[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Feb 12 08:10:25 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4014ef3f by security tracker role at 2023-02-12T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12972,8 +12972,8 @@ CVE-2022-4558 (A vulnerability was found in Alinto SOGo up to 5.7.1. It has been
 	[bullseye] - sogo <no-dsa> (Minor issue)
 	[buster] - sogo <no-dsa> (Minor issue)
 	NOTE: https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3 (SOGo-5.8.0)
-CVE-2022-4557
-	RESERVED
+CVE-2022-4557 (Improper Input Validation vulnerability in Group Arge Energy and Contr ...)
+	TODO: check
 CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as ...)
 	- sogo 5.8.0-1
 	[bullseye] - sogo <no-dsa> (Minor issue)
@@ -20475,20 +20475,20 @@ CVE-2022-45093 (A vulnerability has been identified in SINEC INS (All versions &
 	NOT-FOR-US: Siemens
 CVE-2022-45092 (A vulnerability has been identified in SINEC INS (All versions < V1 ...)
 	NOT-FOR-US: Siemens
-CVE-2022-45091
-	RESERVED
-CVE-2022-45090
-	RESERVED
-CVE-2022-45089
-	RESERVED
-CVE-2022-45088
-	RESERVED
-CVE-2022-45087
-	RESERVED
-CVE-2022-45086
-	RESERVED
-CVE-2022-45085
-	RESERVED
+CVE-2022-45091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2022-45090 (Improper Input Validation vulnerability in Group Arge Energy and Contr ...)
+	TODO: check
+CVE-2022-45089 (Improper Input Validation vulnerability in Group Arge Energy and Contr ...)
+	TODO: check
+CVE-2022-45088 (Improper Input Validation vulnerability in Group Arge Energy and Contr ...)
+	TODO: check
+CVE-2022-45087 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2022-45086 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2022-45085 (Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy  ...)
+	TODO: check
 CVE-2022-45084
 	RESERVED
 CVE-2022-45083
@@ -26005,8 +26005,8 @@ CVE-2023-20078
 	RESERVED
 CVE-2023-20077
 	RESERVED
-CVE-2023-20076
-	RESERVED
+CVE-2023-20076 (A vulnerability in the Cisco IOx application hosting environment could ...)
+	TODO: check
 CVE-2023-20075
 	RESERVED
 CVE-2023-20074
@@ -26416,8 +26416,8 @@ CVE-2022-43871
 	RESERVED
 CVE-2022-43870
 	RESERVED
-CVE-2022-43869
-	RESERVED
+CVE-2022-43869 (IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5. ...)
+	TODO: check
 CVE-2022-43868
 	RESERVED
 CVE-2022-43867 (IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacke ...)
@@ -30489,8 +30489,8 @@ CVE-2022-42446 (Starting with Sametime 12, anonymous users are enabled by defaul
 	NOT-FOR-US: HCL
 CVE-2022-42445 (HCL Launch could allow a user with administrative privileges, includin ...)
 	NOT-FOR-US: HCL
-CVE-2022-42444
-	RESERVED
+CVE-2022-42444 (IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 thr ...)
+	TODO: check
 CVE-2022-42443
 	RESERVED
 CVE-2022-42442 ("IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3,  ...)
@@ -30859,8 +30859,8 @@ CVE-2022-42294
 	RESERVED
 CVE-2022-42293
 	RESERVED
-CVE-2022-42292
-	RESERVED
+CVE-2022-42292 (NVIDIA GeForce Experience contains a vulnerability in the NVContainer  ...)
+	TODO: check
 CVE-2022-42291 (NVIDIA GeForce Experience contains a vulnerability in the installer, w ...)
 	NOT-FOR-US: NVIDIA
 CVE-2022-42290 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...)
@@ -32414,8 +32414,8 @@ CVE-2022-41733 (IBM InfoSphere Information Server 11.7 could allow a remote atta
 	NOT-FOR-US: IBM
 CVE-2022-41732 (IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear t ...)
 	NOT-FOR-US: IBM
-CVE-2022-41731
-	RESERVED
+CVE-2022-41731 (IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable ...)
+	TODO: check
 CVE-2022-41730
 	RESERVED
 CVE-2022-41729
@@ -35220,7 +35220,7 @@ CVE-2022-3207 (The Simple File List WordPress plugin before 4.4.12 does not sani
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3206 (The Passster WordPress plugin before 3.5.5.5.2 stores the password ins ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-3205 (CVE-2022-3205 Controller: Cross site scripting in automation controlle ...)
+CVE-2022-3205 (Cross site scripting in automation controller UI in Red Hat Ansible Au ...)
 	NOT-FOR-US: Red Hat Ansible Automation Controller
 CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation ...)
 	- unbound 1.16.3-1
@@ -57994,8 +57994,8 @@ CVE-2022-32203
 	RESERVED
 CVE-2022-1971 (The NextCellent Gallery WordPress plugin through 1.9.35 does not sanit ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-1970
-	REJECTED
+CVE-2022-1970 (keycloak 18.0.0: open redirect in auth endpoint via the redirect_uri p ...)
+	TODO: check
 CVE-2022-1969 (The Mobile browser color select plugin for WordPress is vulnerable to  ...)
 	NOT-FOR-US: Mobile browser color select plugin for WordPress
 CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
@@ -85876,7 +85876,7 @@ CVE-2021-23209 (Multiple Authenticated (admin user role) Persistent Cross-Site S
 	NOT-FOR-US: WordPress plugin
 CVE-2021-23174 (Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabi ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-23150 (Authenticated (admin or higher user role) Stored Cross-Site Scripting  ...)
+CVE-2021-23150 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...)
 	NOT-FOR-US: Apache Traffic Control
@@ -118539,7 +118539,7 @@ CVE-2021-36825
 	RESERVED
 CVE-2021-36824
 	RESERVED
-CVE-2021-36823 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordP ...)
+CVE-2021-36823 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress Abs ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36822
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4014ef3f0bd4fcf30e3e677fb9ee870086df191b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4014ef3f0bd4fcf30e3e677fb9ee870086df191b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230212/11a9ada3/attachment.htm>

More information about the debian-security-tracker-commits mailing list