[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 20 09:10:30 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aec67abd by security tracker role at 2022-04-20T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2022-29510
+	RESERVED
+CVE-2022-29505
+	RESERVED
+CVE-2022-29486
+	RESERVED
+CVE-2022-29469
+	RESERVED
+CVE-2022-29466
+	RESERVED
+CVE-2022-29262
+	RESERVED
+CVE-2022-28858
+	RESERVED
+CVE-2022-27497
+	RESERVED
+CVE-2022-27493
+	RESERVED
+CVE-2022-26424
+	RESERVED
+CVE-2022-25899
+	RESERVED
+CVE-2022-1406
+	RESERVED
 CVE-2022-29504
 	RESERVED
 CVE-2022-29503
@@ -267,10 +291,10 @@ CVE-2022-1386
 	RESERVED
 CVE-2022-29405
 	RESERVED
-CVE-2022-1385
-	RESERVED
-CVE-2022-1384
-	RESERVED
+CVE-2022-1385 (Mattermost 6.4.x and earlier fails to properly invalidate pending emai ...)
+	TODO: check
+CVE-2022-1384 (Mattermost version 6.4.x and earlier fails to properly check the plugi ...)
+	TODO: check
 CVE-2022-1383 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
 	- radare2 <unfixed>
 	NOTE: https://huntr.dev/bounties/02b4b563-b946-4343-9092-38d1c5cd60c9
@@ -1059,8 +1083,8 @@ CVE-2022-1331
 	RESERVED
 CVE-2022-1330 (stored xss due to unsantized anchor url in GitHub repository alvarotri ...)
 	TODO: check
-CVE-2022-1329
-	RESERVED
+CVE-2022-1329 (The Elementor Website Builder plugin for WordPress is vulnerable to un ...)
+	TODO: check
 CVE-2022-1328 (Buffer Overflow in uudecoder in Mutt affecting all versions starting f ...)
 	- mutt 2.2.3-1 (bug #1009734)
 	- neomutt <unfixed> (bug #1009735)
@@ -1571,8 +1595,8 @@ CVE-2022-28892
 	RESERVED
 CVE-2022-28891
 	RESERVED
-CVE-2022-27629
-	RESERVED
+CVE-2022-27629 (Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Pa ...)
+	TODO: check
 CVE-2022-1291 (XSS vulnerability with default `onCellHtmlData` function in GitHub rep ...)
 	TODO: check
 CVE-2022-1290 (Stored XSS in "Name", "Group Name" & "Title" in GitHub repository  ...)
@@ -3371,16 +3395,16 @@ CVE-2022-1189 (An issue has been discovered in GitLab CE/EE affecting all versio
 	- gitlab <unfixed>
 CVE-2022-1188 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
-CVE-2022-1187
-	RESERVED
-CVE-2022-1186
-	RESERVED
+CVE-2022-1187 (The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross- ...)
+	TODO: check
+CVE-2022-1186 (The WordPress plugin Be POPIA Compliant exposed sensitive information  ...)
+	TODO: check
 CVE-2022-28223 (Tekon KIO devices through 2022-03-30 allow an authenticated admin user ...)
 	NOT-FOR-US: Tekon KIO devices
-CVE-2022-28222
-	RESERVED
-CVE-2022-28221
-	RESERVED
+CVE-2022-28222 (The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2022-28221 (The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable  ...)
+	TODO: check
 CVE-2022-28220
 	RESERVED
 CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in GitLab  ...)
@@ -3837,8 +3861,8 @@ CVE-2022-1121 (A lack of appropriate timeouts in GitLab Pages included in GitLab
 	- gitlab <unfixed>
 CVE-2022-1120 (Missing filtering in an error message in GitLab CE/EE affecting all ve ...)
 	- gitlab <unfixed>
-CVE-2022-1119
-	RESERVED
+CVE-2022-1119 (The Simple File List WordPress plugin is vulnerable to Arbitrary File  ...)
+	TODO: check
 CVE-2022-1118
 	RESERVED
 CVE-2022-1117
@@ -4526,10 +4550,10 @@ CVE-2022-1068 (Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerabl
 	NOT-FOR-US: Modbus Tools Modbus Slave
 CVE-2022-1067 (Navigating to a specific URL with a patient ID number will result in t ...)
 	NOT-FOR-US: LifePoint Informatics Patient Portal
-CVE-2022-27863
-	RESERVED
-CVE-2022-27862
-	RESERVED
+CVE-2022-27863 (Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking  ...)
+	TODO: check
+CVE-2022-27862 (Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking  ...)
+	TODO: check
 CVE-2022-27861
 	RESERVED
 CVE-2022-27860
@@ -4605,7 +4629,7 @@ CVE-2022-27838 (Improper access control vulnerability in FactoryCamera prior to
 	NOT-FOR-US: Samsung
 CVE-2022-27837 (A vulnerability using PendingIntent in Accessibility prior to version  ...)
 	NOT-FOR-US: Samsung
-CVE-2022-27836 (Improper access control and path traversal vulnerability in StroageMan ...)
+CVE-2022-27836 (Improper access control and path traversal vulnerability in Storage Ma ...)
 	NOT-FOR-US: Samsung
 CVE-2022-27835 (Improper boundary check in UWB firmware prior to SMR Apr-2022 Release  ...)
 	NOT-FOR-US: Samsung
@@ -5293,8 +5317,8 @@ CVE-2022-27529 (A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk Aut
 	NOT-FOR-US: Autodesk
 CVE-2022-27528 (A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 c ...)
 	NOT-FOR-US: Autodesk
-CVE-2022-27527
-	RESERVED
+CVE-2022-27527 (A Memory Corruption vulnerability may lead to code execution through m ...)
+	TODO: check
 CVE-2022-27526 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...)
 	NOT-FOR-US: Autodesk
 CVE-2022-27525 (A malicious crafted .dwf file when consumed through DesignReview.exe a ...)
@@ -6068,8 +6092,8 @@ CVE-2022-26349 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004)
 	NOT-FOR-US: Delta Electronics
 CVE-2022-25880 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a  ...)
 	NOT-FOR-US: Delta Electronics
-CVE-2022-1019
-	RESERVED
+CVE-2022-1019 (Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vu ...)
+	TODO: check
 CVE-2022-1018 (When opening a malicious solution file provided by an attacker, the ap ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2022-27172
@@ -6170,11 +6194,9 @@ CVE-2022-27223 (In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel befor
 	NOTE: https://git.kernel.org/linus/7f14c7227f342d9932f9b918893c8814f86d2a0d (5.17-rc6)
 CVE-2022-27222
 	RESERVED
-CVE-2022-0993
-	RESERVED
+CVE-2022-0993 (The SiteGround Security plugin for WordPress is vulnerable to authenti ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-0992
-	RESERVED
+CVE-2022-0992 (The SiteGround Security plugin for WordPress is vulnerable to authenti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0991 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...)
 	NOT-FOR-US: admidio
@@ -10069,8 +10091,8 @@ CVE-2022-25790 (A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2
 	NOT-FOR-US: Autodesk
 CVE-2022-25789 (A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022 ...)
 	NOT-FOR-US: Autodesk
-CVE-2022-25788
-	RESERVED
+CVE-2022-25788 (A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to  ...)
+	TODO: check
 CVE-2022-25787
 	RESERVED
 CVE-2022-25786
@@ -12669,15 +12691,15 @@ CVE-2022-24862
 	RESERVED
 CVE-2022-24861
 	RESERVED
-CVE-2022-24860
-	RESERVED
+CVE-2022-24860 (Databasir is a team-oriented relational database model document manage ...)
+	TODO: check
 CVE-2022-24859 (PyPDF2 is an open source python PDF library capable of splitting, merg ...)
 	- pypdf2 <unfixed> (bug #1009879)
 	NOTE: https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
 	NOTE: https://github.com/py-pdf/PyPDF2/issues/329
 	NOTE: https://github.com/py-pdf/PyPDF2/pull/740
-CVE-2022-24858
-	RESERVED
+CVE-2022-24858 (next-auth v3 users before version 3.29.2 are impacted. next-auth versi ...)
+	TODO: check
 CVE-2022-24857 (django-mfa3 is a library that implements multi factor authentication f ...)
 	TODO: check
 CVE-2022-24856
@@ -12750,10 +12772,10 @@ CVE-2022-24828 (Composer is a dependency manager for the PHP programming languag
 	TODO: check
 CVE-2022-24827 (Elide is a Java library that lets you stand up a GraphQL/JSON-API web  ...)
 	TODO: check
-CVE-2022-24826
-	RESERVED
-CVE-2022-24825
-	RESERVED
+CVE-2022-24826 (On Windows, if Git LFS operates on a malicious repository with a `..ex ...)
+	TODO: check
+CVE-2022-24825 (Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The pr ...)
+	TODO: check
 CVE-2022-24824 (Discourse is an open source platform for community discussion. In affe ...)
 	NOT-FOR-US: Discourse
 CVE-2022-24823
@@ -22404,10 +22426,10 @@ CVE-2022-0073
 	RESERVED
 CVE-2022-0072
 	RESERVED
-CVE-2022-0071
-	RESERVED
-CVE-2022-0070
-	RESERVED
+CVE-2022-0071 (Incomplete fix for CVE-2021-3101. Hotdog, prior to v1.0.2, did not mim ...)
+	TODO: check
+CVE-2022-0070 (Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package st ...)
+	TODO: check
 CVE-2022-0069
 	RESERVED
 CVE-2022-0068
@@ -26447,8 +26469,8 @@ CVE-2021-4098 (Insufficient data validation in Mojo in Google Chrome prior to 96
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Sequence ...)
 	NOT-FOR-US: phpservermon
-CVE-2021-4096
-	RESERVED
+CVE-2021-4096 (The Fancy Product Designer plugin for WordPress is vulnerable to Cross ...)
+	TODO: check
 CVE-2022-21822 (NVIDIA FLARE contains a vulnerability in the admin interface, where an ...)
 	NOT-FOR-US: NVIDIA
 CVE-2022-21821 (NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in  ...)
@@ -30189,196 +30211,196 @@ CVE-2022-21500
 	RESERVED
 CVE-2022-21499
 	RESERVED
-CVE-2022-21498
-	RESERVED
-CVE-2022-21497
-	RESERVED
-CVE-2022-21496
-	RESERVED
+CVE-2022-21498 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+	TODO: check
+CVE-2022-21497 (Vulnerability in the Oracle Web Services Manager product of Oracle Fus ...)
+	TODO: check
+CVE-2022-21496 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+	TODO: check
 CVE-2022-21495
 	RESERVED
-CVE-2022-21494
-	RESERVED
-CVE-2022-21493
-	RESERVED
-CVE-2022-21492
-	RESERVED
-CVE-2022-21491
-	RESERVED
-CVE-2022-21490
-	RESERVED
-CVE-2022-21489
-	RESERVED
-CVE-2022-21488
-	RESERVED
-CVE-2022-21487
-	RESERVED
-CVE-2022-21486
-	RESERVED
-CVE-2022-21485
-	RESERVED
-CVE-2022-21484
-	RESERVED
-CVE-2022-21483
-	RESERVED
-CVE-2022-21482
-	RESERVED
-CVE-2022-21481
-	RESERVED
-CVE-2022-21480
-	RESERVED
-CVE-2022-21479
-	RESERVED
-CVE-2022-21478
-	RESERVED
-CVE-2022-21477
-	RESERVED
-CVE-2022-21476
-	RESERVED
-CVE-2022-21475
-	RESERVED
-CVE-2022-21474
-	RESERVED
-CVE-2022-21473
-	RESERVED
-CVE-2022-21472
-	RESERVED
-CVE-2022-21471
-	RESERVED
-CVE-2022-21470
-	RESERVED
-CVE-2022-21469
-	RESERVED
-CVE-2022-21468
-	RESERVED
-CVE-2022-21467
-	RESERVED
-CVE-2022-21466
-	RESERVED
-CVE-2022-21465
-	RESERVED
-CVE-2022-21464
-	RESERVED
-CVE-2022-21463
-	RESERVED
-CVE-2022-21462
-	RESERVED
-CVE-2022-21461
-	RESERVED
-CVE-2022-21460
-	RESERVED
-CVE-2022-21459
-	RESERVED
-CVE-2022-21458
-	RESERVED
-CVE-2022-21457
-	RESERVED
-CVE-2022-21456
-	RESERVED
+CVE-2022-21494 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+	TODO: check
+CVE-2022-21493 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+	TODO: check
+CVE-2022-21492 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+	TODO: check
+CVE-2022-21491 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2022-21490 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+	TODO: check
+CVE-2022-21489 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+	TODO: check
+CVE-2022-21488 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2022-21487 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2022-21486 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+	TODO: check
+CVE-2022-21485 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+	TODO: check
+CVE-2022-21484 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+	TODO: check
+CVE-2022-21483 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+	TODO: check
+CVE-2022-21482 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+	TODO: check
+CVE-2022-21481 (Vulnerability in the PeopleSoft Enterprise FIN Cash Management product ...)
+	TODO: check
+CVE-2022-21480 (Vulnerability in the Oracle Transportation Management product of Oracl ...)
+	TODO: check
+CVE-2022-21479 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21478 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21477 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+	TODO: check
+CVE-2022-21476 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+	TODO: check
+CVE-2022-21475 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...)
+	TODO: check
+CVE-2022-21474 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...)
+	TODO: check
+CVE-2022-21473 (Vulnerability in the Oracle Banking Treasury Management product of Ora ...)
+	TODO: check
+CVE-2022-21472 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
+	TODO: check
+CVE-2022-21471 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2022-21470 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+	TODO: check
+CVE-2022-21469 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
+	TODO: check
+CVE-2022-21468 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+	TODO: check
+CVE-2022-21467 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...)
+	TODO: check
+CVE-2022-21466 (Vulnerability in the Oracle Commerce Guided Search product of Oracle C ...)
+	TODO: check
+CVE-2022-21465 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2022-21464 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
+	TODO: check
+CVE-2022-21463 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+	TODO: check
+CVE-2022-21462 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21461 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+	TODO: check
+CVE-2022-21460 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21459 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21458 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+	TODO: check
+CVE-2022-21457 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21456 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+	TODO: check
 CVE-2022-21455
 	RESERVED
-CVE-2022-21454
-	RESERVED
-CVE-2022-21453
-	RESERVED
-CVE-2022-21452
-	RESERVED
-CVE-2022-21451
-	RESERVED
-CVE-2022-21450
-	RESERVED
-CVE-2022-21449
-	RESERVED
-CVE-2022-21448
-	RESERVED
-CVE-2022-21447
-	RESERVED
-CVE-2022-21446
-	RESERVED
-CVE-2022-21445
-	RESERVED
-CVE-2022-21444
-	RESERVED
-CVE-2022-21443
-	RESERVED
-CVE-2022-21442
-	RESERVED
-CVE-2022-21441
-	RESERVED
-CVE-2022-21440
-	RESERVED
+CVE-2022-21454 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21453 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+	TODO: check
+CVE-2022-21452 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21451 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21450 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub produc ...)
+	TODO: check
+CVE-2022-21449 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+	TODO: check
+CVE-2022-21448 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+	TODO: check
+CVE-2022-21447 (Vulnerability in the PeopleSoft Enterprise CS Academic Advisement prod ...)
+	TODO: check
+CVE-2022-21446 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+	TODO: check
+CVE-2022-21445 (Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middle ...)
+	TODO: check
+CVE-2022-21444 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21443 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+	TODO: check
+CVE-2022-21442 (Vulnerability in Oracle GoldenGate (component: OGG Core Library). The  ...)
+	TODO: check
+CVE-2022-21441 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+	TODO: check
+CVE-2022-21440 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
 CVE-2022-21439
 	RESERVED
-CVE-2022-21438
-	RESERVED
-CVE-2022-21437
-	RESERVED
-CVE-2022-21436
-	RESERVED
-CVE-2022-21435
-	RESERVED
-CVE-2022-21434
-	RESERVED
+CVE-2022-21438 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21437 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21436 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21435 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21434 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+	TODO: check
 CVE-2022-21433
 	RESERVED
 CVE-2022-21432
 	RESERVED
-CVE-2022-21431
-	RESERVED
-CVE-2022-21430
-	RESERVED
+CVE-2022-21431 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+	TODO: check
+CVE-2022-21430 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+	TODO: check
 CVE-2022-21429
 	RESERVED
 CVE-2022-21428
 	RESERVED
-CVE-2022-21427
-	RESERVED
-CVE-2022-21426
-	RESERVED
-CVE-2022-21425
-	RESERVED
-CVE-2022-21424
-	RESERVED
-CVE-2022-21423
-	RESERVED
-CVE-2022-21422
-	RESERVED
-CVE-2022-21421
-	RESERVED
-CVE-2022-21420
-	RESERVED
-CVE-2022-21419
-	RESERVED
-CVE-2022-21418
-	RESERVED
-CVE-2022-21417
-	RESERVED
-CVE-2022-21416
-	RESERVED
-CVE-2022-21415
-	RESERVED
-CVE-2022-21414
-	RESERVED
-CVE-2022-21413
-	RESERVED
-CVE-2022-21412
-	RESERVED
-CVE-2022-21411
-	RESERVED
-CVE-2022-21410
-	RESERVED
-CVE-2022-21409
-	RESERVED
+CVE-2022-21427 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21426 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+	TODO: check
+CVE-2022-21425 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21424 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+	TODO: check
+CVE-2022-21423 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21422 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+	TODO: check
+CVE-2022-21421 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+	TODO: check
+CVE-2022-21420 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
+	TODO: check
+CVE-2022-21419 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+	TODO: check
+CVE-2022-21418 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21417 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21416 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+	TODO: check
+CVE-2022-21415 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21414 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21413 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21412 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2022-21411 (Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity compone ...)
+	TODO: check
+CVE-2022-21410 (Vulnerability in the Oracle Database - Enterprise Edition Sharding com ...)
+	TODO: check
+CVE-2022-21409 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
+	TODO: check
 CVE-2022-21408
 	RESERVED
 CVE-2022-21407
 	RESERVED
 CVE-2022-21406
 	RESERVED
-CVE-2022-21405
-	RESERVED
-CVE-2022-21404
-	RESERVED
+CVE-2022-21405 (Vulnerability in the OSS Support Tools product of Oracle Support Tools ...)
+	TODO: check
+CVE-2022-21404 (Vulnerability in the Helidon product of Oracle Fusion Middleware (comp ...)
+	TODO: check
 CVE-2022-21403 (Vulnerability in the Oracle Communications Operations Monitor product  ...)
 	NOT-FOR-US: Oracle
 CVE-2022-21402 (Vulnerability in the Oracle Communications Operations Monitor product  ...)
@@ -36989,7 +37011,8 @@ CVE-2021-42188
 	RESERVED
 CVE-2021-42187
 	RESERVED
-CVE-2021-42186 (SAS Logon Manager v9.4 was discovered to contain a vulnerability in th ...)
+CVE-2021-42186
+	REJECTED
 	NOT-FOR-US: SAS Logon Manager
 CVE-2021-42185
 	RESERVED
@@ -42052,7 +42075,7 @@ CVE-2021-40169
 	RESERVED
 CVE-2021-40168
 	RESERVED
-CVE-2021-40167 (A Memory Corruption Vulnerability may lead to remote code execution th ...)
+CVE-2021-40167 (A malicious crafted dwf file when consumed through DesignReview.exe ap ...)
 	NOT-FOR-US: Autodesk
 CVE-2021-40166
 	RESERVED
@@ -76096,12 +76119,12 @@ CVE-2021-26629
 	RESERVED
 CVE-2021-26628
 	RESERVED
-CVE-2021-26627
-	RESERVED
-CVE-2021-26626
-	RESERVED
-CVE-2021-26625
-	RESERVED
+CVE-2021-26627 (Real-time image information exposure is caused by insufficient authent ...)
+	TODO: check
+CVE-2021-26626 (Improper input validation vulnerability in XPLATFORM's execBrowser met ...)
+	TODO: check
+CVE-2021-26625 (Insufficient Verification of input Data leading to arbitrary file down ...)
+	TODO: check
 CVE-2021-26624 (An local privilege escalation vulnerability due to a "runasroot" comma ...)
 	NOT-FOR-US: eScan Antivirus
 CVE-2021-26623 (A remote code execution vulnerability due to incomplete check for 'xhe ...)
@@ -84289,8 +84312,8 @@ CVE-2021-23285 (Eaton Intelligent Power Manager Infrastructure (IPM Infrastructu
 	TODO: check
 CVE-2021-23284 (Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) ve ...)
 	TODO: check
-CVE-2021-23283
-	RESERVED
+CVE-2021-23283 (Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulne ...)
+	TODO: check
 CVE-2021-23282
 	RESERVED
 CVE-2021-23281 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
@@ -84415,10 +84438,10 @@ CVE-2021-3103
 	RESERVED
 CVE-2021-3102
 	RESERVED
-CVE-2021-3101
-	RESERVED
-CVE-2021-3100
-	RESERVED
+CVE-2021-3101 (Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux ...)
+	TODO: check
+CVE-2021-3100 (The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch ...)
+	TODO: check
 CVE-2021-3099
 	RESERVED
 CVE-2021-3098



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aec67abd33c37c814e2e41dd07fb9adcc4c936c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aec67abd33c37c814e2e41dd07fb9adcc4c936c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220420/9276b1ba/attachment.htm>


More information about the debian-security-tracker-commits mailing list