[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 10 20:33:37 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e0ce7815 by Salvatore Bonaccorso at 2023-04-10T21:33:12+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21387,7 +21387,7 @@ CVE-2023-0198 (NVIDIA GPU Display Driver for Linux contains a vulnerability in t
[bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0197 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA vGPU software
CVE-2023-0196 (NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local use ...)
- nvidia-cuda-toolkit <unfixed> (bug #1032668)
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
@@ -59517,9 +59517,9 @@ CVE-2022-2571 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
CVE-2022-2570
RESERVED
CVE-2022-37013 (This vulnerability allows remote attackers to create a denial-of-servi ...)
- TODO: check
+ NOT-FOR-US: Unified Automation
CVE-2022-37012 (This vulnerability allows remote attackers to create a denial-of-servi ...)
- TODO: check
+ NOT-FOR-US: Unified Automation
CVE-2022-37011 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...)
NOT-FOR-US: Siemens
CVE-2022-37010 (In JetBrains IntelliJ IDEA before 2022.2 email address validation in t ...)
@@ -73221,11 +73221,11 @@ CVE-2022-31892
CVE-2022-31891
RESERVED
CVE-2022-31890 (SQL Injection vulnerability in audit/class.audit.php in osTicket osTic ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2022-31889 (Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs. ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2022-31888 (Session Fixation vulnerability in in function login in class.auth.php ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2022-31887 (Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability ...)
NOT-FOR-US: Marval MSM
CVE-2022-31886 (Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery ...)
@@ -86014,7 +86014,7 @@ CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP transformatio
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8)
CVE-2022-27665 (Reflected XSS (via AngularJS sandbox escape expressions) exists in Pro ...)
- TODO: check
+ NOT-FOR-US: Progress Ipswitch WS_FTP Server
CVE-2022-27664 (In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers ca ...)
- golang-1.19 1.19.1-1
- golang-1.18 1.18.6-1
@@ -91516,11 +91516,11 @@ CVE-2022-25749 (Transient Denial-of-Service in WLAN due to buffer over-read whil
CVE-2022-25748 (Memory corruption in WLAN due to integer overflow to buffer overflow w ...)
NOT-FOR-US: Qualcomm
CVE-2022-25747 (Information disclosure in modem due to improper input validation durin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25746 (Memory corruption in kernel due to missing checks when updating the ac ...)
NOT-FOR-US: Qualcomm
CVE-2022-25745 (Memory corruption in modem due to improper input validation while hand ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25744
RESERVED
CVE-2022-25743 (Memory corruption in graphics due to use-after-free while importing gr ...)
@@ -91530,13 +91530,13 @@ CVE-2022-25742 (Denial of service in modem due to infinite loop while parsing IG
CVE-2022-25741 (Denial of service in WLAN due to potential null pointer dereference wh ...)
NOT-FOR-US: Snapdragon
CVE-2022-25740 (Memory corruption in modem due to buffer overwrite while building an I ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25739 (Denial of service in modem due to missing null check while processing ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25738 (Information disclosure in modem due to buffer over-red while performin ...)
NOT-FOR-US: Qualcomm
CVE-2022-25737 (Information disclosure in modem due to missing NULL check while readin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25736 (Denial of service in WLAN due to out-of-bound read happens while proce ...)
NOT-FOR-US: Qualcomm
CVE-2022-25735 (Denial of service in modem due to missing null check while processing ...)
@@ -91548,9 +91548,9 @@ CVE-2022-25733 (Denial of service in modem due to null pointer dereference while
CVE-2022-25732 (Information disclosure in modem due to buffer over read in dns client ...)
NOT-FOR-US: Qualcomm
CVE-2022-25731 (Information disclosure in modem due to buffer over-read while processi ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25730 (Information disclosure in modem due to improper check of IP type while ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25729 (Memory corruption in modem due to improper length check while copying ...)
NOT-FOR-US: Qualcomm
CVE-2022-25728 (Information disclosure in modem due to buffer over-read while processi ...)
@@ -91558,7 +91558,7 @@ CVE-2022-25728 (Information disclosure in modem due to buffer over-read while pr
CVE-2022-25727 (Memory Corruption in modem due to improper length check while copying ...)
NOT-FOR-US: Snapdragon
CVE-2022-25726 (Information disclosure in modem data due to array out of bound access ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25725 (Denial of service in MODEM due to improper pointer handling ...)
NOT-FOR-US: Qualcomm
CVE-2022-25724 (Memory corruption in graphics due to buffer overflow while validating ...)
@@ -91654,7 +91654,7 @@ CVE-2022-25680 (Memory corruption in multimedia due to buffer overflow while pro
CVE-2022-25679 (Denial of service in video due to improper access control in broadcast ...)
NOT-FOR-US: Snapdragon
CVE-2022-25678 (Memory correction in modem due to buffer overwrite during coap connect ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25677 (Memory corruption in diag due to use after free while processing dci p ...)
NOT-FOR-US: Qualcomm
CVE-2022-25676 (Information disclosure in video due to buffer over-read while parsing ...)
@@ -98974,7 +98974,7 @@ CVE-2022-23524 (Helm is a tool for managing Charts, pre-configured Kubernetes re
CVE-2022-23523 (In versions prior to 0.8.1, the linux-loader crate uses the offsets an ...)
NOT-FOR-US: Rust crate linux-loader
CVE-2022-23522 (MindsDB is an open source machine learning platform. An unsafe extract ...)
- TODO: check
+ NOT-FOR-US: mindsdb
CVE-2022-23521 (Git is distributed revision control system. gitattributes are a mechan ...)
{DSA-5332-1 DLA-3282-1}
- git 1:2.39.1-0.1 (bug #1029114)
@@ -102987,7 +102987,7 @@ CVE-2022-22514 (An authenticated, remote attacker can gain access to a dereferen
CVE-2022-22513 (An authenticated remote attacker can cause a null pointer dereference ...)
NOT-FOR-US: CODESYS
CVE-2022-22512 (Hard-coded credentials in Web-UI of multiple VARTA Storage products in ...)
- TODO: check
+ NOT-FOR-US: VARTA Storage products
CVE-2022-22511 (Various configuration pages of the device are vulnerable to reflected ...)
NOT-FOR-US: VDE
CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer derefere ...)
@@ -117459,7 +117459,7 @@ CVE-2022-20544 (In onOptionsItemSelected of ManageApplications.java, there is a
CVE-2022-20543 (In multiple locations, there is a possible display crash loop due to i ...)
NOT-FOR-US: Android
CVE-2022-20542 (In parseParamsBlob of types.cpp, there is a possible out of bounds wri ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20541 (In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bou ...)
NOT-FOR-US: Android
CVE-2022-20540 (In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arb ...)
@@ -117479,7 +117479,7 @@ CVE-2022-20534
CVE-2022-20533 (In getSlice of WifiSlice.java, there is a possible way to connect a ne ...)
NOT-FOR-US: Android
CVE-2022-20532 (In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20531
REJECTED
CVE-2022-20530 (In strings.xml, there is a possible permission bypass due to a mislead ...)
@@ -120351,7 +120351,7 @@ CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of si
CVE-2021-41830 (It is possible for an attacker to manipulate signed documents and macr ...)
NOT-FOR-US: Apache OpenOffice
CVE-2021-3844 (Rapid7 InsightVM suffers from insufficient session expiration when an ...)
- TODO: check
+ NOT-FOR-US: Rapid7 InsightVM
CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM in some ...)
NOT-FOR-US: Lenovo
CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0ce7815432bdc040b15fc68fbee4f454d543fea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0ce7815432bdc040b15fc68fbee4f454d543fea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230410/e9932bfc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list