[Git][security-tracker-team/security-tracker][master] automatic update

Sat, 23 Apr 2022 01:10:35 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f7945847 by security tracker role at 2022-04-23T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2022-29598
+       RESERVED
+CVE-2022-29597
+       RESERVED
+CVE-2022-29596
+       RESERVED
+CVE-2022-29595
+       RESERVED
+CVE-2022-29594
+       RESERVED
+CVE-2022-29593
+       RESERVED
+CVE-2022-1441
+       RESERVED
 CVE-2022-29592
        RESERVED
 CVE-2022-29591
@@ -84,8 +98,8 @@ CVE-2022-29567
        RESERVED
 CVE-2022-29566 (The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir 
generation bec ...)
        TODO: check
-CVE-2022-1427
-       RESERVED
+CVE-2022-1427 (Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub 
repository mruby ...)
+       TODO: check
 CVE-2022-29565
        RESERVED
 CVE-2022-29564
@@ -4521,10 +4535,10 @@ CVE-2022-1110
        RESERVED
 CVE-2022-1109
        RESERVED
-CVE-2022-1108
-       RESERVED
-CVE-2022-1107
-       RESERVED
+CVE-2022-1108 (A potential vulnerability due to improper buffer validation in 
the SMI ...)
+       TODO: check
+CVE-2022-1107 (A potential vulnerability due to use of Boot Services in the 
SmmOEMInt ...)
+       TODO: check
 CVE-2022-27947 (NETGEAR R8500 1.0.2.158 devices allow remote authenticated 
users to ex ...)
        NOT-FOR-US: NETGEAR
 CVE-2022-27946 (NETGEAR R8500 1.0.2.158 devices allow remote authenticated 
users to ex ...)
@@ -6066,12 +6080,12 @@ CVE-2022-27344
        RESERVED
 CVE-2022-27343
        RESERVED
-CVE-2022-27342
-       RESERVED
-CVE-2022-27341
-       RESERVED
-CVE-2022-27340
-       RESERVED
+CVE-2022-27342 (Link-Admin v0.0.1 was discovered to contain a SQL injection 
vulnerabil ...)
+       TODO: check
+CVE-2022-27341 (JFinalCMS v2.0 was discovered to contain a SQL injection 
vulnerability ...)
+       TODO: check
+CVE-2022-27340 (MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via 
/role/sav ...)
+       TODO: check
 CVE-2022-27339
        RESERVED
 CVE-2022-27338
@@ -11855,8 +11869,8 @@ CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in 
Packagist microweber/microwe
        NOT-FOR-US: microweber
 CVE-2022-0637
        RESERVED
-CVE-2022-0636
-       RESERVED
+CVE-2022-0636 (A denial of service vulnerability was reported in Lenovo Thin 
Installe ...)
+       TODO: check
 CVE-2022-0635 (Versions affected: BIND 9.18.0 When a vulnerable version of 
named rece ...)
        - bind9 1:9.18.1-1
        [bullseye] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -12937,7 +12951,8 @@ CVE-2022-24876
        RESERVED
 CVE-2022-24875 (The CVEProject/cve-services is an open source project used to 
operate  ...)
        NOT-FOR-US: CVEProject cve-services
-CVE-2022-24874 (acs commons is an open source framework for AEM projects. ACS 
Commons  ...)
+CVE-2022-24874
+       REJECTED
        NOT-FOR-US: Adobe acs-aem-commons
 CVE-2022-24873
        RESERVED
@@ -16235,16 +16250,16 @@ CVE-2022-21178
        RESERVED
 CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in 
NPM simp ...)
        NOT-FOR-US: simple-get nodejs module
-CVE-2022-0354
-       RESERVED
+CVE-2022-0354 (A vulnerability was reported in Lenovo System Update that could 
allow  ...)
+       TODO: check
 CVE-2022-0353
        RESERVED
-CVE-2021-4212
-       RESERVED
-CVE-2021-4211
-       RESERVED
-CVE-2021-4210
-       RESERVED
+CVE-2021-4212 (A potential vulnerability in the SMI callback function used in 
the Leg ...)
+       TODO: check
+CVE-2021-4211 (A potential vulnerability in the SMI callback function used in 
the SMB ...)
+       TODO: check
+CVE-2021-4210 (A potential vulnerability in the SMI callback function used in 
the NVM ...)
+       TODO: check
 CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an 
attacker coul ...)
        NOT-FOR-US: Apache ActiveMQ Artemis
 CVE-2022-23912 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 
does no ...)
@@ -19266,8 +19281,8 @@ CVE-2022-0194
        NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the 
s para ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-0192
-       RESERVED
+CVE-2022-0192 (A DLL search path vulnerability was reported in Lenovo 
PCManager prior ...)
+       TODO: check
 CVE-2022-0191
        RESERVED
 CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 
1.2.6 is ...)
@@ -29486,12 +29501,12 @@ CVE-2021-3973 (vim is vulnerable to Heap-based Buffer 
Overflow ...)
        [buster] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e
        NOTE: 
https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847 
(v8.2.3611)
-CVE-2021-3972
-       RESERVED
-CVE-2021-3971
-       RESERVED
-CVE-2021-3970
-       RESERVED
+CVE-2021-3972 (A potential vulnerability by a driver used during manufacturing 
proces ...)
+       TODO: check
+CVE-2021-3971 (A potential vulnerability by a driver used during older 
manufacturing  ...)
+       TODO: check
+CVE-2021-3970 (A potential vulnerability in LenovoVariable SMI Handler due to 
insuffi ...)
+       TODO: check
 CVE-2021-3969
        RESERVED
 CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
@@ -34590,10 +34605,10 @@ CVE-2021-42848
        RESERVED
 CVE-2021-3899
        RESERVED
-CVE-2021-3898
-       RESERVED
-CVE-2021-3897
-       RESERVED
+CVE-2021-3898 (Versions of Motorola Ready For and Motorola Device Help Android 
applic ...)
+       TODO: check
+CVE-2021-3897 (An authentication bypass vulnerability was discovered in an 
internal s ...)
+       TODO: check
 CVE-2021-42847 (Zoho ManageEngine ADAudit Plus before 7006 allows attackers to 
write t ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2021-42846
@@ -38249,8 +38264,8 @@ CVE-2021-3850 (Authentication Bypass by Primary 
Weakness in GitHub repository ad
        NOTE: 
https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29 
(v5.20.21)
        NOTE: 
https://github.com/ADOdb/ADOdb/security/advisories/GHSA-65mj-7c86-79jf
        NOTE: https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c/
-CVE-2021-3849
-       RESERVED
+CVE-2021-3849 (An authentication bypass vulnerability was discovered in the 
web inter ...)
+       TODO: check
 CVE-2021-41850 (An issue was discovered in Luna Simo 
PPR1.180610.011/202001031830. A p ...)
        NOT-FOR-US: Luna Simo
 CVE-2021-41849 (An issue was discovered in Luna Simo 
PPR1.180610.011/202001031830. It  ...)
@@ -44603,10 +44618,10 @@ CVE-2021-39292
        RESERVED
 CVE-2021-3723 (A command injection vulnerability was reported in the 
Integrated Manag ...)
        NOT-FOR-US: IBM
-CVE-2021-3722
-       RESERVED
-CVE-2021-3721
-       RESERVED
+CVE-2021-3722 (A denial of service vulnerability was reported in Lenovo 
PCManager pri ...)
+       TODO: check
+CVE-2021-3721 (A denial of service vulnerability was reported in Lenovo 
PCManager pri ...)
+       TODO: check
 CVE-2021-3720 (An information disclosure vulnerability was reported in the 
Time Weath ...)
        NOT-FOR-US: Lenovo
 CVE-2021-3719 (A potential vulnerability in the SMI callback function that 
saves and  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7945847c88992f13baf6d0ccaf4d6bb659056f2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7945847c88992f13baf6d0ccaf4d6bb659056f2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to