Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e07b2c97 by Salvatore Bonaccorso at 2022-10-01T10:22:15+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2022-42002 (SonicJS through 0.6.0 allows file overwrite. It has the
following muta ...)
- TODO: check
+ NOT-FOR-US: SonicJS
CVE-2022-41981
RESERVED
CVE-2022-41977
@@ -12859,7 +12859,7 @@ CVE-2022-36967 (In Progress WS_FTP Server prior to
version 8.7.3, multiple refle
CVE-2022-36966
RESERVED
CVE-2022-36965 (Insufficient sanitization of inputs in QoE application input
field cou ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2022-36964
RESERVED
CVE-2022-36963
@@ -12867,7 +12867,7 @@ CVE-2022-36963
CVE-2022-36962
RESERVED
CVE-2022-36961 (A vulnerable component of Orion Platform was vulnerable to SQL
Injecti ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2022-36960
RESERVED
CVE-2022-36959
@@ -13274,7 +13274,7 @@ CVE-2022-36783
CVE-2022-36782 (Pal Electronics Systems - Pal Gate Authorization Errors. The
vulnerabi ...)
NOT-FOR-US: Pal Electronics Systems
CVE-2022-36781 (WiseConnect - ScreenConnect Session Code Bypass. An attacker
would hav ...)
- TODO: check
+ NOT-FOR-US: WiseConnect
CVE-2022-36780 (Avdor CIS - crystal quality Credentials Management Errors. The
product ...)
NOT-FOR-US: Avdor CIS
CVE-2022-36779 (PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular
Router (w ...)
@@ -13967,7 +13967,7 @@ CVE-2022-36450 (Obsidian 0.14.x and 0.15.x before
0.15.5 allows obsidian://hook-
CVE-2022-36449 (An issue was discovered in the Arm Mali GPU Kernel Driver. A
non-privi ...)
NOT-FOR-US: ARM Mali GPU driver
CVE-2022-36448 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-36447 (An inflation issue was discovered in Chia Network CAT1
Standard 1.0.0. ...)
NOT-FOR-US: Chia Network CAT1 Standard
CVE-2022-36446 (software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping
for a U ...)
@@ -14872,9 +14872,9 @@ CVE-2022-36161 (Orange Station 1.0 was discovered to
contain a SQL injection vul
CVE-2022-36160
RESERVED
CVE-2022-36159 (Contec FXA3200 version 1.13 and under were discovered to
contain a har ...)
- TODO: check
+ NOT-FOR-US: Contec FXA3200
CVE-2022-36158 (Contec FXA3200 version 1.13.00 and under suffers from Insecure
Permiss ...)
- TODO: check
+ NOT-FOR-US: Contec FXA3200
CVE-2022-36157 (XXL-JOB all versions as of 11 July 2022 are vulnerable to
Insecure Per ...)
NOT-FOR-US: XXL-JOB
CVE-2022-36156
@@ -15154,11 +15154,11 @@ CVE-2022-36069 (Poetry is a dependency manager for
Python. When handling depende
NOTE:
https://github.com/python-poetry/poetry/security/advisories/GHSA-9xgj-fcgf-x6mw
TODO: check details, CVE associated with poetry (and fixed in 1.1.9),
though changes in poetry-core
CVE-2022-36068 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2022-36067 (vm2 is a sandbox that can run untrusted code with whitelisted
Node's b ...)
NOT-FOR-US: Node vm2
CVE-2022-36066 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2022-36065 (GrowthBook is an open-source platform for feature flagging and
A/B tes ...)
NOT-FOR-US: GrowthBook
CVE-2022-36064 (Shescape is a shell escape package for JavaScript. An
Inefficient Regu ...)
@@ -15253,7 +15253,7 @@ CVE-2022-36027 (TensorFlow is an open source platform
for machine learning. When
CVE-2022-36026 (TensorFlow is an open source platform for machine learning. If
`Quanti ...)
- tensorflow <itp> (bug #804612)
CVE-2022-36025 (Besu is a Java-based Ethereum client. In versions newer than
22.1.3 an ...)
- TODO: check
+ NOT-FOR-US: Hyperledger Besu
CVE-2022-36024 (py-cord is a an API wrapper for Discord written in Python.
Bots creati ...)
NOT-FOR-US: py-cord
CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned
distributed led ...)
@@ -15525,7 +15525,7 @@ CVE-2022-35898
CVE-2022-35897
RESERVED
CVE-2022-35896 (An issue SMM memory leak vulnerability in SMM driver (SMRAM
was discov ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-35895 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
NOT-FOR-US: Insyde
CVE-2022-35894 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
@@ -15541,7 +15541,7 @@ CVE-2022-35890 (An issue was discovered in Inductive
Automation Ignition before
CVE-2022-35889
RESERVED
CVE-2022-35888 (Ampere Altra and Ampere Altra Max devices through 2022-07-15
allow att ...)
- TODO: check
+ NOT-FOR-US: Ampere Altra and Ampere Altra Max devices
CVE-2022-35887
RESERVED
CVE-2022-35886
@@ -17212,7 +17212,7 @@ CVE-2022-35259
CVE-2022-35258
RESERVED
CVE-2022-35257 (A local privilege escalation vulnerability in UI Desktop for
Windows ( ...)
- TODO: check
+ NOT-FOR-US: UI Desktop for Windows
CVE-2022-35256 [HTTP Request Smuggling Due to Incorrect Parsing of Header
Fields]
RESERVED
- nodejs 18.10.0+dfsg-1
@@ -17487,9 +17487,9 @@ CVE-2022-35158 (A vulnerability in the lua parser of
TscanCode tsclua v2.15.01 a
CVE-2022-35157
RESERVED
CVE-2022-35156 (Bus Pass Management System 1.0 was discovered to contain a SQL
Injecti ...)
- TODO: check
+ NOT-FOR-US: Bus Pass Management System
CVE-2022-35155 (Bus Pass Management System v1.0 was discovered to contain a
reflected ...)
- TODO: check
+ NOT-FOR-US: Bus Pass Management System
CVE-2022-35154 (Shopro Mall System v1.3.8 was discovered to contain a SQL
injection vu ...)
NOT-FOR-US: Shopro Mall System
CVE-2022-35153 (FusionPBX 5.0.1 was discovered to contain a command injection
vulnerab ...)
@@ -17525,7 +17525,7 @@ CVE-2022-35139
CVE-2022-35138
RESERVED
CVE-2022-35137 (DGIOT Lightweight industrial IoT v4.5.4 was discovered to
contain mult ...)
- TODO: check
+ NOT-FOR-US: DGIOT Lightweight industrial IoT
CVE-2022-35136
RESERVED
CVE-2022-35135
@@ -19639,9 +19639,9 @@ CVE-2022-34431
CVE-2022-34430
RESERVED
CVE-2022-34429 (Dell Hybrid Client below 1.8 version contains a Zip Slip
Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34428 (Dell Hybrid Client prior to version 1.8 contains a Regular
Expression ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34427
RESERVED
CVE-2022-34426
@@ -19649,7 +19649,7 @@ CVE-2022-34426
CVE-2022-34425
RESERVED
CVE-2022-34424 (Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x
contain a v ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34423
RESERVED
CVE-2022-34422
@@ -19709,7 +19709,7 @@ CVE-2022-34396
CVE-2022-34395
RESERVED
CVE-2022-34394 (Dell OS10, version 10.5.3.4, contains an Improper Certificate
Validati ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34393
RESERVED
CVE-2022-34392
@@ -20027,7 +20027,7 @@ CVE-2022-2179 (The X-Frame-Options header in Rockwell
Automation MicroLogix 1100
CVE-2022-2178
RESERVED
CVE-2022-2177 (Kayrasoft product before version 2 has an unauthenticated SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: Kayrasoft
CVE-2022-2176
RESERVED
CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
@@ -21234,7 +21234,7 @@ CVE-2022-2102 (Controls limiting uploads to certain
file extensions may be bypas
CVE-2022-2101 (The Download Manager plugin for WordPress is vulnerable to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33880 (hms-staff.php in Projectworlds Hospital Management System
Mini-Project ...)
- TODO: check
+ NOT-FOR-US: Projectworlds Hospital Management System Mini-Project
CVE-2022-33879 (The initial fixes in CVE-2022-30126 and CVE-2022-30973 for
regexes in ...)
- tika <unfixed> (bug #1015002)
[bullseye] - tika <no-dsa> (Minor issue)
@@ -27851,7 +27851,7 @@ CVE-2022-31369
CVE-2022-31368
RESERVED
CVE-2022-31367 (Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden
attribute ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2022-31366
RESERVED
CVE-2022-31365
@@ -29307,7 +29307,7 @@ CVE-2022-1718 (The trudesk application allows large
characters to insert in the
CVE-2022-30936
RESERVED
CVE-2022-30935 (An authorization bypass in b2evolution allows remote,
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: b2evolution CMS
CVE-2022-30934
RESERVED
CVE-2022-30933
@@ -31601,7 +31601,7 @@ CVE-2019-25060 (The WPGraphQL WordPress plugin before
0.3.5 doesn't properly res
CVE-2022-30125
RESERVED
CVE-2022-30124 (An improper authentication vulnerability exists in Rocket.Chat
Mobile ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat Mobile App
CVE-2022-30123 [Possible shell escape sequence injection vulnerability in Rack]
RESERVED
{DLA-3095-1}
@@ -31886,9 +31886,9 @@ CVE-2022-30006
CVE-2022-30005
RESERVED
CVE-2022-30004 (Sourcecodester Online Market Place Site v1.0 suffers from an
unauthent ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Market Place Site
CVE-2022-30003 (Sourcecodester Online Market Place Site 1.0 is vulnerable to
Cross Sit ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Market Place Site
CVE-2022-30002 (Insurance Management System 1.0 is vulnerable to SQL Injection
via /in ...)
NOT-FOR-US: Sourcecodester Insurance Management System
CVE-2022-30001 (Insurance Management System 1.0 is vulnerable to SQL Injection
via /in ...)
@@ -34671,7 +34671,7 @@ CVE-2022-29091 (Dell Unity, Dell UnityVSA, and Dell
UnityXT versions prior to 5.
CVE-2022-29090 (Dell Wyse Management Suite 3.6.1 and below contains a
Sensitive Data E ...)
NOT-FOR-US: Dell Wyse Management Suite
CVE-2022-29089 (Dell Networking OS10, versions prior to October 2021 with
Smart Fabric ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-29088
RESERVED
CVE-2022-29087
@@ -35350,7 +35350,7 @@ CVE-2022-28853 (Adobe InDesign versions 16.4.2 (and
earlier) and 17.3 (and earli
CVE-2022-28852 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and
earlier) ar ...)
NOT-FOR-US: Adobe
CVE-2022-28851 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is
affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28850 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by an o ...)
NOT-FOR-US: Adobe
CVE-2022-28849 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by a Us ...)
@@ -35661,9 +35661,9 @@ CVE-2022-28724
CVE-2022-28723
RESERVED
CVE-2022-28722 (Certain HP Print Products are potentially vulnerable to Buffer
Overflo ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-28721 (Certain HP Print Products are potentially vulnerable to Remote
Code Ex ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-28720
RESERVED
CVE-2022-28711 (A memory corruption vulnerability exists in the cgi.c unescape
functio ...)
@@ -41672,7 +41672,7 @@ CVE-2022-26709
CVE-2022-26708 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-26707 (An issue in the handling of environment variables was
addressed with i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-26706 (An access issue was addressed with additional sandbox
restrictions on ...)
NOT-FOR-US: Apple
CVE-2022-26705
@@ -43440,7 +43440,7 @@ CVE-2022-26114 (An improper neutralization of input
during web page generation v
CVE-2022-26113 (An execution with unnecessary privileges vulnerability
[CWE-250] in Fo ...)
NOT-FOR-US: Fortinet
CVE-2022-26112 (In 0.10.0 or older versions of Apache Pinot, Pinot query
endpoint and ...)
- TODO: check
+ NOT-FOR-US: Apache Pinot
CVE-2022-26042 (An OS command injection vulnerability exists in the daretools
binary f ...)
NOT-FOR-US: InHand Networks InRouter302
CVE-2022-26007 (An OS command injection vulnerability exists in the console
factory fu ...)
@@ -51303,7 +51303,7 @@ CVE-2022-23728 (Attacker can reset the device with AT
Command in the process of
CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS
TVs. Due t ...)
NOT-FOR-US: LG
CVE-2022-23726 (PingCentral versions prior to listed versions expose Spring
Boot actua ...)
- TODO: check
+ NOT-FOR-US: pingidentity
CVE-2022-23725 (PingID Windows Login prior to 2.8 does not properly set
permissions on ...)
NOT-FOR-US: pingidentity
CVE-2022-23724 (Use of static encryption key material allows forging an
authentication ...)
@@ -53292,7 +53292,7 @@ CVE-2022-23146
CVE-2022-23145
RESERVED
CVE-2022-23144 (There is a broken access control vulnerability in ZTE ZXvSTB
product. ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2022-23143
RESERVED
CVE-2022-23142 (ZXEN CG200 has a DoS vulnerability. An attacker could
construct and se ...)
@@ -53732,7 +53732,7 @@ CVE-2022-23008 (On NGINX Controller API Management
versions 3.18.0-3.19.0, an au
CVE-2022-23007
RESERVED
CVE-2022-23006 (A stack-based buffer overflow vulnerability was found on
Western Digit ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-23005
RESERVED
CVE-2022-23004 (When computing a shared secret or point multiplication on the
NIST P-2 ...)
@@ -55353,7 +55353,7 @@ CVE-2022-22612 (A memory consumption issue was
addressed with improved memory ha
CVE-2022-22611 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
CVE-2022-22610 (A memory corruption issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22609 (The issue was addressed with additional permissions checks.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-22608 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
@@ -60989,7 +60989,7 @@ CVE-2022-21828 (A user with high privilege access to
the Incapptic Connect web c
CVE-2022-21827 (An improper privilege vulnerability has been discovered in
Citrix Gate ...)
NOT-FOR-US: Citrix
CVE-2022-21826 (Pulse Secure version 9.115 and below may be susceptible to
client-side ...)
- TODO: check
+ NOT-FOR-US: Pulse Secure
CVE-2022-21825 (An Improper Access Control vulnerability exists in Citrix
Workspace Ap ...)
NOT-FOR-US: Citrix
CVE-2022-21823 (A insecure storage of sensitive information vulnerability
exists in Iv ...)
@@ -67434,7 +67434,7 @@ CVE-2022-20947
CVE-2022-20946
RESERVED
CVE-2022-20945 (A vulnerability in the 802.11 association frame validation of
Cisco Ca ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20944
RESERVED
CVE-2022-20943
@@ -67464,7 +67464,7 @@ CVE-2022-20932
CVE-2022-20931
RESERVED
CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could
allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20929
RESERVED
CVE-2022-20928
@@ -67486,7 +67486,7 @@ CVE-2022-20921 (A vulnerability in the API
implementation of Cisco ACI Multi-Sit
CVE-2022-20920
RESERVED
CVE-2022-20919 (A vulnerability in the processing of malformed Common
Industrial Proto ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20918
RESERVED
CVE-2022-20917
@@ -67612,9 +67612,9 @@ CVE-2022-20858 (Multiple vulnerabilities in Cisco Nexus
Dashboard could allow an
CVE-2022-20857 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow
an unaut ...)
NOT-FOR-US: Cisco
CVE-2022-20856 (A vulnerability in the processing of Control and Provisioning
of Wirel ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20855 (A vulnerability in the self-healing functionality of Cisco IOS
XE Soft ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20854
RESERVED
CVE-2022-20853
@@ -67622,21 +67622,21 @@ CVE-2022-20853
CVE-2022-20852 (Multiple vulnerabilities in the web interface of Cisco Webex
Meetings ...)
NOT-FOR-US: Cisco
CVE-2022-20851 (A vulnerability in the web UI feature of Cisco IOS XE Software
could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20850 (A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN
Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20849
RESERVED
CVE-2022-20848 (A vulnerability in the UDP processing functionality of Cisco
IOS XE So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20847 (A vulnerability in the DHCP processing functionality of Cisco
IOS XE W ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20846
RESERVED
CVE-2022-20845
RESERVED
CVE-2022-20844 (A vulnerability in authentication mechanism of Cisco
Software-Defined ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20843
RESERVED
CVE-2022-20842 (Multiple vulnerabilities in Cisco Small Business RV160, RV260,
RV340, ...)
@@ -67688,7 +67688,7 @@ CVE-2022-20820 (Multiple vulnerabilities in the web
interface of Cisco Webex Mee
CVE-2022-20819 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
CVE-2022-20818 (Multiple vulnerabilities in the CLI of Cisco SD-WAN Software
could all ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20817 (A vulnerability in Cisco Unified IP Phones could allow an
unauthentica ...)
NOT-FOR-US: Cisco
CVE-2022-20816 (A vulnerability in the web-based management interface of Cisco
Unified ...)
@@ -67704,7 +67704,7 @@ CVE-2022-20812 (Multiple vulnerabilities in the API and
in the web-based managem
CVE-2022-20811
RESERVED
CVE-2022-20810 (A vulnerability in the Simple Network Management Protocol
(SNMP) of Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20809 (Multiple vulnerabilities in the API and web-based management
interface ...)
NOT-FOR-US: Cisco
CVE-2022-20808 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM
On-Prem) ...)
@@ -67788,7 +67788,7 @@ CVE-2022-20777 (Multiple vulnerabilities in Cisco
Enterprise NFV Infrastructure
CVE-2022-20776
RESERVED
CVE-2022-20775 (Multiple vulnerabilities in the CLI of Cisco SD-WAN Software
could all ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20774 (A vulnerability in the web-based management interface of Cisco
IP Phon ...)
NOT-FOR-US: Cisco
CVE-2022-20773 (A vulnerability in the key-based SSH authentication mechanism
of Cisco ...)
@@ -67808,7 +67808,7 @@ CVE-2022-20770 (On April 20, 2022, the following
vulnerability in the ClamAV sca
[buster] - clamav 0.103.6+dfsg-0+deb10u1
NOTE:
https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
CVE-2022-20769 (A vulnerability in the authentication functionality of Cisco
Wireless ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20768 (A vulnerability in the logging component of Cisco TelePresence
Collabo ...)
NOT-FOR-US: Cisco
CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco
Firepow ...)
@@ -67890,7 +67890,7 @@ CVE-2022-20730 (A vulnerability in the Security
Intelligence feed feature of Cis
CVE-2022-20729 (A vulnerability in CLI of Cisco Firepower Threat Defense (FTD)
Softwar ...)
NOT-FOR-US: Cisco Firepower
CVE-2022-20728 (A vulnerability in the client forwarding code of multiple
Cisco Access ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20727 (Multiple vulnerabilities in the Cisco IOx application hosting
environm ...)
NOT-FOR-US: Cisco IOx
CVE-2022-20726 (Multiple vulnerabilities in the Cisco IOx application hosting
environm ...)
@@ -68027,7 +68027,7 @@ CVE-2022-20664 (A vulnerability in the web management
interface of Cisco Secure
CVE-2022-20663
RESERVED
CVE-2022-20662 (A vulnerability in the smart card login authentication of
Cisco Duo fo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20661 (Multiple vulnerabilities that affect Cisco Catalyst Digital
Building S ...)
NOT-FOR-US: Cisco
CVE-2022-20660 (A vulnerability in the information storage architecture of
several Cis ...)
@@ -70399,33 +70399,33 @@ CVE-2022-20400 (In cd_CodeMsg of cd_codec.c, there is
a possible out of bounds w
CVE-2022-20399 (In the SEPolicy configuration of system apps, there is a
possible acce ...)
NOT-FOR-US: Android
CVE-2022-20398 (In addOrUpdateNetwork of WifiServiceImpl.java, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20397
RESERVED
CVE-2022-20396 (In SettingsActivity.java, there is a possible way to make a
device dis ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20395 (In checkAccess of MediaProvider.java, there is a possible file
deletio ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20394
RESERVED
CVE-2022-20393 (In extract3GPPGlobalDescriptions of TextDescriptions.cpp,
there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20392 (In declareDuplicatePermission of ParsedPermissionUtils.java,
there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20391 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-238257000 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20390 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-238257002 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20389 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-238257004 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20388 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-238227323 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20387 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-238227324 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20386 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-238227328 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20385 (a function called 'nla_parse', do not check the len of para,
it will c ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20384 (Product: AndroidVersions: Android kernelAndroid ID:
A-211727306Referen ...)
NOT-FOR-US: Android
CVE-2022-20383 (In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there
is a pos ...)
@@ -70472,7 +70472,7 @@ CVE-2022-20366 (In ioctl_dpm_clk_update of
lwis_ioctl.c, there is a possible out
CVE-2022-20365 (Product: AndroidVersions: Android kernelAndroid ID:
A-229632566Referen ...)
NOT-FOR-US: Android
CVE-2022-20364 (In sysmmu_unmap of TBD, there is a possible out of bounds
write due to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20363
RESERVED
CVE-2022-20362 (In Bluetooth, there is a possible out of bounds write due to
an intege ...)
@@ -70738,7 +70738,7 @@ CVE-2022-20233 (In param_find_digests_internal and
related functions of the Tita
CVE-2022-20232
RESERVED
CVE-2022-20231 (In smc_intc_request_fiq of arm_gic.c, there is a possible out
of bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20230 (In choosePrivateKeyAlias of KeyChain.java, there is a possible
access ...)
NOT-FOR-US: Android
CVE-2022-20229 (In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc,
there i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e07b2c9714657b4fd9f81341a5c6586139b7d2f7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e07b2c9714657b4fd9f81341a5c6586139b7d2f7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
