[Git][security-tracker-team/security-tracker][master] new gitlab issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 20 11:49:18 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ce97f2ec by Moritz Muehlenhoff at 2022-06-20T12:47:52+02:00
new gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11252,7 +11252,7 @@ CVE-2022-1512 (The ScrollReveal.js Effects WordPress plugin through 1.2 does not
CVE-2022-1511 (Improper Access Control in GitHub repository snipe/snipe-it prior to 5 ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-1510 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1509 (Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp pri ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-29868 (1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a ...)
@@ -11660,7 +11660,7 @@ CVE-2022-1462 (An out-of-bounds read flaw was found in the Linux kernel’s
CVE-2022-1461 (Non Privilege User can Enable or Disable Registered in GitHub reposito ...)
NOT-FOR-US: OpenEMR
CVE-2022-1460 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1459 (Non-Privilege User Can View Patient’s Disclosures in GitHub repo ...)
NOT-FOR-US: OpenEMR
CVE-2022-1458 (Stored XSS Leads To Session Hijacking in GitHub repository openemr/ope ...)
@@ -12174,11 +12174,11 @@ CVE-2022-1434 (The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorre
NOTE: https://www.openssl.org/news/secadv/20220503.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d56a74a96828985db7354a55227a511615f732b (openssl-3.0.3)
CVE-2022-1433 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1432 (Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/oc ...)
- octoprint <itp> (bug #718591)
CVE-2022-1431 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1430 (Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octopr ...)
- octoprint <itp> (bug #718591)
CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository pimcore/pi ...)
@@ -12239,13 +12239,13 @@ CVE-2022-29561
CVE-2022-29560
RESERVED
CVE-2022-1426 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1425 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a compani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1424 (The Ask me WordPress theme before 6.8.2 does not perform CSRF checks f ...)
NOT-FOR-US: WordPress theme
CVE-2022-1423 (Improper access control in the CI/CD cache mechanism in GitLab CE/EE a ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1422 (The Discy WordPress theme before 5.2 does not check for CSRF tokens in ...)
NOT-FOR-US: WordPress theme
CVE-2022-1421 (The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX ac ...)
@@ -12355,15 +12355,15 @@ CVE-2022-29526
NOTE: Branch.go1.18 : https://github.com/golang/go/commit/c0599c5b781de023974519194df6b0c4ebb0adff (1.18.2)
NOTE: Introduced by: https://github.com/golang/go/commit/60f78765022a59725121d3b800268adffe78bde3 (go1.15rc1)
CVE-2022-1417 (Improper access control in GitLab CE/EE affecting all versions startin ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1416 (Missing sanitization of data in Pipeline error messages in GitLab CE/E ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1415
RESERVED
CVE-2022-1414
RESERVED
CVE-2022-1413 (Missing input masking in GitLab CE/EE affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1412 (The Log WP_Mail WordPress plugin through 0.1 saves sent email in a pub ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1411 (Unrestructed file upload in GitHub repository yetiforcecompany/yetifor ...)
@@ -12399,7 +12399,7 @@ CVE-2022-26424
CVE-2022-25899
RESERVED
CVE-2022-1406 (Improper input validation in GitLab CE/EE affecting all versions from ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-29504
RESERVED
CVE-2022-29503
@@ -13075,7 +13075,7 @@ CVE-2022-1353 (A vulnerability was found in the pfkey_register function in net/k
- linux 5.17.3-1
NOTE: https://git.kernel.org/linus/9a564bccb78a76740ea9d75a259942df8143d02c (5.17)
CVE-2022-1352 (Due to an insecure direct object reference vulnerability in Gitlab EE/ ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1351 (Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10 ...)
NOT-FOR-US: pimcore
CVE-2022-29264 (An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitra ...)
@@ -16551,7 +16551,7 @@ CVE-2022-1125
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1124 (An improper authorization issue has been discovered in GitLab CE/EE af ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1123
RESERVED
CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce97f2ec17bbe0d30f0c796f662a5587604fdf90
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce97f2ec17bbe0d30f0c796f662a5587604fdf90
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220620/001d036c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list