[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Sep 5 21:34:36 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5fd615d7 by Salvatore Bonaccorso at 2022-09-05T22:33:30+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21024,7 +21024,7 @@ CVE-2022-31816
 CVE-2022-31815
 	RESERVED
 CVE-2022-31814 (pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execut ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2022-1948 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <not-affected> (Vulnerable code introduced later)
 	NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
@@ -53244,25 +53244,25 @@ CVE-2022-22108 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to
 CVE-2022-22107 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missin ...)
 	NOT-FOR-US: DayByDay CRM
 CVE-2022-22106 (Memory corruption in multimedia due to improper length check while cop ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22105
 	RESERVED
 CVE-2022-22104 (Memory corruption in multimedia due to improper check on the messages  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22103 (Memory corruption in multimedia driver due to double free while proces ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-22102 (Memory corruption in multimedia due to incorrect type conversion while ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22101 (Denial of service in multimedia due to uncontrolled resource consumpti ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22100 (Memory corruption in multimedia due to improper check on received expo ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22099 (Memory corruption in multimedia due to improper validation of array in ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22098 (Memory corruption in multimedia driver due to untrusted pointer derefe ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22097 (Memory corruption in graphic driver due to use after free while callin ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22096 (Memory corruption in Bluetooth HOST due to stack-based buffer overflow ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-22095
@@ -53296,7 +53296,7 @@ CVE-2022-22082 (Memory corruption due to possible buffer overflow while parsing
 CVE-2022-22081
 	RESERVED
 CVE-2022-22080 (Improper validation of backend id in PCM routing process can lead to m ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22079
 	RESERVED
 CVE-2022-22078
@@ -53316,13 +53316,13 @@ CVE-2022-22072 (Buffer overflow can occur due to improper validation of NDP appl
 CVE-2022-22071 (Possible use after free when process shell memory is freed using IOCTL ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-22070 (Memory corruption in audio due to lack of check of invalid routing add ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22069 (Devices with keyprotect off may store unencrypted keybox in RPMB and c ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22068 (kernel event may contain unexpected content which is not generated by  ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-22067 (Potential memory leak in modem during the processing of NSA RRC Reconf ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22066
 	RESERVED
 CVE-2022-22065 (Out of bound read in WLAN HOST due to improper length check can lead t ...)
@@ -53332,13 +53332,13 @@ CVE-2022-22064 (Possible buffer over read due to lack of size validation while u
 CVE-2022-22063
 	RESERVED
 CVE-2022-22062 (An out-of-bounds read can occur while parsing a server certificate due ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22061 (Out of bounds writing is possible while verifying device IDs due to im ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22060
 	RESERVED
 CVE-2022-22059 (Memory corruption due to out of bound read while parsing a video file  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-22058
 	RESERVED
 	NOT-FOR-US: Qualcomm
@@ -84421,7 +84421,7 @@ CVE-2021-35137
 CVE-2021-35136
 	RESERVED
 CVE-2021-35135 (A null pointer dereference may potentially occur during RSA key import ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2021-35134 (Due to insufficient validation of ELF headers, an Incorrect Calculatio ...)
 	TODO: check
 CVE-2021-35133 (Use after free in the synx driver issue while performing other functio ...)
@@ -103663,7 +103663,7 @@ CVE-2021-27695 (Multiple stored cross-site scripting (XSS) vulnerabilities in op
 CVE-2021-27694
 	RESERVED
 CVE-2021-27693 (Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4 ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2021-27692 (Command Injection in Tenda G1 and G3 routers with firmware versions v1 ...)
 	NOT-FOR-US: Tenda
 CVE-2021-27691 (Command Injection in Tenda G0 routers with firmware versions v15.11.0. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fd615d75abc6a7fe7fb92468e91698a395a666c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fd615d75abc6a7fe7fb92468e91698a395a666c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220905/6fe3078f/attachment.htm>

More information about the debian-security-tracker-commits mailing list