Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e47dd0fd by security tracker role at 2022-02-26T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2,8 +2,8 @@ CVE-2022-26148
RESERVED
CVE-2022-26147
RESERVED
-CVE-2022-26146
- RESERVED
+CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an
authenticated atta ...)
+ TODO: check
CVE-2022-26145
RESERVED
CVE-2022-26144
@@ -83,12 +83,12 @@ CVE-2022-25995
RESERVED
CVE-2022-0765
RESERVED
-CVE-2022-0764
- RESERVED
-CVE-2022-0763
- RESERVED
-CVE-2022-0762
- RESERVED
+CVE-2022-0764 (Arbitrary Command Injection in GitHub repository strapi/strapi
prior t ...)
+ TODO: check
+CVE-2022-0763 (Cross-site Scripting (XSS) - Stored in GitHub repository
microweber/mi ...)
+ TODO: check
+CVE-2022-0762 (Business Logic Errors in GitHub repository
microweber/microweber prior ...)
+ TODO: check
CVE-2021-4224
RESERVED
CVE-2022-26111
@@ -1120,8 +1120,8 @@ CVE-2022-0725 [logs plain text passwords in system log
when clearing the clipboa
NOTE:
https://sourceforge.net/p/keepass/discussion/329220/thread/33d6afdc/
CVE-2022-0724 (Insecure Storage of Sensitive Information in GitHub repository
microwe ...)
NOT-FOR-US: microweber
-CVE-2022-0723
- RESERVED
+CVE-2022-0723 (Cross-site Scripting (XSS) - Reflected in GitHub repository
microweber ...)
+ TODO: check
CVE-2022-0722
RESERVED
CVE-2022-0721 (Insertion of Sensitive Information Into Debugging Code in
GitHub repos ...)
@@ -3765,6 +3765,7 @@ CVE-2022-0536 (Exposure of Sensitive Information to an
Unauthorized Actor in NPM
CVE-2022-0535
RESERVED
CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the
stack ou ...)
+ {DLA-2928-1}
- htmldoc 1.9.15-1 (unimportant)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/463
NOTE: Fixed by:
https://github.com/michaelrsweet/htmldoc/commit/776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50
(v1.9.15)
@@ -12333,6 +12334,7 @@ CVE-2022-0078
CVE-2021-45959
REJECTED
CVE-2021-45958 (UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer
overflow ...)
+ {DLA-2929-1}
- ujson <unfixed> (bug #1005140)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
NOTE: https://github.com/ultrajson/ultrajson/issues/501
@@ -21317,6 +21319,7 @@ CVE-2021-43581 (An Out-of-Bounds Read vulnerability
exists when reading a U3D fi
CVE-2021-43580
RESERVED
CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC
<= 1.9 ...)
+ {DLA-2928-1}
- htmldoc 1.9.13-1 (unimportant)
[bullseye] - htmldoc 1.9.11-4+deb11u1
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b
(v1.9.13)
@@ -30035,6 +30038,7 @@ CVE-2021-40986 (A remote arbitrary command execution
vulnerability was discovere
CVE-2021-3800
RESERVED
CVE-2021-40985 (Buffer overflow vulnerability in htmldoc before 1.9.12, allows
attacke ...)
+ {DLA-2928-1}
- htmldoc 1.9.13-1 (unimportant)
[bullseye] - htmldoc 1.9.11-4+deb11u1
NOTE: https://github.com/michaelrsweet/htmldoc/issues/444
@@ -93707,8 +93711,8 @@ CVE-2020-27960
RESERVED
CVE-2020-27959
RESERVED
-CVE-2020-27958
- RESERVED
+CVE-2020-27958 (The Job Composer app in Ohio Supercomputer Center Open
OnDemand before ...)
+ TODO: check
CVE-2020-27957 (The RandomGameUnit extension for MediaWiki through 1.35 was
not proper ...)
NOT-FOR-US: MediaWiki extension
CVE-2020-27956 (An Arbitrary File Upload in the Upload Image component in
SourceCodest ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e47dd0fdb27c56e0cfb263b0ac8ecfbfd54a5b02
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e47dd0fdb27c56e0cfb263b0ac8ecfbfd54a5b02
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
