Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
076710f4 by security tracker role at 2022-12-16T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2022-4566 (A vulnerability, which was classified as critical, has been
found in y ...)
+ TODO: check
+CVE-2022-4565 (A vulnerability classified as problematic was found in Dromara
HuTool ...)
+ TODO: check
+CVE-2022-4564 (A vulnerability classified as problematic has been found in
University ...)
+ TODO: check
+CVE-2022-4563 (A vulnerability was found in Freedom of the Press SecureDrop.
It has b ...)
+ TODO: check
+CVE-2022-4562
+ RESERVED
+CVE-2022-4561 (A vulnerability classified as problematic has been found in
SemanticDr ...)
+ TODO: check
+CVE-2022-4560 (A vulnerability was found in Joget up to 7.0.32. It has been
rated as ...)
+ TODO: check
+CVE-2022-4559 (A vulnerability was found in INEX IPX-Manager up to 6.2.0. It
has been ...)
+ TODO: check
+CVE-2022-4558 (A vulnerability was found in Alinto SOGo up to 5.7.1. It has
been clas ...)
+ TODO: check
+CVE-2022-4557
+ RESERVED
+CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and
classified as ...)
+ TODO: check
+CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to
authorization bypa ...)
+ TODO: check
+CVE-2022-4554
+ RESERVED
+CVE-2022-4553
+ RESERVED
+CVE-2022-4552
+ RESERVED
+CVE-2022-4551
+ RESERVED
+CVE-2022-4550
+ RESERVED
+CVE-2022-4549
+ RESERVED
+CVE-2022-4548
+ RESERVED
+CVE-2022-4547
+ RESERVED
+CVE-2022-4546
+ RESERVED
+CVE-2022-4545
+ RESERVED
+CVE-2022-4544
+ RESERVED
+CVE-2022-4543
+ RESERVED
CVE-2023-0016
RESERVED
CVE-2023-0015
@@ -521,8 +569,8 @@ CVE-2022-47379
RESERVED
CVE-2022-47378
RESERVED
-CVE-2022-47377
- RESERVED
+CVE-2022-47377 (Password recovery vulnerability in SICK SIM2000ST Partnumber
2086502 w ...)
+ TODO: check
CVE-2022-47376
RESERVED
CVE-2022-46330
@@ -1060,18 +1108,23 @@ CVE-2022-44450
CVE-2022-4441
RESERVED
CVE-2022-4440 (Use after free in Profiles in Google Chrome prior to
108.0.5359.124 al ...)
+ {DSA-5302-1}
- chromium 108.0.5359.124-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-4439 (Use after free in Aura in Google Chrome on Windows prior to
108.0.5359 ...)
+ {DSA-5302-1}
- chromium 108.0.5359.124-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-4438 (Use after free in Blink Frames in Google Chrome prior to
108.0.5359.12 ...)
+ {DSA-5302-1}
- chromium 108.0.5359.124-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-4437 (Use after free in Mojo IPC in Google Chrome prior to
108.0.5359.124 al ...)
+ {DSA-5302-1}
- chromium 108.0.5359.124-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-4436 (Use after free in Blink Media in Google Chrome prior to
108.0.5359.124 ...)
+ {DSA-5302-1}
- chromium 108.0.5359.124-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-4435
@@ -1820,21 +1873,21 @@ CVE-2022-46883
RESERVED
CVE-2022-46882
RESERVED
- {DSA-5301-1 DLA-3242-1 DLA-3241-1}
+ {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46882
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46882
CVE-2022-46881
RESERVED
- {DSA-5301-1 DLA-3242-1 DLA-3241-1}
+ {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46881
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46881
CVE-2022-46880
RESERVED
- {DSA-5301-1 DLA-3242-1 DLA-3241-1}
+ {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1}
- thunderbird 1:102.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46880
CVE-2022-46879
@@ -1843,7 +1896,7 @@ CVE-2022-46879
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46879
CVE-2022-46878
RESERVED
- {DSA-5301-1 DLA-3242-1 DLA-3241-1}
+ {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox 108.0-1
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
@@ -1866,7 +1919,7 @@ CVE-2022-46875
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46875
CVE-2022-46874
RESERVED
- {DSA-5301-1 DLA-3242-1 DLA-3241-1}
+ {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox 108.0-1
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
@@ -1879,7 +1932,7 @@ CVE-2022-46873
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46873
CVE-2022-46872
RESERVED
- {DSA-5301-1 DLA-3242-1 DLA-3241-1}
+ {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox 108.0-1
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
@@ -1890,8 +1943,7 @@ CVE-2022-46871
RESERVED
- firefox 108.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46871
-CVE-2022-46870
- RESERVED
+CVE-2022-46870 (An Improper Neutralization of Input During Web Page Generation
('Cross ...)
NOT-FOR-US: Apache Zeppelin
CVE-2022-46869
RESERVED
@@ -2275,8 +2327,8 @@ CVE-2022-4328
RESERVED
CVE-2022-4327
RESERVED
-CVE-2022-4326
- RESERVED
+CVE-2022-4326 (Improper preservation of permissions vulnerability in Trellix
Endpoint ...)
+ TODO: check
CVE-2022-4325
RESERVED
CVE-2022-4324
@@ -4291,12 +4343,12 @@ CVE-2022-46139
RESERVED
CVE-2022-46138
RESERVED
-CVE-2022-46137
- RESERVED
+CVE-2022-46137 (AeroCMS v0.0.1 is vulnerable to Directory Traversal. The
impact is: ob ...)
+ TODO: check
CVE-2022-46136
RESERVED
-CVE-2022-46135
- RESERVED
+CVE-2022-46135 (In AeroCms v0.0.1, there is an arbitrary file upload
vulnerability at ...)
+ TODO: check
CVE-2022-46134
RESERVED
CVE-2022-46133
@@ -4347,8 +4399,8 @@ CVE-2022-46111
RESERVED
CVE-2022-46110
RESERVED
-CVE-2022-46109
- RESERVED
+CVE-2022-46109 (Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via
function ...)
+ TODO: check
CVE-2022-46108
RESERVED
CVE-2022-46107
@@ -5041,8 +5093,8 @@ CVE-2022-45801
RESERVED
CVE-2022-4131
RESERVED
-CVE-2022-4130
- RESERVED
+CVE-2022-4130 (A blind site-to-site request forgery vulnerability was found in
Satell ...)
+ TODO: check
CVE-2022-4129 (A flaw was found in the Linux kernel's Layer 2 Tunneling
Protocol (L2T ...)
- linux <unfixed>
NOTE:
https://lore.kernel.org/all/[email protected]/t
@@ -5084,8 +5136,8 @@ CVE-2021-46854 (mod_radius in ProFTPD before 1.3.7c
allows memory disclosure to
NOTE: Fixed by:
https://github.com/proftpd/proftpd/commit/e7c0b6e78a81fa97ec41ea6332e5e11b864089b8
(v1.3.7c)
CVE-2022-45797 (An arbitrary file deletion vulnerability in the Damage Cleanup
Engine ...)
NOT-FOR-US: Trend Micro
-CVE-2022-45796
- RESERVED
+CVE-2022-45796 (Command injection vulnerability in nw_interface.html in SHARP
multifun ...)
+ TODO: check
CVE-2022-45795
RESERVED
CVE-2022-45794
@@ -6382,6 +6434,7 @@ CVE-2022-45415
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45415
CVE-2022-45414
RESERVED
+ {DSA-5303-1}
- thunderbird 1:102.5.1-1
[bullseye] - thunderbird <postponed> (Minor issue, fix along in next
ESR update)
[buster] - thunderbird <postponed> (Minor issue)
@@ -9992,16 +10045,16 @@ CVE-2022-44504
RESERVED
CVE-2022-44503
RESERVED
-CVE-2022-44502
- RESERVED
+CVE-2022-44502 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and
earlier ...)
+ TODO: check
CVE-2022-44501
RESERVED
-CVE-2022-44500
- RESERVED
-CVE-2022-44499
- RESERVED
-CVE-2022-44498
- RESERVED
+CVE-2022-44500 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and
earlier ...)
+ TODO: check
+CVE-2022-44499 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and
earlier ...)
+ TODO: check
+CVE-2022-44498 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and
earlier ...)
+ TODO: check
CVE-2022-44497
RESERVED
CVE-2022-44496
@@ -10050,18 +10103,18 @@ CVE-2022-44475
RESERVED
CVE-2022-44474
RESERVED
-CVE-2022-44473
- RESERVED
+CVE-2022-44473 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
+ TODO: check
CVE-2022-44472
RESERVED
CVE-2022-44471
RESERVED
CVE-2022-44470
RESERVED
-CVE-2022-44469
- RESERVED
-CVE-2022-44468
- RESERVED
+CVE-2022-44469 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
+ TODO: check
+CVE-2022-44468 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
+ TODO: check
CVE-2022-44467
RESERVED
CVE-2022-44466
@@ -10072,8 +10125,8 @@ CVE-2022-44464
RESERVED
CVE-2022-44463
RESERVED
-CVE-2022-44462
- RESERVED
+CVE-2022-44462 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
+ TODO: check
CVE-2022-44461
RESERVED
CVE-2022-44460
@@ -14162,8 +14215,8 @@ CVE-2022-41996 (Cross-Site Request Forgery (CSRF)
vulnerability in ThemeFusion A
NOT-FOR-US: WordPress theme
CVE-2022-41995
RESERVED
-CVE-2022-41992
- RESERVED
+CVE-2022-41992 (A memory corruption vulnerability exists in the VHD File
Format parsin ...)
+ TODO: check
CVE-2022-41990
RESERVED
CVE-2022-41987
@@ -16876,12 +16929,12 @@ CVE-2022-42546
RESERVED
CVE-2022-42545
RESERVED
-CVE-2022-42544
- RESERVED
-CVE-2022-42543
- RESERVED
-CVE-2022-42542
- RESERVED
+CVE-2022-42544 (In getView of AddAppNetworksFragment.java, there is a possible
way to ...)
+ TODO: check
+CVE-2022-42543 (In fdt_path_offset_namelen of fdt_ro.c, there is a possible
out of bou ...)
+ TODO: check
+CVE-2022-42542 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a
possible ...)
+ TODO: check
CVE-2022-42541
RESERVED
CVE-2022-42540
@@ -16894,76 +16947,76 @@ CVE-2022-42537
RESERVED
CVE-2022-42536
RESERVED
-CVE-2022-42535
- RESERVED
-CVE-2022-42534
- RESERVED
+CVE-2022-42535 (In a query in MmsSmsProvider.java, there is a possible access
to restr ...)
+ TODO: check
+CVE-2022-42534 (In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a
possible ...)
+ TODO: check
CVE-2022-42533 (In shared_metadata_init of SharedMetadata.cpp, there is a
possible out ...)
NOT-FOR-US: Google Pixel
-CVE-2022-42532
- RESERVED
-CVE-2022-42531
- RESERVED
-CVE-2022-42530
- RESERVED
-CVE-2022-42529
- RESERVED
+CVE-2022-42532 (In Pixel firmware, there is a possible out of bounds read due
to a mis ...)
+ TODO: check
+CVE-2022-42531 (In mmu_map_for_fw of gs_ldfw_load.c, there is a possible
mitigation by ...)
+ TODO: check
+CVE-2022-42530 (In Pixel firmware, there is a possible out of bounds read due
to a mis ...)
+ TODO: check
+CVE-2022-42529 (Product: AndroidVersions: Android kernelAndroid ID:
A-235292841Referen ...)
+ TODO: check
CVE-2022-42528
RESERVED
-CVE-2022-42527
- RESERVED
-CVE-2022-42526
- RESERVED
-CVE-2022-42525
- RESERVED
-CVE-2022-42524
- RESERVED
-CVE-2022-42523
- RESERVED
-CVE-2022-42522
- RESERVED
-CVE-2022-42521
- RESERVED
-CVE-2022-42520
- RESERVED
-CVE-2022-42519
- RESERVED
-CVE-2022-42518
- RESERVED
-CVE-2022-42517
- RESERVED
-CVE-2022-42516
- RESERVED
-CVE-2022-42515
- RESERVED
-CVE-2022-42514
- RESERVED
-CVE-2022-42513
- RESERVED
-CVE-2022-42512
- RESERVED
-CVE-2022-42511
- RESERVED
-CVE-2022-42510
- RESERVED
-CVE-2022-42509
- RESERVED
-CVE-2022-42508
- RESERVED
-CVE-2022-42507
- RESERVED
-CVE-2022-42506
- RESERVED
-CVE-2022-42505
- RESERVED
-CVE-2022-42504
- RESERVED
-CVE-2022-42503
- RESERVED
-CVE-2022-42502
- RESERVED
-CVE-2022-42501
- RESERVED
+CVE-2022-42527 (In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash
due to a m ...)
+ TODO: check
+CVE-2022-42526 (In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a
possible out o ...)
+ TODO: check
+CVE-2022-42525 (In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is
a possi ...)
+ TODO: check
+CVE-2022-42524 (In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out
of bounds ...)
+ TODO: check
+CVE-2022-42523 (In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is
a possi ...)
+ TODO: check
+CVE-2022-42522 (In DoSetCarrierConfig of miscservice.cpp, there is a possible
out of b ...)
+ TODO: check
+CVE-2022-42521 (In encode of wlandata.cpp, there is a possible out of bounds
write due ...)
+ TODO: check
+CVE-2022-42520 (In ServiceInterface::HandleRequest of serviceinterface.cpp,
there is a ...)
+ TODO: check
+CVE-2022-42519 (In CdmaBroadcastSmsConfigsRequestData::encode of
cdmasmsdata.cpp, ther ...)
+ TODO: check
+CVE-2022-42518 (In BroadcastSmsConfigsRequestData::encode of smsdata.cpp,
there is a p ...)
+ TODO: check
+CVE-2022-42517 (In MiscService::DoOemSetTcsFci of miscservice.cpp, there is a
possible ...)
+ TODO: check
+CVE-2022-42516 (In ProtocolSimBuilderLegacy::BuildSimGetGbaAuth of
protocolsimbuilderl ...)
+ TODO: check
+CVE-2022-42515 (In MiscService::DoOemSetRtpPktlossThreshold of
miscservice.cpp, there ...)
+ TODO: check
+CVE-2022-42514 (In ProtocolImsBuilder::BuildSetConfig of
protocolimsbuilder.cpp, there ...)
+ TODO: check
+CVE-2022-42513 (In ProtocolEmbmsBuilder::BuildSetSession of
protocolembmsbuilder.cpp, ...)
+ TODO: check
+CVE-2022-42512 (In VsimOperationDataExt::encode of vsimdata.cpp, there is a
possible o ...)
+ TODO: check
+CVE-2022-42511 (In EmbmsSessionData::encode of embmsdata.cpp, there is a
possible out ...)
+ TODO: check
+CVE-2022-42510 (In StringsRequestData::encode of requestdata.cpp, there is a
possible ...)
+ TODO: check
+CVE-2022-42509 (In CallDialReqData::encode of callreqdata.cpp, there is a
possible out ...)
+ TODO: check
+CVE-2022-42508 (In ProtocolCallBuilder::BuildSendUssd of
protocolcallbuilder.cpp, ther ...)
+ TODO: check
+CVE-2022-42507 (In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of
protocolsimbuilder.c ...)
+ TODO: check
+CVE-2022-42506 (In SimUpdatePbEntry::encode of simdata.cpp, there is a
possible out of ...)
+ TODO: check
+CVE-2022-42505 (In ProtocolMiscBuilder::BuildSetSignalReportCriteria of
protocolmiscbu ...)
+ TODO: check
+CVE-2022-42504 (In CallDialReqData::encodeCallNumber of callreqdata.cpp, there
is a po ...)
+ TODO: check
+CVE-2022-42503 (In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of
protocolmisc ...)
+ TODO: check
+CVE-2022-42502 (In FacilityLock::Parse of simdata.cpp, there is a possible out
of boun ...)
+ TODO: check
+CVE-2022-42501 (In HexString2Value of util.cpp, there is a possible out of
bounds writ ...)
+ TODO: check
CVE-2022-42500
RESERVED
CVE-2022-42499
@@ -17290,10 +17343,10 @@ CVE-2022-42369
RESERVED
CVE-2022-42368
RESERVED
-CVE-2022-42367
- RESERVED
-CVE-2022-42366
- RESERVED
+CVE-2022-42367 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
+ TODO: check
+CVE-2022-42366 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
+ TODO: check
CVE-2022-42365
RESERVED
CVE-2022-42364
@@ -17304,8 +17357,8 @@ CVE-2022-42362
RESERVED
CVE-2022-42361
RESERVED
-CVE-2022-42360
- RESERVED
+CVE-2022-42360 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
+ TODO: check
CVE-2022-42359
RESERVED
CVE-2022-42358
@@ -17322,8 +17375,8 @@ CVE-2022-42353
RESERVED
CVE-2022-42352
RESERVED
-CVE-2022-42351
- RESERVED
+CVE-2022-42351 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
+ TODO: check
CVE-2022-42350
RESERVED
CVE-2022-42349
@@ -17338,8 +17391,8 @@ CVE-2022-42345
RESERVED
CVE-2022-42344 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and
earlier) ...)
NOT-FOR-US: Adobe
-CVE-2022-42343
- RESERVED
+CVE-2022-42343 (Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and
earlier) are ...)
+ TODO: check
CVE-2022-42342 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and
20.005.30 ...)
NOT-FOR-US: Adobe
CVE-2022-42341 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
@@ -18354,8 +18407,8 @@ CVE-2022-41973 (multipath-tools 0.7.7 through 0.9.x
before 0.9.2 allows local us
NOTE:
https://github.com/opensvc/multipath-tools/commit/994811a29332161ec150f1d9822ff460cfc0f316
(0.9.2)
NOTE: The fix for CVE-2022-41973 switches to use /run instead of
/dev/shm which is a backward
NOTE: incompatible change (which can be overriden but leaving CVE open).
-CVE-2022-41972
- RESERVED
+CVE-2022-41972 (Contiki-NG is an open-source, cross-platform operating system
for Next ...)
+ TODO: check
CVE-2022-41971 (Nextcould Talk android is a video and audio conferencing app
for Nextc ...)
TODO: check
CVE-2022-41970 (Nextcloud Server is an open source personal cloud server.
Prior to ver ...)
@@ -18370,14 +18423,14 @@ CVE-2022-41966
RESERVED
CVE-2022-41965 (Opencast is a free, open-source platform to support the
management of ...)
NOT-FOR-US: Opencast
-CVE-2022-41964
- RESERVED
-CVE-2022-41963
- RESERVED
-CVE-2022-41962
- RESERVED
-CVE-2022-41961
- RESERVED
+CVE-2022-41964 (BigBlueButton is an open source web conferencing system. This
vulnerab ...)
+ TODO: check
+CVE-2022-41963 (BigBlueButton is an open source web conferencing system.
Versions prio ...)
+ TODO: check
+CVE-2022-41962 (BigBlueButton is an open source web conferencing system.
Versions prio ...)
+ TODO: check
+CVE-2022-41961 (BigBlueButton is an open source web conferencing system.
Versions prio ...)
+ TODO: check
CVE-2022-41960 (BigBlueButton is an open source web conferencing system.
Versions prio ...)
TODO: check
CVE-2022-41959
@@ -23807,8 +23860,7 @@ CVE-2022-3111 (An issue was discovered in the Linux
kernel through 5.16-rc6. fre
CVE-2022-3110 (An issue was discovered in the Linux kernel through 5.16-rc6.
_rtw_ini ...)
- linux 5.18.5-1
NOTE:
https://git.kernel.org/linus/f94b47c6bde624d6c07f43054087607c52054a95 (5.19-rc1)
-CVE-2022-3109
- RESERVED
+CVE-2022-3109 (An issue was discovered in the FFmpeg through 3.0.
vp3_decode_frame in ...)
- ffmpeg 7:5.1-1
[bullseye] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.3.x)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568
(n5.1)
@@ -28709,8 +28761,8 @@ CVE-2022-38108 (SolarWinds Platform was susceptible to
the Deserialization of Un
NOT-FOR-US: SolarWinds
CVE-2022-38107 (Sensitive information could be displayed when a detailed
technical err ...)
NOT-FOR-US: SolarWinds
-CVE-2022-38106
- RESERVED
+CVE-2022-38106 (This vulnerability happens in the web client versions 15.3.0
to Serv-U ...)
+ TODO: check
CVE-2022-38093 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
All in O ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38070 (Privilege Escalation (subscriber+) vulnerability in Pop-up
plugin < ...)
@@ -33564,8 +33616,8 @@ CVE-2022-36225 (EyouCMS V1.5.8-UTF8-SP1 is vulnerable
to Cross Site Request Forg
NOT-FOR-US: Eyoucms
CVE-2022-36224 (XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery
(CSRF). ...)
NOT-FOR-US: XunRuiCMS
-CVE-2022-36223
- RESERVED
+CVE-2022-36223 (In Emby Server 4.6.7.0, the playlist name field is vulnerable
to XSS s ...)
+ TODO: check
CVE-2022-36222
RESERVED
CVE-2022-36221
@@ -34886,12 +34938,12 @@ CVE-2022-35698 (Adobe Commerce versions 2.4.4-p1 (and
earlier) and 2.4.5 (and ea
NOT-FOR-US: Adobe
CVE-2022-35697 (Adobe Experience Manager Core Components version 2.20.6 (and
earlier) ...)
NOT-FOR-US: Adobe
-CVE-2022-35696
- RESERVED
+CVE-2022-35696 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
+ TODO: check
CVE-2022-35695
RESERVED
-CVE-2022-35694
- RESERVED
+CVE-2022-35694 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
+ TODO: check
CVE-2022-35693
RESERVED
CVE-2022-35692 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and
earlier) ...)
@@ -45940,10 +45992,10 @@ CVE-2022-31710
RESERVED
CVE-2022-31709
RESERVED
-CVE-2022-31708
- RESERVED
-CVE-2022-31707
- RESERVED
+CVE-2022-31708 (vRealize Operations (vROps) contains a broken access control
vulnerabi ...)
+ TODO: check
+CVE-2022-31707 (vRealize Operations (vROps) contains a privilege escalation
vulnerabil ...)
+ TODO: check
CVE-2022-31706
RESERVED
CVE-2022-31705 (VMware ESXi, Workstation, and Fusion contain a heap
out-of-bounds writ ...)
@@ -58267,11 +58319,11 @@ CVE-2022-27586 (Password recovery vulnerability in
SICK SIM1004 Partnumber 10981
NOT-FOR-US: SICK SIM1004 Partnumber 1098148
CVE-2022-27585 (Password recovery vulnerability in SICK SIM1000 FX Partnumber
1097816 ...)
NOT-FOR-US: SICK SIM1000 FX Partnumber 1097816 and 1097817
-CVE-2022-27584 (Password recovery vulnerability in SICK SIM2000ST Partnumber
2086502 a ...)
+CVE-2022-27584 (Password recovery vulnerability in SICK SIM2000ST Partnumber
1080579 a ...)
NOT-FOR-US: SICK SIM2000ST Partnumber 2086502 and 1080579
CVE-2022-27583 (A remote unprivileged attacker can interact with the
configuration int ...)
NOT-FOR-US: Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2
-CVE-2022-27582 (Password recovery vulnerability in SICK SICK SIM4000 (PPC)
Partnumber ...)
+CVE-2022-27582 (Password recovery vulnerability in SICK SIM4000 (PPC)
Partnumber 10787 ...)
NOT-FOR-US: SICK SICK SIM4000 (PPC) Partnumber 1078787
CVE-2022-27581 (Use of a Broken or Risky Cryptographic Algorithm in SICK
RFU61x firmwa ...)
TODO: check
@@ -63821,12 +63873,12 @@ CVE-2022-25630 (An authenticated user can embed
malicious content with XSS into
TODO: check
CVE-2022-25629 (An authenticated user who has the privilege to add/edit
annotations on ...)
TODO: check
-CVE-2022-25628
- RESERVED
-CVE-2022-25627
- RESERVED
-CVE-2022-25626
- RESERVED
+CVE-2022-25628 (An authenticated user can perform XML eXternal Entity
injection in Man ...)
+ TODO: check
+CVE-2022-25627 (An authenticated administrator who has physical access to the
environm ...)
+ TODO: check
+CVE-2022-25626 (An unauthenticated user can access Identity Manager’s
management ...)
+ TODO: check
CVE-2022-25625 (A malicious unauthorized PAM user can access the
administration config ...)
NOT-FOR-US: Symantec
CVE-2022-25624
@@ -89263,235 +89315,231 @@ CVE-2021-3887
REJECTED
CVE-2022-20611 (In deletePackageVersionedInternal of DeletePackageHelper.java,
there i ...)
NOT-FOR-US: Android
-CVE-2022-20610
- RESERVED
-CVE-2022-20609
- RESERVED
-CVE-2022-20608
- RESERVED
-CVE-2022-20607
- RESERVED
-CVE-2022-20606
- RESERVED
-CVE-2022-20605
- RESERVED
-CVE-2022-20604
- RESERVED
-CVE-2022-20603
- RESERVED
-CVE-2022-20602
- RESERVED
-CVE-2022-20601
- RESERVED
-CVE-2022-20600
- RESERVED
-CVE-2022-20599
- RESERVED
-CVE-2022-20598
- RESERVED
-CVE-2022-20597
- RESERVED
-CVE-2022-20596
- RESERVED
-CVE-2022-20595
- RESERVED
-CVE-2022-20594
- RESERVED
-CVE-2022-20593
- RESERVED
-CVE-2022-20592
- RESERVED
-CVE-2022-20591
- RESERVED
-CVE-2022-20590
- RESERVED
-CVE-2022-20589
- RESERVED
-CVE-2022-20588
- RESERVED
-CVE-2022-20587
- RESERVED
-CVE-2022-20586
- RESERVED
-CVE-2022-20585
- RESERVED
-CVE-2022-20584
- RESERVED
-CVE-2022-20583
- RESERVED
-CVE-2022-20582
- RESERVED
-CVE-2022-20581
- RESERVED
-CVE-2022-20580
- RESERVED
-CVE-2022-20579
- RESERVED
-CVE-2022-20578
- RESERVED
-CVE-2022-20577
- RESERVED
-CVE-2022-20576
- RESERVED
-CVE-2022-20575
- RESERVED
-CVE-2022-20574
- RESERVED
+CVE-2022-20610 (In cellular modem firmware, there is a possible out of bounds
read due ...)
+ TODO: check
+CVE-2022-20609 (In Pixel cellular firmware, there is a possible out of bounds
read due ...)
+ TODO: check
+CVE-2022-20608 (In Pixel cellular firmware, there is a possible out of bounds
read due ...)
+ TODO: check
+CVE-2022-20607 (In the Pixel cellular firmware, there is a possible out of
bounds writ ...)
+ TODO: check
+CVE-2022-20606 (In SAEMM_MiningCodecTableWithMsgIE of
SAEMM_RadioMessageCodec.c, there ...)
+ TODO: check
+CVE-2022-20605 (In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a
possible o ...)
+ TODO: check
+CVE-2022-20604 (In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is
a possi ...)
+ TODO: check
+CVE-2022-20603 (In SetDecompContextDb of RohcDeCompContextOfRbId.cpp, there is
a possi ...)
+ TODO: check
+CVE-2022-20602 (Product: AndroidVersions: Android kernelAndroid ID:
A-211081867Referen ...)
+ TODO: check
+CVE-2022-20601 (Product: AndroidVersions: Android kernelAndroid ID:
A-204541506Referen ...)
+ TODO: check
+CVE-2022-20600 (In TBD of TBD, there is a possible out of bounds write due to
memory c ...)
+ TODO: check
+CVE-2022-20599 (In Pixel firmware, there is a possible exposure of sensitive
memory du ...)
+ TODO: check
+CVE-2022-20598 (In sec_media_protect of media.c, there is a possible EoP due
to an int ...)
+ TODO: check
+CVE-2022-20597 (In ppmpu_set of ppmpu.c, there is a possible EoP due to an
integer ove ...)
+ TODO: check
+CVE-2022-20596 (In sendChunk of WirelessCharger.cpp, there is a possible out
of bounds ...)
+ TODO: check
+CVE-2022-20595 (In getWpcAuthChallengeResponse of WirelessCharger.cpp, there
is a poss ...)
+ TODO: check
+CVE-2022-20594 (In updateStart of WirelessCharger.cpp, there is a possible out
of boun ...)
+ TODO: check
+CVE-2022-20593 (In pop_descriptor_string of BufferDescriptor.h, there is a
possible ou ...)
+ TODO: check
+CVE-2022-20592 (In ppmp_validate_secbuf of drm_fw.c, there is a possible
information d ...)
+ TODO: check
+CVE-2022-20591 (In ppmpu_set of ppmpu.c, there is a possible information
disclosure du ...)
+ TODO: check
+CVE-2022-20590 (In valid_va_sec_mfc_check of drm_access_control.c, there is a
possible ...)
+ TODO: check
+CVE-2022-20589 (In valid_va_secbuf_check of drm_access_control.c, there is a
possible ...)
+ TODO: check
+CVE-2022-20588 (In sysmmu_map of sysmmu.c, there is a possible EoP due to a
preconditi ...)
+ TODO: check
+CVE-2022-20587 (In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due
to impro ...)
+ TODO: check
+CVE-2022-20586 (In valid_out_of_special_sec_dram_addr of drm_access_control.c,
there i ...)
+ TODO: check
+CVE-2022-20585 (In valid_out_of_special_sec_dram_addr of drm_access_control.c,
there i ...)
+ TODO: check
+CVE-2022-20584 (In page_number of shared_mem.c, there is a possible code
execution in ...)
+ TODO: check
+CVE-2022-20583 (In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible
out of bo ...)
+ TODO: check
+CVE-2022-20582 (In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible
out of bo ...)
+ TODO: check
+CVE-2022-20581 (In the Pixel camera driver, there is a possible use after free
due to ...)
+ TODO: check
+CVE-2022-20580 (In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible
out of bou ...)
+ TODO: check
+CVE-2022-20579 (In RadioImpl::setCdmaBroadcastConfig of
ril_service_legacy.cpp, there ...)
+ TODO: check
+CVE-2022-20578 (In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp,
there i ...)
+ TODO: check
+CVE-2022-20577 (In OemSimAuthRequest::encode of wlandata.cpp, there is a
possible out ...)
+ TODO: check
+CVE-2022-20576 (In externalOnRequest of rilapplication.cpp, there is a
possible out of ...)
+ TODO: check
+CVE-2022-20575 (In read_ppmpu_info of drm_fw.c, there is a possible out of
bounds read ...)
+ TODO: check
+CVE-2022-20574 (In sec_sysmmu_info of drm_fw.c, there is a possible out of
bounds read ...)
+ TODO: check
CVE-2022-20573
RESERVED
-CVE-2022-20572
- RESERVED
+CVE-2022-20572 (In verity_target of dm-verity-target.c, there is a possible
way to mod ...)
- linux 5.18.2-1
[bullseye] - linux 5.10.120-1
[buster] - linux 4.19.249-1
NOTE:
https://git.kernel.org/linus/4caae58406f8ceb741603eee460d79bacca9b1b5
-CVE-2022-20571
- RESERVED
-CVE-2022-20570
- RESERVED
-CVE-2022-20569
- RESERVED
-CVE-2022-20568
- RESERVED
+CVE-2022-20571 (In extract_metadata of dm-android-verity.c, there is a
possible way to ...)
+ TODO: check
+CVE-2022-20570 (Product: AndroidVersions: Android kernelAndroid ID:
A-230660904Referen ...)
+ TODO: check
+CVE-2022-20569 (In thermal_cooling_device_stats_update of thermal_sysfs.c,
there is a ...)
+ TODO: check
+CVE-2022-20568 (In (TBD) of (TBD), there is a possible way to corrupt kernel
memory du ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.120-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
-CVE-2022-20567
- RESERVED
+CVE-2022-20567 (In pppol2tp_create of l2tp_ppp.c, there is a possible use
after free d ...)
- linux 4.15.11-1
NOTE:
https://git.kernel.org/linus/d02ba2a6110c530a32926af8ad441111774d2893
-CVE-2022-20566
- RESERVED
+CVE-2022-20566 (In l2cap_chan_put of l2cap_core, there is a possible use after
free du ...)
- linux 5.18.16-1
[bullseye] - linux 5.10.136-1
[buster] - linux 4.19.260-1
NOTE:
https://git.kernel.org/linus/d0be8347c623e0ac4202a1d4e0373882821f56b0
CVE-2022-20565
RESERVED
-CVE-2022-20564
- RESERVED
-CVE-2022-20563
- RESERVED
-CVE-2022-20562
- RESERVED
-CVE-2022-20561
- RESERVED
-CVE-2022-20560
- RESERVED
-CVE-2022-20559
- RESERVED
-CVE-2022-20558
- RESERVED
-CVE-2022-20557
- RESERVED
-CVE-2022-20556
- RESERVED
-CVE-2022-20555
- RESERVED
-CVE-2022-20554
- RESERVED
-CVE-2022-20553
- RESERVED
-CVE-2022-20552
- RESERVED
+CVE-2022-20564 (In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a
possible o ...)
+ TODO: check
+CVE-2022-20563 (In TBD of ufdt_convert, there is a possible out of bounds read
due to ...)
+ TODO: check
+CVE-2022-20562 (In various functions of ap_input_processor.c, there is a
possible way ...)
+ TODO: check
+CVE-2022-20561 (In TBD of aud_hal_tunnel.c, there is a possible memory
corruption due ...)
+ TODO: check
+CVE-2022-20560 (Product: AndroidVersions: Android kernelAndroid ID:
A-212623833Referen ...)
+ TODO: check
+CVE-2022-20559 (In revokeOwnPermissionsOnKill of PermissionManager.java, there
is a po ...)
+ TODO: check
+CVE-2022-20558 (In registerReceivers of DeviceCapabilityListener.java, there
is a poss ...)
+ TODO: check
+CVE-2022-20557 (In MessageQueueBase of MessageQueueBase.h, there is a possible
out of ...)
+ TODO: check
+CVE-2022-20556 (In launchConfigNewNetworkFragment of
NetworkProviderSettings.java, the ...)
+ TODO: check
+CVE-2022-20555 (In ufdt_get_node_by_path_len of ufdt_convert.c, there is a
possible ou ...)
+ TODO: check
+CVE-2022-20554 (In removeEventHubDevice of InputDevice.cpp, there is a
possible OOB re ...)
+ TODO: check
+CVE-2022-20553 (In onCreate of LogAccessDialogActivity.java, there is a
possible way t ...)
+ TODO: check
+CVE-2022-20552 (In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is
a possi ...)
+ TODO: check
CVE-2022-20551
RESERVED
-CVE-2022-20550
- RESERVED
-CVE-2022-20549
- RESERVED
-CVE-2022-20548
- RESERVED
-CVE-2022-20547
- RESERVED
-CVE-2022-20546
- RESERVED
-CVE-2022-20545
- RESERVED
-CVE-2022-20544
- RESERVED
-CVE-2022-20543
- RESERVED
+CVE-2022-20550 (In Multiple Locations, there is a possibility to launch
arbitrary prot ...)
+ TODO: check
+CVE-2022-20549 (In authToken2AidlVec of KeyMintUtils.cpp, there is a possible
out of b ...)
+ TODO: check
+CVE-2022-20548 (In setParameter of EqualizerEffect.cpp, there is a possible
out of bou ...)
+ TODO: check
+CVE-2022-20547 (In multiple functions of AdapterService.java, there is a
possible way ...)
+ TODO: check
+CVE-2022-20546 (In getCurrentConfigImpl of Effect.cpp, there is a possible out
of boun ...)
+ TODO: check
+CVE-2022-20545 (In bindArtworkAndColors of MediaControlPanel.java, there is a
possible ...)
+ TODO: check
+CVE-2022-20544 (In onOptionsItemSelected of ManageApplications.java, there is
a possib ...)
+ TODO: check
+CVE-2022-20543 (In multiple locations, there is a possible display crash loop
due to i ...)
+ TODO: check
CVE-2022-20542
RESERVED
-CVE-2022-20541
- RESERVED
-CVE-2022-20540
- RESERVED
-CVE-2022-20539
- RESERVED
-CVE-2022-20538
- RESERVED
-CVE-2022-20537
- RESERVED
-CVE-2022-20536
- RESERVED
-CVE-2022-20535
- RESERVED
+CVE-2022-20541 (In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible
out of bou ...)
+ TODO: check
+CVE-2022-20540 (In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is
possible arb ...)
+ TODO: check
+CVE-2022-20539 (In parameterToHal of Effect.cpp, there is a possible out of
bounds wri ...)
+ TODO: check
+CVE-2022-20538 (In getSmsRoleHolder of RoleService.java, there is a possible
way to de ...)
+ TODO: check
+CVE-2022-20537 (In createDialog of WifiScanModeActivity.java, there is a
possible way ...)
+ TODO: check
+CVE-2022-20536 (In registerBroadcastReceiver of RcsService.java, there is a
possible w ...)
+ TODO: check
+CVE-2022-20535 (In registerLocalOnlyHotspotSoftApCallback of WifiManager.java,
there i ...)
+ TODO: check
CVE-2022-20534
RESERVED
-CVE-2022-20533
- RESERVED
+CVE-2022-20533 (In getSlice of WifiSlice.java, there is a possible way to
connect a ne ...)
+ TODO: check
CVE-2022-20532
RESERVED
-CVE-2022-20531
- RESERVED
-CVE-2022-20530
- RESERVED
-CVE-2022-20529
- RESERVED
-CVE-2022-20528
- RESERVED
-CVE-2022-20527
- RESERVED
-CVE-2022-20526
- RESERVED
-CVE-2022-20525
- RESERVED
-CVE-2022-20524
- RESERVED
-CVE-2022-20523
- RESERVED
-CVE-2022-20522
- RESERVED
-CVE-2022-20521
- RESERVED
-CVE-2022-20520
- RESERVED
-CVE-2022-20519
- RESERVED
-CVE-2022-20518
- RESERVED
-CVE-2022-20517
- RESERVED
-CVE-2022-20516
- RESERVED
-CVE-2022-20515
- RESERVED
-CVE-2022-20514
- RESERVED
-CVE-2022-20513
- RESERVED
-CVE-2022-20512
- RESERVED
-CVE-2022-20511
- RESERVED
-CVE-2022-20510
- RESERVED
-CVE-2022-20509
- RESERVED
-CVE-2022-20508
- RESERVED
-CVE-2022-20507
- RESERVED
-CVE-2022-20506
- RESERVED
-CVE-2022-20505
- RESERVED
-CVE-2022-20504
- RESERVED
-CVE-2022-20503
- RESERVED
+CVE-2022-20531 (In placeCall of TelecomManager.java, there is a possible way
to determ ...)
+ TODO: check
+CVE-2022-20530 (In strings.xml, there is a possible permission bypass due to a
mislead ...)
+ TODO: check
+CVE-2022-20529 (In multiple locations of WifiDialogActivity.java, there is a
possible ...)
+ TODO: check
+CVE-2022-20528 (In findParam of HevcUtils.cpp there is a possible out of
bounds read d ...)
+ TODO: check
+CVE-2022-20527 (In HalCoreCallback of halcore.cc, there is a possible out of
bounds re ...)
+ TODO: check
+CVE-2022-20526 (In CanvasContext::draw of CanvasContext.cpp, there is a
possible out o ...)
+ TODO: check
+CVE-2022-20525 (In enforceVisualVoicemailPackage of
PhoneInterfaceManager.java, there ...)
+ TODO: check
+CVE-2022-20524 (In compose of Vibrator.cpp, there is a possible arbitrary code
executi ...)
+ TODO: check
+CVE-2022-20523 (In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a
possible ...)
+ TODO: check
+CVE-2022-20522 (In getSlice of ProviderModelSlice.java, there is a missing
permission ...)
+ TODO: check
+CVE-2022-20521 (In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there
is a po ...)
+ TODO: check
+CVE-2022-20520 (In onCreate of various files, there is a possible
tapjacking/overlay a ...)
+ TODO: check
+CVE-2022-20519 (In onCreate of AddAppNetworksActivity.java, there is a
possible way fo ...)
+ TODO: check
+CVE-2022-20518 (In query of MmsSmsProvider.java, there is a possible access to
restric ...)
+ TODO: check
+CVE-2022-20517 (In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a
possibl ...)
+ TODO: check
+CVE-2022-20516 (In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a
possible ...)
+ TODO: check
+CVE-2022-20515 (In onPreferenceClick of AccountTypePreferenceLoader.java,
there is a p ...)
+ TODO: check
+CVE-2022-20514 (In acquireFabricatedOverlayIterator,
nextFabricatedOverlayInfos, and r ...)
+ TODO: check
+CVE-2022-20513 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of
bounds ...)
+ TODO: check
+CVE-2022-20512 (In navigateUpTo of Task.java, there is a possible way to
launch an int ...)
+ TODO: check
+CVE-2022-20511 (In getNearbyAppStreamingPolicy of
DevicePolicyManagerService.java, the ...)
+ TODO: check
+CVE-2022-20510 (In getNearbyNotificationStreamingPolicy of
DevicePolicyManagerService. ...)
+ TODO: check
+CVE-2022-20509 (In mapGrantorDescr of MessageQueueBase.h, there is a possible
out of b ...)
+ TODO: check
+CVE-2022-20508 (In onAttach of ConfigureWifiSettings.java, there is a possible
way for ...)
+ TODO: check
+CVE-2022-20507 (In onMulticastListUpdateNotificationReceived of
UwbEventManager.java, ...)
+ TODO: check
+CVE-2022-20506 (In onCreate of WifiDialogActivity.java, there is a missing
permission ...)
+ TODO: check
+CVE-2022-20505 (In openFile of CallLogProvider.java, there is a possible
permission by ...)
+ TODO: check
+CVE-2022-20504 (In multiple locations of DreamManagerService.java, there is a
missing ...)
+ TODO: check
+CVE-2022-20503 (In onCreate of WifiDppConfiguratorActivity.java, there is a
possible w ...)
+ TODO: check
CVE-2022-20502 (In GetResolvedMethod of entrypoint_utils-inl.h, there is a
possible us ...)
NOT-FOR-US: Android
CVE-2022-20501 (In onCreate of EnableAccountPreferenceActivity.java, there is
a possib ...)
@@ -90121,8 +90169,8 @@ CVE-2022-20201 (In getAppSize of
InstalldNativeService.cpp, there is a possible
NOT-FOR-US: Google Pixel
CVE-2022-20200 (In updateApState of SoftApManager.java, there is a possible
leak of ho ...)
NOT-FOR-US: Android
-CVE-2022-20199
- RESERVED
+CVE-2022-20199 (In multiple locations of NfcService.java, there is a possible
disclosu ...)
+ TODO: check
CVE-2022-20198 (In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a
possible out o ...)
NOT-FOR-US: Android
CVE-2022-20197 (In recycle of Parcel.java, there is a possible way to start
foreground ...)
@@ -108909,8 +108957,8 @@ CVE-2021-35254 (SolarWinds received a report of a
vulnerability related to an in
NOT-FOR-US: SolarWinds
CVE-2021-35253
RESERVED
-CVE-2021-35252
- RESERVED
+CVE-2021-35252 (Common encryption key appears to be used across all deployed
instances ...)
+ TODO: check
CVE-2021-35251 (Sensitive information could be displayed when a detailed
technical err ...)
NOT-FOR-US: Solarwinds
CVE-2021-35250 (A researcher reported a Directory Transversal Vulnerability in
Serv-U ...)
@@ -126055,8 +126103,7 @@ CVE-2021-28657 (A carefully crafted or corrupt file
may trigger an infinite loop
NOTE: https://www.openwall.com/lists/oss-security/2021/03/30/3
CVE-2021-28656
RESERVED
-CVE-2021-28655
- RESERVED
+CVE-2021-28655 (The improper Input Validation vulnerability in "”Move
folder to ...)
NOT-FOR-US: Apache Zeppelin
CVE-2021-28654
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/076710f48a5e07ee38fb66b28a84a5558fb02dca
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/076710f48a5e07ee38fb66b28a84a5558fb02dca
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
