[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 7 09:10:24 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
67c74c82 by security tracker role at 2022-07-07T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2022-35299
+ RESERVED
+CVE-2022-35298
+ RESERVED
+CVE-2022-35297
+ RESERVED
+CVE-2022-35296
+ RESERVED
+CVE-2022-35295
+ RESERVED
+CVE-2022-35294
+ RESERVED
+CVE-2022-35293
+ RESERVED
+CVE-2022-35292
+ RESERVED
+CVE-2022-35291
+ RESERVED
+CVE-2022-35290
+ RESERVED
+CVE-2022-35289
+ RESERVED
+CVE-2022-35288
+ RESERVED
+CVE-2022-35287
+ RESERVED
+CVE-2022-35286
+ RESERVED
+CVE-2022-35285
+ RESERVED
+CVE-2022-35284
+ RESERVED
+CVE-2022-35283
+ RESERVED
+CVE-2022-35282
+ RESERVED
+CVE-2022-35281
+ RESERVED
+CVE-2022-35280
+ RESERVED
+CVE-2022-35279
+ RESERVED
+CVE-2022-35278
+ RESERVED
+CVE-2022-34850
+ RESERVED
+CVE-2022-34845
+ RESERVED
+CVE-2022-33975
+ RESERVED
+CVE-2022-33897
+ RESERVED
+CVE-2022-33150
+ RESERVED
+CVE-2022-2339 (With this SSRF vulnerability, an attacker can reach internal addresses ...)
+ TODO: check
+CVE-2022-2338
+ RESERVED
+CVE-2022-2337
+ RESERVED
+CVE-2022-2336
+ RESERVED
+CVE-2022-2335
+ RESERVED
+CVE-2022-2334
+ RESERVED
+CVE-2022-2333
+ RESERVED
+CVE-2022-2332
+ RESERVED
CVE-2022-35271
RESERVED
CVE-2022-35270
@@ -122,8 +192,8 @@ CVE-2022-2319
RESERVED
CVE-2022-2317
RESERVED
-CVE-2022-2316
- RESERVED
+CVE-2022-2316 (HTML injection vulnerability in secure messages of Devolutions Server ...)
+ TODO: check
CVE-2022-2315
RESERVED
CVE-2022-2314
@@ -144,8 +214,7 @@ CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of se
NOTE: https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f (lxml-4.9.1)
CVE-2022-2308
RESERVED
-CVE-2022-2318 [linux:rose uaf]
- RESERVED
+CVE-2022-2318 (There are use-after-free vulnerabilities caused by timer handler in ne ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/07/03/2
NOTE: https://git.kernel.org/linus/9cc02ede696272c5271a401e4f27c262359bc2f6 (5.19-rc5)
@@ -921,8 +990,8 @@ CVE-2022-2278
RESERVED
CVE-2022-2277
RESERVED
-CVE-2021-4234
- RESERVED
+CVE-2021-4234 (OpenVPN Access Server 2.10 and prior versions are susceptible to resen ...)
+ TODO: check
CVE-2022-34893
RESERVED
CVE-2022-34892
@@ -5569,8 +5638,8 @@ CVE-2022-33049 (Online Railway Reservation System v1.0 was discovered to contain
NOT-FOR-US: Online Railway Reservation System
CVE-2022-33048 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
NOT-FOR-US: Online Railway Reservation System
-CVE-2022-33047
- RESERVED
+CVE-2022-33047 (OTFCC v0.10.4 was discovered to contain a heap buffer overflow after f ...)
+ TODO: check
CVE-2022-33046
RESERVED
CVE-2022-33045
@@ -21396,10 +21465,10 @@ CVE-2022-27551
RESERVED
CVE-2022-27550
RESERVED
-CVE-2022-27549
- RESERVED
-CVE-2022-27548
- RESERVED
+CVE-2022-27549 (HCL Launch may store certain data for recurring activities in a plain ...)
+ TODO: check
+CVE-2022-27548 (HCL Launch stores user credentials in plain clear text which can be re ...)
+ TODO: check
CVE-2022-27547
RESERVED
CVE-2022-27546
@@ -49549,14 +49618,14 @@ CVE-2022-20864
RESERVED
CVE-2022-20863
RESERVED
-CVE-2022-20862
- RESERVED
+CVE-2022-20862 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
CVE-2022-20861
RESERVED
CVE-2022-20860
RESERVED
-CVE-2022-20859
- RESERVED
+CVE-2022-20859 (A vulnerability in the Disaster Recovery framework of Cisco Unified Co ...)
+ TODO: check
CVE-2022-20858
RESERVED
CVE-2022-20857
@@ -49643,22 +49712,22 @@ CVE-2022-20817 (A vulnerability in Cisco Unified IP Phones could allow an unauth
NOT-FOR-US: Cisco
CVE-2022-20816
RESERVED
-CVE-2022-20815
- RESERVED
+CVE-2022-20815 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
CVE-2022-20814
RESERVED
-CVE-2022-20813
- RESERVED
-CVE-2022-20812
- RESERVED
+CVE-2022-20813 (Multiple vulnerabilities in the API and in the web-based management in ...)
+ TODO: check
+CVE-2022-20812 (Multiple vulnerabilities in the API and in the web-based management in ...)
+ TODO: check
CVE-2022-20811
RESERVED
CVE-2022-20810
RESERVED
CVE-2022-20809 (Multiple vulnerabilities in the API and web-based management interface ...)
NOT-FOR-US: Cisco
-CVE-2022-20808
- RESERVED
+CVE-2022-20808 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) ...)
+ TODO: check
CVE-2022-20807 (Multiple vulnerabilities in the API and web-based management interface ...)
NOT-FOR-US: Cisco
CVE-2022-20806 (Multiple vulnerabilities in the API and web-based management interface ...)
@@ -49675,8 +49744,8 @@ CVE-2022-20802 (A vulnerability in the web interface of Cisco Enterprise Chat an
NOT-FOR-US: Cisco
CVE-2022-20801 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2022-20800
- RESERVED
+CVE-2022-20800 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
CVE-2022-20799 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2022-20798 (A vulnerability in the external authentication functionality of Cisco ...)
@@ -49702,8 +49771,8 @@ CVE-2022-20792
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
[buster] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
-CVE-2022-20791
- RESERVED
+CVE-2022-20791 (A vulnerability in the database user privileges of Cisco Unified Commu ...)
+ TODO: check
CVE-2022-20790 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2022-20789 (A vulnerability in the software upgrade process of Cisco Unified Commu ...)
@@ -49760,8 +49829,8 @@ CVE-2022-20770 (On April 20, 2022, the following vulnerability in the ClamAV sca
NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
CVE-2022-20769
RESERVED
-CVE-2022-20768
- RESERVED
+CVE-2022-20768 (A vulnerability in the logging component of Cisco TelePresence Collabo ...)
+ TODO: check
CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco Firepow ...)
NOT-FOR-US: Cisco Firepower
CVE-2022-20766
@@ -49792,8 +49861,8 @@ CVE-2022-20754 (Multiple vulnerabilities in the API and web-based management int
NOT-FOR-US: Cisco
CVE-2022-20753 (A vulnerability in web-based management interface of Cisco Small Busin ...)
NOT-FOR-US: Cisco
-CVE-2022-20752
- RESERVED
+CVE-2022-20752 (A vulnerability in Cisco Unified Communications Manager (Unified CM), ...)
+ TODO: check
CVE-2022-20751 (A vulnerability in the Snort detection engine integration for Cisco Fi ...)
NOT-FOR-US: Cisco Firepower
CVE-2022-20750 (A vulnerability in the checkpoint manager implementation of Cisco Redu ...)
@@ -401362,10 +401431,10 @@ CVE-2015-3175 (Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2
CVE-2015-3174 (mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2 ...)
- moodle 2.7.8+dfsg-1 (bug #785591)
[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
-CVE-2015-3173
- RESERVED
-CVE-2015-3172
- RESERVED
+CVE-2015-3173 (custom-content-type-manager Wordpress plugin can be used by an adminis ...)
+ TODO: check
+CVE-2015-3172 (EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via malici ...)
+ TODO: check
CVE-2015-3171 (sosreport 3.2 uses weak permissions for generated sosreport archives, ...)
- sosreport 3.2-2 (bug #769521)
NOTE: https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6
@@ -415249,8 +415318,7 @@ CVE-2014-8166 (The browsing feature in the server in CUPS does not filter ANSI e
CVE-2014-8165 (scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the p ...)
- powerpc-utils <not-affected> (Vulnerable code not present)
NOTE: http://sourceforge.net/p/powerpc-utils/mailman/message/32884230
-CVE-2014-8164
- RESERVED
+CVE-2014-8164 (A insecure configuration for certificate verification (http.verify_mod ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2014-8163 (Directory traversal vulnerability in the XMLRPC interface in Red Hat S ...)
NOT-FOR-US: Red Hat Satellite
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67c74c82b4ef8d38b65ff750a620dfa67d7de938
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67c74c82b4ef8d38b65ff750a620dfa67d7de938
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220707/188a3caf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list