[Git][security-tracker-team/security-tracker][master] automatic update

Sat Feb 26 20:10:30 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e47dd0fd by security tracker role at 2022-02-26T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,8 +2,8 @@ CVE-2022-26148
 	RESERVED
 CVE-2022-26147
 	RESERVED
-CVE-2022-26146
-	RESERVED
+CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an authenticated atta ...)
+	TODO: check
 CVE-2022-26145
 	RESERVED
 CVE-2022-26144
@@ -83,12 +83,12 @@ CVE-2022-25995
 	RESERVED
 CVE-2022-0765
 	RESERVED
-CVE-2022-0764
-	RESERVED
-CVE-2022-0763
-	RESERVED
-CVE-2022-0762
-	RESERVED
+CVE-2022-0764 (Arbitrary Command Injection in GitHub repository strapi/strapi prior t ...)
+	TODO: check
+CVE-2022-0763 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
+	TODO: check
+CVE-2022-0762 (Business Logic Errors in GitHub repository microweber/microweber prior ...)
+	TODO: check
 CVE-2021-4224
 	RESERVED
 CVE-2022-26111
@@ -1120,8 +1120,8 @@ CVE-2022-0725 [logs plain text passwords in system log when clearing the clipboa
 	NOTE: https://sourceforge.net/p/keepass/discussion/329220/thread/33d6afdc/
 CVE-2022-0724 (Insecure Storage of Sensitive Information in GitHub repository microwe ...)
 	NOT-FOR-US: microweber
-CVE-2022-0723
-	RESERVED
+CVE-2022-0723 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
+	TODO: check
 CVE-2022-0722
 	RESERVED
 CVE-2022-0721 (Insertion of Sensitive Information Into Debugging Code in GitHub repos ...)
@@ -3765,6 +3765,7 @@ CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM
 CVE-2022-0535
 	RESERVED
 CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the stack ou ...)
+	{DLA-2928-1}
 	- htmldoc 1.9.15-1 (unimportant)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/463
 	NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50 (v1.9.15)
@@ -12333,6 +12334,7 @@ CVE-2022-0078
 CVE-2021-45959
 	REJECTED
 CVE-2021-45958 (UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow  ...)
+	{DLA-2929-1}
 	- ujson <unfixed> (bug #1005140)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
 	NOTE: https://github.com/ultrajson/ultrajson/issues/501
@@ -21317,6 +21319,7 @@ CVE-2021-43581 (An Out-of-Bounds Read vulnerability exists when reading a U3D fi
 CVE-2021-43580
 	RESERVED
 CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9 ...)
+	{DLA-2928-1}
 	- htmldoc 1.9.13-1 (unimportant)
 	[bullseye] - htmldoc 1.9.11-4+deb11u1
 	NOTE: https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b (v1.9.13)
@@ -30035,6 +30038,7 @@ CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovere
 CVE-2021-3800
 	RESERVED
 CVE-2021-40985 (Buffer overflow vulnerability in htmldoc before 1.9.12, allows attacke ...)
+	{DLA-2928-1}
 	- htmldoc 1.9.13-1 (unimportant)
 	[bullseye] - htmldoc 1.9.11-4+deb11u1
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/444
@@ -93707,8 +93711,8 @@ CVE-2020-27960
 	RESERVED
 CVE-2020-27959
 	RESERVED
-CVE-2020-27958
-	RESERVED
+CVE-2020-27958 (The Job Composer app in Ohio Supercomputer Center Open OnDemand before ...)
+	TODO: check
 CVE-2020-27957 (The RandomGameUnit extension for MediaWiki through 1.35 was not proper ...)
 	NOT-FOR-US: MediaWiki extension
 CVE-2020-27956 (An Arbitrary File Upload in the Upload Image component in SourceCodest ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e47dd0fdb27c56e0cfb263b0ac8ecfbfd54a5b02

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e47dd0fdb27c56e0cfb263b0ac8ecfbfd54a5b02
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220226/e810173b/attachment-0001.htm>
