Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
09b14d40 by Salvatore Bonaccorso at 2024-11-17T21:05:14+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -90,7 +90,7 @@ CVE-2024-38370 (GLPI is a free asset and IT management
software package. Startin
- glpi <removed>
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-xrm2-m72w-w4x4
CVE-2024-11263 (When the Global Pointer (GP) relative addressing is enabled
(CONFIG_RI ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2024-11262 (A vulnerability has been found in SourceCodester Student
Record Manage ...)
NOT-FOR-US: SourceCodester Student Record Management System
CVE-2024-11261 (A vulnerability, which was classified as critical, was found
in Source ...)
@@ -221,7 +221,7 @@ CVE-2024-52514 (Nextcloud Server is a self hosted personal
cloud system. After a
CVE-2024-52513 (Nextcloud Server is a self hosted personal cloud system. After
receivi ...)
- nextcloud-server <itp> (bug #941708)
CVE-2024-52512 (user_oidc app is an OpenID Connect user backend for Nextcloud.
A malic ...)
- TODO: check
+ NOT-FOR-US: user_oidc app (OpenID Connect user backend for Nextcloud)
CVE-2024-52511 (Nextcloud Tables allows users to to create tables with
individual colu ...)
NOT-FOR-US: Nextcloud Tables
CVE-2024-52510 (The Nextcloud Desktop Client is a tool to synchronize files
from Nextc ...)
@@ -355,29 +355,29 @@ CVE-2024-40638 (GLPI is a free asset and IT management
software package. An auth
- glpi <removed>
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-8843-r3m7-gfqx
CVE-2024-3334 (A security bypass vulnerability exists in the Removable Media
Encrypti ...)
- TODO: check
+ NOT-FOR-US: Digital Guardian Windows Agents
CVE-2024-39726 (IBM Engineering Lifecycle Optimization - Engineering Insights
7.0.2 an ...)
NOT-FOR-US: IBM
CVE-2024-24459 (An invalid memory access when handling the ProtocolIE_ID field
of S1Se ...)
- TODO: check
+ NOT-FOR-US: Athonet vEPC MME
CVE-2024-24458 (An invalid memory access when handling the ENB Configuration
Transfer ...)
- TODO: check
+ NOT-FOR-US: Athonet vEPC MME
CVE-2024-24457 (An invalid memory access when handling the ProtocolIE_ID field
of E-RA ...)
- TODO: check
+ NOT-FOR-US: Athonet vEPC MME
CVE-2024-24455 (An invalid memory access when handling a UE Context Release
message co ...)
- TODO: check
+ NOT-FOR-US: Athonet vEPC MME
CVE-2024-24454 (An invalid memory access when handling the ProtocolIE_ID field
of E-RA ...)
- TODO: check
+ NOT-FOR-US: Athonet vEPC MME
CVE-2024-24453 (An invalid memory access when handling the ProtocolIE_ID field
of E-RA ...)
- TODO: check
+ NOT-FOR-US: Athonet vEPC MME
CVE-2024-24452 (An invalid memory access when handling the ProtocolIE_ID field
of E-RA ...)
- TODO: check
+ NOT-FOR-US: Athonet vEPC MME
CVE-2024-24450 (Stack-based memcpy buffer overflow in the
ngap_handle_pdu_session_reso ...)
NOT-FOR-US: OpenAirInterface CN5G AMF
CVE-2024-24449 (An uninitialized pointer dereference in the NasPdu::NasPdu
component o ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface CN5G AMF
CVE-2024-24447 (A buffer overflow in the
ngap_amf_handle_pdu_session_resource_setup_re ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface CN5G AMF
CVE-2024-24446 (An uninitialized pointer dereference in OpenAirInterface CN5G
AMF up t ...)
NOT-FOR-US: OpenAirInterface CN5G AMF
CVE-2024-24431 (A reachable assertion in the ogs_nas_emm_decode function of
Open5GS v2 ...)
@@ -393,7 +393,7 @@ CVE-2024-20373 (A vulnerability in the implementation of
the Simple Network Mana
CVE-2024-1240 (An open redirection vulnerability exists in pyload/pyload
version 0.5. ...)
TODO: check
CVE-2024-1097 (A stored cross-site scripting (XSS) vulnerability exists in
craigk5n/w ...)
- TODO: check
+ NOT-FOR-US: craigk5n/webcalendar
CVE-2024-11259 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: code-projects Farmacia
CVE-2024-11258 (A vulnerability classified as critical was found in 1000
Projects Beau ...)
@@ -437,7 +437,7 @@ CVE-2024-10934 (In OpenBSD 7.5 before errata 008 and
OpenBSD 7.4 before errata 0
CVE-2024-10691
REJECTED
CVE-2024-10534 (Origin Validation Error vulnerability in Dataprom Informatics
Personne ...)
- TODO: check
+ NOT-FOR-US: Dataprom Informatics Personnel Attendance Control Systems
(PACS) / Access Control Security Systems (ACSS)
CVE-2024-10443 (Improper neutralization of special elements used in a command
('Comman ...)
NOT-FOR-US: Synology
CVE-2024-10311 (The External Database Based Actions plugin for WordPress is
vulnerable ...)
@@ -451,7 +451,7 @@ CVE-2023-4679 (A use after free vulnerability exists in
GPAC version 2.3-DEV-rev
CVE-2023-4348
REJECTED
CVE-2023-2332 (A stored Cross-site Scripting (XSS) vulnerability exists in the
Condit ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2024-9834 (Improper data protection on the ventilator's serial interface
could al ...)
NOT-FOR-US: Life2000 Ventilation System
CVE-2024-9832 (There is no limit on the number of failed login attempts
permitted wit ...)
@@ -515,9 +515,9 @@ CVE-2024-39707 (Insyde IHISI function 0x49 can restore
factory defaults for cert
CVE-2024-39610 (Cross-site scripting vulnerability exists in FitNesse releases
prior t ...)
NOT-FOR-US: FitNesse
CVE-2024-31695 (A misconfiguration in the fingerprint authentication mechanism
of Bina ...)
- TODO: check
+ NOT-FOR-US: Binance
CVE-2024-11120 (Certain EOL GeoVision devices have an OS Command Injection
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: GeoVision
CVE-2024-10924 (The Really Simple Security (Free, Pro, and Pro Multisite)
plugins for ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10897 (The Tutor LMS Elementor Addons plugin for WordPress is
vulnerable to u ...)
@@ -563,7 +563,7 @@ CVE-2024-5917 (A server-side request forgery in PAN-OS
software enables an unaut
CVE-2024-5125 (parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site
Scriptin ...)
NOT-FOR-US: parisneo/lollms-webui
CVE-2024-52524 (Giskard is an evaluation and testing framework for AI systems.
A Remot ...)
- TODO: check
+ NOT-FOR-US: Giskard
CVE-2024-52505 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix
messaging ...)
TODO: check
CVE-2024-52396 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
@@ -649,7 +649,7 @@ CVE-2024-50824 (A SQL Injection vulnerability was found in
/admin/class.php in k
CVE-2024-50823 (A SQL Injection vulnerability was found in /admin/login.php in
kashipa ...)
NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-4343 (A Python command injection vulnerability exists in the
`SagemakerLLM` ...)
- TODO: check
+ NOT-FOR-US: imartinez/privategpt
CVE-2024-4311 (zenml-io/zenml version 0.56.4 is vulnerable to an account
takeover due ...)
NOT-FOR-US: zenml-io/zenml
CVE-2024-49362 (Joplin is a free, open source note taking and to-do
application. Jopli ...)
@@ -661,9 +661,9 @@ CVE-2024-48284 (A Reflected Cross-Site Scripting (XSS)
vulnerability was found i
CVE-2024-47916 (Boa web server - CWE-22: Improper Limitation of a Pathname to
a Restri ...)
TODO: check
CVE-2024-47915 (VaeMendis - CWE-200: Exposure of Sensitive Information to an
Unauthor ...)
- TODO: check
+ NOT-FOR-US: VaeMendis
CVE-2024-47914 (VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF))
- TODO: check
+ NOT-FOR-US: VaeMendis
CVE-2024-45670 (IBM Security SOAR 51.0.1.0 and earlier contains a mechanism
for users ...)
NOT-FOR-US: IBM
CVE-2024-45642 (IBM Security ReaQta 3.12 is vulnerable to cross-site
scripting. This v ...)
@@ -695,7 +695,7 @@ CVE-2024-2550 (A null pointer dereference vulnerability in
the GlobalProtect gat
CVE-2024-1682 (An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an
audio f ...)
TODO: check
CVE-2024-11215 (Absolute path traversal (incorrect restriction of a path to a
restrict ...)
- TODO: check
+ NOT-FOR-US: EasyPHP web server
CVE-2024-11214 (A vulnerability has been found in SourceCodester Best Employee
Managem ...)
NOT-FOR-US: SourceCodester Best Employee Management System
CVE-2024-11213 (A vulnerability, which was classified as critical, was found
in Source ...)
@@ -707,11 +707,11 @@ CVE-2024-11211 (A vulnerability classified as critical
has been found in EyouCMS
CVE-2024-11210 (A vulnerability was found in EyouCMS 1.51. It has been rated
as critic ...)
NOT-FOR-US: EyouCMS
CVE-2024-11209 (A vulnerability was found in Apereo CAS 6.6. It has been
classified as ...)
- TODO: check
+ NOT-FOR-US: Apereo CAS
CVE-2024-11208 (A vulnerability was found in Apereo CAS 6.6 and classified as
problema ...)
- TODO: check
+ NOT-FOR-US: Apereo CAS
CVE-2024-11207 (A vulnerability has been found in Apereo CAS 6.6 and
classified as pro ...)
- TODO: check
+ NOT-FOR-US: Apereo CAS
CVE-2024-11136 (The default TCL Camera application exposes a provider
vulnerable to pa ...)
TODO: check
CVE-2024-10962 (The Migration, Backup, Staging \u2013 WPvivid plugin for
WordPress is ...)
@@ -1053,7 +1053,7 @@ CVE-2024-8001 (A vulnerability was found in VIWIS LMS
9.11. It has been classifi
CVE-2024-7295 (In Progress\xae Telerik\xae Report Server versions prior to
2024 Q4 (1 ...)
NOT-FOR-US: Progress Telerik
CVE-2024-52306 (FileManager provides a Backpack admin interface for files and
folder. ...)
- TODO: check
+ NOT-FOR-US: FileManager
CVE-2024-52305 (UnoPim is an open-source Product Information Management (PIM)
system b ...)
NOT-FOR-US: UnoPim
CVE-2024-52300 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla
pdf.js. ...)
@@ -1413,7 +1413,7 @@ CVE-2024-52301 (Laravel is a web application framework.
When the register_argc_a
CVE-2024-52297 (Tolgee is an open-source localization platform. Tolgee 3.81.1
included ...)
TODO: check
CVE-2024-52296 (libosdp is an implementation of IEC 60839-11-5 OSDP (Open
Supervised D ...)
- TODO: check
+ NOT-FOR-US: libosdp
CVE-2024-52010 (Zoraxy is a general purpose HTTP reverse proxy and forwarding
tool. A ...)
NOT-FOR-US: Zoraxy
CVE-2024-51750 (Element is a Matrix web client built using the Matrix React
SDK. A mal ...)
@@ -1842,27 +1842,27 @@ CVE-2024-26011 (A missing authentication for critical
function in Fortinet Forti
CVE-2024-23666 (A client-side enforcement of server-side security in Fortinet
FortiAna ...)
NOT-FOR-US: FortiGuard
CVE-2024-21976 (Improper input validation in the NPU driver could allow an
attacker to ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21975 (Improper input validation in the NPU driver could allow an
attacker to ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21974 (Improper input validation in the NPU driver could allow an
attacker to ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21958 (Incorrect default permissions in the AMD Provisioning Console
installa ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21957 (Incorrect default permissions in the AMD Management Console
installati ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21949 (Improper validation of user input in the NPU driver could
allow an att ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21946 (Incorrect default permissions in the AMD RyzenTM Master
Utility instal ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21945 (Incorrect default permissions in the AMD RyzenTM Master
monitoring SDK ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21939 (Incorrect default permissions in the AMD Cloud Manageability
Service ( ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21938 (Incorrect default permissions in the AMD Management Plugin for
the Mic ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21937 (Incorrect default permissions in the AMD HIP SDK installation
director ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-11138 (A vulnerability classified as problematic has been found in
DedeCMS 5. ...)
NOT-FOR-US: DedeCMS
CVE-2024-11130 (A vulnerability was found in ZZCMS up to 2023. It has been
rated as pr ...)
@@ -1973,11 +1973,11 @@ CVE-2024-52530 (GNOME libsoup before 3.6.0 allows HTTP
request smuggling in some
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b
(3.5.2)
CVE-2024-52288 (libosdp is an implementation of IEC 60839-11-5 OSDP (Open
Supervised D ...)
- TODO: check
+ NOT-FOR-US: libosdp
CVE-2024-52286 (Stirling-PDF is a locally hosted web application that allows
you to pe ...)
NOT-FOR-US: Stirling-PDF
CVE-2024-51992 (Orchid is a @laravel package that allows for rapid application
develop ...)
- TODO: check
+ NOT-FOR-US: Orchid laravel package
CVE-2024-51748 (Kanboard is project management software that focuses on the
Kanban met ...)
- kanboard <unfixed>
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-jvff-x577-j95p
@@ -2039,7 +2039,7 @@ CVE-2024-48838 (Dell SmartFabric OS10 Software,
version(s) 10.5.6.x, 10.5.5.x, 1
CVE-2024-48837 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x,
10.5.4. ...)
NOT-FOR-US: Dell
CVE-2024-48322 (UsersController.php in Run.codes 1.5.2 and older has a reset
password ...)
- TODO: check
+ NOT-FOR-US: Run.codes
CVE-2024-47799 (Exposure of sensitive system information to an unauthorized
control sp ...)
NOT-FOR-US: Mesh Wi-Fi router RP562B firmware
CVE-2024-47595 (An attacker who gains local membership to sapsys group could
replace l ...)
@@ -2075,7 +2075,7 @@ CVE-2024-45088 (IBM Maximo Asset Management 7.6.1.3 is
vulnerable to stored cros
CVE-2024-45087 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
cross-si ...)
NOT-FOR-US: IBM
CVE-2024-44546 (Powerjob >= 3.20 is vulnerable to SQL injection via the
version parame ...)
- TODO: check
+ NOT-FOR-US: Powerjob
CVE-2024-43439 (A flaw was found in moodle. H5P error messages require
additional sani ...)
- moodle <removed>
CVE-2024-43437 (A flaw was found in moodle. Insufficient sanitizing of data
when perfo ...)
@@ -2109,7 +2109,7 @@ CVE-2024-29075 (Active debug code vulnerability exists in
Mesh Wi-Fi router RP56
CVE-2024-25255 (Sublime Text 4 was discovered to contain a command injection
vulnerabi ...)
TODO: check
CVE-2024-25254 (SuperScan v4.1 was discovered to contain a buffer overflow via
the Hos ...)
- TODO: check
+ NOT-FOR-US: SuperScan
CVE-2024-25253 (Driver Booster v10.6 was discovered to contain a buffer
overflow via t ...)
NOT-FOR-US: Driver Booster
CVE-2024-23983 (Improper handling of canonical URL-encoding may lead to bypass
not pro ...)
@@ -140992,7 +140992,7 @@ CVE-2023-0739 (Concurrent Execution using Shared
Resource with Improper Synchron
CVE-2023-0738 (OrangeScrum version 2.0.11 allows an external attacker to
obtain arbit ...)
NOT-FOR-US: OrangeScrum
CVE-2023-0737 (wallabag version 2.5.2 contains a Cross-Site Request Forgery
(CSRF) vu ...)
- TODO: check
+ NOT-FOR-US: wallabag
CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository
wallabag/wall ...)
NOT-FOR-US: Wallabag
CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository
wallabag/wallab ...)
@@ -167952,7 +167952,7 @@ CVE-2023-20156 (Multiple vulnerabilities in the
web-based user interface of cert
CVE-2023-20155 (A vulnerability in a logging API in Cisco Firepower Management
Center ...)
NOT-FOR-US: Cisco
CVE-2023-20154 (A vulnerability in the external authentication mechanism of
Cisco Mode ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20153 (Multiple vulnerabilities in specific Cisco Identity Services
Engine (I ...)
NOT-FOR-US: Cisco
CVE-2023-20152 (Multiple vulnerabilities in specific Cisco Identity Services
Engine (I ...)
@@ -168010,7 +168010,7 @@ CVE-2023-20127 (Multiple vulnerabilities in the
web-based management interface o
CVE-2023-20126 (A vulnerability in the web-based management interface of Cisco
SPA112 ...)
NOT-FOR-US: Cisco
CVE-2023-20125 (A vulnerability in the local interface of Cisco BroadWorks
Network Ser ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20124 (A vulnerability in the web-based management interface of Cisco
Small B ...)
NOT-FOR-US: Cisco
CVE-2023-20123 (A vulnerability in the offline access mode of Cisco Duo
Two-Factor Aut ...)
@@ -168072,15 +168072,15 @@ CVE-2023-20096 (A vulnerability in the web-based
management interface of Cisco U
CVE-2023-20095 (A vulnerability in the remote access VPN feature of Cisco
Adaptive Sec ...)
NOT-FOR-US: Cisco
CVE-2023-20094 (A vulnerability in Cisco TelePresence CE and RoomOS could
allow an una ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20093 (Three vulnerabilities in the CLI of Cisco TelePresence CE and
RoomOS c ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20092 (Three vulnerabilities in the CLI of Cisco TelePresence CE and
RoomOS c ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20091 (A vulnerability in the CLI of Cisco TelePresence CE and RoomOS
could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20090 (A vulnerability in Cisco TelePresence CE and RoomOS could
allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20089 (A vulnerability in the Link Layer Discovery Protocol (LLDP)
feature fo ...)
NOT-FOR-US: Cisco
CVE-2023-20088 (A vulnerability in the nginx configurations that are provided
as part ...)
@@ -168140,7 +168140,7 @@ CVE-2023-20062 (Multiple vulnerabilities in Cisco
Unified Intelligence Center co
CVE-2023-20061 (Multiple vulnerabilities in Cisco Unified Intelligence Center
could al ...)
NOT-FOR-US: Cisco
CVE-2023-20060 (A vulnerability in the web-based management interface of Cisco
Prime C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20059 (A vulnerability in the implementation of the Cisco Network
Plug-and-Pl ...)
NOT-FOR-US: Cisco
CVE-2023-20058 (A vulnerability in the web-based management interface of Cisco
Unified ...)
@@ -168185,13 +168185,13 @@ CVE-2023-20041 (Multiple vulnerabilities in the
web-based management interface o
CVE-2023-20040 (A vulnerability in the NETCONF service of Cisco Network
Services Orche ...)
NOT-FOR-US: Cisco
CVE-2023-20039 (A vulnerability in Cisco IND could allow an authenticated,
local attac ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20038 (A vulnerability in the monitoring application of Cisco
Industrial Netw ...)
NOT-FOR-US: Cisco
CVE-2023-20037 (A vulnerability in Cisco Industrial Network Director could
allow an au ...)
NOT-FOR-US: Cisco
CVE-2023-20036 (A vulnerability in the web UI of Cisco IND could allow an
authenticate ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20035 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software
could allow ...)
NOT-FOR-US: Cisco
CVE-2023-20034 (Vulnerability in the Elasticsearch database used in the of
Cisco SD-WA ...)
@@ -168259,7 +168259,7 @@ CVE-2023-20006 (A vulnerability in the hardware-based
SSL/TLS cryptography funct
CVE-2023-20005 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2023-20004 (Three vulnerabilities in the CLI of Cisco TelePresence CE and
RoomOS c ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20003 (A vulnerability in the social login configuration option for
the guest ...)
NOT-FOR-US: Cisco
CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software
could all ...)
@@ -243359,7 +243359,7 @@ CVE-2022-20950 (A vulnerability in the interaction of
SIP and Snort 3 for Cisco
CVE-2022-20949 (A vulnerability in the management web server of Cisco
Firepower Threat ...)
NOT-FOR-US: Cisco
CVE-2022-20948 (A vulnerability in the web management interface of
Cisco BroadWor ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20947 (A vulnerability in dynamic access policies (DAP) functionality
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2022-20946 (A vulnerability in the generic routing encapsulation (GRE)
tunnel deca ...)
@@ -243377,7 +243377,7 @@ CVE-2022-20941 (A vulnerability in the web-based
management interface of Cisco F
CVE-2022-20940 (A vulnerability in the TLS handler of Cisco Firepower Threat
Defense ( ...)
NOT-FOR-US: Cisco
CVE-2022-20939 (A vulnerability in the web-based management interface of
Cisco Sm ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20938 (A vulnerability in the module import function of the
administrative in ...)
NOT-FOR-US: Cisco
CVE-2022-20937 (A vulnerability in a feature that monitors RADIUS requests on
Cisco Id ...)
@@ -243393,7 +243393,7 @@ CVE-2022-20933 (A vulnerability in the Cisco
AnyConnect VPN server of Cisco Mera
CVE-2022-20932 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2022-20931 (A vulnerability in the version control of
Cisco TelePresence CE S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could
allow an aut ...)
NOT-FOR-US: Cisco
CVE-2022-20929 (A vulnerability in the upgrade signature verification of Cisco
Enterpr ...)
@@ -243513,7 +243513,7 @@ CVE-2022-20873 (Multiple vulnerabilities in the
web-based management interface o
CVE-2022-20872 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2022-20871 (A vulnerability in the web management interface of
Cisco AsyncOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20870 (A vulnerability in the egress MPLS packet processing function
of Cisco ...)
NOT-FOR-US: Cisco
CVE-2022-20869 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
@@ -243549,7 +243549,7 @@ CVE-2022-20855 (A vulnerability in the self-healing
functionality of Cisco IOS X
CVE-2022-20854 (A vulnerability in the processing of SSH connections of Cisco
Firepowe ...)
NOT-FOR-US: Cisco
CVE-2022-20853 (A vulnerability in the REST API of Cisco Expressway
Series and Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20852 (Multiple vulnerabilities in the web interface of Cisco Webex
Meetings ...)
NOT-FOR-US: Cisco
CVE-2022-20851 (A vulnerability in the web UI feature of Cisco IOS XE Software
could a ...)
@@ -243557,15 +243557,15 @@ CVE-2022-20851 (A vulnerability in the web UI
feature of Cisco IOS XE Software c
CVE-2022-20850 (A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN
Software ...)
NOT-FOR-US: Cisco
CVE-2022-20849 (A vulnerability in the Broadband Network Gateway PPP over
Ethernet (PP ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20848 (A vulnerability in the UDP processing functionality of Cisco
IOS XE So ...)
NOT-FOR-US: Cisco
CVE-2022-20847 (A vulnerability in the DHCP processing functionality of Cisco
IOS XE W ...)
NOT-FOR-US: Cisco
CVE-2022-20846 (A vulnerability in the Cisco Discovery Protocol
implementation fo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20845 (A vulnerability in the TL1 function of Cisco Network
Convergence ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20844 (A vulnerability in authentication mechanism of Cisco
Software-Defined ...)
NOT-FOR-US: Cisco
CVE-2022-20843 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
@@ -243627,7 +243627,7 @@ CVE-2022-20816 (A vulnerability in the web-based
management interface of Cisco U
CVE-2022-20815 (A vulnerability in the web-based management interface of Cisco
Unified ...)
NOT-FOR-US: Cisco
CVE-2022-20814 (A vulnerability in the certificate validation of
Cisco Expressway ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20813 (Multiple vulnerabilities in the API and in the web-based
management in ...)
NOT-FOR-US: Cisco
CVE-2022-20812 (Multiple vulnerabilities in the API and in the web-based
management in ...)
@@ -243674,7 +243674,7 @@ CVE-2022-20795 (A vulnerability in the implementation
of the Datagram TLS (DTLS)
CVE-2022-20794 (Multiple vulnerabilities in the web engine of Cisco
TelePresence Colla ...)
NOT-FOR-US: Cisco
CVE-2022-20793 (A vulnerability in pairing process of Cisco TelePresence
CE Softw ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20792 (A vulnerability in the regex module used by the signature
database loa ...)
{DLA-3042-1}
- clamav 0.103.6+dfsg-1
@@ -243744,7 +243744,7 @@ CVE-2022-20768 (A vulnerability in the logging
component of Cisco TelePresence C
CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco
Firepow ...)
NOT-FOR-US: Cisco Firepower
CVE-2022-20766 (A vulnerability in the Cisco Discovery Protocol
functionality of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20765 (A vulnerability in the web applications of Cisco UCS Director
could al ...)
NOT-FOR-US: Cisco
CVE-2022-20764 (Multiple vulnerabilities in the web engine of Cisco
TelePresence Colla ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09b14d4037d13ac2fac921d49212fed0bb336df5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09b14d4037d13ac2fac921d49212fed0bb336df5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
