Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cff05cc3 by Salvatore Bonaccorso at 2022-12-16T22:07:56+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2330,7 +2330,7 @@ CVE-2022-4328
CVE-2022-4327
RESERVED
CVE-2022-4326 (Improper preservation of permissions vulnerability in Trellix
Endpoint ...)
- TODO: check
+ NOT-FOR-US: Trellix Endpoint Agent (xAgent)
CVE-2022-4325
RESERVED
CVE-2022-4324
@@ -10050,15 +10050,15 @@ CVE-2022-44504
CVE-2022-44503
RESERVED
CVE-2022-44502 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44501
RESERVED
CVE-2022-44500 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44499 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44498 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44497
RESERVED
CVE-2022-44496
@@ -10108,7 +10108,7 @@ CVE-2022-44475
CVE-2022-44474
RESERVED
CVE-2022-44473 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44472
RESERVED
CVE-2022-44471
@@ -10116,9 +10116,9 @@ CVE-2022-44471
CVE-2022-44470
RESERVED
CVE-2022-44469 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44468 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44467
RESERVED
CVE-2022-44466
@@ -10130,7 +10130,7 @@ CVE-2022-44464
CVE-2022-44463
RESERVED
CVE-2022-44462 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44461
RESERVED
CVE-2022-44460
@@ -11139,7 +11139,7 @@ CVE-2022-3753 (The Evaluate WordPress plugin through
1.0 does not sanitize and e
CVE-2022-43997
RESERVED
CVE-2022-43996 (The csaf_provider package before 0.8.2 allows XSS via a
crafted CSAF d ...)
- TODO: check
+ NOT-FOR-US: csaf_provider
CVE-2022-43995 (Sudo 1.8.0 through 1.9.12, with the crypt() password backend,
contains ...)
- sudo <unfixed> (unimportant)
NOTE: Fixed by:
https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050
@@ -14220,7 +14220,7 @@ CVE-2022-41996 (Cross-Site Request Forgery (CSRF)
vulnerability in ThemeFusion A
CVE-2022-41995
RESERVED
CVE-2022-41992 (A memory corruption vulnerability exists in the VHD File
Format parsin ...)
- TODO: check
+ NOT-FOR-US: PowerISO
CVE-2022-41990
RESERVED
CVE-2022-41987
@@ -16156,67 +16156,67 @@ CVE-2022-3459
CVE-2022-3458 (A vulnerability has been found in SourceCodester Human Resource
Manage ...)
NOT-FOR-US: SourceCodester
CVE-2022-42867 (A use after free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42866 (The issue was addressed with improved handling of caches. This
issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42865 (This issue was addressed by enabling hardened runtime. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42864 (A race condition was addressed with improved state handling.
This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42863 (A memory corruption issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42862 (This issue was addressed by removing the vulnerable code. This
issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42861 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42860
RESERVED
CVE-2022-42859 (Multiple issues were addressed by removing the vulnerable
code. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42858
RESERVED
CVE-2022-42857
RESERVED
CVE-2022-42856 (A type confusion issue was addressed with improved state
handling. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42855 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42854 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42853 (An access issue was addressed with improved access
restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42852 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42851 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42850 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42849 (An access issue existed with privileged API calls. This issue
was addr ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42848 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42847 (An out-of-bounds write issue was addressed with improved input
validat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42846 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42845 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42844 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42843 (This issue was addressed with improved data protection. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42842 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42841 (A type confusion issue was addressed with improved checks.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42840 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42839
RESERVED
CVE-2022-42838
RESERVED
CVE-2022-42837 (An issue existed in the parsing of URLs. This issue was
addressed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42836
RESERVED
CVE-2022-42835
@@ -16254,7 +16254,7 @@ CVE-2022-42823 (A type confusion issue was addressed
with improved memory handli
CVE-2022-42822
RESERVED
CVE-2022-42821 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42820 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
CVE-2022-42819 (An access issue was addressed with improved access
restrictions. This ...)
@@ -16286,7 +16286,7 @@ CVE-2022-42807
CVE-2022-42806 (A race condition was addressed with improved locking. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2022-42805 (An integer overflow was addressed with improved input
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42804
RESERVED
CVE-2022-42803 (A race condition was addressed with improved locking. This
issue is fi ...)
@@ -16934,11 +16934,11 @@ CVE-2022-42546
CVE-2022-42545
RESERVED
CVE-2022-42544 (In getView of AddAppNetworksFragment.java, there is a possible
way to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42543 (In fdt_path_offset_namelen of fdt_ro.c, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42542 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42541
RESERVED
CVE-2022-42540
@@ -16952,75 +16952,75 @@ CVE-2022-42537
CVE-2022-42536
RESERVED
CVE-2022-42535 (In a query in MmsSmsProvider.java, there is a possible access
to restr ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42534 (In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42533 (In shared_metadata_init of SharedMetadata.cpp, there is a
possible out ...)
NOT-FOR-US: Google Pixel
CVE-2022-42532 (In Pixel firmware, there is a possible out of bounds read due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42531 (In mmu_map_for_fw of gs_ldfw_load.c, there is a possible
mitigation by ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42530 (In Pixel firmware, there is a possible out of bounds read due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42529 (Product: AndroidVersions: Android kernelAndroid ID:
A-235292841Referen ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42528
RESERVED
CVE-2022-42527 (In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash
due to a m ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42526 (In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a
possible out o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42525 (In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42524 (In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out
of bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42523 (In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42522 (In DoSetCarrierConfig of miscservice.cpp, there is a possible
out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42521 (In encode of wlandata.cpp, there is a possible out of bounds
write due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42520 (In ServiceInterface::HandleRequest of serviceinterface.cpp,
there is a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42519 (In CdmaBroadcastSmsConfigsRequestData::encode of
cdmasmsdata.cpp, ther ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42518 (In BroadcastSmsConfigsRequestData::encode of smsdata.cpp,
there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42517 (In MiscService::DoOemSetTcsFci of miscservice.cpp, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42516 (In ProtocolSimBuilderLegacy::BuildSimGetGbaAuth of
protocolsimbuilderl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42515 (In MiscService::DoOemSetRtpPktlossThreshold of
miscservice.cpp, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42514 (In ProtocolImsBuilder::BuildSetConfig of
protocolimsbuilder.cpp, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42513 (In ProtocolEmbmsBuilder::BuildSetSession of
protocolembmsbuilder.cpp, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42512 (In VsimOperationDataExt::encode of vsimdata.cpp, there is a
possible o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42511 (In EmbmsSessionData::encode of embmsdata.cpp, there is a
possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42510 (In StringsRequestData::encode of requestdata.cpp, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42509 (In CallDialReqData::encode of callreqdata.cpp, there is a
possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42508 (In ProtocolCallBuilder::BuildSendUssd of
protocolcallbuilder.cpp, ther ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42507 (In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of
protocolsimbuilder.c ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42506 (In SimUpdatePbEntry::encode of simdata.cpp, there is a
possible out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42505 (In ProtocolMiscBuilder::BuildSetSignalReportCriteria of
protocolmiscbu ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42504 (In CallDialReqData::encodeCallNumber of callreqdata.cpp, there
is a po ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42503 (In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of
protocolmisc ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42502 (In FacilityLock::Parse of simdata.cpp, there is a possible out
of boun ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42501 (In HexString2Value of util.cpp, there is a possible out of
bounds writ ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-42500
RESERVED
CVE-2022-42499
@@ -17192,7 +17192,7 @@ CVE-2022-42448
CVE-2022-42447
RESERVED
CVE-2022-42446 (Starting with Sametime 12, anonymous users are enabled by
default. Aft ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-42445 (HCL Launch could allow a user with administrative privileges,
includin ...)
NOT-FOR-US: HCL
CVE-2022-42444
@@ -17348,9 +17348,9 @@ CVE-2022-42369
CVE-2022-42368
RESERVED
CVE-2022-42367 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42366 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42365
RESERVED
CVE-2022-42364
@@ -17362,7 +17362,7 @@ CVE-2022-42362
CVE-2022-42361
RESERVED
CVE-2022-42360 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42359
RESERVED
CVE-2022-42358
@@ -17380,7 +17380,7 @@ CVE-2022-42353
CVE-2022-42352
RESERVED
CVE-2022-42351 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42350
RESERVED
CVE-2022-42349
@@ -17396,7 +17396,7 @@ CVE-2022-42345
CVE-2022-42344 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and
earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-42343 (Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and
earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42342 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and
20.005.30 ...)
NOT-FOR-US: Adobe
CVE-2022-42341 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4
(and ea ...)
@@ -18412,9 +18412,9 @@ CVE-2022-41973 (multipath-tools 0.7.7 through 0.9.x
before 0.9.2 allows local us
NOTE: The fix for CVE-2022-41973 switches to use /run instead of
/dev/shm which is a backward
NOTE: incompatible change (which can be overriden but leaving CVE open).
CVE-2022-41972 (Contiki-NG is an open-source, cross-platform operating system
for Next ...)
- TODO: check
+ NOT-FOR-US: Contiki-NG
CVE-2022-41971 (Nextcould Talk android is a video and audio conferencing app
for Nextc ...)
- TODO: check
+ NOT-FOR-US: NextCloud Talk
CVE-2022-41970 (Nextcloud Server is an open source personal cloud server.
Prior to ver ...)
- nextcloud-server <itp> (bug #941708)
CVE-2022-41969 (Nextcloud Server is an open source personal cloud server.
Prior to ver ...)
@@ -18428,15 +18428,15 @@ CVE-2022-41966
CVE-2022-41965 (Opencast is a free, open-source platform to support the
management of ...)
NOT-FOR-US: Opencast
CVE-2022-41964 (BigBlueButton is an open source web conferencing system. This
vulnerab ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2022-41963 (BigBlueButton is an open source web conferencing system.
Versions prio ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2022-41962 (BigBlueButton is an open source web conferencing system.
Versions prio ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2022-41961 (BigBlueButton is an open source web conferencing system.
Versions prio ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2022-41960 (BigBlueButton is an open source web conferencing system.
Versions prio ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2022-41959
RESERVED
CVE-2022-41958 (super-xray is a web vulnerability scanning tool. Versions
prior to 0.7 ...)
@@ -19472,15 +19472,15 @@ CVE-2022-41565
CVE-2022-41564
RESERVED
CVE-2022-41563 (The Dashboard component of TIBCO Software Inc.'s TIBCO
JasperReports S ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2022-41562 (The HTML escaping component of TIBCO Software Inc.'s TIBCO
JasperRepor ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2022-41561 (The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO
JasperR ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2022-41560 (The Statement Set Upload via the Web Client component of TIBCO
Softwar ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2022-41559 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus
contain ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2022-41558 (The Visualizations component of TIBCO Software Inc.'s TIBCO
Spotfire A ...)
NOT-FOR-US: TIBCO
CVE-2022-41342
@@ -23351,7 +23351,7 @@ CVE-2022-40006
CVE-2022-40005
RESERVED
CVE-2022-40004 (Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1
allows ...)
- TODO: check
+ NOT-FOR-US: Things Board
CVE-2022-40003
RESERVED
CVE-2022-40002 (Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1
allows remo ...)
@@ -26635,7 +26635,7 @@ CVE-2022-38746
CVE-2022-38745
RESERVED
CVE-2022-2993 (There is an error in the condition of the last if-statement in
the fun ...)
- TODO: check
+ NOT-FOR-US: zephyr-rtos
CVE-2022-2992 (A vulnerability in GitLab CE/EE affecting all versions from
11.10 prio ...)
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
@@ -26951,7 +26951,7 @@ CVE-2022-38664 (Jenkins Job Configuration History
Plugin 1165.v8cc9fd1f4597 and
CVE-2022-38663 (Jenkins Git Plugin 4.11.4 and earlier does not properly mask
(i.e., re ...)
NOT-FOR-US: Jenkins Git Plugin
CVE-2022-38662 (In HCL Digital Experience, URLs can be constructed to redirect
users t ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-38661 (HCL Workload Automation could allow a local user to overwrite
key syst ...)
NOT-FOR-US: HCL
CVE-2022-38660 (HCL XPages applications are susceptible to a Cross Site
Request Forger ...)
@@ -26969,7 +26969,7 @@ CVE-2022-38655
CVE-2022-38654 (HCL Domino is susceptible to an information disclosure
vulnerability. ...)
NOT-FOR-US: HCL
CVE-2022-38653 (In HCL Digital Experience, customized XSS payload can be
constructed s ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-38652 (** UNSUPPORTED WHEN ASSIGNED ** A remote insecure
deserialization vuln ...)
NOT-FOR-US: VMware
CVE-2022-38651 (** UNSUPPORTED WHEN ASSIGNED ** A security filter
misconfiguration exi ...)
@@ -28712,7 +28712,7 @@ CVE-2022-2759 (Delta Electronics Delta Robot Automation
Studio (DRAS) versions p
CVE-2022-2758 (Passwords are not adequately encrypted during the communication
proces ...)
NOT-FOR-US: LS Industrial Systems (LSIS) Co. Ltd
CVE-2022-2757 (Due to the lack of adequately implemented access-control rules,
all ve ...)
- TODO: check
+ NOT-FOR-US: Kingspan TMS300 CS
CVE-2022-2756 (Server-Side Request Forgery (SSRF) in GitHub repository
kareadita/kavi ...)
NOT-FOR-US: Kareadita/Kavita
CVE-2022-2755
@@ -28766,7 +28766,7 @@ CVE-2022-38108 (SolarWinds Platform was susceptible to
the Deserialization of Un
CVE-2022-38107 (Sensitive information could be displayed when a detailed
technical err ...)
NOT-FOR-US: SolarWinds
CVE-2022-38106 (This vulnerability happens in the web client versions 15.3.0
to Serv-U ...)
- TODO: check
+ NOT-FOR-US: Serv-U
CVE-2022-38093 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
All in O ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38070 (Privilege Escalation (subscriber+) vulnerability in Pop-up
plugin < ...)
@@ -33621,7 +33621,7 @@ CVE-2022-36225 (EyouCMS V1.5.8-UTF8-SP1 is vulnerable
to Cross Site Request Forg
CVE-2022-36224 (XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery
(CSRF). ...)
NOT-FOR-US: XunRuiCMS
CVE-2022-36223 (In Emby Server 4.6.7.0, the playlist name field is vulnerable
to XSS s ...)
- TODO: check
+ NOT-FOR-US: Emby Server
CVE-2022-36222
RESERVED
CVE-2022-36221
@@ -34943,11 +34943,11 @@ CVE-2022-35698 (Adobe Commerce versions 2.4.4-p1 (and
earlier) and 2.4.5 (and ea
CVE-2022-35697 (Adobe Experience Manager Core Components version 2.20.6 (and
earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-35696 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35695
RESERVED
CVE-2022-35694 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35693
RESERVED
CVE-2022-35692 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and
earlier) ...)
@@ -42504,19 +42504,19 @@ CVE-2022-32950
CVE-2022-32949
RESERVED
CVE-2022-32948 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32947 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32946 (This issue was addressed with improved entitlements. This
issue is fix ...)
NOT-FOR-US: Apple
CVE-2022-32945 (An access issue was addressed with additional sandbox
restrictions on ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32944 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
CVE-2022-32943 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32942 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32941 (The issue was addressed with improved bounds checks. This
issue is fix ...)
NOT-FOR-US: Apple
CVE-2022-32940 (The issue was addressed with improved bounds checks. This
issue is fix ...)
@@ -42571,7 +42571,7 @@ CVE-2022-32918 (This issue was addressed with improved
data protection. This iss
CVE-2022-32917 (The issue was addressed with improved bounds checks. This
issue is fix ...)
NOT-FOR-US: Apple
CVE-2022-32916 (An out-of-bounds read issue existed that led to the disclosure
of kern ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32915 (A type confusion issue was addressed with improved checks.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-32914 (A use after free issue was addressed with improved memory
management. ...)
@@ -42698,7 +42698,7 @@ CVE-2022-32862 (This issue was addressed with improved
data protection. This iss
CVE-2022-32861 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-32860 (An out-of-bounds write was addressed with improved input
validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32859 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-32858 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -42752,7 +42752,7 @@ CVE-2022-32835 (This issue was addressed with improved
entitlements. This issue
CVE-2022-32834 (An access issue was addressed with improvements to the
sandbox. This i ...)
NOT-FOR-US: Apple
CVE-2022-32833 (An issue existed with the file paths used to store website
data. The i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32832 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32831 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
@@ -42879,7 +42879,7 @@ CVE-2022-32771 (A cross-site scripting (xss)
vulnerability exists in the footer
CVE-2022-32770 (A cross-site scripting (xss) vulnerability exists in the
footer alerts ...)
NOT-FOR-US: WWBN AVideo
CVE-2022-32763 (A cross-site scripting (xss) sanitization vulnerability bypass
exists ...)
- TODO: check
+ NOT-FOR-US: Lansweeper
CVE-2022-30690 (A cross-site scripting (xss) vulnerability exists in the
image403 func ...)
NOT-FOR-US: WWBN AVideo
CVE-2022-28712 (A cross-site scripting (xss) vulnerability exists in the
videoAddNew f ...)
@@ -42987,21 +42987,21 @@ CVE-2022-32739 (When Secure::DisableBanner system
configuration has been disable
NOT-FOR-US: OTRS
NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny
which forked from 6.x
CVE-2022-32573 (A directory traversal vulnerability exists in the
AssetActions.aspx ad ...)
- TODO: check
+ NOT-FOR-US: Lansweeper
CVE-2022-30605 (A privilege escalation vulnerability exists in the session id
function ...)
NOT-FOR-US: WWBN AVideo
CVE-2022-29886 (An integer overflow vulnerability exists in the way ESTsoft
Alyac 2.5. ...)
NOT-FOR-US: ESTsoft Alyac
CVE-2022-29517 (A directory traversal vulnerability exists in the
HelpdeskActions.aspx ...)
- TODO: check
+ NOT-FOR-US: Lansweeper
CVE-2022-29511 (A directory traversal vulnerability exists in the
KnowledgebasePageAct ...)
- TODO: check
+ NOT-FOR-US: Lansweeper
CVE-2022-29468 (A cross-site request forgery (CSRF) vulnerability exists in
WWBN AVide ...)
NOT-FOR-US: WWBN AVideo
CVE-2022-28703 (A stored cross-site scripting vulnerability exists in the
HdConfigActi ...)
- TODO: check
+ NOT-FOR-US: Lansweeper
CVE-2022-27498 (A directory traversal vulnerability exists in the
TicketTemplateAction ...)
- TODO: check
+ NOT-FOR-US: Lansweeper
CVE-2022-2039 (The Free Live Chat Support plugin for WordPress is vulnerable
to Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2038
@@ -46002,7 +46002,7 @@ CVE-2022-31709
CVE-2022-31708 (vRealize Operations (vROps) contains a broken access control
vulnerabi ...)
TODO: check
CVE-2022-31707 (vRealize Operations (vROps) contains a privilege escalation
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31706
RESERVED
CVE-2022-31705 (VMware ESXi, Workstation, and Fusion contain a heap
out-of-bounds writ ...)
@@ -71053,7 +71053,7 @@ CVE-2022-23513
CVE-2022-23512 (MeterSphere is a one-stop open source continuous testing
platform. Ver ...)
TODO: check
CVE-2022-23511 (A privilege escalation issue exists within the Amazon
CloudWatch Agent ...)
- TODO: check
+ NOT-FOR-US: Amazon CloudWatch Agent
CVE-2022-23510 (cube-js is a headless business intelligence platform. In
version 0.31. ...)
TODO: check
CVE-2022-23509
@@ -71067,23 +71067,23 @@ CVE-2022-23506
CVE-2022-23505 (Passport-wsfed-saml2 is a ws-federation protocol and SAML2
tokens auth ...)
TODO: check
CVE-2022-23504 (TYPO3 is an open source PHP based web content management
system. Versi ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2022-23503 (TYPO3 is an open source PHP based web content management
system. Versi ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2022-23502 (TYPO3 is an open source PHP based web content management
system. In ve ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2022-23501 (TYPO3 is an open source PHP based web content management
system. In ve ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2022-23500 (TYPO3 is an open source PHP based web content management
system. In ve ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2022-23499 (HTML sanitizer is written in PHP, aiming to provide XSS-safe
markup ba ...)
TODO: check
CVE-2022-23498
RESERVED
CVE-2022-23497 (FreshRSS is a free, self-hostable RSS aggregator. User
configuration f ...)
- TODO: check
+ NOT-FOR-US: FreshRSS
CVE-2022-23496 (Yet Another UserAgent Analyzer (Yauaa) is a java library that
tries to ...)
- TODO: check
+ NOT-FOR-US: Yet Another UserAgent Analyzer (Yauaa)
CVE-2022-23495 (go-merkledag implements the 'DAGService' interface and adds
two ipld n ...)
TODO: check
CVE-2022-23494 (tinymce is an open source rich text editor. A cross-site
scripting (XS ...)
@@ -71141,7 +71141,7 @@ CVE-2022-23476 (Nokogiri is an open source XML and HTML
library for the Ruby pro
NOTE:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
NOTE:
https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50
CVE-2022-23475 (daloRADIUS is an open source RADIUS web management
application. daloRa ...)
- TODO: check
+ NOT-FOR-US: daloRADIUS
CVE-2022-23474 (Editor.js is a block-style editor with clean JSON output.
Versions pri ...)
TODO: check
CVE-2022-23473 (Tuleap is an Open Source Suite to improve management of
software devel ...)
@@ -89323,79 +89323,79 @@ CVE-2021-3887
CVE-2022-20611 (In deletePackageVersionedInternal of DeletePackageHelper.java,
there i ...)
NOT-FOR-US: Android
CVE-2022-20610 (In cellular modem firmware, there is a possible out of bounds
read due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20609 (In Pixel cellular firmware, there is a possible out of bounds
read due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20608 (In Pixel cellular firmware, there is a possible out of bounds
read due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20607 (In the Pixel cellular firmware, there is a possible out of
bounds writ ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20606 (In SAEMM_MiningCodecTableWithMsgIE of
SAEMM_RadioMessageCodec.c, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20605 (In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a
possible o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20604 (In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20603 (In SetDecompContextDb of RohcDeCompContextOfRbId.cpp, there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20602 (Product: AndroidVersions: Android kernelAndroid ID:
A-211081867Referen ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20601 (Product: AndroidVersions: Android kernelAndroid ID:
A-204541506Referen ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20600 (In TBD of TBD, there is a possible out of bounds write due to
memory c ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20599 (In Pixel firmware, there is a possible exposure of sensitive
memory du ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20598 (In sec_media_protect of media.c, there is a possible EoP due
to an int ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20597 (In ppmpu_set of ppmpu.c, there is a possible EoP due to an
integer ove ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20596 (In sendChunk of WirelessCharger.cpp, there is a possible out
of bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20595 (In getWpcAuthChallengeResponse of WirelessCharger.cpp, there
is a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20594 (In updateStart of WirelessCharger.cpp, there is a possible out
of boun ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20593 (In pop_descriptor_string of BufferDescriptor.h, there is a
possible ou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20592 (In ppmp_validate_secbuf of drm_fw.c, there is a possible
information d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20591 (In ppmpu_set of ppmpu.c, there is a possible information
disclosure du ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20590 (In valid_va_sec_mfc_check of drm_access_control.c, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20589 (In valid_va_secbuf_check of drm_access_control.c, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20588 (In sysmmu_map of sysmmu.c, there is a possible EoP due to a
preconditi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20587 (In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due
to impro ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20586 (In valid_out_of_special_sec_dram_addr of drm_access_control.c,
there i ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20585 (In valid_out_of_special_sec_dram_addr of drm_access_control.c,
there i ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20584 (In page_number of shared_mem.c, there is a possible code
execution in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20583 (In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible
out of bo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20582 (In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible
out of bo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20581 (In the Pixel camera driver, there is a possible use after free
due to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20580 (In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20579 (In RadioImpl::setCdmaBroadcastConfig of
ril_service_legacy.cpp, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20578 (In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp,
there i ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20577 (In OemSimAuthRequest::encode of wlandata.cpp, there is a
possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20576 (In externalOnRequest of rilapplication.cpp, there is a
possible out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20575 (In read_ppmpu_info of drm_fw.c, there is a possible out of
bounds read ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20574 (In sec_sysmmu_info of drm_fw.c, there is a possible out of
bounds read ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20573
RESERVED
CVE-2022-20572 (In verity_target of dm-verity-target.c, there is a possible
way to mod ...)
@@ -89404,11 +89404,11 @@ CVE-2022-20572 (In verity_target of
dm-verity-target.c, there is a possible way
[buster] - linux 4.19.249-1
NOTE:
https://git.kernel.org/linus/4caae58406f8ceb741603eee460d79bacca9b1b5
CVE-2022-20571 (In extract_metadata of dm-android-verity.c, there is a
possible way to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20570 (Product: AndroidVersions: Android kernelAndroid ID:
A-230660904Referen ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20569 (In thermal_cooling_device_stats_update of thermal_sysfs.c,
there is a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20568 (In (TBD) of (TBD), there is a possible way to corrupt kernel
memory du ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.120-1
@@ -89424,129 +89424,129 @@ CVE-2022-20566 (In l2cap_chan_put of l2cap_core,
there is a possible use after f
CVE-2022-20565
RESERVED
CVE-2022-20564 (In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a
possible o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20563 (In TBD of ufdt_convert, there is a possible out of bounds read
due to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20562 (In various functions of ap_input_processor.c, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20561 (In TBD of aud_hal_tunnel.c, there is a possible memory
corruption due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20560 (Product: AndroidVersions: Android kernelAndroid ID:
A-212623833Referen ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20559 (In revokeOwnPermissionsOnKill of PermissionManager.java, there
is a po ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20558 (In registerReceivers of DeviceCapabilityListener.java, there
is a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20557 (In MessageQueueBase of MessageQueueBase.h, there is a possible
out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20556 (In launchConfigNewNetworkFragment of
NetworkProviderSettings.java, the ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20555 (In ufdt_get_node_by_path_len of ufdt_convert.c, there is a
possible ou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20554 (In removeEventHubDevice of InputDevice.cpp, there is a
possible OOB re ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20553 (In onCreate of LogAccessDialogActivity.java, there is a
possible way t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20552 (In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20551
RESERVED
CVE-2022-20550 (In Multiple Locations, there is a possibility to launch
arbitrary prot ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20549 (In authToken2AidlVec of KeyMintUtils.cpp, there is a possible
out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20548 (In setParameter of EqualizerEffect.cpp, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20547 (In multiple functions of AdapterService.java, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20546 (In getCurrentConfigImpl of Effect.cpp, there is a possible out
of boun ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20545 (In bindArtworkAndColors of MediaControlPanel.java, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20544 (In onOptionsItemSelected of ManageApplications.java, there is
a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20543 (In multiple locations, there is a possible display crash loop
due to i ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20542
RESERVED
CVE-2022-20541 (In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20540 (In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is
possible arb ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20539 (In parameterToHal of Effect.cpp, there is a possible out of
bounds wri ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20538 (In getSmsRoleHolder of RoleService.java, there is a possible
way to de ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20537 (In createDialog of WifiScanModeActivity.java, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20536 (In registerBroadcastReceiver of RcsService.java, there is a
possible w ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20535 (In registerLocalOnlyHotspotSoftApCallback of WifiManager.java,
there i ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20534
RESERVED
CVE-2022-20533 (In getSlice of WifiSlice.java, there is a possible way to
connect a ne ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20532
RESERVED
CVE-2022-20531 (In placeCall of TelecomManager.java, there is a possible way
to determ ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20530 (In strings.xml, there is a possible permission bypass due to a
mislead ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20529 (In multiple locations of WifiDialogActivity.java, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20528 (In findParam of HevcUtils.cpp there is a possible out of
bounds read d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20527 (In HalCoreCallback of halcore.cc, there is a possible out of
bounds re ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20526 (In CanvasContext::draw of CanvasContext.cpp, there is a
possible out o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20525 (In enforceVisualVoicemailPackage of
PhoneInterfaceManager.java, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20524 (In compose of Vibrator.cpp, there is a possible arbitrary code
executi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20523 (In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20522 (In getSlice of ProviderModelSlice.java, there is a missing
permission ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20521 (In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there
is a po ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20520 (In onCreate of various files, there is a possible
tapjacking/overlay a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20519 (In onCreate of AddAppNetworksActivity.java, there is a
possible way fo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20518 (In query of MmsSmsProvider.java, there is a possible access to
restric ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20517 (In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20516 (In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20515 (In onPreferenceClick of AccountTypePreferenceLoader.java,
there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20514 (In acquireFabricatedOverlayIterator,
nextFabricatedOverlayInfos, and r ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20513 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20512 (In navigateUpTo of Task.java, there is a possible way to
launch an int ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20511 (In getNearbyAppStreamingPolicy of
DevicePolicyManagerService.java, the ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20510 (In getNearbyNotificationStreamingPolicy of
DevicePolicyManagerService. ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20509 (In mapGrantorDescr of MessageQueueBase.h, there is a possible
out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20508 (In onAttach of ConfigureWifiSettings.java, there is a possible
way for ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20507 (In onMulticastListUpdateNotificationReceived of
UwbEventManager.java, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20506 (In onCreate of WifiDialogActivity.java, there is a missing
permission ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20505 (In openFile of CallLogProvider.java, there is a possible
permission by ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20504 (In multiple locations of DreamManagerService.java, there is a
missing ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20503 (In onCreate of WifiDppConfiguratorActivity.java, there is a
possible w ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20502 (In GetResolvedMethod of entrypoint_utils-inl.h, there is a
possible us ...)
NOT-FOR-US: Android
CVE-2022-20501 (In onCreate of EnableAccountPreferenceActivity.java, there is
a possib ...)
@@ -90177,7 +90177,7 @@ CVE-2022-20201 (In getAppSize of
InstalldNativeService.cpp, there is a possible
CVE-2022-20200 (In updateApState of SoftApManager.java, there is a possible
leak of ho ...)
NOT-FOR-US: Android
CVE-2022-20199 (In multiple locations of NfcService.java, there is a possible
disclosu ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20198 (In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a
possible out o ...)
NOT-FOR-US: Android
CVE-2022-20197 (In recycle of Parcel.java, there is a possible way to start
foreground ...)
@@ -108965,7 +108965,7 @@ CVE-2021-35254 (SolarWinds received a report of a
vulnerability related to an in
CVE-2021-35253
RESERVED
CVE-2021-35252 (Common encryption key appears to be used across all deployed
instances ...)
- TODO: check
+ NOT-FOR-US: Serv-U
CVE-2021-35251 (Sensitive information could be displayed when a detailed
technical err ...)
NOT-FOR-US: Solarwinds
CVE-2021-35250 (A researcher reported a Directory Transversal Vulnerability in
Serv-U ...)
@@ -175382,7 +175382,7 @@ CVE-2020-21221
CVE-2020-21220
RESERVED
CVE-2020-21219 (Cross Site Scripting (XSS) vulnerability in Netgate pf Sense
2.4.4-Rel ...)
- TODO: check
+ NOT-FOR-US: pfSense
CVE-2020-21218
RESERVED
CVE-2020-21217
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cff05cc3c20f94633a010fc72a13eef7814c2e41
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cff05cc3c20f94633a010fc72a13eef7814c2e41
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
