[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 23 20:46:30 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
37341d97 by Salvatore Bonaccorso at 2022-03-23T21:46:05+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7858,7 +7858,7 @@ CVE-2022-24776
CVE-2022-24775 (guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8 ...)
TODO: check
CVE-2022-24774 (CycloneDX BOM Repository Server is a bill of materials (BOM) repositor ...)
- TODO: check
+ NOT-FOR-US: CycloneDX BOM Repository Server
CVE-2022-24773 (Forge (also called `node-forge`) is a native implementation of Transpo ...)
- node-node-forge 1.3.0~dfsg-1
[bullseye] - node-node-forge <no-dsa> (Minor issue)
@@ -9899,7 +9899,7 @@ CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2
CVE-2022-0416
RESERVED
CVE-2022-0415 (Remote Command Execution in uploading repository file in GitHub reposi ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows attacke ...)
{DLA-2913-1}
- xterm 370-2 (bug #1004689)
@@ -10349,7 +10349,7 @@ CVE-2022-24005
CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2022-0386 (A post-auth SQL injection vulnerability in the Mail Manager potentiall ...)
- TODO: check
+ NOT-FOR-US: Sophos Mail Manager
CVE-2022-0385 (The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0384 (The Video Conferencing with Zoom WordPress plugin before 3.8.17 does n ...)
@@ -12878,7 +12878,7 @@ CVE-2021-46392
CVE-2021-46391
RESERVED
CVE-2021-46390 (An access control issue in the authentication module of Lexar_F35 v1.0 ...)
- TODO: check
+ NOT-FOR-US: Lexar
CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...)
NOT-FOR-US: IIPImage High Resolution Streaming Image Server
CVE-2021-46388
@@ -13342,7 +13342,7 @@ CVE-2022-23244
CVE-2022-23243
RESERVED
CVE-2022-23242 (TeamViewer Linux versions before 15.28 do not properly execute a delet ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2022-23241
RESERVED
CVE-2022-23240
@@ -15553,87 +15553,87 @@ CVE-2022-22673
CVE-2022-22672
RESERVED
CVE-2022-22671 (An authentication issue was addressed with improved state management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22670 (An access issue was addressed with improved access restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22669 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22668
RESERVED
CVE-2022-22667 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22666 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22665 (A logic issue was addressed with improved validation. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22664 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22663
RESERVED
CVE-2022-22662
RESERVED
CVE-2022-22661 (A type confusion issue was addressed with improved state handling. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22660 (This issue was addressed with a new entitlement. This issue is fixed i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22659 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22658
RESERVED
CVE-2022-22657 (A memory initialization issue was addressed with improved memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22656 (An authentication issue was addressed with improved state management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22655
RESERVED
CVE-2022-22654 (A user interface issue was addressed. This issue is fixed in watchOS 8 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22653 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22652 (The GSMA authentication panel could be presented on the lock screen. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22651 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22650 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22649
RESERVED
CVE-2022-22648 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22647 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22646
RESERVED
CVE-2022-22645
RESERVED
CVE-2022-22644 (A privacy issue existed in the handling of Contact cards. This was add ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22643 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22642 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22641 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22640 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22639 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22638 (A null pointer dereference was addressed with improved validation. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22637
RESERVED
CVE-2022-22636 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22635 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22634 (A buffer overflow was addressed with improved bounds checking. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22633 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22632 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22631 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22630
RESERVED
CVE-2022-22629
@@ -15641,19 +15641,19 @@ CVE-2022-22629
CVE-2022-22628
RESERVED
CVE-2022-22627 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22626 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22625 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22624
RESERVED
CVE-2022-22623 (Multiple issues were addressed by updating to curl version 7.79.1. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22622 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22621 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22620 (A use after free issue was addressed with improved memory management. ...)
{DSA-5084-1 DSA-5083-1}
- webkit2gtk 2.34.6-1
@@ -15663,51 +15663,51 @@ CVE-2022-22620 (A use after free issue was addressed with improved memory manage
CVE-2022-22619
RESERVED
CVE-2022-22618 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22617 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22616
RESERVED
CVE-2022-22615 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22614 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22613 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22612 (A memory consumption issue was addressed with improved memory handling ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22611 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22610
RESERVED
CVE-2022-22609 (The issue was addressed with additional permissions checks. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22608 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22607 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22606 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22605 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22604 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22603 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22602 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22601 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22600 (The issue was addressed with improved permissions logic. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22599 (Description: A permissions issue was addressed with improved validatio ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22598 (An issue with app access to camera metadata was addressed with improve ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22597 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22596 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22595
RESERVED
CVE-2022-22594 (A cross-origin issue in the IndexDB API was addressed with improved in ...)
@@ -15717,9 +15717,9 @@ CVE-2022-22594 (A cross-origin issue in the IndexDB API was addressed with impro
- wpewebkit 2.34.4-1
NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
CVE-2022-22593 (A buffer overflow issue was addressed with improved memory handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22591 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22589 (A validation issue was addressed with improved input sanitization. Thi ...)
{DSA-5084-1 DSA-5083-1}
- webkit2gtk 2.34.5-1
@@ -15727,17 +15727,17 @@ CVE-2022-22589 (A validation issue was addressed with improved input sanitizatio
- wpewebkit 2.34.5-1
NOTE: https://webkitgtk.org/security/WSA-2022-0002.html
CVE-2022-22588 (A resource exhaustion issue was addressed with improved input validati ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22587 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22586 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22585 (An issue existed within the path validation logic for symlinks. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22584 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22583 (A permissions issue was addressed with improved validation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22582
RESERVED
CVE-2022-22581
@@ -15745,9 +15745,9 @@ CVE-2022-22581
CVE-2022-22580
RESERVED
CVE-2022-22579 (An information disclosure issue was addressed with improved state mana ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22578 (A logic issue was addressed with improved validation. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22577
RESERVED
CVE-2022-22576
@@ -16647,7 +16647,7 @@ CVE-2021-46066
CVE-2021-46065 (A Cross-site scripting (XSS) vulnerability in Secondary Email Field in ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-46064 (IrfanView 4.59 is vulnerable to buffer overflow via the function at ad ...)
- TODO: check
+ NOT-FOR-US: IrfanView
CVE-2021-46063 (MCMS v5.2.5 was discovered to contain a Server Side Template Injection ...)
NOT-FOR-US: MCMS
CVE-2021-46062 (MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulne ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37341d97af3540a7d0a1e069756db3e12cb37724
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37341d97af3540a7d0a1e069756db3e12cb37724
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220323/ae13a6c2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list