[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 12 Feb 2023 00:10:41 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4014ef3f by security tracker role at 2023-02-12T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12972,8 +12972,8 @@ CVE-2022-4558 (A vulnerability was found in Alinto SOGo 
up to 5.7.1. It has been
        [bullseye] - sogo <no-dsa> (Minor issue)
        [buster] - sogo <no-dsa> (Minor issue)
        NOTE: 
https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3 
(SOGo-5.8.0)
-CVE-2022-4557
-       RESERVED
+CVE-2022-4557 (Improper Input Validation vulnerability in Group Arge Energy 
and Contr ...)
+       TODO: check
 CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and 
classified as ...)
        - sogo 5.8.0-1
        [bullseye] - sogo <no-dsa> (Minor issue)
@@ -20475,20 +20475,20 @@ CVE-2022-45093 (A vulnerability has been identified 
in SINEC INS (All versions &
        NOT-FOR-US: Siemens
 CVE-2022-45092 (A vulnerability has been identified in SINEC INS (All versions 
&lt; V1 ...)
        NOT-FOR-US: Siemens
-CVE-2022-45091
-       RESERVED
-CVE-2022-45090
-       RESERVED
-CVE-2022-45089
-       RESERVED
-CVE-2022-45088
-       RESERVED
-CVE-2022-45087
-       RESERVED
-CVE-2022-45086
-       RESERVED
-CVE-2022-45085
-       RESERVED
+CVE-2022-45091 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2022-45090 (Improper Input Validation vulnerability in Group Arge Energy 
and Contr ...)
+       TODO: check
+CVE-2022-45089 (Improper Input Validation vulnerability in Group Arge Energy 
and Contr ...)
+       TODO: check
+CVE-2022-45088 (Improper Input Validation vulnerability in Group Arge Energy 
and Contr ...)
+       TODO: check
+CVE-2022-45087 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2022-45086 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2022-45085 (Server-Side Request Forgery (SSRF) vulnerability in Group Arge 
Energy  ...)
+       TODO: check
 CVE-2022-45084
        RESERVED
 CVE-2022-45083
@@ -26005,8 +26005,8 @@ CVE-2023-20078
        RESERVED
 CVE-2023-20077
        RESERVED
-CVE-2023-20076
-       RESERVED
+CVE-2023-20076 (A vulnerability in the Cisco IOx application hosting 
environment could ...)
+       TODO: check
 CVE-2023-20075
        RESERVED
 CVE-2023-20074
@@ -26416,8 +26416,8 @@ CVE-2022-43871
        RESERVED
 CVE-2022-43870
        RESERVED
-CVE-2022-43869
-       RESERVED
+CVE-2022-43869 (IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 
through 5.1.5. ...)
+       TODO: check
 CVE-2022-43868
        RESERVED
 CVE-2022-43867 (IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local 
attacke ...)
@@ -30489,8 +30489,8 @@ CVE-2022-42446 (Starting with Sametime 12, anonymous 
users are enabled by defaul
        NOT-FOR-US: HCL
 CVE-2022-42445 (HCL Launch could allow a user with administrative privileges, 
includin ...)
        NOT-FOR-US: HCL
-CVE-2022-42444
-       RESERVED
+CVE-2022-42444 (IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 
12.0.1.0 thr ...)
+       TODO: check
 CVE-2022-42443
        RESERVED
 CVE-2022-42442 ("IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 
21.0.3,  ...)
@@ -30859,8 +30859,8 @@ CVE-2022-42294
        RESERVED
 CVE-2022-42293
        RESERVED
-CVE-2022-42292
-       RESERVED
+CVE-2022-42292 (NVIDIA GeForce Experience contains a vulnerability in the 
NVContainer  ...)
+       TODO: check
 CVE-2022-42291 (NVIDIA GeForce Experience contains a vulnerability in the 
installer, w ...)
        NOT-FOR-US: NVIDIA
 CVE-2022-42290 (NVIDIA BMC contains a vulnerability in SPX REST API, where an 
authoriz ...)
@@ -32414,8 +32414,8 @@ CVE-2022-41733 (IBM InfoSphere Information Server 11.7 
could allow a remote atta
        NOT-FOR-US: IBM
 CVE-2022-41732 (IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain 
clear t ...)
        NOT-FOR-US: IBM
-CVE-2022-41731
-       RESERVED
+CVE-2022-41731 (IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is 
vulnerable ...)
+       TODO: check
 CVE-2022-41730
        RESERVED
 CVE-2022-41729
@@ -35220,7 +35220,7 @@ CVE-2022-3207 (The Simple File List WordPress plugin 
before 4.4.12 does not sani
        NOT-FOR-US: WordPress plugin
 CVE-2022-3206 (The Passster WordPress plugin before 3.5.5.5.2 stores the 
password ins ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-3205 (CVE-2022-3205 Controller: Cross site scripting in automation 
controlle ...)
+CVE-2022-3205 (Cross site scripting in automation controller UI in Red Hat 
Ansible Au ...)
        NOT-FOR-US: Red Hat Ansible Automation Controller
 CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack' 
(NRDelegation ...)
        - unbound 1.16.3-1
@@ -57994,8 +57994,8 @@ CVE-2022-32203
        RESERVED
 CVE-2022-1971 (The NextCellent Gallery WordPress plugin through 1.9.35 does 
not sanit ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-1970
-       REJECTED
+CVE-2022-1970 (keycloak 18.0.0: open redirect in auth endpoint via the 
redirect_uri p ...)
+       TODO: check
 CVE-2022-1969 (The Mobile browser color select plugin for WordPress is 
vulnerable to  ...)
        NOT-FOR-US: Mobile browser color select plugin for WordPress
 CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
@@ -85876,7 +85876,7 @@ CVE-2021-23209 (Multiple Authenticated (admin user 
role) Persistent Cross-Site S
        NOT-FOR-US: WordPress plugin
 CVE-2021-23174 (Authenticated (admin+) Persistent Cross-Site Scripting (XSS) 
vulnerabi ...)
        NOT-FOR-US: WordPress plugin
-CVE-2021-23150 (Authenticated (admin or higher user role) Stored Cross-Site 
Scripting  ...)
+CVE-2021-23150 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) 
vulnerability ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, 
an unpr ...)
        NOT-FOR-US: Apache Traffic Control
@@ -118539,7 +118539,7 @@ CVE-2021-36825
        RESERVED
 CVE-2021-36824
        RESERVED
-CVE-2021-36823 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability 
in WordP ...)
+CVE-2021-36823 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in 
WordPress Abs ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-36822
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4014ef3f0bd4fcf30e3e677fb9ee870086df191b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4014ef3f0bd4fcf30e3e677fb9ee870086df191b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to