Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8d955929 by Salvatore Bonaccorso at 2023-03-09T15:44:53+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14203,13 +14203,13 @@ CVE-2023-22894
CVE-2023-22893
RESERVED
CVE-2023-22892 (There exists an information disclosure vulnerability in
SmartBear Zeph ...)
- TODO: check
+ NOT-FOR-US: SmartBear Zephyr Enterprise
CVE-2023-22891 (There exists a privilege escalation vulnerability in SmartBear
Zephyr ...)
- TODO: check
+ NOT-FOR-US: SmartBear Zephyr Enterprise
CVE-2023-22890 (SmartBear Zephyr Enterprise through 7.15.0 allows
unauthenticated user ...)
- TODO: check
+ NOT-FOR-US: SmartBear Zephyr Enterprise
CVE-2023-22889 (SmartBear Zephyr Enterprise through 7.15.0 mishandles
user-defined inp ...)
- TODO: check
+ NOT-FOR-US: SmartBear Zephyr Enterprise
CVE-2023-22888
RESERVED
CVE-2023-22887
@@ -21914,7 +21914,7 @@ CVE-2022-46754 (Wyse Management Suite 3.8 and below
contain an improper access c
CVE-2022-46753
RESERVED
CVE-2022-46752 (Dell BIOS contains an Improper Authorization vulnerability. An
unauthe ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-46751
RESERVED
CVE-2022-4340 (The BookingPress WordPress plugin before 1.0.31 suffers from an
Insecu ...)
@@ -22917,7 +22917,7 @@ CVE-2022-46396
CVE-2022-46395 (An issue was discovered in the Arm Mali GPU Kernel Driver. A
non-privi ...)
NOT-FOR-US: Arm Mali
CVE-2022-46394 (An issue was discovered in the Arm Mali GPU Kernel Driver. A
non-privi ...)
- TODO: check
+ NOT-FOR-US: Arm Mali
CVE-2022-46393 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x
before 3.3.0 ...)
- mbedtls 2.28.2-1
[bullseye] - mbedtls <not-affected> (The vulnerable code was introduced
later)
@@ -49234,7 +49234,7 @@ CVE-2022-37941
CVE-2022-37940
RESERVED
CVE-2022-37939 (A potential security vulnerability has been identified in HPE
Superdom ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-37938 (Unauthenticated server side request forgery in HPE
Serviceguard Manage ...)
NOT-FOR-US: HPE
CVE-2022-37937 (Pre-auth memory corruption in HPE Serviceguard ...)
@@ -83846,7 +83846,7 @@ CVE-2022-25711 (Memory corruption in camera due to
improper validation of array
CVE-2022-25710 (Denial of service due to null pointer dereference when GATT is
disconn ...)
NOT-FOR-US: Snapdragon
CVE-2022-25709 (Memory corruption in modem due to use of out of range pointer
offset w ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25708 (Memory corruption in WLAN due to buffer copy without checking
size of ...)
NOT-FOR-US: Qualcomm
CVE-2022-25707
@@ -83854,7 +83854,7 @@ CVE-2022-25707
CVE-2022-25706 (Information disclosure in Bluetooth driver due to buffer
over-read whi ...)
NOT-FOR-US: Qualcomm
CVE-2022-25705 (Memory corruption in modem due to integer overflow to buffer
overflow ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25704
RESERVED
CVE-2022-25703
@@ -83876,7 +83876,7 @@ CVE-2022-25696 (Memory corruption in display due to
time-of-check time-of-use ra
CVE-2022-25695 (Memory corruption in MODEM due to Improper Validation of Array
Index w ...)
NOT-FOR-US: Snapdragon
CVE-2022-25694 (Memory corruption in Modem due to usage of Out-of-range
pointer offset ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25693 (Memory corruption in graphics due to use-after-free while
graphics pro ...)
NOT-FOR-US: Qualcomm
CVE-2022-25692 (Denial of service in Modem due to reachable assertion while
processing ...)
@@ -83954,7 +83954,7 @@ CVE-2022-25657 (Memory corruption due to buffer
overflow occurs while processing
CVE-2022-25656 (Possible integer overflow and memory corruption due to
improper valida ...)
NOT-FOR-US: Qualcomm
CVE-2022-25655 (Memory corruption in WLAN HAL while arbitrary value is passed
in WMI U ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25654 (Memory corruption in kernel due to improper input validation
while pro ...)
NOT-FOR-US: Qualcomm
CVE-2022-25653 (Information disclosure in video due to buffer over-read while
processi ...)
@@ -95664,7 +95664,7 @@ CVE-2022-22299 (A format string vulnerability [CWE-134]
in the command line inte
CVE-2022-22298
RESERVED
CVE-2022-22297 (An incomplete filtering of one or more instances of special
elements v ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System
1.0 is vul ...)
NOT-FOR-US: Sourcecodester
CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection
vulnerability ...)
@@ -97680,11 +97680,11 @@ CVE-2021-45480 (An issue was discovered in the Linux
kernel before 5.15.11. Ther
CVE-2021-4167
RESERVED
CVE-2021-45479 (Improper Neutralization of Input During Web Page Generation
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Yordam Information Technologies Library Automation System
CVE-2021-45478 (Improper Handling of Parameters vulnerability in Bordam
Information Te ...)
- TODO: check
+ NOT-FOR-US: Bordam Information Technologies Library Automation System
CVE-2021-45477 (Improper Handling of Parameters vulnerability in Bordam
Information Te ...)
- TODO: check
+ NOT-FOR-US: Bordam Information Technologies Library Automation System
CVE-2021-45476 (Yordam Library Information Document Automation product before
version ...)
NOT-FOR-US: Yordam Library Information Document Automation
CVE-2021-45475 (Yordam Library Information Document Automation product before
version ...)
@@ -98161,7 +98161,7 @@ CVE-2022-22077 (Memory corruption in graphics due to
use-after-free in graphics
CVE-2022-22076
RESERVED
CVE-2022-22075 (Information Disclosure in Graphics during GPU context switch.
...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22074 (Memory Corruption during wma file playback due to integer
overflow in ...)
NOT-FOR-US: Qualcomm
CVE-2022-22073
@@ -102656,9 +102656,9 @@ CVE-2021-44199 (DLL hijacking could lead to denial of
service. The following pro
CVE-2021-44198 (DLL hijacking could lead to local privilege escalation. The
following ...)
NOT-FOR-US: Acronis
CVE-2021-44197 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: UBIT Information Technologies Student Information
Management System
CVE-2021-44196 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: UBIT Information Technologies Student Information
Management System
CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an
improper ...)
NOT-FOR-US: Rapid7 Insight Agent
CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
...)
@@ -106979,7 +106979,7 @@ CVE-2022-20954 (Multiple vulnerabilities in Cisco
TelePresence Collaboration End
CVE-2022-20953 (Multiple vulnerabilities in Cisco TelePresence Collaboration
Endpoint ...)
NOT-FOR-US: Cisco
CVE-2022-20952 (A vulnerability in the scanning engines of Cisco AsyncOS
Software for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20951 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
NOT-FOR-US: Cisco
CVE-2022-20950 (A vulnerability in the interaction of SIP and Snort 3 for
Cisco Firepo ...)
@@ -112242,7 +112242,7 @@ CVE-2021-3856 (ClassLoaderTheme and
ClasspathThemeResourceProviderFactory allows
CVE-2021-3855 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
NOT-FOR-US: Liman MYS
CVE-2021-3854 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Glox Technology Useroam Hotspot
CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in
nix::unistd::getgrouplist]
- rust-nix 0.19.0-2 (bug #995562)
[bullseye] - rust-nix <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d95592955e285e8c0ccde22dd2469fa854f6ddc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d95592955e285e8c0ccde22dd2469fa854f6ddc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
