[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 16 Nov 2022 00:10:37 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
589281fb by security tracker role at 2022-11-16T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2022-43468
+       RESERVED
+CVE-2022-41783
+       RESERVED
+CVE-2022-4010
+       RESERVED
+CVE-2022-4009
+       RESERVED
+CVE-2022-4008
+       RESERVED
+CVE-2022-4007
+       RESERVED
+CVE-2022-4006 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2022-4005
+       RESERVED
+CVE-2022-4004
+       RESERVED
+CVE-2021-4241 (A vulnerability, which was classified as problematic, was found 
in php ...)
+       TODO: check
+CVE-2021-4240 (A vulnerability, which was classified as problematic, was found 
in php ...)
+       TODO: check
 CVE-2022-45442
        RESERVED
 CVE-2022-45441
@@ -394,52 +416,52 @@ CVE-2022-45403
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45403
 CVE-2022-45402 (In Apache Airflow versions prior to 2.4.3, there was an open 
redirect  ...)
        - airflow <itp> (bug #819700)
-CVE-2022-45401
-       RESERVED
-CVE-2022-45400
-       RESERVED
-CVE-2022-45399
-       RESERVED
-CVE-2022-45398
-       RESERVED
-CVE-2022-45397
-       RESERVED
-CVE-2022-45396
-       RESERVED
-CVE-2022-45395
-       RESERVED
-CVE-2022-45394
-       RESERVED
-CVE-2022-45393
-       RESERVED
-CVE-2022-45392
-       RESERVED
-CVE-2022-45391
-       RESERVED
-CVE-2022-45390
-       RESERVED
-CVE-2022-45389
-       RESERVED
-CVE-2022-45388
-       RESERVED
-CVE-2022-45387
-       RESERVED
-CVE-2022-45386
-       RESERVED
-CVE-2022-45385
-       RESERVED
-CVE-2022-45384
-       RESERVED
-CVE-2022-45383
-       RESERVED
-CVE-2022-45382
-       RESERVED
-CVE-2022-45381
-       RESERVED
-CVE-2022-45380
-       RESERVED
-CVE-2022-45379
-       RESERVED
+CVE-2022-45401 (Jenkins Associated Files Plugin 0.2.1 and earlier does not 
escape name ...)
+       TODO: check
+CVE-2022-45400 (Jenkins JAPEX Plugin 1.7 and earlier does not configure its 
XML parser ...)
+       TODO: check
+CVE-2022-45399 (A missing permission check in Jenkins Cluster Statistics 
Plugin 0.4.6  ...)
+       TODO: check
+CVE-2022-45398 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Cluster S ...)
+       TODO: check
+CVE-2022-45397 (Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and 
earlier does ...)
+       TODO: check
+CVE-2022-45396 (Jenkins SourceMonitor Plugin 0.2 and earlier does not 
configure its XM ...)
+       TODO: check
+CVE-2022-45395 (Jenkins CCCC Plugin 0.6 and earlier does not configure its XML 
parser  ...)
+       TODO: check
+CVE-2022-45394 (A missing permission check in Jenkins Delete log Plugin 1.0 
and earlie ...)
+       TODO: check
+CVE-2022-45393 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Delete lo ...)
+       TODO: check
+CVE-2022-45392 (Jenkins NS-ND Integration Performance Publisher Plugin 
4.8.0.143 and e ...)
+       TODO: check
+CVE-2022-45391 (Jenkins NS-ND Integration Performance Publisher Plugin 
4.8.0.143 and e ...)
+       TODO: check
+CVE-2022-45390 (A missing permission check in Jenkins loader.io Plugin 1.0.1 
and earli ...)
+       TODO: check
+CVE-2022-45389 (A missing permission check in Jenkins XP-Dev Plugin 1.0 and 
earlier al ...)
+       TODO: check
+CVE-2022-45388 (Jenkins Config Rotator Plugin 2.0.1 and earlier does not 
restrict a fi ...)
+       TODO: check
+CVE-2022-45387 (Jenkins BART Plugin 1.0.3 and earlier does not escape the 
parsed conte ...)
+       TODO: check
+CVE-2022-45386 (Jenkins Violations Plugin 0.7.11 and earlier does not 
configure its XM ...)
+       TODO: check
+CVE-2022-45385 (A missing permission check in Jenkins CloudBees Docker 
Hub/Registry No ...)
+       TODO: check
+CVE-2022-45384 (Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the 
LDAP ma ...)
+       TODO: check
+CVE-2022-45383 (An incorrect permission check in Jenkins Support Core Plugin 
1206.v140 ...)
+       TODO: check
+CVE-2022-45382 (Jenkins Naginator Plugin 1.18.1 and earlier does not escape 
display na ...)
+       TODO: check
+CVE-2022-45381 (Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does 
not rest ...)
+       TODO: check
+CVE-2022-45380 (Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts 
HTTP(S)  ...)
+       TODO: check
+CVE-2022-45379 (Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and 
earlier store ...)
+       TODO: check
 CVE-2022-45378 (** UNSUPPORTED WHEN ASSIGNED ** In the default configuration 
of Apache ...)
        NOT-FOR-US: Apache SOAP
 CVE-2022-45377
@@ -1136,8 +1158,8 @@ CVE-2022-41659
        RESERVED
 CVE-2022-3921
        RESERVED
-CVE-2022-3920
-       RESERVED
+CVE-2022-3920 (HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do 
not filt ...)
+       TODO: check
 CVE-2022-45108
        RESERVED
 CVE-2022-45107
@@ -8658,8 +8680,8 @@ CVE-2022-43280 (wasm-interp v1.0.29 was discovered to 
contain an out-of-bounds r
        - wabt <unfixed> (unimportant)
        NOTE: https://github.com/WebAssembly/wabt/issues/1982
        NOTE: Crash in CLI tool, no security impact
-CVE-2022-43279
-       RESERVED
+CVE-2022-43279 (LimeSurvey v5.4.4 was discovered to contain a SQL injection 
vulnerabil ...)
+       TODO: check
 CVE-2022-43278 (Canteen Management System v1.0 was discovered to contain a SQL 
injecti ...)
        NOT-FOR-US: Canteen Management System
 CVE-2022-43277 (Canteen Management System v1.0 was discovered to contain an 
arbitrary  ...)
@@ -8686,8 +8708,8 @@ CVE-2022-43267
        RESERVED
 CVE-2022-43266
        RESERVED
-CVE-2022-43265
-       RESERVED
+CVE-2022-43265 (An arbitrary file upload vulnerability in the component 
/pages/save_us ...)
+       TODO: check
 CVE-2022-43264
        RESERVED
 CVE-2022-43263
@@ -10090,8 +10112,8 @@ CVE-2022-42787 (Multiple W&amp;T products of the 
Comserver Series use a small nu
        NOT-FOR-US: Wiesemann & Theis GmbH products
 CVE-2022-42786 (Multiple W&amp;T Products of the ComServer Series are prone to 
an XSS  ...)
        NOT-FOR-US: Wiesemann & Theis GmbH products
-CVE-2022-42785
-       RESERVED
+CVE-2022-42785 (Multiple W&amp;T products of the ComServer Series are prone to 
an auth ...)
+       TODO: check
 CVE-2022-42784
        RESERVED
 CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb 
prior to ...)
@@ -12112,12 +12134,12 @@ CVE-2022-41920
        RESERVED
 CVE-2022-41919
        RESERVED
-CVE-2022-41918
-       RESERVED
-CVE-2022-41917
-       RESERVED
-CVE-2022-41916
-       RESERVED
+CVE-2022-41918 (OpenSearch is a community-driven, open source fork of 
Elasticsearch an ...)
+       TODO: check
+CVE-2022-41917 (OpenSearch is a community-driven, open source fork of 
Elasticsearch an ...)
+       TODO: check
+CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. 
Version ...)
+       TODO: check
 CVE-2022-41915
        RESERVED
 CVE-2022-41914
@@ -12299,8 +12321,8 @@ CVE-2022-3379 (Horner Automation's Cscape version 9.90 
SP7 and prior does not pr
        NOT-FOR-US: Horner Automation's Cscape
 CVE-2022-3378 (Horner Automation's Cscape version 9.90 SP 7 and prior does not 
proper ...)
        NOT-FOR-US: Horner Automation's Cscape
-CVE-2022-3377
-       RESERVED
+CVE-2022-3377 (Horner Automation's Cscape version 9.90 SP 6 and prior does not 
proper ...)
+       TODO: check
 CVE-2022-3376 (Weak Password Requirements in GitHub repository 
ikus060/rdiffweb prior ...)
        - rdiffweb <itp> (bug #969974)
 CVE-2022-3375
@@ -15021,8 +15043,8 @@ CVE-2022-3234 (Heap-based Buffer Overflow in GitHub 
repository vim/vim prior to
        NOTE: 
https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d 
(v9.0.0483)
 CVE-2022-40754 (In Apache Airflow 2.3.0 through 2.3.4, there was an open 
redirect in t ...)
        - airflow <itp> (bug #819700)
-CVE-2022-40753
-       RESERVED
+CVE-2022-40753 (IBM InfoSphere Information Server 11.7 is vulnerable to 
cross-site scr ...)
+       TODO: check
 CVE-2022-40752
        RESERVED
 CVE-2022-40751
@@ -16497,7 +16519,7 @@ CVE-2022-40162
 CVE-2022-40161 (** DISPUTED ** This record was originally reported by the 
oss-fuzz pro ...)
        - libcommons-jxpath-java <unfixed>
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47097
-CVE-2022-40160 (Those using JXPath to interpret XPath may be vulnerable to 
Denial of S ...)
+CVE-2022-40160 (** DISPUTED ** This record was originally reported by the 
oss-fuzz pro ...)
        - libcommons-jxpath-java <unfixed>
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47053
 CVE-2022-40159 (** DISPUTED ** This record was originally reported by the 
oss-fuzz pro ...)
@@ -20405,8 +20427,8 @@ CVE-2022-2948
        RESERVED
 CVE-2022-2947
        RESERVED
-CVE-2022-38666
-       RESERVED
+CVE-2022-38666 (Jenkins NS-ND Integration Performance Publisher Plugin 
4.8.0.146 and e ...)
+       TODO: check
 CVE-2022-38665 (Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a 
RabbitMQ p ...)
        NOT-FOR-US: Jenkins CollabNet Plugins Plugin
 CVE-2022-38664 (Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 
and earlie ...)
@@ -21290,8 +21312,8 @@ CVE-2022-38387 (IBM Cloud Pak for Security (CP4S) 
1.10.0.0 through 1.10.2.0 coul
        NOT-FOR-US: IBM
 CVE-2022-38386
        RESERVED
-CVE-2022-38385
-       RESERVED
+CVE-2022-38385 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 
could allo ...)
+       TODO: check
 CVE-2022-38384
        RESERVED
 CVE-2022-38383
@@ -21866,8 +21888,8 @@ CVE-2022-38203
        RESERVED
 CVE-2022-38202
        RESERVED
-CVE-2022-38201
-       RESERVED
+CVE-2022-38201 (An unvalidated redirect vulnerability exists in Esri Portal 
for ArcGIS ...)
+       TODO: check
 CVE-2022-38200 (A cross site scripting vulnerability exists in some map 
service config ...)
        NOT-FOR-US: ArcGIS Server
 CVE-2022-38199 (A remote file download issue can occur in some capabilities of 
Esri Ar ...)
@@ -22064,7 +22086,7 @@ CVE-2022-38165
        RESERVED
 CVE-2022-38164 (WithSecure through 2022-08-10 allows attackers to cause a 
denial of se ...)
        NOT-FOR-US: WithSecure
-CVE-2022-38163 (WithSecure through 2022-08-10 allows attackers to cause a 
denial of se ...)
+CVE-2022-38163 (A Drag and Drop spoof vulnerability was discovered in F-Secure 
SAFE Br ...)
        NOT-FOR-US: WithSecure
 CVE-2022-38162 (Reflected cross-site scripting (XSS) vulnerabilities in 
WithSecure thr ...)
        NOT-FOR-US: WithSecure
@@ -32670,8 +32692,8 @@ CVE-2022-34171 (In Jenkins 2.321 through 2.355 (both 
inclusive) and LTS 2.332.1
        - jenkins <removed>
 CVE-2022-34170 (In Jenkins 2.320 through 2.355 (both inclusive) and LTS 
2.332.1 throug ...)
        - jenkins <removed>
-CVE-2022-2166
-       RESERVED
+CVE-2022-2166 (Improper Restriction of Excessive Authentication Attempts in 
GitHub re ...)
+       TODO: check
 CVE-2022-34169 (The Apache Xalan Java XSLT library is vulnerable to an integer 
truncat ...)
        {DSA-5256-1 DSA-5192-1 DSA-5188-1 DLA-3155-1}
        - openjdk-8 8u342-b07-1
@@ -42151,16 +42173,16 @@ CVE-2022-30774 (DMA attacks on the parameter buffer 
used by the PnpSmm driver co
        TODO: check
 CVE-2022-30773 (DMA attacks on the parameter buffer used by the IhisiSmm 
driver could  ...)
        TODO: check
-CVE-2022-30772
-       RESERVED
-CVE-2022-30771
-       RESERVED
+CVE-2022-30772 (Manipulation of the input address in PnpSmm function 0x52 
could be use ...)
+       TODO: check
+CVE-2022-30771 (Initialization function in PnpSmm could lead to SMRAM 
corruption when  ...)
+       TODO: check
 CVE-2022-30770 (Terminalfour versions 8.3.7, 8.3.x versions prior to version 
8.3.8 and ...)
        NOT-FOR-US: Terminalfour
-CVE-2022-30769
-       RESERVED
-CVE-2022-30768
-       RESERVED
+CVE-2022-30769 (Session fixation exists in ZoneMinder through 1.36.12 as an 
attacker c ...)
+       TODO: check
+CVE-2022-30768 (A Stored Cross Site Scripting (XSS) issue in ZoneMinder 
1.36.12 allows ...)
+       TODO: check
 CVE-2022-30767 (nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 
(and throu ...)
        [experimental] - u-boot 2022.07~rc4+dfsg-1
        - u-boot 2022.07+dfsg-1 (bug #1014471)
@@ -43612,8 +43634,8 @@ CVE-2022-30285 (In Quest KACE Systems Management 
Appliance (SMA) through 12.0, a
        NOT-FOR-US: Quest KACE System Management Appliance
 CVE-2022-30284 (** DISPUTED ** In the python-libnmap package through 0.7.2 for 
Python, ...)
        NOTE: Bogus python-libnmap issue
-CVE-2022-30283
-       RESERVED
+CVE-2022-30283 (In UsbCoreDxe, tampering with the contents of the USB working 
buffer u ...)
+       TODO: check
 CVE-2022-30282
        RESERVED
 CVE-2022-30281
@@ -46521,16 +46543,16 @@ CVE-2022-29281 (Notable before 1.9.0-beta.8 doesn't 
effectively prevent the open
        NOT-FOR-US: Notable
 CVE-2022-29280
        REJECTED
-CVE-2022-29279
-       RESERVED
-CVE-2022-29278
-       RESERVED
-CVE-2022-29277
-       RESERVED
-CVE-2022-29276
-       RESERVED
-CVE-2022-29275
-       RESERVED
+CVE-2022-29279 (Use of a untrusted pointer allows tampering with SMRAM and OS 
memory i ...)
+       TODO: check
+CVE-2022-29278 (Incorrect pointer checks within the NvmExpressDxe driver can 
allow tam ...)
+       TODO: check
+CVE-2022-29277 (Incorrect pointer checks within the the FwBlockServiceSmm 
driver can a ...)
+       TODO: check
+CVE-2022-29276 (SMI functions in AhciBusDxe use untrusted inputs leading to 
corruption ...)
+       TODO: check
+CVE-2022-29275 (In UsbCoreDxe, untrusted input may allow SMRAM or OS memory 
tampering  ...)
+       TODO: check
 CVE-2022-29274
        RESERVED
 CVE-2022-29273
@@ -50714,8 +50736,8 @@ CVE-2022-27897
        RESERVED
 CVE-2022-27896 (Information Exposure Through Log Files vulnerability 
discovered in Fou ...)
        TODO: check
-CVE-2022-27895
-       RESERVED
+CVE-2022-27895 (Information Exposure Through Log Files vulnerability 
discovered in Fou ...)
+       TODO: check
 CVE-2022-27894 (The Foundry Blobster service was found to have a cross-site 
scripting  ...)
        NOT-FOR-US: Foundry Blobster service
 CVE-2022-27893 (The Foundry Magritte plugin osisoft-pi-web-connector versions 
0.15.0 - ...)
@@ -59185,8 +59207,8 @@ CVE-2022-24944
        RESERVED
 CVE-2022-24943
        RESERVED
-CVE-2022-24942
-       RESERVED
+CVE-2022-24942 (Heap based buffer overflow in HTTP Server functionality in 
Micrium uC- ...)
+       TODO: check
 CVE-2022-24941
        RESERVED
 CVE-2022-24940
@@ -79946,72 +79968,72 @@ CVE-2022-20952
        RESERVED
 CVE-2022-20951 (A vulnerability in the web-based management interface of Cisco 
BroadWo ...)
        NOT-FOR-US: Cisco
-CVE-2022-20950
-       RESERVED
-CVE-2022-20949
-       RESERVED
+CVE-2022-20950 (A vulnerability in the interaction of SIP and Snort 3 for 
Cisco Firepo ...)
+       TODO: check
+CVE-2022-20949 (A vulnerability in the management web server of Cisco 
Firepower Threat ...)
+       TODO: check
 CVE-2022-20948
        RESERVED
-CVE-2022-20947
-       RESERVED
-CVE-2022-20946
-       RESERVED
+CVE-2022-20947 (A vulnerability in dynamic access policies (DAP) functionality 
of Cisc ...)
+       TODO: check
+CVE-2022-20946 (A vulnerability in the generic routing encapsulation (GRE) 
tunnel deca ...)
+       TODO: check
 CVE-2022-20945 (A vulnerability in the 802.11 association frame validation of 
Cisco Ca ...)
        NOT-FOR-US: Cisco
 CVE-2022-20944 (A vulnerability in the software image verification 
functionality of Ci ...)
        NOT-FOR-US: Cisco
-CVE-2022-20943
-       RESERVED
+CVE-2022-20943 (Multiple vulnerabilities in the Server Message Block Version 2 
(SMB2)  ...)
+       TODO: check
 CVE-2022-20942 (A vulnerability in the web-based management interface of Cisco 
Email S ...)
        NOT-FOR-US: Cisco
-CVE-2022-20941
-       RESERVED
-CVE-2022-20940
-       RESERVED
+CVE-2022-20941 (A vulnerability in the web-based management interface of Cisco 
Firepow ...)
+       TODO: check
+CVE-2022-20940 (A vulnerability in the TLS handler of Cisco Firepower Threat 
Defense ( ...)
+       TODO: check
 CVE-2022-20939
        RESERVED
-CVE-2022-20938
-       RESERVED
+CVE-2022-20938 (A vulnerability in the module import function of the 
administrative in ...)
+       TODO: check
 CVE-2022-20937 (A vulnerability in a feature that monitors RADIUS requests on 
Cisco Id ...)
        NOT-FOR-US: Cisco
-CVE-2022-20936
-       RESERVED
-CVE-2022-20935
-       RESERVED
-CVE-2022-20934
-       RESERVED
+CVE-2022-20936 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20935 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20934 (A vulnerability in the CLI of Cisco Firepower Threat Defense 
(FTD) Sof ...)
+       TODO: check
 CVE-2022-20933 (A vulnerability in the Cisco AnyConnect VPN server of Cisco 
Meraki MX  ...)
        NOT-FOR-US: Cisco
-CVE-2022-20932
-       RESERVED
+CVE-2022-20932 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
 CVE-2022-20931
        RESERVED
 CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could 
allow an aut ...)
        NOT-FOR-US: Cisco
 CVE-2022-20929
        RESERVED
-CVE-2022-20928
-       RESERVED
-CVE-2022-20927
-       RESERVED
-CVE-2022-20926
-       RESERVED
-CVE-2022-20925
-       RESERVED
-CVE-2022-20924
-       RESERVED
+CVE-2022-20928 (A vulnerability in the authentication and authorization flows 
for VPN  ...)
+       TODO: check
+CVE-2022-20927 (A vulnerability in the SSL/TLS client of Cisco Adaptive 
Security Appli ...)
+       TODO: check
+CVE-2022-20926 (A vulnerability in the web management interface of the Cisco 
Firepower ...)
+       TODO: check
+CVE-2022-20925 (A vulnerability in the web management interface of the Cisco 
Firepower ...)
+       TODO: check
+CVE-2022-20924 (A vulnerability in the Simple Network Management Protocol 
(SNMP) featu ...)
+       TODO: check
 CVE-2022-20923 (A vulnerability in the IPSec VPN Server authentication 
functionality o ...)
        NOT-FOR-US: Cisco
-CVE-2022-20922
-       RESERVED
+CVE-2022-20922 (Multiple vulnerabilities in the Server Message Block Version 2 
(SMB2)  ...)
+       TODO: check
 CVE-2022-20921 (A vulnerability in the API implementation of Cisco ACI 
Multi-Site Orch ...)
        NOT-FOR-US: Cisco
 CVE-2022-20920 (A vulnerability in the SSH implementation of Cisco IOS 
Software and Ci ...)
        NOT-FOR-US: Cisco
 CVE-2022-20919 (A vulnerability in the processing of malformed Common 
Industrial Proto ...)
        NOT-FOR-US: Cisco
-CVE-2022-20918
-       RESERVED
+CVE-2022-20918 (A vulnerability in the Simple Network Management Protocol 
(SNMP) acces ...)
+       TODO: check
 CVE-2022-20917
        RESERVED
 CVE-2022-20916 (A vulnerability in the web-based management interface of Cisco 
IoT Con ...)
@@ -80036,8 +80058,8 @@ CVE-2022-20907 (Multiple vulnerabilities in Cisco Nexus 
Dashboard could allow an
        NOT-FOR-US: Cisco
 CVE-2022-20906 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow 
an authe ...)
        NOT-FOR-US: Cisco
-CVE-2022-20905
-       RESERVED
+CVE-2022-20905 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
 CVE-2022-20904 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
        NOT-FOR-US: Cisco
 CVE-2022-20903 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
@@ -80102,8 +80124,8 @@ CVE-2022-20874 (Multiple vulnerabilities in the 
web-based management interface o
        NOT-FOR-US: Cisco
 CVE-2022-20873 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
        NOT-FOR-US: Cisco
-CVE-2022-20872
-       RESERVED
+CVE-2022-20872 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
 CVE-2022-20871
        RESERVED
 CVE-2022-20870 (A vulnerability in the egress MPLS packet processing function 
of Cisco ...)
@@ -80138,8 +80160,8 @@ CVE-2022-20856 (A vulnerability in the processing of 
Control and Provisioning of
        NOT-FOR-US: Cisco
 CVE-2022-20855 (A vulnerability in the self-healing functionality of Cisco IOS 
XE Soft ...)
        NOT-FOR-US: Cisco
-CVE-2022-20854
-       RESERVED
+CVE-2022-20854 (A vulnerability in the processing of SSH connections of Cisco 
Firepowe ...)
+       TODO: check
 CVE-2022-20853
        RESERVED
 CVE-2022-20852 (Multiple vulnerabilities in the web interface of Cisco Webex 
Meetings  ...)
@@ -80160,32 +80182,32 @@ CVE-2022-20845
        RESERVED
 CVE-2022-20844 (A vulnerability in authentication mechanism of Cisco 
Software-Defined  ...)
        NOT-FOR-US: Cisco
-CVE-2022-20843
-       RESERVED
+CVE-2022-20843 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
 CVE-2022-20842 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, 
RV340,  ...)
        NOT-FOR-US: Cisco
 CVE-2022-20841 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, 
RV340,  ...)
        NOT-FOR-US: Cisco
-CVE-2022-20840
-       RESERVED
-CVE-2022-20839
-       RESERVED
-CVE-2022-20838
-       RESERVED
+CVE-2022-20840 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20839 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20838 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
 CVE-2022-20837 (A vulnerability in the DNS application layer gateway (ALG) 
functionali ...)
        NOT-FOR-US: Cisco
-CVE-2022-20836
-       RESERVED
-CVE-2022-20835
-       RESERVED
-CVE-2022-20834
-       RESERVED
-CVE-2022-20833
-       RESERVED
-CVE-2022-20832
-       RESERVED
-CVE-2022-20831
-       RESERVED
+CVE-2022-20836 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20835 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20834 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20833 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20832 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20831 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
 CVE-2022-20830 (A vulnerability in authentication mechanism of Cisco 
Software-Defined  ...)
        NOT-FOR-US: Cisco
 CVE-2022-20829 (A vulnerability in the packaging of Cisco Adaptive Security 
Device Man ...)
@@ -80194,8 +80216,8 @@ CVE-2022-20828 (A vulnerability in the CLI parser of 
Cisco FirePOWER Software fo
        NOT-FOR-US: Cisco
 CVE-2022-20827 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, 
RV340,  ...)
        NOT-FOR-US: Cisco
-CVE-2022-20826
-       RESERVED
+CVE-2022-20826 (A vulnerability in the secure boot implementation of Cisco 
Secure Fire ...)
+       TODO: check
 CVE-2022-20825 (A vulnerability in the web-based management interface of Cisco 
Small B ...)
        NOT-FOR-US: Cisco
 CVE-2022-20824 (A vulnerability in the Cisco Discovery Protocol feature of 
Cisco FXOS  ...)
@@ -189183,10 +189205,10 @@ CVE-2020-12510 (The default installation path of 
the TwinCAT XAR 3.1 software in
        NOT-FOR-US: Beckhoff
 CVE-2020-12509 (In s::can moni::tools in versions below 4.2 an unauthenticated 
attacke ...)
        NOT-FOR-US: s::can moni::tools
-CVE-2020-12508
-       RESERVED
-CVE-2020-12507
-       RESERVED
+CVE-2020-12508 (In s::can moni::tools in versions below 4.2 an unauthenticated 
attacke ...)
+       TODO: check
+CVE-2020-12507 (In s::can moni::tools before version 4.2 an authenticated 
attacker cou ...)
+       TODO: check
 CVE-2020-12506 (Improper Authentication vulnerability in WAGO 750-8XX series 
with FW v ...)
        NOT-FOR-US: WAGO
 CVE-2020-12505 (Improper Authentication vulnerability in WAGO 750-8XX series 
with FW v ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/589281fbf92c68bfc24bc94f3dfd86e0138739d5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/589281fbf92c68bfc24bc94f3dfd86e0138739d5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to