[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 9 15:58:34 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e451f2c1 by Salvatore Bonaccorso at 2022-11-09T16:57:57+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13612,7 +13612,7 @@ CVE-2022-40799
 CVE-2022-40798 (OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a req ...)
 	NOT-FOR-US: OcoMon
 CVE-2022-40797 (Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, be ...)
-	TODO: check
+	NOT-FOR-US: Roxy Fileman
 CVE-2022-40796
 	RESERVED
 CVE-2022-40795
@@ -16933,7 +16933,7 @@ CVE-2022-39392
 CVE-2022-39391
 	RESERVED
 CVE-2022-39390 (Octocat.js is a library used to render a set of options into an SVG. V ...)
-	TODO: check
+	NOT-FOR-US: Octocat.js
 CVE-2022-39389
 	RESERVED
 CVE-2022-39388
@@ -29543,13 +29543,13 @@ CVE-2022-34827
 CVE-2022-34826 (In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passp ...)
 	NOT-FOR-US: Couchbase Server
 CVE-2022-34825 (Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and e ...)
-	TODO: check
+	NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER
 CVE-2022-34824 (Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for ...)
-	TODO: check
+	NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER
 CVE-2022-34823 (Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earl ...)
-	TODO: check
+	NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER
 CVE-2022-34822 (Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earli ...)
-	TODO: check
+	NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER
 CVE-2022-2259
 	RESERVED
 CVE-2022-2258
@@ -41657,7 +41657,7 @@ CVE-2022-30517 (Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). ...)
 CVE-2022-30516 (In Hospital-Management-System v1.0, the editid parameter in the doctor ...)
 	NOT-FOR-US: Hospital-Management-System
 CVE-2022-30515 (ZKTeco BioTime 8.5.4 is missing authentication on folders containing e ...)
-	TODO: check
+	NOT-FOR-US: ZKTeco BioTime
 CVE-2022-30514 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...)
 	NOT-FOR-US: School Dormitory Management System
 CVE-2022-30513 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...)
@@ -50383,19 +50383,19 @@ CVE-2022-27518
 CVE-2022-27517
 	RESERVED
 CVE-2022-27516 (User login brute force protection functionality bypass ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2022-27515
 	RESERVED
 CVE-2022-27514
 	RESERVED
 CVE-2022-27513 (Remote desktop takeover via phishing ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2022-27512 (Temporary disruption of the ADM license service. The impact of this in ...)
 	NOT-FOR-US: Citrix
 CVE-2022-27511 (Corruption of the system by a remote, unauthenticated user. The impact ...)
 	NOT-FOR-US: Citrix
 CVE-2022-27510 (Unauthorized access to Gateway user capabilities ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2022-27509 (Unauthenticated redirection to a malicious website ...)
 	NOT-FOR-US: Citrix
 CVE-2022-27508
@@ -53427,7 +53427,7 @@ CVE-2022-26448 (In apusys, there is a possible out of bounds write due to a miss
 CVE-2022-26447 (In BT firmware, there is a possible out of bounds write due to a missi ...)
 	NOT-FOR-US: Mediatek
 CVE-2022-26446 (In Modem 4G RRC, there is a possible system crash due to improper inpu ...)
-	TODO: check
+	NOT-FOR-US: Mediatek
 CVE-2022-26445 (In wifi driver, there is a possible out of bounds write due to a missi ...)
 	NOT-FOR-US: MediaTek
 CVE-2022-26444 (In wifi driver, there is a possible out of bounds write due to a missi ...)
@@ -74075,7 +74075,7 @@ CVE-2022-21780 (In WLAN driver, there is a possible out of bounds write due to a
 CVE-2022-21779 (In WLAN driver, there is a possible out of bounds write due to a missi ...)
 	NOT-FOR-US: MediaTek driver for Android
 CVE-2022-21778 (In vpu, there is a possible information disclosure due to an incorrect ...)
-	TODO: check
+	NOT-FOR-US: Mediatek
 CVE-2022-21777 (In Autoboot, there is a possible permission bypass due to a missing pe ...)
 	NOT-FOR-US: MediaTek driver for Android
 CVE-2022-21776 (In MDP, there is a possible use after free due to a race condition. Th ...)
@@ -81443,13 +81443,13 @@ CVE-2022-20467
 CVE-2022-20466
 	RESERVED
 CVE-2022-20465 (In dismiss and related functions of KeyguardHostViewController.java an ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20464 (In various functions of ap_input_processor.c, there is a possible way  ...)
 	NOT-FOR-US: Android
 CVE-2022-20463 (In factoryReset of WifiServiceImpl, there is a possible way to preserv ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20462 (In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible o ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20461
 	RESERVED
 CVE-2022-20460
@@ -81459,31 +81459,31 @@ CVE-2022-20459
 CVE-2022-20458
 	RESERVED
 CVE-2022-20457 (In getMountModeInternal of StorageManagerService.java, there is a poss ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20456
 	RESERVED
 CVE-2022-20455
 	RESERVED
 CVE-2022-20454 (In fdt_next_tag of fdt.c, there is a possible out of bounds write due  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20453 (In update of MmsProvider.java, there is a possible constriction of dir ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20452 (In initializeFromParcelLocked of BaseBundle.java, there is a possible  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20451 (In onCallRedirectionComplete of CallsManager.java, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20450 (In restorePermissionState of PermissionManagerServiceImpl.java, there  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20449
 	RESERVED
 CVE-2022-20448 (In buzzBeepBlinkLocked of NotificationManagerService.java, there is a  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20447 (In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20446 (In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20445 (In process_service_search_rsp of sdp_discovery.cc, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20444
 	RESERVED
 CVE-2022-20443
@@ -81491,7 +81491,7 @@ CVE-2022-20443
 CVE-2022-20442
 	RESERVED
 CVE-2022-20441 (In navigateUpTo of Task.java, there is a possible way to launch an une ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20440 (In Messaging, There has unauthorized broadcast, this could cause Local ...)
 	NOT-FOR-US: Android
 CVE-2022-20439 (In Messaging, There has unauthorized provider, this could cause Local  ...)
@@ -81521,7 +81521,7 @@ CVE-2022-20428
 CVE-2022-20427
 	RESERVED
 CVE-2022-20426 (In multiple functions of many files, there is a possible obstruction o ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20425 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...)
 	NOT-FOR-US: Android
 CVE-2022-20424
@@ -81558,7 +81558,7 @@ CVE-2022-20416 (In audioTransportsToHal of HidlUtils.cpp, there is a possible ou
 CVE-2022-20415 (In handleFullScreenIntent of StatusBarNotificationActivityStarter.java ...)
 	NOT-FOR-US: Android
 CVE-2022-20414 (In setImpl of AlarmManagerService.java, there is a possible way to put ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20413 (In start of Threads.cpp, there is a possible way to record audio durin ...)
 	NOT-FOR-US: Android
 CVE-2022-20412 (In fdt_next_tag of fdt.c, there is a possible out of bounds read due t ...)
@@ -89664,7 +89664,7 @@ CVE-2021-39663 (In openFileAndEnforcePathPermissionsHelper of MediaProvider.java
 CVE-2021-39662 (In checkUriPermission of MediaProvider.java , there is a possible way  ...)
 	NOT-FOR-US: Android
 CVE-2021-39661 (In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, the ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2021-39660
 	RESERVED
 CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, ...)
@@ -148201,7 +148201,7 @@ CVE-2020-28337 (A directory traversal issue in the Utils/Unzip module in Microwe
 CVE-2020-28336
 	RESERVED
 CVE-2021-1050 (In MMU_UnmapPages of the PowerVR kernel driver, there is a possible ou ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2021-1049 (Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ...)
 	NOT-FOR-US: Unisoc
 CVE-2021-1048 (In ep_loop_check_proc of eventpoll.c, there is a possible way to corru ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e451f2c1fc3543e1a7537822a6adcfd9d8f0e967

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e451f2c1fc3543e1a7537822a6adcfd9d8f0e967
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221109/edcd9011/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list