From 631472fdb191b72a320d752c6a16a929c7525488 Mon Sep 17 00:00:00 2001
From: security tracker role <sectracker@soriano.debian.org>
Date: Fri, 18 Feb 2022 08:10:29 +0000
Subject: automatic update

---
 data/CVE/2014.list |  4 ++--
 data/CVE/2021.list | 36 ++++++++++++++++--------------------
 data/CVE/2022.list | 54 +++++++++++++++++++++++++++++++++++++++++++-----------
 3 files changed, 61 insertions(+), 33 deletions(-)

(limited to 'data')

diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 31f1ef6539..118524ff63 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -5195,8 +5195,8 @@ CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtim
 	NOTE: webkit not covered by security support
 CVE-2014-8599
 	RESERVED
-CVE-2014-8597
-	RESERVED
+CVE-2014-8597 (A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.0 ...)
+	TODO: check
 CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow rem ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2014-8595 (arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 6bdc38e0c9..98000e62fb 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -869,18 +869,18 @@ CVE-2021-46321 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to c
 	NOT-FOR-US: Tenda
 CVE-2021-46320 (In OpenZeppelin &lt;=v4.4.0, initializer functions that are invoked se ...)
 	NOT-FOR-US: OpenZeppelin
-CVE-2021-46319
-	RESERVED
+CVE-2021-46319 (Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR- ...)
+	TODO: check
 CVE-2021-46318
 	RESERVED
 CVE-2021-46317
 	RESERVED
 CVE-2021-46316
 	RESERVED
-CVE-2021-46315
-	RESERVED
-CVE-2021-46314
-	RESERVED
+CVE-2021-46315 (Remote Command Execution (RCE) vulnerability exists in HNAP1/control/S ...)
+	TODO: check
+CVE-2021-46314 (A Remote Command Execution (RCE) vulnerability exists in HNAP1/control ...)
+	TODO: check
 CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentat ...)
 	- gpac <unfixed>
 	[bullseye] - gpac <ignored> (Minor issue)
@@ -1402,8 +1402,8 @@ CVE-2021-46110
 	RESERVED
 CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...)
 	NOT-FOR-US: ASUS
-CVE-2021-46108
-	RESERVED
+CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the username parame ...)
+	TODO: check
 CVE-2021-46107
 	RESERVED
 CVE-2021-46106
@@ -3377,8 +3377,8 @@ CVE-2021-45384
 	RESERVED
 CVE-2021-45383
 	RESERVED
-CVE-2021-45382
-	RESERVED
+CVE-2021-45382 (A Remote Command Execution (RCE) vulnerability exists in all series H/ ...)
+	TODO: check
 CVE-2021-45381
 	RESERVED
 CVE-2021-45380 (AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_h ...)
@@ -4250,8 +4250,7 @@ CVE-2021-45052 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and
 	NOT-FOR-US: Adobe
 CVE-2021-45051 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
 	NOT-FOR-US: Adobe
-CVE-2021-4120
-	RESERVED
+CVE-2021-4120 (snapd 2.54.2 fails to perform sufficient validation of snap content in ...)
 	- snapd <unfixed>
 	NOTE: https://bugs.launchpad.net/snapd/+bug/1949368
 CVE-2021-45050
@@ -5151,12 +5150,10 @@ CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory
 	- mbedtls 2.28.0-0.3 (bug #1002631)
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12)
-CVE-2021-44731
-	RESERVED
+CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine binary when  ...)
 	- snapd <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
-CVE-2021-44730
-	RESERVED
+CVE-2021-44730 (snapd 2.54.2 did not properly validate the location of the snap-confin ...)
 	- snapd <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
 CVE-2021-44729
@@ -13057,8 +13054,8 @@ CVE-2021-41601
 	RESERVED
 CVE-2021-41600
 	RESERVED
-CVE-2021-41599
-	RESERVED
+CVE-2021-41599 (A remote code execution vulnerability was identified in GitHub Enterpr ...)
+	TODO: check
 CVE-2021-41598 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...)
 	NOT-FOR-US: GitHub Enterprise Server
 CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote  ...)
@@ -53367,8 +53364,7 @@ CVE-2021-3156 (Sudo before 1.9.5p2 contains an off-by-one error that can result
 	NOTE: https://www.sudo.ws/repos/sudo/rev/09f98816fc89
 	NOTE: https://www.sudo.ws/repos/sudo/rev/c125fbe68783
 	NOTE: https://www.openwall.com/lists/oss-security/2021/01/26/3
-CVE-2021-3155
-	RESERVED
+CVE-2021-3155 (snapd 2.54.2 and earlier created ~/snap directories in user home direc ...)
 	- snapd 2.54-1
 	NOTE: https://github.com/snapcore/snapd/pull/9841
 	NOTE: https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85 (2.52)
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index b5b1e402d4..694a084145 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,10 +1,34 @@
-CVE-2022-25315 [integer overflow in storeRawNames]
+CVE-2022-25323
+	RESERVED
+CVE-2022-25322
+	RESERVED
+CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...)
+	TODO: check
+CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...)
+	TODO: check
+CVE-2022-25319 (An issue was discovered in Cerebrate through 1.4. Endpoints could be o ...)
+	TODO: check
+CVE-2022-25318 (An issue was discovered in Cerebrate through 1.4. An incorrect sharing ...)
+	TODO: check
+CVE-2022-25317 (An issue was discovered in Cerebrate through 1.4. genericForm allows r ...)
+	TODO: check
+CVE-2022-25316
+	RESERVED
+CVE-2022-25312
+	RESERVED
+CVE-2022-21132
+	RESERVED
+CVE-2022-0676
+	RESERVED
+CVE-2022-0675
+	RESERVED
+CVE-2022-25315 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in  ...)
 	- expat <unfixed>
 	NOTE: https://github.com/libexpat/libexpat/pull/559
-CVE-2022-25314 [integer overflow in copyString]
+CVE-2022-25314 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in  ...)
 	- expat <unfixed>
 	NOTE: https://github.com/libexpat/libexpat/pull/560
-CVE-2022-25313 [stack exhaustion in build_model]
+CVE-2022-25313 (In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack ex ...)
 	- expat <unfixed>
 	NOTE: https://github.com/libexpat/libexpat/pull/558
 CVE-2022-25311
@@ -498,48 +522,56 @@ CVE-2022-25147
 	RESERVED
 CVE-2022-0610
 	RESERVED
+	{DSA-5079-1}
 	- chromium 98.0.4758.102-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
 CVE-2022-0609
 	RESERVED
+	{DSA-5079-1}
 	- chromium 98.0.4758.102-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
 CVE-2022-0608
 	RESERVED
+	{DSA-5079-1}
 	- chromium 98.0.4758.102-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
 CVE-2022-0607
 	RESERVED
+	{DSA-5079-1}
 	- chromium 98.0.4758.102-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
 CVE-2022-0606
 	RESERVED
+	{DSA-5079-1}
 	- chromium 98.0.4758.102-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
 CVE-2022-0605
 	RESERVED
+	{DSA-5079-1}
 	- chromium 98.0.4758.102-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
 CVE-2022-0604
 	RESERVED
+	{DSA-5079-1}
 	- chromium 98.0.4758.102-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
 CVE-2022-0603
 	RESERVED
+	{DSA-5079-1}
 	- chromium 98.0.4758.102-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -4575,8 +4607,8 @@ CVE-2022-23648
 	RESERVED
 CVE-2022-23647
 	RESERVED
-CVE-2022-23646
-	RESERVED
+CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...)
+	TODO: check
 CVE-2022-23645
 	RESERVED
 CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...)
@@ -6570,8 +6602,8 @@ CVE-2022-22924
 	RESERVED
 CVE-2022-22923
 	RESERVED
-CVE-2022-22922
-	RESERVED
+CVE-2022-22922 (TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovere ...)
+	TODO: check
 CVE-2022-22921
 	RESERVED
 CVE-2022-22920
@@ -6582,12 +6614,12 @@ CVE-2022-22918
 	RESERVED
 CVE-2022-22917
 	RESERVED
-CVE-2022-22916
-	RESERVED
+CVE-2022-22916 (O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vu ...)
+	TODO: check
 CVE-2022-22915
 	RESERVED
-CVE-2022-22914
-	RESERVED
+CVE-2022-22914 (An incorrect access control issue in the component FileManager of Ovid ...)
+	TODO: check
 CVE-2022-22913
 	RESERVED
 CVE-2022-22912 (Prototype pollution vulnerability via .parse() in Plist before v3.0.4  ...)
-- 
cgit v1.2.3