[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 30 21:10:40 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0f5878d by security tracker role at 2022-09-30T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,323 @@
+CVE-2022-41983
+	RESERVED
+CVE-2022-41976
+	RESERVED
+CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Win ...)
+	TODO: check
+CVE-2022-41974
+	RESERVED
+CVE-2022-41973
+	RESERVED
+CVE-2022-41972
+	RESERVED
+CVE-2022-41971
+	RESERVED
+CVE-2022-41970
+	RESERVED
+CVE-2022-41969
+	RESERVED
+CVE-2022-41968
+	RESERVED
+CVE-2022-41967
+	RESERVED
+CVE-2022-41966
+	RESERVED
+CVE-2022-41965
+	RESERVED
+CVE-2022-41964
+	RESERVED
+CVE-2022-41963
+	RESERVED
+CVE-2022-41962
+	RESERVED
+CVE-2022-41961
+	RESERVED
+CVE-2022-41960
+	RESERVED
+CVE-2022-41959
+	RESERVED
+CVE-2022-41958
+	RESERVED
+CVE-2022-41957
+	RESERVED
+CVE-2022-41956
+	RESERVED
+CVE-2022-41955
+	RESERVED
+CVE-2022-41954
+	RESERVED
+CVE-2022-41953
+	RESERVED
+CVE-2022-41952
+	RESERVED
+CVE-2022-41951
+	RESERVED
+CVE-2022-41950
+	RESERVED
+CVE-2022-41949
+	RESERVED
+CVE-2022-41948
+	RESERVED
+CVE-2022-41947
+	RESERVED
+CVE-2022-41946
+	RESERVED
+CVE-2022-41945
+	RESERVED
+CVE-2022-41944
+	RESERVED
+CVE-2022-41943
+	RESERVED
+CVE-2022-41942
+	RESERVED
+CVE-2022-41941
+	RESERVED
+CVE-2022-41940
+	RESERVED
+CVE-2022-41939
+	RESERVED
+CVE-2022-41938
+	RESERVED
+CVE-2022-41937
+	RESERVED
+CVE-2022-41936
+	RESERVED
+CVE-2022-41935
+	RESERVED
+CVE-2022-41934
+	RESERVED
+CVE-2022-41933
+	RESERVED
+CVE-2022-41932
+	RESERVED
+CVE-2022-41931
+	RESERVED
+CVE-2022-41930
+	RESERVED
+CVE-2022-41929
+	RESERVED
+CVE-2022-41928
+	RESERVED
+CVE-2022-41927
+	RESERVED
+CVE-2022-41926
+	RESERVED
+CVE-2022-41925
+	RESERVED
+CVE-2022-41924
+	RESERVED
+CVE-2022-41923
+	RESERVED
+CVE-2022-41922
+	RESERVED
+CVE-2022-41921
+	RESERVED
+CVE-2022-41920
+	RESERVED
+CVE-2022-41919
+	RESERVED
+CVE-2022-41918
+	RESERVED
+CVE-2022-41917
+	RESERVED
+CVE-2022-41916
+	RESERVED
+CVE-2022-41915
+	RESERVED
+CVE-2022-41914
+	RESERVED
+CVE-2022-41913
+	RESERVED
+CVE-2022-41912
+	RESERVED
+CVE-2022-41911
+	RESERVED
+CVE-2022-41910
+	RESERVED
+CVE-2022-41909
+	RESERVED
+CVE-2022-41908
+	RESERVED
+CVE-2022-41907
+	RESERVED
+CVE-2022-41906
+	RESERVED
+CVE-2022-41905
+	RESERVED
+CVE-2022-41904
+	RESERVED
+CVE-2022-41903
+	RESERVED
+CVE-2022-41902
+	RESERVED
+CVE-2022-41901
+	RESERVED
+CVE-2022-41900
+	RESERVED
+CVE-2022-41899
+	RESERVED
+CVE-2022-41898
+	RESERVED
+CVE-2022-41897
+	RESERVED
+CVE-2022-41896
+	RESERVED
+CVE-2022-41895
+	RESERVED
+CVE-2022-41894
+	RESERVED
+CVE-2022-41893
+	RESERVED
+CVE-2022-41892
+	RESERVED
+CVE-2022-41891
+	RESERVED
+CVE-2022-41890
+	RESERVED
+CVE-2022-41889
+	RESERVED
+CVE-2022-41888
+	RESERVED
+CVE-2022-41887
+	RESERVED
+CVE-2022-41886
+	RESERVED
+CVE-2022-41885
+	RESERVED
+CVE-2022-41884
+	RESERVED
+CVE-2022-41883
+	RESERVED
+CVE-2022-41882
+	RESERVED
+CVE-2022-41881
+	RESERVED
+CVE-2022-41880
+	RESERVED
+CVE-2022-41879
+	RESERVED
+CVE-2022-41878
+	RESERVED
+CVE-2022-41877
+	RESERVED
+CVE-2022-41876
+	RESERVED
+CVE-2022-41875
+	RESERVED
+CVE-2022-41874
+	RESERVED
+CVE-2022-41873
+	RESERVED
+CVE-2022-41872
+	RESERVED
+CVE-2022-41871
+	RESERVED
+CVE-2022-41870 (AP Manager in Innovaphone before 13r2 Service Release 17 allows comman ...)
+	TODO: check
+CVE-2022-41869
+	RESERVED
+CVE-2022-41868
+	RESERVED
+CVE-2022-41867
+	RESERVED
+CVE-2022-41866
+	RESERVED
+CVE-2022-41865
+	RESERVED
+CVE-2022-41864
+	RESERVED
+CVE-2022-41863
+	RESERVED
+CVE-2022-41862
+	RESERVED
+CVE-2022-41861
+	RESERVED
+CVE-2022-41860
+	RESERVED
+CVE-2022-41859
+	RESERVED
+CVE-2022-41858
+	RESERVED
+CVE-2022-41857
+	RESERVED
+CVE-2022-41856
+	RESERVED
+CVE-2022-41855
+	RESERVED
+CVE-2022-41854
+	RESERVED
+CVE-2022-41853
+	RESERVED
+CVE-2022-41852
+	RESERVED
+CVE-2022-41851
+	RESERVED
+CVE-2022-41836
+	RESERVED
+CVE-2022-41835
+	RESERVED
+CVE-2022-41833
+	RESERVED
+CVE-2022-41832
+	RESERVED
+CVE-2022-41813
+	RESERVED
+CVE-2022-41806
+	RESERVED
+CVE-2022-41800
+	RESERVED
+CVE-2022-41787
+	RESERVED
+CVE-2022-41780
+	RESERVED
+CVE-2022-41770
+	RESERVED
+CVE-2022-41694
+	RESERVED
+CVE-2022-41691
+	RESERVED
+CVE-2022-41624
+	RESERVED
+CVE-2022-41622
+	RESERVED
+CVE-2022-41617
+	RESERVED
+CVE-2022-36795
+	RESERVED
+CVE-2022-3381
+	RESERVED
+CVE-2022-3380
+	RESERVED
+CVE-2022-3379
+	RESERVED
+CVE-2022-3378
+	RESERVED
+CVE-2022-3377
+	RESERVED
+CVE-2022-3376
+	RESERVED
+CVE-2022-3375
+	RESERVED
+CVE-2022-3374
+	RESERVED
+CVE-2022-3373
+	RESERVED
+CVE-2022-3372
+	RESERVED
+CVE-2022-3371 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
+	TODO: check
+CVE-2022-3370
+	RESERVED
+CVE-2022-3369
+	RESERVED
+CVE-2022-3368
+	RESERVED
+CVE-2021-46844
+	RESERVED
+CVE-2021-46843
+	RESERVED
+CVE-2021-46842
+	RESERVED
 CVE-2022-41847 (An issue was discovered in Bento4 1.6.0-639. A memory leak exists in A ...)
 	NOT-FOR-US: Bento4
 CVE-2022-41846 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...)
@@ -1030,14 +1350,14 @@ CVE-2022-41442
 	RESERVED
 CVE-2022-41441
 	RESERVED
-CVE-2022-41440
-	RESERVED
-CVE-2022-41439
-	RESERVED
+CVE-2022-41440 (Billing System Project v1.0 was discovered to contain a SQL injection  ...)
+	TODO: check
+CVE-2022-41439 (Billing System Project v1.0 was discovered to contain a SQL injection  ...)
+	TODO: check
 CVE-2022-41438
 	RESERVED
-CVE-2022-41437
-	RESERVED
+CVE-2022-41437 (Billing System Project v1.0 was discovered to contain a remote code ex ...)
+	TODO: check
 CVE-2022-41436
 	RESERVED
 CVE-2022-41435
@@ -2231,10 +2551,10 @@ CVE-2022-40946
 	RESERVED
 CVE-2022-40945
 	RESERVED
-CVE-2022-40944
-	RESERVED
-CVE-2022-40943
-	RESERVED
+CVE-2022-40944 (Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection v ...)
+	TODO: check
+CVE-2022-40943 (Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection v ...)
+	TODO: check
 CVE-2022-40942 (Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow vi ...)
 	NOT-FOR-US: Tenda
 CVE-2022-40941
@@ -2273,8 +2593,8 @@ CVE-2022-40925 (Zoo Management System v1.0 has an arbitrary file upload vulnerab
 	NOT-FOR-US: Zoo Management System
 CVE-2022-40924 (Zoo Management System v1.0 has an arbitrary file upload vulnerability  ...)
 	NOT-FOR-US: Zoo Management System
-CVE-2022-40923
-	RESERVED
+CVE-2022-40923 (A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address fu ...)
+	TODO: check
 CVE-2022-40922
 	RESERVED
 CVE-2022-40921
@@ -2614,8 +2934,8 @@ CVE-2022-40758 (A Buffer Access with Incorrect Length Value vulnerablity in the
 	NOT-FOR-US: Samsung mTower
 CVE-2022-40757 (A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MA ...)
 	NOT-FOR-US: Samsung mTower
-CVE-2022-40756
-	RESERVED
+CVE-2022-40756 (If folder security is misconfigured for Actian Zen PSQL BEFORE Patch U ...)
+	TODO: check
 CVE-2022-40755 (JasPer 3.0.6 allows denial of service via a reachable assertion in the ...)
 	- jasper <removed>
 	NOTE: https://github.com/jasper-software/jasper/issues/338
@@ -3647,8 +3967,8 @@ CVE-2022-40343
 	RESERVED
 CVE-2022-40342
 	RESERVED
-CVE-2022-40341
-	RESERVED
+CVE-2022-40341 (mojoPortal v2.7 was discovered to contain an arbitrary file upload vul ...)
+	TODO: check
 CVE-2022-40340
 	RESERVED
 CVE-2022-40339
@@ -3702,17 +4022,13 @@ CVE-2022-40318
 	RESERVED
 CVE-2022-40317 (OpenKM 6.3.11 allows stored XSS related to the javascript&colon; s ...)
 	NOT-FOR-US: OpenKM
-CVE-2022-40316
-	RESERVED
+CVE-2022-40316 (The H5P activity attempts report did not filter by groups, which in se ...)
 	- moodle <removed>
-CVE-2022-40315
-	RESERVED
+CVE-2022-40315 (A limited SQL injection risk was identified in the "browse list of use ...)
 	- moodle <removed>
-CVE-2022-40314
-	RESERVED
+CVE-2022-40314 (A remote code execution risk when restoring backup files originating f ...)
 	- moodle <removed>
-CVE-2022-40313
-	RESERVED
+CVE-2022-40313 (Recursive rendering of Mustache template helpers containing user input ...)
 	- moodle <removed>
 CVE-2022-40309
 	RESERVED
@@ -3801,14 +4117,14 @@ CVE-2022-40279 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and
 	NOT-FOR-US: Samsung TizenRT
 CVE-2022-40278 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PR ...)
 	NOT-FOR-US: Samsung TizenRT
-CVE-2022-40277
-	RESERVED
+CVE-2022-40277 (Joplin version 2.8.8 allows an external attacker to execute arbitrary  ...)
+	TODO: check
 CVE-2022-40276
 	RESERVED
 CVE-2022-40275
 	RESERVED
-CVE-2022-40274
-	RESERVED
+CVE-2022-40274 (Gridea version 0.9.3 allows an external attacker to execute arbitrary  ...)
+	TODO: check
 CVE-2022-40273
 	RESERVED
 CVE-2022-40272
@@ -4876,7 +5192,7 @@ CVE-2022-39819 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabi
 	NOT-FOR-US: NOKIA
 CVE-2022-39818
 	RESERVED
-CVE-2022-39817 (In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occur  ...)
+CVE-2022-39817 (In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs ...)
 	NOT-FOR-US: NOKIA
 CVE-2022-39816 (In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (clearte ...)
 	NOT-FOR-US: NOKIA
@@ -11003,8 +11319,8 @@ CVE-2022-37463
 	RESERVED
 CVE-2022-37462
 	RESERVED
-CVE-2022-37461
-	RESERVED
+CVE-2022-37461 (Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical V ...)
+	TODO: check
 CVE-2022-37460
 	RESERVED
 CVE-2022-37459 (Ampere Altra devices before 1.08g and Ampere Altra Max devices before  ...)
@@ -12510,16 +12826,16 @@ CVE-2022-36967 (In Progress WS_FTP Server prior to version 8.7.3, multiple refle
 	NOT-FOR-US: Progress WS_FTP Server
 CVE-2022-36966
 	RESERVED
-CVE-2022-36965
-	RESERVED
+CVE-2022-36965 (Insufficient sanitization of inputs in QoE application input field cou ...)
+	TODO: check
 CVE-2022-36964
 	RESERVED
 CVE-2022-36963
 	RESERVED
 CVE-2022-36962
 	RESERVED
-CVE-2022-36961
-	RESERVED
+CVE-2022-36961 (A vulnerable component of Orion Platform was vulnerable to SQL Injecti ...)
+	TODO: check
 CVE-2022-36960
 	RESERVED
 CVE-2022-36959
@@ -13655,8 +13971,8 @@ CVE-2022-2531 (An issue has been discovered in GitLab EE affecting all versions
 	- gitlab <not-affected> (Specific to EE)
 CVE-2022-2530
 	RESERVED
-CVE-2022-2529
-	RESERVED
+CVE-2022-2529 (sflow decode package does not employ sufficient packet sanitisation wh ...)
+	TODO: check
 CVE-2022-2528 (In affected versions of Octopus Deploy it is possible to upload a pack ...)
 	NOT-FOR-US: Octopus Deploy
 CVE-2022-36439
@@ -17138,10 +17454,10 @@ CVE-2022-35158 (A vulnerability in the lua parser of TscanCode tsclua v2.15.01 a
 	NOT-FOR-US: TScanCode
 CVE-2022-35157
 	RESERVED
-CVE-2022-35156
-	RESERVED
-CVE-2022-35155
-	RESERVED
+CVE-2022-35156 (Bus Pass Management System 1.0 was discovered to contain a SQL Injecti ...)
+	TODO: check
+CVE-2022-35155 (Bus Pass Management System v1.0 was discovered to contain a reflected  ...)
+	TODO: check
 CVE-2022-35154 (Shopro Mall System v1.3.8 was discovered to contain a SQL injection vu ...)
 	NOT-FOR-US: Shopro Mall System
 CVE-2022-35153 (FusionPBX 5.0.1 was discovered to contain a command injection vulnerab ...)
@@ -23954,8 +24270,8 @@ CVE-2022-32542
 	RESERVED
 CVE-2022-32541
 	RESERVED
-CVE-2022-32540
-	RESERVED
+CVE-2022-32540 (Information Disclosure in Operator Client application in BVMS 10.1.1,  ...)
+	TODO: check
 CVE-2022-32539
 	RESERVED
 CVE-2022-32538
@@ -24918,7 +25234,7 @@ CVE-2022-32217 (A cleartext storage of sensitive information exists in Rocket.Ch
 	NOT-FOR-US: Rockert.Chat
 CVE-2022-32216
 	RESERVED
-CVE-2022-32215 (The llhttp parser in the http module in Node v17.6.0 does not correctl ...)
+CVE-2022-32215 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the ht ...)
 	- nodejs 18.6.0+dfsg-3
 	[buster] - nodejs <not-affected> (llhttp dependency/embedding introduced in 12.x)
 	- llhttp <itp> (bug #977716)
@@ -24926,14 +25242,14 @@ CVE-2022-32215 (The llhttp parser in the http module in Node v17.6.0 does not co
 	NOTE: https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd (v14.x)
 	NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main)
 	NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-multi-line-transfer-encoding-medium-improper-fix-for-cve-2022-32215
-CVE-2022-32214 (The llhttp parser in the http module in Node.js does not strictly use  ...)
+CVE-2022-32214 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the ht ...)
 	- nodejs 18.6.0+dfsg-3
 	[buster] - nodejs <not-affected> (llhttp dependency/embedding introduced in 12.x)
 	- llhttp <itp> (bug #977716)
 	NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#http-request-smuggling-improper-delimiting-of-header-fields-medium-cve-2022-32214
 	NOTE: https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd (v14.x)
 	NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main)
-CVE-2022-32213 (The llhttp parser in the http module in Node.js v17.x does not correct ...)
+CVE-2022-32213 (The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the ht ...)
 	- nodejs 18.6.0+dfsg-3
 	[buster] - nodejs <not-affected> (llhttp dependency/embedding introduced in 12.x)
 	- llhttp <itp> (bug #977716)
@@ -25232,8 +25548,8 @@ CVE-2022-1961 (The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerabl
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1960 (The MyCSS WordPress plugin through 1.1 does not have CSRF check in pla ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-1959
-	RESERVED
+CVE-2022-1959 (AppLock version 7.9.29 allows an attacker with physical access to the  ...)
+	TODO: check
 CVE-2022-1958 (A vulnerability classified as critical has been found in FileCloud. Af ...)
 	NOT-FOR-US: FileCloud
 CVE-2022-1957 (The Comment License WordPress plugin before 1.4.0 does not have CSRF c ...)
@@ -28270,6 +28586,7 @@ CVE-2022-31082 (GLPI is a Free Asset and IT Management Software package, Data ce
 	- glpi <removed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2022-31081 (HTTP::Daemon is a simple http server class written in perl. Versions p ...)
+	{DLA-3127-1}
 	- libhttp-daemon-perl 6.14-1.1 (bug #1014808)
 	[bullseye] - libhttp-daemon-perl 6.12-1+deb11u1
 	NOTE: https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf
@@ -35000,8 +35317,8 @@ CVE-2022-28853 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earli
 	NOT-FOR-US: Adobe
 CVE-2022-28852 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
 	NOT-FOR-US: Adobe
-CVE-2022-28851
-	RESERVED
+CVE-2022-28851 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
+	TODO: check
 CVE-2022-28850 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...)
 	NOT-FOR-US: Adobe
 CVE-2022-28849 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Us ...)
@@ -50953,8 +51270,8 @@ CVE-2022-23728 (Attacker can reset the device with AT Command in the process of
 	NOT-FOR-US: LG
 CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS TVs. Due t ...)
 	NOT-FOR-US: LG
-CVE-2022-23726
-	RESERVED
+CVE-2022-23726 (PingCentral versions prior to listed versions expose Spring Boot actua ...)
+	TODO: check
 CVE-2022-23725 (PingID Windows Login prior to 2.8 does not properly set permissions on ...)
 	NOT-FOR-US: pingidentity
 CVE-2022-23724 (Use of static encryption key material allows forging an authentication ...)
@@ -60639,8 +60956,8 @@ CVE-2022-21828 (A user with high privilege access to the Incapptic Connect web c
 	NOT-FOR-US: Ivanti
 CVE-2022-21827 (An improper privilege vulnerability has been discovered in Citrix Gate ...)
 	NOT-FOR-US: Citrix
-CVE-2022-21826
-	RESERVED
+CVE-2022-21826 (Pulse Secure version 9.115 and below may be susceptible to client-side ...)
+	TODO: check
 CVE-2022-21825 (An Improper Access Control vulnerability exists in Citrix Workspace Ap ...)
 	NOT-FOR-US: Citrix
 CVE-2022-21823 (A insecure storage of sensitive information vulnerability exists in Iv ...)
@@ -67084,8 +67401,8 @@ CVE-2022-20947
 	RESERVED
 CVE-2022-20946
 	RESERVED
-CVE-2022-20945
-	RESERVED
+CVE-2022-20945 (A vulnerability in the 802.11 association frame validation of Cisco Ca ...)
+	TODO: check
 CVE-2022-20944
 	RESERVED
 CVE-2022-20943
@@ -67114,8 +67431,8 @@ CVE-2022-20932
 	RESERVED
 CVE-2022-20931
 	RESERVED
-CVE-2022-20930
-	RESERVED
+CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+	TODO: check
 CVE-2022-20929
 	RESERVED
 CVE-2022-20928
@@ -67136,8 +67453,8 @@ CVE-2022-20921 (A vulnerability in the API implementation of Cisco ACI Multi-Sit
 	NOT-FOR-US: Cisco
 CVE-2022-20920
 	RESERVED
-CVE-2022-20919
-	RESERVED
+CVE-2022-20919 (A vulnerability in the processing of malformed Common Industrial Proto ...)
+	TODO: check
 CVE-2022-20918
 	RESERVED
 CVE-2022-20917
@@ -67262,32 +67579,32 @@ CVE-2022-20858 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an
 	NOT-FOR-US: Cisco
 CVE-2022-20857 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unaut ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20856
-	RESERVED
-CVE-2022-20855
-	RESERVED
+CVE-2022-20856 (A vulnerability in the processing of Control and Provisioning of Wirel ...)
+	TODO: check
+CVE-2022-20855 (A vulnerability in the self-healing functionality of Cisco IOS XE Soft ...)
+	TODO: check
 CVE-2022-20854
 	RESERVED
 CVE-2022-20853
 	RESERVED
 CVE-2022-20852 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings  ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20851
-	RESERVED
-CVE-2022-20850
-	RESERVED
+CVE-2022-20851 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
+	TODO: check
+CVE-2022-20850 (A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software ...)
+	TODO: check
 CVE-2022-20849
 	RESERVED
-CVE-2022-20848
-	RESERVED
-CVE-2022-20847
-	RESERVED
+CVE-2022-20848 (A vulnerability in the UDP processing functionality of Cisco IOS XE So ...)
+	TODO: check
+CVE-2022-20847 (A vulnerability in the DHCP processing functionality of Cisco IOS XE W ...)
+	TODO: check
 CVE-2022-20846
 	RESERVED
 CVE-2022-20845
 	RESERVED
-CVE-2022-20844
-	RESERVED
+CVE-2022-20844 (A vulnerability in authentication mechanism of Cisco Software-Defined  ...)
+	TODO: check
 CVE-2022-20843
 	RESERVED
 CVE-2022-20842 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340,  ...)
@@ -67338,8 +67655,8 @@ CVE-2022-20820 (Multiple vulnerabilities in the web interface of Cisco Webex Mee
 	NOT-FOR-US: Cisco
 CVE-2022-20819 (A vulnerability in the web-based management interface of Cisco Identit ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20818
-	RESERVED
+CVE-2022-20818 (Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could all ...)
+	TODO: check
 CVE-2022-20817 (A vulnerability in Cisco Unified IP Phones could allow an unauthentica ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20816 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -67354,8 +67671,8 @@ CVE-2022-20812 (Multiple vulnerabilities in the API and in the web-based managem
 	NOT-FOR-US: Cisco
 CVE-2022-20811
 	RESERVED
-CVE-2022-20810
-	RESERVED
+CVE-2022-20810 (A vulnerability in the Simple Network Management Protocol (SNMP) of Ci ...)
+	TODO: check
 CVE-2022-20809 (Multiple vulnerabilities in the API and web-based management interface ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20808 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem)  ...)
@@ -67438,8 +67755,8 @@ CVE-2022-20777 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure
 	NOT-FOR-US: Cisco
 CVE-2022-20776
 	RESERVED
-CVE-2022-20775
-	RESERVED
+CVE-2022-20775 (Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could all ...)
+	TODO: check
 CVE-2022-20774 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20773 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...)
@@ -67458,8 +67775,8 @@ CVE-2022-20770 (On April 20, 2022, the following vulnerability in the ClamAV sca
 	[bullseye] - clamav 0.103.6+dfsg-0+deb11u1
 	[buster] - clamav 0.103.6+dfsg-0+deb10u1
 	NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
-CVE-2022-20769
-	RESERVED
+CVE-2022-20769 (A vulnerability in the authentication functionality of Cisco Wireless  ...)
+	TODO: check
 CVE-2022-20768 (A vulnerability in the logging component of Cisco TelePresence Collabo ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco Firepow ...)
@@ -67540,8 +67857,8 @@ CVE-2022-20730 (A vulnerability in the Security Intelligence feed feature of Cis
 	NOT-FOR-US: Cisco Firepower
 CVE-2022-20729 (A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Softwar ...)
 	NOT-FOR-US: Cisco Firepower
-CVE-2022-20728
-	RESERVED
+CVE-2022-20728 (A vulnerability in the client forwarding code of multiple Cisco Access ...)
+	TODO: check
 CVE-2022-20727 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...)
 	NOT-FOR-US: Cisco IOx
 CVE-2022-20726 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...)
@@ -67677,8 +67994,8 @@ CVE-2022-20664 (A vulnerability in the web management interface of Cisco Secure
 	NOT-FOR-US: Cisco
 CVE-2022-20663
 	RESERVED
-CVE-2022-20662
-	RESERVED
+CVE-2022-20662 (A vulnerability in the smart card login authentication of Cisco Duo fo ...)
+	TODO: check
 CVE-2022-20661 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20660 (A vulnerability in the information storage architecture of several Cis ...)
@@ -78234,7 +78551,7 @@ CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An att
 	NOTE: https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10)
 	NOTE: https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11)
 	NOTE: https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)
-CVE-2021-3732 (A security issue was found in Linux kernel’s OverlayFS subsystem ...)
+CVE-2021-3732 (A flaw was found in the Linux kernel's OverlayFS subsystem in the way  ...)
 	{DSA-4978-1 DLA-2843-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
@@ -85242,8 +85559,8 @@ CVE-2021-36867 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ust
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36866 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-36865
-	RESERVED
+CVE-2021-36865 (Insecure direct object references (IDOR) vulnerability in ExpressTech  ...)
+	TODO: check
 CVE-2021-36864
 	RESERVED
 CVE-2021-36863
@@ -85262,10 +85579,10 @@ CVE-2021-36857 (Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulner
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36856
 	RESERVED
-CVE-2021-36855
-	RESERVED
-CVE-2021-36854
-	RESERVED
+CVE-2021-36855 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulne ...)
+	TODO: check
+CVE-2021-36854 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking  ...)
+	TODO: check
 CVE-2021-36853
 	RESERVED
 CVE-2021-36852 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel  ...)
@@ -85294,8 +85611,8 @@ CVE-2021-36841 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36840
 	RESERVED
-CVE-2021-36839
-	RESERVED
+CVE-2021-36839 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+	TODO: check
 CVE-2021-36838
 	RESERVED
 CVE-2021-36837
@@ -85312,8 +85629,8 @@ CVE-2021-36832 (WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin
 	NOT-FOR-US: WordPress plugins
 CVE-2021-36831
 	RESERVED
-CVE-2021-36830
-	RESERVED
+CVE-2021-36830 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+	TODO: check
 CVE-2021-36829 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36828 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Mainten ...)
@@ -93784,8 +94101,8 @@ CVE-2021-33356 (Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2
 	NOT-FOR-US: RaspAP
 CVE-2021-33355
 	RESERVED
-CVE-2021-33354
-	RESERVED
+CVE-2021-33354 (Directory Traversal vulnerability in htmly before 2.8.1 allows remote  ...)
+	TODO: check
 CVE-2021-33353
 	RESERVED
 CVE-2021-33352
@@ -344586,7 +344903,7 @@ CVE-2017-9616 (In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaus
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=620f69a74b18908e3424920c7bb01cb5e4cbd8b1
 CVE-2017-9615 (Password exposure in Cognito Software Moneyworks 8.0.3 and earlier all ...)
 	NOT-FOR-US: Cognito Software Moneyworks
-CVE-2017-9614 (The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 al ...)
+CVE-2017-9614 (** DISPUTED ** The fill_input_buffer function in jdatasrc.c in libjpeg ...)
 	NOT-FOR-US: Not a bug in libjpeg itself, but incorrect API usage
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167
 CVE-2017-9613 (Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0f5878dd0c7359806b7fc1b50fbbcac7e499b54

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0f5878dd0c7359806b7fc1b50fbbcac7e499b54
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220930/e156de7b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list