[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 10 Apr 2023 12:33:51 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e0ce7815 by Salvatore Bonaccorso at 2023-04-10T21:33:12+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21387,7 +21387,7 @@ CVE-2023-0198 (NVIDIA GPU Display Driver for Linux 
contains a vulnerability in t
        [bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
        NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
 CVE-2023-0197 (NVIDIA vGPU software contains a vulnerability in the Virtual 
GPU Manag ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA vGPU software
 CVE-2023-0196 (NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a 
local use ...)
        - nvidia-cuda-toolkit <unfixed> (bug #1032668)
        [bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
@@ -59517,9 +59517,9 @@ CVE-2022-2571 (Heap-based Buffer Overflow in GitHub 
repository vim/vim prior to
 CVE-2022-2570
        RESERVED
 CVE-2022-37013 (This vulnerability allows remote attackers to create a 
denial-of-servi ...)
-       TODO: check
+       NOT-FOR-US: Unified Automation
 CVE-2022-37012 (This vulnerability allows remote attackers to create a 
denial-of-servi ...)
-       TODO: check
+       NOT-FOR-US: Unified Automation
 CVE-2022-37011 (A vulnerability has been identified in Mendix SAML (Mendix 7 
compatibl ...)
        NOT-FOR-US: Siemens
 CVE-2022-37010 (In JetBrains IntelliJ IDEA before 2022.2 email address 
validation in t ...)
@@ -73221,11 +73221,11 @@ CVE-2022-31892
 CVE-2022-31891
        RESERVED
 CVE-2022-31890 (SQL Injection vulnerability in audit/class.audit.php in 
osTicket osTic ...)
-       TODO: check
+       NOT-FOR-US: osTicket
 CVE-2022-31889 (Cross Site Scripting (XSS) vulnerability in 
audit/templates/auditlogs. ...)
-       TODO: check
+       NOT-FOR-US: osTicket
 CVE-2022-31888 (Session Fixation vulnerability in in function login in 
class.auth.php  ...)
-       TODO: check
+       NOT-FOR-US: osTicket
 CVE-2022-31887 (Marval MSM v14.19.0.12476 has a 0-Click Account Takeover 
vulnerability ...)
        NOT-FOR-US: Marval MSM
 CVE-2022-31886 (Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request 
Forgery  ...)
@@ -86014,7 +86014,7 @@ CVE-2022-27666 (A heap buffer overflow flaw was found 
in IPsec ESP transformatio
        [stretch] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8)
 CVE-2022-27665 (Reflected XSS (via AngularJS sandbox escape expressions) 
exists in Pro ...)
-       TODO: check
+       NOT-FOR-US: Progress Ipswitch WS_FTP Server
 CVE-2022-27664 (In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, 
attackers ca ...)
        - golang-1.19 1.19.1-1
        - golang-1.18 1.18.6-1
@@ -91516,11 +91516,11 @@ CVE-2022-25749 (Transient Denial-of-Service in WLAN 
due to buffer over-read whil
 CVE-2022-25748 (Memory corruption in WLAN due to integer overflow to buffer 
overflow w ...)
        NOT-FOR-US: Qualcomm
 CVE-2022-25747 (Information disclosure in modem due to improper input 
validation durin ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2022-25746 (Memory corruption in kernel due to missing checks when 
updating the ac ...)
        NOT-FOR-US: Qualcomm
 CVE-2022-25745 (Memory corruption in modem due to improper input validation 
while hand ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2022-25744
        RESERVED
 CVE-2022-25743 (Memory corruption in graphics due to use-after-free while 
importing gr ...)
@@ -91530,13 +91530,13 @@ CVE-2022-25742 (Denial of service in modem due to 
infinite loop while parsing IG
 CVE-2022-25741 (Denial of service in WLAN due to potential null pointer 
dereference wh ...)
        NOT-FOR-US: Snapdragon
 CVE-2022-25740 (Memory corruption in modem due to buffer overwrite while 
building an I ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2022-25739 (Denial of service in modem due to missing null check while 
processing  ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2022-25738 (Information disclosure in modem due to buffer over-red while 
performin ...)
        NOT-FOR-US: Qualcomm
 CVE-2022-25737 (Information disclosure in modem due to missing NULL check 
while readin ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2022-25736 (Denial of service in WLAN due to out-of-bound read happens 
while proce ...)
        NOT-FOR-US: Qualcomm
 CVE-2022-25735 (Denial of service in modem due to missing null check while 
processing  ...)
@@ -91548,9 +91548,9 @@ CVE-2022-25733 (Denial of service in modem due to null 
pointer dereference while
 CVE-2022-25732 (Information disclosure in modem due to buffer over read in dns 
client  ...)
        NOT-FOR-US: Qualcomm
 CVE-2022-25731 (Information disclosure in modem due to buffer over-read while 
processi ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2022-25730 (Information disclosure in modem due to improper check of IP 
type while ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2022-25729 (Memory corruption in modem due to improper length check while 
copying  ...)
        NOT-FOR-US: Qualcomm
 CVE-2022-25728 (Information disclosure in modem due to buffer over-read while 
processi ...)
@@ -91558,7 +91558,7 @@ CVE-2022-25728 (Information disclosure in modem due to 
buffer over-read while pr
 CVE-2022-25727 (Memory Corruption in modem due to improper length check while 
copying  ...)
        NOT-FOR-US: Snapdragon
 CVE-2022-25726 (Information disclosure in modem data due to array out of bound 
access  ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2022-25725 (Denial of service in MODEM due to improper pointer handling 
...)
        NOT-FOR-US: Qualcomm
 CVE-2022-25724 (Memory corruption in graphics due to buffer overflow while 
validating  ...)
@@ -91654,7 +91654,7 @@ CVE-2022-25680 (Memory corruption in multimedia due to 
buffer overflow while pro
 CVE-2022-25679 (Denial of service in video due to improper access control in 
broadcast ...)
        NOT-FOR-US: Snapdragon
 CVE-2022-25678 (Memory correction in modem due to buffer overwrite during coap 
connect ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2022-25677 (Memory corruption in diag due to use after free while 
processing dci p ...)
        NOT-FOR-US: Qualcomm
 CVE-2022-25676 (Information disclosure in video due to buffer over-read while 
parsing  ...)
@@ -98974,7 +98974,7 @@ CVE-2022-23524 (Helm is a tool for managing Charts, 
pre-configured Kubernetes re
 CVE-2022-23523 (In versions prior to 0.8.1, the linux-loader crate uses the 
offsets an ...)
        NOT-FOR-US: Rust crate linux-loader
 CVE-2022-23522 (MindsDB is an open source machine learning platform. An unsafe 
extract ...)
-       TODO: check
+       NOT-FOR-US: mindsdb
 CVE-2022-23521 (Git is distributed revision control system. gitattributes are 
a mechan ...)
        {DSA-5332-1 DLA-3282-1}
        - git 1:2.39.1-0.1 (bug #1029114)
@@ -102987,7 +102987,7 @@ CVE-2022-22514 (An authenticated, remote attacker can 
gain access to a dereferen
 CVE-2022-22513 (An authenticated remote attacker can cause a null pointer 
dereference  ...)
        NOT-FOR-US: CODESYS
 CVE-2022-22512 (Hard-coded credentials in Web-UI of multiple VARTA Storage 
products in ...)
-       TODO: check
+       NOT-FOR-US: VARTA Storage products
 CVE-2022-22511 (Various configuration pages of the device are vulnerable to 
reflected  ...)
        NOT-FOR-US: VDE
 CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer 
derefere ...)
@@ -117459,7 +117459,7 @@ CVE-2022-20544 (In onOptionsItemSelected of 
ManageApplications.java, there is a
 CVE-2022-20543 (In multiple locations, there is a possible display crash loop 
due to i ...)
        NOT-FOR-US: Android
 CVE-2022-20542 (In parseParamsBlob of types.cpp, there is a possible out of 
bounds wri ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20541 (In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible 
out of bou ...)
        NOT-FOR-US: Android
 CVE-2022-20540 (In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is 
possible arb ...)
@@ -117479,7 +117479,7 @@ CVE-2022-20534
 CVE-2022-20533 (In getSlice of WifiSlice.java, there is a possible way to 
connect a ne ...)
        NOT-FOR-US: Android
 CVE-2022-20532 (In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a 
possible  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20531
        REJECTED
 CVE-2022-20530 (In strings.xml, there is a possible permission bypass due to a 
mislead ...)
@@ -120351,7 +120351,7 @@ CVE-2021-41831 (It is possible for an attacker to 
manipulate the timestamp of si
 CVE-2021-41830 (It is possible for an attacker to manipulate signed documents 
and macr ...)
        NOT-FOR-US: Apache OpenOffice
 CVE-2021-3844 (Rapid7 InsightVM suffers from insufficient session expiration 
when an  ...)
-       TODO: check
+       NOT-FOR-US: Rapid7 InsightVM
 CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM 
in some ...)
        NOT-FOR-US: Lenovo
 CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0ce7815432bdc040b15fc68fbee4f454d543fea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0ce7815432bdc040b15fc68fbee4f454d543fea
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to