[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 20 20:55:07 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
96341a76 by Salvatore Bonaccorso at 2022-04-20T21:54:43+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19361,7 +19361,7 @@ CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and
CVE-2022-22967
RESERVED
CVE-2022-22966 (An authenticated, high privileged malicious actor with network access ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-22965 (A Spring MVC or Spring WebFlux application running on JDK 9+ may be vu ...)
- libspring-java <unfixed>
[stretch] - libspring-java <end-of-life>
@@ -19646,7 +19646,7 @@ CVE-2022-22850 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sour
CVE-2022-22849
RESERVED
CVE-2022-22149 (A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx ...)
- TODO: check
+ NOT-FOR-US: Lansweeper
CVE-2022-0176 (The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0175 [memory initialization issue in vrend_resource_alloc_buffer() can lead to info leak]
@@ -23874,41 +23874,41 @@ CVE-2022-22200
CVE-2022-22199
RESERVED
CVE-2022-22198 (An Access of Uninitialized Pointer vulnerability in the SIP ALG of Jun ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22197 (An Operation on a Resource after Expiration or Release vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22196 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22195 (An Improper Update of Reference Count vulnerability in the kernel of J ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22194 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22193 (An Improper Handling of Unexpected Data Type vulnerability in the Rout ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22192
RESERVED
CVE-2022-22191 (A Denial of Service (DoS) vulnerability in the processing of a flood o ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22190 (An Improper Access Control vulnerability in the Juniper Networks Parag ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22189 (An Incorrect Ownership Assignment vulnerability in Juniper Networks Co ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22188 (An Uncontrolled Memory Allocation vulnerability leading to a Heap-base ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22187 (An Improper Privilege Management vulnerability in the Windows Installe ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22186 (Due to an Improper Initialization vulnerability in Juniper Networks Ju ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22185 (A vulnerability in Juniper Networks Junos OS on SRX Series, allows a n ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22184
RESERVED
CVE-2022-22183 (An Improper Access Control vulnerability in Juniper Networks Junos OS ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22182 (A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos O ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22181 (A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Junip ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22180 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
CVE-2022-22179 (A Improper Validation of Specified Index, Position, or Offset in Input ...)
@@ -23974,7 +23974,7 @@ CVE-2022-21215 (This vulnerability could allow an attacker to force the server t
CVE-2022-21196 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
NOT-FOR-US: Airspan Networks
CVE-2022-21155 (A specially crafted packet sent to the Fernhill SCADA Server Version 3 ...)
- TODO: check
+ NOT-FOR-US: Fernhill SCADA Server
CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...)
NOT-FOR-US: Omron CX-One
CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js ...)
@@ -24863,9 +24863,9 @@ CVE-2022-22011
CVE-2022-22010 (Media Foundation Information Disclosure Vulnerability. This CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2022-22009 (Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-22008 (Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-22007 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-22006 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
@@ -24915,7 +24915,7 @@ CVE-2022-21985 (Windows Remote Access Connection Manager Information Disclosure
CVE-2022-21984 (Windows DNS Server Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-21983 (Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-21982
RESERVED
CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
@@ -27503,7 +27503,7 @@ CVE-2021-4039 (A command injection vulnerability in the web interface of the Zyx
CVE-2021-44520 (In Citrix XenMobile Server through 10.12 RP9, there is an Authenticate ...)
NOT-FOR-US: Citrix XenMobile Server
CVE-2021-44519 (In Citrix XenMobile Server through 10.12 RP9, there is an Authenticate ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...)
NOT-FOR-US: eGeeTouch 3rd Generation Travel Padlock application for Android
CVE-2021-44517
@@ -33030,25 +33030,25 @@ CVE-2022-20765
CVE-2022-20764
RESERVED
CVE-2022-20763 (A vulnerability in the login authorization components of Cisco Webex M ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20762 (A vulnerability in the Common Execution Environment (CEE) ConfD CLI of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20761 (A vulnerability in the integrated wireless access point (AP) packet pr ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20760
RESERVED
CVE-2022-20759
RESERVED
CVE-2022-20758 (A vulnerability in the implementation of the Border Gateway Protocol ( ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20757
RESERVED
CVE-2022-20756 (A vulnerability in the RADIUS feature of Cisco Identity Services Engin ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20755 (Multiple vulnerabilities in the API and web-based management interface ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20754 (Multiple vulnerabilities in the API and web-based management interface ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20753
RESERVED
CVE-2022-20752
@@ -33062,7 +33062,7 @@ CVE-2022-20749 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, R
CVE-2022-20748
RESERVED
CVE-2022-20747 (A vulnerability in the History API of Cisco SD-WAN vManage Software co ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20746
RESERVED
CVE-2022-20745
@@ -33074,11 +33074,11 @@ CVE-2022-20743
CVE-2022-20742
RESERVED
CVE-2022-20741 (A vulnerability in the web-based management interface of the Network D ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20740
RESERVED
CVE-2022-20739 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service could ...)
NOT-FOR-US: Cisco
CVE-2022-20737
@@ -33086,7 +33086,7 @@ CVE-2022-20737
CVE-2022-20736
RESERVED
CVE-2022-20735 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20734
RESERVED
CVE-2022-20733
@@ -33094,7 +33094,7 @@ CVE-2022-20733
CVE-2022-20732
RESERVED
CVE-2022-20731 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20730
RESERVED
CVE-2022-20729
@@ -33122,13 +33122,13 @@ CVE-2022-20719 (Multiple vulnerabilities in the Cisco IOx application hosting en
CVE-2022-20718 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...)
NOT-FOR-US: Cisco IOx
CVE-2022-20717 (A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers c ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20716 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20715
RESERVED
CVE-2022-20714 (A vulnerability in the data plane microcode of Lightspeed-Plus line ca ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20713
RESERVED
CVE-2022-20712 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
@@ -33167,17 +33167,17 @@ CVE-2022-20698 (A vulnerability in the OOXML parsing module in Clam AntiVirus (C
NOTE: https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html
NOTE: https://github.com/Cisco-Talos/clamav/commit/9a6bb57f89721db637f4ddb5b233c1c4e23d223a (0.103.5)
CVE-2022-20697 (A vulnerability in the web services interface of Cisco IOS Software an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20696
RESERVED
CVE-2022-20695 (A vulnerability in the authentication functionality of Cisco Wireless ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20694 (A vulnerability in the implementation of the Resource Public Key Infra ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20693 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20692 (A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Softwa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20691
RESERVED
CVE-2022-20690
@@ -33193,25 +33193,25 @@ CVE-2022-20686
CVE-2022-20685
RESERVED
CVE-2022-20684 (A vulnerability in Simple Network Management Protocol (SNMP) trap gene ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20683 (A vulnerability in the Application Visibility and Control (AVC-FNF) fe ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20682 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20681 (A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20680 (A vulnerability in the web-based management interface of Cisco Prime S ...)
NOT-FOR-US: Cisco
CVE-2022-20679 (A vulnerability in the IPSec decryption routine of Cisco IOS XE Softwa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20678 (A vulnerability in the AppNav-XE feature of Cisco IOS XE Software coul ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20677 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...)
NOT-FOR-US: Cisco IOx
CVE-2022-20676 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20675 (A vulnerability in the TCP/IP stack of Cisco Email Security Appliance ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20674
RESERVED
CVE-2022-20673
@@ -33231,7 +33231,7 @@ CVE-2022-20667
CVE-2022-20666
RESERVED
CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an authenticate ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20664
RESERVED
CVE-2022-20663
@@ -33239,7 +33239,7 @@ CVE-2022-20663
CVE-2022-20662
RESERVED
CVE-2022-20661 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20660 (A vulnerability in the information storage architecture of several Cis ...)
NOT-FOR-US: Cisco
CVE-2022-20659 (A vulnerability in the web-based management interface of Cisco Prime I ...)
@@ -33317,7 +33317,7 @@ CVE-2022-20624 (A vulnerability in the Cisco Fabric Services over IP (CFSoIP) fe
CVE-2022-20623 (A vulnerability in the rate limiter for Bidirectional Forwarding Detec ...)
NOT-FOR-US: Cisco
CVE-2022-20622 (A vulnerability in IP ingress packet processing of the Cisco Embedded ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-43256 (Microsoft Excel Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-43255 (Microsoft Office Trust Center Spoofing Vulnerability ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96341a76e29d74a412397ec0c48bd5711ad65c71
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96341a76e29d74a412397ec0c48bd5711ad65c71
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220420/596ab6f1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list