, there is a possible way to bypass compiler exploit mitig ...)
+ TODO: check
+CVE-2022-20257 (In Bluetooth, there is a possible way to pair a display only device wi ...)
+ TODO: check
+CVE-2022-20256 (In the Audio HAL, there is a possible out of bounds write due to a rac ...)
+ TODO: check
+CVE-2022-20255 (In SettingsProvider, there is a possible way to read or change the def ...)
+ TODO: check
+CVE-2022-20254 (In Wi-Fi, there is a permissions bypass. This could lead to local esca ...)
+ TODO: check
+CVE-2022-20253 (In Bluetooth, there is a possible cleanup failure due to an uncaught e ...)
+ TODO: check
+CVE-2022-20252 (In PackageManager, there is a possible way to determine whether an app ...)
+ TODO: check
+CVE-2022-20251 (In LocaleManager, there is a possible way to determine whether an app ...)
+ TODO: check
+CVE-2022-20250 (In Messaging, there is a possible way to attach files to a message wit ...)
+ TODO: check
+CVE-2022-20249 (In LocaleManager, there is a possible way to determine whether an app ...)
+ TODO: check
+CVE-2022-20248 (In Settings, there is a possible way to connect to an open network byp ...)
+ TODO: check
+CVE-2022-20247 (In Media, there is a possible out of bounds read due to a heap buffer ...)
+ TODO: check
+CVE-2022-20246 (In WindowManager, there is a possible bypass of the restrictions for s ...)
+ TODO: check
+CVE-2022-20245 (In WindowManager, there is a possible method to create a recording of ...)
+ TODO: check
+CVE-2022-20244 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2022-20243 (In Core Utilities, there is a possible log information disclosure. Thi ...)
+ TODO: check
+CVE-2022-20242 (In Telephony, there is a possible way to determine whether an app is i ...)
+ TODO: check
+CVE-2022-20241 (In Messaging, there is a possible way to attach a private file to an S ...)
+ TODO: check
CVE-2022-20240
RESERVED
CVE-2022-20239 ('remap_pfn_range' here may map out of size kernel memory (for example, ...)
NOT-FOR-US: Unisoc
CVE-2022-20238 ('remap_pfn_range' here may map out of size kernel memory (for example, ...)
NOT-FOR-US: Unisoc
-CVE-2022-20237
- RESERVED
+CVE-2022-20237 (In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out ...)
+ TODO: check
CVE-2022-20236 (A drm driver have oob problem, could cause the system crash or EOPProd ...)
NOT-FOR-US: Unisoc
CVE-2022-20235
@@ -60305,8 +60368,8 @@ CVE-2022-20182 (In handle_ramdump of pixel_loader.c, there is a possible way to
NOT-FOR-US: Google Pixel
CVE-2022-20181 (Product: AndroidVersions: Android kernelAndroid ID: A-210936609Referen ...)
NOT-FOR-US: Google Pixel
-CVE-2022-20180
- RESERVED
+CVE-2022-20180 (In several functions of mali_gralloc_reference.cpp, there is a possibl ...)
+ TODO: check
CVE-2022-20179 (Product: AndroidVersions: Android kernelAndroid ID: A-211683760Referen ...)
NOT-FOR-US: Google Pixel
CVE-2022-20178 (In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is ...)
@@ -60353,8 +60416,7 @@ CVE-2022-20160 (Product: AndroidVersions: Android kernelAndroid ID: A-210083655R
NOT-FOR-US: Google Pixel
CVE-2022-20159 (In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a pos ...)
NOT-FOR-US: Google Pixel
-CVE-2022-20158
- RESERVED
+CVE-2022-20158 (In bdi_put and bdi_unregister of backing-dev.c, there is a possible me ...)
- linux <unfixed>
NOTE: https://source.android.com/security/bulletin/pixel/2022-08-01
CVE-2022-20157
@@ -111508,8 +111570,8 @@ CVE-2021-22291
RESERVED
CVE-2021-22290
RESERVED
-CVE-2021-22289
- RESERVED
+CVE-2021-22289 (Improper Input Validation vulnerability in the project upload mechanis ...)
+ TODO: check
CVE-2021-22288 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...)
NOT-FOR-US: ABB
CVE-2021-22287
@@ -126505,8 +126567,8 @@ CVE-2021-0977 (In phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc, there is a possible
NOT-FOR-US: Android
CVE-2021-0976 (In toBARK of floor0.c, there is a possible out of bounds read due to a ...)
NOT-FOR-US: Android
-CVE-2021-0975
- RESERVED
+CVE-2021-0975 (In USB Manager, there is a possible way to determine whether an app is ...)
+ TODO: check
CVE-2021-0974
RESERVED
CVE-2021-0973 (In isFileUri of UriUtil.java, there is a possible way to bypass ignori ...)
@@ -127013,10 +127075,10 @@ CVE-2021-0737
RESERVED
CVE-2021-0736
RESERVED
-CVE-2021-0735
- RESERVED
-CVE-2021-0734
- RESERVED
+CVE-2021-0735 (In PackageManager, there is a possible way to get information about in ...)
+ TODO: check
+CVE-2021-0734 (In Settings, there is a possible way to determine whether an app is in ...)
+ TODO: check
CVE-2021-0733
RESERVED
CVE-2021-0732
@@ -127462,7 +127524,7 @@ CVE-2021-0520 (In several functions of MemoryFileSystem.cpp and related files, t
NOT-FOR-US: Android media framework
CVE-2021-0519 (In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of b ...)
NOT-FOR-US: Google Play
-CVE-2021-0518 (In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, there i ...)
+CVE-2021-0518 (In Wi-Fi, there is a possible leak of location-sensitive data due to a ...)
NOT-FOR-US: Android
CVE-2021-0517 (In updateCapabilities of ConnectivityService.java, there is a possible ...)
NOT-FOR-US: Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5fc868e2dd63d1344cd4d390858b848d1b22a63
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5fc868e2dd63d1344cd4d390858b848d1b22a63
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220811/7ace6e88/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list