[Git][security-tracker-team/security-tracker][master] Process various NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 17 22:08:51 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
87e0af68 by Salvatore Bonaccorso at 2022-11-17T23:08:24+01:00
Process various NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17469,7 +17469,7 @@ CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The vulnerabilit
[buster] - gajim <no-dsa> (Minor issue, intrusive to backport)
NOTE: https://dev.gajim.org/gajim/gajim/-/commit/af02c6bd53fad4e0065951597bd7ec801c002067 (1.5.0)
CVE-2022-39834 (A stored XSS vulnerability was discovered in adminweb/ra/viewendentity ...)
- TODO: check
+ NOT-FOR-US: PrimeKey EJBCA
CVE-2022-39833
RESERVED
CVE-2022-39832 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...)
@@ -18446,7 +18446,7 @@ CVE-2022-39385 (Discourse is the an open source discussion platform. In some rar
CVE-2022-39384 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
NOT-FOR-US: OpenZeppelin
CVE-2022-39383 (KubeVela is an open source application delivery platform. Users using ...)
- TODO: check
+ NOT-FOR-US: KubeVela
CVE-2022-39382 (Keystone is a headless CMS for Node.js — built with GraphQL and ...)
NOT-FOR-US: Keystone CMS
CVE-2022-39381 (Muhammara is a node module with c/cpp bindings to modify PDF with js f ...)
@@ -25485,7 +25485,7 @@ CVE-2022-36940
CVE-2022-36939
RESERVED
CVE-2022-36938 (DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b ...)
- TODO: check
+ NOT-FOR-US: ReDex (Android Bytecode Optimizer)
CVE-2022-36937
RESERVED
CVE-2022-36936
@@ -26554,7 +26554,7 @@ CVE-2022-36434
CVE-2022-36433
RESERVED
CVE-2022-36432 (The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Mag ...)
- TODO: check
+ NOT-FOR-US: Amasty Blog Pro plugin for Magento
CVE-2022-36431
RESERVED
CVE-2022-36430
@@ -32502,7 +32502,7 @@ CVE-2022-34327
CVE-2022-34326 (In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek R ...)
NOT-FOR-US: Realtek
CVE-2022-34325 (DMA transactions which are targeted at input buffers used for the Stor ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-34324
RESERVED
CVE-2022-34323
@@ -33389,15 +33389,15 @@ CVE-2022-33987 (The got package before 12.1.0 (also fixed in 11.8.5) for Node.js
NOTE: https://github.com/sindresorhus/got/pull/2047
NOTE: Fixed by: https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc (v12.1.0)
CVE-2022-33986 (DMA attacks on the parameter buffer used by the VariableRuntimeDxe sof ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-33985 (DMA transactions which are targeted at input buffers used for the NvmE ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-33984 (DMA transactions which are targeted at input buffers used for the SdMm ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-33983 (DMA transactions which are targeted at input buffers used for the NvmE ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-33982 (DMA attacks on the parameter buffer used by the Int15ServiceSmm softwa ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-33976
RESERVED
CVE-2022-33973 (Improper access control in the Intel(R) WAPI Security software for Win ...)
@@ -33772,15 +33772,15 @@ CVE-2022-33911 (An issue was discovered in Couchbase Server 7.x before 7.0.4. Fi
CVE-2022-33910 (An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers ...)
- mantis <removed>
CVE-2022-33909 (DMA transactions which are targeted at input buffers used for the HddP ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-33908 (DMA transactions which are targeted at input buffers used for the SdHo ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-33907 (DMA transactions which are targeted at input buffers used for the soft ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-33906 (DMA transactions which are targeted at input buffers used for the FwBl ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-33905 (DMA transactions which are targeted at input buffers used for the Ahci ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-33904
RESERVED
CVE-2022-33903 (Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging ...)
@@ -37760,9 +37760,9 @@ CVE-2022-32269 (In Real Player 20.0.8.310, the G2 Control allows injection of un
CVE-2022-32268 (StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A fl ...)
NOT-FOR-US: StarWind SAN and NAS
CVE-2022-32267 (DMA transactions which are targeted at input buffers used for the SmmR ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-32266 (DMA attacks on the parameter buffer used by a software SMI handler use ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-32265 (qDecoder before 12.1.0 does not ensure that the percent character is f ...)
NOT-FOR-US: qDecoder
CVE-2022-32264 (** UNSUPPORTED WHEN ASSIGNED ** sys/netinet/tcp_timer.h in FreeBSD bef ...)
@@ -40845,7 +40845,7 @@ CVE-2022-31245 (mailcow before 2022-05d allows a remote authenticated user to in
CVE-2022-31244
RESERVED
CVE-2022-31243 (Update description and links DMA transactions which are targeted at in ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-31242
RESERVED
CVE-2022-31241
@@ -42350,13 +42350,13 @@ CVE-2022-30776 (atmail 6.5.0 allows XSS via the index.php/admin/index/ error par
CVE-2022-30775 (xpdf 4.04 allocates excessive memory when presented with crafted input ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2022-30774 (DMA attacks on the parameter buffer used by the PnpSmm driver could ch ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-30773 (DMA attacks on the parameter buffer used by the IhisiSmm driver could ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-30772 (Manipulation of the input address in PnpSmm function 0x52 could be use ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-30771 (Initialization function in PnpSmm could lead to SMRAM corruption when ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-30770 (Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and ...)
NOT-FOR-US: Terminalfour
CVE-2022-30769 (Session fixation exists in ZoneMinder through 1.36.12 as an attacker c ...)
@@ -43815,7 +43815,7 @@ CVE-2022-30285 (In Quest KACE Systems Management Appliance (SMA) through 12.0, a
CVE-2022-30284 (** DISPUTED ** In the python-libnmap package through 0.7.2 for Python, ...)
NOTE: Bogus python-libnmap issue
CVE-2022-30283 (In UsbCoreDxe, tampering with the contents of the USB working buffer u ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-30282
RESERVED
CVE-2022-30281
@@ -46724,15 +46724,15 @@ CVE-2022-29281 (Notable before 1.9.0-beta.8 doesn't effectively prevent the open
CVE-2022-29280
REJECTED
CVE-2022-29279 (Use of a untrusted pointer allows tampering with SMRAM and OS memory i ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-29278 (Incorrect pointer checks within the NvmExpressDxe driver can allow tam ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-29277 (Incorrect pointer checks within the the FwBlockServiceSmm driver can a ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-29276 (SMI functions in AhciBusDxe use untrusted inputs leading to corruption ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-29275 (In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-29274
RESERVED
CVE-2022-29273
@@ -48193,7 +48193,7 @@ CVE-2022-28766
CVE-2022-28765
RESERVED
CVE-2022-28764 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28763 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...)
NOT-FOR-US: Zoom
CVE-2022-28762 (Zoom Client for Meetings for macOS (Standard and for IT Admin) startin ...)
@@ -50915,9 +50915,9 @@ CVE-2022-27898
CVE-2022-27897
RESERVED
CVE-2022-27896 (Information Exposure Through Log Files vulnerability discovered in Fou ...)
- TODO: check
+ NOT-FOR-US: Foundry Code-Workbooks
CVE-2022-27895 (Information Exposure Through Log Files vulnerability discovered in Fou ...)
- TODO: check
+ NOT-FOR-US: Foundry
CVE-2022-27894 (The Foundry Blobster service was found to have a cross-site scripting ...)
NOT-FOR-US: Foundry Blobster service
CVE-2022-27893 (The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - ...)
@@ -57027,11 +57027,11 @@ CVE-2022-25745
CVE-2022-25744
RESERVED
CVE-2022-25743 (Memory corruption in graphics due to use-after-free while importing gr ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25742 (Denial of service in modem due to infinite loop while parsing IGMPv2 p ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25741 (Denial of service in WLAN due to potential null pointer dereference wh ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25740
RESERVED
CVE-2022-25739
@@ -57059,13 +57059,13 @@ CVE-2022-25729
CVE-2022-25728
RESERVED
CVE-2022-25727 (Memory Corruption in modem due to improper length check while copying ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25726
RESERVED
CVE-2022-25725
RESERVED
CVE-2022-25724 (Memory corruption in graphics due to buffer overflow while validating ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25723 (Memory corruption in multimedia due to use after free during callback ...)
NOT-FOR-US: Snapdragon
CVE-2022-25722
@@ -57093,7 +57093,7 @@ CVE-2022-25712
CVE-2022-25711
RESERVED
CVE-2022-25710 (Denial of service due to null pointer dereference when GATT is disconn ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25709
RESERVED
CVE-2022-25708 (Memory corruption in WLAN due to buffer copy without checking size of ...)
@@ -57155,23 +57155,23 @@ CVE-2022-25681
CVE-2022-25680 (Memory corruption in multimedia due to buffer overflow while processin ...)
NOT-FOR-US: Snapdragon
CVE-2022-25679 (Denial of service in video due to improper access control in broadcast ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25678
RESERVED
CVE-2022-25677
RESERVED
CVE-2022-25676 (Information disclosure in video due to buffer over-read while parsing ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25675
RESERVED
CVE-2022-25674 (Cryptographic issues in WLAN during the group key handshake of the WPA ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25673
RESERVED
CVE-2022-25672
RESERVED
CVE-2022-25671 (Denial of service in MODEM due to reachable assertion in Snapdragon Mo ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25670 (Denial of service in WLAN HOST due to buffer over read while unpacking ...)
NOT-FOR-US: Qualcomm
CVE-2022-25669 (Denial of service in video due to buffer over read while parsing MP4 c ...)
@@ -57179,7 +57179,7 @@ CVE-2022-25669 (Denial of service in video due to buffer over read while parsing
CVE-2022-25668 (Memory corruption in video driver due to double free while parsing ASF ...)
NOT-FOR-US: Snapdragon
CVE-2022-25667 (Information disclosure in kernel due to improper handling of ICMP requ ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25666 (Memory corruption due to use after free in service while trying to acc ...)
NOT-FOR-US: Snapdragon
CVE-2022-25665 (Information disclosure due to buffer over read in kernel in Snapdragon ...)
@@ -59391,7 +59391,7 @@ CVE-2022-24944
CVE-2022-24943
RESERVED
CVE-2022-24942 (Heap based buffer overflow in HTTP Server functionality in Micrium uC- ...)
- TODO: check
+ NOT-FOR-US: Micrium uC-HTTP
CVE-2022-24941
RESERVED
CVE-2022-24940
@@ -59399,9 +59399,9 @@ CVE-2022-24940
CVE-2022-24939
RESERVED
CVE-2022-24938 (A malformed packet causes a stack overflow in the Ember ZNet stack. Th ...)
- TODO: check
+ NOT-FOR-US: Ember ZNet
CVE-2022-24937 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
- TODO: check
+ NOT-FOR-US: Ember ZNet
CVE-2022-24936 (Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader ver ...)
NOT-FOR-US: Silicon Labs Gecko Bootloader
CVE-2022-24935 (Lexmark products through 2022-02-10 have Incorrect Access Control. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87e0af6877b4e9f4264ddedbe0d37007e6529aaf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87e0af6877b4e9f4264ddedbe0d37007e6529aaf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221117/01ab4de2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list