[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 23 09:10:27 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f7945847 by security tracker role at 2022-04-23T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2022-29598
+	RESERVED
+CVE-2022-29597
+	RESERVED
+CVE-2022-29596
+	RESERVED
+CVE-2022-29595
+	RESERVED
+CVE-2022-29594
+	RESERVED
+CVE-2022-29593
+	RESERVED
+CVE-2022-1441
+	RESERVED
 CVE-2022-29592
 	RESERVED
 CVE-2022-29591
@@ -84,8 +98,8 @@ CVE-2022-29567
 	RESERVED
 CVE-2022-29566 (The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation bec ...)
 	TODO: check
-CVE-2022-1427
-	RESERVED
+CVE-2022-1427 (Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby ...)
+	TODO: check
 CVE-2022-29565
 	RESERVED
 CVE-2022-29564
@@ -4521,10 +4535,10 @@ CVE-2022-1110
 	RESERVED
 CVE-2022-1109
 	RESERVED
-CVE-2022-1108
-	RESERVED
-CVE-2022-1107
-	RESERVED
+CVE-2022-1108 (A potential vulnerability due to improper buffer validation in the SMI ...)
+	TODO: check
+CVE-2022-1107 (A potential vulnerability due to use of Boot Services in the SmmOEMInt ...)
+	TODO: check
 CVE-2022-27947 (NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to ex ...)
 	NOT-FOR-US: NETGEAR
 CVE-2022-27946 (NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to ex ...)
@@ -6066,12 +6080,12 @@ CVE-2022-27344
 	RESERVED
 CVE-2022-27343
 	RESERVED
-CVE-2022-27342
-	RESERVED
-CVE-2022-27341
-	RESERVED
-CVE-2022-27340
-	RESERVED
+CVE-2022-27342 (Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerabil ...)
+	TODO: check
+CVE-2022-27341 (JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
+CVE-2022-27340 (MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/sav ...)
+	TODO: check
 CVE-2022-27339
 	RESERVED
 CVE-2022-27338
@@ -11855,8 +11869,8 @@ CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microwe
 	NOT-FOR-US: microweber
 CVE-2022-0637
 	RESERVED
-CVE-2022-0636
-	RESERVED
+CVE-2022-0636 (A denial of service vulnerability was reported in Lenovo Thin Installe ...)
+	TODO: check
 CVE-2022-0635 (Versions affected: BIND 9.18.0 When a vulnerable version of named rece ...)
 	- bind9 1:9.18.1-1
 	[bullseye] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -12937,7 +12951,8 @@ CVE-2022-24876
 	RESERVED
 CVE-2022-24875 (The CVEProject/cve-services is an open source project used to operate  ...)
 	NOT-FOR-US: CVEProject cve-services
-CVE-2022-24874 (acs commons is an open source framework for AEM projects. ACS Commons  ...)
+CVE-2022-24874
+	REJECTED
 	NOT-FOR-US: Adobe acs-aem-commons
 CVE-2022-24873
 	RESERVED
@@ -16235,16 +16250,16 @@ CVE-2022-21178
 	RESERVED
 CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in NPM simp ...)
 	NOT-FOR-US: simple-get nodejs module
-CVE-2022-0354
-	RESERVED
+CVE-2022-0354 (A vulnerability was reported in Lenovo System Update that could allow  ...)
+	TODO: check
 CVE-2022-0353
 	RESERVED
-CVE-2021-4212
-	RESERVED
-CVE-2021-4211
-	RESERVED
-CVE-2021-4210
-	RESERVED
+CVE-2021-4212 (A potential vulnerability in the SMI callback function used in the Leg ...)
+	TODO: check
+CVE-2021-4211 (A potential vulnerability in the SMI callback function used in the SMB ...)
+	TODO: check
+CVE-2021-4210 (A potential vulnerability in the SMI callback function used in the NVM ...)
+	TODO: check
 CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker coul ...)
 	NOT-FOR-US: Apache ActiveMQ Artemis
 CVE-2022-23912 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does no ...)
@@ -19266,8 +19281,8 @@ CVE-2022-0194
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s para ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-0192
-	RESERVED
+CVE-2022-0192 (A DLL search path vulnerability was reported in Lenovo PCManager prior ...)
+	TODO: check
 CVE-2022-0191
 	RESERVED
 CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...)
@@ -29486,12 +29501,12 @@ CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e
 	NOTE: https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847 (v8.2.3611)
-CVE-2021-3972
-	RESERVED
-CVE-2021-3971
-	RESERVED
-CVE-2021-3970
-	RESERVED
+CVE-2021-3972 (A potential vulnerability by a driver used during manufacturing proces ...)
+	TODO: check
+CVE-2021-3971 (A potential vulnerability by a driver used during older manufacturing  ...)
+	TODO: check
+CVE-2021-3970 (A potential vulnerability in LenovoVariable SMI Handler due to insuffi ...)
+	TODO: check
 CVE-2021-3969
 	RESERVED
 CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
@@ -34590,10 +34605,10 @@ CVE-2021-42848
 	RESERVED
 CVE-2021-3899
 	RESERVED
-CVE-2021-3898
-	RESERVED
-CVE-2021-3897
-	RESERVED
+CVE-2021-3898 (Versions of Motorola Ready For and Motorola Device Help Android applic ...)
+	TODO: check
+CVE-2021-3897 (An authentication bypass vulnerability was discovered in an internal s ...)
+	TODO: check
 CVE-2021-42847 (Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write t ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-42846
@@ -38249,8 +38264,8 @@ CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository ad
 	NOTE: https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29 (v5.20.21)
 	NOTE: https://github.com/ADOdb/ADOdb/security/advisories/GHSA-65mj-7c86-79jf
 	NOTE: https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c/
-CVE-2021-3849
-	RESERVED
+CVE-2021-3849 (An authentication bypass vulnerability was discovered in the web inter ...)
+	TODO: check
 CVE-2021-41850 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A p ...)
 	NOT-FOR-US: Luna Simo
 CVE-2021-41849 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It  ...)
@@ -44603,10 +44618,10 @@ CVE-2021-39292
 	RESERVED
 CVE-2021-3723 (A command injection vulnerability was reported in the Integrated Manag ...)
 	NOT-FOR-US: IBM
-CVE-2021-3722
-	RESERVED
-CVE-2021-3721
-	RESERVED
+CVE-2021-3722 (A denial of service vulnerability was reported in Lenovo PCManager pri ...)
+	TODO: check
+CVE-2021-3721 (A denial of service vulnerability was reported in Lenovo PCManager pri ...)
+	TODO: check
 CVE-2021-3720 (An information disclosure vulnerability was reported in the Time Weath ...)
 	NOT-FOR-US: Lenovo
 CVE-2021-3719 (A potential vulnerability in the SMI callback function that saves and  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7945847c88992f13baf6d0ccaf4d6bb659056f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7945847c88992f13baf6d0ccaf4d6bb659056f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220423/53471620/attachment.htm>

More information about the debian-security-tracker-commits mailing list