[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Sep 17 08:11:14 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c9337846 by Salvatore Bonaccorso at 2022-09-17T09:10:33+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4122,53 +4122,53 @@ CVE-2022-39012
CVE-2022-39011
RESERVED
CVE-2022-39010 (The HwChrService module has a vulnerability in permission control. Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-39009 (The WLAN module has a vulnerability in permission verification. Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-39008 (The NFC module has bundle serialization/deserialization vulnerabilitie ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-39007 (The location module has a vulnerability of bypassing permission verifi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-39006 (The MPTCP module has the race condition vulnerability. Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-39005 (The MPTCP module has the memory leak vulnerability. Successful exploit ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-39004 (The MPTCP module has the memory leak vulnerability. Successful exploit ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-39003 (Buffer overflow vulnerability in the video framework. Successful explo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-39002 (Double free vulnerability in the storage module. Successful exploitati ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-39001 (The number identification module has a path traversal vulnerability. S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-39000 (The iAware module has a vulnerability in managing malicious apps.Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38999 (The AOD module has the improper update of reference count vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38998
RESERVED
CVE-2022-38997 (The secure OS module has configuration defects. Successful exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38996 (The secure OS module has configuration defects. Successful exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38995 (The secure OS module has configuration defects. Successful exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38994 (The secure OS module has configuration defects. Successful exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38993 (The secure OS module has configuration defects. Successful exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38992 (The secure OS module has configuration defects. Successful exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38991 (The secure OS module has configuration defects. Successful exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38990 (The secure OS module has configuration defects. Successful exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38989 (The secure OS module has configuration defects. Successful exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38988 (The secure OS module has configuration defects. Successful exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38987 (The secure OS module has configuration defects. Successful exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38986
RESERVED
CVE-2022-38985
@@ -4184,9 +4184,9 @@ CVE-2022-38981
CVE-2022-38980
RESERVED
CVE-2022-38979 (The secure OS module has configuration defects. Successful exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38978 (The secure OS module has configuration defects. Successful exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38977
RESERVED
CVE-2022-38970
@@ -4374,9 +4374,9 @@ CVE-2022-38880
CVE-2022-38879
RESERVED
CVE-2022-38878 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...)
- TODO: check
+ NOT-FOR-US: School Activity Updates with SMS Notification
CVE-2022-38877 (Garage Management System v1.0 is vulnerable to Arbitrary code executio ...)
- TODO: check
+ NOT-FOR-US: Garage Management System
CVE-2022-38876
RESERVED
CVE-2022-38875
@@ -4467,13 +4467,13 @@ CVE-2022-38848
CVE-2022-38847
RESERVED
CVE-2022-38846 (EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing th ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2022-38845 (Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2022-38844 (CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authen ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2022-38843 (EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowi ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2022-38842
RESERVED
CVE-2022-38841
@@ -4493,9 +4493,9 @@ CVE-2022-38835
CVE-2022-38834
RESERVED
CVE-2022-38833 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...)
- TODO: check
+ NOT-FOR-US: School Activity Updates with SMS Notification
CVE-2022-38832 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...)
- TODO: check
+ NOT-FOR-US: School Activity Updates with SMS Notification
CVE-2022-38831 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...)
NOT-FOR-US: Tenda
CVE-2022-38830 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...)
@@ -4503,17 +4503,17 @@ CVE-2022-38830 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via
CVE-2022-38829 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...)
NOT-FOR-US: Tenda
CVE-2022-38828 (TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-38827 (TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow vi ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-38826 (In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary c ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-38825
RESERVED
CVE-2022-38824
RESERVED
CVE-2022-38823 (In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-38822
RESERVED
CVE-2022-38821
@@ -4623,7 +4623,7 @@ CVE-2022-3021
CVE-2022-3020
RESERVED
CVE-2021-46836 (Implementation of the WLAN module interfaces has the information discl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-3019 (The forgot password token basically just makes us capable of taking ov ...)
NOT-FOR-US: ToolJet
CVE-2022-39028 (telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and ...)
@@ -4944,9 +4944,9 @@ CVE-2022-2975
CVE-2022-2974
RESERVED
CVE-2020-36601 (Out-of-bounds write vulnerability in the kernel modules. Successful ex ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-36600 (Out-of-bounds write vulnerability in the power consumption module. Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38714
RESERVED
CVE-2022-38713
@@ -5743,23 +5743,23 @@ CVE-2022-38436
CVE-2022-38435
RESERVED
CVE-2022-38434 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38433 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38432 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38431 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38430 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38429 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38428 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38427 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38426 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38425
RESERVED
CVE-2022-38424
@@ -5777,39 +5777,39 @@ CVE-2022-38419
CVE-2022-38418
RESERVED
CVE-2022-38417 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38416 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38415 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38414 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38413 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38412 (Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38411 (Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38410 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38409 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38408 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38407 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38406 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38405 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38404 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38403 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38402 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38401 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38102
RESERVED
CVE-2022-38090
@@ -7634,7 +7634,7 @@ CVE-2022-37777 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3
CVE-2022-37776
RESERVED
CVE-2022-37775 (Genesys PureConnect Interaction Web Tools Chat Service (up to at least ...)
- TODO: check
+ NOT-FOR-US: Genesys PureConnect Interaction Web Tools Chat Service
CVE-2022-37774
RESERVED
CVE-2022-37773
@@ -8556,7 +8556,7 @@ CVE-2022-2656 (A vulnerability classified as critical has been found in SourceCo
CVE-2022-2655 (The Classified Listing Pro WordPress plugin before 2.0.20 does not esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2654 (The Classima WordPress theme before 2.1.11 and some of its required pl ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-2653 (With this vulnerability an attacker can read many sensitive files like ...)
NOT-FOR-US: plankanban/planka
CVE-2022-2652 (Depending on the way the format strings in the card label are crafted ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c93378465b9c8df4680231d358fc2567c4af84c8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c93378465b9c8df4680231d358fc2567c4af84c8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220917/2bcef413/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list