Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8af7954e by security tracker role at 2022-01-31T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,289 @@
+CVE-2022-24271
+ RESERVED
+CVE-2022-24270
+ RESERVED
+CVE-2022-24269
+ RESERVED
+CVE-2022-24268
+ RESERVED
+CVE-2022-24267
+ RESERVED
+CVE-2022-24266
+ RESERVED
+CVE-2022-24265
+ RESERVED
+CVE-2022-24264
+ RESERVED
+CVE-2022-24263
+ RESERVED
+CVE-2022-24262
+ RESERVED
+CVE-2022-24261
+ RESERVED
+CVE-2022-24260
+ RESERVED
+CVE-2022-24259
+ RESERVED
+CVE-2022-24258
+ RESERVED
+CVE-2022-24257
+ RESERVED
+CVE-2022-24256
+ RESERVED
+CVE-2022-24255
+ RESERVED
+CVE-2022-24254
+ RESERVED
+CVE-2022-24253
+ RESERVED
+CVE-2022-24252
+ RESERVED
+CVE-2022-24251
+ RESERVED
+CVE-2022-24250
+ RESERVED
+CVE-2022-24249
+ RESERVED
+CVE-2022-24248
+ RESERVED
+CVE-2022-24247
+ RESERVED
+CVE-2022-24246
+ RESERVED
+CVE-2022-24245
+ RESERVED
+CVE-2022-24244
+ RESERVED
+CVE-2022-24243
+ RESERVED
+CVE-2022-24242
+ RESERVED
+CVE-2022-24241
+ RESERVED
+CVE-2022-24240
+ RESERVED
+CVE-2022-24239
+ RESERVED
+CVE-2022-24238
+ RESERVED
+CVE-2022-24237
+ RESERVED
+CVE-2022-24236
+ RESERVED
+CVE-2022-24235
+ RESERVED
+CVE-2022-24234
+ RESERVED
+CVE-2022-24233
+ RESERVED
+CVE-2022-24232
+ RESERVED
+CVE-2022-24231
+ RESERVED
+CVE-2022-24230
+ RESERVED
+CVE-2022-24229
+ RESERVED
+CVE-2022-24228
+ RESERVED
+CVE-2022-24227
+ RESERVED
+CVE-2022-24226
+ RESERVED
+CVE-2022-24225
+ RESERVED
+CVE-2022-24224
+ RESERVED
+CVE-2022-24223
+ RESERVED
+CVE-2022-24222
+ RESERVED
+CVE-2022-24221
+ RESERVED
+CVE-2022-24220
+ RESERVED
+CVE-2022-24219
+ RESERVED
+CVE-2022-24218
+ RESERVED
+CVE-2022-24217
+ RESERVED
+CVE-2022-24216
+ RESERVED
+CVE-2022-24215
+ RESERVED
+CVE-2022-24214
+ RESERVED
+CVE-2022-24213
+ RESERVED
+CVE-2022-24212
+ RESERVED
+CVE-2022-24211
+ RESERVED
+CVE-2022-24210
+ RESERVED
+CVE-2022-24209
+ RESERVED
+CVE-2022-24208
+ RESERVED
+CVE-2022-24207
+ RESERVED
+CVE-2022-24206
+ RESERVED
+CVE-2022-24205
+ RESERVED
+CVE-2022-24204
+ RESERVED
+CVE-2022-24203
+ RESERVED
+CVE-2022-24202
+ RESERVED
+CVE-2022-24201
+ RESERVED
+CVE-2022-24200
+ RESERVED
+CVE-2022-24199
+ RESERVED
+CVE-2022-24198
+ RESERVED
+CVE-2022-24197
+ RESERVED
+CVE-2022-24196
+ RESERVED
+CVE-2022-24195
+ RESERVED
+CVE-2022-24194
+ RESERVED
+CVE-2022-24193
+ RESERVED
+CVE-2022-24192
+ RESERVED
+CVE-2022-24191
+ RESERVED
+CVE-2022-24190
+ RESERVED
+CVE-2022-24189
+ RESERVED
+CVE-2022-24188
+ RESERVED
+CVE-2022-24187
+ RESERVED
+CVE-2022-24186
+ RESERVED
+CVE-2022-24185
+ RESERVED
+CVE-2022-24184
+ RESERVED
+CVE-2022-24183
+ RESERVED
+CVE-2022-24182
+ RESERVED
+CVE-2022-24181
+ RESERVED
+CVE-2022-24180
+ RESERVED
+CVE-2022-24179
+ RESERVED
+CVE-2022-24178
+ RESERVED
+CVE-2022-24177
+ RESERVED
+CVE-2022-24176
+ RESERVED
+CVE-2022-24175
+ RESERVED
+CVE-2022-24174
+ RESERVED
+CVE-2022-24173
+ RESERVED
+CVE-2022-24172
+ RESERVED
+CVE-2022-24171
+ RESERVED
+CVE-2022-24170
+ RESERVED
+CVE-2022-24169
+ RESERVED
+CVE-2022-24168
+ RESERVED
+CVE-2022-24167
+ RESERVED
+CVE-2022-24166
+ RESERVED
+CVE-2022-24165
+ RESERVED
+CVE-2022-24164
+ RESERVED
+CVE-2022-24163
+ RESERVED
+CVE-2022-24162
+ RESERVED
+CVE-2022-24161
+ RESERVED
+CVE-2022-24160
+ RESERVED
+CVE-2022-24159
+ RESERVED
+CVE-2022-24158
+ RESERVED
+CVE-2022-24157
+ RESERVED
+CVE-2022-24156
+ RESERVED
+CVE-2022-24155
+ RESERVED
+CVE-2022-24154
+ RESERVED
+CVE-2022-24153
+ RESERVED
+CVE-2022-24152
+ RESERVED
+CVE-2022-24151
+ RESERVED
+CVE-2022-24150
+ RESERVED
+CVE-2022-24149
+ RESERVED
+CVE-2022-24148
+ RESERVED
+CVE-2022-24147
+ RESERVED
+CVE-2022-24146
+ RESERVED
+CVE-2022-24145
+ RESERVED
+CVE-2022-24144
+ RESERVED
+CVE-2022-24143
+ RESERVED
+CVE-2022-24142
+ RESERVED
+CVE-2022-24141
+ RESERVED
+CVE-2022-24140
+ RESERVED
+CVE-2022-24139
+ RESERVED
+CVE-2022-24138
+ RESERVED
+CVE-2022-24137
+ RESERVED
+CVE-2022-24136
+ RESERVED
+CVE-2022-24135
+ RESERVED
+CVE-2022-24134
+ RESERVED
+CVE-2022-24133
+ RESERVED
+CVE-2022-24132
+ RESERVED
+CVE-2022-24131
+ RESERVED
+CVE-2022-21170
+ RESERVED
+CVE-2022-0419
+ RESERVED
CVE-2022-0418
RESERVED
CVE-2022-0417
@@ -6,7 +292,7 @@ CVE-2022-0416
RESERVED
CVE-2022-0415
RESERVED
-CVE-2022-24130 [xterm buffer overflow via crafted sixel]
+CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows
attacke ...)
- xterm <unfixed>
NOTE: https://twitter.com/nickblack/status/1487731459398025216
NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/2
@@ -637,6 +923,7 @@ CVE-2022-23992
CVE-2022-23991
RESERVED
CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in
the doPro ...)
+ {DLA-2904-1}
- expat 2.4.3-3
NOTE: https://github.com/libexpat/libexpat/pull/551
CVE-2022-23989
@@ -1358,6 +1645,7 @@ CVE-2022-23854
CVE-2022-23853
RESERVED
CVE-2022-23852 (Expat (aka libexpat) before 2.4.4 has a signed integer
overflow in XML ...)
+ {DLA-2904-1}
- expat 2.4.3-2
NOTE: https://github.com/libexpat/libexpat/pull/550
CVE-2022-23851
@@ -2530,8 +2818,8 @@ CVE-2022-23411
RESERVED
CVE-2022-23410
RESERVED
-CVE-2022-23409
- RESERVED
+CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote
attackers to ...)
+ TODO: check
CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain
situatio ...)
- wolfssl <unfixed> (bug #1004181)
[bullseye] - wolfssl <not-affected> (Vulnerable code introduced later)
@@ -4656,26 +4944,32 @@ CVE-2022-0156 (vim is vulnerable to Use After Free ...)
NOTE: https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36
NOTE:
https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f
(v8.2.4040)
CVE-2022-22827 (storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3
has an in ...)
+ {DLA-2904-1}
- expat 2.4.3-1 (bug #1003474)
NOTE: https://github.com/libexpat/libexpat/pull/539
NOTE:
https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
CVE-2022-22826 (nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before
2.4.3 ha ...)
+ {DLA-2904-1}
- expat 2.4.3-1 (bug #1003474)
NOTE: https://github.com/libexpat/libexpat/pull/539
NOTE:
https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
CVE-2022-22825 (lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has
an integ ...)
+ {DLA-2904-1}
- expat 2.4.3-1 (bug #1003474)
NOTE: https://github.com/libexpat/libexpat/pull/539
NOTE:
https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
CVE-2022-22824 (defineAttribute in xmlparse.c in Expat (aka libexpat) before
2.4.3 has ...)
+ {DLA-2904-1}
- expat 2.4.3-1 (bug #1003474)
NOTE: https://github.com/libexpat/libexpat/pull/539
NOTE:
https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
CVE-2022-22823 (build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3
has an ...)
+ {DLA-2904-1}
- expat 2.4.3-1 (bug #1003474)
NOTE: https://github.com/libexpat/libexpat/pull/539
NOTE:
https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3
has an i ...)
+ {DLA-2904-1}
- expat 2.4.3-1 (bug #1003474)
NOTE: https://github.com/libexpat/libexpat/pull/539
NOTE:
https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
@@ -5177,6 +5471,7 @@ CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1
were found to contain a
CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a
replay atta ...)
NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles
CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before
2.4.3, an int ...)
+ {DLA-2904-1}
- expat 2.4.3-1
NOTE: https://github.com/libexpat/libexpat/issues/532
NOTE: https://github.com/libexpat/libexpat/pull/538
@@ -6623,6 +6918,7 @@ CVE-2022-0080 (mruby is vulnerable to Heap-based Buffer
Overflow ...)
NOTE: https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e/
NOTE:
https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6
CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or
more) pla ...)
+ {DLA-2904-1}
- expat 2.4.3-1 (bug #1002994)
[bullseye] - expat <no-dsa> (Minor issue; can be fixed via point
release)
[buster] - expat <no-dsa> (Minor issue; can be fixed via point release)
@@ -56838,8 +57134,8 @@ CVE-2021-27973 (SQL injection exists in Piwigo before
11.4.0 via the language pa
- piwigo <removed>
CVE-2021-27972
RESERVED
-CVE-2021-27971
- RESERVED
+CVE-2021-27971 (Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to
DLL Injec ...)
+ TODO: check
CVE-2021-27970
RESERVED
CVE-2021-27969 (Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page
Builder "wi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8af7954ec11fa92c6ad9a4c0f845f3b1a3281f30
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8af7954ec11fa92c6ad9a4c0f845f3b1a3281f30
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
