[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 12 21:32:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cfd28396 by Salvatore Bonaccorso at 2022-10-12T22:31:59+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33,13 +33,13 @@ CVE-2022-3469
CVE-2022-3468
RESERVED
CVE-2022-3467 (A vulnerability classified as critical was found in Jiusi OA. Affected ...)
- TODO: check
+ NOT-FOR-US: Jiusi OA
CVE-2022-3466
RESERVED
CVE-2022-3465 (A vulnerability classified as critical was found in Mediabridge Medial ...)
- TODO: check
+ NOT-FOR-US: Mediabridge Medialink
CVE-2022-3464 (A vulnerability classified as problematic has been found in puppyCMS u ...)
- TODO: check
+ NOT-FOR-US: puppyCMS
CVE-2022-3463
RESERVED
CVE-2022-3462
@@ -441,7 +441,7 @@ CVE-2022-42717 (An issue was discovered in Hashicorp Packer before 2.3.1. The re
CVE-2022-42716
RESERVED
CVE-2022-42715 (A reflected XSS vulnerability exists in REDCap before 12.04.18 in the ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2022-42714
RESERVED
CVE-2022-42713
@@ -3487,7 +3487,7 @@ CVE-2022-41404 (An issue in the fetch() method in the BasicProfile class of org.
- ini4j 0.5.4-1
NOTE: https://sourceforge.net/p/ini4j/bugs/56/
CVE-2022-41403 (OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL i ...)
- TODO: check
+ NOT-FOR-US: OpenCart plugin
CVE-2022-41402
RESERVED
CVE-2022-41401
@@ -20795,7 +20795,7 @@ CVE-2022-33967 (squashfs filesystem implementation of U-Boot versions from v2020
NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/487467.html
NOTE: https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b390b0a44 (v2022.07-rc6)
CVE-2022-2249 (Privilege escalation related vulnerabilities were discovered in Avaya ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2022-2248
RESERVED
CVE-2022-2247
@@ -25049,7 +25049,7 @@ CVE-2022-33108 (XPDF v4.04 was discovered to contain a stack overflow vulnerabil
CVE-2022-33107 (ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerabi ...)
NOT-FOR-US: ThinkPHP
CVE-2022-33106 (WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate ...)
- TODO: check
+ NOT-FOR-US: WiJungle NGFW
CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the component s ...)
- redis <not-affected> (No vulnerable version 7.x was uploaded to unstable)
NOTE: https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef (7.0.1)
@@ -37456,7 +37456,7 @@ CVE-2022-1286 (heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repo
CVE-2022-28888 (Spryker Commerce OS 1.4.2 allows Remote Command Execution. ...)
NOT-FOR-US: Spryker Commerce OS
CVE-2022-28887 (Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Sec ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2022-28886 (A Denial-of-Service vulnerability was discovered in the F-Secure and W ...)
NOT-FOR-US: F-Secure
CVE-2022-28885 (A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd ...)
@@ -40719,7 +40719,7 @@ CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via she
NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/9209bce8afaf6fde19cdac7f5eaea1b744c3e79e (0.8.5)
NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/afea0e722f1d14eaf14bf0e5ebb444d3271ff1ef (0.8.5)
CVE-2022-27810 (It was possible to trigger an infinite recursion condition in the erro ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2022-27809
RESERVED
CVE-2022-27802 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
@@ -43367,7 +43367,7 @@ CVE-2022-26876
CVE-2022-26875
RESERVED
CVE-2022-26873 (A potential attacker can execute an arbitrary code at the time of the ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2022-26872
RESERVED
CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex Central cou ...)
@@ -46692,17 +46692,17 @@ CVE-2022-25667
CVE-2022-25666
RESERVED
CVE-2022-25665 (Information disclosure due to buffer over read in kernel in Snapdragon ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25664 (Information disclosure due to exposure of information while GPU reads ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25663 (Possible buffer overflow due to lack of buffer length check during man ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25662 (Information disclosure due to untrusted pointer dereference in kernel ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25661 (Memory corruption due to untrusted pointer dereference in kernel in Sn ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25660 (Memory corruption due to double free issue in kernel in Snapdragon Aut ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25659 (Memory corruption due to buffer overflow while parsing MKV clips with ...)
NOT-FOR-US: Qualcomm
CVE-2022-25658 (Memory corruption due to incorrect pointer arithmetic when attempting ...)
@@ -59238,7 +59238,7 @@ CVE-2022-0032
CVE-2022-0031
RESERVED
CVE-2022-0030 (An authentication bypass vulnerability in the Palo Alto Networks PAN-O ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2022-0029 (An improper link resolution vulnerability in the Palo Alto Networks Co ...)
NOT-FOR-US: Palo Alto Networks
CVE-2022-0028 (A PAN-OS URL filtering policy misconfiguration could allow a network-b ...)
@@ -60860,9 +60860,9 @@ CVE-2022-22080 (Improper validation of backend id in PCM routing process can lea
CVE-2022-22079
RESERVED
CVE-2022-22078 (Denial of service in BOOT when partition size for a particular partiti ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22077 (Memory corruption in graphics due to use-after-free in graphics dispat ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22076
RESERVED
CVE-2022-22075
@@ -72567,27 +72567,27 @@ CVE-2022-20421 (In binder_inc_ref_for_node of binder.c, there is a possible way
NOTE: https://source.android.com/docs/security/bulletin/2022-10-01
NOTE: https://git.kernel.org/linus/a0e44c64b6061dda7e00b7c458e4523e2331b739 (6.0-rc4)
CVE-2022-20420 (In getBackgroundRestrictionExemptionReason of AppRestrictionController ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20419 (In setOptions of ActivityRecord.java, there is a possible load any arb ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20418 (In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20417 (In audioTransportsToHal of HidlUtils.cpp, there is a possible out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20416 (In audioTransportsToHal of HidlUtils.cpp, there is a possible out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20415 (In handleFullScreenIntent of StatusBarNotificationActivityStarter.java ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20414
RESERVED
CVE-2022-20413 (In start of Threads.cpp, there is a possible way to record audio durin ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20412 (In fdt_next_tag of fdt.c, there is a possible out of bounds read due t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20411
RESERVED
CVE-2022-20410 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20409 (In io_identity_cow of io_uring.c, there is a possible way to corrupt m ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.136-1
@@ -72623,7 +72623,7 @@ CVE-2022-20396 (In SettingsActivity.java, there is a possible way to make a devi
CVE-2022-20395 (In checkAccess of MediaProvider.java, there is a possible file deletio ...)
NOT-FOR-US: Android
CVE-2022-20394 (In getInputMethodWindowVisibleHeight of InputMethodManagerService.java ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20393 (In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a p ...)
NOT-FOR-US: Android
CVE-2022-20392 (In declareDuplicatePermission of ParsedPermissionUtils.java, there is ...)
@@ -72714,7 +72714,7 @@ CVE-2022-20353 (In onSaveRingtone of DefaultRingtonePreference.java, there is a
CVE-2022-20352 (In addProviderRequestListener of LocationManagerService.java, there is ...)
NOT-FOR-US: Android
CVE-2022-20351 (In queryInternal of CallLogProvider.java, there is a possible access t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20350 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...)
NOT-FOR-US: Android
CVE-2022-20349 (In WifiScanningPreferenceController and BluetoothScanningPreferenceCon ...)
@@ -87712,11 +87712,11 @@ CVE-2021-36917 (WordPress Hide My WP plugin (versions <= 6.2.3) can be deacti
CVE-2021-36916 (The SQL injection vulnerability in the Hide My WP WordPress plugin (ve ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36915 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36914 (Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected C ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36913 (Unauthenticated Options Change and Content Injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36912 (Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36911 (Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPres ...)
@@ -87744,7 +87744,7 @@ CVE-2021-36901 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
CVE-2021-36900
RESERVED
CVE-2021-36899 (Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerabil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36898
RESERVED
CVE-2021-36897
@@ -139408,7 +139408,7 @@ CVE-2021-0953 (In setOnClickActivityIntent of SearchWidgetProvider.java, there i
CVE-2021-0952 (In doCropPhoto of PhotoSelectionHandler.java, there is a possible perm ...)
NOT-FOR-US: Android
CVE-2021-0951 (In DevmemIntHeapAcquire of TBD, there is a possible arbitrary code exe ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0950
RESERVED
CVE-2021-0949
@@ -139950,7 +139950,7 @@ CVE-2021-0698 (In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of ke
CVE-2021-0697 (In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible use ...)
NOT-FOR-US: Android
CVE-2021-0696 (In dllist_remove_node of TBD, there is a possible use after free bug d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0695 (In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds re ...)
- linux <not-affected> (Android-specific xt_qtaguid code)
NOTE: https://source.android.com/security/bulletin/2021-09-01
@@ -174564,11 +174564,11 @@ CVE-2020-14133
CVE-2020-14132
RESERVED
CVE-2020-14131 (The Xiaomi Security Center expresses heartfelt thanks to ADLab of Venu ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14130 (Some js interfaces in the Xiaomi community were exposed, causing sensi ...)
NOT-FOR-US: Xiaomi
CVE-2020-14129 (A logic vulnerability exists in a Xiaomi product. The vulnerability is ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14128
RESERVED
CVE-2020-14127 (A denial of service vulnerability exists in some Xiaomi models of phon ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd2839695342e0504a98885af74a210c889c98a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd2839695342e0504a98885af74a210c889c98a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221012/974ed303/attachment.htm>
More information about the debian-security-tracker-commits
mailing list