Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dfa0e3c8 by Moritz Muehlenhoff at 2022-07-17T22:16:53+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18913,7 +18913,7 @@ CVE-2022-29155 (In OpenLDAP 2.x before 2.5.12 and 2.6.x
before 2.6.2, a SQL inje
CVE-2022-29154
RESERVED
CVE-2022-29153 (HashiCorp Consul and Consul Enterprise through 2022-04-12
allow SSRF. ...)
- - consul <unfixed>
+ - consul <unfixed> (bug #1015218)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
CVE-2022-29152 (The Ericom PowerTerm WebConnect 6.0 login portal can unsafely
write an ...)
NOT-FOR-US: Ericom
@@ -31685,12 +31685,12 @@ CVE-2022-24730 (Argo CD is a declarative, GitOps
continuous delivery tool for Ku
NOT-FOR-US: Argo CD
CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
- ckeditor 4.19.0+dfsg-1
- - ckeditor3 <unfixed>
+ - ckeditor3 <unfixed> (bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
- ckeditor 4.19.0+dfsg-1
- - ckeditor3 <unfixed>
+ - ckeditor3 <unfixed> (bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89
NOTE:
https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949
(4.18.0)
@@ -38688,7 +38688,7 @@ CVE-2021-46172
CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer
dereference in se ...)
NOT-FOR-US: Modex
CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There
is an Use ...)
- - iotjs <unfixed>
+ - iotjs <unfixed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4917
@@ -50713,7 +50713,7 @@ CVE-2021-43455 (An Unquoted Service Path vulnerability
exists in FreeLAN 2.2 via
CVE-2021-43454 (An Unquoted Service Path vulnerability exists in AnyTXT
Searcher 1.2.3 ...)
NOT-FOR-US: AnyTXT Searcher for Windows
CVE-2021-43453 (A Heap-based Buffer Overflow vulnerability exists in
JerryScript 2.4.0 ...)
- - iotjs <unfixed>
+ - iotjs <unfixed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4808
@@ -53230,7 +53230,7 @@ CVE-2021-42865
CVE-2021-42864
RESERVED
CVE-2021-42863 (A buffer overflow in
ecma_builtin_typedarray_prototype_filter() in Jer ...)
- - iotjs <unfixed>
+ - iotjs <unfixed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4793
@@ -56829,7 +56829,7 @@ CVE-2021-41961
CVE-2021-41960
RESERVED
CVE-2021-41959 (JerryScript Git version 14ff5bf does not sufficiently track
and releas ...)
- - iotjs <unfixed>
+ - iotjs <unfixed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4781
@@ -57399,7 +57399,7 @@ CVE-2021-41752 (Stack overflow vulnerability in
Jerryscript before commit e1ce7d
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4779
TODO: check - could be only a test artifact
CVE-2021-41751 (Buffer overflow vulnerability in file
ecma-builtin-array-prototype.c:9 ...)
- - iotjs <unfixed>
+ - iotjs <unfixed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4797
@@ -57560,10 +57560,10 @@ CVE-2021-41685
CVE-2021-41684
RESERVED
CVE-2021-41683 (There is a stack-overflow at ecma-helpers.c:326 in
ecma_get_lex_env_ty ...)
- - iotjs <unfixed>
+ - iotjs <unfixed> (bug #1015219)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4745
CVE-2021-41682 (There is a heap-use-after-free at ecma-helpers-string.c:1940
in ecma_c ...)
- - iotjs <unfixed>
+ - iotjs <unfixed> (bug #1015219)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4747
NOTE:
https://github.com/jerryscript-project/jerryscript/commit/3ad76f932c8d2e3b9ba2d95e64848698ec7d7290
CVE-2021-41681
@@ -58815,7 +58815,7 @@ CVE-2021-41165 (CKEditor4 is an open source WYSIWYG
HTML editor. In affected ver
[bullseye] - ckeditor <no-dsa> (Minor issue)
[buster] - ckeditor <no-dsa> (Minor issue)
[stretch] - ckeditor <no-dsa> (Minor issue)
- - ckeditor3 <unfixed>
+ - ckeditor3 <unfixed> (bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
(v4.17.0)
CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected
versions ...)
@@ -64958,7 +64958,7 @@ CVE-2021-38700
CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation,
/admin/dashb ...)
NOT-FOR-US: TastyIgniter
CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply
endpoint allow ...)
- - consul <unfixed>
+ - consul <unfixed> (bug #1015218)
[bullseye] - consul <no-dsa> (Minor issue)
[buster] - consul <no-dsa> (Minor issue)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
@@ -67801,7 +67801,7 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML
editor with rich content
- ckeditor 4.16.2+dfsg-1 (bug #992290)
[bullseye] - ckeditor <no-dsa> (Minor issue)
[buster] - ckeditor <no-dsa> (Minor issue)
- - ckeditor3 <unfixed>
+ - ckeditor3 <unfixed> (bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
NOTE:
https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
@@ -68882,7 +68882,7 @@ CVE-2021-37220 (MuPDF through 1.18.1 has an
out-of-bounds write because the cach
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703791
NOTE: On Stretch, an earlier version of the code exits early instead of
crashing.
CVE-2021-37219 (HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer
allows no ...)
- - consul <unfixed>
+ - consul <unfixed> (bug #1015218)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024
CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows
non-server ...)
- nomad <unfixed>
@@ -76987,7 +76987,7 @@ CVE-2021-33829 (A cross-site scripting (XSS)
vulnerability in the HTML Data Proc
{DLA-2813-1}
- ckeditor 4.16.0+dfsg-2
[buster] - ckeditor <no-dsa> (Minor issue)
- - ckeditor3 <unfixed>
+ - ckeditor3 <unfixed> (bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE:
https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
NOTE:
https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed
@@ -96628,7 +96628,7 @@ CVE-2021-26271 (It was possible to execute a ReDoS-type
attack inside CKEditor 4
- ckeditor 4.16.0+dfsg-1 (bug #982587)
[buster] - ckeditor <no-dsa> (Minor issue)
[stretch] - ckeditor <postponed> (Fix along next DLA)
- - ckeditor3 <unfixed>
+ - ckeditor3 <unfixed> (bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE:
https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
CVE-2021-26270
@@ -255918,7 +255918,7 @@ CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows
user-assisted XSS involving a
- ckeditor 4.11.1+dfsg-1 (low)
[stretch] - ckeditor <ignored> (Minor issue, XSS through direct
copy/paste by victim, no identified patch)
[jessie] - ckeditor <ignored> (Minor issue)
- - ckeditor3 <unfixed> (low)
+ - ckeditor3 <unfixed> (low; bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
- fckeditor <removed>
CVE-2018-17959
@@ -424661,7 +424661,7 @@ CVE-2014-5191 (Cross-site scripting (XSS)
vulnerability in the Preview plugin be
- ckeditor 4.4.4+dfsg1-1 (bug #760736)
[wheezy] - ckeditor <not-affected> (Preview plugin not yet present)
[squeeze] - ckeditor <not-affected> (Preview plugin not yet present)
- - ckeditor3 <unfixed>
+ - ckeditor3 <unfixed> (bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE:
https://dev.ckeditor.com/browser/CKEditor/trunk/_source/plugins/preview/preview.html?rev=7706
(v3.6.x)
NOTE:
https://github.com/ckeditor/ckeditor4/commit/b685874c6bc873a76e6e95916c43840a2b7ab08a
(v4.4.3)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfa0e3c876f5f843372f3fdefea5670f2c98084f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfa0e3c876f5f843372f3fdefea5670f2c98084f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
