[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Mar 8 11:22:28 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f004f5e by Moritz Muehlenhoff at 2023-03-08T12:21:55+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -138,7 +138,7 @@ CVE-2020-36667 (The JetBackup – WP Backup, Migrate & Restore plugin fo
 CVE-2023-27892
 	RESERVED
 CVE-2023-27891 (rami.io pretix before 4.17.1 allows OAuth application authorization fr ...)
-	TODO: check
+	NOT-FOR-US: rami.io
 CVE-2023-27890
 	RESERVED
 CVE-2023-27878
@@ -328,7 +328,7 @@ CVE-2023-1199
 CVE-2023-1198
 	RESERVED
 CVE-2023-1197 (Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/commun ...)
-	TODO: check
+	NOT-FOR-US: UVdesk
 CVE-2023-1196
 	RESERVED
 CVE-2023-1195
@@ -820,7 +820,7 @@ CVE-2023-1180 (A vulnerability has been found in SourceCodester Health Center Pa
 CVE-2023-1179 (A vulnerability, which was classified as problematic, was found in Sou ...)
 	NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
 CVE-2008-10004 (A vulnerability was found in Email Registration 5.x-2.1. It has been d ...)
-	TODO: check
+	NOT-FOR-US: Email Registration
 CVE-2023-27634
 	RESERVED
 CVE-2023-27633
@@ -1279,7 +1279,7 @@ CVE-2023-27487
 CVE-2023-27486
 	RESERVED
 CVE-2023-27485 (thmmniii/fbs-core is an open source feedback system for students. In v ...)
-	TODO: check
+	NOT-FOR-US: thmmniii/fbs-core
 CVE-2023-27484
 	RESERVED
 CVE-2023-27483
@@ -1287,11 +1287,11 @@ CVE-2023-27483
 CVE-2023-27482
 	RESERVED
 CVE-2023-27481 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2023-27480 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2023-27479 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2023-27478 (libmemcached-awesome is an open source C/C++ client library and tools  ...)
 	- libmemcached 1.1.4-1 (bug #1032479)
 	[bullseye] - libmemcached <not-affected> (Vulnerable code introduced later)
@@ -1733,9 +1733,9 @@ CVE-2023-27310
 CVE-2023-27309
 	RESERVED
 CVE-2023-23554 (Uncontrolled search path element vulnerability exists in pg_ivm versio ...)
-	TODO: check
+	NOT-FOR-US: pg_ivm
 CVE-2023-22847 (Information disclosure vulnerability exists in pg_ivm versions prior t ...)
-	TODO: check
+	NOT-FOR-US: pg_ivm
 CVE-2023-1098
 	RESERVED
 CVE-2023-1097 (Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vu ...)
@@ -2571,11 +2571,11 @@ CVE-2023-26957
 CVE-2023-26956
 	RESERVED
 CVE-2023-26955 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
-	TODO: check
+	NOT-FOR-US: onekeyadmin
 CVE-2023-26954 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
-	TODO: check
+	NOT-FOR-US: onekeyadmin
 CVE-2023-26953 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
-	TODO: check
+	NOT-FOR-US: onekeyadmin
 CVE-2023-26952
 	RESERVED
 CVE-2023-26951
@@ -2835,7 +2835,7 @@ CVE-2023-26825
 CVE-2023-26824
 	RESERVED
 CVE-2023-26823 (An arbitrary file upload vulnerability in the /admin/template.php comp ...)
-	TODO: check
+	NOT-FOR-US: shopEx
 CVE-2023-26822
 	RESERVED
 CVE-2023-26821
@@ -3455,7 +3455,7 @@ CVE-2022-48346
 CVE-2020-36662
 	RESERVED
 CVE-2015-10087 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpTh ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2015-10086 (A vulnerability, which was classified as critical, was found in OpenCy ...)
 	NOT-FOR-US: OpenCycleCompass
 CVE-2023-26545 (In the Linux kernel before 6.1.13, there is a double free in net/mpls/ ...)
@@ -3596,7 +3596,7 @@ CVE-2023-1005 (A vulnerability was found in JP1016 Markdown-Electron and classif
 CVE-2023-1004 (A vulnerability has been found in MarkText up to 0.17.1 and classified ...)
 	NOT-FOR-US: MarkText
 CVE-2023-1003 (A vulnerability, which was classified as critical, was found in Typora ...)
-	TODO: check
+	NOT-FOR-US: Typora
 CVE-2023-1002 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: MuYuCMS
 CVE-2023-1001
@@ -4882,7 +4882,7 @@ CVE-2023-26056 (XWiki Platform is a generic wiki platform. Starting in version 3
 CVE-2023-26055 (XWiki Commons are technical libraries common to several other top leve ...)
 	NOT-FOR-US: XWiki
 CVE-2023-26054 (BuildKit is a toolkit for converting source code to build artifacts in ...)
-	TODO: check
+	NOT-FOR-US: BuildKit
 CVE-2023-26053 (Gradle is a build tool with a focus on build automation and support fo ...)
 	- gradle <not-affected> (The version of Gradle in Debian doesn't support dependency verification yet)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2174854
@@ -6364,7 +6364,7 @@ CVE-2023-0754 (The affected products are vulnerable to an integer overflow or wr
 CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has bee ...)
 	NOT-FOR-US: dimtion Shaarlier
 CVE-2023-25611 (A improper neutralization of formula elements in a CSV file vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-25610
 	RESERVED
 CVE-2023-25609
@@ -6376,7 +6376,7 @@ CVE-2023-25607
 CVE-2023-25606
 	RESERVED
 CVE-2023-25605 (A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 -  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-25604
 	RESERVED
 CVE-2023-25603
@@ -7179,7 +7179,7 @@ CVE-2023-25306
 CVE-2023-25305
 	RESERVED
 CVE-2023-25304 (Prism Launcher <= 6.1 is vulnerable to Directory Traversal. ...)
-	TODO: check
+	NOT-FOR-US: Prism Launcher
 CVE-2023-25303
 	RESERVED
 CVE-2023-25302
@@ -7327,7 +7327,7 @@ CVE-2023-25232
 CVE-2023-25231 (Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in f ...)
 	NOT-FOR-US: Tenda
 CVE-2023-25230 (loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF). ...)
-	TODO: check
+	NOT-FOR-US: loonflow
 CVE-2023-25229
 	RESERVED
 CVE-2023-25228
@@ -7341,7 +7341,7 @@ CVE-2023-25225
 CVE-2023-25224
 	RESERVED
 CVE-2023-25223 (CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/li ...)
-	TODO: check
+	NOT-FOR-US: CRMEB
 CVE-2023-25222 (A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12 ...)
 	- libredwg <itp> (bug #595191)
 CVE-2023-25221 (Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vuln ...)
@@ -8567,7 +8567,7 @@ CVE-2023-24791
 CVE-2023-24790
 	RESERVED
 CVE-2023-24789 (jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injec ...)
-	TODO: check
+	NOT-FOR-US: jeecg-boot
 CVE-2023-24788
 	RESERVED
 CVE-2023-24787
@@ -8583,9 +8583,9 @@ CVE-2023-24783
 CVE-2023-24782
 	RESERVED
 CVE-2023-24781 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Funadmin
 CVE-2023-24780 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Funadmin
 CVE-2023-24779
 	RESERVED
 CVE-2023-24778
@@ -8595,7 +8595,7 @@ CVE-2023-24777
 CVE-2023-24776 (Funadmin v3.2.0 was discovered to contain a remote code execution (RCE ...)
 	NOT-FOR-US: Funadmin
 CVE-2023-24775 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Funadmin
 CVE-2023-24774
 	RESERVED
 CVE-2023-24773
@@ -8852,7 +8852,7 @@ CVE-2023-24659
 CVE-2023-24658
 	RESERVED
 CVE-2023-24657 (phpipam v1.6 was discovered to contain a reflected cross-site scriptin ...)
-	TODO: check
+	- phpipam <itp> (bug #731713)
 CVE-2023-24656 (Simple Customer Relationship Management System v1.0 was discovered to  ...)
 	NOT-FOR-US: Simple Customer Relationship Management System
 CVE-2023-24655
@@ -10875,7 +10875,7 @@ CVE-2023-23941 (SwagPayPal is a PayPal integration for shopware/platform. If Jav
 CVE-2023-23940 (OpenZeppelin Contracts for Cairo is a library for secure smart contrac ...)
 	NOT-FOR-US: OpenZeppelin Contracts
 CVE-2023-23939 (Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vu ...)
-	TODO: check
+	NOT-FOR-US: Azure/setup-kubectl
 CVE-2023-23938
 	RESERVED
 CVE-2023-23937 (Pimcore is an Open Source Data & Experience Management Platform: P ...)
@@ -11284,7 +11284,7 @@ CVE-2023-23778 (A relative path traversal vulnerability [CWE-23] in FortiWeb ver
 CVE-2023-23777
 	RESERVED
 CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-23775
 	RESERVED
 CVE-2023-23549
@@ -11761,6 +11761,7 @@ CVE-2023-23639
 	RESERVED
 CVE-2023-23638
 	RESERVED
+	NOT-FOR-US: Apache Dubbo
 CVE-2023-0331 (The Correos Oficial WordPress plugin through 1.2.0.2 does not have an  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0330 (A vulnerability in the lsi53c895a device affects the latest version of ...)
@@ -14888,9 +14889,9 @@ CVE-2023-0093 (Okta Advanced Server Access Client versions 1.13.1 through 1.65.0
 CVE-2023-0092
 	RESERVED
 CVE-2023-0090 (The webservices in Proofpoint Enterprise Protection (PPS/POD) contain  ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint
 CVE-2023-0089 (The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a v ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint
 CVE-2022-48228
 	RESERVED
 CVE-2022-48227
@@ -19507,33 +19508,33 @@ CVE-2022-47486
 CVE-2022-47485
 	RESERVED
 CVE-2022-47484 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47483 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47482 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47481 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47480 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47479 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47478 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47477 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47476 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47475 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47474 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47473 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47472 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47471 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47470
 	RESERVED
 CVE-2022-47469
@@ -19551,25 +19552,25 @@ CVE-2022-47464
 CVE-2022-47463
 	RESERVED
 CVE-2022-47462 (In telephone service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47461 (In telephone service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47460 (In gpu device, there is a memory corruption due to a use after free. T ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47459 (In wlan driver, there is a possible missing params check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47458 (In wlan driver, there is a possible missing params check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47457 (In wlan driver, there is a possible missing params check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47456 (In wlan driver, there is a possible missing params check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47455 (In wlan driver, there is a possible missing params check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47454 (In wlan driver, there is a possible missing params check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47453 (In wcn service, there is a possible missing params check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47452 (In gnss driver, there is a possible out of bounds write due to a missi ...)
 	NOT-FOR-US: Unisoc
 CVE-2022-47451 (In wlan driver, there is a possible missing params check. This could l ...)
@@ -23528,7 +23529,7 @@ CVE-2022-46259
 CVE-2022-46258 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
 	NOT-FOR-US: GitHub Enterprise Server
 CVE-2022-46257 (An information disclosure vulnerability was identified in GitHub Enter ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2022-46256 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
 	NOT-FOR-US: GitHub Enterprise Server
 CVE-2022-46255 (An improper limitation of a pathname to a restricted directory vulnera ...)
@@ -24496,7 +24497,7 @@ CVE-2022-45863
 CVE-2022-45862
 	RESERVED
 CVE-2022-45861 (An access of uninitialized pointer vulnerability [CWE-824] in the SSL  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-45860
 	RESERVED
 CVE-2022-45859
@@ -29841,7 +29842,7 @@ CVE-2022-44420
 CVE-2022-44419
 	RESERVED
 CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Mia-Med
 CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2022-3758
@@ -31198,69 +31199,69 @@ CVE-2023-20653
 CVE-2023-20652
 	RESERVED
 CVE-2023-20651 (In apu, there is a possible out of bounds read due to a missing bounds ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20650 (In apu, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20649 (In ril, there is a possible out of bounds read due to a missing bounds ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20648 (In ril, there is a possible out of bounds read due to a missing bounds ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20647 (In ril, there is a possible out of bounds read due to a missing bounds ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20646 (In ril, there is a possible out of bounds read due to a missing bounds ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20645 (In ril, there is a possible out of bounds read due to a missing bounds ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20644 (In ril, there is a possible out of bounds read due to a missing bounds ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20643 (In ril, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20642 (In ril, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20641 (In ril, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20640 (In ril, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20639 (In ril, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20638 (In ril, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20637 (In ril, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20636 (In display drm, there is a possible out of bounds write due to a missi ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20635 (In keyinstall, there is a possible information disclosure due to an in ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20634 (In widevine, there is a possible out of bounds write due to improper i ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20633 (In usb, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20632 (In usb, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20631
 	RESERVED
 CVE-2023-20630 (In usb, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20629
 	RESERVED
 CVE-2023-20628 (In thermal, there is a possible memory corruption due to an uncaught e ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20627 (In pqframework, there is a possible out of bounds write due to a missi ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20626 (In msdc, there is a possible out of bounds write due to an incorrect b ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20625 (In adsp, there is a possible double free due to a race condition. This ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20624 (In vow, there is a possible out of bounds write due to an incorrect bo ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20623 (In ion, there is a possible escalation of privilege due to improper lo ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20622
 	RESERVED
 CVE-2023-20621 (In tinysys, there is a possible out of bounds write due to a missing b ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20620 (In adsp, there is a possible escalation of privilege due to a logic er ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20619 (In vcu, there is a possible memory corruption due to improper locking. ...)
 	NOT-FOR-US: MediaTek
 CVE-2023-20618 (In vcu, there is a possible memory corruption due to improper locking. ...)
@@ -36762,7 +36763,7 @@ CVE-2022-42478
 CVE-2022-42477
 	RESERVED
 CVE-2022-42476 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-42475 (A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VP ...)
 	NOT-FOR-US: FortiOS SSL-VPN
 CVE-2022-42474
@@ -39915,7 +39916,7 @@ CVE-2022-41335 (A relative path traversal vulnerability [CWE-23] in Fortinet For
 CVE-2022-41334 (An improper neutralization of input during web page generation [CWE-79 ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-41333 (An uncontrolled resource consumption vulnerability [CWE-400] in FortiR ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-41332
 	RESERVED
 CVE-2022-41331
@@ -39923,9 +39924,9 @@ CVE-2022-41331
 CVE-2022-41330
 	RESERVED
 CVE-2022-41329 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-41328 (A improper limitation of a pathname to a restricted directory vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-41327
 	RESERVED
 CVE-2022-3291 (Serialization of sensitive data in GitLab EE affecting all versions fr ...)
@@ -41493,7 +41494,7 @@ CVE-2022-40678 (An insufficiently protected credentials in Fortinet FortiNAC ver
 CVE-2022-40677 (A improper neutralization of argument delimiters in a command ('argume ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-40676 (A improper neutralization of input during web page generation ('cross- ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-40675 (Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through  ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
@@ -41940,17 +41941,17 @@ CVE-2022-40542
 CVE-2022-40541
 	RESERVED
 CVE-2022-40540 (Memory corruption due to buffer copy without checking the size of inpu ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-40539 (Memory corruption in Automotive Android OS due to improper validation  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-40538
 	RESERVED
 CVE-2022-40537 (Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_ ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-40536
 	RESERVED
 CVE-2022-40535 (Transient DOS due to buffer over-read in WLAN while sending a packet t ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-40534
 	RESERVED
 CVE-2022-40533
@@ -41958,15 +41959,15 @@ CVE-2022-40533
 CVE-2022-40532
 	RESERVED
 CVE-2022-40531 (Memory corruption in WLAN due to incorrect type cast while sending WMI ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-40530 (Memory corruption in WLAN due to integer overflow to buffer overflow i ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-40529
 	RESERVED
 CVE-2022-40528
 	RESERVED
 CVE-2022-40527 (Transient DOS due to reachable assertion in WLAN while processing PEER ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-40526
 	RESERVED
 CVE-2022-40525
@@ -41990,7 +41991,7 @@ CVE-2022-40517 (Memory corruption in core due to stack-based buffer overflow ...
 CVE-2022-40516 (Memory corruption in Core due to stack-based buffer overflow. ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-40515 (Memory corruption in Video due to double free while playing 3gp clip w ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-40514 (Memory corruption due to buffer copy without checking the size of inpu ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-40513 (Transient DOS due to uncontrolled resource consumption in WLAN firmwar ...)
@@ -43332,11 +43333,11 @@ CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a parti
 CVE-2022-39954 (An improper restriction of xml external entity reference in Fortinet F ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-39953 (A improper privilege management in Fortinet FortiNAC version 9.4.0 thr ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-39952 (A external control of file name or path in Fortinet FortiNAC versions  ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-39951 (A improper neutralization of special elements used in an os command (' ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-39950 (An improper neutralization of input during web page generation vulnera ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-39949 (An improper control of a resource through its lifetime vulnerability [ ...)
@@ -61574,7 +61575,7 @@ CVE-2022-33313 (Multiple command injection vulnerabilities exist in the web_serv
 CVE-2022-33312 (Multiple command injection vulnerabilities exist in the web_server act ...)
 	NOT-FOR-US: Robustel R1510
 CVE-2022-33309 (Transient DOS due to buffer over-read in WLAN Firmware while parsing s ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-33308
 	RESERVED
 CVE-2022-33307
@@ -61636,7 +61637,7 @@ CVE-2022-33280 (Memory corruption due to access of uninitialized pointer in Blue
 CVE-2022-33279 (Memory corruption due to stack based buffer overflow in WLAN having in ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-33278 (Memory corruption due to buffer copy without checking the size of inpu ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-33277 (Memory corruption in modem due to buffer copy without checking size of ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-33276 (Memory corruption due to buffer copy without checking size of input in ...)
@@ -61648,7 +61649,7 @@ CVE-2022-33274 (Memory corruption in android core due to improper validation of
 CVE-2022-33273
 	RESERVED
 CVE-2022-33272 (Transient DOS in modem due to reachable assertion. ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-33271 (Information disclosure due to buffer over-read in WLAN while parsing N ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-33270
@@ -61672,19 +61673,19 @@ CVE-2022-33262
 CVE-2022-33261
 	RESERVED
 CVE-2022-33260 (Memory corruption due to stack based buffer overflow in core while sen ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-33259
 	RESERVED
 CVE-2022-33258
 	RESERVED
 CVE-2022-33257 (Memory corruption in Core due to time-of-check time-of-use race condit ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-33256 (Memory corruption due to improper validation of array index in Multi-m ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-33255 (Information disclosure due to buffer over-read in Bluetooth HOST while ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-33254 (Transient DOS due to reachable assertion in Modem while processing SIB ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-33253 (Transient DOS due to buffer over-read in WLAN while parsing corrupted  ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-33252 (Information disclosure due to buffer over-read in WLAN while handling  ...)
@@ -61692,7 +61693,7 @@ CVE-2022-33252 (Information disclosure due to buffer over-read in WLAN while han
 CVE-2022-33251
 	RESERVED
 CVE-2022-33250 (Transient DOS due to reachable assertion in modem when network repeate ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-33249
 	RESERVED
 CVE-2022-33248 (Memory corruption in User Identity Module due to integer overflow to b ...)
@@ -61702,13 +61703,13 @@ CVE-2022-33247
 CVE-2022-33246 (Memory corruption in Audio due to use of out-of-range pointer offset w ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-33245 (Memory corruption in WLAN due to use after free ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-33244 (Transient DOS due to reachable assertion in modem during MIB reception ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-33243 (Memory corruption due to improper access control in Qualcomm IPC. ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-33242 (Memory corruption due to improper authentication in Qualcomm IPC while ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-33241
 	RESERVED
 CVE-2022-33240
@@ -61766,7 +61767,7 @@ CVE-2022-33215
 CVE-2022-33214 (Memory corruption in display due to time-of-check time-of-use of metad ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-33213 (Memory corruption in modem due to buffer overflow while processing a P ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-33212
 	RESERVED
 CVE-2022-33211
@@ -78513,7 +78514,7 @@ CVE-2022-27492 (An integer underflow in WhatsApp could have caused remote code e
 CVE-2022-27491 (A improper verification of source of a communication channel in Fortin ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-27490 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-27489 (A improper neutralization of special elements used in an os command (' ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-27488
@@ -81560,9 +81561,9 @@ CVE-2022-26427 (In camera isp, there is a possible out of bounds write due to a
 CVE-2022-26426 (In camera isp, there is a possible out of bounds write due to a missin ...)
 	NOT-FOR-US: MediaTek driver for Android
 CVE-2022-26418 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-26416 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-26414 (A potential buffer overflow vulnerability was identified in some inter ...)
 	NOT-FOR-US: Zyxel
 CVE-2022-26413 (A command injection vulnerability in the CGI program of Zyxel VMG3312- ...)
@@ -81570,39 +81571,39 @@ CVE-2022-26413 (A command injection vulnerability in the CGI program of Zyxel VM
 CVE-2022-26348 (Command Centre Server is vulnerable to SQL Injection via Windows Regis ...)
 	NOT-FOR-US: gallagher
 CVE-2022-26347 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-26339 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-26123 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-26087 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-26078 (Gallagher Controller 6000 is vulnerable to a Denial of Service attack  ...)
 	NOT-FOR-US: Gallagher
 CVE-2022-26058 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-26055 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-26053 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-26039 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-26031 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-26027 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-25997 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-25968 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-25957 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-25920 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-25889 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-21224 (This candidate was in a CNA pool that was not assigned to any issues d ...)
-	TODO: check
+	NOT-FOR-US: Unused ID
 CVE-2022-0864 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0863 (The WP SVG Icons WordPress plugin through 3.2.3 does not properly vali ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f004f5e0e0638ad953b97f9cb704cb897385ed4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f004f5e0e0638ad953b97f9cb704cb897385ed4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230308/08e6477d/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list