[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Oct 15 18:48:08 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9f90001b by Moritz Muehlenhoff at 2022-10-15T19:47:37+02:00
NFUs
more harmless otfcc issues (not built)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30,7 +30,7 @@ CVE-2022-42950
CVE-2022-42949
RESERVED
CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in releases ...)
- TODO: check
+ NOT-FOR-US: Mikrotik
CVE-2022-42948
RESERVED
CVE-2022-42947
@@ -112,17 +112,17 @@ CVE-2022-3508
CVE-2022-3507
RESERVED
CVE-2022-3506 (Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3505 (A vulnerability was found in SourceCodester Sanitization Management Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3504 (A vulnerability was found in SourceCodester Sanitization Management Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-42919
RESERVED
CVE-2022-3503 (A vulnerability was found in SourceCodester Purchase Order Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3502 (A vulnerability was found in Human Resource Management System 1.0. It ...)
- TODO: check
+ NOT-FOR-US: Human Resource Management System
CVE-2022-3501
RESERVED
CVE-2022-3500
@@ -646,7 +646,7 @@ CVE-2022-3441
CVE-2022-3440
RESERVED
CVE-2022-3439 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
- TODO: check
+ - rdiffweb <itp> (bug #969974)
CVE-2022-3438 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-42731 (mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows ...)
@@ -738,13 +738,13 @@ CVE-2022-42703 (mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free
CVE-2022-3436 (A vulnerability classified as critical was found in SourceCodester Web ...)
NOT-FOR-US: SourceCodester Web-Based Student Clearance System
CVE-2022-42488 (OpenHarmony-v3.1.2 and prior versions have a Missing permission valida ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-42464 (OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-42463 (OpenHarmony-v3.1.2 and prior versions have an authenication bypass vul ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-41686 (OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-3434 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...)
NOT-FOR-US: SourceCodester Web-Based Student Clearance System
CVE-2022-3435 (A vulnerability classified as problematic has been found in Linux Kern ...)
@@ -1522,13 +1522,13 @@ CVE-2022-42344
CVE-2022-42343
RESERVED
CVE-2022-42342 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42341 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42340 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42339 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42338
RESERVED
CVE-2022-42337
@@ -1770,11 +1770,11 @@ CVE-2022-42236 (A Stored XSS issue in Merchandise Online Store v.1.0 allows to i
CVE-2022-42235 (A Stored XSS issue in Student Clearance System v.1.0 allows the inject ...)
NOT-FOR-US: Student Clearance System
CVE-2022-42234 (There is a file inclusion vulnerability in the template management mod ...)
- TODO: check
+ NOT-FOR-US: UCMS
CVE-2022-42233
RESERVED
CVE-2022-42232 (Simple Cold Storage Management System v1.0 is vulnerable to SQL Inject ...)
- TODO: check
+ NOT-FOR-US: Simple Cold Storage Management System
CVE-2022-42231
RESERVED
CVE-2022-42230 (Simple Cold Storage Management System v1.0 is vulnerable to SQL Inject ...)
@@ -2096,21 +2096,21 @@ CVE-2022-42073 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQ
CVE-2022-42072
RESERVED
CVE-2022-42071 (Online Birth Certificate Management System version 1.0 suffers from a ...)
- TODO: check
+ NOT-FOR-US: Online Birth Certificate Management System
CVE-2022-42070 (Online Birth Certificate Management System version 1.0 is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Online Birth Certificate Management System
CVE-2022-42069 (Online Birth Certificate Management System version 1.0 suffers from a ...)
- TODO: check
+ NOT-FOR-US: Online Birth Certificate Management System
CVE-2022-42068
RESERVED
CVE-2022-42067 (Online Birth Certificate Management System version 1.0 suffers from an ...)
- TODO: check
+ NOT-FOR-US: Online Birth Certificate Management System
CVE-2022-42066 (Online Examination System version 1.0 suffers from a cross site script ...)
- TODO: check
+ NOT-FOR-US: Online Examination System
CVE-2022-42065
RESERVED
CVE-2022-42064 (Online Diagnostic Lab Management System version 1.0 remote exploit tha ...)
- TODO: check
+ NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-42063
RESERVED
CVE-2022-42062
@@ -3072,7 +3072,7 @@ CVE-2022-41634
CVE-2022-41633
RESERVED
CVE-2022-41623 (Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping an ...)
- TODO: check
+ NOT-FOR-US: Villatheme ALD
CVE-2022-41620
RESERVED
CVE-2022-41618
@@ -3095,61 +3095,61 @@ CVE-2022-41605
CVE-2022-41604 (Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows lo ...)
NOT-FOR-US: Check Point ZoneAlarm Extreme Security
CVE-2022-41603 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41602 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41601 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41600 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41599
RESERVED
CVE-2022-41598 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41597 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41596
RESERVED
CVE-2022-41595 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41594 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41593 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41592 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41591
RESERVED
CVE-2022-41590
RESERVED
CVE-2022-41589 (The DFX unwind stack module of the ArkCompiler has a vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41588 (The home screen module has a vulnerability in service logic processing ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41587 (Uncaptured exceptions in the home screen module. Successful exploitati ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41586 (The communication framework module has a vulnerability of not truncati ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41585 (The kernel module has an out-of-bounds read vulnerability.Successful e ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41584 (The kernel module has an out-of-bounds read vulnerability.Successful e ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41583 (The storage maintenance and debugging module has an array out-of-bound ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41582 (The security module has configuration defects.Successful exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41581 (The HW_KEYMASTER module has a vulnerability of not verifying the data ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41580 (The HW_KEYMASTER module has a vulnerability of not verifying the data ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41579
RESERVED
CVE-2022-41578 (The MPTCP module has an out-of-bounds write vulnerability.Successful e ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41577 (The kernel server has a vulnerability of not verifying the length of t ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41576 (The rphone module has a script that can be maliciously modified.Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41575
RESERVED
CVE-2022-41574 (An access-control vulnerability in Gradle Enterprise 2022.4 through 20 ...)
@@ -3274,9 +3274,9 @@ CVE-2022-27628
CVE-2022-26375
RESERVED
CVE-2021-46840 (The HW_KEYMASTER module has an out-of-bounds access vulnerability in p ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46839 (The HW_KEYMASTER module has a vulnerability of missing bounds check on ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-36605
RESERVED
CVE-2022-41568
@@ -3596,7 +3596,7 @@ CVE-2022-41479
CVE-2022-41478
RESERVED
CVE-2022-41477 (A security issue was discovered in WeBid <=1.2.2. A Server-Side Req ...)
- TODO: check
+ NOT-FOR-US: WeBid
CVE-2022-41476
RESERVED
CVE-2022-41475 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (C ...)
@@ -3678,7 +3678,7 @@ CVE-2022-41438
CVE-2022-41437 (Billing System Project v1.0 was discovered to contain a remote code ex ...)
NOT-FOR-US: Billing System Project
CVE-2022-41436 (An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to acc ...)
- TODO: check
+ NOT-FOR-US: OXHOO
CVE-2022-41435
RESERVED
CVE-2022-41434
@@ -3720,7 +3720,7 @@ CVE-2022-41418
CVE-2022-41417
RESERVED
CVE-2022-41416 (Online Tours & Travels Management System v1.0 was discovered to co ...)
- TODO: check
+ NOT-FOR-US: Online Tours & Travels Management System
CVE-2022-41415
RESERVED
CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled of Life ...)
@@ -4066,19 +4066,19 @@ CVE-2022-41310
CVE-2022-41309
RESERVED
CVE-2022-41308 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41307 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41306 (A maliciously crafted PCT file when consumed through DesignReview.exe ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41305 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41304 (An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41303 (A user may be tricked into opening a malicious FBX file which may expl ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41302 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41301 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
NOT-FOR-US: Autodesk
CVE-2022-41300
@@ -8632,13 +8632,13 @@ CVE-2022-39313
CVE-2022-39312
RESERVED
CVE-2022-39311 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...)
- TODO: check
+ NOT-FOR-US: GoCD
CVE-2022-39310 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...)
- TODO: check
+ NOT-FOR-US: GoCD
CVE-2022-39309 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...)
- TODO: check
+ NOT-FOR-US: GoCD
CVE-2022-39308 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...)
- TODO: check
+ NOT-FOR-US: GoCD
CVE-2022-39307
RESERVED
CVE-2022-39306
@@ -9127,57 +9127,57 @@ CVE-2022-39130
CVE-2022-39129
RESERVED
CVE-2022-39128 (In sensor driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39127 (In sensor driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39126 (In sensor driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39125 (In sensor driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39124 (In sensor driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39123 (In sensor driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39122 (In sensor driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39121 (In sensor driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39120 (In sensor driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39119 (In network service, there is a missing permission check. This could le ...)
NOT-FOR-US: Unisoc
CVE-2022-39118
RESERVED
CVE-2022-39117 (In messaging service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39116
RESERVED
CVE-2022-39115 (In Music service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39114 (In Music service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39113 (In Music service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39112 (In Music service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39111 (In Music service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39110 (In Music service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39109 (In Music service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39108 (In Music service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39107 (In Soundrecorder service, there is a missing permission check. This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39106
RESERVED
CVE-2022-39105 (In sensor driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39104
RESERVED
CVE-2022-39103 (In Gallery service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39102
RESERVED
CVE-2022-39101
@@ -9223,7 +9223,7 @@ CVE-2022-39082
CVE-2022-39081
RESERVED
CVE-2022-39080 (In messaging service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-3082
RESERVED
CVE-2022-3081
@@ -9303,9 +9303,9 @@ CVE-2022-39067
CVE-2022-39066
RESERVED
CVE-2022-39065 (A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI ...)
- TODO: check
+ NOT-FOR-US: Ikea
CVE-2022-39064 (An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame ma ...)
- TODO: check
+ NOT-FOR-US: Ikea
CVE-2022-39063 (When Open5GS UPF receives a PFCP Session Establishment Request, it sto ...)
NOT-FOR-US: Open5GS UPF
CVE-2022-39062
@@ -9538,7 +9538,7 @@ CVE-2022-39013 (Under certain conditions an authenticated attacker can get acces
CVE-2022-39012
RESERVED
CVE-2022-39011 (The HISP module has a vulnerability of bypassing the check of the data ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-39010 (The HwChrService module has a vulnerability in permission control. Suc ...)
NOT-FOR-US: Huawei
CVE-2022-39009 (The WLAN module has a vulnerability in permission verification. Succes ...)
@@ -9564,7 +9564,7 @@ CVE-2022-39000 (The iAware module has a vulnerability in managing malicious apps
CVE-2022-38999 (The AOD module has the improper update of reference count vulnerabilit ...)
NOT-FOR-US: Huawei
CVE-2022-38998 (The HISP module has a vulnerability of not verifying the data transfer ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38997 (The secure OS module has configuration defects. Successful exploitatio ...)
NOT-FOR-US: Huawei
CVE-2022-38996 (The secure OS module has configuration defects. Successful exploitatio ...)
@@ -9588,25 +9588,25 @@ CVE-2022-38988 (The secure OS module has configuration defects. Successful explo
CVE-2022-38987 (The secure OS module has configuration defects. Successful exploitatio ...)
NOT-FOR-US: Huawei
CVE-2022-38986 (The HIPP module has a vulnerability of bypassing the check of the data ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38985 (The facial recognition module has a vulnerability in input validation. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38984 (The HIPP module has a vulnerability of not verifying the data transfer ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38983 (The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38982 (The fingerprint module has service logic errors.Successful exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38981 (The HwAirlink module has an out-of-bounds read vulnerability.Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38980 (The HwAirlink module has a heap overflow vulnerability in processing d ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38979 (The secure OS module has configuration defects. Successful exploitatio ...)
NOT-FOR-US: Huawei
CVE-2022-38978 (The secure OS module has configuration defects. Successful exploitatio ...)
NOT-FOR-US: Huawei
CVE-2022-38977 (The HwAirlink module has a heap overflow vulnerability.Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38970 (ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access C ...)
NOT-FOR-US: ieGeek IG20 hipcam RealServer
CVE-2022-38969
@@ -10318,9 +10318,9 @@ CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content Securit
CVE-2022-38731
RESERVED
CVE-2022-2985 (In music service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-2984 (In jpg driver, there is a possible out of bounds write due to a missin ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-2983
RESERVED
CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0260. ...)
@@ -10472,9 +10472,9 @@ CVE-2022-2954
CVE-2022-38699 (Armoury Crate Service’s logging function has insufficient valida ...)
NOT-FOR-US: Armoury Crate Service
CVE-2022-38698 (In messaging service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38697 (In messaging service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38696
RESERVED
CVE-2022-38695
@@ -10488,13 +10488,13 @@ CVE-2022-38692
CVE-2022-38691
RESERVED
CVE-2022-38690 (In camera driver, there is a possible memory corruption due to imprope ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38689 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38688 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38687 (In messaging service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38686
RESERVED
CVE-2022-38685
@@ -10510,27 +10510,27 @@ CVE-2022-38681
CVE-2022-38680
RESERVED
CVE-2022-38679 (In music service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38678
RESERVED
CVE-2022-38677 (In cell service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38676 (In gpu driver, there is a possible out of bounds write due to a missin ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38675
RESERVED
CVE-2022-38674
RESERVED
CVE-2022-38673 (In face detect driver, there is a possible out of bounds write due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38672 (In face detect driver, there is a possible out of bounds write due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38671 (In camera driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38670 (In soundrecorder service, there is a missing permission check. This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38669 (In soundrecorder service, there is a missing permission check. This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38668 (HTTP applications (servers) based on Crow through 1.0+4 may reveal pot ...)
NOT-FOR-US: CrowCpp
CVE-2022-38667 (HTTP applications (servers) based on Crow through 1.0+4 may allow a Us ...)
@@ -11169,33 +11169,33 @@ CVE-2022-38463 (ServiceNow through San Diego Patch 4b and Patch 6 allows reflect
CVE-2022-38462
RESERVED
CVE-2022-38450 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38449 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38448 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38447 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38446 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38445 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38444 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38443 (Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vu ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38442 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38441 (Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vu ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38440 (Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vu ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38439 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
NOT-FOR-US: Adobe
CVE-2022-38438 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
NOT-FOR-US: Adobe
CVE-2022-38437 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38436
RESERVED
CVE-2022-38435
@@ -11221,19 +11221,19 @@ CVE-2022-38426 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and ea
CVE-2022-38425 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
NOT-FOR-US: Adobe
CVE-2022-38424 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38423 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38422 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38421 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38420 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38419 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38418 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38417 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
NOT-FOR-US: Adobe
CVE-2022-38416 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
@@ -18438,11 +18438,11 @@ CVE-2021-46827 (An issue was discovered in Oxygen XML WebHelp before 22.1 build
CVE-2022-35713 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-35712 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35711 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35710 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35709 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
NOT-FOR-US: Adobe
CVE-2022-35708 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
@@ -18466,7 +18466,7 @@ CVE-2022-35700 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlie
CVE-2022-35699 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
NOT-FOR-US: Adobe
CVE-2022-35698 (Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35697 (Adobe Experience Manager Core Components version 2.20.6 (and earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-35696
@@ -18480,11 +18480,11 @@ CVE-2022-35693
CVE-2022-35692 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-35691 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35690 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35689 (Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35688
RESERVED
CVE-2022-35687
@@ -20181,45 +20181,102 @@ CVE-2022-35060 (OTFCC commit 617837b was discovered to contain a heap buffer ove
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35059 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35058 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35057
RESERVED
CVE-2022-35056 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35055 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35054 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35053 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35052 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35051 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35050 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35049 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35048 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35047 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35046 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35045 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35044 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35043 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35042 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35041 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35040 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35039 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- texlive-bin <unfixed> (unimportant)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
@@ -37987,13 +38044,13 @@ CVE-2022-28764
CVE-2022-28763
RESERVED
CVE-2022-28762 (Zoom Client for Meetings for macOS (Standard and for IT Admin) startin ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28761 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28760 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28759 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28758 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 ...)
NOT-FOR-US: Zoom
CVE-2022-28757 (The Zoom Client for Meetings for macOS (Standard and for IT Admin) sta ...)
@@ -57437,7 +57494,7 @@ CVE-2022-0144 (shelljs is vulnerable to Improper Privilege Management ...)
NOTE: https://github.com/shelljs/shelljs/issues/1058
NOTE: https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c (v0.8.5)
CVE-2022-0143 (When the LDAP connector is started with StartTLS configured, unauthent ...)
- TODO: check
+ NOT-FOR-US: ForgeRock
CVE-2022-0142 (The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0141 (The Visual Form Builder WordPress plugin before 3.0.8 does not enforce ...)
@@ -58194,7 +58251,7 @@ CVE-2022-22522 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Se
CVE-2022-22521 (In Miele Benchmark Programming Tool with versions Prior to 1.2.71, exe ...)
NOT-FOR-US: Miele
CVE-2022-22520 (A remote, unauthenticated attacker can enumerate valid users by sendin ...)
- TODO: check
+ NOT-FOR-US: mymbCONNECT24
CVE-2022-22519 (A remote, unauthenticated attacker can send a specific crafted HTTP or ...)
NOT-FOR-US: CODESYS
CVE-2022-22518 (A bug in CmpUserMgr component can lead to only partially applied secur ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f90001bef9955d5d9b699dd0d2e54682cedde00
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f90001bef9955d5d9b699dd0d2e54682cedde00
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221015/ef8d8152/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list