Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a4b5acf by Salvatore Bonaccorso at 2022-09-02T15:07:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6944,7 +6944,7 @@ CVE-2022-36602 (InnoSilicon A10 a10_20200924_120556 was
discovered to contain a
CVE-2022-36601 (The Eclipse TCF debug interface in
JasMiner-X4-Server-20220621-090907 ...)
TODO: check
CVE-2022-36600 (BlogEngine v3.3.8.0 was discovered to contain a cross-site
scripting ( ...)
- TODO: check
+ NOT-FOR-US: BlogEngine
CVE-2022-36599 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection
vulnerab ...)
NOT-FOR-US: Mingsoft MCMS
CVE-2022-36598
@@ -6958,7 +6958,7 @@ CVE-2022-36595
CVE-2022-36594 (Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL
injection vuln ...)
TODO: check
CVE-2022-36593 (kkFileView v4.0.0 was discovered to contain an arbitrary file
deletion ...)
- TODO: check
+ NOT-FOR-US: kkFileView
CVE-2022-36592
RESERVED
CVE-2022-36591
@@ -12866,7 +12866,7 @@ CVE-2022-34382
CVE-2022-34381
RESERVED
CVE-2022-34380 (Dell CloudLink 7.1.3 and all earlier versions contain an
Authenticatio ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34379 (Dell EMC CloudLink 7.1.2 and all prior versions contain an
Authenticat ...)
NOT-FOR-US: EMC
CVE-2022-34378
@@ -12882,7 +12882,7 @@ CVE-2022-34374 (Dell Container Storage Modules 1.2
contains an OS command inject
CVE-2022-34373 (Dell Command | Integration Suite for System Center, versions
prior to ...)
NOT-FOR-US: Dell
CVE-2022-34372 (Dell PowerProtect Cyber Recovery versions before 19.11.0.2
contain an ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34371
RESERVED
CVE-2022-34370
@@ -16583,7 +16583,7 @@ CVE-2022-32896
CVE-2022-32895
RESERVED
CVE-2022-32894 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32893 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
{DSA-5220-1 DSA-5219-1 DLA-3087-1}
- webkit2gtk 2.36.7-1
@@ -16660,7 +16660,7 @@ CVE-2022-32859
CVE-2022-32858
RESERVED
CVE-2022-32857 (This issue was addressed by using HTTPS when sending
information over ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32856
RESERVED
CVE-2022-32855
@@ -16694,19 +16694,19 @@ CVE-2022-32842
CVE-2022-32841
RESERVED
CVE-2022-32840 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32839 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32838 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32837 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32836
RESERVED
CVE-2022-32835
RESERVED
CVE-2022-32834 (An access issue was addressed with improvements to the
sandbox. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32833
RESERVED
CVE-2022-32832
@@ -16752,13 +16752,13 @@ CVE-2022-32815
CVE-2022-32814
RESERVED
CVE-2022-32813 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32812 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32811 (A memory corruption vulnerability was addressed with improved
locking. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32810 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32809
RESERVED
CVE-2022-32808
@@ -16792,7 +16792,7 @@ CVE-2022-32795
CVE-2022-32794
RESERVED
CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with
improved bound ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input
validation]
RESERVED
{DSA-5211-1 DSA-5210-1 DLA-3073-1}
@@ -21292,7 +21292,7 @@ CVE-2022-31235
CVE-2022-31234 (Dell EMC PowerStore, contain(s) an Improper Restriction of
Excessive A ...)
NOT-FOR-US: Dell
CVE-2022-31233 (Unisphere for PowerMax versions before 9.2.3.15 contain a
privilege es ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-31232 (SmartFabric storage software version 1.0.0 contains a
Command-Injectio ...)
NOT-FOR-US: SmartFabric storage software
CVE-2022-31231
@@ -29048,7 +29048,7 @@ CVE-2022-28627 (A local arbitrary code execution
vulnerability was discovered in
CVE-2022-28626 (A local arbitrary code execution vulnerability was discovered
in HPE I ...)
NOT-FOR-US: HPE
CVE-2022-28625 (A local disclosure of sensitive information vulnerability was
discover ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-28624 (A potential security vulnerability has been identified in
certain HPE ...)
NOT-FOR-US: HPE
CVE-2022-28623 (Security vulnerabilities in HPE IceWall SSO 10.0 certd could
be exploi ...)
@@ -35101,11 +35101,11 @@ CVE-2022-26530 (swaylock before 1.6 allows attackers
to trigger a crash and achi
NOTE:
https://github.com/swaywm/swaylock/commit/1d1c75b6316d21933069a9d201f966d84099f6ca
(1.6)
NOTE: https://github.com/swaywm/swaylock/pull/219
CVE-2022-26529 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow
vulnera ...)
- TODO: check
+ NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK
CVE-2022-26528 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow
vulnera ...)
- TODO: check
+ NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK
CVE-2022-26527 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow
vulnera ...)
- TODO: check
+ NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK
CVE-2022-26526 (Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0
and Min ...)
NOT-FOR-US: Anaconda Python
CVE-2022-26525
@@ -37609,7 +37609,7 @@ CVE-2022-25638 (In wolfSSL before 5.2.0, certificate
validation may be bypassed
CVE-2022-25637
RESERVED
CVE-2022-25635 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow
vulnera ...)
- TODO: check
+ NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK
CVE-2022-25634 (Qt through 5.15.8 and 6.x through 6.2.3 can load system
library files ...)
- qt6-base <not-affected> (Vulnerable code specific to Windows platform)
- qtbase-opensource-src <not-affected> (Vulnerable code specific to
Windows platform)
@@ -107189,7 +107189,7 @@ CVE-2021-25659 (A vulnerability has been identified
in Automation License Manage
CVE-2021-25658
RESERVED
CVE-2021-25657 (A privilege escalation vulnerability was discovered in Avaya
IP Office ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2021-25656 (Stored XSS injection vulnerabilities were discovered in the
Avaya Aura ...)
NOT-FOR-US: Avaya
CVE-2021-25655 (A vulnerability in the system Service Menu component of Avaya
Aura Exp ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a4b5acf6004f4f6ddaae73a5eef1d47401b04de
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a4b5acf6004f4f6ddaae73a5eef1d47401b04de
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
