Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
96341a76 by Salvatore Bonaccorso at 2022-04-20T21:54:43+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19361,7 +19361,7 @@ CVE-2022-22968 (In Spring Framework versions 5.3.0 -
5.3.18, 5.2.0 - 5.2.20, and
CVE-2022-22967
RESERVED
CVE-2022-22966 (An authenticated, high privileged malicious actor with network
access ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-22965 (A Spring MVC or Spring WebFlux application running on JDK 9+
may be vu ...)
- libspring-java <unfixed>
[stretch] - libspring-java <end-of-life>
@@ -19646,7 +19646,7 @@ CVE-2022-22850 (A Stored Cross Site Scripting (XSS)
vulnerability exists in Sour
CVE-2022-22849
RESERVED
CVE-2022-22149 (A SQL injection vulnerability exists in the
HelpdeskEmailActions.aspx ...)
- TODO: check
+ NOT-FOR-US: Lansweeper
CVE-2022-0176 (The PowerPack Lite for Beaver Builder WordPress plugin before
1.2.9.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0175 [memory initialization issue in vrend_resource_alloc_buffer()
can lead to info leak]
@@ -23874,41 +23874,41 @@ CVE-2022-22200
CVE-2022-22199
RESERVED
CVE-2022-22198 (An Access of Uninitialized Pointer vulnerability in the SIP
ALG of Jun ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22197 (An Operation on a Resource after Expiration or Release
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22196 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22195 (An Improper Update of Reference Count vulnerability in the
kernel of J ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22194 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22193 (An Improper Handling of Unexpected Data Type vulnerability in
the Rout ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22192
RESERVED
CVE-2022-22191 (A Denial of Service (DoS) vulnerability in the processing of a
flood o ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22190 (An Improper Access Control vulnerability in the Juniper
Networks Parag ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22189 (An Incorrect Ownership Assignment vulnerability in Juniper
Networks Co ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22188 (An Uncontrolled Memory Allocation vulnerability leading to a
Heap-base ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22187 (An Improper Privilege Management vulnerability in the Windows
Installe ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22186 (Due to an Improper Initialization vulnerability in Juniper
Networks Ju ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22185 (A vulnerability in Juniper Networks Junos OS on SRX Series,
allows a n ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22184
RESERVED
CVE-2022-22183 (An Improper Access Control vulnerability in Juniper Networks
Junos OS ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22182 (A Cross-site Scripting (XSS) vulnerability in Juniper Networks
Junos O ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22181 (A reflected Cross-site Scripting (XSS) vulnerability in J-Web
of Junip ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22180 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
NOT-FOR-US: Juniper
CVE-2022-22179 (A Improper Validation of Specified Index, Position, or Offset
in Input ...)
@@ -23974,7 +23974,7 @@ CVE-2022-21215 (This vulnerability could allow an
attacker to force the server t
CVE-2022-21196 (MMP: All versions prior to v1.0.3, PTP C-series: Device
versions prior ...)
NOT-FOR-US: Airspan Networks
CVE-2022-21155 (A specially crafted packet sent to the Fernhill SCADA Server
Version 3 ...)
- TODO: check
+ NOT-FOR-US: Fernhill SCADA Server
CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a
stack-based b ...)
NOT-FOR-US: Omron CX-One
CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for
Node.js ...)
@@ -24863,9 +24863,9 @@ CVE-2022-22011
CVE-2022-22010 (Media Foundation Information Disclosure Vulnerability. This
CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2022-22009 (Windows Hyper-V Remote Code Execution Vulnerability. This CVE
ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-22008 (Windows Hyper-V Remote Code Execution Vulnerability. This CVE
ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-22007 (HEVC Video Extensions Remote Code Execution Vulnerability.
This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-22006 (HEVC Video Extensions Remote Code Execution Vulnerability.
This CVE ID ...)
@@ -24915,7 +24915,7 @@ CVE-2022-21985 (Windows Remote Access Connection
Manager Information Disclosure
CVE-2022-21984 (Windows DNS Server Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-21983 (Win32 Stream Enumeration Remote Code Execution Vulnerability.
This CVE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-21982
RESERVED
CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
@@ -27503,7 +27503,7 @@ CVE-2021-4039 (A command injection vulnerability in the
web interface of the Zyx
CVE-2021-44520 (In Citrix XenMobile Server through 10.12 RP9, there is an
Authenticate ...)
NOT-FOR-US: Citrix XenMobile Server
CVE-2021-44519 (In Citrix XenMobile Server through 10.12 RP9, there is an
Authenticate ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel
Padlock ...)
NOT-FOR-US: eGeeTouch 3rd Generation Travel Padlock application for
Android
CVE-2021-44517
@@ -33030,25 +33030,25 @@ CVE-2022-20765
CVE-2022-20764
RESERVED
CVE-2022-20763 (A vulnerability in the login authorization components of Cisco
Webex M ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20762 (A vulnerability in the Common Execution Environment (CEE)
ConfD CLI of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20761 (A vulnerability in the integrated wireless access point (AP)
packet pr ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20760
RESERVED
CVE-2022-20759
RESERVED
CVE-2022-20758 (A vulnerability in the implementation of the Border Gateway
Protocol ( ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20757
RESERVED
CVE-2022-20756 (A vulnerability in the RADIUS feature of Cisco Identity
Services Engin ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20755 (Multiple vulnerabilities in the API and web-based management
interface ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20754 (Multiple vulnerabilities in the API and web-based management
interface ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20753
RESERVED
CVE-2022-20752
@@ -33062,7 +33062,7 @@ CVE-2022-20749 (Multiple vulnerabilities in Cisco Small
Business RV160, RV260, R
CVE-2022-20748
RESERVED
CVE-2022-20747 (A vulnerability in the History API of Cisco SD-WAN vManage
Software co ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20746
RESERVED
CVE-2022-20745
@@ -33074,11 +33074,11 @@ CVE-2022-20743
CVE-2022-20742
RESERVED
CVE-2022-20741 (A vulnerability in the web-based management interface of the
Network D ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20740
RESERVED
CVE-2022-20739 (A vulnerability in the CLI of Cisco SD-WAN vManage Software
could allo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway
service could ...)
NOT-FOR-US: Cisco
CVE-2022-20737
@@ -33086,7 +33086,7 @@ CVE-2022-20737
CVE-2022-20736
RESERVED
CVE-2022-20735 (A vulnerability in the web-based management interface of Cisco
SD-WAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20734
RESERVED
CVE-2022-20733
@@ -33094,7 +33094,7 @@ CVE-2022-20733
CVE-2022-20732
RESERVED
CVE-2022-20731 (Multiple vulnerabilities that affect Cisco Catalyst Digital
Building S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20730
RESERVED
CVE-2022-20729
@@ -33122,13 +33122,13 @@ CVE-2022-20719 (Multiple vulnerabilities in the Cisco
IOx application hosting en
CVE-2022-20718 (Multiple vulnerabilities in the Cisco IOx application hosting
environm ...)
NOT-FOR-US: Cisco IOx
CVE-2022-20717 (A vulnerability in the NETCONF process of Cisco SD-WAN vEdge
Routers c ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20716 (A vulnerability in the CLI of Cisco SD-WAN Software could
allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20715
RESERVED
CVE-2022-20714 (A vulnerability in the data plane microcode of Lightspeed-Plus
line ca ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20713
RESERVED
CVE-2022-20712 (Multiple vulnerabilities in Cisco Small Business RV160, RV260,
RV340, ...)
@@ -33167,17 +33167,17 @@ CVE-2022-20698 (A vulnerability in the OOXML parsing
module in Clam AntiVirus (C
NOTE:
https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html
NOTE:
https://github.com/Cisco-Talos/clamav/commit/9a6bb57f89721db637f4ddb5b233c1c4e23d223a
(0.103.5)
CVE-2022-20697 (A vulnerability in the web services interface of Cisco IOS
Software an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20696
RESERVED
CVE-2022-20695 (A vulnerability in the authentication functionality of Cisco
Wireless ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20694 (A vulnerability in the implementation of the Resource Public
Key Infra ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20693 (A vulnerability in the web UI feature of Cisco IOS XE Software
could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20692 (A vulnerability in the NETCONF over SSH feature of Cisco IOS
XE Softwa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20691
RESERVED
CVE-2022-20690
@@ -33193,25 +33193,25 @@ CVE-2022-20686
CVE-2022-20685
RESERVED
CVE-2022-20684 (A vulnerability in Simple Network Management Protocol (SNMP)
trap gene ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20683 (A vulnerability in the Application Visibility and Control
(AVC-FNF) fe ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20682 (A vulnerability in the Control and Provisioning of Wireless
Access Poi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20681 (A vulnerability in the CLI of Cisco IOS XE Software for Cisco
Catalyst ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20680 (A vulnerability in the web-based management interface of Cisco
Prime S ...)
NOT-FOR-US: Cisco
CVE-2022-20679 (A vulnerability in the IPSec decryption routine of Cisco IOS
XE Softwa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20678 (A vulnerability in the AppNav-XE feature of Cisco IOS XE
Software coul ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20677 (Multiple vulnerabilities in the Cisco IOx application hosting
environm ...)
NOT-FOR-US: Cisco IOx
CVE-2022-20676 (A vulnerability in the Tool Command Language (Tcl) interpreter
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20675 (A vulnerability in the TCP/IP stack of Cisco Email Security
Appliance ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20674
RESERVED
CVE-2022-20673
@@ -33231,7 +33231,7 @@ CVE-2022-20667
CVE-2022-20666
RESERVED
CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an
authenticate ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20664
RESERVED
CVE-2022-20663
@@ -33239,7 +33239,7 @@ CVE-2022-20663
CVE-2022-20662
RESERVED
CVE-2022-20661 (Multiple vulnerabilities that affect Cisco Catalyst Digital
Building S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20660 (A vulnerability in the information storage architecture of
several Cis ...)
NOT-FOR-US: Cisco
CVE-2022-20659 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
@@ -33317,7 +33317,7 @@ CVE-2022-20624 (A vulnerability in the Cisco Fabric
Services over IP (CFSoIP) fe
CVE-2022-20623 (A vulnerability in the rate limiter for Bidirectional
Forwarding Detec ...)
NOT-FOR-US: Cisco
CVE-2022-20622 (A vulnerability in IP ingress packet processing of the Cisco
Embedded ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-43256 (Microsoft Excel Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-43255 (Microsoft Office Trust Center Spoofing Vulnerability ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96341a76e29d74a412397ec0c48bd5711ad65c71
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96341a76e29d74a412397ec0c48bd5711ad65c71
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
