Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
86b77527 by Salvatore Bonaccorso at 2022-12-15T21:43:27+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7731,7 +7731,7 @@ CVE-2022-44912
CVE-2022-44911
RESERVED
CVE-2022-44910 (Binbloom 2.0 was discovered to contain a heap buffer overflow
via the ...)
- TODO: check
+ NOT-FOR-US: Binbloom
CVE-2022-44909
RESERVED
CVE-2022-44908
@@ -9681,7 +9681,7 @@ CVE-2022-44590 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2022-44589
RESERVED
CVE-2022-44588 (Unauth. SQL Injection vulnerability in Cryptocurrency Widgets
Pack Plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44587
RESERVED
CVE-2022-44586 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub
Media AM-HiL ...)
@@ -10241,7 +10241,7 @@ CVE-2022-44373 (A stack overflow vulnerability exists
in TrendNet Wireless AC Ea
CVE-2022-44372
RESERVED
CVE-2022-44371 (hope-boot 1.0.0 has a deserialization vulnerability that can
cause Rem ...)
- TODO: check
+ NOT-FOR-US: hope-boot
CVE-2022-44370
RESERVED
CVE-2022-44369
@@ -10511,9 +10511,9 @@ CVE-2022-44238
CVE-2022-44237
RESERVED
CVE-2022-44236 (Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG
8.5.0.17807 (20 ...)
- TODO: check
+ NOT-FOR-US: Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG
CVE-2022-44235 (Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG
8.5.0.17807 (20 ...)
- TODO: check
+ NOT-FOR-US: Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG
CVE-2022-44234
RESERVED
CVE-2022-44233
@@ -14337,7 +14337,7 @@ CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write
in _TIFFmemcpy in libtif
CVE-2021-46846 (Cross Site Scripting vulnerability in Hewlett Packard
Enterprise Integ ...)
NOT-FOR-US: HPE
CVE-2020-36607 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8
allows remo ...)
- TODO: check
+ NOT-FOR-US: FeehiCMS
CVE-2016-20017 (D-Link DSL-2750B devices before 1.05 allow remote
unauthenticated comm ...)
NOT-FOR-US: D-Link
CVE-2016-20016 (MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9
and TV7108 ...)
@@ -21013,7 +21013,7 @@ CVE-2022-40920
CVE-2022-40919
RESERVED
CVE-2022-40918 (Buffer overflow in firmware lewei_cam binary version 2.0.10 in
Force 1 ...)
- TODO: check
+ NOT-FOR-US: firmware lewei_cam binary
CVE-2022-40917
RESERVED
CVE-2022-40916
@@ -22327,7 +22327,7 @@ CVE-2022-40375
CVE-2022-40374
RESERVED
CVE-2022-40373 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1
allows remo ...)
- TODO: check
+ NOT-FOR-US: FeehiCMS
CVE-2022-40372
RESERVED
CVE-2022-40371
@@ -23230,11 +23230,11 @@ CVE-2022-40004
CVE-2022-40003
RESERVED
CVE-2022-40002 (Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1
allows remo ...)
- TODO: check
+ NOT-FOR-US: FeehiCMS
CVE-2022-40001 (Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1
allows remo ...)
- TODO: check
+ NOT-FOR-US: FeehiCMS
CVE-2022-40000 (Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1
allows remo ...)
- TODO: check
+ NOT-FOR-US: FeehiCMS
CVE-2022-39999
RESERVED
CVE-2022-39998
@@ -27956,9 +27956,9 @@ CVE-2022-38339 (Safe Software FME Server v2021.2.5,
v2022.0.0.2 and below contai
CVE-2022-38338
RESERVED
CVE-2022-38337 (When aborting a SFTP connection, MobaXterm before v22.1 sends
a hardco ...)
- TODO: check
+ NOT-FOR-US: MobaXterm
CVE-2022-38336 (An access control issue in MobaXterm before v22.1 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: MobaXterm
CVE-2022-38335 (Vtiger CRM v7.4.0 was discovered to contain a stored
cross-site script ...)
NOT-FOR-US: Vtiger CRM
CVE-2022-38334 (XPDF v4.04 and earlier was discovered to contain a stack
overflow via ...)
@@ -41620,13 +41620,13 @@ CVE-2022-33240
CVE-2022-33239 (Transient DOS due to loop with unreachable exit condition in
WLAN firm ...)
NOT-FOR-US: Snapdragon
CVE-2022-33238 (Transient DOS due to loop with unreachable exit condition in
WLAN whil ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33237 (Transient DOS due to buffer over-read in WLAN firmware while
processin ...)
NOT-FOR-US: Snapdragon
CVE-2022-33236 (Transient DOS due to buffer over-read in WLAN firmware while
parsing c ...)
NOT-FOR-US: Snapdragon
CVE-2022-33235 (Information disclosure due to buffer over-read in WLAN
firmware while ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33234 (Memory corruption in video due to configuration weakness. in
Snapdrago ...)
NOT-FOR-US: Snapdragon
CVE-2022-33233
@@ -43087,13 +43087,13 @@ CVE-2022-32636
CVE-2022-32635
RESERVED
CVE-2022-32634 (In ccci, there is a possible out of bounds write due to
improper input ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32633 (In Wi-Fi, there is a possible memory access violation due to a
logic e ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32632 (In Wi-Fi, there is a possible out of bounds write due to
improper inpu ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32631 (In Wi-Fi, there is a possible out of bounds write due to
improper inpu ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32630 (In throttling, there is a possible out of bounds write due to
an incor ...)
NOT-FOR-US: Mediatek
CVE-2022-32629 (In isp, there is a possible out of bounds write due to a
missing bound ...)
@@ -43332,7 +43332,7 @@ CVE-2022-32539
CVE-2022-32538
RESERVED
CVE-2022-32537 (A vulnerability exists which could allow an unauthorized user
to learn ...)
- TODO: check
+ NOT-FOR-US: Medtronic
CVE-2022-2024
RESERVED
CVE-2022-2023 (Incorrect Use of Privileged APIs in GitHub repository
polonel/trudesk ...)
@@ -49441,7 +49441,7 @@ CVE-2022-1663 (The Stop Spam Comments WordPress plugin
through 0.2.1.2 does not
CVE-2022-30529 (File upload vulnerability in asith-eranga ISIC tour booking
through ve ...)
NOT-FOR-US: asith-eranga ISIC tour booking
CVE-2022-30528 (SQL Injection vulnerability in asith-eranga ISIC tour booking
through ...)
- TODO: check
+ NOT-FOR-US: asith-eranga ISIC tour booking
CVE-2022-30527
RESERVED
CVE-2022-1662 (In convert2rhel, there's an ansible playbook named
ansible/run-convert ...)
@@ -52287,7 +52287,7 @@ CVE-2022-29581 (Improper Update of Reference Count
vulnerability in net/sched of
NOTE:
https://git.kernel.org/linus/3db09e762dc79584a69c10d74a6b98f89a9979f8 (5.18-rc4)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/18/2
CVE-2022-29580 (There exists a path traversal vulnerability in the Android
Google Sear ...)
- TODO: check
+ NOT-FOR-US: Android Google Search app
CVE-2022-29579
RESERVED
CVE-2022-1440 (Command Injection vulnerability in [email protected] in
GitHub repos ...)
@@ -54330,7 +54330,7 @@ CVE-2022-28890 (A vulnerability in the RDF/XML parser
of Apache Jena allows an a
- apache-jena 4.5.0-1 (bug #1014982)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/04/1
CVE-2021-4226 (RSFirewall tries to identify the original IP address by looking
at dif ...)
- TODO: check
+ NOT-FOR-US: RSFirewall
CVE-2022-28889 (In Apache Druid 0.22.1 and earlier, the server did not set
appropriate ...)
- druid <itp> (bug #825797)
CVE-2022-1288 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -55180,7 +55180,7 @@ CVE-2022-28609
CVE-2022-28608
RESERVED
CVE-2022-28607 (An issue was discovered in asith-eranga ISIC tour booking
through vers ...)
- TODO: check
+ NOT-FOR-US: asith-eranga ISIC tour booking
CVE-2022-28606 (An arbitrary file upload vulnerability exists in Wenzhou
Huoyin Inform ...)
NOT-FOR-US: BossCMS
CVE-2022-28605 (Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00
allows rem ...)
@@ -63565,11 +63565,11 @@ CVE-2022-25693 (Memory corruption in graphics due to
use-after-free while graphi
CVE-2022-25692 (Denial of service in Modem due to reachable assertion while
processing ...)
NOT-FOR-US: Snapdragon
CVE-2022-25691 (Denial of service in Modem due to reachable assertion while
processing ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25690 (Information disclosure in WLAN due to improper validation of
array ind ...)
NOT-FOR-US: Qualcomm
CVE-2022-25689 (Denial of service in Modem due to reachable assertion in
Snapdragon Mo ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25688 (Memory corruption in video due to buffer overflow while
parsing ps vid ...)
NOT-FOR-US: Qualcomm
CVE-2022-25687 (memory corruption in video due to buffer overflow while
parsing asf cl ...)
@@ -63583,9 +63583,9 @@ CVE-2022-25684
CVE-2022-25683
RESERVED
CVE-2022-25682 (Memory corruption in MODEM UIM due to usage of out of range
pointer of ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25681 (Possible memory corruption in kernel while performing memory
access du ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25680 (Memory corruption in multimedia due to buffer overflow while
processin ...)
NOT-FOR-US: Snapdragon
CVE-2022-25679 (Denial of service in video due to improper access control in
broadcast ...)
@@ -63593,17 +63593,17 @@ CVE-2022-25679 (Denial of service in video due to
improper access control in bro
CVE-2022-25678
RESERVED
CVE-2022-25677 (Memory corruption in diag due to use after free while
processing dci p ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25676 (Information disclosure in video due to buffer over-read while
parsing ...)
NOT-FOR-US: Snapdragon
CVE-2022-25675 (Denial of service due to reachable assertion in modem while
processing ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25674 (Cryptographic issues in WLAN during the group key handshake of
the WPA ...)
NOT-FOR-US: Snapdragon
CVE-2022-25673 (Denial of service in MODEM due to reachable assertion while
processing ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25672 (Denial of service in MODEM due to reachable assertion while
processing ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25671 (Denial of service in MODEM due to reachable assertion in
Snapdragon Mo ...)
NOT-FOR-US: Snapdragon
CVE-2022-25670 (Denial of service in WLAN HOST due to buffer over read while
unpacking ...)
@@ -71011,7 +71011,7 @@ CVE-2022-23475 (daloRADIUS is an open source RADIUS web
management application.
CVE-2022-23474 (Editor.js is a block-style editor with clean JSON output.
Versions pri ...)
TODO: check
CVE-2022-23473 (Tuleap is an Open Source Suite to improve management of
software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2022-23472 (Passeo is an open source python password generator. Versions
prior to ...)
TODO: check
CVE-2022-23471 (containerd is an open source container runtime. A bug was
found in con ...)
@@ -72437,7 +72437,7 @@ CVE-2022-23145
CVE-2022-23144 (There is a broken access control vulnerability in ZTE ZXvSTB
product. ...)
NOT-FOR-US: ZTE
CVE-2022-23143 (ZTE OTCP product is impacted by a permission and access
control vulner ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2022-23142 (ZXEN CG200 has a DoS vulnerability. An attacker could
construct and se ...)
NOT-FOR-US: ZXEN CG200
CVE-2022-23141 (ZXMP M721 has an information leak vulnerability. Since the
serial port ...)
@@ -77846,7 +77846,7 @@ CVE-2022-22065 (Out of bound read in WLAN HOST due to
improper length check can
CVE-2022-22064 (Possible buffer over read due to lack of size validation while
unpacki ...)
NOT-FOR-US: Snapdragon
CVE-2022-22063 (Memory corruption in Core due to improper configuration in
boot remapp ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22062 (An out-of-bounds read can occur while parsing a server
certificate due ...)
NOT-FOR-US: Snapdragon
CVE-2022-22061 (Out of bounds writing is possible while verifying device IDs
due to im ...)
@@ -80669,11 +80669,11 @@ CVE-2021-44697 (Adobe Audition versions 14.4 (and
earlier), and 22.0 (and earlie
CVE-2021-44696
RESERVED
CVE-2021-44695 (A vulnerability has been identified in SIMATIC Drive
Controller family ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44694 (A vulnerability has been identified in SIMATIC Drive
Controller family ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44693 (A vulnerability has been identified in SIMATIC Drive
Controller family ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-4079 (Out of bounds write in WebRTC in Google Chrome prior to
96.0.4664.93 a ...)
{DSA-5046-1}
- chromium 97.0.4692.71-0.1
@@ -86600,7 +86600,7 @@ CVE-2022-20970
CVE-2022-20969 (A vulnerability in multiple management dashboard pages of
Cisco Umbrel ...)
NOT-FOR-US: Cisco
CVE-2022-20968 (A vulnerability in the Cisco Discovery Protocol processing
feature of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20967
RESERVED
CVE-2022-20966
@@ -87181,17 +87181,17 @@ CVE-2022-20693 (A vulnerability in the web UI feature
of Cisco IOS XE Software c
CVE-2022-20692 (A vulnerability in the NETCONF over SSH feature of Cisco IOS
XE Softwa ...)
NOT-FOR-US: Cisco
CVE-2022-20691 (A vulnerability in the Cisco Discovery Protocol functionality
of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20690 (Multiple vulnerabilities in the Cisco Discovery Protocol
functionality ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20689 (Multiple vulnerabilities in the Cisco Discovery Protocol
functionality ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20688 (A vulnerability in the Cisco Discovery Protocol functionality
of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20687 (Multiple vulnerabilities in the Link Layer Discovery Protocol
(LLDP) f ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20686 (Multiple vulnerabilities in the Link Layer Discovery Protocol
(LLDP) f ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20685
RESERVED
CVE-2022-20684 (A vulnerability in Simple Network Management Protocol (SNMP)
trap gene ...)
@@ -89187,7 +89187,7 @@ CVE-2021-3888 (libmobi is vulnerable to Use of
Out-of-range Pointer Offset ...)
CVE-2021-3887
REJECTED
CVE-2022-20611 (In deletePackageVersionedInternal of DeletePackageHelper.java,
there i ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20610
RESERVED
CVE-2022-20609
@@ -89418,21 +89418,21 @@ CVE-2022-20504
CVE-2022-20503
RESERVED
CVE-2022-20502 (In GetResolvedMethod of entrypoint_utils-inl.h, there is a
possible us ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20501 (In onCreate of EnableAccountPreferenceActivity.java, there is
a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20500 (In loadFromXml of ShortcutPackage.java, there is a possible
crash on b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20499
RESERVED
CVE-2022-20498 (In fdt_path_offset_namelen of fdt_ro.c, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20497 (In updatePublicMode of
NotificationLockscreenUserManagerImpl.java, the ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20496 (In setDataSource of initMediaExtractor.cpp, there is a
possibility of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20495 (In getEnabledAccessibilityServiceList of
AccessibilityManager.java, th ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20494
RESERVED
CVE-2022-20493
@@ -89440,57 +89440,57 @@ CVE-2022-20493
CVE-2022-20492
RESERVED
CVE-2022-20491 (In NotificationChannel of NotificationChannel.java, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20490
RESERVED
CVE-2022-20489
RESERVED
CVE-2022-20488 (In NotificationChannel of NotificationChannel.java, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20487 (In NotificationChannel of NotificationChannel.java, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20486 (In NotificationChannel of NotificationChannel.java, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20485 (In NotificationChannel of NotificationChannel.java, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20484 (In NotificationChannel of NotificationChannel.java, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20483 (In several functions that parse avrc response in
avrc_pars_ct.cc and r ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20482 (In createNotificationChannel of NotificationManager.java,
there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20481
RESERVED
CVE-2022-20480 (In NotificationChannel of NotificationChannel.java, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20479 (In NotificationChannel of NotificationChannel.java, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20478 (In NotificationChannel of NotificationChannel.java, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20477 (In shouldHideNotification of
KeyguardNotificationVisibilityProvider.kt ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20476 (In setEnabledSetting of PackageManager.java, there is a
possible way t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20475 (In test of ResetTargetTaskHelper.java, there is a possible
hijacking o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20474 (In readLazyValue of Parcel.java, there is a possible loading
of arbitr ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20473 (In toLanguageTag of LocaleListCache.cpp, there is a possible
out of bo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20472 (In toLanguageTag of LocaleListCache.cpp, there is a possible
out of bo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20471 (In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a
possible o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20470 (In bindRemoteViewsService of AppWidgetServiceImpl.java, there
is a pos ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20469 (In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible
out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20468 (In BNEP_ConnectResp of bnep_api.cc, there is a possible out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20467
RESERVED
CVE-2022-20466 (In applyKeyguardFlags of
NotificationShadeWindowControllerImpl.java, t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20465 (In dismiss and related functions of
KeyguardHostViewController.java an ...)
NOT-FOR-US: Android
CVE-2022-20464 (In various functions of ap_input_processor.c, there is a
possible way ...)
@@ -89524,7 +89524,7 @@ CVE-2022-20451 (In onCallRedirectionComplete of
CallsManager.java, there is a po
CVE-2022-20450 (In restorePermissionState of
PermissionManagerServiceImpl.java, there ...)
NOT-FOR-US: Android
CVE-2022-20449 (In writeApplicationRestrictionsLAr of UserManagerService.java,
there i ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20448 (In buzzBeepBlinkLocked of NotificationManagerService.java,
there is a ...)
NOT-FOR-US: Android
CVE-2022-20447 (In PAN_WriteBuf of pan_api.cc, there is a possible out of
bounds read ...)
@@ -89534,11 +89534,11 @@ CVE-2022-20446 (In AlwaysOnHotwordDetector of
AlwaysOnHotwordDetector.java, ther
CVE-2022-20445 (In process_service_search_rsp of sdp_discovery.cc, there is a
possible ...)
NOT-FOR-US: Android
CVE-2022-20444 (In several functions of inputDispatcher.cpp, there is a
possible way t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20443
RESERVED
CVE-2022-20442 (In onCreate of ReviewPermissionsActivity.java, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20441 (In navigateUpTo of Task.java, there is a possible way to
launch an une ...)
NOT-FOR-US: Android
CVE-2022-20440 (In Messaging, There has unauthorized broadcast, this could
cause Local ...)
@@ -89613,7 +89613,7 @@ CVE-2022-20413 (In start of Threads.cpp, there is a
possible way to record audio
CVE-2022-20412 (In fdt_next_tag of fdt.c, there is a possible out of bounds
read due t ...)
NOT-FOR-US: Android
CVE-2022-20411 (In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of
bounds wr ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20410 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a
possible o ...)
NOT-FOR-US: Android
CVE-2022-20409 (In io_identity_cow of io_uring.c, there is a possible way to
corrupt m ...)
@@ -89964,7 +89964,7 @@ CVE-2022-20242 (In Telephony, there is a possible way
to determine whether an ap
CVE-2022-20241 (In Messaging, there is a possible way to attach a private file
to an S ...)
NOT-FOR-US: Android
CVE-2022-20240 (In sOpAllowSystemRestrictionBypass of AppOpsManager.java,
there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20239 (remap_pfn_range' here may map out of size kernel memory (for
example, ...)
NOT-FOR-US: Unisoc
CVE-2022-20238 ('remap_pfn_range' here may map out of size kernel memory (for
example, ...)
@@ -91966,7 +91966,7 @@ CVE-2021-41945 (Encode OSS httpx < 0.23.0 is
affected by improper input valid
CVE-2021-41944
RESERVED
CVE-2021-41943 (Logrhythm Web Console 7.4.9 allows for HTML tag injection
through Cont ...)
- TODO: check
+ NOT-FOR-US: Logrhythm Web Console
CVE-2021-41942 (The Magic CMS MSVOD v10 video system has a SQL injection
vulnerability ...)
NOT-FOR-US: Magic CMS
CVE-2021-41941
@@ -96056,7 +96056,7 @@ CVE-2021-40367
CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWB
module) (A ...)
NOT-FOR-US: Siemens
CVE-2021-40365 (A vulnerability has been identified in SIMATIC Drive
Controller family ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All
version ...)
NOT-FOR-US: Siemens
CVE-2021-40363 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All
version ...)
@@ -97716,7 +97716,7 @@ CVE-2021-39662 (In checkUriPermission of
MediaProvider.java , there is a possibl
CVE-2021-39661 (In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel
driver, the ...)
NOT-FOR-US: Android
CVE-2021-39660 (In TBD of TBD, there is a possible way to archive arbitrary
code execu ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of
CreateConnectionProcessor.java, ...)
NOT-FOR-US: Android
CVE-2021-39658 (ismsEx service is a vendor service in unisoc
equipment。ismsEx s ...)
@@ -97824,7 +97824,7 @@ CVE-2021-39619 (In updatePackageMappingsData of
UsageStatsService.java, there is
CVE-2021-39618 (In multiple methods of EuiccNotificationManager.java, there is
a possi ...)
NOT-FOR-US: Android
CVE-2021-39617 (In the user interface buttons of PermissionController, there
is a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-204686438 ...)
NOT-FOR-US: Android
CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An
attacker ...)
@@ -98290,7 +98290,7 @@ CVE-2021-39436
CVE-2021-39435
RESERVED
CVE-2021-39434 (A default username and password for an administrator account
was disco ...)
- TODO: check
+ NOT-FOR-US: ZKTeco ZKTime
CVE-2021-39433 (A local file inclusion (LFI) vulnerability exists in version
BIQS IT B ...)
NOT-FOR-US: BIQS IT Biqs-drive
CVE-2021-39432 (diplib v3.0.0 is vulnerable to Double Free. ...)
@@ -98302,11 +98302,11 @@ CVE-2021-39430
CVE-2021-39429
RESERVED
CVE-2021-39428 (Cross Site Scripting (XSS) vulnerability in Users.php in
eyoucms 1.5.4 ...)
- TODO: check
+ NOT-FOR-US: EyouCMS
CVE-2021-39427 (Cross site scripting vulnerability in 188Jianzhan 2.10 allows
attacker ...)
- TODO: check
+ NOT-FOR-US: 188Jianzhan
CVE-2021-39426 (An issue was discovered in /Upload/admin/admin_notify.php in
Seacms 11 ...)
- TODO: check
+ NOT-FOR-US: Seacms
CVE-2021-39425
RESERVED
CVE-2021-39424
@@ -105602,9 +105602,9 @@ CVE-2021-36575
CVE-2021-36574
RESERVED
CVE-2021-36573 (File Upload vulnerability in Feehi CMS thru 2.1.1 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Feehi CMS
CVE-2021-36572 (Cross Site Scripting (XSS) vulnerability in Feehi CMS thru
2.1.1 allow ...)
- TODO: check
+ NOT-FOR-US: Feehi CMS
CVE-2021-36571
RESERVED
CVE-2021-36570
@@ -111302,7 +111302,7 @@ CVE-2021-34183
CVE-2021-34182
RESERVED
CVE-2021-34181 (Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via
p_name par ...)
- TODO: check
+ NOT-FOR-US: TomExam
CVE-2021-34180
RESERVED
CVE-2021-34179
@@ -115914,7 +115914,7 @@ CVE-2021-32417
CVE-2021-32416
RESERVED
CVE-2021-32415 (EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least
since versio ...)
- TODO: check
+ NOT-FOR-US: EXEMSI MSI Wrapper
CVE-2021-32414
RESERVED
CVE-2021-32413
@@ -156570,7 +156570,7 @@ CVE-2021-0935 (In ip6_xmit of ip6_output.c, there is
a possible out of bounds wr
NOTE:
https://git.kernel.org/linus/b954f94023dcc61388c8384f0f14eb8e42c863c5
NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
CVE-2021-0934 (In findAllDeAccounts of AccountsDb.java, there is a possible
denial of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0933 (In onCreate of CompanionDeviceActivity.java or
DeviceChooserActivity.j ...)
NOT-FOR-US: Android
CVE-2021-0932 (In showNotification of NavigationModeController.java, there is
a possi ...)
@@ -176568,9 +176568,9 @@ CVE-2020-20591
CVE-2020-20590
RESERVED
CVE-2020-20589 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8
allows remo ...)
- TODO: check
+ NOT-FOR-US: FeehiCMS
CVE-2020-20588 (File upload vulnerability in function upload in
action/Core.class.php ...)
- TODO: check
+ NOT-FOR-US: zhimengzhe iBarn
CVE-2020-20587
RESERVED
CVE-2020-20586 (A cross site request forgery (CSRF) vulnerability in the
/xyhai.php?s= ...)
@@ -205469,9 +205469,9 @@ CVE-2019-20484 (An issue was discovered in Viki Vera
4.9.1.26180. A user without
CVE-2019-20483 (An issue was discovered in Viki Vera 4.9.1.26180. An attacker
could se ...)
NOT-FOR-US: Viki Vera
CVE-2020-9420 (The login password of the web administrative dashboard in
Arcadyan Wif ...)
- TODO: check
+ NOT-FOR-US: Arcadyan Wifi routers
CVE-2020-9419 (Multiple stored cross-site scripting (XSS) vulnerabilities in
Arcadyan ...)
- TODO: check
+ NOT-FOR-US: Arcadyan Wifi routers
CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to
2.6.14, the ...)
{DLA-2547-1}
- wireshark 3.2.2-1
@@ -212529,7 +212529,7 @@ CVE-2020-6628 (Ming (aka libming) 0.4.8 has a
heap-based buffer over-read in the
- ming <removed>
NOTE: https://github.com/libming/libming/issues/191
CVE-2020-6627 (The web-management application on Seagate Central NAS
STCG2000300, STC ...)
- TODO: check
+ NOT-FOR-US: Seagate Central NAS
CVE-2020-6626
RESERVED
CVE-2020-6625 (jhead through 3.04 has a heap-based buffer over-read in Get32s
when ca ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86b77527426c314e0d5781aba9e0b8d7e718eb16
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86b77527426c314e0d5781aba9e0b8d7e718eb16
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
