Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b5ff5faf by Moritz Muehlenhoff at 2022-04-27T16:59:50+02:00
new htmldoc non issue
new gitlab issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4392,7 +4392,7 @@ CVE-2022-1175 (Improper neutralization of user input in
GitLab CE/EE versions 14
CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE
versions ...)
- gitlab <unfixed>
CVE-2022-1173 (stored xss in GitHub repository getgrav/grav prior to 1.7.33.
...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub
repositor ...)
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
@@ -4932,7 +4932,10 @@ CVE-2022-28087
CVE-2022-28086
RESERVED
CVE-2022-28085 (A flaw was found in htmldoc commit 31f7804. A heap buffer
overflow in ...)
- TODO: check
+ - htmldoc <unfixed> (unimportant)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/480
+ NOTE:
https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-28084
RESERVED
CVE-2022-28083
@@ -15386,7 +15389,7 @@ CVE-2022-0479 (The Popup Builder WordPress plugin
before 4.1.1 does not sanitise
CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress
plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0477 (An issue has been discovered in GitLab affecting all versions
starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior
to 5.6. ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d
@@ -15726,7 +15729,7 @@ CVE-2022-0427 (Missing sanitization of HTML attributes
in Jupyter notebooks in a
CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before
11.2.3 do ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0425 (A DNS rebinding vulnerability in the Irker IRC Gateway
integration in ...)
- TODO: check
+ NOT-FOR-US: Irker
CVE-2022-0424
RESERVED
CVE-2022-0423 (The 3D FlipBook WordPress plugin before 1.12.1 does not have
authorisa ...)
@@ -43931,7 +43934,7 @@ CVE-2021-39910 (An issue has been discovered in GitLab
CE/EE affecting all versi
CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS
feature ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-39908 (In all versions of GitLab CE/EE, certain Unicode characters
can be abu ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE
starting ...)
- gitlab <unfixed>
CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version
13.5 and ab ...)
@@ -43999,7 +44002,7 @@ CVE-2021-39878 (A stored Reflected Cross-Site Scripting
vulnerability in the Jir
CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version
12.2 th ...)
- gitlab <unfixed>
CVE-2021-39876 (In all versions of GitLab CE/EE since version 11.3, the
endpoint for a ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is
possible to ...)
- gitlab <unfixed>
CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the
requirement to ...)
@@ -51464,7 +51467,7 @@ CVE-2021-36897
CVE-2021-36896 (Authenticated (author or higher user role) Stored Cross-Site
Scripting ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36895 (Unauthenticated Cross-Site Scripting (XSS) vulnerability in
Tripetto's ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36894
RESERVED
CVE-2021-36893 (Authenticated (author or higher user role) Stored Cross-Site
Scripting ...)
@@ -51520,7 +51523,7 @@ CVE-2021-36869 (Reflected Cross-Site Scripting (XSS)
vulnerability in WordPress
CVE-2021-36868
RESERVED
CVE-2021-36867 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander
Ustimenko ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36866
RESERVED
CVE-2021-36865
@@ -77314,9 +77317,9 @@ CVE-2021-26631
CVE-2021-26630
RESERVED
CVE-2021-26629 (A path traversal vulnerability in XPLATFORM's runtime archive
function ...)
- TODO: check
+ NOT-FOR-US: Tobesoft Xplatform
CVE-2021-26628 (Insufficient script validation of the admin page enables XSS,
which ca ...)
- TODO: check
+ NOT-FOR-US: Maxboard
CVE-2021-26627 (Real-time image information exposure is caused by insufficient
authent ...)
NOT-FOR-US: EDrhyme QCP camera
CVE-2021-26626 (Improper input validation vulnerability in XPLATFORM's
execBrowser met ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5ff5faf50715e273b4c34898c19e65ca6dad639
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5ff5faf50715e273b4c34898c19e65ca6dad639
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
