[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Mar 8 11:22:28 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4f004f5e by Moritz Muehlenhoff at 2023-03-08T12:21:55+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -138,7 +138,7 @@ CVE-2020-36667 (The JetBackup – WP Backup, Migrate & Restore plugin fo
CVE-2023-27892
RESERVED
CVE-2023-27891 (rami.io pretix before 4.17.1 allows OAuth application authorization fr ...)
- TODO: check
+ NOT-FOR-US: rami.io
CVE-2023-27890
RESERVED
CVE-2023-27878
@@ -328,7 +328,7 @@ CVE-2023-1199
CVE-2023-1198
RESERVED
CVE-2023-1197 (Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/commun ...)
- TODO: check
+ NOT-FOR-US: UVdesk
CVE-2023-1196
RESERVED
CVE-2023-1195
@@ -820,7 +820,7 @@ CVE-2023-1180 (A vulnerability has been found in SourceCodester Health Center Pa
CVE-2023-1179 (A vulnerability, which was classified as problematic, was found in Sou ...)
NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
CVE-2008-10004 (A vulnerability was found in Email Registration 5.x-2.1. It has been d ...)
- TODO: check
+ NOT-FOR-US: Email Registration
CVE-2023-27634
RESERVED
CVE-2023-27633
@@ -1279,7 +1279,7 @@ CVE-2023-27487
CVE-2023-27486
RESERVED
CVE-2023-27485 (thmmniii/fbs-core is an open source feedback system for students. In v ...)
- TODO: check
+ NOT-FOR-US: thmmniii/fbs-core
CVE-2023-27484
RESERVED
CVE-2023-27483
@@ -1287,11 +1287,11 @@ CVE-2023-27483
CVE-2023-27482
RESERVED
CVE-2023-27481 (Directus is a real-time API and App dashboard for managing SQL databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2023-27480 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-27479 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-27478 (libmemcached-awesome is an open source C/C++ client library and tools ...)
- libmemcached 1.1.4-1 (bug #1032479)
[bullseye] - libmemcached <not-affected> (Vulnerable code introduced later)
@@ -1733,9 +1733,9 @@ CVE-2023-27310
CVE-2023-27309
RESERVED
CVE-2023-23554 (Uncontrolled search path element vulnerability exists in pg_ivm versio ...)
- TODO: check
+ NOT-FOR-US: pg_ivm
CVE-2023-22847 (Information disclosure vulnerability exists in pg_ivm versions prior t ...)
- TODO: check
+ NOT-FOR-US: pg_ivm
CVE-2023-1098
RESERVED
CVE-2023-1097 (Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vu ...)
@@ -2571,11 +2571,11 @@ CVE-2023-26957
CVE-2023-26956
RESERVED
CVE-2023-26955 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: onekeyadmin
CVE-2023-26954 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: onekeyadmin
CVE-2023-26953 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: onekeyadmin
CVE-2023-26952
RESERVED
CVE-2023-26951
@@ -2835,7 +2835,7 @@ CVE-2023-26825
CVE-2023-26824
RESERVED
CVE-2023-26823 (An arbitrary file upload vulnerability in the /admin/template.php comp ...)
- TODO: check
+ NOT-FOR-US: shopEx
CVE-2023-26822
RESERVED
CVE-2023-26821
@@ -3455,7 +3455,7 @@ CVE-2022-48346
CVE-2020-36662
RESERVED
CVE-2015-10087 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpTh ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2015-10086 (A vulnerability, which was classified as critical, was found in OpenCy ...)
NOT-FOR-US: OpenCycleCompass
CVE-2023-26545 (In the Linux kernel before 6.1.13, there is a double free in net/mpls/ ...)
@@ -3596,7 +3596,7 @@ CVE-2023-1005 (A vulnerability was found in JP1016 Markdown-Electron and classif
CVE-2023-1004 (A vulnerability has been found in MarkText up to 0.17.1 and classified ...)
NOT-FOR-US: MarkText
CVE-2023-1003 (A vulnerability, which was classified as critical, was found in Typora ...)
- TODO: check
+ NOT-FOR-US: Typora
CVE-2023-1002 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: MuYuCMS
CVE-2023-1001
@@ -4882,7 +4882,7 @@ CVE-2023-26056 (XWiki Platform is a generic wiki platform. Starting in version 3
CVE-2023-26055 (XWiki Commons are technical libraries common to several other top leve ...)
NOT-FOR-US: XWiki
CVE-2023-26054 (BuildKit is a toolkit for converting source code to build artifacts in ...)
- TODO: check
+ NOT-FOR-US: BuildKit
CVE-2023-26053 (Gradle is a build tool with a focus on build automation and support fo ...)
- gradle <not-affected> (The version of Gradle in Debian doesn't support dependency verification yet)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2174854
@@ -6364,7 +6364,7 @@ CVE-2023-0754 (The affected products are vulnerable to an integer overflow or wr
CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has bee ...)
NOT-FOR-US: dimtion Shaarlier
CVE-2023-25611 (A improper neutralization of formula elements in a CSV file vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-25610
RESERVED
CVE-2023-25609
@@ -6376,7 +6376,7 @@ CVE-2023-25607
CVE-2023-25606
RESERVED
CVE-2023-25605 (A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-25604
RESERVED
CVE-2023-25603
@@ -7179,7 +7179,7 @@ CVE-2023-25306
CVE-2023-25305
RESERVED
CVE-2023-25304 (Prism Launcher <= 6.1 is vulnerable to Directory Traversal. ...)
- TODO: check
+ NOT-FOR-US: Prism Launcher
CVE-2023-25303
RESERVED
CVE-2023-25302
@@ -7327,7 +7327,7 @@ CVE-2023-25232
CVE-2023-25231 (Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in f ...)
NOT-FOR-US: Tenda
CVE-2023-25230 (loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF). ...)
- TODO: check
+ NOT-FOR-US: loonflow
CVE-2023-25229
RESERVED
CVE-2023-25228
@@ -7341,7 +7341,7 @@ CVE-2023-25225
CVE-2023-25224
RESERVED
CVE-2023-25223 (CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/li ...)
- TODO: check
+ NOT-FOR-US: CRMEB
CVE-2023-25222 (A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12 ...)
- libredwg <itp> (bug #595191)
CVE-2023-25221 (Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vuln ...)
@@ -8567,7 +8567,7 @@ CVE-2023-24791
CVE-2023-24790
RESERVED
CVE-2023-24789 (jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injec ...)
- TODO: check
+ NOT-FOR-US: jeecg-boot
CVE-2023-24788
RESERVED
CVE-2023-24787
@@ -8583,9 +8583,9 @@ CVE-2023-24783
CVE-2023-24782
RESERVED
CVE-2023-24781 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Funadmin
CVE-2023-24780 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Funadmin
CVE-2023-24779
RESERVED
CVE-2023-24778
@@ -8595,7 +8595,7 @@ CVE-2023-24777
CVE-2023-24776 (Funadmin v3.2.0 was discovered to contain a remote code execution (RCE ...)
NOT-FOR-US: Funadmin
CVE-2023-24775 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Funadmin
CVE-2023-24774
RESERVED
CVE-2023-24773
@@ -8852,7 +8852,7 @@ CVE-2023-24659
CVE-2023-24658
RESERVED
CVE-2023-24657 (phpipam v1.6 was discovered to contain a reflected cross-site scriptin ...)
- TODO: check
+ - phpipam <itp> (bug #731713)
CVE-2023-24656 (Simple Customer Relationship Management System v1.0 was discovered to ...)
NOT-FOR-US: Simple Customer Relationship Management System
CVE-2023-24655
@@ -10875,7 +10875,7 @@ CVE-2023-23941 (SwagPayPal is a PayPal integration for shopware/platform. If Jav
CVE-2023-23940 (OpenZeppelin Contracts for Cairo is a library for secure smart contrac ...)
NOT-FOR-US: OpenZeppelin Contracts
CVE-2023-23939 (Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vu ...)
- TODO: check
+ NOT-FOR-US: Azure/setup-kubectl
CVE-2023-23938
RESERVED
CVE-2023-23937 (Pimcore is an Open Source Data & Experience Management Platform: P ...)
@@ -11284,7 +11284,7 @@ CVE-2023-23778 (A relative path traversal vulnerability [CWE-23] in FortiWeb ver
CVE-2023-23777
RESERVED
CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-23775
RESERVED
CVE-2023-23549
@@ -11761,6 +11761,7 @@ CVE-2023-23639
RESERVED
CVE-2023-23638
RESERVED
+ NOT-FOR-US: Apache Dubbo
CVE-2023-0331 (The Correos Oficial WordPress plugin through 1.2.0.2 does not have an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0330 (A vulnerability in the lsi53c895a device affects the latest version of ...)
@@ -14888,9 +14889,9 @@ CVE-2023-0093 (Okta Advanced Server Access Client versions 1.13.1 through 1.65.0
CVE-2023-0092
RESERVED
CVE-2023-0090 (The webservices in Proofpoint Enterprise Protection (PPS/POD) contain ...)
- TODO: check
+ NOT-FOR-US: Proofpoint
CVE-2023-0089 (The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a v ...)
- TODO: check
+ NOT-FOR-US: Proofpoint
CVE-2022-48228
RESERVED
CVE-2022-48227
@@ -19507,33 +19508,33 @@ CVE-2022-47486
CVE-2022-47485
RESERVED
CVE-2022-47484 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47483 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47482 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47481 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47480 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47479 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47478 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47477 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47476 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47475 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47474 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47473 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47472 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47471 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47470
RESERVED
CVE-2022-47469
@@ -19551,25 +19552,25 @@ CVE-2022-47464
CVE-2022-47463
RESERVED
CVE-2022-47462 (In telephone service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47461 (In telephone service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47460 (In gpu device, there is a memory corruption due to a use after free. T ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47459 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47458 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47457 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47456 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47455 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47454 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47453 (In wcn service, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47452 (In gnss driver, there is a possible out of bounds write due to a missi ...)
NOT-FOR-US: Unisoc
CVE-2022-47451 (In wlan driver, there is a possible missing params check. This could l ...)
@@ -23528,7 +23529,7 @@ CVE-2022-46259
CVE-2022-46258 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2022-46257 (An information disclosure vulnerability was identified in GitHub Enter ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2022-46256 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2022-46255 (An improper limitation of a pathname to a restricted directory vulnera ...)
@@ -24496,7 +24497,7 @@ CVE-2022-45863
CVE-2022-45862
RESERVED
CVE-2022-45861 (An access of uninitialized pointer vulnerability [CWE-824] in the SSL ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-45860
RESERVED
CVE-2022-45859
@@ -29841,7 +29842,7 @@ CVE-2022-44420
CVE-2022-44419
RESERVED
CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Mia-Med
CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2022-3758
@@ -31198,69 +31199,69 @@ CVE-2023-20653
CVE-2023-20652
RESERVED
CVE-2023-20651 (In apu, there is a possible out of bounds read due to a missing bounds ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20650 (In apu, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20649 (In ril, there is a possible out of bounds read due to a missing bounds ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20648 (In ril, there is a possible out of bounds read due to a missing bounds ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20647 (In ril, there is a possible out of bounds read due to a missing bounds ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20646 (In ril, there is a possible out of bounds read due to a missing bounds ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20645 (In ril, there is a possible out of bounds read due to a missing bounds ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20644 (In ril, there is a possible out of bounds read due to a missing bounds ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20643 (In ril, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20642 (In ril, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20641 (In ril, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20640 (In ril, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20639 (In ril, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20638 (In ril, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20637 (In ril, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20636 (In display drm, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20635 (In keyinstall, there is a possible information disclosure due to an in ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20634 (In widevine, there is a possible out of bounds write due to improper i ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20633 (In usb, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20632 (In usb, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20631
RESERVED
CVE-2023-20630 (In usb, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20629
RESERVED
CVE-2023-20628 (In thermal, there is a possible memory corruption due to an uncaught e ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20627 (In pqframework, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20626 (In msdc, there is a possible out of bounds write due to an incorrect b ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20625 (In adsp, there is a possible double free due to a race condition. This ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20624 (In vow, there is a possible out of bounds write due to an incorrect bo ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20623 (In ion, there is a possible escalation of privilege due to improper lo ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20622
RESERVED
CVE-2023-20621 (In tinysys, there is a possible out of bounds write due to a missing b ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20620 (In adsp, there is a possible escalation of privilege due to a logic er ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20619 (In vcu, there is a possible memory corruption due to improper locking. ...)
NOT-FOR-US: MediaTek
CVE-2023-20618 (In vcu, there is a possible memory corruption due to improper locking. ...)
@@ -36762,7 +36763,7 @@ CVE-2022-42478
CVE-2022-42477
RESERVED
CVE-2022-42476 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-42475 (A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VP ...)
NOT-FOR-US: FortiOS SSL-VPN
CVE-2022-42474
@@ -39915,7 +39916,7 @@ CVE-2022-41335 (A relative path traversal vulnerability [CWE-23] in Fortinet For
CVE-2022-41334 (An improper neutralization of input during web page generation [CWE-79 ...)
NOT-FOR-US: Fortinet
CVE-2022-41333 (An uncontrolled resource consumption vulnerability [CWE-400] in FortiR ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-41332
RESERVED
CVE-2022-41331
@@ -39923,9 +39924,9 @@ CVE-2022-41331
CVE-2022-41330
RESERVED
CVE-2022-41329 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-41328 (A improper limitation of a pathname to a restricted directory vulnerab ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-41327
RESERVED
CVE-2022-3291 (Serialization of sensitive data in GitLab EE affecting all versions fr ...)
@@ -41493,7 +41494,7 @@ CVE-2022-40678 (An insufficiently protected credentials in Fortinet FortiNAC ver
CVE-2022-40677 (A improper neutralization of argument delimiters in a command ('argume ...)
NOT-FOR-US: Fortinet
CVE-2022-40676 (A improper neutralization of input during web page generation ('cross- ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-40675 (Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through ...)
NOT-FOR-US: Fortinet
CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
@@ -41940,17 +41941,17 @@ CVE-2022-40542
CVE-2022-40541
RESERVED
CVE-2022-40540 (Memory corruption due to buffer copy without checking the size of inpu ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40539 (Memory corruption in Automotive Android OS due to improper validation ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40538
RESERVED
CVE-2022-40537 (Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_ ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40536
RESERVED
CVE-2022-40535 (Transient DOS due to buffer over-read in WLAN while sending a packet t ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40534
RESERVED
CVE-2022-40533
@@ -41958,15 +41959,15 @@ CVE-2022-40533
CVE-2022-40532
RESERVED
CVE-2022-40531 (Memory corruption in WLAN due to incorrect type cast while sending WMI ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40530 (Memory corruption in WLAN due to integer overflow to buffer overflow i ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40529
RESERVED
CVE-2022-40528
RESERVED
CVE-2022-40527 (Transient DOS due to reachable assertion in WLAN while processing PEER ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40526
RESERVED
CVE-2022-40525
@@ -41990,7 +41991,7 @@ CVE-2022-40517 (Memory corruption in core due to stack-based buffer overflow ...
CVE-2022-40516 (Memory corruption in Core due to stack-based buffer overflow. ...)
NOT-FOR-US: Qualcomm
CVE-2022-40515 (Memory corruption in Video due to double free while playing 3gp clip w ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40514 (Memory corruption due to buffer copy without checking the size of inpu ...)
NOT-FOR-US: Snapdragon
CVE-2022-40513 (Transient DOS due to uncontrolled resource consumption in WLAN firmwar ...)
@@ -43332,11 +43333,11 @@ CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a parti
CVE-2022-39954 (An improper restriction of xml external entity reference in Fortinet F ...)
NOT-FOR-US: Fortinet
CVE-2022-39953 (A improper privilege management in Fortinet FortiNAC version 9.4.0 thr ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-39952 (A external control of file name or path in Fortinet FortiNAC versions ...)
NOT-FOR-US: Fortinet
CVE-2022-39951 (A improper neutralization of special elements used in an os command (' ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-39950 (An improper neutralization of input during web page generation vulnera ...)
NOT-FOR-US: FortiGuard
CVE-2022-39949 (An improper control of a resource through its lifetime vulnerability [ ...)
@@ -61574,7 +61575,7 @@ CVE-2022-33313 (Multiple command injection vulnerabilities exist in the web_serv
CVE-2022-33312 (Multiple command injection vulnerabilities exist in the web_server act ...)
NOT-FOR-US: Robustel R1510
CVE-2022-33309 (Transient DOS due to buffer over-read in WLAN Firmware while parsing s ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33308
RESERVED
CVE-2022-33307
@@ -61636,7 +61637,7 @@ CVE-2022-33280 (Memory corruption due to access of uninitialized pointer in Blue
CVE-2022-33279 (Memory corruption due to stack based buffer overflow in WLAN having in ...)
NOT-FOR-US: Qualcomm
CVE-2022-33278 (Memory corruption due to buffer copy without checking the size of inpu ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33277 (Memory corruption in modem due to buffer copy without checking size of ...)
NOT-FOR-US: Qualcomm
CVE-2022-33276 (Memory corruption due to buffer copy without checking size of input in ...)
@@ -61648,7 +61649,7 @@ CVE-2022-33274 (Memory corruption in android core due to improper validation of
CVE-2022-33273
RESERVED
CVE-2022-33272 (Transient DOS in modem due to reachable assertion. ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33271 (Information disclosure due to buffer over-read in WLAN while parsing N ...)
NOT-FOR-US: Qualcomm
CVE-2022-33270
@@ -61672,19 +61673,19 @@ CVE-2022-33262
CVE-2022-33261
RESERVED
CVE-2022-33260 (Memory corruption due to stack based buffer overflow in core while sen ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33259
RESERVED
CVE-2022-33258
RESERVED
CVE-2022-33257 (Memory corruption in Core due to time-of-check time-of-use race condit ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33256 (Memory corruption due to improper validation of array index in Multi-m ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33255 (Information disclosure due to buffer over-read in Bluetooth HOST while ...)
NOT-FOR-US: Qualcomm
CVE-2022-33254 (Transient DOS due to reachable assertion in Modem while processing SIB ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33253 (Transient DOS due to buffer over-read in WLAN while parsing corrupted ...)
NOT-FOR-US: Qualcomm
CVE-2022-33252 (Information disclosure due to buffer over-read in WLAN while handling ...)
@@ -61692,7 +61693,7 @@ CVE-2022-33252 (Information disclosure due to buffer over-read in WLAN while han
CVE-2022-33251
RESERVED
CVE-2022-33250 (Transient DOS due to reachable assertion in modem when network repeate ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33249
RESERVED
CVE-2022-33248 (Memory corruption in User Identity Module due to integer overflow to b ...)
@@ -61702,13 +61703,13 @@ CVE-2022-33247
CVE-2022-33246 (Memory corruption in Audio due to use of out-of-range pointer offset w ...)
NOT-FOR-US: Qualcomm
CVE-2022-33245 (Memory corruption in WLAN due to use after free ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33244 (Transient DOS due to reachable assertion in modem during MIB reception ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33243 (Memory corruption due to improper access control in Qualcomm IPC. ...)
NOT-FOR-US: Qualcomm
CVE-2022-33242 (Memory corruption due to improper authentication in Qualcomm IPC while ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33241
RESERVED
CVE-2022-33240
@@ -61766,7 +61767,7 @@ CVE-2022-33215
CVE-2022-33214 (Memory corruption in display due to time-of-check time-of-use of metad ...)
NOT-FOR-US: Snapdragon
CVE-2022-33213 (Memory corruption in modem due to buffer overflow while processing a P ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33212
RESERVED
CVE-2022-33211
@@ -78513,7 +78514,7 @@ CVE-2022-27492 (An integer underflow in WhatsApp could have caused remote code e
CVE-2022-27491 (A improper verification of source of a communication channel in Fortin ...)
NOT-FOR-US: FortiGuard
CVE-2022-27490 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-27489 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: Fortinet
CVE-2022-27488
@@ -81560,9 +81561,9 @@ CVE-2022-26427 (In camera isp, there is a possible out of bounds write due to a
CVE-2022-26426 (In camera isp, there is a possible out of bounds write due to a missin ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2022-26418 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-26416 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-26414 (A potential buffer overflow vulnerability was identified in some inter ...)
NOT-FOR-US: Zyxel
CVE-2022-26413 (A command injection vulnerability in the CGI program of Zyxel VMG3312- ...)
@@ -81570,39 +81571,39 @@ CVE-2022-26413 (A command injection vulnerability in the CGI program of Zyxel VM
CVE-2022-26348 (Command Centre Server is vulnerable to SQL Injection via Windows Regis ...)
NOT-FOR-US: gallagher
CVE-2022-26347 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-26339 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-26123 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-26087 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-26078 (Gallagher Controller 6000 is vulnerable to a Denial of Service attack ...)
NOT-FOR-US: Gallagher
CVE-2022-26058 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-26055 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-26053 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-26039 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-26031 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-26027 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-25997 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-25968 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-25957 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-25920 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-25889 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-21224 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused ID
CVE-2022-0864 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0863 (The WP SVG Icons WordPress plugin through 3.2.3 does not properly vali ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f004f5e0e0638ad953b97f9cb704cb897385ed4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f004f5e0e0638ad953b97f9cb704cb897385ed4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230308/08e6477d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list