[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Nov 17 20:05:44 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
09b14d40 by Salvatore Bonaccorso at 2024-11-17T21:05:14+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -90,7 +90,7 @@ CVE-2024-38370 (GLPI is a free asset and IT management software package. Startin
- glpi <removed>
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-xrm2-m72w-w4x4
CVE-2024-11263 (When the Global Pointer (GP) relative addressing is enabled (CONFIG_RI ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2024-11262 (A vulnerability has been found in SourceCodester Student Record Manage ...)
NOT-FOR-US: SourceCodester Student Record Management System
CVE-2024-11261 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -221,7 +221,7 @@ CVE-2024-52514 (Nextcloud Server is a self hosted personal cloud system. After a
CVE-2024-52513 (Nextcloud Server is a self hosted personal cloud system. After receivi ...)
- nextcloud-server <itp> (bug #941708)
CVE-2024-52512 (user_oidc app is an OpenID Connect user backend for Nextcloud. A malic ...)
- TODO: check
+ NOT-FOR-US: user_oidc app (OpenID Connect user backend for Nextcloud)
CVE-2024-52511 (Nextcloud Tables allows users to to create tables with individual colu ...)
NOT-FOR-US: Nextcloud Tables
CVE-2024-52510 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
@@ -355,29 +355,29 @@ CVE-2024-40638 (GLPI is a free asset and IT management software package. An auth
- glpi <removed>
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-8843-r3m7-gfqx
CVE-2024-3334 (A security bypass vulnerability exists in the Removable Media Encrypti ...)
- TODO: check
+ NOT-FOR-US: Digital Guardian Windows Agents
CVE-2024-39726 (IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 an ...)
NOT-FOR-US: IBM
CVE-2024-24459 (An invalid memory access when handling the ProtocolIE_ID field of S1Se ...)
- TODO: check
+ NOT-FOR-US: Athonet vEPC MME
CVE-2024-24458 (An invalid memory access when handling the ENB Configuration Transfer ...)
- TODO: check
+ NOT-FOR-US: Athonet vEPC MME
CVE-2024-24457 (An invalid memory access when handling the ProtocolIE_ID field of E-RA ...)
- TODO: check
+ NOT-FOR-US: Athonet vEPC MME
CVE-2024-24455 (An invalid memory access when handling a UE Context Release message co ...)
- TODO: check
+ NOT-FOR-US: Athonet vEPC MME
CVE-2024-24454 (An invalid memory access when handling the ProtocolIE_ID field of E-RA ...)
- TODO: check
+ NOT-FOR-US: Athonet vEPC MME
CVE-2024-24453 (An invalid memory access when handling the ProtocolIE_ID field of E-RA ...)
- TODO: check
+ NOT-FOR-US: Athonet vEPC MME
CVE-2024-24452 (An invalid memory access when handling the ProtocolIE_ID field of E-RA ...)
- TODO: check
+ NOT-FOR-US: Athonet vEPC MME
CVE-2024-24450 (Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_reso ...)
NOT-FOR-US: OpenAirInterface CN5G AMF
CVE-2024-24449 (An uninitialized pointer dereference in the NasPdu::NasPdu component o ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface CN5G AMF
CVE-2024-24447 (A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_re ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface CN5G AMF
CVE-2024-24446 (An uninitialized pointer dereference in OpenAirInterface CN5G AMF up t ...)
NOT-FOR-US: OpenAirInterface CN5G AMF
CVE-2024-24431 (A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2 ...)
@@ -393,7 +393,7 @@ CVE-2024-20373 (A vulnerability in the implementation of the Simple Network Mana
CVE-2024-1240 (An open redirection vulnerability exists in pyload/pyload version 0.5. ...)
TODO: check
CVE-2024-1097 (A stored cross-site scripting (XSS) vulnerability exists in craigk5n/w ...)
- TODO: check
+ NOT-FOR-US: craigk5n/webcalendar
CVE-2024-11259 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: code-projects Farmacia
CVE-2024-11258 (A vulnerability classified as critical was found in 1000 Projects Beau ...)
@@ -437,7 +437,7 @@ CVE-2024-10934 (In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 0
CVE-2024-10691
REJECTED
CVE-2024-10534 (Origin Validation Error vulnerability in Dataprom Informatics Personne ...)
- TODO: check
+ NOT-FOR-US: Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS)
CVE-2024-10443 (Improper neutralization of special elements used in a command ('Comman ...)
NOT-FOR-US: Synology
CVE-2024-10311 (The External Database Based Actions plugin for WordPress is vulnerable ...)
@@ -451,7 +451,7 @@ CVE-2023-4679 (A use after free vulnerability exists in GPAC version 2.3-DEV-rev
CVE-2023-4348
REJECTED
CVE-2023-2332 (A stored Cross-site Scripting (XSS) vulnerability exists in the Condit ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2024-9834 (Improper data protection on the ventilator's serial interface could al ...)
NOT-FOR-US: Life2000 Ventilation System
CVE-2024-9832 (There is no limit on the number of failed login attempts permitted wit ...)
@@ -515,9 +515,9 @@ CVE-2024-39707 (Insyde IHISI function 0x49 can restore factory defaults for cert
CVE-2024-39610 (Cross-site scripting vulnerability exists in FitNesse releases prior t ...)
NOT-FOR-US: FitNesse
CVE-2024-31695 (A misconfiguration in the fingerprint authentication mechanism of Bina ...)
- TODO: check
+ NOT-FOR-US: Binance
CVE-2024-11120 (Certain EOL GeoVision devices have an OS Command Injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: GeoVision
CVE-2024-10924 (The Really Simple Security (Free, Pro, and Pro Multisite) plugins for ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10897 (The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to u ...)
@@ -563,7 +563,7 @@ CVE-2024-5917 (A server-side request forgery in PAN-OS software enables an unaut
CVE-2024-5125 (parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scriptin ...)
NOT-FOR-US: parisneo/lollms-webui
CVE-2024-52524 (Giskard is an evaluation and testing framework for AI systems. A Remot ...)
- TODO: check
+ NOT-FOR-US: Giskard
CVE-2024-52505 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...)
TODO: check
CVE-2024-52396 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -649,7 +649,7 @@ CVE-2024-50824 (A SQL Injection vulnerability was found in /admin/class.php in k
CVE-2024-50823 (A SQL Injection vulnerability was found in /admin/login.php in kashipa ...)
NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-4343 (A Python command injection vulnerability exists in the `SagemakerLLM` ...)
- TODO: check
+ NOT-FOR-US: imartinez/privategpt
CVE-2024-4311 (zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due ...)
NOT-FOR-US: zenml-io/zenml
CVE-2024-49362 (Joplin is a free, open source note taking and to-do application. Jopli ...)
@@ -661,9 +661,9 @@ CVE-2024-48284 (A Reflected Cross-Site Scripting (XSS) vulnerability was found i
CVE-2024-47916 (Boa web server - CWE-22: Improper Limitation of a Pathname to a Restri ...)
TODO: check
CVE-2024-47915 (VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthor ...)
- TODO: check
+ NOT-FOR-US: VaeMendis
CVE-2024-47914 (VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF))
- TODO: check
+ NOT-FOR-US: VaeMendis
CVE-2024-45670 (IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users ...)
NOT-FOR-US: IBM
CVE-2024-45642 (IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This v ...)
@@ -695,7 +695,7 @@ CVE-2024-2550 (A null pointer dereference vulnerability in the GlobalProtect gat
CVE-2024-1682 (An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio f ...)
TODO: check
CVE-2024-11215 (Absolute path traversal (incorrect restriction of a path to a restrict ...)
- TODO: check
+ NOT-FOR-US: EasyPHP web server
CVE-2024-11214 (A vulnerability has been found in SourceCodester Best Employee Managem ...)
NOT-FOR-US: SourceCodester Best Employee Management System
CVE-2024-11213 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -707,11 +707,11 @@ CVE-2024-11211 (A vulnerability classified as critical has been found in EyouCMS
CVE-2024-11210 (A vulnerability was found in EyouCMS 1.51. It has been rated as critic ...)
NOT-FOR-US: EyouCMS
CVE-2024-11209 (A vulnerability was found in Apereo CAS 6.6. It has been classified as ...)
- TODO: check
+ NOT-FOR-US: Apereo CAS
CVE-2024-11208 (A vulnerability was found in Apereo CAS 6.6 and classified as problema ...)
- TODO: check
+ NOT-FOR-US: Apereo CAS
CVE-2024-11207 (A vulnerability has been found in Apereo CAS 6.6 and classified as pro ...)
- TODO: check
+ NOT-FOR-US: Apereo CAS
CVE-2024-11136 (The default TCL Camera application exposes a provider vulnerable to pa ...)
TODO: check
CVE-2024-10962 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
@@ -1053,7 +1053,7 @@ CVE-2024-8001 (A vulnerability was found in VIWIS LMS 9.11. It has been classifi
CVE-2024-7295 (In Progress\xae Telerik\xae Report Server versions prior to 2024 Q4 (1 ...)
NOT-FOR-US: Progress Telerik
CVE-2024-52306 (FileManager provides a Backpack admin interface for files and folder. ...)
- TODO: check
+ NOT-FOR-US: FileManager
CVE-2024-52305 (UnoPim is an open-source Product Information Management (PIM) system b ...)
NOT-FOR-US: UnoPim
CVE-2024-52300 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. ...)
@@ -1413,7 +1413,7 @@ CVE-2024-52301 (Laravel is a web application framework. When the register_argc_a
CVE-2024-52297 (Tolgee is an open-source localization platform. Tolgee 3.81.1 included ...)
TODO: check
CVE-2024-52296 (libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised D ...)
- TODO: check
+ NOT-FOR-US: libosdp
CVE-2024-52010 (Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A ...)
NOT-FOR-US: Zoraxy
CVE-2024-51750 (Element is a Matrix web client built using the Matrix React SDK. A mal ...)
@@ -1842,27 +1842,27 @@ CVE-2024-26011 (A missing authentication for critical function in Fortinet Forti
CVE-2024-23666 (A client-side enforcement of server-side security in Fortinet FortiAna ...)
NOT-FOR-US: FortiGuard
CVE-2024-21976 (Improper input validation in the NPU driver could allow an attacker to ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21975 (Improper input validation in the NPU driver could allow an attacker to ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21974 (Improper input validation in the NPU driver could allow an attacker to ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21958 (Incorrect default permissions in the AMD Provisioning Console installa ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21957 (Incorrect default permissions in the AMD Management Console installati ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21949 (Improper validation of user input in the NPU driver could allow an att ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21946 (Incorrect default permissions in the AMD RyzenTM Master Utility instal ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21945 (Incorrect default permissions in the AMD RyzenTM Master monitoring SDK ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21939 (Incorrect default permissions in the AMD Cloud Manageability Service ( ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21938 (Incorrect default permissions in the AMD Management Plugin for the Mic ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21937 (Incorrect default permissions in the AMD HIP SDK installation director ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-11138 (A vulnerability classified as problematic has been found in DedeCMS 5. ...)
NOT-FOR-US: DedeCMS
CVE-2024-11130 (A vulnerability was found in ZZCMS up to 2023. It has been rated as pr ...)
@@ -1973,11 +1973,11 @@ CVE-2024-52530 (GNOME libsoup before 3.6.0 allows HTTP request smuggling in some
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b (3.5.2)
CVE-2024-52288 (libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised D ...)
- TODO: check
+ NOT-FOR-US: libosdp
CVE-2024-52286 (Stirling-PDF is a locally hosted web application that allows you to pe ...)
NOT-FOR-US: Stirling-PDF
CVE-2024-51992 (Orchid is a @laravel package that allows for rapid application develop ...)
- TODO: check
+ NOT-FOR-US: Orchid laravel package
CVE-2024-51748 (Kanboard is project management software that focuses on the Kanban met ...)
- kanboard <unfixed>
NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-jvff-x577-j95p
@@ -2039,7 +2039,7 @@ CVE-2024-48838 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 1
CVE-2024-48837 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4. ...)
NOT-FOR-US: Dell
CVE-2024-48322 (UsersController.php in Run.codes 1.5.2 and older has a reset password ...)
- TODO: check
+ NOT-FOR-US: Run.codes
CVE-2024-47799 (Exposure of sensitive system information to an unauthorized control sp ...)
NOT-FOR-US: Mesh Wi-Fi router RP562B firmware
CVE-2024-47595 (An attacker who gains local membership to sapsys group could replace l ...)
@@ -2075,7 +2075,7 @@ CVE-2024-45088 (IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cros
CVE-2024-45087 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...)
NOT-FOR-US: IBM
CVE-2024-44546 (Powerjob >= 3.20 is vulnerable to SQL injection via the version parame ...)
- TODO: check
+ NOT-FOR-US: Powerjob
CVE-2024-43439 (A flaw was found in moodle. H5P error messages require additional sani ...)
- moodle <removed>
CVE-2024-43437 (A flaw was found in moodle. Insufficient sanitizing of data when perfo ...)
@@ -2109,7 +2109,7 @@ CVE-2024-29075 (Active debug code vulnerability exists in Mesh Wi-Fi router RP56
CVE-2024-25255 (Sublime Text 4 was discovered to contain a command injection vulnerabi ...)
TODO: check
CVE-2024-25254 (SuperScan v4.1 was discovered to contain a buffer overflow via the Hos ...)
- TODO: check
+ NOT-FOR-US: SuperScan
CVE-2024-25253 (Driver Booster v10.6 was discovered to contain a buffer overflow via t ...)
NOT-FOR-US: Driver Booster
CVE-2024-23983 (Improper handling of canonical URL-encoding may lead to bypass not pro ...)
@@ -140992,7 +140992,7 @@ CVE-2023-0739 (Concurrent Execution using Shared Resource with Improper Synchron
CVE-2023-0738 (OrangeScrum version 2.0.11 allows an external attacker to obtain arbit ...)
NOT-FOR-US: OrangeScrum
CVE-2023-0737 (wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vu ...)
- TODO: check
+ NOT-FOR-US: wallabag
CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wall ...)
NOT-FOR-US: Wallabag
CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...)
@@ -167952,7 +167952,7 @@ CVE-2023-20156 (Multiple vulnerabilities in the web-based user interface of cert
CVE-2023-20155 (A vulnerability in a logging API in Cisco Firepower Management Center ...)
NOT-FOR-US: Cisco
CVE-2023-20154 (A vulnerability in the external authentication mechanism of Cisco Mode ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20153 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...)
NOT-FOR-US: Cisco
CVE-2023-20152 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...)
@@ -168010,7 +168010,7 @@ CVE-2023-20127 (Multiple vulnerabilities in the web-based management interface o
CVE-2023-20126 (A vulnerability in the web-based management interface of Cisco SPA112 ...)
NOT-FOR-US: Cisco
CVE-2023-20125 (A vulnerability in the local interface of Cisco BroadWorks Network Ser ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20124 (A vulnerability in the web-based management interface of Cisco Small B ...)
NOT-FOR-US: Cisco
CVE-2023-20123 (A vulnerability in the offline access mode of Cisco Duo Two-Factor Aut ...)
@@ -168072,15 +168072,15 @@ CVE-2023-20096 (A vulnerability in the web-based management interface of Cisco U
CVE-2023-20095 (A vulnerability in the remote access VPN feature of Cisco Adaptive Sec ...)
NOT-FOR-US: Cisco
CVE-2023-20094 (A vulnerability in Cisco TelePresence CE and RoomOS could allow an una ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20093 (Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS c ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20092 (Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS c ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20091 (A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20090 (A vulnerability in Cisco TelePresence CE and RoomOS could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20089 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature fo ...)
NOT-FOR-US: Cisco
CVE-2023-20088 (A vulnerability in the nginx configurations that are provided as part ...)
@@ -168140,7 +168140,7 @@ CVE-2023-20062 (Multiple vulnerabilities in Cisco Unified Intelligence Center co
CVE-2023-20061 (Multiple vulnerabilities in Cisco Unified Intelligence Center could al ...)
NOT-FOR-US: Cisco
CVE-2023-20060 (A vulnerability in the web-based management interface of Cisco Prime C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20059 (A vulnerability in the implementation of the Cisco Network Plug-and-Pl ...)
NOT-FOR-US: Cisco
CVE-2023-20058 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -168185,13 +168185,13 @@ CVE-2023-20041 (Multiple vulnerabilities in the web-based management interface o
CVE-2023-20040 (A vulnerability in the NETCONF service of Cisco Network Services Orche ...)
NOT-FOR-US: Cisco
CVE-2023-20039 (A vulnerability in Cisco IND could allow an authenticated, local attac ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20038 (A vulnerability in the monitoring application of Cisco Industrial Netw ...)
NOT-FOR-US: Cisco
CVE-2023-20037 (A vulnerability in Cisco Industrial Network Director could allow an au ...)
NOT-FOR-US: Cisco
CVE-2023-20036 (A vulnerability in the web UI of Cisco IND could allow an authenticate ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20035 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
NOT-FOR-US: Cisco
CVE-2023-20034 (Vulnerability in the Elasticsearch database used in the of Cisco SD-WA ...)
@@ -168259,7 +168259,7 @@ CVE-2023-20006 (A vulnerability in the hardware-based SSL/TLS cryptography funct
CVE-2023-20005 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2023-20004 (Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS c ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20003 (A vulnerability in the social login configuration option for the guest ...)
NOT-FOR-US: Cisco
CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software could all ...)
@@ -243359,7 +243359,7 @@ CVE-2022-20950 (A vulnerability in the interaction of SIP and Snort 3 for Cisco
CVE-2022-20949 (A vulnerability in the management web server of Cisco Firepower Threat ...)
NOT-FOR-US: Cisco
CVE-2022-20948 (A vulnerability in the web management interface of Cisco BroadWor ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20947 (A vulnerability in dynamic access policies (DAP) functionality of Cisc ...)
NOT-FOR-US: Cisco
CVE-2022-20946 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...)
@@ -243377,7 +243377,7 @@ CVE-2022-20941 (A vulnerability in the web-based management interface of Cisco F
CVE-2022-20940 (A vulnerability in the TLS handler of Cisco Firepower Threat Defense ( ...)
NOT-FOR-US: Cisco
CVE-2022-20939 (A vulnerability in the web-based management interface of Cisco Sm ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20938 (A vulnerability in the module import function of the administrative in ...)
NOT-FOR-US: Cisco
CVE-2022-20937 (A vulnerability in a feature that monitors RADIUS requests on Cisco Id ...)
@@ -243393,7 +243393,7 @@ CVE-2022-20933 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Mera
CVE-2022-20932 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2022-20931 (A vulnerability in the version control of Cisco TelePresence CE S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
NOT-FOR-US: Cisco
CVE-2022-20929 (A vulnerability in the upgrade signature verification of Cisco Enterpr ...)
@@ -243513,7 +243513,7 @@ CVE-2022-20873 (Multiple vulnerabilities in the web-based management interface o
CVE-2022-20872 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2022-20871 (A vulnerability in the web management interface of Cisco AsyncOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20870 (A vulnerability in the egress MPLS packet processing function of Cisco ...)
NOT-FOR-US: Cisco
CVE-2022-20869 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
@@ -243549,7 +243549,7 @@ CVE-2022-20855 (A vulnerability in the self-healing functionality of Cisco IOS X
CVE-2022-20854 (A vulnerability in the processing of SSH connections of Cisco Firepowe ...)
NOT-FOR-US: Cisco
CVE-2022-20853 (A vulnerability in the REST API of Cisco Expressway Series and Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20852 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...)
NOT-FOR-US: Cisco
CVE-2022-20851 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
@@ -243557,15 +243557,15 @@ CVE-2022-20851 (A vulnerability in the web UI feature of Cisco IOS XE Software c
CVE-2022-20850 (A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software ...)
NOT-FOR-US: Cisco
CVE-2022-20849 (A vulnerability in the Broadband Network Gateway PPP over Ethernet (PP ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20848 (A vulnerability in the UDP processing functionality of Cisco IOS XE So ...)
NOT-FOR-US: Cisco
CVE-2022-20847 (A vulnerability in the DHCP processing functionality of Cisco IOS XE W ...)
NOT-FOR-US: Cisco
CVE-2022-20846 (A vulnerability in the Cisco Discovery Protocol implementation fo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20845 (A vulnerability in the TL1 function of Cisco Network Convergence ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20844 (A vulnerability in authentication mechanism of Cisco Software-Defined ...)
NOT-FOR-US: Cisco
CVE-2022-20843 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -243627,7 +243627,7 @@ CVE-2022-20816 (A vulnerability in the web-based management interface of Cisco U
CVE-2022-20815 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2022-20814 (A vulnerability in the certificate validation of Cisco Expressway ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20813 (Multiple vulnerabilities in the API and in the web-based management in ...)
NOT-FOR-US: Cisco
CVE-2022-20812 (Multiple vulnerabilities in the API and in the web-based management in ...)
@@ -243674,7 +243674,7 @@ CVE-2022-20795 (A vulnerability in the implementation of the Datagram TLS (DTLS)
CVE-2022-20794 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...)
NOT-FOR-US: Cisco
CVE-2022-20793 (A vulnerability in pairing process of Cisco TelePresence CE Softw ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20792 (A vulnerability in the regex module used by the signature database loa ...)
{DLA-3042-1}
- clamav 0.103.6+dfsg-1
@@ -243744,7 +243744,7 @@ CVE-2022-20768 (A vulnerability in the logging component of Cisco TelePresence C
CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco Firepow ...)
NOT-FOR-US: Cisco Firepower
CVE-2022-20766 (A vulnerability in the Cisco Discovery Protocol functionality of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20765 (A vulnerability in the web applications of Cisco UCS Director could al ...)
NOT-FOR-US: Cisco
CVE-2022-20764 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09b14d4037d13ac2fac921d49212fed0bb336df5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09b14d4037d13ac2fac921d49212fed0bb336df5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241117/78dc131b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list