[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 09 Nov 2022 07:58:44 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e451f2c1 by Salvatore Bonaccorso at 2022-11-09T16:57:57+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13612,7 +13612,7 @@ CVE-2022-40799
 CVE-2022-40798 (OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. 
Through a req ...)
        NOT-FOR-US: OcoMon
 CVE-2022-40797 (Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar 
upload, be ...)
-       TODO: check
+       NOT-FOR-US: Roxy Fileman
 CVE-2022-40796
        RESERVED
 CVE-2022-40795
@@ -16933,7 +16933,7 @@ CVE-2022-39392
 CVE-2022-39391
        RESERVED
 CVE-2022-39390 (Octocat.js is a library used to render a set of options into 
an SVG. V ...)
-       TODO: check
+       NOT-FOR-US: Octocat.js
 CVE-2022-39389
        RESERVED
 CVE-2022-39388
@@ -29543,13 +29543,13 @@ CVE-2022-34827
 CVE-2022-34826 (In Couchbase Server 7.1.x before 7.1.1, an encrypted Private 
Key passp ...)
        NOT-FOR-US: Couchbase Server
 CVE-2022-34825 (Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for 
Windows and e ...)
-       TODO: check
+       NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER
 CVE-2022-34824 (Weak File and Folder Permissions vulnerability in CLUSTERPRO X 
5.0 for ...)
-       TODO: check
+       NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER
 CVE-2022-34823 (Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows 
and earl ...)
-       TODO: check
+       NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER
 CVE-2022-34822 (Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows 
and earli ...)
-       TODO: check
+       NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER
 CVE-2022-2259
        RESERVED
 CVE-2022-2258
@@ -41657,7 +41657,7 @@ CVE-2022-30517 (Mogu blog 5.2 is vulnerable to Cross 
Site Scripting (XSS). ...)
 CVE-2022-30516 (In Hospital-Management-System v1.0, the editid parameter in 
the doctor ...)
        NOT-FOR-US: Hospital-Management-System
 CVE-2022-30515 (ZKTeco BioTime 8.5.4 is missing authentication on folders 
containing e ...)
-       TODO: check
+       NOT-FOR-US: ZKTeco BioTime
 CVE-2022-30514 (School Dormitory Management System v1.0 is vulnerable to 
reflected cro ...)
        NOT-FOR-US: School Dormitory Management System
 CVE-2022-30513 (School Dormitory Management System v1.0 is vulnerable to 
reflected cro ...)
@@ -50383,19 +50383,19 @@ CVE-2022-27518
 CVE-2022-27517
        RESERVED
 CVE-2022-27516 (User login brute force protection functionality bypass ...)
-       TODO: check
+       NOT-FOR-US: Citrix
 CVE-2022-27515
        RESERVED
 CVE-2022-27514
        RESERVED
 CVE-2022-27513 (Remote desktop takeover via phishing ...)
-       TODO: check
+       NOT-FOR-US: Citrix
 CVE-2022-27512 (Temporary disruption of the ADM license service. The impact of 
this in ...)
        NOT-FOR-US: Citrix
 CVE-2022-27511 (Corruption of the system by a remote, unauthenticated user. 
The impact ...)
        NOT-FOR-US: Citrix
 CVE-2022-27510 (Unauthorized access to Gateway user capabilities ...)
-       TODO: check
+       NOT-FOR-US: Citrix
 CVE-2022-27509 (Unauthenticated redirection to a malicious website ...)
        NOT-FOR-US: Citrix
 CVE-2022-27508
@@ -53427,7 +53427,7 @@ CVE-2022-26448 (In apusys, there is a possible out of 
bounds write due to a miss
 CVE-2022-26447 (In BT firmware, there is a possible out of bounds write due to 
a missi ...)
        NOT-FOR-US: Mediatek
 CVE-2022-26446 (In Modem 4G RRC, there is a possible system crash due to 
improper inpu ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2022-26445 (In wifi driver, there is a possible out of bounds write due to 
a missi ...)
        NOT-FOR-US: MediaTek
 CVE-2022-26444 (In wifi driver, there is a possible out of bounds write due to 
a missi ...)
@@ -74075,7 +74075,7 @@ CVE-2022-21780 (In WLAN driver, there is a possible out 
of bounds write due to a
 CVE-2022-21779 (In WLAN driver, there is a possible out of bounds write due to 
a missi ...)
        NOT-FOR-US: MediaTek driver for Android
 CVE-2022-21778 (In vpu, there is a possible information disclosure due to an 
incorrect ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2022-21777 (In Autoboot, there is a possible permission bypass due to a 
missing pe ...)
        NOT-FOR-US: MediaTek driver for Android
 CVE-2022-21776 (In MDP, there is a possible use after free due to a race 
condition. Th ...)
@@ -81443,13 +81443,13 @@ CVE-2022-20467
 CVE-2022-20466
        RESERVED
 CVE-2022-20465 (In dismiss and related functions of 
KeyguardHostViewController.java an ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20464 (In various functions of ap_input_processor.c, there is a 
possible way  ...)
        NOT-FOR-US: Android
 CVE-2022-20463 (In factoryReset of WifiServiceImpl, there is a possible way to 
preserv ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20462 (In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a 
possible o ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20461
        RESERVED
 CVE-2022-20460
@@ -81459,31 +81459,31 @@ CVE-2022-20459
 CVE-2022-20458
        RESERVED
 CVE-2022-20457 (In getMountModeInternal of StorageManagerService.java, there 
is a poss ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20456
        RESERVED
 CVE-2022-20455
        RESERVED
 CVE-2022-20454 (In fdt_next_tag of fdt.c, there is a possible out of bounds 
write due  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20453 (In update of MmsProvider.java, there is a possible 
constriction of dir ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20452 (In initializeFromParcelLocked of BaseBundle.java, there is a 
possible  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20451 (In onCallRedirectionComplete of CallsManager.java, there is a 
possible ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20450 (In restorePermissionState of 
PermissionManagerServiceImpl.java, there  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20449
        RESERVED
 CVE-2022-20448 (In buzzBeepBlinkLocked of NotificationManagerService.java, 
there is a  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20447 (In PAN_WriteBuf of pan_api.cc, there is a possible out of 
bounds read  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20446 (In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, 
there is a ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20445 (In process_service_search_rsp of sdp_discovery.cc, there is a 
possible ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20444
        RESERVED
 CVE-2022-20443
@@ -81491,7 +81491,7 @@ CVE-2022-20443
 CVE-2022-20442
        RESERVED
 CVE-2022-20441 (In navigateUpTo of Task.java, there is a possible way to 
launch an une ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20440 (In Messaging, There has unauthorized broadcast, this could 
cause Local ...)
        NOT-FOR-US: Android
 CVE-2022-20439 (In Messaging, There has unauthorized provider, this could 
cause Local  ...)
@@ -81521,7 +81521,7 @@ CVE-2022-20428
 CVE-2022-20427
        RESERVED
 CVE-2022-20426 (In multiple functions of many files, there is a possible 
obstruction o ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20425 (In addAutomaticZenRule of ZenModeHelper.java, there is a 
possible perm ...)
        NOT-FOR-US: Android
 CVE-2022-20424
@@ -81558,7 +81558,7 @@ CVE-2022-20416 (In audioTransportsToHal of 
HidlUtils.cpp, there is a possible ou
 CVE-2022-20415 (In handleFullScreenIntent of 
StatusBarNotificationActivityStarter.java ...)
        NOT-FOR-US: Android
 CVE-2022-20414 (In setImpl of AlarmManagerService.java, there is a possible 
way to put ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20413 (In start of Threads.cpp, there is a possible way to record 
audio durin ...)
        NOT-FOR-US: Android
 CVE-2022-20412 (In fdt_next_tag of fdt.c, there is a possible out of bounds 
read due t ...)
@@ -89664,7 +89664,7 @@ CVE-2021-39663 (In 
openFileAndEnforcePathPermissionsHelper of MediaProvider.java
 CVE-2021-39662 (In checkUriPermission of MediaProvider.java , there is a 
possible way  ...)
        NOT-FOR-US: Android
 CVE-2021-39661 (In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel 
driver, the ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-39660
        RESERVED
 CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of 
CreateConnectionProcessor.java, ...)
@@ -148201,7 +148201,7 @@ CVE-2020-28337 (A directory traversal issue in the 
Utils/Unzip module in Microwe
 CVE-2020-28336
        RESERVED
 CVE-2021-1050 (In MMU_UnmapPages of the PowerVR kernel driver, there is a 
possible ou ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-1049 (Hacker one bug ID: 1343975Product: AndroidVersions: Android 
SoCAndroid ...)
        NOT-FOR-US: Unisoc
 CVE-2021-1048 (In ep_loop_check_proc of eventpoll.c, there is a possible way 
to corru ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e451f2c1fc3543e1a7537822a6adcfd9d8f0e967

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e451f2c1fc3543e1a7537822a6adcfd9d8f0e967
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to