Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02084dc9 by security tracker role at 2022-02-19T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2022-25368
+ RESERVED
+CVE-2022-0690 (Cross-site Scripting (XSS) - Reflected in Packagist
microweber/microwe ...)
+ TODO: check
+CVE-2022-0689 (Use multiple time the one-time coupon in Packagist
microweber/microweb ...)
+ TODO: check
+CVE-2022-0688
+ RESERVED
+CVE-2022-0687
+ RESERVED
+CVE-2022-0686
+ RESERVED
+CVE-2022-0685
+ RESERVED
+CVE-2022-0684
+ RESERVED
+CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called
from six ...)
+ TODO: check
+CVE-2021-4222
+ RESERVED
CVE-2022-25367
RESERVED
CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because,
although it ...)
@@ -96,8 +116,8 @@ CVE-2022-0680
RESERVED
CVE-2022-0679
RESERVED
-CVE-2022-0678
- RESERVED
+CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist
microweber/microwe ...)
+ TODO: check
CVE-2022-0677
RESERVED
CVE-2021-4221
@@ -375,12 +395,12 @@ CVE-2022-0634
RESERVED
CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium
before ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0632
- RESERVED
+CVE-2022-0632 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
+ TODO: check
CVE-2022-0631 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...)
TODO: check
-CVE-2022-0630
- RESERVED
+CVE-2022-0630 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
+ TODO: check
CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
TODO: check
CVE-2022-0628
@@ -6160,10 +6180,10 @@ CVE-2022-23378 (A Cross-Site Scripting (XSS)
vulnerability exists within the 3.2
NOT-FOR-US: TastyIgniter
CVE-2022-23377
RESERVED
-CVE-2022-23376
- RESERVED
-CVE-2022-23375
- RESERVED
+CVE-2022-23376 (WikiDocs version 0.1.18 has multiple reflected XSS
vulnerabilities on ...)
+ TODO: check
+CVE-2022-23375 (WikiDocs version 0.1.18 has an authenticated remote code
execution vul ...)
+ TODO: check
CVE-2022-23374
RESERVED
CVE-2022-23373
@@ -9069,6 +9089,7 @@ CVE-2022-22621
RESERVED
CVE-2022-22620 [A use after free issue was addressed with improved memory
management]
RESERVED
+ {DSA-5084-1 DSA-5083-1}
- webkit2gtk 2.34.6-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.6-1
@@ -9136,6 +9157,7 @@ CVE-2022-22591
RESERVED
CVE-2022-22589 [A validation issue was addressed with improved input
sanitization]
RESERVED
+ {DSA-5084-1 DSA-5083-1}
- webkit2gtk 2.34.5-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.5-1
@@ -17338,6 +17360,7 @@ CVE-2022-21714
CVE-2022-21713 (Grafana is an open-source platform for monitoring and
observability. A ...)
- grafana <removed>
CVE-2022-21712 (twisted is an event-driven networking engine written in
Python. In aff ...)
+ {DLA-2927-1}
- twisted 22.1.0-1
[bullseye] - twisted <no-dsa> (Minor issue)
[buster] - twisted <no-dsa> (Minor issue)
@@ -73849,6 +73872,7 @@ CVE-2021-22591
RESERVED
CVE-2022-22590 [A use after free issue was addressed with improved memory
management]
RESERVED
+ {DSA-5084-1 DSA-5083-1}
- webkit2gtk 2.34.5-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.5-1
@@ -104992,6 +105016,7 @@ CVE-2020-22593
RESERVED
CVE-2022-22592 [A logic issue was addressed with improved state management]
RESERVED
+ {DSA-5084-1 DSA-5083-1}
- webkit2gtk 2.34.5-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.5-1
@@ -136619,13 +136644,13 @@ CVE-2020-10111 (** DISPUTED ** Citrix Gateway 11.1,
12.0, and 12.1 has an Incons
CVE-2020-10110 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows
Information ...)
NOT-FOR-US: Citrix
CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request
splitting vu ...)
- {DLA-2145-1}
+ {DLA-2927-1 DLA-2145-1}
- twisted 18.9.0-7 (bug #953950)
[buster] - twisted <no-dsa> (Minor issue)
NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
NOTE:
https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request
splitting vu ...)
- {DLA-2145-1}
+ {DLA-2927-1 DLA-2145-1}
- twisted 18.9.0-7 (bug #953950)
[buster] - twisted <no-dsa> (Minor issue)
NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
@@ -352725,8 +352750,7 @@ CVE-2016-1240 (The Tomcat init script in the tomcat7
package before 7.0.56-3+deb
- tomcat7 7.0.70-3
- tomcat6 6.0.41-3
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
-CVE-2016-1239 [loads arbitrary code from the current untrusted directory]
- RESERVED
+CVE-2016-1239 (duck before 0.10 did not properly handle loading of untrusted
code fro ...)
- duck 0.10
[jessie] - duck 0.7+deb8u1
NOTE:
https://salsa.debian.org/debian/duck/-/commit/b43b5bbf07973c54b8f1c581a941f4facc97177a
(0.10)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02084dc97b1013ce97e12ae75e54cc46b45bcf59
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02084dc97b1013ce97e12ae75e54cc46b45bcf59
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
