[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Oct 1 09:22:42 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e07b2c97 by Salvatore Bonaccorso at 2022-10-01T10:22:15+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2022-42002 (SonicJS through 0.6.0 allows file overwrite. It has the following muta ...)
- TODO: check
+ NOT-FOR-US: SonicJS
CVE-2022-41981
RESERVED
CVE-2022-41977
@@ -12859,7 +12859,7 @@ CVE-2022-36967 (In Progress WS_FTP Server prior to version 8.7.3, multiple refle
CVE-2022-36966
RESERVED
CVE-2022-36965 (Insufficient sanitization of inputs in QoE application input field cou ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2022-36964
RESERVED
CVE-2022-36963
@@ -12867,7 +12867,7 @@ CVE-2022-36963
CVE-2022-36962
RESERVED
CVE-2022-36961 (A vulnerable component of Orion Platform was vulnerable to SQL Injecti ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2022-36960
RESERVED
CVE-2022-36959
@@ -13274,7 +13274,7 @@ CVE-2022-36783
CVE-2022-36782 (Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerabi ...)
NOT-FOR-US: Pal Electronics Systems
CVE-2022-36781 (WiseConnect - ScreenConnect Session Code Bypass. An attacker would hav ...)
- TODO: check
+ NOT-FOR-US: WiseConnect
CVE-2022-36780 (Avdor CIS - crystal quality Credentials Management Errors. The product ...)
NOT-FOR-US: Avdor CIS
CVE-2022-36779 (PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (w ...)
@@ -13967,7 +13967,7 @@ CVE-2022-36450 (Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-
CVE-2022-36449 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
NOT-FOR-US: ARM Mali GPU driver
CVE-2022-36448 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-36447 (An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. ...)
NOT-FOR-US: Chia Network CAT1 Standard
CVE-2022-36446 (software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a U ...)
@@ -14872,9 +14872,9 @@ CVE-2022-36161 (Orange Station 1.0 was discovered to contain a SQL injection vul
CVE-2022-36160
RESERVED
CVE-2022-36159 (Contec FXA3200 version 1.13 and under were discovered to contain a har ...)
- TODO: check
+ NOT-FOR-US: Contec FXA3200
CVE-2022-36158 (Contec FXA3200 version 1.13.00 and under suffers from Insecure Permiss ...)
- TODO: check
+ NOT-FOR-US: Contec FXA3200
CVE-2022-36157 (XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Per ...)
NOT-FOR-US: XXL-JOB
CVE-2022-36156
@@ -15154,11 +15154,11 @@ CVE-2022-36069 (Poetry is a dependency manager for Python. When handling depende
NOTE: https://github.com/python-poetry/poetry/security/advisories/GHSA-9xgj-fcgf-x6mw
TODO: check details, CVE associated with poetry (and fixed in 1.1.9), though changes in poetry-core
CVE-2022-36068 (Discourse is an open source discussion platform. In versions prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2022-36067 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...)
NOT-FOR-US: Node vm2
CVE-2022-36066 (Discourse is an open source discussion platform. In versions prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2022-36065 (GrowthBook is an open-source platform for feature flagging and A/B tes ...)
NOT-FOR-US: GrowthBook
CVE-2022-36064 (Shescape is a shell escape package for JavaScript. An Inefficient Regu ...)
@@ -15253,7 +15253,7 @@ CVE-2022-36027 (TensorFlow is an open source platform for machine learning. When
CVE-2022-36026 (TensorFlow is an open source platform for machine learning. If `Quanti ...)
- tensorflow <itp> (bug #804612)
CVE-2022-36025 (Besu is a Java-based Ethereum client. In versions newer than 22.1.3 an ...)
- TODO: check
+ NOT-FOR-US: Hyperledger Besu
CVE-2022-36024 (py-cord is a an API wrapper for Discord written in Python. Bots creati ...)
NOT-FOR-US: py-cord
CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned distributed led ...)
@@ -15525,7 +15525,7 @@ CVE-2022-35898
CVE-2022-35897
RESERVED
CVE-2022-35896 (An issue SMM memory leak vulnerability in SMM driver (SMRAM was discov ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-35895 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
NOT-FOR-US: Insyde
CVE-2022-35894 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
@@ -15541,7 +15541,7 @@ CVE-2022-35890 (An issue was discovered in Inductive Automation Ignition before
CVE-2022-35889
RESERVED
CVE-2022-35888 (Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow att ...)
- TODO: check
+ NOT-FOR-US: Ampere Altra and Ampere Altra Max devices
CVE-2022-35887
RESERVED
CVE-2022-35886
@@ -17212,7 +17212,7 @@ CVE-2022-35259
CVE-2022-35258
RESERVED
CVE-2022-35257 (A local privilege escalation vulnerability in UI Desktop for Windows ( ...)
- TODO: check
+ NOT-FOR-US: UI Desktop for Windows
CVE-2022-35256 [HTTP Request Smuggling Due to Incorrect Parsing of Header Fields]
RESERVED
- nodejs 18.10.0+dfsg-1
@@ -17487,9 +17487,9 @@ CVE-2022-35158 (A vulnerability in the lua parser of TscanCode tsclua v2.15.01 a
CVE-2022-35157
RESERVED
CVE-2022-35156 (Bus Pass Management System 1.0 was discovered to contain a SQL Injecti ...)
- TODO: check
+ NOT-FOR-US: Bus Pass Management System
CVE-2022-35155 (Bus Pass Management System v1.0 was discovered to contain a reflected ...)
- TODO: check
+ NOT-FOR-US: Bus Pass Management System
CVE-2022-35154 (Shopro Mall System v1.3.8 was discovered to contain a SQL injection vu ...)
NOT-FOR-US: Shopro Mall System
CVE-2022-35153 (FusionPBX 5.0.1 was discovered to contain a command injection vulnerab ...)
@@ -17525,7 +17525,7 @@ CVE-2022-35139
CVE-2022-35138
RESERVED
CVE-2022-35137 (DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain mult ...)
- TODO: check
+ NOT-FOR-US: DGIOT Lightweight industrial IoT
CVE-2022-35136
RESERVED
CVE-2022-35135
@@ -19639,9 +19639,9 @@ CVE-2022-34431
CVE-2022-34430
RESERVED
CVE-2022-34429 (Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34428 (Dell Hybrid Client prior to version 1.8 contains a Regular Expression ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34427
RESERVED
CVE-2022-34426
@@ -19649,7 +19649,7 @@ CVE-2022-34426
CVE-2022-34425
RESERVED
CVE-2022-34424 (Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a v ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34423
RESERVED
CVE-2022-34422
@@ -19709,7 +19709,7 @@ CVE-2022-34396
CVE-2022-34395
RESERVED
CVE-2022-34394 (Dell OS10, version 10.5.3.4, contains an Improper Certificate Validati ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34393
RESERVED
CVE-2022-34392
@@ -20027,7 +20027,7 @@ CVE-2022-2179 (The X-Frame-Options header in Rockwell Automation MicroLogix 1100
CVE-2022-2178
RESERVED
CVE-2022-2177 (Kayrasoft product before version 2 has an unauthenticated SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: Kayrasoft
CVE-2022-2176
RESERVED
CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
@@ -21234,7 +21234,7 @@ CVE-2022-2102 (Controls limiting uploads to certain file extensions may be bypas
CVE-2022-2101 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33880 (hms-staff.php in Projectworlds Hospital Management System Mini-Project ...)
- TODO: check
+ NOT-FOR-US: Projectworlds Hospital Management System Mini-Project
CVE-2022-33879 (The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in ...)
- tika <unfixed> (bug #1015002)
[bullseye] - tika <no-dsa> (Minor issue)
@@ -27851,7 +27851,7 @@ CVE-2022-31369
CVE-2022-31368
RESERVED
CVE-2022-31367 (Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attribute ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2022-31366
RESERVED
CVE-2022-31365
@@ -29307,7 +29307,7 @@ CVE-2022-1718 (The trudesk application allows large characters to insert in the
CVE-2022-30936
RESERVED
CVE-2022-30935 (An authorization bypass in b2evolution allows remote, unauthenticated ...)
- TODO: check
+ NOT-FOR-US: b2evolution CMS
CVE-2022-30934
RESERVED
CVE-2022-30933
@@ -31601,7 +31601,7 @@ CVE-2019-25060 (The WPGraphQL WordPress plugin before 0.3.5 doesn't properly res
CVE-2022-30125
RESERVED
CVE-2022-30124 (An improper authentication vulnerability exists in Rocket.Chat Mobile ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat Mobile App
CVE-2022-30123 [Possible shell escape sequence injection vulnerability in Rack]
RESERVED
{DLA-3095-1}
@@ -31886,9 +31886,9 @@ CVE-2022-30006
CVE-2022-30005
RESERVED
CVE-2022-30004 (Sourcecodester Online Market Place Site v1.0 suffers from an unauthent ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Market Place Site
CVE-2022-30003 (Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Sit ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Market Place Site
CVE-2022-30002 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...)
NOT-FOR-US: Sourcecodester Insurance Management System
CVE-2022-30001 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...)
@@ -34671,7 +34671,7 @@ CVE-2022-29091 (Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.
CVE-2022-29090 (Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data E ...)
NOT-FOR-US: Dell Wyse Management Suite
CVE-2022-29089 (Dell Networking OS10, versions prior to October 2021 with Smart Fabric ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-29088
RESERVED
CVE-2022-29087
@@ -35350,7 +35350,7 @@ CVE-2022-28853 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earli
CVE-2022-28852 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
NOT-FOR-US: Adobe
CVE-2022-28851 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28850 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...)
NOT-FOR-US: Adobe
CVE-2022-28849 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Us ...)
@@ -35661,9 +35661,9 @@ CVE-2022-28724
CVE-2022-28723
RESERVED
CVE-2022-28722 (Certain HP Print Products are potentially vulnerable to Buffer Overflo ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-28721 (Certain HP Print Products are potentially vulnerable to Remote Code Ex ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-28720
RESERVED
CVE-2022-28711 (A memory corruption vulnerability exists in the cgi.c unescape functio ...)
@@ -41672,7 +41672,7 @@ CVE-2022-26709
CVE-2022-26708 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2022-26707 (An issue in the handling of environment variables was addressed with i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-26706 (An access issue was addressed with additional sandbox restrictions on ...)
NOT-FOR-US: Apple
CVE-2022-26705
@@ -43440,7 +43440,7 @@ CVE-2022-26114 (An improper neutralization of input during web page generation v
CVE-2022-26113 (An execution with unnecessary privileges vulnerability [CWE-250] in Fo ...)
NOT-FOR-US: Fortinet
CVE-2022-26112 (In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and ...)
- TODO: check
+ NOT-FOR-US: Apache Pinot
CVE-2022-26042 (An OS command injection vulnerability exists in the daretools binary f ...)
NOT-FOR-US: InHand Networks InRouter302
CVE-2022-26007 (An OS command injection vulnerability exists in the console factory fu ...)
@@ -51303,7 +51303,7 @@ CVE-2022-23728 (Attacker can reset the device with AT Command in the process of
CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS TVs. Due t ...)
NOT-FOR-US: LG
CVE-2022-23726 (PingCentral versions prior to listed versions expose Spring Boot actua ...)
- TODO: check
+ NOT-FOR-US: pingidentity
CVE-2022-23725 (PingID Windows Login prior to 2.8 does not properly set permissions on ...)
NOT-FOR-US: pingidentity
CVE-2022-23724 (Use of static encryption key material allows forging an authentication ...)
@@ -53292,7 +53292,7 @@ CVE-2022-23146
CVE-2022-23145
RESERVED
CVE-2022-23144 (There is a broken access control vulnerability in ZTE ZXvSTB product. ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2022-23143
RESERVED
CVE-2022-23142 (ZXEN CG200 has a DoS vulnerability. An attacker could construct and se ...)
@@ -53732,7 +53732,7 @@ CVE-2022-23008 (On NGINX Controller API Management versions 3.18.0-3.19.0, an au
CVE-2022-23007
RESERVED
CVE-2022-23006 (A stack-based buffer overflow vulnerability was found on Western Digit ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-23005
RESERVED
CVE-2022-23004 (When computing a shared secret or point multiplication on the NIST P-2 ...)
@@ -55353,7 +55353,7 @@ CVE-2022-22612 (A memory consumption issue was addressed with improved memory ha
CVE-2022-22611 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2022-22610 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22609 (The issue was addressed with additional permissions checks. This issue ...)
NOT-FOR-US: Apple
CVE-2022-22608 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
@@ -60989,7 +60989,7 @@ CVE-2022-21828 (A user with high privilege access to the Incapptic Connect web c
CVE-2022-21827 (An improper privilege vulnerability has been discovered in Citrix Gate ...)
NOT-FOR-US: Citrix
CVE-2022-21826 (Pulse Secure version 9.115 and below may be susceptible to client-side ...)
- TODO: check
+ NOT-FOR-US: Pulse Secure
CVE-2022-21825 (An Improper Access Control vulnerability exists in Citrix Workspace Ap ...)
NOT-FOR-US: Citrix
CVE-2022-21823 (A insecure storage of sensitive information vulnerability exists in Iv ...)
@@ -67434,7 +67434,7 @@ CVE-2022-20947
CVE-2022-20946
RESERVED
CVE-2022-20945 (A vulnerability in the 802.11 association frame validation of Cisco Ca ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20944
RESERVED
CVE-2022-20943
@@ -67464,7 +67464,7 @@ CVE-2022-20932
CVE-2022-20931
RESERVED
CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20929
RESERVED
CVE-2022-20928
@@ -67486,7 +67486,7 @@ CVE-2022-20921 (A vulnerability in the API implementation of Cisco ACI Multi-Sit
CVE-2022-20920
RESERVED
CVE-2022-20919 (A vulnerability in the processing of malformed Common Industrial Proto ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20918
RESERVED
CVE-2022-20917
@@ -67612,9 +67612,9 @@ CVE-2022-20858 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an
CVE-2022-20857 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unaut ...)
NOT-FOR-US: Cisco
CVE-2022-20856 (A vulnerability in the processing of Control and Provisioning of Wirel ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20855 (A vulnerability in the self-healing functionality of Cisco IOS XE Soft ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20854
RESERVED
CVE-2022-20853
@@ -67622,21 +67622,21 @@ CVE-2022-20853
CVE-2022-20852 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...)
NOT-FOR-US: Cisco
CVE-2022-20851 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20850 (A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20849
RESERVED
CVE-2022-20848 (A vulnerability in the UDP processing functionality of Cisco IOS XE So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20847 (A vulnerability in the DHCP processing functionality of Cisco IOS XE W ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20846
RESERVED
CVE-2022-20845
RESERVED
CVE-2022-20844 (A vulnerability in authentication mechanism of Cisco Software-Defined ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20843
RESERVED
CVE-2022-20842 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
@@ -67688,7 +67688,7 @@ CVE-2022-20820 (Multiple vulnerabilities in the web interface of Cisco Webex Mee
CVE-2022-20819 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2022-20818 (Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could all ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20817 (A vulnerability in Cisco Unified IP Phones could allow an unauthentica ...)
NOT-FOR-US: Cisco
CVE-2022-20816 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -67704,7 +67704,7 @@ CVE-2022-20812 (Multiple vulnerabilities in the API and in the web-based managem
CVE-2022-20811
RESERVED
CVE-2022-20810 (A vulnerability in the Simple Network Management Protocol (SNMP) of Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20809 (Multiple vulnerabilities in the API and web-based management interface ...)
NOT-FOR-US: Cisco
CVE-2022-20808 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) ...)
@@ -67788,7 +67788,7 @@ CVE-2022-20777 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure
CVE-2022-20776
RESERVED
CVE-2022-20775 (Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could all ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20774 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
NOT-FOR-US: Cisco
CVE-2022-20773 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...)
@@ -67808,7 +67808,7 @@ CVE-2022-20770 (On April 20, 2022, the following vulnerability in the ClamAV sca
[buster] - clamav 0.103.6+dfsg-0+deb10u1
NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
CVE-2022-20769 (A vulnerability in the authentication functionality of Cisco Wireless ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20768 (A vulnerability in the logging component of Cisco TelePresence Collabo ...)
NOT-FOR-US: Cisco
CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco Firepow ...)
@@ -67890,7 +67890,7 @@ CVE-2022-20730 (A vulnerability in the Security Intelligence feed feature of Cis
CVE-2022-20729 (A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Softwar ...)
NOT-FOR-US: Cisco Firepower
CVE-2022-20728 (A vulnerability in the client forwarding code of multiple Cisco Access ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20727 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...)
NOT-FOR-US: Cisco IOx
CVE-2022-20726 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...)
@@ -68027,7 +68027,7 @@ CVE-2022-20664 (A vulnerability in the web management interface of Cisco Secure
CVE-2022-20663
RESERVED
CVE-2022-20662 (A vulnerability in the smart card login authentication of Cisco Duo fo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20661 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...)
NOT-FOR-US: Cisco
CVE-2022-20660 (A vulnerability in the information storage architecture of several Cis ...)
@@ -70399,33 +70399,33 @@ CVE-2022-20400 (In cd_CodeMsg of cd_codec.c, there is a possible out of bounds w
CVE-2022-20399 (In the SEPolicy configuration of system apps, there is a possible acce ...)
NOT-FOR-US: Android
CVE-2022-20398 (In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20397
RESERVED
CVE-2022-20396 (In SettingsActivity.java, there is a possible way to make a device dis ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20395 (In checkAccess of MediaProvider.java, there is a possible file deletio ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20394
RESERVED
CVE-2022-20393 (In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20392 (In declareDuplicatePermission of ParsedPermissionUtils.java, there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20391 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20390 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20389 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20388 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20387 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20386 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20385 (a function called 'nla_parse', do not check the len of para, it will c ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20384 (Product: AndroidVersions: Android kernelAndroid ID: A-211727306Referen ...)
NOT-FOR-US: Android
CVE-2022-20383 (In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a pos ...)
@@ -70472,7 +70472,7 @@ CVE-2022-20366 (In ioctl_dpm_clk_update of lwis_ioctl.c, there is a possible out
CVE-2022-20365 (Product: AndroidVersions: Android kernelAndroid ID: A-229632566Referen ...)
NOT-FOR-US: Android
CVE-2022-20364 (In sysmmu_unmap of TBD, there is a possible out of bounds write due to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20363
RESERVED
CVE-2022-20362 (In Bluetooth, there is a possible out of bounds write due to an intege ...)
@@ -70738,7 +70738,7 @@ CVE-2022-20233 (In param_find_digests_internal and related functions of the Tita
CVE-2022-20232
RESERVED
CVE-2022-20231 (In smc_intc_request_fiq of arm_gic.c, there is a possible out of bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20230 (In choosePrivateKeyAlias of KeyChain.java, there is a possible access ...)
NOT-FOR-US: Android
CVE-2022-20229 (In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e07b2c9714657b4fd9f81341a5c6586139b7d2f7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e07b2c9714657b4fd9f81341a5c6586139b7d2f7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221001/f277250b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list