[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Dec 10 08:47:46 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
61142be0 by Salvatore Bonaccorso at 2022-12-10T09:47:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -147,7 +147,7 @@ CVE-2022-46838
CVE-2022-4391
RESERVED
CVE-2022-4390 (A network misconfiguration is present in versions prior to 1.0.9.90 of ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-4389
RESERVED
CVE-2022-4388
@@ -293,7 +293,7 @@ CVE-2022-4366 (Exposure of Sensitive System Information to an Unauthorized Contr
CVE-2022-4365
RESERVED
CVE-2022-4364 (A vulnerability classified as critical has been found in Teledyne FLIR ...)
- TODO: check
+ NOT-FOR-US: Teledyne
CVE-2022-4363
RESERVED
CVE-2022-4362
@@ -323,11 +323,11 @@ CVE-2022-4351
CVE-2022-4350 (A vulnerability, which was classified as problematic, was found in Min ...)
NOT-FOR-US: Mingsoft MCMS
CVE-2022-4349 (A vulnerability classified as problematic has been found in CTF-hacker ...)
- TODO: check
+ NOT-FOR-US: CTF-hacker pwn
CVE-2022-4348 (A vulnerability was found in y_project RuoYi-Cloud. It has been rated ...)
NOT-FOR-US: y_project RuoYi-Cloud
CVE-2022-4347 (A vulnerability was found in xiandafu beetl-bbs. It has been declared ...)
- TODO: check
+ NOT-FOR-US: xiandafu beetl-bbs
CVE-2020-36610 (A vulnerability was found in annyshow DuxCMS 2.1. It has been declared ...)
NOT-FOR-US: DuxCMS
CVE-2020-36609 (A vulnerability was found in annyshow DuxCMS 2.1. It has been classifi ...)
@@ -2339,7 +2339,7 @@ CVE-2022-46159 (Discourse is an open-source discussion platform. In version 2.8.
CVE-2022-46158 (PrestaShop is an open-source e-commerce solution. Versions prior to 1. ...)
NOT-FOR-US: PrestaShop
CVE-2022-46157 (Akeneo PIM is an open source Product Information Management (PIM). Ake ...)
- TODO: check
+ NOT-FOR-US: Akeneo PIM
CVE-2022-46156 (The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring appl ...)
NOT-FOR-US: Grafana Synthetic Monitoring
CVE-2022-46155 (Airtable.js is the JavaScript client for Airtable. Prior to version 0. ...)
@@ -4851,7 +4851,7 @@ CVE-2022-45294
CVE-2022-45293
RESERVED
CVE-2022-45292 (User invites for Funkwhale v1.2.8 do not permanently expire after bein ...)
- TODO: check
+ NOT-FOR-US: Funkwhale
CVE-2022-45291
RESERVED
CVE-2022-45290 (Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vu ...)
@@ -6191,7 +6191,7 @@ CVE-2022-44792 (handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net
CVE-2022-44791
RESERVED
CVE-2022-44790 (Interspire Email Marketer through 6.5.1 allows SQL Injection via the s ...)
- TODO: check
+ NOT-FOR-US: Interspire Email Marketer
CVE-2022-44789 (A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 ...)
{DSA-5291-1}
- mujs 1.3.2-1 (bug #1024769)
@@ -8450,7 +8450,7 @@ CVE-2022-44375
CVE-2022-44374
RESERVED
CVE-2022-44373 (A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upg ...)
- TODO: check
+ NOT-FOR-US: TrendNet Wireless AC Easy-Upgrader TEW-820AP
CVE-2022-44372
RESERVED
CVE-2022-44371 (hope-boot 1.0.0 has a deserialization vulnerability that can cause Rem ...)
@@ -8770,7 +8770,7 @@ CVE-2022-44215
CVE-2022-44214
RESERVED
CVE-2022-44213 (ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vu ...)
- TODO: check
+ NOT-FOR-US: ZKTeco Xiamen Information Technology ZKBio ECO ADMS
CVE-2022-44212 (In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to ac ...)
NOT-FOR-US: GL.iNet Goodcloud
CVE-2022-44211 (In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote atta ...)
@@ -11790,11 +11790,11 @@ CVE-2022-43671 (Zoho ManageEngine Password Manager Pro before 12122, PAM360 befo
CVE-2022-43670 (An improper neutralization of input during web page generation ('Cross ...)
NOT-FOR-US: Apache Sling
CVE-2022-43667 (Stack-based buffer overflow vulnerability exists in CX-Programmer v.9. ...)
- TODO: check
+ NOT-FOR-US: CX-Programmer
CVE-2022-43509 (Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and e ...)
- TODO: check
+ NOT-FOR-US: CX-Programmer
CVE-2022-43508 (Use-after free vulnerability exists in CX-Programmer v.9.77 and earlie ...)
- TODO: check
+ NOT-FOR-US: CX-Programmer
CVE-2022-43504 (Improper authentication vulnerability in WordPress versions prior to 6 ...)
TODO: check
CVE-2022-43500 (Cross-site scripting vulnerability in WordPress versions prior to 6.0. ...)
@@ -11810,9 +11810,9 @@ CVE-2022-43470 (Cross-site request forgery (CSRF) vulnerability in +F FS040U sof
CVE-2022-43442 (Plaintext storage of a password vulnerability exists in +F FS040U soft ...)
NOT-FOR-US: +F software
CVE-2022-42486 (Stored cross-site scripting vulnerability in User group management of ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2022-41994 (Stored cross-site scripting vulnerability in Permission Settings of ba ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2022-41830 (Stored cross-site scripting vulnerability in Kyocera Document Solution ...)
NOT-FOR-US: Kyocera Document Solutions
CVE-2022-41807 (Missing authorization vulnerability exists in Kyocera Document Solutio ...)
@@ -12267,7 +12267,7 @@ CVE-2022-43437
CVE-2022-43436
RESERVED
CVE-2022-42888 (Unauth. Privilege Escalation vulnerability in ARMember premium plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-42884
RESERVED
CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by Quiz And ...)
@@ -12277,7 +12277,7 @@ CVE-2022-42882
CVE-2022-42880
RESERVED
CVE-2022-42699 (Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-42698 (Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Brid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42497 (Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector pl ...)
@@ -12391,7 +12391,7 @@ CVE-2022-3643 (Guests can trigger NIC interface reset/abort/crash via netback It
CVE-2022-3642
REJECTED
CVE-2022-3641 (Elevation of privilege in the Azure SQL Data Source in Devolutions Rem ...)
- TODO: check
+ NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2022-36401
RESERVED
CVE-2022-3640 (A vulnerability, which was classified as critical, was found in Linux ...)
@@ -15202,7 +15202,7 @@ CVE-2022-42467 (When running in prototype mode, the h2 webconsole module (access
CVE-2022-42466 (Prior to 2.0.0-M9, it was possible for an end-user to set the value of ...)
NOT-FOR-US: Apache Isis
CVE-2022-42458 (Authentication bypass using an alternate path or channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: bingo!CMS
CVE-2022-42001 (Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extensi ...)
NOT-FOR-US: Bluespice extension
CVE-2022-42000 (Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile ext ...)
@@ -17430,7 +17430,7 @@ CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS Vul
CVE-2022-40975
RESERVED
CVE-2022-40966 (Authentication bypass vulnerability in multiple Buffalo network device ...)
- TODO: check
+ NOT-FOR-US: Buffalo
CVE-2022-40702
RESERVED
CVE-2022-40700
@@ -17458,7 +17458,7 @@ CVE-2022-40130 (Auth. (subscriber+) Race Condition vulnerability in WP-Polls plu
CVE-2022-40128 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Expo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-39044 (Hidden functionality vulnerability in multiple Buffalo network devices ...)
- TODO: check
+ NOT-FOR-US: Buffalo
CVE-2022-38467
RESERVED
CVE-2022-38456
@@ -17478,7 +17478,7 @@ CVE-2022-36399
CVE-2022-35730 (Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky head ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34840 (Use of hard-coded credentials vulnerability in multiple Buffalo networ ...)
- TODO: check
+ NOT-FOR-US: Buffalo
CVE-2022-3347
RESERVED
CVE-2022-3346
@@ -21615,49 +21615,49 @@ CVE-2022-39917
CVE-2022-39916
RESERVED
CVE-2022-39915 (Improper access control vulnerability in Calendar prior to versions 11 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39914 (Exposure of Sensitive Information from an Unauthorized Actor vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39913 (Exposure of Sensitive Information to an Unauthorized Actor in Persona ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39912 (Improper handling of insufficient permissions vulnerability in setSecu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39911 (Improper check or handling of exceptional conditions vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39910 (Improper access control vulnerability in Samsung Pass prior to version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39909 (Insufficient verification of data authenticity vulnerability in Samsun ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39908 (TOCTOU vulnerability in Samsung decoding library for video thumbnails ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39907 (Integer overflow vulnerability in Samsung decoding library for video t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39906 (Improper access control vulnerability in SecTelephonyProvider prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39905 (Implicit intent hijacking vulnerability in Telecom application prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39904 (Exposure of Sensitive Information vulnerability in Samsung Settings pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39903 (Improper access control vulnerability in RCS call prior to SMR Dec-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39902 (Improper authorization in Exynos baseband prior to SMR DEC-2022 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39901 (Improper authentication in Exynos baseband prior to SMR DEC-2022 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39900 (Improper access control vulnerability in Nice Catch prior to SMR Dec-2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39899 (Improper authentication vulnerability in Samsung WindowManagerService ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39898 (Improper access control vulnerability in IIccPhoneBook prior to SMR De ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39897 (Exposure of Sensitive Information vulnerability in kernel prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39896 (Improper access control vulnerabilities in Contacts prior to SMR Dec-2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39895 (Improper access control vulnerability in ContactListUtils in Phone pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39894 (Improper access control vulnerability in ContactListStartActivityHelpe ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39893 (Sensitive information exposure vulnerability in FmmBaseModel in Galaxy ...)
NOT-FOR-US: Samsung
CVE-2022-39892 (Improper access control in Samsung Pass prior to version 4.0.05.1 allo ...)
@@ -23446,7 +23446,7 @@ CVE-2022-39160
CVE-2022-3093
RESERVED
CVE-2022-3092 (GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds ...)
- TODO: check
+ NOT-FOR-US: GE CIMPICITY
CVE-2022-3091
RESERVED
CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 ...)
@@ -23462,7 +23462,7 @@ CVE-2022-3086 (Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vuln
CVE-2022-3085
RESERVED
CVE-2022-3084 (GE CIMPICITY versions 2022 and prior is vulnerable when data from a fa ...)
- TODO: check
+ NOT-FOR-US: GE CIMPICITY
CVE-2022-3083
RESERVED
CVE-2022-39189 (An issue was discovered the x86 KVM subsystem in the Linux kernel befo ...)
@@ -23527,17 +23527,17 @@ CVE-2022-39136 (A vulnerability has been identified in JT2Go (All versions <
CVE-2022-39135 (In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NOD ...)
NOT-FOR-US: Apache Calcite
CVE-2022-39134 (In audio driver, there is a use after free due to a race condition. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39133 (In wlan driver, there is a possible missing bounds check, This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39132 (In camera driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39131 (In camera driver, there is a possible memory corruption due to imprope ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39130 (In face detect driver, there is a possible out of bounds write due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39129 (In face detect driver, there is a possible out of bounds write due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39128 (In sensor driver, there is a possible out of bounds write due to a mis ...)
NOT-FOR-US: Unisoc
CVE-2022-39127 (In sensor driver, there is a possible out of bounds write due to a mis ...)
@@ -23583,7 +23583,7 @@ CVE-2022-39108 (In Music service, there is a missing permission check. This coul
CVE-2022-39107 (In Soundrecorder service, there is a missing permission check. This co ...)
NOT-FOR-US: Unisoc
CVE-2022-39106 (In sensor driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39105 (In sensor driver, there is a possible out of bounds write due to a mis ...)
NOT-FOR-US: Unisoc
CVE-2022-39104
@@ -23591,31 +23591,31 @@ CVE-2022-39104
CVE-2022-39103 (In Gallery service, there is a missing permission check. This could le ...)
NOT-FOR-US: Unisoc
CVE-2022-39102 (In power management service, there is a missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39101 (In power management service, there is a missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39100 (In power management service, there is a missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39099 (In power management service, there is a missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39098 (In power management service, there is a missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39097 (In power management service, there is a missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39096 (In power management service, there is a missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39095 (In power management service, there is a missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39094 (In power management service, there is a missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39093 (In power management service, there is a missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39092 (In power management service, there is a missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39091 (In power management service, there is a missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39090 (In power management service, there is a missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39089
RESERVED
CVE-2022-39088
@@ -24597,7 +24597,7 @@ CVE-2022-38767 (An issue was discovered in Wind River VxWorks 6.9 and 7, that al
CVE-2022-38766
RESERVED
CVE-2022-38765 (Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately e ...)
- TODO: check
+ NOT-FOR-US: Canon Medical Informatics Vitrea
CVE-2022-38764 (A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below ...)
NOT-FOR-US: Trend Micro
CVE-2022-38763
@@ -24972,7 +24972,7 @@ CVE-2022-2953 (LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
NOTE: Crash in CLI tool, no security impact
CVE-2022-2952 (GE CIMPICITY versions 2022 and prior is vulnerable when data from a fa ...)
- TODO: check
+ NOT-FOR-US: GE CIMPICITY
CVE-2022-2951
RESERVED
CVE-2022-2950
@@ -24980,7 +24980,7 @@ CVE-2022-2950
CVE-2022-2949
RESERVED
CVE-2022-2948 (GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buf ...)
- TODO: check
+ NOT-FOR-US: GE CIMPICITY
CVE-2022-2947
RESERVED
CVE-2022-38666 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and e ...)
@@ -27222,11 +27222,11 @@ CVE-2022-37920 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line
CVE-2022-37919 (A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An ...)
NOT-FOR-US: Aruba
CVE-2022-37918 (Vulnerabilities in the AirWave Management Platform web-based managemen ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37917 (Vulnerabilities in the AirWave Management Platform web-based managemen ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37916 (Vulnerabilities in the AirWave Management Platform web-based managemen ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37915 (A vulnerability in the web-based management interface of Aruba EdgeCon ...)
NOT-FOR-US: Aruba
CVE-2022-37914 (Vulnerabilities in the web-based management interface of Aruba EdgeCon ...)
@@ -39917,9 +39917,9 @@ CVE-2022-2073 (Code Injection in GitHub repository getgrav/grav prior to 1.7.34.
CVE-2021-46821
RESERVED
CVE-2022-33187 (Brocade SANnav before v2.2.1 logs usernames and encoded passwords in d ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2022-33186 (A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c ...)
- TODO: check
+ NOT-FOR-US: Brocade Fabric OS
CVE-2022-33185 (Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1 ...)
NOT-FOR-US: Brocade
CVE-2022-33184 (A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS vers ...)
@@ -41260,29 +41260,29 @@ CVE-2022-32632 (In Wi-Fi, there is a possible out of bounds write due to imprope
CVE-2022-32631 (In Wi-Fi, there is a possible out of bounds write due to improper inpu ...)
TODO: check
CVE-2022-32630 (In throttling, there is a possible out of bounds write due to an incor ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32629 (In isp, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32628 (In isp, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32627
RESERVED
CVE-2022-32626 (In display, there is a possible out of bounds write due to an incorrec ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32625 (In display, there is a possible out of bounds write due to an incorrec ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32624 (In throttling, there is a possible out of bounds write due to an incor ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32623
RESERVED
CVE-2022-32622 (In gz, there is a possible memory corruption due to a missing bounds c ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32621 (In isp, there is a possible out of bounds write due to a race conditio ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32620 (In mpu, there is a possible memory corruption due to a logic error. Th ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32619 (In keyinstall, there is a possible out of bounds write due to an incor ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32618 (In typec, there is a possible out of bounds write due to an incorrect ...)
NOT-FOR-US: Mediatek
CVE-2022-32617 (In typec, there is a possible out of bounds write due to an incorrect ...)
@@ -41324,15 +41324,15 @@ CVE-2022-32600
CVE-2022-32599
RESERVED
CVE-2022-32598 (In widevine, there is a possible out of bounds write due to an incorre ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32597 (In widevine, there is a possible out of bounds write due to an incorre ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32596 (In widevine, there is a possible out of bounds write due to an incorre ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32595
RESERVED
CVE-2022-32594 (In widevine, there is a possible out of bounds write due to an incorre ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32593 (In vowe, there is a possible out of bounds write due to a missing boun ...)
NOT-FOR-US: Mediatek
CVE-2022-32592 (In cpu dvfs, there is a possible out of bounds write due to a missing ...)
@@ -41647,7 +41647,7 @@ CVE-2022-2004 (AutomationDirect DirectLOGIC is vulnerable to a a specially craft
CVE-2022-2003 (AutomationDirect DirectLOGIC is vulnerable to a specifically crafted s ...)
NOT-FOR-US: AutomationDirect
CVE-2022-2002 (GE CIMPICITY versions 2022 and prior is vulnerable when data from faul ...)
- TODO: check
+ NOT-FOR-US: GE CIMPICITY
CVE-2022-2001 (The DX Share Selection plugin for WordPress is vulnerable to Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-32498 (Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijackin ...)
@@ -48250,7 +48250,7 @@ CVE-2022-30307 (A key management error vulnerability [CWE-320] affecting the RSA
CVE-2022-30306
RESERVED
CVE-2022-30305 (An insufficient logging [CWE-778] vulnerability in FortiSandbox versio ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-30304
RESERVED
CVE-2022-30303
@@ -49638,9 +49638,9 @@ CVE-2022-29841
CVE-2022-29840
RESERVED
CVE-2022-29839 (Insufficiently Protected Credentials vulnerability in the remote backu ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-29838 (Improper Authentication vulnerability in the encrypted volumes and aut ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-29837 (A path traversal vulnerability was addressed in Western Digital My Clo ...)
NOT-FOR-US: Western Digital
CVE-2022-29836 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -55909,7 +55909,7 @@ CVE-2022-27774 (An insufficiently protected credentials vulnerability exists in
NOTE: Fixed by: https://github.com/curl/curl/commit/620ea21410030a9977396b4661806bc187231b79 (curl-7_83_0)
NOTE: Followup: https://github.com/curl/curl/commit/139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08 (curl-7_83_0)
CVE-2022-27773 (A privilege escalation vulnerability is identified in Ivanti EPM (LAND ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-27772 (** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version ...)
NOT-FOR-US: Spring Boot
CVE-2022-27771
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61142be08a9153b6af755db3b06dd0d73f616e32
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61142be08a9153b6af755db3b06dd0d73f616e32
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221210/be46128c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list