[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Jul 17 21:18:05 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dfa0e3c8 by Moritz Muehlenhoff at 2022-07-17T22:16:53+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18913,7 +18913,7 @@ CVE-2022-29155 (In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL inje
CVE-2022-29154
RESERVED
CVE-2022-29153 (HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. ...)
- - consul <unfixed>
+ - consul <unfixed> (bug #1015218)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
CVE-2022-29152 (The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an ...)
NOT-FOR-US: Ericom
@@ -31685,12 +31685,12 @@ CVE-2022-24730 (Argo CD is a declarative, GitOps continuous delivery tool for Ku
NOT-FOR-US: Argo CD
CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...)
- ckeditor 4.19.0+dfsg-1
- - ckeditor3 <unfixed>
+ - ckeditor3 <unfixed> (bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...)
- ckeditor 4.19.0+dfsg-1
- - ckeditor3 <unfixed>
+ - ckeditor3 <unfixed> (bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89
NOTE: https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949 (4.18.0)
@@ -38688,7 +38688,7 @@ CVE-2021-46172
CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer dereference in se ...)
NOT-FOR-US: Modex
CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There is an Use ...)
- - iotjs <unfixed>
+ - iotjs <unfixed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4917
@@ -50713,7 +50713,7 @@ CVE-2021-43455 (An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via
CVE-2021-43454 (An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.3 ...)
NOT-FOR-US: AnyTXT Searcher for Windows
CVE-2021-43453 (A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 ...)
- - iotjs <unfixed>
+ - iotjs <unfixed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4808
@@ -53230,7 +53230,7 @@ CVE-2021-42865
CVE-2021-42864
RESERVED
CVE-2021-42863 (A buffer overflow in ecma_builtin_typedarray_prototype_filter() in Jer ...)
- - iotjs <unfixed>
+ - iotjs <unfixed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4793
@@ -56829,7 +56829,7 @@ CVE-2021-41961
CVE-2021-41960
RESERVED
CVE-2021-41959 (JerryScript Git version 14ff5bf does not sufficiently track and releas ...)
- - iotjs <unfixed>
+ - iotjs <unfixed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4781
@@ -57399,7 +57399,7 @@ CVE-2021-41752 (Stack overflow vulnerability in Jerryscript before commit e1ce7d
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4779
TODO: check - could be only a test artifact
CVE-2021-41751 (Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:9 ...)
- - iotjs <unfixed>
+ - iotjs <unfixed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4797
@@ -57560,10 +57560,10 @@ CVE-2021-41685
CVE-2021-41684
RESERVED
CVE-2021-41683 (There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_ty ...)
- - iotjs <unfixed>
+ - iotjs <unfixed> (bug #1015219)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4745
CVE-2021-41682 (There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_c ...)
- - iotjs <unfixed>
+ - iotjs <unfixed> (bug #1015219)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4747
NOTE: https://github.com/jerryscript-project/jerryscript/commit/3ad76f932c8d2e3b9ba2d95e64848698ec7d7290
CVE-2021-41681
@@ -58815,7 +58815,7 @@ CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected ver
[bullseye] - ckeditor <no-dsa> (Minor issue)
[buster] - ckeditor <no-dsa> (Minor issue)
[stretch] - ckeditor <no-dsa> (Minor issue)
- - ckeditor3 <unfixed>
+ - ckeditor3 <unfixed> (bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0)
CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions ...)
@@ -64958,7 +64958,7 @@ CVE-2021-38700
CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashb ...)
NOT-FOR-US: TastyIgniter
CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allow ...)
- - consul <unfixed>
+ - consul <unfixed> (bug #1015218)
[bullseye] - consul <no-dsa> (Minor issue)
[buster] - consul <no-dsa> (Minor issue)
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
@@ -67801,7 +67801,7 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content
- ckeditor 4.16.2+dfsg-1 (bug #992290)
[bullseye] - ckeditor <no-dsa> (Minor issue)
[buster] - ckeditor <no-dsa> (Minor issue)
- - ckeditor3 <unfixed>
+ - ckeditor3 <unfixed> (bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
NOTE: https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
@@ -68882,7 +68882,7 @@ CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the cach
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703791
NOTE: On Stretch, an earlier version of the code exits early instead of crashing.
CVE-2021-37219 (HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows no ...)
- - consul <unfixed>
+ - consul <unfixed> (bug #1015218)
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024
CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server ...)
- nomad <unfixed>
@@ -76987,7 +76987,7 @@ CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Proc
{DLA-2813-1}
- ckeditor 4.16.0+dfsg-2
[buster] - ckeditor <no-dsa> (Minor issue)
- - ckeditor3 <unfixed>
+ - ckeditor3 <unfixed> (bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed
@@ -96628,7 +96628,7 @@ CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4
- ckeditor 4.16.0+dfsg-1 (bug #982587)
[buster] - ckeditor <no-dsa> (Minor issue)
[stretch] - ckeditor <postponed> (Fix along next DLA)
- - ckeditor3 <unfixed>
+ - ckeditor3 <unfixed> (bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
CVE-2021-26270
@@ -255918,7 +255918,7 @@ CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a
- ckeditor 4.11.1+dfsg-1 (low)
[stretch] - ckeditor <ignored> (Minor issue, XSS through direct copy/paste by victim, no identified patch)
[jessie] - ckeditor <ignored> (Minor issue)
- - ckeditor3 <unfixed> (low)
+ - ckeditor3 <unfixed> (low; bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
- fckeditor <removed>
CVE-2018-17959
@@ -424661,7 +424661,7 @@ CVE-2014-5191 (Cross-site scripting (XSS) vulnerability in the Preview plugin be
- ckeditor 4.4.4+dfsg1-1 (bug #760736)
[wheezy] - ckeditor <not-affected> (Preview plugin not yet present)
[squeeze] - ckeditor <not-affected> (Preview plugin not yet present)
- - ckeditor3 <unfixed>
+ - ckeditor3 <unfixed> (bug #1015217)
[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
NOTE: https://dev.ckeditor.com/browser/CKEditor/trunk/_source/plugins/preview/preview.html?rev=7706 (v3.6.x)
NOTE: https://github.com/ckeditor/ckeditor4/commit/b685874c6bc873a76e6e95916c43840a2b7ab08a (v4.4.3)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfa0e3c876f5f843372f3fdefea5670f2c98084f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfa0e3c876f5f843372f3fdefea5670f2c98084f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220717/2d1ed0ca/attachment.htm>
More information about the debian-security-tracker-commits
mailing list