[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 21 21:10:29 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05e09e6c by security tracker role at 2022-04-21T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2022-29565
+	RESERVED
+CVE-2022-29564
+	RESERVED
+CVE-2022-29563
+	RESERVED
+CVE-2022-29562
+	RESERVED
+CVE-2022-29561
+	RESERVED
+CVE-2022-29560
+	RESERVED
+CVE-2022-1426
+	RESERVED
+CVE-2022-1425
+	RESERVED
+CVE-2022-1424
+	RESERVED
+CVE-2022-1423
+	RESERVED
+CVE-2022-1422
+	RESERVED
+CVE-2022-1421
+	RESERVED
+CVE-2022-1420 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior  ...)
+	TODO: check
+CVE-2021-46784
+	RESERVED
 CVE-2022-29559
 	RESERVED
 CVE-2022-29558
@@ -1862,8 +1890,8 @@ CVE-2022-28822
 	RESERVED
 CVE-2022-28821
 	RESERVED
-CVE-2022-28820
-	RESERVED
+CVE-2022-28820 (ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross ...)
+	TODO: check
 CVE-2022-28819
 	RESERVED
 CVE-2022-28818
@@ -1882,7 +1910,7 @@ CVE-2022-28812
 	RESERVED
 CVE-2022-28811
 	RESERVED
-CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus before 6122 allows an authenticat ...)
+CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-28809
 	RESERVED
@@ -6189,8 +6217,8 @@ CVE-2022-1024
 	RESERVED
 CVE-2022-1023 (The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-1022
-	RESERVED
+CVE-2022-1022 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
+	TODO: check
 CVE-2022-1021
 	RESERVED
 CVE-2022-1020 (The Product Table for WooCommerce (wooproducttable) WordPress plugin b ...)
@@ -12800,8 +12828,8 @@ CVE-2022-24877
 	RESERVED
 CVE-2022-24876
 	RESERVED
-CVE-2022-24875
-	RESERVED
+CVE-2022-24875 (The CVEProject/cve-services is an open source project used to operate  ...)
+	TODO: check
 CVE-2022-24874 (acs commons is an open source framework for AEM projects. ACS Commons  ...)
 	NOT-FOR-US: Adobe acs-aem-commons
 CVE-2022-24873
@@ -12810,14 +12838,14 @@ CVE-2022-24872 (Shopware is an open commerce platform based on Symfony Framework
 	NOT-FOR-US: Shopware
 CVE-2022-24871 (Shopware is an open commerce platform based on Symfony Framework and V ...)
 	NOT-FOR-US: Shopware
-CVE-2022-24870
-	RESERVED
-CVE-2022-24869
-	RESERVED
-CVE-2022-24868
-	RESERVED
-CVE-2022-24867
-	RESERVED
+CVE-2022-24870 (Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta  ...)
+	TODO: check
+CVE-2022-24869 (GLPI is a Free Asset and IT Management Software package, that provides ...)
+	TODO: check
+CVE-2022-24868 (GLPI is a Free Asset and IT Management Software package, that provides ...)
+	TODO: check
+CVE-2022-24867 (GLPI is a Free Asset and IT Management Software package, that provides ...)
+	TODO: check
 CVE-2022-24866
 	RESERVED
 CVE-2022-24865 (HumHub is an Open Source Enterprise Social Network. In affected versio ...)
@@ -14768,8 +14796,8 @@ CVE-2022-24274
 	RESERVED
 CVE-2022-24273
 	RESERVED
-CVE-2022-24272
-	RESERVED
+CVE-2022-24272 (An authenticated user may trigger an invariant assertion during comman ...)
+	TODO: check
 CVE-2022-23400
 	RESERVED
 CVE-2022-0435 (A stack overflow flaw was found in the Linux kernel's TIPC protocol fu ...)
@@ -18093,8 +18121,8 @@ CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Applicat
 	NOT-FOR-US: Orchard CMS
 CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...)
 	NOT-FOR-US: calibre-web
-CVE-2022-0272
-	RESERVED
+CVE-2022-0272 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
+	TODO: check
 CVE-2022-0271 (The LearnPress WordPress plugin before 4.1.6 does not sanitise and esc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes im ...)
@@ -21533,10 +21561,10 @@ CVE-2022-22438
 	RESERVED
 CVE-2022-22437
 	RESERVED
-CVE-2022-22436
-	RESERVED
-CVE-2022-22435
-	RESERVED
+CVE-2022-22436 (IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site script ...)
+	TODO: check
+CVE-2022-22435 (IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site script ...)
+	TODO: check
 CVE-2022-22434
 	RESERVED
 CVE-2022-22433
@@ -39829,10 +39857,10 @@ CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected ver
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj (v4.17.0)
 CVE-2021-41163 (Discourse is an open source platform for community discussion. In affe ...)
 	NOT-FOR-US: Discourse
-CVE-2021-41162
-	RESERVED
-CVE-2021-41161
-	RESERVED
+CVE-2021-41162 (Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta  ...)
+	TODO: check
+CVE-2021-41161 (Combodo iTop is a web based IT Service Management tool. In versions pr ...)
+	TODO: check
 CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
 	- freerdp2 2.4.1+dfsg1-1 (bug #1001062)
 	[bullseye] - freerdp2 <no-dsa> (Minor issue)
@@ -137033,20 +137061,20 @@ CVE-2020-14124 (There is a buffer overflow in librsa.so called by getwifipwdurl
 	NOT-FOR-US: Xiaomi
 CVE-2020-14123
 	RESERVED
-CVE-2020-14122
-	RESERVED
-CVE-2020-14121
-	RESERVED
-CVE-2020-14120
-	RESERVED
+CVE-2020-14122 (Some Xiaomi phones have information leakage vulnerabilities, and some  ...)
+	TODO: check
+CVE-2020-14121 (A business logic vulnerability exists in Mi App Store. The vulnerabili ...)
+	TODO: check
+CVE-2020-14120 (Some Xiaomi models have a vulnerability in a certain application. The  ...)
+	TODO: check
 CVE-2020-14119 (There is command injection in the addMeshNode interface of xqnetwork.l ...)
 	NOT-FOR-US: Xiaomi
-CVE-2020-14118
-	RESERVED
-CVE-2020-14117
-	RESERVED
-CVE-2020-14116
-	RESERVED
+CVE-2020-14118 (An intent redirection vulnerability in the Mi App Store product. This  ...)
+	TODO: check
+CVE-2020-14117 (A improper permission configuration vulnerability in Xiaomi Content Ce ...)
+	TODO: check
+CVE-2020-14116 (An intent redirection vulnerability in the Mi Browser product. This vu ...)
+	TODO: check
 CVE-2020-14115 (A command injection vulnerability exists in the Xiaomi Router AX3600.  ...)
 	NOT-FOR-US: Xiaomi
 CVE-2020-14114



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05e09e6c2fa8b78267a2fe7914d180aa393c4f1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05e09e6c2fa8b78267a2fe7914d180aa393c4f1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220421/40dac901/attachment.htm>


More information about the debian-security-tracker-commits mailing list