[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 12 17:34:51 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
368a4f7e by Salvatore Bonaccorso at 2022-10-12T18:34:22+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17864,7 +17864,7 @@ CVE-2022-35831 (Windows Remote Access Connection Manager Information Disclosure
CVE-2022-35830 (Remote Procedure Call Runtime Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-35829 (Service Fabric Explorer Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35828 (Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnera ...)
NOT-FOR-US: Microsoft
CVE-2022-35827 (Visual Studio Remote Code Execution Vulnerability. This CVE ID is uniq ...)
@@ -17982,7 +17982,7 @@ CVE-2022-35772 (Azure Site Recovery Remote Code Execution Vulnerability. This CV
CVE-2022-35771 (Windows Defender Credential Guard Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2022-35770 (Windows NTLM Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35769 (Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-35768 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
@@ -20990,7 +20990,7 @@ CVE-2022-34691 (Active Directory Domain Services Elevation of Privilege Vulnerab
CVE-2022-34690 (Windows Fax Service Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-34689 (Windows CryptoAPI Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34688
RESERVED
CVE-2022-34687 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
@@ -21746,23 +21746,23 @@ CVE-2022-34436
CVE-2022-34435
RESERVED
CVE-2022-34434 (Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34433
RESERVED
CVE-2022-34432 (Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34431 (Dell Hybrid Client below 1.8 version contains a guest user profile cor ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34430 (Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34429 (Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability ...)
NOT-FOR-US: Dell
CVE-2022-34428 (Dell Hybrid Client prior to version 1.8 contains a Regular Expression ...)
NOT-FOR-US: Dell
CVE-2022-34427 (Dell Container Storage Modules 1.2 contains an OS Command Injection in ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34426 (Dell Container Storage Modules 1.2 contains an Improper Limitation of ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34425 (Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vu ...)
NOT-FOR-US: Dell
CVE-2022-34424 (Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a v ...)
@@ -23900,7 +23900,7 @@ CVE-2022-33647 (Windows Kerberos Elevation of Privilege Vulnerability. This CVE
CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-33645 (Windows TCP/IP Driver Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-33644 (Xbox Live Save Service Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-33643 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
@@ -23920,9 +23920,9 @@ CVE-2022-33637 (Microsoft Defender for Endpoint Tampering Vulnerability. ...)
CVE-2022-33636 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-33635 (Windows GDI+ Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-33634 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-33633 (Skype for Business and Lync Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Skype for Business and Lync
CVE-2022-33632 (Microsoft Office Security Feature Bypass Vulnerability. ...)
@@ -26599,7 +26599,7 @@ CVE-2022-32494
CVE-2022-32493
RESERVED
CVE-2022-32492 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32491
RESERVED
CVE-2022-32490
@@ -26611,7 +26611,7 @@ CVE-2022-32488
CVE-2022-32487
RESERVED
CVE-2022-32486 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32485
RESERVED
CVE-2022-32484
@@ -27594,9 +27594,9 @@ CVE-2022-32177
CVE-2022-32176
RESERVED
CVE-2022-32175 (In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: AdGuardHome
CVE-2022-32174 (In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2022-32173 (In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow ...)
NOT-FOR-US: Orchard CMS
CVE-2022-32172 (In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross ...)
@@ -28635,9 +28635,9 @@ CVE-2022-31768 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL inje
CVE-2022-31767 (IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker t ...)
NOT-FOR-US: IBM
CVE-2022-31766 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-31765 (Affected devices do not properly authorize the change password functio ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-31764
RESERVED
CVE-2022-1925 (DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decom ...)
@@ -29002,11 +29002,11 @@ CVE-2022-31684
CVE-2022-31683
RESERVED
CVE-2022-31682 (VMware Aria Operations contains an arbitrary file read vulnerability. ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31681 (VMware ESXi contains a null-pointer deference vulnerability. A malicio ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31680 (The vCenter Server contains an unsafe deserialisation vulnerability in ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31679 (Applications that allow HTTP PATCH access to resources exposed by Spri ...)
TODO: check
CVE-2022-31678
@@ -33540,7 +33540,7 @@ CVE-2022-30200 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code
CVE-2022-30199
RESERVED
CVE-2022-30198 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-30197 (Windows Kernel Information Disclosure Vulnerability. This CVE ID is un ...)
NOT-FOR-US: Microsoft
CVE-2022-30196 (Windows Secure Channel Denial of Service Vulnerability. This CVE ID is ...)
@@ -36923,7 +36923,7 @@ CVE-2022-29057 (A improper neutralization of input during web page generation ('
CVE-2022-29056
RESERVED
CVE-2022-29055 (A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-29054
RESERVED
CVE-2022-29053 (A missing cryptographic steps vulnerability [CWE-325] in the functions ...)
@@ -37450,7 +37450,7 @@ CVE-2022-28868 (An Address bar spoofing vulnerability was discovered in Safe Bro
CVE-2022-28867
RESERVED
CVE-2022-28866 (Multiple Improper Access Control was discovered in Nokia AirFrame BMC ...)
- TODO: check
+ NOT-FOR-US: Nokia AirFrame BMC Web GUI
CVE-2022-28865
RESERVED
CVE-2022-28864
@@ -45550,7 +45550,7 @@ CVE-2022-26125 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0
CVE-2022-26122
RESERVED
CVE-2022-26121 (An exposure of resource to wrong sphere vulnerability [CWE-668] in For ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-26120 (Multiple improper neutralization of special elements used in an SQL Co ...)
NOT-FOR-US: Fortinet
CVE-2022-26119
@@ -50292,7 +50292,7 @@ CVE-2022-24506 (Azure Site Recovery Elevation of Privilege Vulnerability. This C
CVE-2022-24505 (Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is uniq ...)
NOT-FOR-US: Microsoft
CVE-2022-24504 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24503 (Remote Desktop Protocol Client Information Disclosure Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-24502 (Windows HTML Platforms Security Feature Bypass Vulnerability. ...)
@@ -61536,7 +61536,7 @@ CVE-2022-22037 (Windows Advanced Local Procedure Call Elevation of Privilege Vul
CVE-2022-22036 (Performance Counters for Windows Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-22035 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-22034 (Windows Graphics Component Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-22033
@@ -65349,7 +65349,7 @@ CVE-2021-44173
CVE-2021-44172
RESERVED
CVE-2021-44171 (A improper neutralization of special elements used in an os command (' ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-44170 (A stack-based buffer overflow vulnerability [CWE-121] in the command l ...)
NOT-FOR-US: Fortinet
CVE-2021-44169 (A improper initialization in Fortinet FortiClient (Windows) version 6. ...)
@@ -68925,9 +68925,9 @@ CVE-2021-43364
CVE-2021-43363
RESERVED
CVE-2021-43362 (Due to improper sanitization MedData HBYS software suffers from a remo ...)
- TODO: check
+ NOT-FOR-US: MedData HBYS software
CVE-2021-43361 (Due to improper sanitization MedData HBYS software suffers from a remo ...)
- TODO: check
+ NOT-FOR-US: MedData HBYS software
CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule’s serialization functi ...)
NOT-FOR-US: Sunnet eHRD
CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allows a re ...)
@@ -69584,7 +69584,7 @@ CVE-2022-20946
CVE-2022-20945 (A vulnerability in the 802.11 association frame validation of Cisco Ca ...)
NOT-FOR-US: Cisco
CVE-2022-20944 (A vulnerability in the software image verification functionality of Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20943
RESERVED
CVE-2022-20942
@@ -69632,7 +69632,7 @@ CVE-2022-20922
CVE-2022-20921 (A vulnerability in the API implementation of Cisco ACI Multi-Site Orch ...)
NOT-FOR-US: Cisco
CVE-2022-20920 (A vulnerability in the SSH implementation of Cisco IOS Software and Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20919 (A vulnerability in the processing of malformed Common Industrial Proto ...)
NOT-FOR-US: Cisco
CVE-2022-20918
@@ -69642,7 +69642,7 @@ CVE-2022-20917
CVE-2022-20916 (A vulnerability in the web-based management interface of Cisco IoT Con ...)
NOT-FOR-US: Cisco
CVE-2022-20915 (A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) wit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20914 (A vulnerability in the External RESTful Services (ERS) API of Cisco Id ...)
NOT-FOR-US: Cisco
CVE-2022-20913 (A vulnerability in Cisco Nexus Dashboard could allow an authenticated, ...)
@@ -69732,7 +69732,7 @@ CVE-2022-20872
CVE-2022-20871
RESERVED
CVE-2022-20870 (A vulnerability in the egress MPLS packet processing function of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20869 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
NOT-FOR-US: Cisco
CVE-2022-20868
@@ -69744,7 +69744,7 @@ CVE-2022-20866 (A vulnerability in the handling of RSA keys on devices running C
CVE-2022-20865 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
NOT-FOR-US: Cisco
CVE-2022-20864 (A vulnerability in the password-recovery disable feature of Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20863 (A vulnerability in the messaging interface of Cisco Webex App, formerl ...)
NOT-FOR-US: Cisco
CVE-2022-20862 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -69798,7 +69798,7 @@ CVE-2022-20839
CVE-2022-20838
RESERVED
CVE-2022-20837 (A vulnerability in the DNS application layer gateway (ALG) functionali ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20836
RESERVED
CVE-2022-20835
@@ -69812,7 +69812,7 @@ CVE-2022-20832
CVE-2022-20831
RESERVED
CVE-2022-20830 (A vulnerability in authentication mechanism of Cisco Software-Defined ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20829 (A vulnerability in the packaging of Cisco Adaptive Security Device Man ...)
NOT-FOR-US: Cisco
CVE-2022-20828 (A vulnerability in the CLI parser of Cisco FirePOWER Software for Adap ...)
@@ -72463,29 +72463,29 @@ CVE-2022-20442
CVE-2022-20441
RESERVED
CVE-2022-20440 (In Messaging, There has unauthorized broadcast, this could cause Local ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20439 (In Messaging, There has unauthorized provider, this could cause Local ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20438 (In Messaging, There has unauthorized broadcast, this could cause Local ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20437 (In Messaging, There has unauthorized broadcast, this could cause Local ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20436 (There is an unauthorized service in the system service. Since the comp ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20435 (There is a Unauthorized service in the system service, may cause the s ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20434 (There is an missing authorization issue in the system service. Since t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20433 (There is an missing authorization issue in the system service. Since t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20432 (There is an missing authorization issue in the system service. Since t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20431 (There is an missing authorization issue in the system service. Since t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20430 (There is an missing authorization issue in the system service. Since t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20429 (In CarSettings of app packages, there is a possible permission bypass ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20428
RESERVED
CVE-2022-20427
@@ -72493,7 +72493,7 @@ CVE-2022-20427
CVE-2022-20426
RESERVED
CVE-2022-20425 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20424
RESERVED
- linux 5.14.6-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/368a4f7e367530d145789e41aa70f742b18f8800
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/368a4f7e367530d145789e41aa70f742b18f8800
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221012/4d657d8d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list