Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ce97f2ec by Moritz Muehlenhoff at 2022-06-20T12:47:52+02:00
new gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11252,7 +11252,7 @@ CVE-2022-1512 (The ScrollReveal.js Effects WordPress
plugin through 1.2 does not
CVE-2022-1511 (Improper Access Control in GitHub repository snipe/snipe-it
prior to 5 ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-1510 (An issue has been discovered in GitLab affecting all versions
starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1509 (Sed Injection Vulnerability in GitHub repository
hestiacp/hestiacp pri ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-29868 (1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is
vulnerable to a ...)
@@ -11660,7 +11660,7 @@ CVE-2022-1462 (An out-of-bounds read flaw was found in
the Linux kernel’s
CVE-2022-1461 (Non Privilege User can Enable or Disable Registered in GitHub
reposito ...)
NOT-FOR-US: OpenEMR
CVE-2022-1460 (An issue has been discovered in GitLab affecting all versions
starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1459 (Non-Privilege User Can View Patient’s Disclosures in
GitHub repo ...)
NOT-FOR-US: OpenEMR
CVE-2022-1458 (Stored XSS Leads To Session Hijacking in GitHub repository
openemr/ope ...)
@@ -12174,11 +12174,11 @@ CVE-2022-1434 (The OpenSSL 3.0 implementation of the
RC4-MD5 ciphersuite incorre
NOTE: https://www.openssl.org/news/secadv/20220503.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d56a74a96828985db7354a55227a511615f732b
(openssl-3.0.3)
CVE-2022-1433 (An issue has been discovered in GitLab affecting all versions
starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1432 (Cross-site Scripting (XSS) - Generic in GitHub repository
octoprint/oc ...)
- octoprint <itp> (bug #718591)
CVE-2022-1431 (An issue has been discovered in GitLab affecting all versions
starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1430 (Cross-site Scripting (XSS) - DOM in GitHub repository
octoprint/octopr ...)
- octoprint <itp> (bug #718591)
CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository
pimcore/pi ...)
@@ -12239,13 +12239,13 @@ CVE-2022-29561
CVE-2022-29560
RESERVED
CVE-2022-1426 (An issue has been discovered in GitLab affecting all versions
starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1425 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a
compani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1424 (The Ask me WordPress theme before 6.8.2 does not perform CSRF
checks f ...)
NOT-FOR-US: WordPress theme
CVE-2022-1423 (Improper access control in the CI/CD cache mechanism in GitLab
CE/EE a ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1422 (The Discy WordPress theme before 5.2 does not check for CSRF
tokens in ...)
NOT-FOR-US: WordPress theme
CVE-2022-1421 (The Discy WordPress theme before 5.2 lacks CSRF checks in some
AJAX ac ...)
@@ -12355,15 +12355,15 @@ CVE-2022-29526
NOTE: Branch.go1.18 :
https://github.com/golang/go/commit/c0599c5b781de023974519194df6b0c4ebb0adff
(1.18.2)
NOTE: Introduced by:
https://github.com/golang/go/commit/60f78765022a59725121d3b800268adffe78bde3
(go1.15rc1)
CVE-2022-1417 (Improper access control in GitLab CE/EE affecting all versions
startin ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1416 (Missing sanitization of data in Pipeline error messages in
GitLab CE/E ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1415
RESERVED
CVE-2022-1414
RESERVED
CVE-2022-1413 (Missing input masking in GitLab CE/EE affecting all versions
starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1412 (The Log WP_Mail WordPress plugin through 0.1 saves sent email
in a pub ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1411 (Unrestructed file upload in GitHub repository
yetiforcecompany/yetifor ...)
@@ -12399,7 +12399,7 @@ CVE-2022-26424
CVE-2022-25899
RESERVED
CVE-2022-1406 (Improper input validation in GitLab CE/EE affecting all
versions from ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-29504
RESERVED
CVE-2022-29503
@@ -13075,7 +13075,7 @@ CVE-2022-1353 (A vulnerability was found in the
pfkey_register function in net/k
- linux 5.17.3-1
NOTE:
https://git.kernel.org/linus/9a564bccb78a76740ea9d75a259942df8143d02c (5.17)
CVE-2022-1352 (Due to an insecure direct object reference vulnerability in
Gitlab EE/ ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1351 (Stored XSS in Tooltip in GitHub repository pimcore/pimcore
prior to 10 ...)
NOT-FOR-US: pimcore
CVE-2022-29264 (An issue was discovered in coreboot 4.13 through 4.16. On APs,
arbitra ...)
@@ -16551,7 +16551,7 @@ CVE-2022-1125
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1124 (An improper authorization issue has been discovered in GitLab
CE/EE af ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1123
RESERVED
CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue
(e.g., ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce97f2ec17bbe0d30f0c796f662a5587604fdf90
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce97f2ec17bbe0d30f0c796f662a5587604fdf90
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
