Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a0f5878d by security tracker role at 2022-09-30T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,323 @@
+CVE-2022-41983
+ RESERVED
+CVE-2022-41976
+ RESERVED
+CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before
6.22.826 on Win ...)
+ TODO: check
+CVE-2022-41974
+ RESERVED
+CVE-2022-41973
+ RESERVED
+CVE-2022-41972
+ RESERVED
+CVE-2022-41971
+ RESERVED
+CVE-2022-41970
+ RESERVED
+CVE-2022-41969
+ RESERVED
+CVE-2022-41968
+ RESERVED
+CVE-2022-41967
+ RESERVED
+CVE-2022-41966
+ RESERVED
+CVE-2022-41965
+ RESERVED
+CVE-2022-41964
+ RESERVED
+CVE-2022-41963
+ RESERVED
+CVE-2022-41962
+ RESERVED
+CVE-2022-41961
+ RESERVED
+CVE-2022-41960
+ RESERVED
+CVE-2022-41959
+ RESERVED
+CVE-2022-41958
+ RESERVED
+CVE-2022-41957
+ RESERVED
+CVE-2022-41956
+ RESERVED
+CVE-2022-41955
+ RESERVED
+CVE-2022-41954
+ RESERVED
+CVE-2022-41953
+ RESERVED
+CVE-2022-41952
+ RESERVED
+CVE-2022-41951
+ RESERVED
+CVE-2022-41950
+ RESERVED
+CVE-2022-41949
+ RESERVED
+CVE-2022-41948
+ RESERVED
+CVE-2022-41947
+ RESERVED
+CVE-2022-41946
+ RESERVED
+CVE-2022-41945
+ RESERVED
+CVE-2022-41944
+ RESERVED
+CVE-2022-41943
+ RESERVED
+CVE-2022-41942
+ RESERVED
+CVE-2022-41941
+ RESERVED
+CVE-2022-41940
+ RESERVED
+CVE-2022-41939
+ RESERVED
+CVE-2022-41938
+ RESERVED
+CVE-2022-41937
+ RESERVED
+CVE-2022-41936
+ RESERVED
+CVE-2022-41935
+ RESERVED
+CVE-2022-41934
+ RESERVED
+CVE-2022-41933
+ RESERVED
+CVE-2022-41932
+ RESERVED
+CVE-2022-41931
+ RESERVED
+CVE-2022-41930
+ RESERVED
+CVE-2022-41929
+ RESERVED
+CVE-2022-41928
+ RESERVED
+CVE-2022-41927
+ RESERVED
+CVE-2022-41926
+ RESERVED
+CVE-2022-41925
+ RESERVED
+CVE-2022-41924
+ RESERVED
+CVE-2022-41923
+ RESERVED
+CVE-2022-41922
+ RESERVED
+CVE-2022-41921
+ RESERVED
+CVE-2022-41920
+ RESERVED
+CVE-2022-41919
+ RESERVED
+CVE-2022-41918
+ RESERVED
+CVE-2022-41917
+ RESERVED
+CVE-2022-41916
+ RESERVED
+CVE-2022-41915
+ RESERVED
+CVE-2022-41914
+ RESERVED
+CVE-2022-41913
+ RESERVED
+CVE-2022-41912
+ RESERVED
+CVE-2022-41911
+ RESERVED
+CVE-2022-41910
+ RESERVED
+CVE-2022-41909
+ RESERVED
+CVE-2022-41908
+ RESERVED
+CVE-2022-41907
+ RESERVED
+CVE-2022-41906
+ RESERVED
+CVE-2022-41905
+ RESERVED
+CVE-2022-41904
+ RESERVED
+CVE-2022-41903
+ RESERVED
+CVE-2022-41902
+ RESERVED
+CVE-2022-41901
+ RESERVED
+CVE-2022-41900
+ RESERVED
+CVE-2022-41899
+ RESERVED
+CVE-2022-41898
+ RESERVED
+CVE-2022-41897
+ RESERVED
+CVE-2022-41896
+ RESERVED
+CVE-2022-41895
+ RESERVED
+CVE-2022-41894
+ RESERVED
+CVE-2022-41893
+ RESERVED
+CVE-2022-41892
+ RESERVED
+CVE-2022-41891
+ RESERVED
+CVE-2022-41890
+ RESERVED
+CVE-2022-41889
+ RESERVED
+CVE-2022-41888
+ RESERVED
+CVE-2022-41887
+ RESERVED
+CVE-2022-41886
+ RESERVED
+CVE-2022-41885
+ RESERVED
+CVE-2022-41884
+ RESERVED
+CVE-2022-41883
+ RESERVED
+CVE-2022-41882
+ RESERVED
+CVE-2022-41881
+ RESERVED
+CVE-2022-41880
+ RESERVED
+CVE-2022-41879
+ RESERVED
+CVE-2022-41878
+ RESERVED
+CVE-2022-41877
+ RESERVED
+CVE-2022-41876
+ RESERVED
+CVE-2022-41875
+ RESERVED
+CVE-2022-41874
+ RESERVED
+CVE-2022-41873
+ RESERVED
+CVE-2022-41872
+ RESERVED
+CVE-2022-41871
+ RESERVED
+CVE-2022-41870 (AP Manager in Innovaphone before 13r2 Service Release 17
allows comman ...)
+ TODO: check
+CVE-2022-41869
+ RESERVED
+CVE-2022-41868
+ RESERVED
+CVE-2022-41867
+ RESERVED
+CVE-2022-41866
+ RESERVED
+CVE-2022-41865
+ RESERVED
+CVE-2022-41864
+ RESERVED
+CVE-2022-41863
+ RESERVED
+CVE-2022-41862
+ RESERVED
+CVE-2022-41861
+ RESERVED
+CVE-2022-41860
+ RESERVED
+CVE-2022-41859
+ RESERVED
+CVE-2022-41858
+ RESERVED
+CVE-2022-41857
+ RESERVED
+CVE-2022-41856
+ RESERVED
+CVE-2022-41855
+ RESERVED
+CVE-2022-41854
+ RESERVED
+CVE-2022-41853
+ RESERVED
+CVE-2022-41852
+ RESERVED
+CVE-2022-41851
+ RESERVED
+CVE-2022-41836
+ RESERVED
+CVE-2022-41835
+ RESERVED
+CVE-2022-41833
+ RESERVED
+CVE-2022-41832
+ RESERVED
+CVE-2022-41813
+ RESERVED
+CVE-2022-41806
+ RESERVED
+CVE-2022-41800
+ RESERVED
+CVE-2022-41787
+ RESERVED
+CVE-2022-41780
+ RESERVED
+CVE-2022-41770
+ RESERVED
+CVE-2022-41694
+ RESERVED
+CVE-2022-41691
+ RESERVED
+CVE-2022-41624
+ RESERVED
+CVE-2022-41622
+ RESERVED
+CVE-2022-41617
+ RESERVED
+CVE-2022-36795
+ RESERVED
+CVE-2022-3381
+ RESERVED
+CVE-2022-3380
+ RESERVED
+CVE-2022-3379
+ RESERVED
+CVE-2022-3378
+ RESERVED
+CVE-2022-3377
+ RESERVED
+CVE-2022-3376
+ RESERVED
+CVE-2022-3375
+ RESERVED
+CVE-2022-3374
+ RESERVED
+CVE-2022-3373
+ RESERVED
+CVE-2022-3372
+ RESERVED
+CVE-2022-3371 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
+ TODO: check
+CVE-2022-3370
+ RESERVED
+CVE-2022-3369
+ RESERVED
+CVE-2022-3368
+ RESERVED
+CVE-2021-46844
+ RESERVED
+CVE-2021-46843
+ RESERVED
+CVE-2021-46842
+ RESERVED
CVE-2022-41847 (An issue was discovered in Bento4 1.6.0-639. A memory leak
exists in A ...)
NOT-FOR-US: Bento4
CVE-2022-41846 (An issue was discovered in Bento4 1.6.0-639. There ie
excessive memory ...)
@@ -1030,14 +1350,14 @@ CVE-2022-41442
RESERVED
CVE-2022-41441
RESERVED
-CVE-2022-41440
- RESERVED
-CVE-2022-41439
- RESERVED
+CVE-2022-41440 (Billing System Project v1.0 was discovered to contain a SQL
injection ...)
+ TODO: check
+CVE-2022-41439 (Billing System Project v1.0 was discovered to contain a SQL
injection ...)
+ TODO: check
CVE-2022-41438
RESERVED
-CVE-2022-41437
- RESERVED
+CVE-2022-41437 (Billing System Project v1.0 was discovered to contain a remote
code ex ...)
+ TODO: check
CVE-2022-41436
RESERVED
CVE-2022-41435
@@ -2231,10 +2551,10 @@ CVE-2022-40946
RESERVED
CVE-2022-40945
RESERVED
-CVE-2022-40944
- RESERVED
-CVE-2022-40943
- RESERVED
+CVE-2022-40944 (Dairy Farm Shop Management System 1.0 is vulnerable to SQL
Injection v ...)
+ TODO: check
+CVE-2022-40943 (Dairy Farm Shop Management System 1.0 is vulnerable to SQL
Injection v ...)
+ TODO: check
CVE-2022-40942 (Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack
overflow vi ...)
NOT-FOR-US: Tenda
CVE-2022-40941
@@ -2273,8 +2593,8 @@ CVE-2022-40925 (Zoo Management System v1.0 has an
arbitrary file upload vulnerab
NOT-FOR-US: Zoo Management System
CVE-2022-40924 (Zoo Management System v1.0 has an arbitrary file upload
vulnerability ...)
NOT-FOR-US: Zoo Management System
-CVE-2022-40923
- RESERVED
+CVE-2022-40923 (A vulnerability in the
LIEF::MachO::SegmentCommand::virtual_address fu ...)
+ TODO: check
CVE-2022-40922
RESERVED
CVE-2022-40921
@@ -2614,8 +2934,8 @@ CVE-2022-40758 (A Buffer Access with Incorrect Length
Value vulnerablity in the
NOT-FOR-US: Samsung mTower
CVE-2022-40757 (A Buffer Access with Incorrect Length Value vulnerablity in
the TEE_MA ...)
NOT-FOR-US: Samsung mTower
-CVE-2022-40756
- RESERVED
+CVE-2022-40756 (If folder security is misconfigured for Actian Zen PSQL BEFORE
Patch U ...)
+ TODO: check
CVE-2022-40755 (JasPer 3.0.6 allows denial of service via a reachable
assertion in the ...)
- jasper <removed>
NOTE: https://github.com/jasper-software/jasper/issues/338
@@ -3647,8 +3967,8 @@ CVE-2022-40343
RESERVED
CVE-2022-40342
RESERVED
-CVE-2022-40341
- RESERVED
+CVE-2022-40341 (mojoPortal v2.7 was discovered to contain an arbitrary file
upload vul ...)
+ TODO: check
CVE-2022-40340
RESERVED
CVE-2022-40339
@@ -3702,17 +4022,13 @@ CVE-2022-40318
RESERVED
CVE-2022-40317 (OpenKM 6.3.11 allows stored XSS related to the
javascript&colon; s ...)
NOT-FOR-US: OpenKM
-CVE-2022-40316
- RESERVED
+CVE-2022-40316 (The H5P activity attempts report did not filter by groups,
which in se ...)
- moodle <removed>
-CVE-2022-40315
- RESERVED
+CVE-2022-40315 (A limited SQL injection risk was identified in the "browse
list of use ...)
- moodle <removed>
-CVE-2022-40314
- RESERVED
+CVE-2022-40314 (A remote code execution risk when restoring backup files
originating f ...)
- moodle <removed>
-CVE-2022-40313
- RESERVED
+CVE-2022-40313 (Recursive rendering of Mustache template helpers containing
user input ...)
- moodle <removed>
CVE-2022-40309
RESERVED
@@ -3801,14 +4117,14 @@ CVE-2022-40279 (An issue was discovered in Samsung
TizenRT through 3.0_GBM (and
NOT-FOR-US: Samsung TizenRT
CVE-2022-40278 (An issue was discovered in Samsung TizenRT through 3.0_GBM
(and 3.1_PR ...)
NOT-FOR-US: Samsung TizenRT
-CVE-2022-40277
- RESERVED
+CVE-2022-40277 (Joplin version 2.8.8 allows an external attacker to execute
arbitrary ...)
+ TODO: check
CVE-2022-40276
RESERVED
CVE-2022-40275
RESERVED
-CVE-2022-40274
- RESERVED
+CVE-2022-40274 (Gridea version 0.9.3 allows an external attacker to execute
arbitrary ...)
+ TODO: check
CVE-2022-40273
RESERVED
CVE-2022-40272
@@ -4876,7 +5192,7 @@ CVE-2022-39819 (In NOKIA 1350 OMS R14.2, multiple OS
Command Injection vulnerabi
NOT-FOR-US: NOKIA
CVE-2022-39818
RESERVED
-CVE-2022-39817 (In NOKIA 1350 OMS R14.2, multiple SQL Injection
vulnerabilities occur ...)
+CVE-2022-39817 (In NOKIA 1350 OMS R14.2, multiple SQL Injection
vulnerabilities occurs ...)
NOT-FOR-US: NOKIA
CVE-2022-39816 (In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials
(clearte ...)
NOT-FOR-US: NOKIA
@@ -11003,8 +11319,8 @@ CVE-2022-37463
RESERVED
CVE-2022-37462
RESERVED
-CVE-2022-37461
- RESERVED
+CVE-2022-37461 (Multiple cross-site scripting (XSS) vulnerabilities in Canon
Medical V ...)
+ TODO: check
CVE-2022-37460
RESERVED
CVE-2022-37459 (Ampere Altra devices before 1.08g and Ampere Altra Max devices
before ...)
@@ -12510,16 +12826,16 @@ CVE-2022-36967 (In Progress WS_FTP Server prior to
version 8.7.3, multiple refle
NOT-FOR-US: Progress WS_FTP Server
CVE-2022-36966
RESERVED
-CVE-2022-36965
- RESERVED
+CVE-2022-36965 (Insufficient sanitization of inputs in QoE application input
field cou ...)
+ TODO: check
CVE-2022-36964
RESERVED
CVE-2022-36963
RESERVED
CVE-2022-36962
RESERVED
-CVE-2022-36961
- RESERVED
+CVE-2022-36961 (A vulnerable component of Orion Platform was vulnerable to SQL
Injecti ...)
+ TODO: check
CVE-2022-36960
RESERVED
CVE-2022-36959
@@ -13655,8 +13971,8 @@ CVE-2022-2531 (An issue has been discovered in GitLab
EE affecting all versions
- gitlab <not-affected> (Specific to EE)
CVE-2022-2530
RESERVED
-CVE-2022-2529
- RESERVED
+CVE-2022-2529 (sflow decode package does not employ sufficient packet
sanitisation wh ...)
+ TODO: check
CVE-2022-2528 (In affected versions of Octopus Deploy it is possible to upload
a pack ...)
NOT-FOR-US: Octopus Deploy
CVE-2022-36439
@@ -17138,10 +17454,10 @@ CVE-2022-35158 (A vulnerability in the lua parser of
TscanCode tsclua v2.15.01 a
NOT-FOR-US: TScanCode
CVE-2022-35157
RESERVED
-CVE-2022-35156
- RESERVED
-CVE-2022-35155
- RESERVED
+CVE-2022-35156 (Bus Pass Management System 1.0 was discovered to contain a SQL
Injecti ...)
+ TODO: check
+CVE-2022-35155 (Bus Pass Management System v1.0 was discovered to contain a
reflected ...)
+ TODO: check
CVE-2022-35154 (Shopro Mall System v1.3.8 was discovered to contain a SQL
injection vu ...)
NOT-FOR-US: Shopro Mall System
CVE-2022-35153 (FusionPBX 5.0.1 was discovered to contain a command injection
vulnerab ...)
@@ -23954,8 +24270,8 @@ CVE-2022-32542
RESERVED
CVE-2022-32541
RESERVED
-CVE-2022-32540
- RESERVED
+CVE-2022-32540 (Information Disclosure in Operator Client application in BVMS
10.1.1, ...)
+ TODO: check
CVE-2022-32539
RESERVED
CVE-2022-32538
@@ -24918,7 +25234,7 @@ CVE-2022-32217 (A cleartext storage of sensitive
information exists in Rocket.Ch
NOT-FOR-US: Rockert.Chat
CVE-2022-32216
RESERVED
-CVE-2022-32215 (The llhttp parser in the http module in Node v17.6.0 does not
correctl ...)
+CVE-2022-32215 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1
in the ht ...)
- nodejs 18.6.0+dfsg-3
[buster] - nodejs <not-affected> (llhttp dependency/embedding
introduced in 12.x)
- llhttp <itp> (bug #977716)
@@ -24926,14 +25242,14 @@ CVE-2022-32215 (The llhttp parser in the http module
in Node v17.6.0 does not co
NOTE:
https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd
(v14.x)
NOTE:
https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a
(main)
NOTE:
https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-multi-line-transfer-encoding-medium-improper-fix-for-cve-2022-32215
-CVE-2022-32214 (The llhttp parser in the http module in Node.js does not
strictly use ...)
+CVE-2022-32214 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1
in the ht ...)
- nodejs 18.6.0+dfsg-3
[buster] - nodejs <not-affected> (llhttp dependency/embedding
introduced in 12.x)
- llhttp <itp> (bug #977716)
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#http-request-smuggling-improper-delimiting-of-header-fields-medium-cve-2022-32214
NOTE:
https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd
(v14.x)
NOTE:
https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a
(main)
-CVE-2022-32213 (The llhttp parser in the http module in Node.js v17.x does not
correct ...)
+CVE-2022-32213 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1
in the ht ...)
- nodejs 18.6.0+dfsg-3
[buster] - nodejs <not-affected> (llhttp dependency/embedding
introduced in 12.x)
- llhttp <itp> (bug #977716)
@@ -25232,8 +25548,8 @@ CVE-2022-1961 (The Google Tag Manager for WordPress
(GTM4WP) plugin is vulnerabl
NOT-FOR-US: WordPress plugin
CVE-2022-1960 (The MyCSS WordPress plugin through 1.1 does not have CSRF check
in pla ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1959
- RESERVED
+CVE-2022-1959 (AppLock version 7.9.29 allows an attacker with physical access
to the ...)
+ TODO: check
CVE-2022-1958 (A vulnerability classified as critical has been found in
FileCloud. Af ...)
NOT-FOR-US: FileCloud
CVE-2022-1957 (The Comment License WordPress plugin before 1.4.0 does not have
CSRF c ...)
@@ -28270,6 +28586,7 @@ CVE-2022-31082 (GLPI is a Free Asset and IT Management
Software package, Data ce
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
CVE-2022-31081 (HTTP::Daemon is a simple http server class written in perl.
Versions p ...)
+ {DLA-3127-1}
- libhttp-daemon-perl 6.14-1.1 (bug #1014808)
[bullseye] - libhttp-daemon-perl 6.12-1+deb11u1
NOTE:
https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf
@@ -35000,8 +35317,8 @@ CVE-2022-28853 (Adobe InDesign versions 16.4.2 (and
earlier) and 17.3 (and earli
NOT-FOR-US: Adobe
CVE-2022-28852 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and
earlier) ar ...)
NOT-FOR-US: Adobe
-CVE-2022-28851
- RESERVED
+CVE-2022-28851 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is
affected b ...)
+ TODO: check
CVE-2022-28850 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by an o ...)
NOT-FOR-US: Adobe
CVE-2022-28849 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by a Us ...)
@@ -50953,8 +51270,8 @@ CVE-2022-23728 (Attacker can reset the device with AT
Command in the process of
NOT-FOR-US: LG
CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS
TVs. Due t ...)
NOT-FOR-US: LG
-CVE-2022-23726
- RESERVED
+CVE-2022-23726 (PingCentral versions prior to listed versions expose Spring
Boot actua ...)
+ TODO: check
CVE-2022-23725 (PingID Windows Login prior to 2.8 does not properly set
permissions on ...)
NOT-FOR-US: pingidentity
CVE-2022-23724 (Use of static encryption key material allows forging an
authentication ...)
@@ -60639,8 +60956,8 @@ CVE-2022-21828 (A user with high privilege access to
the Incapptic Connect web c
NOT-FOR-US: Ivanti
CVE-2022-21827 (An improper privilege vulnerability has been discovered in
Citrix Gate ...)
NOT-FOR-US: Citrix
-CVE-2022-21826
- RESERVED
+CVE-2022-21826 (Pulse Secure version 9.115 and below may be susceptible to
client-side ...)
+ TODO: check
CVE-2022-21825 (An Improper Access Control vulnerability exists in Citrix
Workspace Ap ...)
NOT-FOR-US: Citrix
CVE-2022-21823 (A insecure storage of sensitive information vulnerability
exists in Iv ...)
@@ -67084,8 +67401,8 @@ CVE-2022-20947
RESERVED
CVE-2022-20946
RESERVED
-CVE-2022-20945
- RESERVED
+CVE-2022-20945 (A vulnerability in the 802.11 association frame validation of
Cisco Ca ...)
+ TODO: check
CVE-2022-20944
RESERVED
CVE-2022-20943
@@ -67114,8 +67431,8 @@ CVE-2022-20932
RESERVED
CVE-2022-20931
RESERVED
-CVE-2022-20930
- RESERVED
+CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could
allow an aut ...)
+ TODO: check
CVE-2022-20929
RESERVED
CVE-2022-20928
@@ -67136,8 +67453,8 @@ CVE-2022-20921 (A vulnerability in the API
implementation of Cisco ACI Multi-Sit
NOT-FOR-US: Cisco
CVE-2022-20920
RESERVED
-CVE-2022-20919
- RESERVED
+CVE-2022-20919 (A vulnerability in the processing of malformed Common
Industrial Proto ...)
+ TODO: check
CVE-2022-20918
RESERVED
CVE-2022-20917
@@ -67262,32 +67579,32 @@ CVE-2022-20858 (Multiple vulnerabilities in Cisco
Nexus Dashboard could allow an
NOT-FOR-US: Cisco
CVE-2022-20857 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow
an unaut ...)
NOT-FOR-US: Cisco
-CVE-2022-20856
- RESERVED
-CVE-2022-20855
- RESERVED
+CVE-2022-20856 (A vulnerability in the processing of Control and Provisioning
of Wirel ...)
+ TODO: check
+CVE-2022-20855 (A vulnerability in the self-healing functionality of Cisco IOS
XE Soft ...)
+ TODO: check
CVE-2022-20854
RESERVED
CVE-2022-20853
RESERVED
CVE-2022-20852 (Multiple vulnerabilities in the web interface of Cisco Webex
Meetings ...)
NOT-FOR-US: Cisco
-CVE-2022-20851
- RESERVED
-CVE-2022-20850
- RESERVED
+CVE-2022-20851 (A vulnerability in the web UI feature of Cisco IOS XE Software
could a ...)
+ TODO: check
+CVE-2022-20850 (A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN
Software ...)
+ TODO: check
CVE-2022-20849
RESERVED
-CVE-2022-20848
- RESERVED
-CVE-2022-20847
- RESERVED
+CVE-2022-20848 (A vulnerability in the UDP processing functionality of Cisco
IOS XE So ...)
+ TODO: check
+CVE-2022-20847 (A vulnerability in the DHCP processing functionality of Cisco
IOS XE W ...)
+ TODO: check
CVE-2022-20846
RESERVED
CVE-2022-20845
RESERVED
-CVE-2022-20844
- RESERVED
+CVE-2022-20844 (A vulnerability in authentication mechanism of Cisco
Software-Defined ...)
+ TODO: check
CVE-2022-20843
RESERVED
CVE-2022-20842 (Multiple vulnerabilities in Cisco Small Business RV160, RV260,
RV340, ...)
@@ -67338,8 +67655,8 @@ CVE-2022-20820 (Multiple vulnerabilities in the web
interface of Cisco Webex Mee
NOT-FOR-US: Cisco
CVE-2022-20819 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
-CVE-2022-20818
- RESERVED
+CVE-2022-20818 (Multiple vulnerabilities in the CLI of Cisco SD-WAN Software
could all ...)
+ TODO: check
CVE-2022-20817 (A vulnerability in Cisco Unified IP Phones could allow an
unauthentica ...)
NOT-FOR-US: Cisco
CVE-2022-20816 (A vulnerability in the web-based management interface of Cisco
Unified ...)
@@ -67354,8 +67671,8 @@ CVE-2022-20812 (Multiple vulnerabilities in the API and
in the web-based managem
NOT-FOR-US: Cisco
CVE-2022-20811
RESERVED
-CVE-2022-20810
- RESERVED
+CVE-2022-20810 (A vulnerability in the Simple Network Management Protocol
(SNMP) of Ci ...)
+ TODO: check
CVE-2022-20809 (Multiple vulnerabilities in the API and web-based management
interface ...)
NOT-FOR-US: Cisco
CVE-2022-20808 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM
On-Prem) ...)
@@ -67438,8 +67755,8 @@ CVE-2022-20777 (Multiple vulnerabilities in Cisco
Enterprise NFV Infrastructure
NOT-FOR-US: Cisco
CVE-2022-20776
RESERVED
-CVE-2022-20775
- RESERVED
+CVE-2022-20775 (Multiple vulnerabilities in the CLI of Cisco SD-WAN Software
could all ...)
+ TODO: check
CVE-2022-20774 (A vulnerability in the web-based management interface of Cisco
IP Phon ...)
NOT-FOR-US: Cisco
CVE-2022-20773 (A vulnerability in the key-based SSH authentication mechanism
of Cisco ...)
@@ -67458,8 +67775,8 @@ CVE-2022-20770 (On April 20, 2022, the following
vulnerability in the ClamAV sca
[bullseye] - clamav 0.103.6+dfsg-0+deb11u1
[buster] - clamav 0.103.6+dfsg-0+deb10u1
NOTE:
https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
-CVE-2022-20769
- RESERVED
+CVE-2022-20769 (A vulnerability in the authentication functionality of Cisco
Wireless ...)
+ TODO: check
CVE-2022-20768 (A vulnerability in the logging component of Cisco TelePresence
Collabo ...)
NOT-FOR-US: Cisco
CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco
Firepow ...)
@@ -67540,8 +67857,8 @@ CVE-2022-20730 (A vulnerability in the Security
Intelligence feed feature of Cis
NOT-FOR-US: Cisco Firepower
CVE-2022-20729 (A vulnerability in CLI of Cisco Firepower Threat Defense (FTD)
Softwar ...)
NOT-FOR-US: Cisco Firepower
-CVE-2022-20728
- RESERVED
+CVE-2022-20728 (A vulnerability in the client forwarding code of multiple
Cisco Access ...)
+ TODO: check
CVE-2022-20727 (Multiple vulnerabilities in the Cisco IOx application hosting
environm ...)
NOT-FOR-US: Cisco IOx
CVE-2022-20726 (Multiple vulnerabilities in the Cisco IOx application hosting
environm ...)
@@ -67677,8 +67994,8 @@ CVE-2022-20664 (A vulnerability in the web management
interface of Cisco Secure
NOT-FOR-US: Cisco
CVE-2022-20663
RESERVED
-CVE-2022-20662
- RESERVED
+CVE-2022-20662 (A vulnerability in the smart card login authentication of
Cisco Duo fo ...)
+ TODO: check
CVE-2022-20661 (Multiple vulnerabilities that affect Cisco Catalyst Digital
Building S ...)
NOT-FOR-US: Cisco
CVE-2022-20660 (A vulnerability in the information storage architecture of
several Cis ...)
@@ -78234,7 +78551,7 @@ CVE-2021-3733 (There's a flaw in urllib's
AbstractBasicAuthHandler class. An att
NOTE:
https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60
(3.8.10)
NOTE:
https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da
(3.7.11)
NOTE:
https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f
(3.6.14)
-CVE-2021-3732 (A security issue was found in Linux kernel’s OverlayFS
subsystem ...)
+CVE-2021-3732 (A flaw was found in the Linux kernel's OverlayFS subsystem in
the way ...)
{DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
@@ -85242,8 +85559,8 @@ CVE-2021-36867 (Stored Cross-Site Scripting (XSS)
vulnerability in Alexander Ust
NOT-FOR-US: WordPress plugin
CVE-2021-36866 (Authenticated (author or higher role) Stored Cross-Site
Scripting (XSS ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36865
- RESERVED
+CVE-2021-36865 (Insecure direct object references (IDOR) vulnerability in
ExpressTech ...)
+ TODO: check
CVE-2021-36864
RESERVED
CVE-2021-36863
@@ -85262,10 +85579,10 @@ CVE-2021-36857 (Authenticated (editor+) Stored
Cross-Site Scripting (XSS) vulner
NOT-FOR-US: WordPress plugin
CVE-2021-36856
RESERVED
-CVE-2021-36855
- RESERVED
-CVE-2021-36854
- RESERVED
+CVE-2021-36855 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery
(CSRF) vulne ...)
+ TODO: check
+CVE-2021-36854 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
Booking ...)
+ TODO: check
CVE-2021-36853
RESERVED
CVE-2021-36852 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress
WP Hotel ...)
@@ -85294,8 +85611,8 @@ CVE-2021-36841 (Authenticated Stored Cross-Site
Scripting (XSS) vulnerability in
NOT-FOR-US: WordPress plugin
CVE-2021-36840
RESERVED
-CVE-2021-36839
- RESERVED
+CVE-2021-36839 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
+ TODO: check
CVE-2021-36838
RESERVED
CVE-2021-36837
@@ -85312,8 +85629,8 @@ CVE-2021-36832 (WordPress Popups, Welcome Bar, Optins
and Lead Generation Plugin
NOT-FOR-US: WordPress plugins
CVE-2021-36831
RESERVED
-CVE-2021-36830
- RESERVED
+CVE-2021-36830 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
+ TODO: check
CVE-2021-36829 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36828 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP
Mainten ...)
@@ -93784,8 +94101,8 @@ CVE-2021-33356 (Multiple privilege escalation
vulnerabilities in RaspAP 1.5 to 2
NOT-FOR-US: RaspAP
CVE-2021-33355
RESERVED
-CVE-2021-33354
- RESERVED
+CVE-2021-33354 (Directory Traversal vulnerability in htmly before 2.8.1 allows
remote ...)
+ TODO: check
CVE-2021-33353
RESERVED
CVE-2021-33352
@@ -344586,7 +344903,7 @@ CVE-2017-9616 (In Wireshark 2.2.7, overly deep mp4
chunks may cause stack exhaus
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=620f69a74b18908e3424920c7bb01cb5e4cbd8b1
CVE-2017-9615 (Password exposure in Cognito Software Moneyworks 8.0.3 and
earlier all ...)
NOT-FOR-US: Cognito Software Moneyworks
-CVE-2017-9614 (The fill_input_buffer function in jdatasrc.c in libjpeg-turbo
1.5.1 al ...)
+CVE-2017-9614 (** DISPUTED ** The fill_input_buffer function in jdatasrc.c in
libjpeg ...)
NOT-FOR-US: Not a bug in libjpeg itself, but incorrect API usage
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167
CVE-2017-9613 (Stored Cross-site scripting (XSS) vulnerability in SAP
SuccessFactors ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0f5878dd0c7359806b7fc1b50fbbcac7e499b54
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0f5878dd0c7359806b7fc1b50fbbcac7e499b54
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
