Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6301c153 by Salvatore Bonaccorso at 2023-06-10T19:31:18+02:00
Process some of the older NFUs pending review
... wile waiting to activate again cron for after the bookworm release.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30694,7 +30694,7 @@ CVE-2022-48183
CVE-2022-48182
RESERVED
CVE-2022-48181 (An ErrorMessage driver stack-based buffer overflow
vulnerability in BI ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-48180
RESERVED
CVE-2022-48179
@@ -37998,9 +37998,9 @@ CVE-2022-4246 (A vulnerability classified as
problematic has been found in Kakao
CVE-2022-46366 (Apache Tapestry 3.x allows deserialization of untrusted data,
leading ...)
NOT-FOR-US: Apache Tapestry
CVE-2022-46361 (An attacker having physical access to WDM can plug USB device
to gain ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2022-43485 (Use of Insufficiently Random Values in Honeywell OneWireless.
This vul ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2022-4245
RESERVED
CVE-2022-4244
@@ -38012,7 +38012,7 @@ CVE-2022-4242 (The WP Google Review Slider WordPress
plugin before 11.6 does not
CVE-2022-4241
RESERVED
CVE-2022-4240 (Missing Authentication for Critical Function vulnerability in
Honeywel ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2022-46359 (Potential vulnerabilities have been identified in HP Security
Manager ...)
NOT-FOR-US: HP
CVE-2022-46358 (Potential vulnerabilities have been identified in HP Security
Manager ...)
@@ -38226,9 +38226,9 @@ CVE-2022-46338 (g810-led 0.4.2, a LED configuration
tool for Logitech Gx10 keybo
CVE-2022-46309 (Vitals ESP upload function has a path traversal vulnerability.
A remot ...)
NOT-FOR-US: Vitals ESP
CVE-2022-46308 (SGUDA U-Lock central lock control service\u2019s user
management funct ...)
- TODO: check
+ NOT-FOR-US: SGUDA U-Lock central lock control service
CVE-2022-46307 (SGUDA U-Lock central lock control service\u2019s lock
management funct ...)
- TODO: check
+ NOT-FOR-US: SGUDA U-Lock central lock control service
CVE-2022-46306 (ChangingTec ServiSign component has a path traversal
vulnerability due ...)
NOT-FOR-US: ChangingTec ServiSign
CVE-2022-46305 (ChangingTec ServiSign component has a path traversal
vulnerability. An ...)
@@ -39426,7 +39426,7 @@ CVE-2022-45855
CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX
firmware ve ...)
NOT-FOR-US: Zyxel
CVE-2022-45853 (The privilege escalation vulnerability in the Zyxel GS1900-8
firmware ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-45852
RESERVED
CVE-2022-45851
@@ -40650,11 +40650,11 @@ CVE-2023-21518
CVE-2023-21517
RESERVED
CVE-2023-21516 (XSS vulnerability from InstantPlay in Galaxy Store prior to
version 4. ...)
- TODO: check
+ NOT-FOR-US: InstantPlay in Galaxy Store
CVE-2023-21515 (InstantPlay which included vulnerable script which could
execute javas ...)
- TODO: check
+ NOT-FOR-US: InstantPlay
CVE-2023-21514 (Improper scheme validation from InstantPlay Deeplink in Galaxy
Store p ...)
- TODO: check
+ NOT-FOR-US: InstantPlay
CVE-2023-21513
RESERVED
CVE-2023-21512
@@ -41031,7 +41031,7 @@ CVE-2022-45374
CVE-2022-45373
RESERVED
CVE-2022-45372 (Cross-Site Request Forgery (CSRF) vulnerability in Codeixer
Product Ga ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet
ShopEngine pl ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45370
@@ -44220,11 +44220,11 @@ CVE-2023-20891
CVE-2023-20890
RESERVED
CVE-2023-20889 (Aria Operations for Networks contains an information
disclosure vulner ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-20888 (Aria Operations for Networks contains an authenticated
deserialization ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-20887 (Aria Operations for Networks contains a command injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-20886
RESERVED
CVE-2023-20885
@@ -44234,9 +44234,9 @@ CVE-2023-20884 (VMware Workspace ONE Access and VMware
Identity Manager contain
CVE-2023-20883 (In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 -
2.6.14, ...)
NOT-FOR-US: Spring Boot
CVE-2023-20882 (In Cloud foundry routing release versions from 0.262.0 and
prior to 0. ...)
- TODO: check
+ NOT-FOR-US: Cloud foundry
CVE-2023-20881 (Cloud foundry instances having CAPI version between 1.140 and
1.152.0 ...)
- TODO: check
+ NOT-FOR-US: Cloud foundry
CVE-2023-20880 (VMware Aria Operations contains a privilege escalation
vulnerability. ...)
NOT-FOR-US: VMware
CVE-2023-20879 (VMware Aria Operations contains a Local privilege escalation
vulnerabi ...)
@@ -45964,65 +45964,65 @@ CVE-2023-20754
CVE-2023-20753
RESERVED
CVE-2023-20752 (In keymange, there is a possible out of bounds write due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20751 (In keymange, there is a possible out of bounds write due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20750 (In swpm, there is a possible out of bounds write due to a race
conditi ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20749 (In swpm, there is a possible out of bounds write due to a
missing boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20748
RESERVED
CVE-2023-20747 (In vcu, there is a possible memory corruption due to type
confusion. T ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20746 (In vcu, there is a possible out of bounds write due to
improper lockin ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20745 (In vcu, there is a possible out of bounds write due to
improper lockin ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20744 (In vcu, there is a possible use after free due to a logic
error. This ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20743 (In vcu, there is a possible out of bounds write due to
improper lockin ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20742 (In ril, there is a possible out of bounds read due to a
missing bounds ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20741 (In ril, there is a possible out of bounds read due to a
missing bounds ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20740 (In vcu, there is a possible memory corruption due to a logic
error. Th ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20739 (In vcu, there is a possible memory corruption due to a logic
error. Th ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20738 (In vcu, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20737 (In vcu, there is a possible use after free due to improper
locking. Th ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20736 (In vcu, there is a possible out of bounds write due to a race
conditio ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20735 (In vcu, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20734 (In vcu, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20733 (In vcu, there is a possible use after free due to improper
locking. Th ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20732 (In wlan, there is a possible out of bounds read due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20731 (In wlan, there is a possible out of bounds read due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20730 (In wlan, there is a possible out of bounds read due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20729 (In wlan, there is a possible out of bounds read due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20728 (In wlan, there is a possible out of bounds read due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20727 (In wlan, there is a possible out of bounds read due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20726 (In mnld, there is a possible leak of GPS location due to a
missing per ...)
NOT-FOR-US: Mediatek
CVE-2023-20725 (In preloader, there is a possible out of bounds write due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20724 (In Bluetooth, there is a possible out of bounds read due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20723 (In Bluetooth, there is a possible out of bounds read due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20722 (In m4u, there is a possible out of bounds write due to
improper input ...)
NOT-FOR-US: Mediatek
CVE-2023-20721 (In isp, there is a possible out of bounds write due to
improper input ...)
@@ -46036,15 +46036,15 @@ CVE-2023-20718 (In vcu, there is a possible out of
bounds write due to a missing
CVE-2023-20717 (In vcu, there is a possible leak of dma buffer due to a race
condition ...)
NOT-FOR-US: Mediatek
CVE-2023-20716 (In wlan, there is a possible out of bounds write due to a
missing boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20715 (In wlan, there is a possible out of bounds write due to a
missing boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20714
RESERVED
CVE-2023-20713
RESERVED
CVE-2023-20712 (In wlan, there is a possible out of bounds write due to a
missing boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20711 (In keyinstall, there is a possible out of bounds read due to a
missing ...)
NOT-FOR-US: Mediatek
CVE-2023-20710 (In keyinstall, there is a possible out of bounds read due to a
missing ...)
@@ -48062,7 +48062,7 @@ CVE-2022-3689 (The HTML Forms WordPress plugin before
1.3.25 does not properly p
CVE-2022-3688 (The WPQA Builder WordPress plugin before 5.9 does not have CSRF
check ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43760 (An Improper Neutralization of Input During Web Page Generation
('Cross ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-43759 (A Improper Privilege Management vulnerability in SUSE Rancher,
allows ...)
NOT-FOR-US: Rancher
CVE-2022-43758 (A Improper Neutralization of Special Elements used in an OS
Command (' ...)
@@ -57053,17 +57053,17 @@ CVE-2022-40540 (Memory corruption due to buffer copy
without checking the size o
CVE-2022-40539 (Memory corruption in Automotive Android OS due to improper
validation ...)
NOT-FOR-US: Qualcomm
CVE-2022-40538 (Transient DOS due to reachable assertion in modem while
processing sib ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40537 (Memory corruption in Bluetooth HOST while processing the
AVRC_PDU_GET_ ...)
NOT-FOR-US: Qualcomm
CVE-2022-40536 (Transient DOS due to improper authentication in modem while
receiving ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40535 (Transient DOS due to buffer over-read in WLAN while sending a
packet t ...)
NOT-FOR-US: Qualcomm
CVE-2022-40534
RESERVED
CVE-2022-40533 (Transient DOS due to untrusted Pointer Dereference in core
while sendi ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40532 (Memory corruption due to integer overflow or wraparound in
WLAN while ...)
NOT-FOR-US: Qualcomm
CVE-2022-40531 (Memory corruption in WLAN due to incorrect type cast while
sending WMI ...)
@@ -57071,7 +57071,7 @@ CVE-2022-40531 (Memory corruption in WLAN due to
incorrect type cast while sendi
CVE-2022-40530 (Memory corruption in WLAN due to integer overflow to buffer
overflow i ...)
NOT-FOR-US: Qualcomm
CVE-2022-40529 (Memory corruption due to improper access control in kernel
while proce ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40528
RESERVED
CVE-2022-40527 (Transient DOS due to reachable assertion in WLAN while
processing PEER ...)
@@ -57079,15 +57079,15 @@ CVE-2022-40527 (Transient DOS due to reachable
assertion in WLAN while processin
CVE-2022-40526
RESERVED
CVE-2022-40525 (Information disclosure in Linux Networking Firmware due to
unauthorize ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40524
RESERVED
CVE-2022-40523 (Information disclosure in Kernel due to indirect branch
misprediction.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40522 (Memory corruption in Linux Networking due to double free while
handlin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40521 (Transient DOS due to improper authorization in Modem)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40520 (Memory corruption due to stack-based buffer overflow in Core)
NOT-FOR-US: Qualcomm
CVE-2022-40519 (Information disclosure due to buffer overread in Core)
@@ -57115,7 +57115,7 @@ CVE-2022-40509
CVE-2022-40508 (Transient DOS due to reachable assertion in Modem while
processing con ...)
NOT-FOR-US: Qualcomm
CVE-2022-40507 (Memory corruption due to double free in Core while mapping
HLOS addres ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40506
RESERVED
CVE-2022-40505 (Information disclosure due to buffer over-read in Modem while
parsing ...)
@@ -60683,15 +60683,15 @@ CVE-2022-39077
CVE-2022-39076
RESERVED
CVE-2022-39075 (There is an unauthorized access vulnerability in some ZTE
mobile phone ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2022-39074 (There is an unauthorized access vulnerability in some ZTE
mobile phone ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2022-39073 (There is a command injection vulnerability in ZTE MF286R, Due
to insuf ...)
NOT-FOR-US: ZTE
CVE-2022-39072 (There is a SQL injection vulnerability in Some ZTE Mobile
Internet pro ...)
NOT-FOR-US: ZTE
CVE-2022-39071 (There is an unauthorized access vulnerability in some ZTE
mobile phone ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2022-39070 (There is an access control vulnerability in some ZTE PON OLT
products. ...)
NOT-FOR-US: ZTE
CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to
lack of ...)
@@ -63905,7 +63905,7 @@ CVE-2022-36352
CVE-2022-36347 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36345 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss
Download ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-35726 (Broken Authentication vulnerability in yotuwp Video Gallery
plugin <= ...)
NOT-FOR-US: WordPress plugin
CVE-2022-35725 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
@@ -68683,21 +68683,21 @@ CVE-2022-36252
CVE-2022-36251 (Clinic's Patient Management System v1.0 is vulnerable to Cross
Site Sc ...)
NOT-FOR-US: Clinic's Patient Management System
CVE-2022-36250 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up
to 3.2. ...)
- TODO: check
+ NOT-FOR-US: Shop Beat Solutions
CVE-2022-36249 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up
to 3.2. ...)
- TODO: check
+ NOT-FOR-US: Shop Beat Solutions
CVE-2022-36248
RESERVED
CVE-2022-36247 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up
to 3.2. ...)
- TODO: check
+ NOT-FOR-US: Shop Beat Solutions
CVE-2022-36246 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up
to 3.2. ...)
- TODO: check
+ NOT-FOR-US: Shop Beat Solutions
CVE-2022-36245
RESERVED
CVE-2022-36244 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up
to 3.2. ...)
- TODO: check
+ NOT-FOR-US: Shop Beat Solutions
CVE-2022-36243 (Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up
to 3.2. ...)
- TODO: check
+ NOT-FOR-US: Shop Beat Solutions
CVE-2022-36242 (Clinic's Patient Management System v1.0 is vulnerable to SQL
Injection ...)
NOT-FOR-US: Clinic's Patient Management System
CVE-2022-36241
@@ -69924,41 +69924,41 @@ CVE-2022-35761 (Windows Kernel Elevation of Privilege
Vulnerability)
CVE-2022-35760 (Microsoft ATA Port Driver Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-35759 (Windows Local Security Authority (LSA) Denial of Service
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35758 (Windows Kernel Memory Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35757 (Windows Cloud Files Mini Filter Driver Elevation of Privilege
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35756 (Windows Kerberos Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35755 (Windows Print Spooler Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35754 (Unified Write Filter Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35753 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35752 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35751 (Windows Hyper-V Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35750 (Win32k Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35749 (Windows Digital Media Receiver Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35748 (HTTP.sys Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35747 (Windows Point-to-Point Protocol (PPP) Denial of Service
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35746 (Windows Digital Media Receiver Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35745 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code
Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35744 (Windows Point-to-Point Protocol (PPP) Remote Code Execution
Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35743 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code
Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35742 (Microsoft Outlook Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-2402 (The vulnerability in the driver dlpfde.sys enables a user
logged into ...)
NOT-FOR-US: ESET
CVE-2022-2401 (Unrestricted information disclosure of all users in Mattermost
version ...)
@@ -72485,7 +72485,7 @@ CVE-2022-34149 (Authentication Bypass vulnerability in
miniOrange WP OAuth Serve
CVE-2022-34148 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33974 (Cross-Site Request Forgery (CSRF) vulnerability in Smash
Balloon Custo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-33965 (Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities
in Osama ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33961 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Wasp ...)
@@ -76758,7 +76758,7 @@ CVE-2022-33309 (Transient DOS due to buffer over-read
in WLAN Firmware while par
CVE-2022-33308
RESERVED
CVE-2022-33307 (Memory Corruption due to double free in automotive when a bad
HLOS add ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33306 (Transient DOS due to buffer over-read in WLAN while processing
an inco ...)
NOT-FOR-US: Qualcomm
CVE-2022-33305 (Transient DOS due to NULL pointer dereference in Modem while
sending i ...)
@@ -76766,7 +76766,7 @@ CVE-2022-33305 (Transient DOS due to NULL pointer
dereference in Modem while sen
CVE-2022-33304 (Transient DOS due to NULL pointer dereference in Modem while
performin ...)
NOT-FOR-US: Qualcomm
CVE-2022-33303 (Transient DOS due to uncontrolled resource consumption in
Linux kernel ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33302 (Memory corruption due to improper validation of array index in
User Id ...)
NOT-FOR-US: Qualcomm
CVE-2022-33301 (Memory corruption due to incorrect type conversion or cast in
audio wh ...)
@@ -76838,15 +76838,15 @@ CVE-2022-33269 (Memory corruption due to integer
overflow or wraparound in Core
CVE-2022-33268 (Information disclosure due to buffer over-read in Bluetooth
HOST while ...)
NOT-FOR-US: Qualcomm
CVE-2022-33267 (Memory corruption in Linux while sending DRM request.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33266 (Memory corruption in Audio due to integer overflow to buffer
overflow ...)
NOT-FOR-US: Qualcomm
CVE-2022-33265 (Memory corruption due to information exposure in Powerline
Communicati ...)
NOT-FOR-US: Qualcomm
CVE-2022-33264 (Memory corruption in modem due to stack based buffer overflow
while pa ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33263 (Memory corruption due to use after free in Core when multiple
DCI clie ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33262
RESERVED
CVE-2022-33261
@@ -76870,7 +76870,7 @@ CVE-2022-33253 (Transient DOS due to buffer over-read
in WLAN while parsing corr
CVE-2022-33252 (Information disclosure due to buffer over-read in WLAN while
handling ...)
NOT-FOR-US: Qualcomm
CVE-2022-33251 (Transient DOS due to reachable assertion in Modem because of
invalid n ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33250 (Transient DOS due to reachable assertion in modem when network
repeate ...)
NOT-FOR-US: Qualcomm
CVE-2022-33249
@@ -76892,7 +76892,7 @@ CVE-2022-33242 (Memory corruption due to improper
authentication in Qualcomm IPC
CVE-2022-33241
RESERVED
CVE-2022-33240 (Memory corruption in Audio due to incorrect type cast during
audio use ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33239 (Transient DOS due to loop with unreachable exit condition in
WLAN firm ...)
NOT-FOR-US: Snapdragon
CVE-2022-33238 (Transient DOS due to loop with unreachable exit condition in
WLAN whil ...)
@@ -76912,19 +76912,19 @@ CVE-2022-33232 (Memory corruption due to buffer copy
without checking size of in
CVE-2022-33231 (Memory corruption due to double free in core while
initializing the en ...)
NOT-FOR-US: Qualcomm
CVE-2022-33230 (Memory corruption in FM Host due to buffer copy without
checking the s ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33229 (Information disclosure due to buffer over-read in Modem while
using st ...)
NOT-FOR-US: Qualcomm
CVE-2022-33228 (Information disclosure sue to buffer over-read in modem while
processi ...)
NOT-FOR-US: Qualcomm
CVE-2022-33227 (Memory corruption in Linux android due to double free while
calling un ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33226 (Memory corruption due to buffer copy without checking the size
of inpu ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33225 (Memory corruption due to use after free in trusted application
environ ...)
NOT-FOR-US: Qualcomm
CVE-2022-33224 (Memory corruption in core due to buffer copy without check9ing
the siz ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33223 (Transient DOS in Modem due to null pointer dereference while
processin ...)
NOT-FOR-US: Qualcomm
CVE-2022-33222 (Information disclosure due to buffer over-read while parsing
DNS respo ...)
@@ -81190,7 +81190,7 @@ CVE-2022-31695
CVE-2022-31694 (InstallBuilder Qt installers built with versions previous to
22.10 try ...)
NOT-FOR-US: InstallBuilder Qt installers
CVE-2022-31693 (VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and
10.x.y) c ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31692 (Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to
5.6.9 co ...)
- libspring-security-2.0-java <removed>
CVE-2022-31691 (Spring Tools 4 for Eclipse version 4.16.0 and below as well as
VSCode ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6301c153423708fb3699327a00c25757bab86621
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6301c153423708fb3699327a00c25757bab86621
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
