[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) Wed, 06 Apr 2022 06:33:44 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
911e981a by Moritz Muehlenhoff at 2022-04-06T15:33:08+02:00
new gitlab issues
usbguard fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1131,11 +1131,11 @@ CVE-2022-28224
 CVE-2022-1191 (SSRF on index.php/cobrowse/proxycss/ in GitHub repository 
livehelperch ...)
        NOT-FOR-US: livehelperchat
 CVE-2022-1190 (Improper handling of user input in GitLab CE/EE versions 8.3 
prior to  ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2022-1189 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2022-1188 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2022-1187
        RESERVED
 CVE-2022-1186
@@ -1149,7 +1149,7 @@ CVE-2022-28221
 CVE-2022-28220
        RESERVED
 CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in 
GitLab  ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2022-1184
        RESERVED
 CVE-2022-1183
@@ -1169,9 +1169,9 @@ CVE-2022-1177 (Accounting User Can Download Patient 
Reports in openemr in GitHub
 CVE-2022-1176 (Loose comparison causes IDOR on multiple endpoints in GitHub 
repositor ...)
        NOT-FOR-US: livehelperchat
 CVE-2022-1175 (Improper neutralization of user input in GitLab CE/EE versions 
14.4 be ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE 
versions  ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2022-1173
        RESERVED
 CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub 
repositor ...)
@@ -1190,7 +1190,7 @@ CVE-2022-1169 (There is a XSS vulnerability in Careerfy. 
...)
 CVE-2022-1168 (There is a Cross-Site Scripting vulnerability in the JobSearch 
WP JobS ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1167 (There are unauthenticated reflected Cross-Site Scripting (XSS) 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1166 (The JobMonster Theme was vulnerable to Directory Listing in the 
/wp-co ...)
        NOT-FOR-US: Wordpress theme
 CVE-2022-1165 (The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses 
headers  ...)
@@ -1438,7 +1438,7 @@ CVE-2022-28130
 CVE-2022-28129
        RESERVED
 CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab 
CE/EE affe ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2022-1147
        RESERVED
 CVE-2022-1146
@@ -1586,9 +1586,9 @@ CVE-2022-1122 (A flaw was found in the opj2_decompress 
program in openjpeg2 2.4.
        NOTE: https://github.com/uclouvain/openjpeg/issues/1368
        NOTE: 
https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
 CVE-2022-1121 (A lack of appropriate timeouts in GitLab Pages included in 
GitLab CE/E ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2022-1120 (Missing filtering in an error message in GitLab CE/EE affecting 
all ve ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2022-1119
        RESERVED
 CVE-2022-1118
@@ -1616,7 +1616,7 @@ CVE-2022-1113
 CVE-2022-1112
        RESERVED
 CVE-2022-1111 (A business logic error in Project Import in GitLab CE/EE 
versions 14.9 ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2020-36520
        RESERVED
 CVE-2022-28125
@@ -2043,7 +2043,7 @@ CVE-2022-1106 (use after free in mrb_vm_exec in GitHub 
repository mruby/mruby pr
        NOTE: 
https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c
        NOTE: Vulnerable code introduced in 
https://github.com/mruby/mruby/commit/b137eb2678cfba8d6ffcddff5326ebe8eb7f6a24 
(3.1.0-rc2)
 CVE-2022-1105 (An improper access control vulnerability in GitLab CE/EE 
affecting all ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2022-1104
        RESERVED
 CVE-2022-1103
@@ -7591,7 +7591,7 @@ CVE-2022-0743 (Cross-site Scripting (XSS) - Stored in 
GitHub repository getgrav/
        NOT-FOR-US: Grav CMS
 CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems 
with the  ...)
        [experimental] - usbguard 1.1.0+ds-1
-       - usbguard <unfixed> (bug #1008026)
+       - usbguard 1.1.0+ds-2 (bug #1008026)
        NOTE: https://github.com/USBGuard/usbguard/issues/273
        NOTE: https://github.com/USBGuard/usbguard/issues/403
        NOTE: https://github.com/USBGuard/usbguard/pull/531



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/911e981a774cb160a8cfee0f2096cdb03f7c7cc0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/911e981a774cb160a8cfee0f2096cdb03f7c7cc0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new gitlab issues

Reply via email to