Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cfd28396 by Salvatore Bonaccorso at 2022-10-12T22:31:59+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33,13 +33,13 @@ CVE-2022-3469
CVE-2022-3468
RESERVED
CVE-2022-3467 (A vulnerability classified as critical was found in Jiusi OA.
Affected ...)
- TODO: check
+ NOT-FOR-US: Jiusi OA
CVE-2022-3466
RESERVED
CVE-2022-3465 (A vulnerability classified as critical was found in Mediabridge
Medial ...)
- TODO: check
+ NOT-FOR-US: Mediabridge Medialink
CVE-2022-3464 (A vulnerability classified as problematic has been found in
puppyCMS u ...)
- TODO: check
+ NOT-FOR-US: puppyCMS
CVE-2022-3463
RESERVED
CVE-2022-3462
@@ -441,7 +441,7 @@ CVE-2022-42717 (An issue was discovered in Hashicorp Packer
before 2.3.1. The re
CVE-2022-42716
RESERVED
CVE-2022-42715 (A reflected XSS vulnerability exists in REDCap before 12.04.18
in the ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2022-42714
RESERVED
CVE-2022-42713
@@ -3487,7 +3487,7 @@ CVE-2022-41404 (An issue in the fetch() method in the
BasicProfile class of org.
- ini4j 0.5.4-1
NOTE: https://sourceforge.net/p/ini4j/bugs/56/
CVE-2022-41403 (OpenCart 3.x Newsletter Custom Popup was discovered to contain
a SQL i ...)
- TODO: check
+ NOT-FOR-US: OpenCart plugin
CVE-2022-41402
RESERVED
CVE-2022-41401
@@ -20795,7 +20795,7 @@ CVE-2022-33967 (squashfs filesystem implementation of
U-Boot versions from v2020
NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/487467.html
NOTE:
https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b390b0a44
(v2022.07-rc6)
CVE-2022-2249 (Privilege escalation related vulnerabilities were discovered in
Avaya ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2022-2248
RESERVED
CVE-2022-2247
@@ -25049,7 +25049,7 @@ CVE-2022-33108 (XPDF v4.04 was discovered to contain a
stack overflow vulnerabil
CVE-2022-33107 (ThinkPHP v6.0.12 was discovered to contain a deserialization
vulnerabi ...)
NOT-FOR-US: ThinkPHP
CVE-2022-33106 (WiJungle NGFW Version U250 was discovered to be vulnerable to
No Rate ...)
- TODO: check
+ NOT-FOR-US: WiJungle NGFW
CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the
component s ...)
- redis <not-affected> (No vulnerable version 7.x was uploaded to
unstable)
NOTE:
https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef
(7.0.1)
@@ -37456,7 +37456,7 @@ CVE-2022-1286 (heap-buffer-overflow in mrb_vm_exec in
mruby/mruby in GitHub repo
CVE-2022-28888 (Spryker Commerce OS 1.4.2 allows Remote Command Execution. ...)
NOT-FOR-US: Spryker Commerce OS
CVE-2022-28887 (Multiple Denial-of-Service (DoS) vulnerability was discovered
in F-Sec ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2022-28886 (A Denial-of-Service vulnerability was discovered in the
F-Secure and W ...)
NOT-FOR-US: F-Secure
CVE-2022-28885 (A Denial-of-Service (DoS) vulnerability was discovered in the
fsicapd ...)
@@ -40719,7 +40719,7 @@ CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS
command injection via she
NOTE:
https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/9209bce8afaf6fde19cdac7f5eaea1b744c3e79e
(0.8.5)
NOTE:
https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/afea0e722f1d14eaf14bf0e5ebb444d3271ff1ef
(0.8.5)
CVE-2022-27810 (It was possible to trigger an infinite recursion condition in
the erro ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2022-27809
RESERVED
CVE-2022-27802 (Acrobat Reader DC versions 22.001.20085 (and earlier),
20.005.3031x (a ...)
@@ -43367,7 +43367,7 @@ CVE-2022-26876
CVE-2022-26875
RESERVED
CVE-2022-26873 (A potential attacker can execute an arbitrary code at the time
of the ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2022-26872
RESERVED
CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex
Central cou ...)
@@ -46692,17 +46692,17 @@ CVE-2022-25667
CVE-2022-25666
RESERVED
CVE-2022-25665 (Information disclosure due to buffer over read in kernel in
Snapdragon ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25664 (Information disclosure due to exposure of information while
GPU reads ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25663 (Possible buffer overflow due to lack of buffer length check
during man ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25662 (Information disclosure due to untrusted pointer dereference in
kernel ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25661 (Memory corruption due to untrusted pointer dereference in
kernel in Sn ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25660 (Memory corruption due to double free issue in kernel in
Snapdragon Aut ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25659 (Memory corruption due to buffer overflow while parsing MKV
clips with ...)
NOT-FOR-US: Qualcomm
CVE-2022-25658 (Memory corruption due to incorrect pointer arithmetic when
attempting ...)
@@ -59238,7 +59238,7 @@ CVE-2022-0032
CVE-2022-0031
RESERVED
CVE-2022-0030 (An authentication bypass vulnerability in the Palo Alto
Networks PAN-O ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2022-0029 (An improper link resolution vulnerability in the Palo Alto
Networks Co ...)
NOT-FOR-US: Palo Alto Networks
CVE-2022-0028 (A PAN-OS URL filtering policy misconfiguration could allow a
network-b ...)
@@ -60860,9 +60860,9 @@ CVE-2022-22080 (Improper validation of backend id in
PCM routing process can lea
CVE-2022-22079
RESERVED
CVE-2022-22078 (Denial of service in BOOT when partition size for a particular
partiti ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22077 (Memory corruption in graphics due to use-after-free in
graphics dispat ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22076
RESERVED
CVE-2022-22075
@@ -72567,27 +72567,27 @@ CVE-2022-20421 (In binder_inc_ref_for_node of
binder.c, there is a possible way
NOTE: https://source.android.com/docs/security/bulletin/2022-10-01
NOTE:
https://git.kernel.org/linus/a0e44c64b6061dda7e00b7c458e4523e2331b739 (6.0-rc4)
CVE-2022-20420 (In getBackgroundRestrictionExemptionReason of
AppRestrictionController ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20419 (In setOptions of ActivityRecord.java, there is a possible load
any arb ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20418 (In pickStartSeq of AAVCAssembler.cpp, there is a possible out
of bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20417 (In audioTransportsToHal of HidlUtils.cpp, there is a possible
out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20416 (In audioTransportsToHal of HidlUtils.cpp, there is a possible
out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20415 (In handleFullScreenIntent of
StatusBarNotificationActivityStarter.java ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20414
RESERVED
CVE-2022-20413 (In start of Threads.cpp, there is a possible way to record
audio durin ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20412 (In fdt_next_tag of fdt.c, there is a possible out of bounds
read due t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20411
RESERVED
CVE-2022-20410 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a
possible o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20409 (In io_identity_cow of io_uring.c, there is a possible way to
corrupt m ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.136-1
@@ -72623,7 +72623,7 @@ CVE-2022-20396 (In SettingsActivity.java, there is a
possible way to make a devi
CVE-2022-20395 (In checkAccess of MediaProvider.java, there is a possible file
deletio ...)
NOT-FOR-US: Android
CVE-2022-20394 (In getInputMethodWindowVisibleHeight of
InputMethodManagerService.java ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20393 (In extract3GPPGlobalDescriptions of TextDescriptions.cpp,
there is a p ...)
NOT-FOR-US: Android
CVE-2022-20392 (In declareDuplicatePermission of ParsedPermissionUtils.java,
there is ...)
@@ -72714,7 +72714,7 @@ CVE-2022-20353 (In onSaveRingtone of
DefaultRingtonePreference.java, there is a
CVE-2022-20352 (In addProviderRequestListener of LocationManagerService.java,
there is ...)
NOT-FOR-US: Android
CVE-2022-20351 (In queryInternal of CallLogProvider.java, there is a possible
access t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20350 (In onCreate of NotificationAccessConfirmationActivity.java,
there is a ...)
NOT-FOR-US: Android
CVE-2022-20349 (In WifiScanningPreferenceController and
BluetoothScanningPreferenceCon ...)
@@ -87712,11 +87712,11 @@ CVE-2021-36917 (WordPress Hide My WP plugin (versions
<= 6.2.3) can be deacti
CVE-2021-36916 (The SQL injection vulnerability in the Hide My WP WordPress
plugin (ve ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36915 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs
Profile ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36914 (Cross-Site Request Forgery (CSRF) vulnerability leading to
Reflected C ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36913 (Unauthenticated Options Change and Content Injection
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36912 (Stored Cross-Site Scripting (XSS) vulnerability in Andrea
Pernici News ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36911 (Stored Cross-Site Scripting (XSS) vulnerability discovered in
WordPres ...)
@@ -87744,7 +87744,7 @@ CVE-2021-36901 (Unauthenticated Stored Cross-Site
Scripting (XSS) vulnerability
CVE-2021-36900
RESERVED
CVE-2021-36899 (Authenticated (admin+) Reflected Cross-Site Scripting (XSS)
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36898
RESERVED
CVE-2021-36897
@@ -139408,7 +139408,7 @@ CVE-2021-0953 (In setOnClickActivityIntent of
SearchWidgetProvider.java, there i
CVE-2021-0952 (In doCropPhoto of PhotoSelectionHandler.java, there is a
possible perm ...)
NOT-FOR-US: Android
CVE-2021-0951 (In DevmemIntHeapAcquire of TBD, there is a possible arbitrary
code exe ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0950
RESERVED
CVE-2021-0949
@@ -139950,7 +139950,7 @@ CVE-2021-0698 (In PVRSRVBridgeHeapCfgHeapDetails,
there is a possible leak of ke
CVE-2021-0697 (In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a
possible use ...)
NOT-FOR-US: Android
CVE-2021-0696 (In dllist_remove_node of TBD, there is a possible use after
free bug d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0695 (In get_sock_stat of xt_qtaguid.c, there is a possible out of
bounds re ...)
- linux <not-affected> (Android-specific xt_qtaguid code)
NOTE: https://source.android.com/security/bulletin/2021-09-01
@@ -174564,11 +174564,11 @@ CVE-2020-14133
CVE-2020-14132
RESERVED
CVE-2020-14131 (The Xiaomi Security Center expresses heartfelt thanks to ADLab
of Venu ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14130 (Some js interfaces in the Xiaomi community were exposed,
causing sensi ...)
NOT-FOR-US: Xiaomi
CVE-2020-14129 (A logic vulnerability exists in a Xiaomi product. The
vulnerability is ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14128
RESERVED
CVE-2020-14127 (A denial of service vulnerability exists in some Xiaomi models
of phon ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd2839695342e0504a98885af74a210c889c98a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd2839695342e0504a98885af74a210c889c98a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
