Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4f004f5e by Moritz Muehlenhoff at 2023-03-08T12:21:55+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -138,7 +138,7 @@ CVE-2020-36667 (The JetBackup – WP Backup, Migrate & Restore plugin fo CVE-2023-27892 RESERVED CVE-2023-27891 (rami.io pretix before 4.17.1 allows OAuth application authorization fr ...) - TODO: check + NOT-FOR-US: rami.io CVE-2023-27890 RESERVED CVE-2023-27878 @@ -328,7 +328,7 @@ CVE-2023-1199 CVE-2023-1198 RESERVED CVE-2023-1197 (Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/commun ...) - TODO: check + NOT-FOR-US: UVdesk CVE-2023-1196 RESERVED CVE-2023-1195 @@ -820,7 +820,7 @@ CVE-2023-1180 (A vulnerability has been found in SourceCodester Health Center Pa CVE-2023-1179 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System CVE-2008-10004 (A vulnerability was found in Email Registration 5.x-2.1. It has been d ...) - TODO: check + NOT-FOR-US: Email Registration CVE-2023-27634 RESERVED CVE-2023-27633 @@ -1279,7 +1279,7 @@ CVE-2023-27487 CVE-2023-27486 RESERVED CVE-2023-27485 (thmmniii/fbs-core is an open source feedback system for students. In v ...) - TODO: check + NOT-FOR-US: thmmniii/fbs-core CVE-2023-27484 RESERVED CVE-2023-27483 @@ -1287,11 +1287,11 @@ CVE-2023-27483 CVE-2023-27482 RESERVED CVE-2023-27481 (Directus is a real-time API and App dashboard for managing SQL databas ...) - TODO: check + NOT-FOR-US: Directus CVE-2023-27480 (XWiki Platform is a generic wiki platform offering runtime services fo ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-27479 (XWiki Platform is a generic wiki platform offering runtime services fo ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-27478 (libmemcached-awesome is an open source C/C++ client library and tools ...) - libmemcached 1.1.4-1 (bug #1032479) [bullseye] - libmemcached <not-affected> (Vulnerable code introduced later) @@ -1733,9 +1733,9 @@ CVE-2023-27310 CVE-2023-27309 RESERVED CVE-2023-23554 (Uncontrolled search path element vulnerability exists in pg_ivm versio ...) - TODO: check + NOT-FOR-US: pg_ivm CVE-2023-22847 (Information disclosure vulnerability exists in pg_ivm versions prior t ...) - TODO: check + NOT-FOR-US: pg_ivm CVE-2023-1098 RESERVED CVE-2023-1097 (Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vu ...) @@ -2571,11 +2571,11 @@ CVE-2023-26957 CVE-2023-26956 RESERVED CVE-2023-26955 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) - TODO: check + NOT-FOR-US: onekeyadmin CVE-2023-26954 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) - TODO: check + NOT-FOR-US: onekeyadmin CVE-2023-26953 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) - TODO: check + NOT-FOR-US: onekeyadmin CVE-2023-26952 RESERVED CVE-2023-26951 @@ -2835,7 +2835,7 @@ CVE-2023-26825 CVE-2023-26824 RESERVED CVE-2023-26823 (An arbitrary file upload vulnerability in the /admin/template.php comp ...) - TODO: check + NOT-FOR-US: shopEx CVE-2023-26822 RESERVED CVE-2023-26821 @@ -3455,7 +3455,7 @@ CVE-2022-48346 CVE-2020-36662 RESERVED CVE-2015-10087 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpTh ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2015-10086 (A vulnerability, which was classified as critical, was found in OpenCy ...) NOT-FOR-US: OpenCycleCompass CVE-2023-26545 (In the Linux kernel before 6.1.13, there is a double free in net/mpls/ ...) @@ -3596,7 +3596,7 @@ CVE-2023-1005 (A vulnerability was found in JP1016 Markdown-Electron and classif CVE-2023-1004 (A vulnerability has been found in MarkText up to 0.17.1 and classified ...) NOT-FOR-US: MarkText CVE-2023-1003 (A vulnerability, which was classified as critical, was found in Typora ...) - TODO: check + NOT-FOR-US: Typora CVE-2023-1002 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: MuYuCMS CVE-2023-1001 @@ -4882,7 +4882,7 @@ CVE-2023-26056 (XWiki Platform is a generic wiki platform. Starting in version 3 CVE-2023-26055 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-26054 (BuildKit is a toolkit for converting source code to build artifacts in ...) - TODO: check + NOT-FOR-US: BuildKit CVE-2023-26053 (Gradle is a build tool with a focus on build automation and support fo ...) - gradle <not-affected> (The version of Gradle in Debian doesn't support dependency verification yet) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2174854 @@ -6364,7 +6364,7 @@ CVE-2023-0754 (The affected products are vulnerable to an integer overflow or wr CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has bee ...) NOT-FOR-US: dimtion Shaarlier CVE-2023-25611 (A improper neutralization of formula elements in a CSV file vulnerabil ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2023-25610 RESERVED CVE-2023-25609 @@ -6376,7 +6376,7 @@ CVE-2023-25607 CVE-2023-25606 RESERVED CVE-2023-25605 (A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2023-25604 RESERVED CVE-2023-25603 @@ -7179,7 +7179,7 @@ CVE-2023-25306 CVE-2023-25305 RESERVED CVE-2023-25304 (Prism Launcher <= 6.1 is vulnerable to Directory Traversal. ...) - TODO: check + NOT-FOR-US: Prism Launcher CVE-2023-25303 RESERVED CVE-2023-25302 @@ -7327,7 +7327,7 @@ CVE-2023-25232 CVE-2023-25231 (Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in f ...) NOT-FOR-US: Tenda CVE-2023-25230 (loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF). ...) - TODO: check + NOT-FOR-US: loonflow CVE-2023-25229 RESERVED CVE-2023-25228 @@ -7341,7 +7341,7 @@ CVE-2023-25225 CVE-2023-25224 RESERVED CVE-2023-25223 (CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/li ...) - TODO: check + NOT-FOR-US: CRMEB CVE-2023-25222 (A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12 ...) - libredwg <itp> (bug #595191) CVE-2023-25221 (Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vuln ...) @@ -8567,7 +8567,7 @@ CVE-2023-24791 CVE-2023-24790 RESERVED CVE-2023-24789 (jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injec ...) - TODO: check + NOT-FOR-US: jeecg-boot CVE-2023-24788 RESERVED CVE-2023-24787 @@ -8583,9 +8583,9 @@ CVE-2023-24783 CVE-2023-24782 RESERVED CVE-2023-24781 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: Funadmin CVE-2023-24780 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: Funadmin CVE-2023-24779 RESERVED CVE-2023-24778 @@ -8595,7 +8595,7 @@ CVE-2023-24777 CVE-2023-24776 (Funadmin v3.2.0 was discovered to contain a remote code execution (RCE ...) NOT-FOR-US: Funadmin CVE-2023-24775 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: Funadmin CVE-2023-24774 RESERVED CVE-2023-24773 @@ -8852,7 +8852,7 @@ CVE-2023-24659 CVE-2023-24658 RESERVED CVE-2023-24657 (phpipam v1.6 was discovered to contain a reflected cross-site scriptin ...) - TODO: check + - phpipam <itp> (bug #731713) CVE-2023-24656 (Simple Customer Relationship Management System v1.0 was discovered to ...) NOT-FOR-US: Simple Customer Relationship Management System CVE-2023-24655 @@ -10875,7 +10875,7 @@ CVE-2023-23941 (SwagPayPal is a PayPal integration for shopware/platform. If Jav CVE-2023-23940 (OpenZeppelin Contracts for Cairo is a library for secure smart contrac ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2023-23939 (Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vu ...) - TODO: check + NOT-FOR-US: Azure/setup-kubectl CVE-2023-23938 RESERVED CVE-2023-23937 (Pimcore is an Open Source Data & Experience Management Platform: P ...) @@ -11284,7 +11284,7 @@ CVE-2023-23778 (A relative path traversal vulnerability [CWE-23] in FortiWeb ver CVE-2023-23777 RESERVED CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2023-23775 RESERVED CVE-2023-23549 @@ -11761,6 +11761,7 @@ CVE-2023-23639 RESERVED CVE-2023-23638 RESERVED + NOT-FOR-US: Apache Dubbo CVE-2023-0331 (The Correos Oficial WordPress plugin through 1.2.0.2 does not have an ...) NOT-FOR-US: WordPress plugin CVE-2023-0330 (A vulnerability in the lsi53c895a device affects the latest version of ...) @@ -14888,9 +14889,9 @@ CVE-2023-0093 (Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 CVE-2023-0092 RESERVED CVE-2023-0090 (The webservices in Proofpoint Enterprise Protection (PPS/POD) contain ...) - TODO: check + NOT-FOR-US: Proofpoint CVE-2023-0089 (The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a v ...) - TODO: check + NOT-FOR-US: Proofpoint CVE-2022-48228 RESERVED CVE-2022-48227 @@ -19507,33 +19508,33 @@ CVE-2022-47486 CVE-2022-47485 RESERVED CVE-2022-47484 (In telephony service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47483 (In telephony service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47482 (In telephony service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47481 (In telephony service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47480 (In telephony service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47479 (In telephony service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47478 (In telephony service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47477 (In telephony service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47476 (In telephony service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47475 (In telephony service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47474 (In telephony service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47473 (In telephony service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47472 (In telephony service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47471 (In telephony service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47470 RESERVED CVE-2022-47469 @@ -19551,25 +19552,25 @@ CVE-2022-47464 CVE-2022-47463 RESERVED CVE-2022-47462 (In telephone service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47461 (In telephone service, there is a missing permission check. This could ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47460 (In gpu device, there is a memory corruption due to a use after free. T ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47459 (In wlan driver, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47458 (In wlan driver, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47457 (In wlan driver, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47456 (In wlan driver, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47455 (In wlan driver, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47454 (In wlan driver, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47453 (In wcn service, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47452 (In gnss driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2022-47451 (In wlan driver, there is a possible missing params check. This could l ...) @@ -23528,7 +23529,7 @@ CVE-2022-46259 CVE-2022-46258 (An incorrect authorization vulnerability was identified in GitHub Ente ...) NOT-FOR-US: GitHub Enterprise Server CVE-2022-46257 (An information disclosure vulnerability was identified in GitHub Enter ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2022-46256 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) NOT-FOR-US: GitHub Enterprise Server CVE-2022-46255 (An improper limitation of a pathname to a restricted directory vulnera ...) @@ -24496,7 +24497,7 @@ CVE-2022-45863 CVE-2022-45862 RESERVED CVE-2022-45861 (An access of uninitialized pointer vulnerability [CWE-824] in the SSL ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2022-45860 RESERVED CVE-2022-45859 @@ -29841,7 +29842,7 @@ CVE-2022-44420 CVE-2022-44419 RESERVED CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Mia-Med CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab <unfixed> CVE-2022-3758 @@ -31198,69 +31199,69 @@ CVE-2023-20653 CVE-2023-20652 RESERVED CVE-2023-20651 (In apu, there is a possible out of bounds read due to a missing bounds ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20650 (In apu, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20649 (In ril, there is a possible out of bounds read due to a missing bounds ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20648 (In ril, there is a possible out of bounds read due to a missing bounds ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20647 (In ril, there is a possible out of bounds read due to a missing bounds ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20646 (In ril, there is a possible out of bounds read due to a missing bounds ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20645 (In ril, there is a possible out of bounds read due to a missing bounds ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20644 (In ril, there is a possible out of bounds read due to a missing bounds ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20643 (In ril, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20642 (In ril, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20641 (In ril, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20640 (In ril, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20639 (In ril, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20638 (In ril, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20637 (In ril, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20636 (In display drm, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20635 (In keyinstall, there is a possible information disclosure due to an in ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20634 (In widevine, there is a possible out of bounds write due to improper i ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20633 (In usb, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20632 (In usb, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20631 RESERVED CVE-2023-20630 (In usb, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20629 RESERVED CVE-2023-20628 (In thermal, there is a possible memory corruption due to an uncaught e ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20627 (In pqframework, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20626 (In msdc, there is a possible out of bounds write due to an incorrect b ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20625 (In adsp, there is a possible double free due to a race condition. This ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20624 (In vow, there is a possible out of bounds write due to an incorrect bo ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20623 (In ion, there is a possible escalation of privilege due to improper lo ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20622 RESERVED CVE-2023-20621 (In tinysys, there is a possible out of bounds write due to a missing b ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20620 (In adsp, there is a possible escalation of privilege due to a logic er ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20619 (In vcu, there is a possible memory corruption due to improper locking. ...) NOT-FOR-US: MediaTek CVE-2023-20618 (In vcu, there is a possible memory corruption due to improper locking. ...) @@ -36762,7 +36763,7 @@ CVE-2022-42478 CVE-2022-42477 RESERVED CVE-2022-42476 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2022-42475 (A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VP ...) NOT-FOR-US: FortiOS SSL-VPN CVE-2022-42474 @@ -39915,7 +39916,7 @@ CVE-2022-41335 (A relative path traversal vulnerability [CWE-23] in Fortinet For CVE-2022-41334 (An improper neutralization of input during web page generation [CWE-79 ...) NOT-FOR-US: Fortinet CVE-2022-41333 (An uncontrolled resource consumption vulnerability [CWE-400] in FortiR ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2022-41332 RESERVED CVE-2022-41331 @@ -39923,9 +39924,9 @@ CVE-2022-41331 CVE-2022-41330 RESERVED CVE-2022-41329 (An exposure of sensitive information to an unauthorized actor vulnerab ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2022-41328 (A improper limitation of a pathname to a restricted directory vulnerab ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2022-41327 RESERVED CVE-2022-3291 (Serialization of sensitive data in GitLab EE affecting all versions fr ...) @@ -41493,7 +41494,7 @@ CVE-2022-40678 (An insufficiently protected credentials in Fortinet FortiNAC ver CVE-2022-40677 (A improper neutralization of argument delimiters in a command ('argume ...) NOT-FOR-US: Fortinet CVE-2022-40676 (A improper neutralization of input during web page generation ('cross- ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2022-40675 (Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through ...) NOT-FOR-US: Fortinet CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) @@ -41940,17 +41941,17 @@ CVE-2022-40542 CVE-2022-40541 RESERVED CVE-2022-40540 (Memory corruption due to buffer copy without checking the size of inpu ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-40539 (Memory corruption in Automotive Android OS due to improper validation ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-40538 RESERVED CVE-2022-40537 (Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_ ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-40536 RESERVED CVE-2022-40535 (Transient DOS due to buffer over-read in WLAN while sending a packet t ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-40534 RESERVED CVE-2022-40533 @@ -41958,15 +41959,15 @@ CVE-2022-40533 CVE-2022-40532 RESERVED CVE-2022-40531 (Memory corruption in WLAN due to incorrect type cast while sending WMI ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-40530 (Memory corruption in WLAN due to integer overflow to buffer overflow i ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-40529 RESERVED CVE-2022-40528 RESERVED CVE-2022-40527 (Transient DOS due to reachable assertion in WLAN while processing PEER ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-40526 RESERVED CVE-2022-40525 @@ -41990,7 +41991,7 @@ CVE-2022-40517 (Memory corruption in core due to stack-based buffer overflow ... CVE-2022-40516 (Memory corruption in Core due to stack-based buffer overflow. ...) NOT-FOR-US: Qualcomm CVE-2022-40515 (Memory corruption in Video due to double free while playing 3gp clip w ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-40514 (Memory corruption due to buffer copy without checking the size of inpu ...) NOT-FOR-US: Snapdragon CVE-2022-40513 (Transient DOS due to uncontrolled resource consumption in WLAN firmwar ...) @@ -43332,11 +43333,11 @@ CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a parti CVE-2022-39954 (An improper restriction of xml external entity reference in Fortinet F ...) NOT-FOR-US: Fortinet CVE-2022-39953 (A improper privilege management in Fortinet FortiNAC version 9.4.0 thr ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2022-39952 (A external control of file name or path in Fortinet FortiNAC versions ...) NOT-FOR-US: Fortinet CVE-2022-39951 (A improper neutralization of special elements used in an os command (' ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2022-39950 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: FortiGuard CVE-2022-39949 (An improper control of a resource through its lifetime vulnerability [ ...) @@ -61574,7 +61575,7 @@ CVE-2022-33313 (Multiple command injection vulnerabilities exist in the web_serv CVE-2022-33312 (Multiple command injection vulnerabilities exist in the web_server act ...) NOT-FOR-US: Robustel R1510 CVE-2022-33309 (Transient DOS due to buffer over-read in WLAN Firmware while parsing s ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-33308 RESERVED CVE-2022-33307 @@ -61636,7 +61637,7 @@ CVE-2022-33280 (Memory corruption due to access of uninitialized pointer in Blue CVE-2022-33279 (Memory corruption due to stack based buffer overflow in WLAN having in ...) NOT-FOR-US: Qualcomm CVE-2022-33278 (Memory corruption due to buffer copy without checking the size of inpu ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-33277 (Memory corruption in modem due to buffer copy without checking size of ...) NOT-FOR-US: Qualcomm CVE-2022-33276 (Memory corruption due to buffer copy without checking size of input in ...) @@ -61648,7 +61649,7 @@ CVE-2022-33274 (Memory corruption in android core due to improper validation of CVE-2022-33273 RESERVED CVE-2022-33272 (Transient DOS in modem due to reachable assertion. ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-33271 (Information disclosure due to buffer over-read in WLAN while parsing N ...) NOT-FOR-US: Qualcomm CVE-2022-33270 @@ -61672,19 +61673,19 @@ CVE-2022-33262 CVE-2022-33261 RESERVED CVE-2022-33260 (Memory corruption due to stack based buffer overflow in core while sen ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-33259 RESERVED CVE-2022-33258 RESERVED CVE-2022-33257 (Memory corruption in Core due to time-of-check time-of-use race condit ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-33256 (Memory corruption due to improper validation of array index in Multi-m ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-33255 (Information disclosure due to buffer over-read in Bluetooth HOST while ...) NOT-FOR-US: Qualcomm CVE-2022-33254 (Transient DOS due to reachable assertion in Modem while processing SIB ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-33253 (Transient DOS due to buffer over-read in WLAN while parsing corrupted ...) NOT-FOR-US: Qualcomm CVE-2022-33252 (Information disclosure due to buffer over-read in WLAN while handling ...) @@ -61692,7 +61693,7 @@ CVE-2022-33252 (Information disclosure due to buffer over-read in WLAN while han CVE-2022-33251 RESERVED CVE-2022-33250 (Transient DOS due to reachable assertion in modem when network repeate ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-33249 RESERVED CVE-2022-33248 (Memory corruption in User Identity Module due to integer overflow to b ...) @@ -61702,13 +61703,13 @@ CVE-2022-33247 CVE-2022-33246 (Memory corruption in Audio due to use of out-of-range pointer offset w ...) NOT-FOR-US: Qualcomm CVE-2022-33245 (Memory corruption in WLAN due to use after free ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-33244 (Transient DOS due to reachable assertion in modem during MIB reception ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-33243 (Memory corruption due to improper access control in Qualcomm IPC. ...) NOT-FOR-US: Qualcomm CVE-2022-33242 (Memory corruption due to improper authentication in Qualcomm IPC while ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-33241 RESERVED CVE-2022-33240 @@ -61766,7 +61767,7 @@ CVE-2022-33215 CVE-2022-33214 (Memory corruption in display due to time-of-check time-of-use of metad ...) NOT-FOR-US: Snapdragon CVE-2022-33213 (Memory corruption in modem due to buffer overflow while processing a P ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2022-33212 RESERVED CVE-2022-33211 @@ -78513,7 +78514,7 @@ CVE-2022-27492 (An integer underflow in WhatsApp could have caused remote code e CVE-2022-27491 (A improper verification of source of a communication channel in Fortin ...) NOT-FOR-US: FortiGuard CVE-2022-27490 (A exposure of sensitive information to an unauthorized actor in Fortin ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2022-27489 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2022-27488 @@ -81560,9 +81561,9 @@ CVE-2022-26427 (In camera isp, there is a possible out of bounds write due to a CVE-2022-26426 (In camera isp, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-26418 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-26416 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-26414 (A potential buffer overflow vulnerability was identified in some inter ...) NOT-FOR-US: Zyxel CVE-2022-26413 (A command injection vulnerability in the CGI program of Zyxel VMG3312- ...) @@ -81570,39 +81571,39 @@ CVE-2022-26413 (A command injection vulnerability in the CGI program of Zyxel VM CVE-2022-26348 (Command Centre Server is vulnerable to SQL Injection via Windows Regis ...) NOT-FOR-US: gallagher CVE-2022-26347 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-26339 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-26123 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-26087 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-26078 (Gallagher Controller 6000 is vulnerable to a Denial of Service attack ...) NOT-FOR-US: Gallagher CVE-2022-26058 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-26055 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-26053 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-26039 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-26031 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-26027 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-25997 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-25968 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-25957 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-25920 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-25889 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-21224 (This candidate was in a CNA pool that was not assigned to any issues d ...) - TODO: check + NOT-FOR-US: Unused ID CVE-2022-0864 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 ...) NOT-FOR-US: WordPress plugin CVE-2022-0863 (The WP SVG Icons WordPress plugin through 3.2.3 does not properly vali ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f004f5e0e0638ad953b97f9cb704cb897385ed4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f004f5e0e0638ad953b97f9cb704cb897385ed4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits