Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca6b38c5 by Moritz Muehlenhoff at 2022-04-19T13:20:32+02:00
new snort issue, one from the BTS and on further digging several further were
hiding in Cisco entries
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2022-XXXX [snort privilege escalation due to insecure use of logrotate]
+ - snort <unfixed> (bug #1009820)
+ [bullseye] - snort <no-dsa> (Minor issue)
+ [buster] - snort <no-dsa> (Minor issue)
CVE-2022-29502
RESERVED
CVE-2022-29501
@@ -42174,7 +42178,8 @@ CVE-2021-40116 (Multiple Cisco products are affected by
a vulnerability in Snort
CVE-2021-40115 (A vulnerability in Cisco Webex Video Mesh could allow an
unauthenticat ...)
NOT-FOR-US: Cisco
CVE-2021-40114 (Multiple Cisco products are affected by a vulnerability in the
way the ...)
- NOT-FOR-US: Cisco
+ - snort <unfixed>
+ NOTE:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU
CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface
of the ...)
NOT-FOR-US: Cisco
CVE-2021-40112 (Multiple vulnerabilities in the web-based management interface
of the ...)
@@ -55254,7 +55259,8 @@ CVE-2021-34751
CVE-2021-34750
RESERVED
CVE-2021-34749 (A vulnerability in Server Name Identification (SNI) request
filtering ...)
- NOT-FOR-US: Cisco
+ - snort <unfixed>
+ NOTE:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN
CVE-2021-34748 (A vulnerability in the web-based management interface of Cisco
Intersi ...)
NOT-FOR-US: Cisco
CVE-2021-34747
@@ -99554,7 +99560,8 @@ CVE-2021-1497 (Multiple vulnerabilities in the
web-based management interface of
CVE-2021-1496 (Multiple vulnerabilities in the install, uninstall, and upgrade
proces ...)
NOT-FOR-US: Cisco
CVE-2021-1495 (Multiple Cisco products are affected by a vulnerability in the
Snort d ...)
- NOT-FOR-US: Cisco
+ - snort <unfixed>
+ NOTE:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc
CVE-2021-1494
RESERVED
CVE-2021-1493 (A vulnerability in the web services interface of Cisco Adaptive
Securi ...)
@@ -100081,7 +100088,8 @@ CVE-2021-1238 (Multiple vulnerabilities in the
web-based management interface of
CVE-2021-1237 (A vulnerability in the Network Access Manager and Web Security
Agent c ...)
NOT-FOR-US: Cisco
CVE-2021-1236 (Multiple Cisco products are affected by a vulnerability in the
Snort a ...)
- NOT-FOR-US: Cisco
+ - snort 2.9.15.1-1
+ NOTE:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq
CVE-2021-1235 (A vulnerability in the CLI of Cisco SD-WAN vManage Software
could allo ...)
NOT-FOR-US: Cisco
CVE-2021-1234
@@ -100105,9 +100113,11 @@ CVE-2021-1226 (A vulnerability in the audit logging
component of Cisco Unified C
CVE-2021-1225 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1224 (Multiple Cisco products are affected by a vulnerability with
TCP Fast ...)
- NOT-FOR-US: Cisco
+ - snort <unfixed>
+ NOTE:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes
CVE-2021-1223 (Multiple Cisco products are affected by a vulnerability in the
Snort d ...)
- NOT-FOR-US: Cisco
+ - snort <unfixed>
+ NOTE:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-filepolbypass-67DEwMe2
CVE-2021-1222 (A vulnerability in the web-based management interface of Cisco
Smart S ...)
NOT-FOR-US: Cisco
CVE-2021-1221 (A vulnerability in the user interface of Cisco Webex Meetings
and Cisc ...)
@@ -166740,7 +166750,8 @@ CVE-2020-3317 (A vulnerability in the ssl_inspection
component of Cisco Firepowe
CVE-2020-3316
RESERVED
CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the
Snort d ...)
- NOT-FOR-US: Cisco
+ - snort <unfixed>
+ NOTE:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort_filepolbypass-m4X5DgOP
CVE-2020-3314 (A vulnerability in the file scan process of Cisco AMP for
Endpoints Ma ...)
NOT-FOR-US: Cisco
CVE-2020-3313 (A vulnerability in the web UI of Cisco Firepower Management
Center (FM ...)
@@ -166772,7 +166783,8 @@ CVE-2020-3301 (Multiple vulnerabilities in Cisco
Firepower Management Center (FM
CVE-2020-3300
RESERVED
CVE-2020-3299 (Multiple Cisco products are affected by a vulnerability in the
Snort d ...)
- NOT-FOR-US: Cisco
+ - snort 2.9.15.1-1
+ NOTE:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-bypass-3eCfd24j
CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF)
implementation ...)
NOT-FOR-US: Cisco
CVE-2020-3297 (A vulnerability in session management for the web-based
interface of C ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6b38c50cf804deac2a831e7fba67a01cf9da51
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6b38c50cf804deac2a831e7fba67a01cf9da51
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
