[Git][security-tracker-team/security-tracker][master] new gitlab issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Apr 6 14:33:34 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
911e981a by Moritz Muehlenhoff at 2022-04-06T15:33:08+02:00
new gitlab issues
usbguard fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1131,11 +1131,11 @@ CVE-2022-28224
CVE-2022-1191 (SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperch ...)
NOT-FOR-US: livehelperchat
CVE-2022-1190 (Improper handling of user input in GitLab CE/EE versions 8.3 prior to ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1189 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1188 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1187
RESERVED
CVE-2022-1186
@@ -1149,7 +1149,7 @@ CVE-2022-28221
CVE-2022-28220
RESERVED
CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in GitLab ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1184
RESERVED
CVE-2022-1183
@@ -1169,9 +1169,9 @@ CVE-2022-1177 (Accounting User Can Download Patient Reports in openemr in GitHub
CVE-2022-1176 (Loose comparison causes IDOR on multiple endpoints in GitHub repositor ...)
NOT-FOR-US: livehelperchat
CVE-2022-1175 (Improper neutralization of user input in GitLab CE/EE versions 14.4 be ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1173
RESERVED
CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...)
@@ -1190,7 +1190,7 @@ CVE-2022-1169 (There is a XSS vulnerability in Careerfy. ...)
CVE-2022-1168 (There is a Cross-Site Scripting vulnerability in the JobSearch WP JobS ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1167 (There are unauthenticated reflected Cross-Site Scripting (XSS) vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1166 (The JobMonster Theme was vulnerable to Directory Listing in the /wp-co ...)
NOT-FOR-US: Wordpress theme
CVE-2022-1165 (The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers ...)
@@ -1438,7 +1438,7 @@ CVE-2022-28130
CVE-2022-28129
RESERVED
CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab CE/EE affe ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1147
RESERVED
CVE-2022-1146
@@ -1586,9 +1586,9 @@ CVE-2022-1122 (A flaw was found in the opj2_decompress program in openjpeg2 2.4.
NOTE: https://github.com/uclouvain/openjpeg/issues/1368
NOTE: https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
CVE-2022-1121 (A lack of appropriate timeouts in GitLab Pages included in GitLab CE/E ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1120 (Missing filtering in an error message in GitLab CE/EE affecting all ve ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1119
RESERVED
CVE-2022-1118
@@ -1616,7 +1616,7 @@ CVE-2022-1113
CVE-2022-1112
RESERVED
CVE-2022-1111 (A business logic error in Project Import in GitLab CE/EE versions 14.9 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-36520
RESERVED
CVE-2022-28125
@@ -2043,7 +2043,7 @@ CVE-2022-1106 (use after free in mrb_vm_exec in GitHub repository mruby/mruby pr
NOTE: https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c
NOTE: Vulnerable code introduced in https://github.com/mruby/mruby/commit/b137eb2678cfba8d6ffcddff5326ebe8eb7f6a24 (3.1.0-rc2)
CVE-2022-1105 (An improper access control vulnerability in GitLab CE/EE affecting all ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1104
RESERVED
CVE-2022-1103
@@ -7591,7 +7591,7 @@ CVE-2022-0743 (Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/
NOT-FOR-US: Grav CMS
CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems with the ...)
[experimental] - usbguard 1.1.0+ds-1
- - usbguard <unfixed> (bug #1008026)
+ - usbguard 1.1.0+ds-2 (bug #1008026)
NOTE: https://github.com/USBGuard/usbguard/issues/273
NOTE: https://github.com/USBGuard/usbguard/issues/403
NOTE: https://github.com/USBGuard/usbguard/pull/531
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/911e981a774cb160a8cfee0f2096cdb03f7c7cc0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/911e981a774cb160a8cfee0f2096cdb03f7c7cc0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220406/023a8df2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list