[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jan 31 08:10:55 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8af7954e by security tracker role at 2022-01-31T08:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,289 @@
+CVE-2022-24271
+	RESERVED
+CVE-2022-24270
+	RESERVED
+CVE-2022-24269
+	RESERVED
+CVE-2022-24268
+	RESERVED
+CVE-2022-24267
+	RESERVED
+CVE-2022-24266
+	RESERVED
+CVE-2022-24265
+	RESERVED
+CVE-2022-24264
+	RESERVED
+CVE-2022-24263
+	RESERVED
+CVE-2022-24262
+	RESERVED
+CVE-2022-24261
+	RESERVED
+CVE-2022-24260
+	RESERVED
+CVE-2022-24259
+	RESERVED
+CVE-2022-24258
+	RESERVED
+CVE-2022-24257
+	RESERVED
+CVE-2022-24256
+	RESERVED
+CVE-2022-24255
+	RESERVED
+CVE-2022-24254
+	RESERVED
+CVE-2022-24253
+	RESERVED
+CVE-2022-24252
+	RESERVED
+CVE-2022-24251
+	RESERVED
+CVE-2022-24250
+	RESERVED
+CVE-2022-24249
+	RESERVED
+CVE-2022-24248
+	RESERVED
+CVE-2022-24247
+	RESERVED
+CVE-2022-24246
+	RESERVED
+CVE-2022-24245
+	RESERVED
+CVE-2022-24244
+	RESERVED
+CVE-2022-24243
+	RESERVED
+CVE-2022-24242
+	RESERVED
+CVE-2022-24241
+	RESERVED
+CVE-2022-24240
+	RESERVED
+CVE-2022-24239
+	RESERVED
+CVE-2022-24238
+	RESERVED
+CVE-2022-24237
+	RESERVED
+CVE-2022-24236
+	RESERVED
+CVE-2022-24235
+	RESERVED
+CVE-2022-24234
+	RESERVED
+CVE-2022-24233
+	RESERVED
+CVE-2022-24232
+	RESERVED
+CVE-2022-24231
+	RESERVED
+CVE-2022-24230
+	RESERVED
+CVE-2022-24229
+	RESERVED
+CVE-2022-24228
+	RESERVED
+CVE-2022-24227
+	RESERVED
+CVE-2022-24226
+	RESERVED
+CVE-2022-24225
+	RESERVED
+CVE-2022-24224
+	RESERVED
+CVE-2022-24223
+	RESERVED
+CVE-2022-24222
+	RESERVED
+CVE-2022-24221
+	RESERVED
+CVE-2022-24220
+	RESERVED
+CVE-2022-24219
+	RESERVED
+CVE-2022-24218
+	RESERVED
+CVE-2022-24217
+	RESERVED
+CVE-2022-24216
+	RESERVED
+CVE-2022-24215
+	RESERVED
+CVE-2022-24214
+	RESERVED
+CVE-2022-24213
+	RESERVED
+CVE-2022-24212
+	RESERVED
+CVE-2022-24211
+	RESERVED
+CVE-2022-24210
+	RESERVED
+CVE-2022-24209
+	RESERVED
+CVE-2022-24208
+	RESERVED
+CVE-2022-24207
+	RESERVED
+CVE-2022-24206
+	RESERVED
+CVE-2022-24205
+	RESERVED
+CVE-2022-24204
+	RESERVED
+CVE-2022-24203
+	RESERVED
+CVE-2022-24202
+	RESERVED
+CVE-2022-24201
+	RESERVED
+CVE-2022-24200
+	RESERVED
+CVE-2022-24199
+	RESERVED
+CVE-2022-24198
+	RESERVED
+CVE-2022-24197
+	RESERVED
+CVE-2022-24196
+	RESERVED
+CVE-2022-24195
+	RESERVED
+CVE-2022-24194
+	RESERVED
+CVE-2022-24193
+	RESERVED
+CVE-2022-24192
+	RESERVED
+CVE-2022-24191
+	RESERVED
+CVE-2022-24190
+	RESERVED
+CVE-2022-24189
+	RESERVED
+CVE-2022-24188
+	RESERVED
+CVE-2022-24187
+	RESERVED
+CVE-2022-24186
+	RESERVED
+CVE-2022-24185
+	RESERVED
+CVE-2022-24184
+	RESERVED
+CVE-2022-24183
+	RESERVED
+CVE-2022-24182
+	RESERVED
+CVE-2022-24181
+	RESERVED
+CVE-2022-24180
+	RESERVED
+CVE-2022-24179
+	RESERVED
+CVE-2022-24178
+	RESERVED
+CVE-2022-24177
+	RESERVED
+CVE-2022-24176
+	RESERVED
+CVE-2022-24175
+	RESERVED
+CVE-2022-24174
+	RESERVED
+CVE-2022-24173
+	RESERVED
+CVE-2022-24172
+	RESERVED
+CVE-2022-24171
+	RESERVED
+CVE-2022-24170
+	RESERVED
+CVE-2022-24169
+	RESERVED
+CVE-2022-24168
+	RESERVED
+CVE-2022-24167
+	RESERVED
+CVE-2022-24166
+	RESERVED
+CVE-2022-24165
+	RESERVED
+CVE-2022-24164
+	RESERVED
+CVE-2022-24163
+	RESERVED
+CVE-2022-24162
+	RESERVED
+CVE-2022-24161
+	RESERVED
+CVE-2022-24160
+	RESERVED
+CVE-2022-24159
+	RESERVED
+CVE-2022-24158
+	RESERVED
+CVE-2022-24157
+	RESERVED
+CVE-2022-24156
+	RESERVED
+CVE-2022-24155
+	RESERVED
+CVE-2022-24154
+	RESERVED
+CVE-2022-24153
+	RESERVED
+CVE-2022-24152
+	RESERVED
+CVE-2022-24151
+	RESERVED
+CVE-2022-24150
+	RESERVED
+CVE-2022-24149
+	RESERVED
+CVE-2022-24148
+	RESERVED
+CVE-2022-24147
+	RESERVED
+CVE-2022-24146
+	RESERVED
+CVE-2022-24145
+	RESERVED
+CVE-2022-24144
+	RESERVED
+CVE-2022-24143
+	RESERVED
+CVE-2022-24142
+	RESERVED
+CVE-2022-24141
+	RESERVED
+CVE-2022-24140
+	RESERVED
+CVE-2022-24139
+	RESERVED
+CVE-2022-24138
+	RESERVED
+CVE-2022-24137
+	RESERVED
+CVE-2022-24136
+	RESERVED
+CVE-2022-24135
+	RESERVED
+CVE-2022-24134
+	RESERVED
+CVE-2022-24133
+	RESERVED
+CVE-2022-24132
+	RESERVED
+CVE-2022-24131
+	RESERVED
+CVE-2022-21170
+	RESERVED
+CVE-2022-0419
+	RESERVED
 CVE-2022-0418
 	RESERVED
 CVE-2022-0417
@@ -6,7 +292,7 @@ CVE-2022-0416
 	RESERVED
 CVE-2022-0415
 	RESERVED
-CVE-2022-24130 [xterm buffer overflow via crafted sixel]
+CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows attacke ...)
 	- xterm <unfixed>
 	NOTE: https://twitter.com/nickblack/status/1487731459398025216
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/2
@@ -637,6 +923,7 @@ CVE-2022-23992
 CVE-2022-23991
 	RESERVED
 CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro ...)
+	{DLA-2904-1}
 	- expat 2.4.3-3
 	NOTE: https://github.com/libexpat/libexpat/pull/551
 CVE-2022-23989
@@ -1358,6 +1645,7 @@ CVE-2022-23854
 CVE-2022-23853
 	RESERVED
 CVE-2022-23852 (Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML ...)
+	{DLA-2904-1}
 	- expat 2.4.3-2
 	NOTE: https://github.com/libexpat/libexpat/pull/550
 CVE-2022-23851
@@ -2530,8 +2818,8 @@ CVE-2022-23411
 	RESERVED
 CVE-2022-23410
 	RESERVED
-CVE-2022-23409
-	RESERVED
+CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to  ...)
+	TODO: check
 CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situatio ...)
 	- wolfssl <unfixed> (bug #1004181)
 	[bullseye] - wolfssl <not-affected> (Vulnerable code introduced later)
@@ -4656,26 +4944,32 @@ CVE-2022-0156 (vim is vulnerable to Use After Free ...)
 	NOTE: https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36
 	NOTE: https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f (v8.2.4040)
 CVE-2022-22827 (storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an in ...)
+	{DLA-2904-1}
 	- expat 2.4.3-1 (bug #1003474)
 	NOTE: https://github.com/libexpat/libexpat/pull/539
 	NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
 CVE-2022-22826 (nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha ...)
+	{DLA-2904-1}
 	- expat 2.4.3-1 (bug #1003474)
 	NOTE: https://github.com/libexpat/libexpat/pull/539
 	NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
 CVE-2022-22825 (lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integ ...)
+	{DLA-2904-1}
 	- expat 2.4.3-1 (bug #1003474)
 	NOTE: https://github.com/libexpat/libexpat/pull/539
 	NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
 CVE-2022-22824 (defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has ...)
+	{DLA-2904-1}
 	- expat 2.4.3-1 (bug #1003474)
 	NOTE: https://github.com/libexpat/libexpat/pull/539
 	NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
 CVE-2022-22823 (build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an  ...)
+	{DLA-2904-1}
 	- expat 2.4.3-1 (bug #1003474)
 	NOTE: https://github.com/libexpat/libexpat/pull/539
 	NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
 CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an i ...)
+	{DLA-2904-1}
 	- expat 2.4.3-1 (bug #1003474)
 	NOTE: https://github.com/libexpat/libexpat/pull/539
 	NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
@@ -5177,6 +5471,7 @@ CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a
 CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...)
 	NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles
 CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...)
+	{DLA-2904-1}
 	- expat 2.4.3-1
 	NOTE: https://github.com/libexpat/libexpat/issues/532
 	NOTE: https://github.com/libexpat/libexpat/pull/538
@@ -6623,6 +6918,7 @@ CVE-2022-0080 (mruby is vulnerable to Heap-based Buffer Overflow ...)
 	NOTE: https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e/
 	NOTE: https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6
 CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) pla ...)
+	{DLA-2904-1}
 	- expat 2.4.3-1 (bug #1002994)
 	[bullseye] - expat <no-dsa> (Minor issue; can be fixed via point release)
 	[buster] - expat <no-dsa> (Minor issue; can be fixed via point release)
@@ -56838,8 +57134,8 @@ CVE-2021-27973 (SQL injection exists in Piwigo before 11.4.0 via the language pa
 	- piwigo <removed>
 CVE-2021-27972
 	RESERVED
-CVE-2021-27971
-	RESERVED
+CVE-2021-27971 (Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injec ...)
+	TODO: check
 CVE-2021-27970
 	RESERVED
 CVE-2021-27969 (Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "wi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8af7954ec11fa92c6ad9a4c0f845f3b1a3281f30

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8af7954ec11fa92c6ad9a4c0f845f3b1a3281f30
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220131/34715859/attachment-0001.htm>
