Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
339223f7 by Moritz Muehlenhoff at 2023-02-16T18:32:32+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46206,17 +46206,17 @@ CVE-2022-36932
CVE-2022-36931
RESERVED
CVE-2022-36930 (Zoom Rooms for Windows installers before version 5.13.0
contain a loca ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-36929 (The Zoom Rooms Installer for Windows prior to 5.12.6 contains
a local ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-36928 (Zoom for Android clients before version 5.13.0 contain a path
traversa ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-36927 (Zoom Rooms for macOS clients before version 5.11.3 contain a
local pri ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-36926 (Zoom Rooms for macOS clients before version 5.11.3 contain a
local pri ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-36925 (Zoom Rooms for macOS clients before version 5.11.4 contain an
insecure ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-36924 (The Zoom Rooms Installer for Windows prior to 5.12.6 contains
a local ...)
NOT-FOR-US: Zoom
CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP,
Network Co ...)
@@ -46494,7 +46494,7 @@ CVE-2022-36800 (Affected versions of Atlassian Jira
Service Management Server an
CVE-2022-36799 (This issue exists to document that a security improvement in
the way t ...)
NOT-FOR-US: Atlassian
CVE-2022-35401 (An authentication bypass vulnerability exists in the
get_IFTTTTtoken.c ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2022-2548
RESERVED
CVE-2022-2547 (A crafted HTTP packet without a content-type header can create
a denia ...)
@@ -47218,11 +47218,11 @@ CVE-2022-36445
CVE-2022-36444 (An issue was discovered in Atos Unify OpenScape SBC 9 and 10
before 10 ...)
NOT-FOR-US: Atos Unify OpenScape SBC
CVE-2022-36443 (An issue was discovered in Zebra Enterprise Home Screen
4.1.19. The de ...)
- TODO: check
+ NOT-FOR-US: Zebra Enterprise Home Screen
CVE-2022-36442 (An issue was discovered in Zebra Enterprise Home Screen
4.1.19. By usi ...)
- TODO: check
+ NOT-FOR-US: Zebra Enterprise Home Screen
CVE-2022-36441 (An issue was discovered in Zebra Enterprise Home Screen
4.1.19. The Gb ...)
- TODO: check
+ NOT-FOR-US: Zebra Enterprise Home Screen
CVE-2022-36440
RESERVED
CVE-2022-2537 (The WooCommerce PDF Invoices & Packing Slips WordPress
plugin befo ...)
@@ -47728,11 +47728,11 @@ CVE-2022-32575
CVE-2022-2485 (Any attempt (good or bad) to log into AutomationDirect Stride
Field I/ ...)
NOT-FOR-US: AutomationDirect
CVE-2022-2484 (The signature check in the Nokia ASIK AirScale system module
version 4 ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2022-2483 (The bootloader in the Nokia ASIK AirScale system module
(versions 4740 ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2022-2482 (A vulnerability exists in Nokia’s ASIK AirScale system
module (v ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2022-2481 (Use after free in Views in Google Chrome prior to
103.0.5060.134 allow ...)
{DSA-5187-1}
- chromium 103.0.5060.134-1
@@ -48905,7 +48905,7 @@ CVE-2022-35870 (This vulnerability allows remote
attackers to execute arbitrary
CVE-2022-35869 (This vulnerability allows remote attackers to bypass
authentication on ...)
NOT-FOR-US: Ignition
CVE-2022-35868 (A vulnerability has been identified in TIA Multiuser Server
V14 (All v ...)
- TODO: check
+ NOT-FOR-US: TIA Multiuser Server
CVE-2022-35867 (This vulnerability allows local attackers to escalate
privileges on af ...)
NOT-FOR-US: xhyve
CVE-2022-35866 (This vulnerability allows remote attackers to bypass
authentication on ...)
@@ -48979,7 +48979,7 @@ CVE-2022-35847 (An improper neutralization of special
elements used in a templat
CVE-2022-35846 (An improper restriction of excessive authentication attempts
vulnerabi ...)
NOT-FOR-US: FortiGuard
CVE-2022-35845 (Multiple improper neutralization of special elements used in
an OS Com ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-35844 (An improper neutralization of special elements used in an OS
command v ...)
NOT-FOR-US: FortiGuard
CVE-2022-35843 (An authentication bypass by assumed-immutable data
vulnerability [CWE- ...)
@@ -50526,7 +50526,7 @@ CVE-2022-2331
CVE-2022-2330 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
NOT-FOR-US: DLP Endpoint for Windows
CVE-2022-2329 (A CWE-190: Integer Overflow or Wraparound vulnerability exists
that co ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-2328 (The Flexi Quote Rotator WordPress plugin through 0.9.4 does not
saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2327 (io_uring use work_flags to determine which identity need to
grab from ...)
@@ -51635,15 +51635,15 @@ CVE-2022-34890 (This vulnerability allows local
attackers to disclose sensitive
CVE-2022-34889 (This vulnerability allows local attackers to escalate
privileges on af ...)
NOT-FOR-US: Parallels
CVE-2022-34888 (The Remote Mount feature can potentially be abused by valid,
authentic ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-34887
RESERVED
CVE-2022-34886
RESERVED
CVE-2022-34885 (An improper input sanitization vulnerability in the Motorola
MR2600 ro ...)
- TODO: check
+ NOT-FOR-US: Motorola
CVE-2022-34884 (A buffer overflow exists in the Remote Presence subsystem
which can po ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-34883 (OS Command Injection vulnerability in Hitachi RAID Manager
Storage Rep ...)
NOT-FOR-US: Hitachi
CVE-2022-34882 (Information Exposure Through an Error Message vulnerability in
Hitachi ...)
@@ -53054,41 +53054,41 @@ CVE-2022-34462 (Dell EMC SCG Policy Manager, versions
from 5.10 to 5.12, contain
CVE-2022-34461
RESERVED
CVE-2022-34460 (Prior Dell BIOS versions contain an improper input validation
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34459 (Dell Command | Update, Dell Update, and Alienware Update
versions prio ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34458 (Dell Command | Update, Dell Update, and Alienware Update
versions prio ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34457 (Dell command configuration, version 4.8 and prior, contains
improper f ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34456 (Dell EMC Metro node, Version(s) prior to 7.1, contain a Code
Injection ...)
NOT-FOR-US: EMC
CVE-2022-34455
RESERVED
CVE-2022-34454 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a
heap-based buff ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34453
RESERVED
CVE-2022-34452 (PowerPath Management Appliance with versions 3.3, 3.2*, 3.1
& 3.0* ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34451 (PowerPath Management Appliance with versions 3.3 & 3.2*,
3.1 & ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34450 (PowerPath Management Appliance with version 3.3 contains
Privilege Esc ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34449 (PowerPath Management Appliance with versions 3.3 & 3.2*
contains a ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34448 (PowerPath Management Appliance with versions 3.3 & 3.2*,
3.1 & ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34447 (PowerPath Management Appliance with versions 3.3 & 3.2*,
3.1 & ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34446 (PowerPath Management Appliance with versions 3.3 & 3.2*
contains A ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34445 (Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a
weak enc ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34444 (Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x
contain an inf ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34443 (Dell Rugged Control Center, versions prior to 4.5, contain an
Improper ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34442 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12,
contain(s) a ...)
NOT-FOR-US: EMC
CVE-2022-34441 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12,
contain(s) a ...)
@@ -53102,9 +53102,9 @@ CVE-2022-34438 (Dell PowerScale OneFS, versions
8.2.x-9.4.0.x, contain a privile
CVE-2022-34437 (Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS
command inj ...)
NOT-FOR-US: Dell
CVE-2022-34436 (Dell iDRAC8 version 2.83.83.83 and prior contain an improper
input val ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34435 (Dell iDRAC9 version 6.00.02.00 and prior contain an improper
input val ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34434 (Cloud Mobility for Dell Storage versions 1.3.0 and earlier
contains an ...)
NOT-FOR-US: Dell
CVE-2022-34433
@@ -53164,49 +53164,49 @@ CVE-2022-34407
CVE-2022-34406
RESERVED
CVE-2022-34405 (An improper access control vulnerability was identified in the
Realtek ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34404 (Dell System Update, version 2.0.0 and earlier, contains an
Improper Ce ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34403 (Dell BIOS contains a Stack based buffer overflow
vulnerability. A loca ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34402 (Dell Wyse ThinOS 2205 contains a Regular Expression Denial of
Service ...)
NOT-FOR-US: Dell
CVE-2022-34401 (Dell BIOS contains a stack based buffer overflow
vulnerability. A loca ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34400 (Dell BIOS contains a heap buffer overflow vulnerability. A
local attac ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34399 (Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a
buffer acc ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34398 (Dell BIOS contains a Time-of-check Time-of-use vulnerability.
A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34397 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and
Solution Ena ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34396 (Dell OpenManage Server Administrator (OMSA) version 10.3.0.0
and earli ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34395
RESERVED
CVE-2022-34394 (Dell OS10, version 10.5.3.4, contains an Improper Certificate
Validati ...)
NOT-FOR-US: Dell
CVE-2022-34393 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34392 (SupportAssist for Home PCs (versions 3.11.4 and prior) contain
an insu ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34391 (Dell Client BIOS Versions prior to the remediated version
contain an i ...)
NOT-FOR-US: Dell
CVE-2022-34390 (Dell BIOS contains a use of uninitialized variable
vulnerability. A lo ...)
NOT-FOR-US: Dell
CVE-2022-34389 (Dell SupportAssist contains a rate limit bypass issues in
screenmeet A ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34388 (Dell SupportAssist for Home PCs (version 3.11.4 and prior) and
Support ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34387 (Dell SupportAssist for Home PCs (version 3.11.4 and prior) and
Support ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34386 (Dell SupportAssist for Home PCs (version 3.11.4 and prior) and
Support ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34385 (SupportAssist for Home PCs (version 3.11.4 and prior) and
SupportAssis ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34384 (Dell SupportAssist Client Consumer (version 3.11.1 and prior),
Support ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34383 (Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain
an operat ...)
NOT-FOR-US: Dell
CVE-2022-34382 (Dell Command Update, Dell Update and Alienware Update versions
prior t ...)
@@ -53220,9 +53220,9 @@ CVE-2022-34379 (Dell EMC CloudLink 7.1.2 and all prior
versions contain an Authe
CVE-2022-34378 (Dell PowerScale OneFS, versions 9.0.0 up to and including
9.1.0.20, 9. ...)
NOT-FOR-US: Dell
CVE-2022-34377 (Dell PowerEdge BIOS contains an Improper SMM communication
buffer veri ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34376 (Dell PowerEdge BIOS contains an improper input validation
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34375 (Dell Container Storage Modules 1.2 contains a path traversal
vulnerabi ...)
NOT-FOR-US: Dell
CVE-2022-34374 (Dell Container Storage Modules 1.2 contains an OS command
injection in ...)
@@ -53242,11 +53242,11 @@ CVE-2022-34368 (Dell EMC NetWorker 19.2.1.x 19.3.x,
19.4.x, 19.5.x, 19.6.x and 1
CVE-2022-34367 (Dell EMC Data Protection Central versions 19.1, 19.2, 19.3,
19.4, 19.5 ...)
NOT-FOR-US: Dell
CVE-2022-34366 (Dell SupportAssist for Home PCs (version 3.11.2 and prior)
contain Ove ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34365 (WMS 3.7 contains a Path Traversal Vulnerability in Device API.
An atta ...)
NOT-FOR-US: Dell
CVE-2022-34364 (Dell BSAFE SSL-J when used in debug mode can reveal
unnecessary inform ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34363
RESERVED
CVE-2022-2193 (Insecure Direct Object Reference vulnerability in HYPR Server
before v ...)
@@ -53368,11 +53368,11 @@ CVE-2022-34326 (In ambiot amb1_sdk (aka SDK for
Ameba1) before 2022-06-20 on Rea
CVE-2022-34325 (DMA transactions which are targeted at input buffers used for
the Stor ...)
NOT-FOR-US: Insyde
CVE-2022-34324 (Multiple SQL injections in Sage XRT Business Exchange 12.4.302
allow a ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2022-34323 (Multiple XSS issues were discovered in Sage XRT Business
Exchange 12.4 ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2022-34322 (Multiple XSS issues were discovered in Sage Enterprise
Intelligence 20 ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2022-34321
RESERVED
CVE-2022-34320 (IBM CICS TX 11.1 uses weaker than expected cryptographic
algorithms th ...)
@@ -53442,7 +53442,7 @@ CVE-2022-34299 (There is a heap-based buffer over-read
in libdwarf 0.4.0. This i
CVE-2022-34298 (The NT auth module in OpenAM before 14.6.6 allows a "replace
Samba use ...)
NOT-FOR-US: OpenAM (different from src:openam)
CVE-2022-34297 (Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a
payload in ...)
- TODO: check
+ - yii <itp> (bug #597899)
CVE-2022-34296 (In Zalando Skipper before 0.13.218, a query predicate could be
bypasse ...)
NOT-FOR-US: Zalando Skipper
CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...)
@@ -53805,7 +53805,7 @@ CVE-2022-2156 (Use after free in Core in Google Chrome
prior to 103.0.5060.53 al
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2155 (A vulnerability exists in the affected versions of Lumada
APM’s ...)
- TODO: check
+ NOT-FOR-US: Lumada
CVE-2022-2154
REJECTED
CVE-2022-2153 (A flaw was found in the Linux kernel’s KVM when
attempting to se ...)
@@ -53900,9 +53900,9 @@ CVE-2022-XXXX [vlc issues fixed in 3.0.13]
NOTE: https://www.videolan.org/security/sb-vlc3013.html
NOTE: Tracking issues fixed in DSA-5165-1 without CVEs
CVE-2022-34146 (Transient DOS due to improper input validation in WLAN Host
while pars ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-34145 (Transient DOS due to buffer over-read in WLAN Host while
parsing frame ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-34144
RESERVED
CVE-2022-34143
@@ -53916,7 +53916,7 @@ CVE-2022-34140 (A stored cross-site scripting (XSS)
vulnerability in /index.php?
CVE-2022-34139
RESERVED
CVE-2022-34138 (Insecure direct object references (IDOR) in the web server of
Biltema ...)
- TODO: check
+ NOT-FOR-US: Biltema IP and Baby Camera
CVE-2022-34137
RESERVED
CVE-2022-34136
@@ -54571,7 +54571,7 @@ CVE-2022-33936 (Cloud Mobility for Dell EMC Storage,
1.3.0.XXX contains a RCE vu
CVE-2022-33935 (Dell EMC Data Protection Advisor versions 19.6 and earlier,
contains a ...)
NOT-FOR-US: EMC
CVE-2022-33934 (Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain
multiple s ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-33933
RESERVED
CVE-2022-33932 (Dell PowerScale OneFS, versions 9.0.0 up to and including
9.1.0.19, 9. ...)
@@ -55936,7 +55936,7 @@ CVE-2022-33325 (Multiple command injection
vulnerabilities exist in the web_serv
CVE-2022-33324 (Improper Resource Shutdown or Release vulnerability in
Mitsubishi Elec ...)
NOT-FOR-US: Mitsubishi
CVE-2022-33323 (Active Debug Code vulnerability in robot controller of
Mitsubishi Elec ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2022-33322 (Cross-site scripting vulnerability in Mitsubishi Electric
consumer ele ...)
NOT-FOR-US: Mitsubishi Electric
CVE-2022-33321 (Cleartext Transmission of Sensitive Information vulnerability
due to t ...)
@@ -55966,7 +55966,7 @@ CVE-2022-33308
CVE-2022-33307
RESERVED
CVE-2022-33306 (Transient DOS due to buffer over-read in WLAN while processing
an inco ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33305
RESERVED
CVE-2022-33304
@@ -55978,9 +55978,9 @@ CVE-2022-33302
CVE-2022-33301
RESERVED
CVE-2022-33300 (Memory corruption in Automotive Android OS due to improper
input valid ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33299 (Transient DOS due to null pointer dereference in Bluetooth
HOST while ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33298
RESERVED
CVE-2022-33297
@@ -55998,7 +55998,7 @@ CVE-2022-33292
CVE-2022-33291
RESERVED
CVE-2022-33290 (Transient DOS in Bluetooth HOST due to null pointer
dereference when a ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33289
RESERVED
CVE-2022-33288
@@ -56006,37 +56006,37 @@ CVE-2022-33288
CVE-2022-33287
RESERVED
CVE-2022-33286 (Transient DOS due to buffer over-read in WLAN while processing
802.11 ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33285 (Transient DOS due to buffer over-read in WLAN while parsing
WLAN CSA a ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33284 (Information disclosure due to buffer over-read in WLAN while
parsing B ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33283 (Information disclosure due to buffer over-read in WLAN while
WLAN fram ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33282
RESERVED
CVE-2022-33281
RESERVED
CVE-2022-33280 (Memory corruption due to access of uninitialized pointer in
Bluetooth ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33279 (Memory corruption due to stack based buffer overflow in WLAN
having in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33278
RESERVED
CVE-2022-33277 (Memory corruption in modem due to buffer copy without checking
size of ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33276 (Memory corruption due to buffer copy without checking size of
input in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33275
RESERVED
CVE-2022-33274 (Memory corruption in android core due to improper validation
of array ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33273
RESERVED
CVE-2022-33272
RESERVED
CVE-2022-33271 (Information disclosure due to buffer over-read in WLAN while
parsing N ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33270
RESERVED
CVE-2022-33269
@@ -56046,9 +56046,9 @@ CVE-2022-33268 (Information disclosure due to buffer
over-read in Bluetooth HOST
CVE-2022-33267
RESERVED
CVE-2022-33266 (Memory corruption in Audio due to integer overflow to buffer
overflow ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33265 (Memory corruption due to information exposure in Powerline
Communicati ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33264
RESERVED
CVE-2022-33263
@@ -56068,13 +56068,13 @@ CVE-2022-33257
CVE-2022-33256
RESERVED
CVE-2022-33255 (Information disclosure due to buffer over-read in Bluetooth
HOST while ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33254
RESERVED
CVE-2022-33253 (Transient DOS due to buffer over-read in WLAN while parsing
corrupted ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33252 (Information disclosure due to buffer over-read in WLAN while
handling ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33251
RESERVED
CVE-2022-33250
@@ -56082,17 +56082,17 @@ CVE-2022-33250
CVE-2022-33249
RESERVED
CVE-2022-33248 (Memory corruption in User Identity Module due to integer
overflow to b ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33247
RESERVED
CVE-2022-33246 (Memory corruption in Audio due to use of out-of-range pointer
offset w ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33245
RESERVED
CVE-2022-33244
RESERVED
CVE-2022-33243 (Memory corruption due to improper access control in Qualcomm
IPC. ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33242
RESERVED
CVE-2022-33241
@@ -56112,15 +56112,15 @@ CVE-2022-33235 (Information disclosure due to buffer
over-read in WLAN firmware
CVE-2022-33234 (Memory corruption in video due to configuration weakness. in
Snapdrago ...)
NOT-FOR-US: Snapdragon
CVE-2022-33233 (Memory corruption due to configuration weakness in modem wile
sending ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33232 (Memory corruption due to buffer copy without checking size of
input wh ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33231
RESERVED
CVE-2022-33230
RESERVED
CVE-2022-33229 (Information disclosure due to buffer over-read in Modem while
using st ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33228
RESERVED
CVE-2022-33227
@@ -56128,7 +56128,7 @@ CVE-2022-33227
CVE-2022-33226
RESERVED
CVE-2022-33225 (Memory corruption due to use after free in trusted application
environ ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33224
RESERVED
CVE-2022-33223
@@ -56136,17 +56136,17 @@ CVE-2022-33223
CVE-2022-33222
RESERVED
CVE-2022-33221 (Information disclosure in Trusted Execution Environment due to
buffer ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33220
RESERVED
CVE-2022-33219 (Memory corruption in Automotive due to integer overflow to
buffer over ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33218 (Memory corruption in Automotive due to improper input
validation. ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33217 (Memory corruption in Qualcomm IPC due to buffer copy without
checking ...)
NOT-FOR-US: Qualcomm
CVE-2022-33216 (Transient Denial-of-service in Automotive due to improper
input valida ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33215
RESERVED
CVE-2022-33214 (Memory corruption in display due to time-of-check time-of-use
of metad ...)
@@ -56759,7 +56759,7 @@ CVE-2022-2054 (Command Injection in GitHub repository
nuitka/nuitka prior to 0.9
CVE-2022-32985 (libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x
before 7.0 ...)
NOT-FOR-US: Nexans FTTO GigaSwitch
CVE-2022-32984 (BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to
obtain s ...)
- TODO: check
+ NOT-FOR-US: BTCPay Server
CVE-2022-32983 (Knot Resolver through 5.5.1 may allow DNS cache poisoning when
there i ...)
- knot-resolver <unfixed> (unimportant)
NOTE: Just a clarifying documentation update:
https://github.com/CZ-NIC/knot-resolver/commit/ccb9d9794db5eb757c33becf65cb1cf48ecfd968
@@ -56839,11 +56839,11 @@ CVE-2022-32957
CVE-2022-32956
RESERVED
CVE-2022-32955 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-32954 (An issue was discovered in Insyde InsydeH2O with kernel 5.1
through 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-32953 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-32952
REJECTED
CVE-2022-32951
@@ -57304,9 +57304,9 @@ CVE-2022-32749 (Improper Check for Unusual or
Exceptional Conditions vulnerabili
NOTE:
https://github.com/apache/trafficserver/commit/71a80d1abb3fbcb2e30ff850c8bca0a371589b5a
(master)
NOTE:
https://github.com/apache/trafficserver/commit/590f87304b233791169af3d5899c5ba135bb61fa
(9.1.x)
CVE-2022-32748 (A CWE-295: Improper Certificate Validation vulnerability
exists that c ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32747 (A CWE-290: Authentication Bypass by Spoofing vulnerability
exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32746 (A flaw was found in the Samba AD LDAP server. The AD DC
database audit ...)
{DSA-5205-1}
- samba 2:4.16.4+dfsg-1 (bug #1016449)
@@ -57511,9 +57511,9 @@ CVE-2022-32666
CVE-2022-32665 (In Boa, there is a possible command injection due to improper
input va ...)
TODO: check
CVE-2022-32664 (In Config Manager, there is a possible command injection due
to improp ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32663 (In Wi-Fi driver, there is a possible system crash due to null
pointer ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32662
RESERVED
CVE-2022-32661
@@ -57521,55 +57521,55 @@ CVE-2022-32661
CVE-2022-32660
RESERVED
CVE-2022-32659 (In Wi-Fi driver, there is a possible undefined behavior due to
incorre ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32658 (In Wi-Fi driver, there is a possible undefined behavior due to
incorre ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32657 (In Wi-Fi driver, there is a possible undefined behavior due to
incorre ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32656 (In Wi-Fi driver, there is a possible undefined behavior due to
incorre ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32655 (In Wi-Fi driver, there is a possible undefined behavior due to
incorre ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32654 (In Wi-Fi driver, there is a possible undefined behavior due to
incorre ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32653 (In mtk-aie, there is a possible use after free due to a logic
error. T ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32652 (In mtk-aie, there is a possible use after free due to a logic
error. T ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32651 (In mtk-aie, there is a possible use after free due to a logic
error. T ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32650 (In mtk-isp, there is a possible use after free due to a logic
error. T ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32649 (In jpeg, there is a possible use after free due to a logic
error. This ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32648 (In disp, there is a possible use after free due to a race
condition. T ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32647 (In ccu, there is a possible out of bounds write due to
improper input ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32646 (In gpu drm, there is a possible stack overflow due to a
missing bounds ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32645 (In vow, there is a possible information disclosure due to a
race condi ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32644 (In vow, there is a possible use after free due to a race
condition. Th ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32643 (In ccd, there is a possible use after free due to a race
condition. Th ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32642 (In ccd, there is a possible memory corruption due to a race
condition. ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32641 (In meta wifi, there is a possible out of bounds read due to a
missing ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32640 (In meta wifi, there is a possible out of bounds write due to a
missing ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32639 (In watchdog, there is a possible out of bounds read due to a
missing b ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32638 (In isp, there is a possible out of bounds write due to a race
conditio ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32637 (In hevc decoder, there is a possible out of bounds write due
to a miss ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32636 (In keyinstall, there is a possible out of bounds write due to
an integ ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32635 (In gps, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32634 (In ccci, there is a possible out of bounds write due to
improper input ...)
NOT-FOR-US: Mediatek
CVE-2022-32633 (In Wi-Fi, there is a possible memory access violation due to a
logic e ...)
@@ -57593,7 +57593,7 @@ CVE-2022-32625 (In display, there is a possible out of
bounds write due to an in
CVE-2022-32624 (In throttling, there is a possible out of bounds write due to
an incor ...)
NOT-FOR-US: Mediatek
CVE-2022-32623 (In mdp, there is a possible out of bounds write due to
incorrect error ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32622 (In gz, there is a possible memory corruption due to a missing
bounds c ...)
NOT-FOR-US: Mediatek
CVE-2022-32621 (In isp, there is a possible out of bounds write due to a race
conditio ...)
@@ -57649,7 +57649,7 @@ CVE-2022-32597 (In widevine, there is a possible out of
bounds write due to an i
CVE-2022-32596 (In widevine, there is a possible out of bounds write due to an
incorre ...)
NOT-FOR-US: Mediatek
CVE-2022-32595 (In widevine, there is a possible out of bounds read due to an
incorrec ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32594 (In widevine, there is a possible out of bounds write due to an
incorre ...)
NOT-FOR-US: Mediatek
CVE-2022-32593 (In vowe, there is a possible out of bounds write due to a
missing boun ...)
@@ -57868,41 +57868,41 @@ CVE-2022-2014 (Code Injection in GitHub repository
jgraph/drawio prior to 19.0.2
CVE-2022-32530 (A CWE-668 Exposure of Resource to Wrong Sphere vulnerability
exists th ...)
NOT-FOR-US: Geo SCADA Mobile
CVE-2022-32529 (A CWE-120: Buffer Copy without Checking Size of Input
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32528 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32527 (A CWE-120: Buffer Copy without Checking Size of Input
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32526 (A CWE-120: Buffer Copy without Checking Size of Input
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32525 (A CWE-120: Buffer Copy without Checking Size of Input
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32524 (A CWE-120: Buffer Copy without Checking Size of Input
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32523 (A CWE-120: Buffer Copy without Checking Size of Input
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32522 (A CWE-120: Buffer Copy without Checking Size of Input
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32521 (A CWE 502: Deserialization of Untrusted Data vulnerability
exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32520 (A CWE-522: Insufficiently Protected Credentials vulnerability
exists t ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32519 (A CWE-257: Storing Passwords in a Recoverable Format
vulnerability exi ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32518 (A CWE-522: Insufficiently Protected Credentials vulnerability
exists t ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32517 (A CWE-1021: Improper Restriction of Rendered UI Layers or
Frames vulne ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32516 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability
exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32515 (A CWE-307: Improper Restriction of Excessive Authentication
Attempts v ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32514 (A CWE-287: Improper Authentication vulnerability exists that
could all ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32513 (A CWE-521: Weak Password Requirements vulnerability exists
that could ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32512 (A CWE-119: Improper Restriction of Operations within the
Bounds of a M ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-32511 (jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses
JSON.load in a s ...)
- ruby-jmespath 1.6.1-1 (bug #1014807)
[bullseye] - ruby-jmespath <no-dsa> (Minor issue)
@@ -57987,7 +57987,7 @@ CVE-2022-32492 (Dell BIOS contains an improper input
validation vulnerability. A
CVE-2022-32491 (Dell Client BIOS contains a Buffer Overflow vulnerability. A
local aut ...)
NOT-FOR-US: Dell
CVE-2022-32490 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32489 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
NOT-FOR-US: Dell
CVE-2022-32488 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
@@ -58003,7 +58003,7 @@ CVE-2022-32484 (Dell BIOS contains an improper input
validation vulnerability. A
CVE-2022-32483 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
NOT-FOR-US: Dell
CVE-2022-32482 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32481 (Dell PowerProtect Cyber Recovery, versions prior to 19.11,
contain a p ...)
NOT-FOR-US: Dell
CVE-2022-32480 (Dell PowerScale OneFS, versions 9.0.0, up to and including
9.1.0.19, 9 ...)
@@ -58011,25 +58011,25 @@ CVE-2022-32480 (Dell PowerScale OneFS, versions
9.0.0, up to and including 9.1.0
CVE-2022-32479
RESERVED
CVE-2022-32478 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-32477 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-32476 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-32475 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-32474 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-32473 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-32472
REJECTED
CVE-2022-32471 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with
kernel 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-32470 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-32469 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-32468
RESERVED
CVE-2022-32467
@@ -59649,9 +59649,9 @@ CVE-2022-31904 (EGT-Kommunikationstechnik UG
Mediacenter before v2.0 was discove
CVE-2022-31903
RESERVED
CVE-2022-31902 (Notepad++ v8.4.1 was discovered to contain a stack overflow
via the co ...)
- TODO: check
+ NOT-FOR-US: Notepad++
CVE-2022-31901 (Buffer overflow in function Notepad_plus::addHotSpot in
Notepad++ v8.4 ...)
- TODO: check
+ NOT-FOR-US: Notepad++
CVE-2022-31900
RESERVED
CVE-2022-31899
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/339223f773e2ee3d30df3e0e24de65a7406d1e2c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/339223f773e2ee3d30df3e0e24de65a7406d1e2c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
