[Git][security-tracker-team/security-tracker][master] 2 commits: Lower some severities
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 19 10:33:00 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1dcdf771 by Salvatore Bonaccorso at 2022-08-19T11:31:00+02:00
Lower some severities
- - - - -
a8adc525 by Salvatore Bonaccorso at 2022-08-19T11:32:34+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24139,7 +24139,7 @@ CVE-2022-27493 (Improper initialization in the firmware for some Intel(R) NUC La
CVE-2022-26424
RESERVED
CVE-2022-25899 (Authentication bypass for the Open AMT Cloud Toolkit software maintain ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-1406 (Improper input validation in GitLab CE/EE affecting all versions from ...)
- gitlab <unfixed>
CVE-2022-29504
@@ -26319,7 +26319,7 @@ CVE-2022-28709 (Improper access control in the firmware for some Intel(R) E810 E
CVE-2022-28698
RESERVED
CVE-2022-28696 (Uncontrolled search path in the Intel(R) Distribution for Python befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-28694
RESERVED
CVE-2022-28688
@@ -29926,7 +29926,7 @@ CVE-2022-27502 (RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local
CVE-2022-27501
RESERVED
CVE-2022-27500 (Incorrect default permissions for the Intel(R) Support Android applica ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27233
RESERVED
CVE-2022-27229
@@ -29948,7 +29948,7 @@ CVE-2022-26024
CVE-2022-26017 (Improper access control in the Intel(R) DSA software for before versio ...)
TODO: check
CVE-2022-25841 (Uncontrolled search path elements in the Intel(R) Datacenter Group Eve ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and Webadmin ...)
NOT-FOR-US: Sophos
CVE-2022-1039 (The weak password on the web user interface can be exploited via HTTP ...)
@@ -33346,7 +33346,7 @@ CVE-2022-26086
CVE-2022-26083
RESERVED
CVE-2022-26074 (Incomplete cleanup in a firmware subsystem for Intel(R) SPS before ver ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26072
RESERVED
CVE-2022-26056
@@ -33360,11 +33360,11 @@ CVE-2022-26028
CVE-2022-26006
RESERVED
CVE-2022-25999 (Uncontrolled search path element in the Intel(R) Enpirion(R) Digital P ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-25992
RESERVED
CVE-2022-25966 (Improper access control in the Intel(R) Edge Insights for Industrial s ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-25922 (Power Line Communications PLC4TRUCKS J2497 trailer brake controllers i ...)
NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer brake controllers
CVE-2022-25917
@@ -35967,17 +35967,17 @@ CVE-2022-24436 (Observable behavioral in power management throttling for some In
NOTE: https://www.hertzbleed.com/
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html
CVE-2022-24378 (Improper initialization in the Intel(R) Data Center Manager software b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-24067
RESERVED
CVE-2022-23403 (Improper input validation in the Intel(R) Data Center Manager software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-23182 (Improper access control in the Intel(R) Data Center Manager software b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-22139 (Uncontrolled search path in the Intel(R) XTU software before version 7 ...)
NOT-FOR-US: Intel
CVE-2022-21225 (Improper access control in the Intel(R) Data Center Manager software b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21198
RESERVED
CVE-2022-21183
@@ -36467,7 +36467,7 @@ CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain
CVE-2022-25229 (Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' fiel ...)
NOT-FOR-US: Popcorn Time
CVE-2022-25228 (CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQ ...)
- TODO: check
+ NOT-FOR-US: CandidATS
CVE-2022-25227 (Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS ...)
NOT-FOR-US: Thinfinity VNC
CVE-2022-25226 (ThinVNC version 1.0b1 allows an unauthenticated user to bypass the aut ...)
@@ -39036,9 +39036,9 @@ CVE-2022-23917
CVE-2022-23914
RESERVED
CVE-2022-22730 (Improper authentication in the Intel(R) Edge Insights for Industrial s ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21807 (Uncontrolled search path elements in the Intel(R) VTune(TM) Profiler s ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21795
RESERVED
CVE-2022-21233 (Improper isolation of shared resources in some Intel(R) Processors may ...)
@@ -51781,7 +51781,7 @@ CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw was found in the NFSD in
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025101
NOTE: https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2)
CVE-2022-21812 (Improper access control in the Intel(R) HAXM software before version 7 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21804
RESERVED
CVE-2022-21794
@@ -130555,17 +130555,17 @@ CVE-2020-27792
CVE-2020-27791
REJECTED
CVE-2020-27790 (A floating point exception issue was discovered in UPX in PackLinuxElf ...)
- - upx-ucl 3.96-1
+ - upx-ucl 3.96-1 (unimportant)
NOTE: https://github.com/upx/upx/issues/331
NOTE: https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26 (v3.96)
CVE-2020-27789
REJECTED
CVE-2020-27788 (An out-of-bounds read access vulnerability was discovered in UPX in Pa ...)
- - upx-ucl 3.96-1
+ - upx-ucl 3.96-1 (unimportant)
NOTE: https://github.com/upx/upx/issues/332
NOTE: https://github.com/upx/upx/commit/1bb93d4fce9f1d764ba57bf5ac154af515b3fc83 (v3.96)
CVE-2020-27787 (A Segmentaation fault was found in UPX in invert_pt_dynamic() function ...)
- - upx-ucl 3.96-1
+ - upx-ucl 3.96-1 (unimportant)
NOTE: https://github.com/upx/upx/issues/333
NOTE: https://github.com/upx/upx/commit/e2f60adc95334f47e286838dac33160819c5d74d (v3.96)
CVE-2020-27786 (A flaw was found in the Linux kernel’s implementation of MIDI, w ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f2c71536279d28ffd462b5b33a76cc5e754366c...a8adc525353e4e36ba98eb11c787494d4b470be1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f2c71536279d28ffd462b5b33a76cc5e754366c...a8adc525353e4e36ba98eb11c787494d4b470be1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220819/84299a94/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list