Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f2fa0826 by Salvatore Bonaccorso at 2022-07-11T22:17:49+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2022-2370
CVE-2022-2369
RESERVED
CVE-2022-2368 (Business Logic Errors in GitHub repository
microweber/microweber prior ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-2367
RESERVED
CVE-2022-35626
@@ -1606,7 +1606,7 @@ CVE-2022-2304 (Stack-based Buffer Overflow in GitHub
repository vim/vim prior to
CVE-2022-2303
RESERVED
CVE-2022-2302 (Multiple Lenze products of the cabinet series skip the password
verifi ...)
- TODO: check
+ NOT-FOR-US: Lenze
CVE-2022-2301 (Buffer Over-read in GitHub repository hpjansson/chafa prior to
1.10.3. ...)
- chafa 1.10.3-1 (unimportant)
NOTE: https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816/
@@ -2150,23 +2150,23 @@ CVE-2022-34747
CVE-2022-34746
RESERVED
CVE-2022-34743 (The AT commands of the USB port have an out-of-bounds read
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-34742 (The system module has a read/write vulnerability. Successful
exploitat ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-34741 (The NFC module has a buffer overflow vulnerability. Successful
exploit ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-34740 (The NFC module has a buffer overflow vulnerability. Successful
exploit ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-34739 (The fingerprint module has a vulnerability of overflow in
arithmetic a ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-34738 (The SystemUI module has a vulnerability in permission control.
If this ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-34737 (The application security module has a vulnerability in
permission assi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-34736 (The frame scheduling module has a null pointer dereference
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-34735 (The frame scheduling module has a null pointer dereference
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-2245
RESERVED
CVE-2022-2244 (An improper authorization vulnerability in GitLab EE/CE
affecting all ...)
@@ -4564,7 +4564,7 @@ CVE-2022-33913 (In Mahara 21.04 before 21.04.6, 21.10
before 21.10.4, and 22.04.
CVE-2022-33912 (A permission issue affects users that deployed the shipped
version of ...)
NOT-FOR-US: Check MK as packaged by upstream
CVE-2022-33911 (An issue was discovered in Couchbase Server 7.x before 7.0.4.
Field na ...)
- TODO: check
+ NOT-FOR-US: Couchbase Server
CVE-2022-33910 (An XSS vulnerability in MantisBT before 2.25.5 allows remote
attackers ...)
- mantis <removed>
CVE-2022-33909
@@ -5046,63 +5046,63 @@ CVE-2022-33715
CVE-2022-33714
RESERVED
CVE-2022-33713 (Implicit Intent hijacking vulnerability in Samsung Cloud prior
to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33712 (Intent redirection vulnerability using implict intent in
Camera prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33711 (Improper validation of integrity check vulnerability in
Samsung USB Dr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33710 (Improper input validation vulnerability in
BillingPackageInsraller in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33709 (Improper input validation vulnerability in
ApexPackageInstaller in Gal ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33708 (Improper input validation vulnerability in
AppsPackageInstaller in Gal ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33707 (Improper identifier creation logic in Find My Mobile prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33706 (Improper access control vulnerability in Samsung Gallery prior
to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33705 (Information exposure in Calendar prior to version
12.3.05.10000 allows ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33704 (Improper validation vulnerability in ucmRetParcelable of
KnoxSDK prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33703 (Improper validation vulnerability in CACertificateInfo prior
to SMR Ju ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33702 (Improper authorization vulnerability in Knoxguard prior to SMR
Jul-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33701 (Improper access control vulnerability in
KnoxCustomManagerService prio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33700 (Exposure of Sensitive Information in putDsaSimImsi in
TelephonyUI prio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33699 (Exposure of Sensitive Information in getDsaSimImsi in
TelephonyUI prio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33698 (Exposure of Sensitive Information in Telecom application prior
to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33697 (Sensitive information exposure vulnerability in
ImsServiceSwitchBase i ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33696 (Exposure of Sensitive Information in Telephony service prior
to SMR Ju ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33695 (Use of improper permission in InputManagerService prior to SMR
Jul-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33694 (Exposure of Sensitive Information in CSC application prior to
SMR Jul- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33693 (Exposure of Sensitive Information in CID Manager prior to SMR
Jul-2022 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33692 (Exposure of Sensitive Information in Messaging application
prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33691 (A possible race condition vulnerability in score driver prior
to SMR J ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33690 (Improper input validation in Contacts Storage prior to SMR
Jul-2022 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33689 (Improper access control vulnerability in TelephonyUI prior to
SMR Jul- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33688 (Sensitive information exposure vulnerability in EventType in
SecTeleph ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33687 (Exposure of Sensitive Information in telephony-common.jar
prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33686 (Exposure of Sensitive Information in GsmAlarmManager prior to
SMR Jul- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33685 (Unprotected dynamic receiver in Wearable Manager Service prior
to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33684
RESERVED
CVE-2022-33683
@@ -6162,7 +6162,7 @@ CVE-2022-33175 (Power Distribution Units running on
Powertek firmware (multiple
CVE-2022-33174 (Power Distribution Units running on Powertek firmware
(multiple brands ...)
NOT-FOR-US: Powertek
CVE-2022-33173 (An algorithm-downgrade issue was discovered in Couchbase
Server before ...)
- TODO: check
+ NOT-FOR-US: Couchbase Server
CVE-2022-33172
RESERVED
CVE-2022-33171 (** DISPUTED ** The findOne function in TypeORM before 0.3.0
can either ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2fa082645fad35c61bb28e0df6441e9a719981f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2fa082645fad35c61bb28e0df6441e9a719981f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
