[Git][security-tracker-team/security-tracker][master] 2 commits: Lower some severities

Salvatore Bonaccorso (@carnil) Fri, 19 Aug 2022 02:33:15 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1dcdf771 by Salvatore Bonaccorso at 2022-08-19T11:31:00+02:00
Lower some severities

- - - - -
a8adc525 by Salvatore Bonaccorso at 2022-08-19T11:32:34+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24139,7 +24139,7 @@ CVE-2022-27493 (Improper initialization in the firmware 
for some Intel(R) NUC La
 CVE-2022-26424
        RESERVED
 CVE-2022-25899 (Authentication bypass for the Open AMT Cloud Toolkit software 
maintain ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-1406 (Improper input validation in GitLab CE/EE affecting all 
versions from  ...)
        - gitlab <unfixed>
 CVE-2022-29504
@@ -26319,7 +26319,7 @@ CVE-2022-28709 (Improper access control in the firmware 
for some Intel(R) E810 E
 CVE-2022-28698
        RESERVED
 CVE-2022-28696 (Uncontrolled search path in the Intel(R) Distribution for 
Python befor ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-28694
        RESERVED
 CVE-2022-28688
@@ -29926,7 +29926,7 @@ CVE-2022-27502 (RealVNC VNC Server 6.9.0 through 5.1.0 
for Windows allows local
 CVE-2022-27501
        RESERVED
 CVE-2022-27500 (Incorrect default permissions for the Intel(R) Support Android 
applica ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-27233
        RESERVED
 CVE-2022-27229
@@ -29948,7 +29948,7 @@ CVE-2022-26024
 CVE-2022-26017 (Improper access control in the Intel(R) DSA software for 
before versio ...)
        TODO: check
 CVE-2022-25841 (Uncontrolled search path elements in the Intel(R) Datacenter 
Group Eve ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and 
Webadmin ...)
        NOT-FOR-US: Sophos
 CVE-2022-1039 (The weak password on the web user interface can be exploited 
via HTTP  ...)
@@ -33346,7 +33346,7 @@ CVE-2022-26086
 CVE-2022-26083
        RESERVED
 CVE-2022-26074 (Incomplete cleanup in a firmware subsystem for Intel(R) SPS 
before ver ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-26072
        RESERVED
 CVE-2022-26056
@@ -33360,11 +33360,11 @@ CVE-2022-26028
 CVE-2022-26006
        RESERVED
 CVE-2022-25999 (Uncontrolled search path element in the Intel(R) Enpirion(R) 
Digital P ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-25992
        RESERVED
 CVE-2022-25966 (Improper access control in the Intel(R) Edge Insights for 
Industrial s ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-25922 (Power Line Communications PLC4TRUCKS J2497 trailer brake 
controllers i ...)
        NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer brake 
controllers
 CVE-2022-25917
@@ -35967,17 +35967,17 @@ CVE-2022-24436 (Observable behavioral in power 
management throttling for some In
        NOTE: https://www.hertzbleed.com/
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html
 CVE-2022-24378 (Improper initialization in the Intel(R) Data Center Manager 
software b ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-24067
        RESERVED
 CVE-2022-23403 (Improper input validation in the Intel(R) Data Center Manager 
software ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-23182 (Improper access control in the Intel(R) Data Center Manager 
software b ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-22139 (Uncontrolled search path in the Intel(R) XTU software before 
version 7 ...)
        NOT-FOR-US: Intel
 CVE-2022-21225 (Improper access control in the Intel(R) Data Center Manager 
software b ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-21198
        RESERVED
 CVE-2022-21183
@@ -36467,7 +36467,7 @@ CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) 
before 2.4.5 lacks certain
 CVE-2022-25229 (Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API 
Server(s)' fiel ...)
        NOT-FOR-US: Popcorn Time
 CVE-2022-25228 (CandidATS Version 3.0.0 Beta allows an authenticated user to 
inject SQ ...)
-       TODO: check
+       NOT-FOR-US: CandidATS
 CVE-2022-25227 (Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource 
Sharing (CORS ...)
        NOT-FOR-US: Thinfinity VNC
 CVE-2022-25226 (ThinVNC version 1.0b1 allows an unauthenticated user to bypass 
the aut ...)
@@ -39036,9 +39036,9 @@ CVE-2022-23917
 CVE-2022-23914
        RESERVED
 CVE-2022-22730 (Improper authentication in the Intel(R) Edge Insights for 
Industrial s ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-21807 (Uncontrolled search path elements in the Intel(R) VTune(TM) 
Profiler s ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-21795
        RESERVED
 CVE-2022-21233 (Improper isolation of shared resources in some Intel(R) 
Processors may ...)
@@ -51781,7 +51781,7 @@ CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw 
was found in the NFSD in
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025101
        NOTE: 
https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2)
 CVE-2022-21812 (Improper access control in the Intel(R) HAXM software before 
version 7 ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-21804
        RESERVED
 CVE-2022-21794
@@ -130555,17 +130555,17 @@ CVE-2020-27792
 CVE-2020-27791
        REJECTED
 CVE-2020-27790 (A floating point exception issue was discovered in UPX in 
PackLinuxElf ...)
-       - upx-ucl 3.96-1
+       - upx-ucl 3.96-1 (unimportant)
        NOTE: https://github.com/upx/upx/issues/331
        NOTE: 
https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26 
(v3.96)
 CVE-2020-27789
        REJECTED
 CVE-2020-27788 (An out-of-bounds read access vulnerability was discovered in 
UPX in Pa ...)
-       - upx-ucl 3.96-1
+       - upx-ucl 3.96-1 (unimportant)
        NOTE: https://github.com/upx/upx/issues/332
        NOTE: 
https://github.com/upx/upx/commit/1bb93d4fce9f1d764ba57bf5ac154af515b3fc83 
(v3.96)
 CVE-2020-27787 (A Segmentaation fault was found in UPX in invert_pt_dynamic() 
function ...)
-       - upx-ucl 3.96-1
+       - upx-ucl 3.96-1 (unimportant)
        NOTE: https://github.com/upx/upx/issues/333
        NOTE: 
https://github.com/upx/upx/commit/e2f60adc95334f47e286838dac33160819c5d74d 
(v3.96)
 CVE-2020-27786 (A flaw was found in the Linux kernel&#8217;s implementation of 
MIDI, w ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f2c71536279d28ffd462b5b33a76cc5e754366c...a8adc525353e4e36ba98eb11c787494d4b470be1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f2c71536279d28ffd462b5b33a76cc5e754366c...a8adc525353e4e36ba98eb11c787494d4b470be1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Lower some severities

Reply via email to