[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 21 Apr 2022 13:10:39 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
05e09e6c by security tracker role at 2022-04-21T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2022-29565
+       RESERVED
+CVE-2022-29564
+       RESERVED
+CVE-2022-29563
+       RESERVED
+CVE-2022-29562
+       RESERVED
+CVE-2022-29561
+       RESERVED
+CVE-2022-29560
+       RESERVED
+CVE-2022-1426
+       RESERVED
+CVE-2022-1425
+       RESERVED
+CVE-2022-1424
+       RESERVED
+CVE-2022-1423
+       RESERVED
+CVE-2022-1422
+       RESERVED
+CVE-2022-1421
+       RESERVED
+CVE-2022-1420 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim 
prior  ...)
+       TODO: check
+CVE-2021-46784
+       RESERVED
 CVE-2022-29559
        RESERVED
 CVE-2022-29558
@@ -1862,8 +1890,8 @@ CVE-2022-28822
        RESERVED
 CVE-2022-28821
        RESERVED
-CVE-2022-28820
-       RESERVED
+CVE-2022-28820 (ACS Commons version 5.1.x (and earlier) suffers from a 
Reflected Cross ...)
+       TODO: check
 CVE-2022-28819
        RESERVED
 CVE-2022-28818
@@ -1882,7 +1910,7 @@ CVE-2022-28812
        RESERVED
 CVE-2022-28811
        RESERVED
-CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus before 6122 allows an 
authenticat ...)
+CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus before build 6122 allows 
a remote ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2022-28809
        RESERVED
@@ -6189,8 +6217,8 @@ CVE-2022-1024
        RESERVED
 CVE-2022-1023 (The Podcast Importer SecondLine WordPress plugin before 1.3.8 
does not ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-1022
-       RESERVED
+CVE-2022-1022 (Cross-site Scripting (XSS) - Stored in GitHub repository 
chatwoot/chat ...)
+       TODO: check
 CVE-2022-1021
        RESERVED
 CVE-2022-1020 (The Product Table for WooCommerce (wooproducttable) WordPress 
plugin b ...)
@@ -12800,8 +12828,8 @@ CVE-2022-24877
        RESERVED
 CVE-2022-24876
        RESERVED
-CVE-2022-24875
-       RESERVED
+CVE-2022-24875 (The CVEProject/cve-services is an open source project used to 
operate  ...)
+       TODO: check
 CVE-2022-24874 (acs commons is an open source framework for AEM projects. ACS 
Commons  ...)
        NOT-FOR-US: Adobe acs-aem-commons
 CVE-2022-24873
@@ -12810,14 +12838,14 @@ CVE-2022-24872 (Shopware is an open commerce platform 
based on Symfony Framework
        NOT-FOR-US: Shopware
 CVE-2022-24871 (Shopware is an open commerce platform based on Symfony 
Framework and V ...)
        NOT-FOR-US: Shopware
-CVE-2022-24870
-       RESERVED
-CVE-2022-24869
-       RESERVED
-CVE-2022-24868
-       RESERVED
-CVE-2022-24867
-       RESERVED
+CVE-2022-24870 (Combodo iTop is a web based IT Service Management tool. In 
3.0.0 beta  ...)
+       TODO: check
+CVE-2022-24869 (GLPI is a Free Asset and IT Management Software package, that 
provides ...)
+       TODO: check
+CVE-2022-24868 (GLPI is a Free Asset and IT Management Software package, that 
provides ...)
+       TODO: check
+CVE-2022-24867 (GLPI is a Free Asset and IT Management Software package, that 
provides ...)
+       TODO: check
 CVE-2022-24866
        RESERVED
 CVE-2022-24865 (HumHub is an Open Source Enterprise Social Network. In 
affected versio ...)
@@ -14768,8 +14796,8 @@ CVE-2022-24274
        RESERVED
 CVE-2022-24273
        RESERVED
-CVE-2022-24272
-       RESERVED
+CVE-2022-24272 (An authenticated user may trigger an invariant assertion 
during comman ...)
+       TODO: check
 CVE-2022-23400
        RESERVED
 CVE-2022-0435 (A stack overflow flaw was found in the Linux kernel's TIPC 
protocol fu ...)
@@ -18093,8 +18121,8 @@ CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in 
NuGet OrchardCore.Applicat
        NOT-FOR-US: Orchard CMS
 CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...)
        NOT-FOR-US: calibre-web
-CVE-2022-0272
-       RESERVED
+CVE-2022-0272 (Improper Restriction of XML External Entity Reference in GitHub 
reposi ...)
+       TODO: check
 CVE-2022-0271 (The LearnPress WordPress plugin before 4.1.6 does not sanitise 
and esc ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming 
kubernetes im ...)
@@ -21533,10 +21561,10 @@ CVE-2022-22438
        RESERVED
 CVE-2022-22437
        RESERVED
-CVE-2022-22436
-       RESERVED
-CVE-2022-22435
-       RESERVED
+CVE-2022-22436 (IBM Maximo Asset Management 7.6.1.2 is vulnerable to 
cross-site script ...)
+       TODO: check
+CVE-2022-22435 (IBM Maximo Asset Management 7.6.1.2 is vulnerable to 
cross-site script ...)
+       TODO: check
 CVE-2022-22434
        RESERVED
 CVE-2022-22433
@@ -39829,10 +39857,10 @@ CVE-2021-41164 (CKEditor4 is an open source WYSIWYG 
HTML editor. In affected ver
        NOTE: 
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj 
(v4.17.0)
 CVE-2021-41163 (Discourse is an open source platform for community discussion. 
In affe ...)
        NOT-FOR-US: Discourse
-CVE-2021-41162
-       RESERVED
-CVE-2021-41161
-       RESERVED
+CVE-2021-41162 (Combodo iTop is a web based IT Service Management tool. In 
3.0.0 beta  ...)
+       TODO: check
+CVE-2021-41161 (Combodo iTop is a web based IT Service Management tool. In 
versions pr ...)
+       TODO: check
 CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop 
Protocol (RDP), ...)
        - freerdp2 2.4.1+dfsg1-1 (bug #1001062)
        [bullseye] - freerdp2 <no-dsa> (Minor issue)
@@ -137033,20 +137061,20 @@ CVE-2020-14124 (There is a buffer overflow in 
librsa.so called by getwifipwdurl
        NOT-FOR-US: Xiaomi
 CVE-2020-14123
        RESERVED
-CVE-2020-14122
-       RESERVED
-CVE-2020-14121
-       RESERVED
-CVE-2020-14120
-       RESERVED
+CVE-2020-14122 (Some Xiaomi phones have information leakage vulnerabilities, 
and some  ...)
+       TODO: check
+CVE-2020-14121 (A business logic vulnerability exists in Mi App Store. The 
vulnerabili ...)
+       TODO: check
+CVE-2020-14120 (Some Xiaomi models have a vulnerability in a certain 
application. The  ...)
+       TODO: check
 CVE-2020-14119 (There is command injection in the addMeshNode interface of 
xqnetwork.l ...)
        NOT-FOR-US: Xiaomi
-CVE-2020-14118
-       RESERVED
-CVE-2020-14117
-       RESERVED
-CVE-2020-14116
-       RESERVED
+CVE-2020-14118 (An intent redirection vulnerability in the Mi App Store 
product. This  ...)
+       TODO: check
+CVE-2020-14117 (A improper permission configuration vulnerability in Xiaomi 
Content Ce ...)
+       TODO: check
+CVE-2020-14116 (An intent redirection vulnerability in the Mi Browser product. 
This vu ...)
+       TODO: check
 CVE-2020-14115 (A command injection vulnerability exists in the Xiaomi Router 
AX3600.  ...)
        NOT-FOR-US: Xiaomi
 CVE-2020-14114



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05e09e6c2fa8b78267a2fe7914d180aa393c4f1d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05e09e6c2fa8b78267a2fe7914d180aa393c4f1d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to