Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9f90001b by Moritz Muehlenhoff at 2022-10-15T19:47:37+02:00
NFUs
more harmless otfcc issues (not built)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30,7 +30,7 @@ CVE-2022-42950
CVE-2022-42949
RESERVED
CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in
releases ...)
- TODO: check
+ NOT-FOR-US: Mikrotik
CVE-2022-42948
RESERVED
CVE-2022-42947
@@ -112,17 +112,17 @@ CVE-2022-3508
CVE-2022-3507
RESERVED
CVE-2022-3506 (Cross-site Scripting (XSS) - Stored in GitHub repository
barrykooij/re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3505 (A vulnerability was found in SourceCodester Sanitization
Management Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3504 (A vulnerability was found in SourceCodester Sanitization
Management Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-42919
RESERVED
CVE-2022-3503 (A vulnerability was found in SourceCodester Purchase Order
Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3502 (A vulnerability was found in Human Resource Management System
1.0. It ...)
- TODO: check
+ NOT-FOR-US: Human Resource Management System
CVE-2022-3501
RESERVED
CVE-2022-3500
@@ -646,7 +646,7 @@ CVE-2022-3441
CVE-2022-3440
RESERVED
CVE-2022-3439 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
- TODO: check
+ - rdiffweb <itp> (bug #969974)
CVE-2022-3438 (Open Redirect in GitHub repository ikus060/rdiffweb prior to
2.5.0a4. ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-42731 (mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before
2.6.1 allows ...)
@@ -738,13 +738,13 @@ CVE-2022-42703 (mm/rmap.c in the Linux kernel before
5.19.7 has a use-after-free
CVE-2022-3436 (A vulnerability classified as critical was found in
SourceCodester Web ...)
NOT-FOR-US: SourceCodester Web-Based Student Clearance System
CVE-2022-42488 (OpenHarmony-v3.1.2 and prior versions have a Missing
permission valida ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-42464 (OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior
versions have a ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-42463 (OpenHarmony-v3.1.2 and prior versions have an authenication
bypass vul ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-41686 (OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior
versions have a ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-3434 (A vulnerability was found in SourceCodester Web-Based Student
Clearanc ...)
NOT-FOR-US: SourceCodester Web-Based Student Clearance System
CVE-2022-3435 (A vulnerability classified as problematic has been found in
Linux Kern ...)
@@ -1522,13 +1522,13 @@ CVE-2022-42344
CVE-2022-42343
RESERVED
CVE-2022-42342 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42341 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42340 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42339 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42338
RESERVED
CVE-2022-42337
@@ -1770,11 +1770,11 @@ CVE-2022-42236 (A Stored XSS issue in Merchandise
Online Store v.1.0 allows to i
CVE-2022-42235 (A Stored XSS issue in Student Clearance System v.1.0 allows
the inject ...)
NOT-FOR-US: Student Clearance System
CVE-2022-42234 (There is a file inclusion vulnerability in the template
management mod ...)
- TODO: check
+ NOT-FOR-US: UCMS
CVE-2022-42233
RESERVED
CVE-2022-42232 (Simple Cold Storage Management System v1.0 is vulnerable to
SQL Inject ...)
- TODO: check
+ NOT-FOR-US: Simple Cold Storage Management System
CVE-2022-42231
RESERVED
CVE-2022-42230 (Simple Cold Storage Management System v1.0 is vulnerable to
SQL Inject ...)
@@ -2096,21 +2096,21 @@ CVE-2022-42073 (Online Diagnostic Lab Management System
v1.0 is vulnerable to SQ
CVE-2022-42072
RESERVED
CVE-2022-42071 (Online Birth Certificate Management System version 1.0 suffers
from a ...)
- TODO: check
+ NOT-FOR-US: Online Birth Certificate Management System
CVE-2022-42070 (Online Birth Certificate Management System version 1.0 is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Online Birth Certificate Management System
CVE-2022-42069 (Online Birth Certificate Management System version 1.0 suffers
from a ...)
- TODO: check
+ NOT-FOR-US: Online Birth Certificate Management System
CVE-2022-42068
RESERVED
CVE-2022-42067 (Online Birth Certificate Management System version 1.0 suffers
from an ...)
- TODO: check
+ NOT-FOR-US: Online Birth Certificate Management System
CVE-2022-42066 (Online Examination System version 1.0 suffers from a cross
site script ...)
- TODO: check
+ NOT-FOR-US: Online Examination System
CVE-2022-42065
RESERVED
CVE-2022-42064 (Online Diagnostic Lab Management System version 1.0 remote
exploit tha ...)
- TODO: check
+ NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-42063
RESERVED
CVE-2022-42062
@@ -3072,7 +3072,7 @@ CVE-2022-41634
CVE-2022-41633
RESERVED
CVE-2022-41623 (Sensitive Data Exposure in Villatheme ALD - AliExpress
Dropshipping an ...)
- TODO: check
+ NOT-FOR-US: Villatheme ALD
CVE-2022-41620
RESERVED
CVE-2022-41618
@@ -3095,61 +3095,61 @@ CVE-2022-41605
CVE-2022-41604 (Check Point ZoneAlarm Extreme Security before 15.8.211.19229
allows lo ...)
NOT-FOR-US: Check Point ZoneAlarm Extreme Security
CVE-2022-41603 (The phones have the heap overflow, out-of-bounds read, and
null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41602 (The phones have the heap overflow, out-of-bounds read, and
null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41601 (The phones have the heap overflow, out-of-bounds read, and
null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41600 (The phones have the heap overflow, out-of-bounds read, and
null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41599
RESERVED
CVE-2022-41598 (The phones have the heap overflow, out-of-bounds read, and
null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41597 (The phones have the heap overflow, out-of-bounds read, and
null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41596
RESERVED
CVE-2022-41595 (The phones have the heap overflow, out-of-bounds read, and
null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41594 (The phones have the heap overflow, out-of-bounds read, and
null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41593 (The phones have the heap overflow, out-of-bounds read, and
null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41592 (The phones have the heap overflow, out-of-bounds read, and
null pointe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41591
RESERVED
CVE-2022-41590
RESERVED
CVE-2022-41589 (The DFX unwind stack module of the ArkCompiler has a
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41588 (The home screen module has a vulnerability in service logic
processing ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41587 (Uncaptured exceptions in the home screen module. Successful
exploitati ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41586 (The communication framework module has a vulnerability of not
truncati ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41585 (The kernel module has an out-of-bounds read
vulnerability.Successful e ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41584 (The kernel module has an out-of-bounds read
vulnerability.Successful e ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41583 (The storage maintenance and debugging module has an array
out-of-bound ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41582 (The security module has configuration defects.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41581 (The HW_KEYMASTER module has a vulnerability of not verifying
the data ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41580 (The HW_KEYMASTER module has a vulnerability of not verifying
the data ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41579
RESERVED
CVE-2022-41578 (The MPTCP module has an out-of-bounds write
vulnerability.Successful e ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41577 (The kernel server has a vulnerability of not verifying the
length of t ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41576 (The rphone module has a script that can be maliciously
modified.Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41575
RESERVED
CVE-2022-41574 (An access-control vulnerability in Gradle Enterprise 2022.4
through 20 ...)
@@ -3274,9 +3274,9 @@ CVE-2022-27628
CVE-2022-26375
RESERVED
CVE-2021-46840 (The HW_KEYMASTER module has an out-of-bounds access
vulnerability in p ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46839 (The HW_KEYMASTER module has a vulnerability of missing bounds
check on ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-36605
RESERVED
CVE-2022-41568
@@ -3596,7 +3596,7 @@ CVE-2022-41479
CVE-2022-41478
RESERVED
CVE-2022-41477 (A security issue was discovered in WeBid <=1.2.2. A
Server-Side Req ...)
- TODO: check
+ NOT-FOR-US: WeBid
CVE-2022-41476
RESERVED
CVE-2022-41475 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request
Forgery (C ...)
@@ -3678,7 +3678,7 @@ CVE-2022-41438
CVE-2022-41437 (Billing System Project v1.0 was discovered to contain a remote
code ex ...)
NOT-FOR-US: Billing System Project
CVE-2022-41436 (An issue in OXHOO TP50 OXH1.50 allows unauthenticated
attackers to acc ...)
- TODO: check
+ NOT-FOR-US: OXHOO
CVE-2022-41435
RESERVED
CVE-2022-41434
@@ -3720,7 +3720,7 @@ CVE-2022-41418
CVE-2022-41417
RESERVED
CVE-2022-41416 (Online Tours & Travels Management System v1.0 was
discovered to co ...)
- TODO: check
+ NOT-FOR-US: Online Tours & Travels Management System
CVE-2022-41415
RESERVED
CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled
of Life ...)
@@ -4066,19 +4066,19 @@ CVE-2022-41310
CVE-2022-41309
RESERVED
CVE-2022-41308 (A maliciously crafted PKT file when consumed through
SubassemblyCompos ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41307 (A maliciously crafted PKT file when consumed through
SubassemblyCompos ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41306 (A maliciously crafted PCT file when consumed through
DesignReview.exe ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41305 (A maliciously crafted PKT file when consumed through
SubassemblyCompos ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41304 (An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020
version ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41303 (A user may be tricked into opening a malicious FBX file which
may expl ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41302 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK
version 2020. ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41301 (A maliciously crafted PKT file when consumed through
SubassemblyCompos ...)
NOT-FOR-US: Autodesk
CVE-2022-41300
@@ -8632,13 +8632,13 @@ CVE-2022-39313
CVE-2022-39312
RESERVED
CVE-2022-39311 (GoCD is a continuous delivery server. GoCD helps you automate
and stre ...)
- TODO: check
+ NOT-FOR-US: GoCD
CVE-2022-39310 (GoCD is a continuous delivery server. GoCD helps you automate
and stre ...)
- TODO: check
+ NOT-FOR-US: GoCD
CVE-2022-39309 (GoCD is a continuous delivery server. GoCD helps you automate
and stre ...)
- TODO: check
+ NOT-FOR-US: GoCD
CVE-2022-39308 (GoCD is a continuous delivery server. GoCD helps you automate
and stre ...)
- TODO: check
+ NOT-FOR-US: GoCD
CVE-2022-39307
RESERVED
CVE-2022-39306
@@ -9127,57 +9127,57 @@ CVE-2022-39130
CVE-2022-39129
RESERVED
CVE-2022-39128 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39127 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39126 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39125 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39124 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39123 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39122 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39121 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39120 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39119 (In network service, there is a missing permission check. This
could le ...)
NOT-FOR-US: Unisoc
CVE-2022-39118
RESERVED
CVE-2022-39117 (In messaging service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39116
RESERVED
CVE-2022-39115 (In Music service, there is a missing permission check. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39114 (In Music service, there is a missing permission check. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39113 (In Music service, there is a missing permission check. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39112 (In Music service, there is a missing permission check. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39111 (In Music service, there is a missing permission check. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39110 (In Music service, there is a missing permission check. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39109 (In Music service, there is a missing permission check. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39108 (In Music service, there is a missing permission check. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39107 (In Soundrecorder service, there is a missing permission check.
This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39106
RESERVED
CVE-2022-39105 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39104
RESERVED
CVE-2022-39103 (In Gallery service, there is a missing permission check. This
could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39102
RESERVED
CVE-2022-39101
@@ -9223,7 +9223,7 @@ CVE-2022-39082
CVE-2022-39081
RESERVED
CVE-2022-39080 (In messaging service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-3082
RESERVED
CVE-2022-3081
@@ -9303,9 +9303,9 @@ CVE-2022-39067
CVE-2022-39066
RESERVED
CVE-2022-39065 (A single malformed IEEE 802.15.4 (Zigbee) frame makes the
TRÅDFRI ...)
- TODO: check
+ NOT-FOR-US: Ikea
CVE-2022-39064 (An attacker sending a single malformed IEEE 802.15.4 (Zigbee)
frame ma ...)
- TODO: check
+ NOT-FOR-US: Ikea
CVE-2022-39063 (When Open5GS UPF receives a PFCP Session Establishment
Request, it sto ...)
NOT-FOR-US: Open5GS UPF
CVE-2022-39062
@@ -9538,7 +9538,7 @@ CVE-2022-39013 (Under certain conditions an authenticated
attacker can get acces
CVE-2022-39012
RESERVED
CVE-2022-39011 (The HISP module has a vulnerability of bypassing the check of
the data ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-39010 (The HwChrService module has a vulnerability in permission
control. Suc ...)
NOT-FOR-US: Huawei
CVE-2022-39009 (The WLAN module has a vulnerability in permission
verification. Succes ...)
@@ -9564,7 +9564,7 @@ CVE-2022-39000 (The iAware module has a vulnerability in
managing malicious apps
CVE-2022-38999 (The AOD module has the improper update of reference count
vulnerabilit ...)
NOT-FOR-US: Huawei
CVE-2022-38998 (The HISP module has a vulnerability of not verifying the data
transfer ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38997 (The secure OS module has configuration defects. Successful
exploitatio ...)
NOT-FOR-US: Huawei
CVE-2022-38996 (The secure OS module has configuration defects. Successful
exploitatio ...)
@@ -9588,25 +9588,25 @@ CVE-2022-38988 (The secure OS module has configuration
defects. Successful explo
CVE-2022-38987 (The secure OS module has configuration defects. Successful
exploitatio ...)
NOT-FOR-US: Huawei
CVE-2022-38986 (The HIPP module has a vulnerability of bypassing the check of
the data ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38985 (The facial recognition module has a vulnerability in input
validation. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38984 (The HIPP module has a vulnerability of not verifying the data
transfer ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38983 (The BT Hfp Client module has a Use-After-Free (UAF)
vulnerability.Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38982 (The fingerprint module has service logic errors.Successful
exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38981 (The HwAirlink module has an out-of-bounds read
vulnerability.Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38980 (The HwAirlink module has a heap overflow vulnerability in
processing d ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38979 (The secure OS module has configuration defects. Successful
exploitatio ...)
NOT-FOR-US: Huawei
CVE-2022-38978 (The secure OS module has configuration defects. Successful
exploitatio ...)
NOT-FOR-US: Huawei
CVE-2022-38977 (The HwAirlink module has a heap overflow
vulnerability.Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-38970 (ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect
Access C ...)
NOT-FOR-US: ieGeek IG20 hipcam RealServer
CVE-2022-38969
@@ -10318,9 +10318,9 @@ CVE-2022-38732 (SnapCenter versions prior to 4.7
shipped without Content Securit
CVE-2022-38731
RESERVED
CVE-2022-2985 (In music service, there is a missing permission check. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-2984 (In jpg driver, there is a possible out of bounds write due to a
missin ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-2983
RESERVED
CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0260.
...)
@@ -10472,9 +10472,9 @@ CVE-2022-2954
CVE-2022-38699 (Armoury Crate Service’s logging function has
insufficient valida ...)
NOT-FOR-US: Armoury Crate Service
CVE-2022-38698 (In messaging service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38697 (In messaging service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38696
RESERVED
CVE-2022-38695
@@ -10488,13 +10488,13 @@ CVE-2022-38692
CVE-2022-38691
RESERVED
CVE-2022-38690 (In camera driver, there is a possible memory corruption due to
imprope ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38689 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38688 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38687 (In messaging service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38686
RESERVED
CVE-2022-38685
@@ -10510,27 +10510,27 @@ CVE-2022-38681
CVE-2022-38680
RESERVED
CVE-2022-38679 (In music service, there is a missing permission check. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38678
RESERVED
CVE-2022-38677 (In cell service, there is a missing permission check. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38676 (In gpu driver, there is a possible out of bounds write due to
a missin ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38675
RESERVED
CVE-2022-38674
RESERVED
CVE-2022-38673 (In face detect driver, there is a possible out of bounds write
due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38672 (In face detect driver, there is a possible out of bounds write
due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38671 (In camera driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38670 (In soundrecorder service, there is a missing permission check.
This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38669 (In soundrecorder service, there is a missing permission check.
This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38668 (HTTP applications (servers) based on Crow through 1.0+4 may
reveal pot ...)
NOT-FOR-US: CrowCpp
CVE-2022-38667 (HTTP applications (servers) based on Crow through 1.0+4 may
allow a Us ...)
@@ -11169,33 +11169,33 @@ CVE-2022-38463 (ServiceNow through San Diego Patch 4b
and Patch 6 allows reflect
CVE-2022-38462
RESERVED
CVE-2022-38450 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38449 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38448 (Adobe Dimension versions 3.4.5 is affected by a Use After Free
vulnera ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38447 (Adobe Dimension versions 3.4.5 is affected by a Use After Free
vulnera ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38446 (Adobe Dimension versions 3.4.5 is affected by a Use After Free
vulnera ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38445 (Adobe Dimension versions 3.4.5 is affected by a Use After Free
vulnera ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38444 (Adobe Dimension versions 3.4.5 is affected by a Use After Free
vulnera ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38443 (Adobe Dimension versions 3.4.5 is affected by an out-of-bounds
read vu ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38442 (Adobe Dimension versions 3.4.5 is affected by a Use After Free
vulnera ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38441 (Adobe Dimension versions 3.4.5 is affected by an out-of-bounds
read vu ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38440 (Adobe Dimension versions 3.4.5 is affected by an out-of-bounds
read vu ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38439 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is
affected b ...)
NOT-FOR-US: Adobe
CVE-2022-38438 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is
affected b ...)
NOT-FOR-US: Adobe
CVE-2022-38437 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38436
RESERVED
CVE-2022-38435
@@ -11221,19 +11221,19 @@ CVE-2022-38426 (Adobe Photoshop versions 22.5.8 (and
earlier) and 23.4.2 (and ea
CVE-2022-38425 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and
earlier) are ...)
NOT-FOR-US: Adobe
CVE-2022-38424 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38423 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38422 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38421 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38420 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38419 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38418 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38417 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and
earlier) ar ...)
NOT-FOR-US: Adobe
CVE-2022-38416 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and
earlier) ar ...)
@@ -18438,11 +18438,11 @@ CVE-2021-46827 (An issue was discovered in Oxygen XML
WebHelp before 22.1 build
CVE-2022-35713 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and
earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-35712 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35711 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35710 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35709 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and
earlier) are ...)
NOT-FOR-US: Adobe
CVE-2022-35708 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and
earlier) are ...)
@@ -18466,7 +18466,7 @@ CVE-2022-35700 (Adobe Bridge version 12.0.2 (and
earlier) and 11.1.3 (and earlie
CVE-2022-35699 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and
earlier) are ...)
NOT-FOR-US: Adobe
CVE-2022-35698 (Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and
earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35697 (Adobe Experience Manager Core Components version 2.20.6 (and
earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-35696
@@ -18480,11 +18480,11 @@ CVE-2022-35693
CVE-2022-35692 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and
earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-35691 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35690 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35689 (Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and
earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35688
RESERVED
CVE-2022-35687
@@ -20181,45 +20181,102 @@ CVE-2022-35060 (OTFCC commit 617837b was discovered
to contain a heap buffer ove
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact and affected code not
built, see as well #1019602
CVE-2022-35059 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35058 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35057
RESERVED
CVE-2022-35056 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35055 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35054 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35053 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35052 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35051 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35050 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35049 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35048 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35047 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35046 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35045 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35044 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35043 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35042 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35041 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35040 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Affected code not built, see as well #1019602
CVE-2022-35039 (OTFCC commit 617837b was discovered to contain a heap buffer
overflow ...)
- texlive-bin <unfixed> (unimportant)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
@@ -37987,13 +38044,13 @@ CVE-2022-28764
CVE-2022-28763
RESERVED
CVE-2022-28762 (Zoom Client for Meetings for macOS (Standard and for IT Admin)
startin ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28761 (Zoom On-Premise Meeting Connector MMR before version
4.8.20220916.131 ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28760 (Zoom On-Premise Meeting Connector MMR before version
4.8.20220815.130 ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28759 (Zoom On-Premise Meeting Connector MMR before version
4.8.20220815.130 ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28758 (Zoom On-Premise Meeting Connector MMR before version
4.8.20220815.130 ...)
NOT-FOR-US: Zoom
CVE-2022-28757 (The Zoom Client for Meetings for macOS (Standard and for IT
Admin) sta ...)
@@ -57437,7 +57494,7 @@ CVE-2022-0144 (shelljs is vulnerable to Improper
Privilege Management ...)
NOTE: https://github.com/shelljs/shelljs/issues/1058
NOTE:
https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c
(v0.8.5)
CVE-2022-0143 (When the LDAP connector is started with StartTLS configured,
unauthent ...)
- TODO: check
+ NOT-FOR-US: ForgeRock
CVE-2022-0142 (The Visual Form Builder WordPress plugin before 3.0.8 is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0141 (The Visual Form Builder WordPress plugin before 3.0.8 does not
enforce ...)
@@ -58194,7 +58251,7 @@ CVE-2022-22522 (In Carlo Gavazzi UWP3.0 in multiple
versions and CPY Car Park Se
CVE-2022-22521 (In Miele Benchmark Programming Tool with versions Prior to
1.2.71, exe ...)
NOT-FOR-US: Miele
CVE-2022-22520 (A remote, unauthenticated attacker can enumerate valid users
by sendin ...)
- TODO: check
+ NOT-FOR-US: mymbCONNECT24
CVE-2022-22519 (A remote, unauthenticated attacker can send a specific crafted
HTTP or ...)
NOT-FOR-US: CODESYS
CVE-2022-22518 (A bug in CmpUserMgr component can lead to only partially
applied secur ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f90001bef9955d5d9b699dd0d2e54682cedde00
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f90001bef9955d5d9b699dd0d2e54682cedde00
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
