Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: dfa0e3c8 by Moritz Muehlenhoff at 2022-07-17T22:16:53+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -18913,7 +18913,7 @@ CVE-2022-29155 (In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL inje CVE-2022-29154 RESERVED CVE-2022-29153 (HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. ...) - - consul <unfixed> + - consul <unfixed> (bug #1015218) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 CVE-2022-29152 (The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an ...) NOT-FOR-US: Ericom @@ -31685,12 +31685,12 @@ CVE-2022-24730 (Argo CD is a declarative, GitOps continuous delivery tool for Ku NOT-FOR-US: Argo CD CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) - ckeditor 4.19.0+dfsg-1 - - ckeditor3 <unfixed> + - ckeditor3 <unfixed> (bug #1015217) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) - ckeditor 4.19.0+dfsg-1 - - ckeditor3 <unfixed> + - ckeditor3 <unfixed> (bug #1015217) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89 NOTE: https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949 (4.18.0) @@ -38688,7 +38688,7 @@ CVE-2021-46172 CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer dereference in se ...) NOT-FOR-US: Modex CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There is an Use ...) - - iotjs <unfixed> + - iotjs <unfixed> (bug #1015219) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4917 @@ -50713,7 +50713,7 @@ CVE-2021-43455 (An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via CVE-2021-43454 (An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.3 ...) NOT-FOR-US: AnyTXT Searcher for Windows CVE-2021-43453 (A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 ...) - - iotjs <unfixed> + - iotjs <unfixed> (bug #1015219) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4808 @@ -53230,7 +53230,7 @@ CVE-2021-42865 CVE-2021-42864 RESERVED CVE-2021-42863 (A buffer overflow in ecma_builtin_typedarray_prototype_filter() in Jer ...) - - iotjs <unfixed> + - iotjs <unfixed> (bug #1015219) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4793 @@ -56829,7 +56829,7 @@ CVE-2021-41961 CVE-2021-41960 RESERVED CVE-2021-41959 (JerryScript Git version 14ff5bf does not sufficiently track and releas ...) - - iotjs <unfixed> + - iotjs <unfixed> (bug #1015219) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4781 @@ -57399,7 +57399,7 @@ CVE-2021-41752 (Stack overflow vulnerability in Jerryscript before commit e1ce7d NOTE: https://github.com/jerryscript-project/jerryscript/issues/4779 TODO: check - could be only a test artifact CVE-2021-41751 (Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:9 ...) - - iotjs <unfixed> + - iotjs <unfixed> (bug #1015219) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4797 @@ -57560,10 +57560,10 @@ CVE-2021-41685 CVE-2021-41684 RESERVED CVE-2021-41683 (There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_ty ...) - - iotjs <unfixed> + - iotjs <unfixed> (bug #1015219) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4745 CVE-2021-41682 (There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_c ...) - - iotjs <unfixed> + - iotjs <unfixed> (bug #1015219) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4747 NOTE: https://github.com/jerryscript-project/jerryscript/commit/3ad76f932c8d2e3b9ba2d95e64848698ec7d7290 CVE-2021-41681 @@ -58815,7 +58815,7 @@ CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected ver [bullseye] - ckeditor <no-dsa> (Minor issue) [buster] - ckeditor <no-dsa> (Minor issue) [stretch] - ckeditor <no-dsa> (Minor issue) - - ckeditor3 <unfixed> + - ckeditor3 <unfixed> (bug #1015217) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0) CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions ...) @@ -64958,7 +64958,7 @@ CVE-2021-38700 CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashb ...) NOT-FOR-US: TastyIgniter CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allow ...) - - consul <unfixed> + - consul <unfixed> (bug #1015218) [bullseye] - consul <no-dsa> (Minor issue) [buster] - consul <no-dsa> (Minor issue) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 @@ -67801,7 +67801,7 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content - ckeditor 4.16.2+dfsg-1 (bug #992290) [bullseye] - ckeditor <no-dsa> (Minor issue) [buster] - ckeditor <no-dsa> (Minor issue) - - ckeditor3 <unfixed> + - ckeditor3 <unfixed> (bug #1015217) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc NOTE: https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58 @@ -68882,7 +68882,7 @@ CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the cach NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703791 NOTE: On Stretch, an earlier version of the code exits early instead of crashing. CVE-2021-37219 (HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows no ...) - - consul <unfixed> + - consul <unfixed> (bug #1015218) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server ...) - nomad <unfixed> @@ -76987,7 +76987,7 @@ CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Proc {DLA-2813-1} - ckeditor 4.16.0+dfsg-2 [buster] - ckeditor <no-dsa> (Minor issue) - - ckeditor3 <unfixed> + - ckeditor3 <unfixed> (bug #1015217) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed @@ -96628,7 +96628,7 @@ CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4 - ckeditor 4.16.0+dfsg-1 (bug #982587) [buster] - ckeditor <no-dsa> (Minor issue) [stretch] - ckeditor <postponed> (Fix along next DLA) - - ckeditor3 <unfixed> + - ckeditor3 <unfixed> (bug #1015217) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416 CVE-2021-26270 @@ -255918,7 +255918,7 @@ CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a - ckeditor 4.11.1+dfsg-1 (low) [stretch] - ckeditor <ignored> (Minor issue, XSS through direct copy/paste by victim, no identified patch) [jessie] - ckeditor <ignored> (Minor issue) - - ckeditor3 <unfixed> (low) + - ckeditor3 <unfixed> (low; bug #1015217) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) - fckeditor <removed> CVE-2018-17959 @@ -424661,7 +424661,7 @@ CVE-2014-5191 (Cross-site scripting (XSS) vulnerability in the Preview plugin be - ckeditor 4.4.4+dfsg1-1 (bug #760736) [wheezy] - ckeditor <not-affected> (Preview plugin not yet present) [squeeze] - ckeditor <not-affected> (Preview plugin not yet present) - - ckeditor3 <unfixed> + - ckeditor3 <unfixed> (bug #1015217) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) NOTE: https://dev.ckeditor.com/browser/CKEditor/trunk/_source/plugins/preview/preview.html?rev=7706 (v3.6.x) NOTE: https://github.com/ckeditor/ckeditor4/commit/b685874c6bc873a76e6e95916c43840a2b7ab08a (v4.4.3) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfa0e3c876f5f843372f3fdefea5670f2c98084f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfa0e3c876f5f843372f3fdefea5670f2c98084f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits