Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9bfb4dc8 by security tracker role at 2021-10-18T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,275 @@
+CVE-2021-42697
+ RESERVED
+CVE-2021-42696
+ RESERVED
+CVE-2021-42695
+ RESERVED
+CVE-2021-42694
+ RESERVED
+CVE-2021-42693
+ RESERVED
+CVE-2021-42692
+ RESERVED
+CVE-2021-42691
+ RESERVED
+CVE-2021-42690
+ RESERVED
+CVE-2021-42689
+ RESERVED
+CVE-2021-42688
+ RESERVED
+CVE-2021-42687
+ RESERVED
+CVE-2021-42686
+ RESERVED
+CVE-2021-42685
+ RESERVED
+CVE-2021-42684
+ RESERVED
+CVE-2021-42683
+ RESERVED
+CVE-2021-42682
+ RESERVED
+CVE-2021-42681
+ RESERVED
+CVE-2021-42680
+ RESERVED
+CVE-2021-42679
+ RESERVED
+CVE-2021-42678
+ RESERVED
+CVE-2021-42677
+ RESERVED
+CVE-2021-42676
+ RESERVED
+CVE-2021-42675
+ RESERVED
+CVE-2021-42674
+ RESERVED
+CVE-2021-42673
+ RESERVED
+CVE-2021-42672
+ RESERVED
+CVE-2021-42671
+ RESERVED
+CVE-2021-42670
+ RESERVED
+CVE-2021-42669
+ RESERVED
+CVE-2021-42668
+ RESERVED
+CVE-2021-42667
+ RESERVED
+CVE-2021-42666
+ RESERVED
+CVE-2021-42665
+ RESERVED
+CVE-2021-42664
+ RESERVED
+CVE-2021-42663
+ RESERVED
+CVE-2021-42662
+ RESERVED
+CVE-2021-42661
+ RESERVED
+CVE-2021-42660
+ RESERVED
+CVE-2021-42659
+ RESERVED
+CVE-2021-42658
+ RESERVED
+CVE-2021-42657
+ RESERVED
+CVE-2021-42656
+ RESERVED
+CVE-2021-42655
+ RESERVED
+CVE-2021-42654
+ RESERVED
+CVE-2021-42653
+ RESERVED
+CVE-2021-42652
+ RESERVED
+CVE-2021-42651
+ RESERVED
+CVE-2021-42650
+ RESERVED
+CVE-2021-42649
+ RESERVED
+CVE-2021-42648
+ RESERVED
+CVE-2021-42647
+ RESERVED
+CVE-2021-42646
+ RESERVED
+CVE-2021-42645
+ RESERVED
+CVE-2021-42644
+ RESERVED
+CVE-2021-42643
+ RESERVED
+CVE-2021-42642
+ RESERVED
+CVE-2021-42641
+ RESERVED
+CVE-2021-42640
+ RESERVED
+CVE-2021-42639
+ RESERVED
+CVE-2021-42638
+ RESERVED
+CVE-2021-42637
+ RESERVED
+CVE-2021-42636
+ RESERVED
+CVE-2021-42635
+ RESERVED
+CVE-2021-42634
+ RESERVED
+CVE-2021-42633
+ RESERVED
+CVE-2021-42632
+ RESERVED
+CVE-2021-42631
+ RESERVED
+CVE-2021-42630
+ RESERVED
+CVE-2021-42629
+ RESERVED
+CVE-2021-42628
+ RESERVED
+CVE-2021-42627
+ RESERVED
+CVE-2021-42626
+ RESERVED
+CVE-2021-42625
+ RESERVED
+CVE-2021-42624
+ RESERVED
+CVE-2021-42623
+ RESERVED
+CVE-2021-42622
+ RESERVED
+CVE-2021-42621
+ RESERVED
+CVE-2021-42620
+ RESERVED
+CVE-2021-42619
+ RESERVED
+CVE-2021-42618
+ RESERVED
+CVE-2021-42617
+ RESERVED
+CVE-2021-42616
+ RESERVED
+CVE-2021-42615
+ RESERVED
+CVE-2021-42614
+ RESERVED
+CVE-2021-42613
+ RESERVED
+CVE-2021-42612
+ RESERVED
+CVE-2021-42611
+ RESERVED
+CVE-2021-42610
+ RESERVED
+CVE-2021-42609
+ RESERVED
+CVE-2021-42608
+ RESERVED
+CVE-2021-42607
+ RESERVED
+CVE-2021-42606
+ RESERVED
+CVE-2021-42605
+ RESERVED
+CVE-2021-42604
+ RESERVED
+CVE-2021-42603
+ RESERVED
+CVE-2021-42602
+ RESERVED
+CVE-2021-42601
+ RESERVED
+CVE-2021-42600
+ RESERVED
+CVE-2021-42599
+ RESERVED
+CVE-2021-42598
+ RESERVED
+CVE-2021-42597
+ RESERVED
+CVE-2021-42596
+ RESERVED
+CVE-2021-42595
+ RESERVED
+CVE-2021-42594
+ RESERVED
+CVE-2021-42593
+ RESERVED
+CVE-2021-42592
+ RESERVED
+CVE-2021-42591
+ RESERVED
+CVE-2021-42590
+ RESERVED
+CVE-2021-42589
+ RESERVED
+CVE-2021-42588
+ RESERVED
+CVE-2021-42587
+ RESERVED
+CVE-2021-42586
+ RESERVED
+CVE-2021-42585
+ RESERVED
+CVE-2021-42584
+ RESERVED
+CVE-2021-42583
+ RESERVED
+CVE-2021-42582
+ RESERVED
+CVE-2021-42581
+ RESERVED
+CVE-2021-42580
+ RESERVED
+CVE-2021-42579
+ RESERVED
+CVE-2021-42578
+ RESERVED
+CVE-2021-42577
+ RESERVED
+CVE-2021-42576 (The bluemonday sanitizer before 1.0.16 for Go, and before
0.0.8 for Py ...)
+ TODO: check
+CVE-2021-42575 (The OWASP Java HTML Sanitizer before 20211018.1 does not
properly enfo ...)
+ TODO: check
+CVE-2021-42574
+ RESERVED
+CVE-2021-42573
+ RESERVED
+CVE-2021-42572
+ RESERVED
+CVE-2021-42571
+ RESERVED
+CVE-2021-42570
+ RESERVED
+CVE-2021-42569
+ RESERVED
+CVE-2021-42568
+ RESERVED
+CVE-2021-42567
+ RESERVED
+CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error
parameter. ...)
+ TODO: check
+CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter.
...)
+ TODO: check
+CVE-2021-42564
+ RESERVED
+CVE-2021-42563
+ RESERVED
+CVE-2021-3893
+ RESERVED
CVE-2021-42562
RESERVED
CVE-2021-42561
@@ -1735,6 +2007,7 @@ CVE-2021-42328
CVE-2021-42327
RESERVED
CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the
names of ...)
+ {DLA-2787-1}
- redmine <unfixed>
NOTE: https://www.redmine.org/news/133
NOTE:
https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10
@@ -2251,8 +2524,8 @@ CVE-2021-42100
RESERVED
CVE-2021-42099
RESERVED
-CVE-2021-42098
- RESERVED
+CVE-2021-42098 (An incomplete permission check on entries in Devolutions
Remote Deskto ...)
+ TODO: check
CVE-2021-42097
RESERVED
CVE-2021-42096
@@ -2345,8 +2618,8 @@ CVE-2021-42057
RESERVED
CVE-2021-42056
RESERVED
-CVE-2021-42055
- RESERVED
+CVE-2021-42055 (ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203
has Insec ...)
+ TODO: check
CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in
triton_context_schedule ...)
NOT-FOR-US: ACCEL-PPP
CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via
compone ...)
@@ -2518,12 +2791,12 @@ CVE-2021-41993
RESERVED
CVE-2021-41992
RESERVED
-CVE-2021-41991 [Integer Overflow When Replacing Certificates in Cache]
- RESERVED
+CVE-2021-41991 (The in-memory certificate cache in strongSwan before 5.9.4 has
a remot ...)
+ {DSA-4989-1}
- strongswan <unfixed>
NOTE:
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html
-CVE-2021-41990 [Integer Overflow in gmp Plugin]
- RESERVED
+CVE-2021-41990 (The gmp plugin in strongSwan before 5.9.4 has a remote integer
overflo ...)
+ {DSA-4989-1}
- strongswan <unfixed>
NOTE:
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
CVE-2021-41989
@@ -2566,8 +2839,7 @@ CVE-2021-41973
RESERVED
CVE-2021-41972
RESERVED
-CVE-2021-41971
- RESERVED
+CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with
ENABLE_ ...)
NOT-FOR-US: Apache Superset
CVE-2021-3856
RESERVED
@@ -3387,8 +3659,7 @@ CVE-2021-41613
RESERVED
CVE-2021-41612
RESERVED
-CVE-2021-41611 [SQUID-2021:6 Improper Certificate Validation of TLS server
certificates]
- RESERVED
+CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before
5.2. When ...)
- squid 5.2-1
[bullseye] - squid <not-affected> (Vulnerable code introduced later)
[buster] - squid <not-affected> (Vulnerable code introduced later)
@@ -6345,7 +6616,7 @@ CVE-2021-40331
CVE-2021-3756
RESERVED
CVE-2021-3755
- RESERVED
+ REJECTED
CVE-2021-3754
RESERVED
CVE-2021-3753
@@ -10496,8 +10767,7 @@ CVE-2021-3701
NOTE:
https://github.com/ansible/ansible-runner/pull/742/commits/60b059f00409224acae1e417153a241c8591ad89
CVE-2021-3700
RESERVED
-CVE-2021-38562
- RESERVED
+CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4
before 4.4. ...)
- request-tracker5 <unfixed> (bug #995167)
- request-tracker4 4.4.4+dfsg-3 (bug #995175)
[bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u1
@@ -10818,40 +11088,40 @@ CVE-2021-38444
RESERVED
CVE-2021-38443
RESERVED
-CVE-2021-38442
- RESERVED
+CVE-2021-38442 (FATEK Automation WinProladder versions 3.30 and prior lacks
proper val ...)
+ TODO: check
CVE-2021-38441
RESERVED
-CVE-2021-38440
- RESERVED
+CVE-2021-38440 (FATEK Automation WinProladder versions 3.30 and prior is
vulnerable to ...)
+ TODO: check
CVE-2021-38439
RESERVED
-CVE-2021-38438
- RESERVED
+CVE-2021-38438 (A use after free vulnerability in FATEK Automation
WinProladder versio ...)
+ TODO: check
CVE-2021-38437
RESERVED
-CVE-2021-38436
- RESERVED
+CVE-2021-38436 (FATEK Automation WinProladder versions 3.30 and prior lacks
proper val ...)
+ TODO: check
CVE-2021-38435
RESERVED
-CVE-2021-38434
- RESERVED
+CVE-2021-38434 (FATEK Automation WinProladder versions 3.30 and prior lacks
proper val ...)
+ TODO: check
CVE-2021-38433
RESERVED
CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior
lacks pr ...)
NOT-FOR-US: FATEK Automation Communication Server
CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in
versions 9.0. ...)
NOT-FOR-US: Advantech
-CVE-2021-38430
- RESERVED
+CVE-2021-38430 (FATEK Automation WinProladder versions 3.30 and prior proper
validatio ...)
+ TODO: check
CVE-2021-38429
RESERVED
CVE-2021-38428
RESERVED
CVE-2021-38427
RESERVED
-CVE-2021-38426
- RESERVED
+CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks
proper val ...)
+ TODO: check
CVE-2021-38425
RESERVED
CVE-2021-38424
@@ -10924,8 +11194,8 @@ CVE-2021-38391 (A Blind SQL injection vulnerability
exists in the /DataHandler/A
NOT-FOR-US: Delta Electronics
CVE-2021-38390 (A Blind SQL injection vulnerability exists in the
/DataHandler/Handler ...)
NOT-FOR-US: Delta Electronics
-CVE-2021-38389
- RESERVED
+CVE-2021-38389 (Advantech WebAccess versions 9.02 and prior are vulnerable to
a stack- ...)
+ TODO: check
CVE-2021-38388 (Central Dogma allows privilege escalation with mirroring to
the intern ...)
NOT-FOR-US: Central Dogma
CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before
disconnect ...)
@@ -15410,8 +15680,8 @@ CVE-2021-36515
RESERVED
CVE-2021-36514
RESERVED
-CVE-2021-36513
- RESERVED
+CVE-2021-36513 (An issue was discovered in function sofia_handle_sip_i_notify
in sofia ...)
+ TODO: check
CVE-2021-36512
RESERVED
CVE-2021-36511
@@ -23665,8 +23935,8 @@ CVE-2021-33025
RESERVED
CVE-2021-33024
RESERVED
-CVE-2021-33023
- RESERVED
+CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to
a heap-b ...)
+ TODO: check
CVE-2021-33022
RESERVED
CVE-2021-33021
@@ -24728,8 +24998,7 @@ CVE-2021-32610 (In Archive_Tar before 1.4.14, symlinks
can refer to targets outs
NOTE: https://www.drupal.org/sa-core-2021-004
NOTE: https://pear.php.net/package/Archive_Tar/download/1.4.14/
NOTE:
https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4
(1.4.14)
-CVE-2021-32609
- RESERVED
+CVE-2021-32609 (Apache Superset up to and including 1.1 does not sanitize
titles corre ...)
NOT-FOR-US: Apache Superset
CVE-2021-32608 (An issue was discovered in Smartstore (aka SmartStoreNET)
through 4.1. ...)
NOT-FOR-US: Smartstore
@@ -32040,8 +32309,8 @@ CVE-2021-29880 (IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix
Pack 1 when using domains o
NOT-FOR-US: IBM
CVE-2021-29879
RESERVED
-CVE-2021-29878
- RESERVED
+CVE-2021-29878 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is
vulnera ...)
+ TODO: check
CVE-2021-29877
RESERVED
CVE-2021-29876
@@ -44639,8 +44908,8 @@ CVE-2021-24762
RESERVED
CVE-2021-24761
RESERVED
-CVE-2021-24760
- RESERVED
+CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1
does not ...)
+ TODO: check
CVE-2021-24759
RESERVED
CVE-2021-24758
@@ -44651,12 +44920,12 @@ CVE-2021-24756
RESERVED
CVE-2021-24755
RESERVED
-CVE-2021-24754
- RESERVED
+CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does
not valida ...)
+ TODO: check
CVE-2021-24753
RESERVED
-CVE-2021-24752
- RESERVED
+CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform
capability ...)
+ TODO: check
CVE-2021-24751
RESERVED
CVE-2021-24750
@@ -44673,30 +44942,30 @@ CVE-2021-24745
RESERVED
CVE-2021-24744
RESERVED
-CVE-2021-24743
- RESERVED
+CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2
allows use ...)
+ TODO: check
CVE-2021-24742
RESERVED
CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not
escape multip ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24740
- RESERVED
+CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape
some of it ...)
+ TODO: check
CVE-2021-24739
RESERVED
CVE-2021-24738
RESERVED
CVE-2021-24737 (The Comments – wpDiscuz WordPress plugin through 7.3.0
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24736
- RESERVED
-CVE-2021-24735
- RESERVED
-CVE-2021-24734
- RESERVED
+CVE-2021-24736 (The Easy Download Manager and File Sharing Plugin with
frontend file u ...)
+ TODO: check
+CVE-2021-24735 (The Compact WP Audio Player WordPress plugin before 1.9.7 does
not imp ...)
+ TODO: check
+CVE-2021-24734 (The Compact WP Audio Player WordPress plugin before 1.9.7 does
not esc ...)
+ TODO: check
CVE-2021-24733
RESERVED
-CVE-2021-24732
- RESERVED
+CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress – DearFlip
WordPress plu ...)
+ TODO: check
CVE-2021-24731
RESERVED
CVE-2021-24730
@@ -44755,8 +45024,8 @@ CVE-2021-24704
RESERVED
CVE-2021-24703
RESERVED
-CVE-2021-24702
- RESERVED
+CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not
properly sanit ...)
+ TODO: check
CVE-2021-24701
RESERVED
CVE-2021-24700
@@ -44791,8 +45060,8 @@ CVE-2021-24686
RESERVED
CVE-2021-24685
RESERVED
-CVE-2021-24684
- RESERVED
+CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before
1.4.12 a ...)
+ TODO: check
CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have
any CSR ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24682
@@ -44805,18 +45074,18 @@ CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway
for WooCommerce WordPress
NOT-FOR-US: WordPress plugin
CVE-2021-24678 (The CM Tooltip Glossary WordPress plugin before 3.9.21 does
not escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24677
- RESERVED
+CVE-2021-24677 (The Find My Blocks WordPress plugin before 3.4.0 does not have
authori ...)
+ TODO: check
CVE-2021-24676 (The Better Find and Replace WordPress plugin before 1.2.9 does
not esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24675
- RESERVED
+CVE-2021-24675 (The One User Avatar WordPress plugin before 2.3.7 does not
check for C ...)
+ TODO: check
CVE-2021-24674
RESERVED
CVE-2021-24673 (The Appointment Hour Booking WordPress plugin before 1.3.16
does not e ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24672
- RESERVED
+CVE-2021-24672 (The One User Avatar WordPress plugin before 2.3.7 does not
escape the ...)
+ TODO: check
CVE-2021-24671 (The MX Time Zone Clocks WordPress plugin before 3.4.1 does not
escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape
some short ...)
@@ -44875,8 +45144,8 @@ CVE-2021-24644
RESERVED
CVE-2021-24643 (The WP Map Block WordPress plugin before 1.2.3 does not escape
some at ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24642
- RESERVED
+CVE-2021-24642 (The Scroll Baner WordPress plugin through 1.0 does not have
CSRF check ...)
+ TODO: check
CVE-2021-24641
RESERVED
CVE-2021-24640 (The WordPress Slider Block Gutenslider plugin before 5.2.0
does not es ...)
@@ -44915,8 +45184,8 @@ CVE-2021-24624
RESERVED
CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk
WordPress ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24622
- RESERVED
+CVE-2021-24622 (The Customer Service Software & Support Ticket System
WordPress pl ...)
+ TODO: check
CVE-2021-24621 (The WP Courses LMS WordPress plugin before 2.0.44 does not
sanitise it ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24620 (The WordPress Simple Ecommerce Shopping Cart Plugin- Sell
products thr ...)
@@ -44925,18 +45194,18 @@ CVE-2021-24619 (The Per page add to head WordPress
plugin through 1.4.4 does not
NOT-FOR-US: WordPress plugin
CVE-2021-24618 (The Donate With QRCode WordPress plugin before 1.4.5 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24617
- RESERVED
+CVE-2021-24617 (The GamePress WordPress plugin through 1.1.0 does not escape
the op_ed ...)
+ TODO: check
CVE-2021-24616
RESERVED
-CVE-2021-24615
- RESERVED
+CVE-2021-24615 (The Wechat Reward WordPress plugin through 1.7 does not
sanitise or es ...)
+ TODO: check
CVE-2021-24614 (The Book appointment online WordPress plugin before 1.39 does
not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24613 (The Post Views Counter WordPress plugin before 1.3.5 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24612
- RESERVED
+CVE-2021-24612 (The Sociable WordPress plugin through 4.3.4.1 does not
sanitise or esc ...)
+ TODO: check
CVE-2021-24611 (The Keyword Meta WordPress plugin through 3.0 does not
sanitise of esc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24610 (The TranslatePress WordPress plugin before 2.0.9 does not
implement a ...)
@@ -44969,8 +45238,8 @@ CVE-2021-24597 (The You Shang WordPress plugin through
1.0.1 does not escape its
NOT-FOR-US: WordPress plugin
CVE-2021-24596 (The youForms for WordPress plugin through 1.0.5 does not
sanitise esca ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24595
- RESERVED
+CVE-2021-24595 (The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking
any CSR ...)
+ TODO: check
CVE-2021-24594
RESERVED
CVE-2021-24593 (The Business Hours Indicator WordPress plugin before 2.3.5
does not sa ...)
@@ -45127,8 +45396,8 @@ CVE-2021-24518 (The WPFront Notification Bar WordPress
plugin before 2.0.0.07176
NOT-FOR-US: WordPress plugin
CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms
WordPre ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24516
- RESERVED
+CVE-2021-24516 (The PlanSo Forms WordPress plugin through 2.6.3 does not
escape the ti ...)
+ TODO: check
CVE-2021-24515
RESERVED
CVE-2021-24514
@@ -45327,16 +45596,16 @@ CVE-2021-24418 (The Smooth Scroll Page Up/Down
Buttons WordPress plugin through
NOT-FOR-US: Wordpress plugin
CVE-2021-24417
RESERVED
-CVE-2021-24416
- RESERVED
-CVE-2021-24415
- RESERVED
+CVE-2021-24416 (The StreamCast – Radio Player for WordPress plugin
before 2.1.1 ...)
+ TODO: check
+CVE-2021-24415 (The Polo Video Gallery – Best wordpress video gallery
plugin Wor ...)
+ TODO: check
CVE-2021-24414
RESERVED
-CVE-2021-24413
- RESERVED
-CVE-2021-24412
- RESERVED
+CVE-2021-24413 (The Easy Twitter Feed WordPress plugin before 1.2 does not
sanitise or ...)
+ TODO: check
+CVE-2021-24412 (The Html5 Audio Player – Audio Player for WordPress
plugin befor ...)
+ TODO: check
CVE-2021-24411 (The Social Tape WordPress plugin through 1.0 does not have
CSRF checks ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24410 (The తెలుగు
బైబ&# ...)
@@ -47554,8 +47823,8 @@ CVE-2021-23451
RESERVED
CVE-2021-23450
RESERVED
-CVE-2021-23449
- RESERVED
+CVE-2021-23449 (This affects the package vm2 before 3.9.4. Prototype Pollution
attack ...)
+ TODO: check
CVE-2021-23448 (All versions of package config-handler are vulnerable to
Prototype Pol ...)
TODO: check
CVE-2021-23447 (This affects the package teddy before 0.5.9. A type confusion
vulnerab ...)
@@ -48606,8 +48875,8 @@ CVE-2021-22963 (A redirect vulnerability in the
fastify-static module version &l
TODO: check
CVE-2021-22962
RESERVED
-CVE-2021-22961
- RESERVED
+CVE-2021-22961 (A code injection vulnerability exists within the firewall
software of ...)
+ TODO: check
CVE-2021-22960 [HTTP Request Smuggling when parsing the body]
RESERVED
- nodejs 12.22.7~dfsg-1
@@ -48665,8 +48934,7 @@ CVE-2021-22944 (A vulnerability found in UniFi Protect
application V1.18.1 and e
NOT-FOR-US: UniFi Protect application
CVE-2021-22943 (A vulnerability found in UniFi Protect application V1.18.1 and
earlier ...)
NOT-FOR-US: UniFi Protect application
-CVE-2021-22942 [ossible Open Redirect in Host Authorization Middleware]
- RESERVED
+CVE-2021-22942 (A possible open redirect vulnerability in the Host
Authorization middl ...)
[experimental] - rails 2:6.1.4.1+dfsg-1
- rails <unfixed> (bug #992586)
[buster] - rails <not-affected> (Vulnerable code not present)
@@ -51502,10 +51770,10 @@ CVE-2021-21799 (Cross-site scripting vulnerabilities
exist in the telnet_form.ph
NOT-FOR-US: Advantech R-SeeNet
CVE-2021-21798 (An exploitable return of stack variable address vulnerability
exists i ...)
NOT-FOR-US: Nitro Pro PDF
-CVE-2021-21797
- RESERVED
-CVE-2021-21796
- RESERVED
+CVE-2021-21797 (An exploitable double-free vulnerability exists in the
JavaScript impl ...)
+ TODO: check
+CVE-2021-21796 (An exploitable use-after-free vulnerability exists in the
JavaScript i ...)
+ TODO: check
CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD
read_icc_ ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2021-21794 (An out-of-bounds write vulnerability exists in the TIF
bits_per_sample ...)
@@ -116510,8 +116778,8 @@ CVE-2020-8293 (A missing input validation in
Nextcloud Server before 20.0.2, 19.
- nextcloud-server <itp> (bug #941708)
CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self
cross-site scr ...)
NOT-FOR-US: Rocket.Chat
-CVE-2020-8291
- RESERVED
+CVE-2020-8291 (A link preview rendering issue in Rocket.Chat versions before
3.9 coul ...)
+ TODO: check
CVE-2020-8290 (Backblaze for Windows and Backblaze for macOS before 7.0.0.439
suffer ...)
NOT-FOR-US: Backblaze
CVE-2020-8289 (Backblaze for Windows before 7.0.1.433 and Backblaze for macOS
before ...)
@@ -439542,8 +439810,7 @@ CVE-2010-2498 (The psh_glyph_find_strong_points
function in pshinter/pshalgo.c i
CVE-2010-2497 (Integer underflow in glyph handling in FreeType before 2.4.0
allows re ...)
{DSA-2070-1}
- freetype 2.4.0-1
-CVE-2010-2496 [cluster-glue: passes the stonith parameters via the commandline
which could result in password leaks]
- RESERVED
+CVE-2010-2496 (stonith-ng in pacemaker and cluster-glue passed passwords as
commandli ...)
- cluster-glue 1.0.6-1
- pacemaker 1.1.13-1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=620781
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bfb4dc88ddafd27b60475a9ce96ad44c77b54ea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bfb4dc88ddafd27b60475a9ce96ad44c77b54ea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
