[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 2 14:08:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8a4b5acf by Salvatore Bonaccorso at 2022-09-02T15:07:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6944,7 +6944,7 @@ CVE-2022-36602 (InnoSilicon A10 a10_20200924_120556 was discovered to contain a
CVE-2022-36601 (The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 ...)
TODO: check
CVE-2022-36600 (BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting ( ...)
- TODO: check
+ NOT-FOR-US: BlogEngine
CVE-2022-36599 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...)
NOT-FOR-US: Mingsoft MCMS
CVE-2022-36598
@@ -6958,7 +6958,7 @@ CVE-2022-36595
CVE-2022-36594 (Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vuln ...)
TODO: check
CVE-2022-36593 (kkFileView v4.0.0 was discovered to contain an arbitrary file deletion ...)
- TODO: check
+ NOT-FOR-US: kkFileView
CVE-2022-36592
RESERVED
CVE-2022-36591
@@ -12866,7 +12866,7 @@ CVE-2022-34382
CVE-2022-34381
RESERVED
CVE-2022-34380 (Dell CloudLink 7.1.3 and all earlier versions contain an Authenticatio ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34379 (Dell EMC CloudLink 7.1.2 and all prior versions contain an Authenticat ...)
NOT-FOR-US: EMC
CVE-2022-34378
@@ -12882,7 +12882,7 @@ CVE-2022-34374 (Dell Container Storage Modules 1.2 contains an OS command inject
CVE-2022-34373 (Dell Command | Integration Suite for System Center, versions prior to ...)
NOT-FOR-US: Dell
CVE-2022-34372 (Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34371
RESERVED
CVE-2022-34370
@@ -16583,7 +16583,7 @@ CVE-2022-32896
CVE-2022-32895
RESERVED
CVE-2022-32894 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32893 (An out-of-bounds write issue was addressed with improved bounds checki ...)
{DSA-5220-1 DSA-5219-1 DLA-3087-1}
- webkit2gtk 2.36.7-1
@@ -16660,7 +16660,7 @@ CVE-2022-32859
CVE-2022-32858
RESERVED
CVE-2022-32857 (This issue was addressed by using HTTPS when sending information over ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32856
RESERVED
CVE-2022-32855
@@ -16694,19 +16694,19 @@ CVE-2022-32842
CVE-2022-32841
RESERVED
CVE-2022-32840 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32839 (The issue was addressed with improved bounds checks. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32838 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32837 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32836
RESERVED
CVE-2022-32835
RESERVED
CVE-2022-32834 (An access issue was addressed with improvements to the sandbox. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32833
RESERVED
CVE-2022-32832
@@ -16752,13 +16752,13 @@ CVE-2022-32815
CVE-2022-32814
RESERVED
CVE-2022-32813 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32812 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32811 (A memory corruption vulnerability was addressed with improved locking. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32810 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32809
RESERVED
CVE-2022-32808
@@ -16792,7 +16792,7 @@ CVE-2022-32795
CVE-2022-32794
RESERVED
CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with improved bound ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input validation]
RESERVED
{DSA-5211-1 DSA-5210-1 DLA-3073-1}
@@ -21292,7 +21292,7 @@ CVE-2022-31235
CVE-2022-31234 (Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive A ...)
NOT-FOR-US: Dell
CVE-2022-31233 (Unisphere for PowerMax versions before 9.2.3.15 contain a privilege es ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-31232 (SmartFabric storage software version 1.0.0 contains a Command-Injectio ...)
NOT-FOR-US: SmartFabric storage software
CVE-2022-31231
@@ -29048,7 +29048,7 @@ CVE-2022-28627 (A local arbitrary code execution vulnerability was discovered in
CVE-2022-28626 (A local arbitrary code execution vulnerability was discovered in HPE I ...)
NOT-FOR-US: HPE
CVE-2022-28625 (A local disclosure of sensitive information vulnerability was discover ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-28624 (A potential security vulnerability has been identified in certain HPE ...)
NOT-FOR-US: HPE
CVE-2022-28623 (Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploi ...)
@@ -35101,11 +35101,11 @@ CVE-2022-26530 (swaylock before 1.6 allows attackers to trigger a crash and achi
NOTE: https://github.com/swaywm/swaylock/commit/1d1c75b6316d21933069a9d201f966d84099f6ca (1.6)
NOTE: https://github.com/swaywm/swaylock/pull/219
CVE-2022-26529 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...)
- TODO: check
+ NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK
CVE-2022-26528 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...)
- TODO: check
+ NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK
CVE-2022-26527 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...)
- TODO: check
+ NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK
CVE-2022-26526 (Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Min ...)
NOT-FOR-US: Anaconda Python
CVE-2022-26525
@@ -37609,7 +37609,7 @@ CVE-2022-25638 (In wolfSSL before 5.2.0, certificate validation may be bypassed
CVE-2022-25637
RESERVED
CVE-2022-25635 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...)
- TODO: check
+ NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK
CVE-2022-25634 (Qt through 5.15.8 and 6.x through 6.2.3 can load system library files ...)
- qt6-base <not-affected> (Vulnerable code specific to Windows platform)
- qtbase-opensource-src <not-affected> (Vulnerable code specific to Windows platform)
@@ -107189,7 +107189,7 @@ CVE-2021-25659 (A vulnerability has been identified in Automation License Manage
CVE-2021-25658
RESERVED
CVE-2021-25657 (A privilege escalation vulnerability was discovered in Avaya IP Office ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2021-25656 (Stored XSS injection vulnerabilities were discovered in the Avaya Aura ...)
NOT-FOR-US: Avaya
CVE-2021-25655 (A vulnerability in the system Service Menu component of Avaya Aura Exp ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a4b5acf6004f4f6ddaae73a5eef1d47401b04de
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a4b5acf6004f4f6ddaae73a5eef1d47401b04de
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220902/28204824/attachment.htm>
More information about the debian-security-tracker-commits
mailing list