Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 538120a8 by security tracker role at 2022-02-01T20:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,91 @@ +CVE-2022-24294 + RESERVED +CVE-2022-24293 + RESERVED +CVE-2022-24292 + RESERVED +CVE-2022-24291 + RESERVED +CVE-2022-24290 + RESERVED +CVE-2022-24289 + RESERVED +CVE-2022-24288 + RESERVED +CVE-2022-24287 + RESERVED +CVE-2022-21799 + RESERVED +CVE-2022-21173 + RESERVED +CVE-2022-0470 + RESERVED +CVE-2022-0469 + RESERVED +CVE-2022-0468 + RESERVED +CVE-2022-0467 + RESERVED +CVE-2022-0466 + RESERVED +CVE-2022-0465 + RESERVED +CVE-2022-0464 + RESERVED +CVE-2022-0463 + RESERVED +CVE-2022-0462 + RESERVED +CVE-2022-0461 + RESERVED +CVE-2022-0460 + RESERVED +CVE-2022-0459 + RESERVED +CVE-2022-0458 + RESERVED +CVE-2022-0457 + RESERVED +CVE-2022-0456 + RESERVED +CVE-2022-0455 + RESERVED +CVE-2022-0454 + RESERVED +CVE-2022-0453 + RESERVED +CVE-2022-0452 + RESERVED +CVE-2022-0451 + RESERVED +CVE-2022-0450 + RESERVED +CVE-2022-0449 + RESERVED +CVE-2022-0448 + RESERVED +CVE-2022-0447 + RESERVED +CVE-2022-0446 + RESERVED +CVE-2022-0445 + RESERVED +CVE-2022-0444 + RESERVED +CVE-2022-0443 + RESERVED +CVE-2022-0442 + RESERVED +CVE-2022-0441 + RESERVED +CVE-2022-0440 + RESERVED +CVE-2022-0439 + RESERVED +CVE-2022-0438 + RESERVED +CVE-2021-46670 + RESERVED CVE-2022-24286 RESERVED CVE-2022-24285 @@ -213,18 +301,18 @@ CVE-2022-24225 RESERVED CVE-2022-24224 RESERVED -CVE-2022-24223 - RESERVED -CVE-2022-24222 - RESERVED -CVE-2022-24221 - RESERVED -CVE-2022-24220 - RESERVED -CVE-2022-24219 - RESERVED -CVE-2022-24218 - RESERVED +CVE-2022-24223 (AtomCMS v2.0 was discovered to contain a SQL injection vulnerability v ...) + TODO: check +CVE-2022-24222 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) + TODO: check +CVE-2022-24221 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) + TODO: check +CVE-2022-24220 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) + TODO: check +CVE-2022-24219 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) + TODO: check +CVE-2022-24218 (An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers ...) + TODO: check CVE-2022-24217 RESERVED CVE-2022-24216 @@ -401,12 +489,12 @@ CVE-2022-24131 RESERVED CVE-2022-21170 RESERVED -CVE-2022-0419 - RESERVED +CVE-2022-0419 (NULL Pointer Dereference in NPM radare2.js prior to 6.0.0. ...) + TODO: check CVE-2022-0418 RESERVED -CVE-2022-0417 - RESERVED +CVE-2022-0417 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...) + TODO: check CVE-2022-0416 RESERVED CVE-2022-0415 @@ -457,7 +545,7 @@ CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2 allows an application NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2 CVE-2022-0414 (Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. ...) - dolibarr <removed> -CVE-2022-0413 (Use After Free in Conda vim prior to 8.2. ...) +CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) @@ -494,7 +582,7 @@ CVE-2022-24113 RESERVED CVE-2022-0409 RESERVED -CVE-2022-0408 (Stack-based Buffer Overflow in Conda vim prior to 8.2. ...) +CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) @@ -518,8 +606,8 @@ CVE-2022-0403 RESERVED CVE-2022-0402 RESERVED -CVE-2022-0401 - RESERVED +CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12. ...) + TODO: check CVE-2022-0400 [Out of bounds read in the smc protocol stack] RESERVED - linux <unfixed> @@ -1840,6 +1928,7 @@ CVE-2022-23834 RESERVED CVE-2022-23833 RESERVED + {DLA-2906-1} - python-django <unfixed> (bug #1004752) NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/ NOTE: https://github.com/django/django/commit/fc18f36c4ab94399366ca2f2007b3692559a6f23 (main) @@ -2013,8 +2102,8 @@ CVE-2022-0322 [DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c] NOTE: https://git.kernel.org/linus/a2d859e3fc97e79d907761550dbc03ff1b36479c (5.15-rc6) CVE-2022-0321 RESERVED -CVE-2022-0320 - RESERVED +CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before 5.0.5 does ...) + TODO: check CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2. ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) @@ -2377,20 +2466,19 @@ CVE-2022-23609 RESERVED CVE-2022-23608 RESERVED -CVE-2022-23607 - RESERVED +CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top of Twi ...) + TODO: check CVE-2022-23606 RESERVED CVE-2022-23605 RESERVED CVE-2022-23604 RESERVED -CVE-2022-23603 - RESERVED -CVE-2022-23602 - RESERVED -CVE-2022-23601 [CSRF token missing in forms] - RESERVED +CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...) + TODO: check +CVE-2022-23602 (Nimforum is a lightweight alternative to Discourse written in Nim. In ...) + TODO: check +CVE-2022-23601 (Symfony is a PHP framework for web and console applications and a set ...) - symfony <not-affected> (Vulnerable code not present; no Debian released version contained the vulnerable code) NOTE: https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms NOTE: https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50 @@ -2400,10 +2488,10 @@ CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone 2.1 NOT-FOR-US: Plone CVE-2022-23598 (laminas-form is a package for validating and displaying simple and com ...) NOT-FOR-US: laminas-form -CVE-2022-23597 - RESERVED -CVE-2022-23596 - RESERVED +CVE-2022-23597 (Element Desktop is a Matrix client for desktop platforms with Element ...) + TODO: check +CVE-2022-23596 (Junrar is an open source java RAR archive library. In affected version ...) + TODO: check CVE-2022-23595 RESERVED CVE-2022-23594 @@ -3798,8 +3886,8 @@ CVE-2022-0222 RESERVED CVE-2022-0221 RESERVED -CVE-2022-0220 - RESERVED +CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR WordPress ...) + TODO: check CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...) NOT-FOR-US: jadx CVE-2022-0218 @@ -4808,8 +4896,8 @@ CVE-2021-46255 (eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion d NOT-FOR-US: eyouCMS CVE-2021-46254 RESERVED -CVE-2021-46253 - RESERVED +CVE-2021-46253 (A cross-site scripting (XSS) vulnerability in the Create Post function ...) + TODO: check CVE-2021-46252 RESERVED CVE-2021-46251 @@ -5138,6 +5226,7 @@ CVE-2022-22819 RESERVED CVE-2022-22818 RESERVED + {DLA-2906-1} - python-django <unfixed> (bug #1004752) NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/ NOTE: https://github.com/django/django/commit/394517f07886495efcf79f95c7ee402a9437bd68 (main) @@ -6748,8 +6837,8 @@ CVE-2021-46095 RESERVED CVE-2021-46094 RESERVED -CVE-2021-46093 - RESERVED +CVE-2021-46093 (eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads ...) + TODO: check CVE-2021-46092 RESERVED CVE-2021-46091 @@ -9230,8 +9319,8 @@ CVE-2021-45417 (AIDE before 0.17.4 allows local users to obtain root privileges - aide 0.17.4-1 NOTE: https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc (v0.17.4) NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3 -CVE-2021-45416 - RESERVED +CVE-2021-45416 (Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 ...) + TODO: check CVE-2021-45415 RESERVED CVE-2021-45414 @@ -11523,8 +11612,8 @@ CVE-2021-44748 RESERVED CVE-2021-44747 RESERVED -CVE-2021-44746 - RESERVED +CVE-2021-44746 (UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior ...) + TODO: check CVE-2021-44745 RESERVED CVE-2021-44744 @@ -12420,8 +12509,7 @@ CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 co NOT-FOR-US: Vigilant Software Suite (Mastermed Dashboard) CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...) NOT-FOR-US: mySCADA myPRO -CVE-2021-44451 - RESERVED +CVE-2021-44451 (Apache Superset up to and including 1.3.2 allowed for registered datab ...) NOT-FOR-US: Apache Superset CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All versions < ...) NOT-FOR-US: Siemens @@ -14026,8 +14114,8 @@ CVE-2022-21689 (OnionShare is an open source tool that lets you securely and ano CVE-2022-21688 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare <unfixed> NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v -CVE-2022-21687 - RESERVED +CVE-2022-21687 (gh-ost is a triggerless online schema migration solution for MySQL. Ve ...) + TODO: check CVE-2022-21686 (PrestaShop is an Open Source e-commerce platform. Starting with versio ...) NOT-FOR-US: PrestaShop CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...) @@ -14360,8 +14448,8 @@ CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution frame NOTE: https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee NOTE: https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451 NOTE: https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042 -CVE-2021-43859 - RESERVED +CVE-2021-43859 (XStream is an open source java library to serialize objects to XML and ...) + TODO: check CVE-2021-43858 (MinIO is a Kubernetes native application for cloud storage. Prior to v ...) NOT-FOR-US: MinIO CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy prior to ...) @@ -14389,8 +14477,8 @@ CVE-2021-43850 (Discourse is an open source platform for community discussion. I NOT-FOR-US: Discourse CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single and simpl ...) NOT-FOR-US: cordova-plugin-fingerprint-aio -CVE-2021-43848 - RESERVED +CVE-2021-43848 (h2o is an open source http server. In code prior to the `8c0eca3` comm ...) + TODO: check CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prior to H ...) NOT-FOR-US: HumHub Social Network Kit Enterprise CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...) @@ -16236,10 +16324,10 @@ CVE-2021-43512 RESERVED CVE-2021-43511 RESERVED -CVE-2021-43510 - RESERVED -CVE-2021-43509 - RESERVED +CVE-2021-43510 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...) + TODO: check +CVE-2021-43509 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...) + TODO: check CVE-2021-43508 RESERVED CVE-2021-43507 @@ -23118,8 +23206,7 @@ CVE-2021-3827 NOT-FOR-US: Keycloak CVE-2021-41572 RESERVED -CVE-2021-41571 - RESERVED +CVE-2021-41571 (In Apache Pulsar it is possible to access data from BookKeeper that do ...) NOT-FOR-US: Apache Pulsar CVE-2021-41570 RESERVED @@ -24438,8 +24525,8 @@ CVE-2021-41042 RESERVED CVE-2021-41041 RESERVED -CVE-2021-41040 - RESERVED +CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoA ...) + TODO: check CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client conn ...) - mosquitto <unfixed> (bug #1001028) [buster] - mosquitto <not-affected> (Vulnerable code introduced later) @@ -30453,8 +30540,8 @@ CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 befor NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.2.17) CVE-2021-38561 RESERVED -CVE-2021-38560 - RESERVED +CVE-2021-38560 (Ivanti Service Manager 2021.1 allows reflected XSS via the appName par ...) + TODO: check CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php ...) - hoteldruid 3.0.3-1 [bullseye] - hoteldruid <no-dsa> (Minor issue) @@ -64595,32 +64682,32 @@ CVE-2021-25099 RESERVED CVE-2021-25098 RESERVED -CVE-2021-25097 - RESERVED +CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper authori ...) + TODO: check CVE-2021-25096 RESERVED CVE-2021-25095 RESERVED CVE-2021-25094 RESERVED -CVE-2021-25093 - RESERVED -CVE-2021-25092 - RESERVED -CVE-2021-25091 - RESERVED +CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have authorisa ...) + TODO: check +CVE-2021-25092 (The Link Library WordPress plugin before 7.2.8 does not have CSRF chec ...) + TODO: check +CVE-2021-25091 (The Link Library WordPress plugin before 7.2.9 does not sanitise and e ...) + TODO: check CVE-2021-25090 RESERVED -CVE-2021-25089 - RESERVED +CVE-2021-25089 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...) + TODO: check CVE-2021-25088 RESERVED CVE-2021-25087 RESERVED CVE-2021-25086 RESERVED -CVE-2021-25085 - RESERVED +CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape ...) + TODO: check CVE-2021-25084 RESERVED CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...) @@ -64645,8 +64732,8 @@ CVE-2021-25074 (The WebP Converter for Media WordPress plugin before 4.0.3 conta NOT-FOR-US: WordPress plugin CVE-2021-25073 (The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in v ...) NOT-FOR-US: WordPress plugin -CVE-2021-25072 - RESERVED +CVE-2021-25072 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...) + TODO: check CVE-2021-25071 RESERVED CVE-2021-25070 @@ -64663,8 +64750,8 @@ CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 NOT-FOR-US: WordPress plugin CVE-2021-25064 RESERVED -CVE-2021-25063 - RESERVED +CVE-2021-25063 (The Contact Form 7 Skins WordPress plugin through 2.5.0 does not sanit ...) + TODO: check CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 doe ...) NOT-FOR-US: WordPress plugin CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was affected by a ...) @@ -64823,8 +64910,8 @@ CVE-2021-24985 (The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does NOT-FOR-US: WordPress plugin CVE-2021-24984 (The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does ...) NOT-FOR-US: WordPress plugin -CVE-2021-24983 - RESERVED +CVE-2021-24983 (The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 ...) + TODO: check CVE-2021-24982 RESERVED CVE-2021-24981 (The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cros ...) @@ -64839,8 +64926,8 @@ CVE-2021-24977 RESERVED CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and ...) NOT-FOR-US: WordPress plugin -CVE-2021-24975 - RESERVED +CVE-2021-24975 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...) + TODO: check CVE-2021-24974 (The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 do ...) NOT-FOR-US: WordPress plugin CVE-2021-24973 (The Site Reviews WordPress plugin before 5.17.3 does not sanitise and ...) @@ -64901,8 +64988,8 @@ CVE-2021-24946 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 do NOT-FOR-US: WordPress plugin CVE-2021-24945 (The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 ...) NOT-FOR-US: WordPress plugin -CVE-2021-24944 - RESERVED +CVE-2021-24944 (The Custom Dashboard & Login Page WordPress plugin before 7.0 does ...) + TODO: check CVE-2021-24943 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...) NOT-FOR-US: WordPress plugin CVE-2021-24942 @@ -64915,14 +65002,14 @@ CVE-2021-24939 (The LoginWP (Formerly Peter's Login Redirect) WordPress plugin b NOT-FOR-US: WordPress plugin CVE-2021-24938 (The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin -CVE-2021-24937 - RESERVED +CVE-2021-24937 (The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 ...) + TODO: check CVE-2021-24936 (The WP Extra File Types WordPress plugin before 0.5.1 does not have CS ...) NOT-FOR-US: WordPress plugin CVE-2021-24935 (The WP Google Fonts WordPress plugin before 3.1.5 does not escape the ...) NOT-FOR-US: WordPress plugin -CVE-2021-24934 - RESERVED +CVE-2021-24934 (The Visual CSS Style Editor WordPress plugin before 7.5.4 does not san ...) + TODO: check CVE-2021-24933 RESERVED CVE-2021-24932 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before ...) @@ -64937,8 +65024,8 @@ CVE-2021-24928 RESERVED CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...) NOT-FOR-US: WordPress plugin -CVE-2021-24926 - RESERVED +CVE-2021-24926 (The Domain Check WordPress plugin before 1.0.17 does not sanitise and ...) + TODO: check CVE-2021-24925 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-24924 (The Email Log WordPress plugin before 2.4.8 does not escape the d para ...) @@ -64951,8 +65038,8 @@ CVE-2021-24921 RESERVED CVE-2021-24920 RESERVED -CVE-2021-24919 - RESERVED +CVE-2021-24919 (The Wicked Folders WordPress plugin before 2.8.10 does not sanitise an ...) + TODO: check CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did n ...) NOT-FOR-US: WordPress plugin CVE-2021-24917 (The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allow ...) @@ -64989,8 +65076,8 @@ CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress plu NOT-FOR-US: WordPress plugin CVE-2021-24901 RESERVED -CVE-2021-24900 - RESERVED +CVE-2021-24900 (The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and e ...) + TODO: check CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2021-24898 @@ -65053,8 +65140,8 @@ CVE-2021-24870 RESERVED CVE-2021-24869 RESERVED -CVE-2021-24868 - RESERVED +CVE-2021-24868 (The Document Embedder WordPress plugin before 1.7.9 contains a AJAX ac ...) + TODO: check CVE-2021-24867 RESERVED CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not properly san ...) @@ -65161,8 +65248,8 @@ CVE-2021-24816 (The Phoenix Media Rename WordPress plugin before 3.4.4 does not NOT-FOR-US: WordPress plugin CVE-2021-24815 (The Accept Donations with PayPal WordPress plugin before 1.3.2 does no ...) NOT-FOR-US: WordPress plugin -CVE-2021-24814 - RESERVED +CVE-2021-24814 (The check_privacy_settings AJAX action of the WordPress GDPR WordPress ...) + TODO: check CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not sanitise and es ...) @@ -65239,8 +65326,8 @@ CVE-2021-24777 RESERVED CVE-2021-24776 (The WP Performance Score Booster WordPress plugin before 2.1 does not ...) NOT-FOR-US: WordPress plugin -CVE-2021-24775 - RESERVED +CVE-2021-24775 (The Document Embedder WordPress plugin before 1.7.5 contains a REST en ...) + TODO: check CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2021-24773 (The WordPress Download Manager WordPress plugin before 3.2.16 does not ...) @@ -65259,16 +65346,16 @@ CVE-2021-24767 (The Redirect 404 Error Page to Homepage or Custom Page with Logs NOT-FOR-US: WordPress plugin CVE-2021-24766 (The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress p ...) NOT-FOR-US: WordPress plugin -CVE-2021-24765 - RESERVED -CVE-2021-24764 - RESERVED -CVE-2021-24763 - RESERVED -CVE-2021-24762 - RESERVED -CVE-2021-24761 - RESERVED +CVE-2021-24765 (The Perfect Survey WordPress plugin through 1.5.2 does not validate an ...) + TODO: check +CVE-2021-24764 (The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and ...) + TODO: check +CVE-2021-24763 (The Perfect Survey WordPress plugin before 1.5.2 does not have proper ...) + TODO: check +CVE-2021-24762 (The Perfect Survey WordPress plugin before 1.5.2 does not validate and ...) + TODO: check +CVE-2021-24761 (The Error Log Viewer WordPress plugin through 1.1.1 does not perform n ...) + TODO: check CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-24759 (The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some o ...) @@ -65375,8 +65462,8 @@ CVE-2021-24709 (The Weather Effect WordPress plugin before 1.3.6 does not proper NOT-FOR-US: WordPress plugin CVE-2021-24708 (The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 ...) NOT-FOR-US: WordPress plugin -CVE-2021-24707 - RESERVED +CVE-2021-24707 (The Learning Courses WordPress plugin before 5.0 does not sanitise and ...) + TODO: check CVE-2021-24706 (The Qwizcards – online quizzes and flashcards WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2021-24705 (The NEX-Forms WordPress plugin through 7.9.4 does not escape some of i ...) @@ -65417,8 +65504,8 @@ CVE-2021-24688 RESERVED CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 does no ...) NOT-FOR-US: WordPress plugin -CVE-2021-24686 - RESERVED +CVE-2021-24686 (The SVG Support WordPress plugin before 2.3.20 does not escape the "CS ...) + TODO: check CVE-2021-24685 (The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonc ...) NOT-FOR-US: WordPress plugin CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 a ...) @@ -65493,8 +65580,8 @@ CVE-2021-24650 RESERVED CVE-2021-24649 RESERVED -CVE-2021-24648 - RESERVED +CVE-2021-24648 (The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitis ...) + TODO: check CVE-2021-24647 (The Registration Forms – User profile, Content Restriction, Spam ...) NOT-FOR-US: WordPress plugin CVE-2021-24646 (The Booking.com Banner Creator WordPress plugin before 1.4.3 does not ...) @@ -136827,8 +136914,7 @@ CVE-2020-8563 (In Kubernetes clusters using VSphere as a cloud provider, with a NOTE: https://github.com/kubernetes/kubernetes/pull/95236 NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk NOTE: https://github.com/kubernetes/kubernetes/issues/95621 -CVE-2020-8562 - RESERVED +CVE-2020-8562 (As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes att ...) - kubernetes <unfixed> (bug #990793) [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client) NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/8 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/538120a82f99bea10bf5d80502f4bb28518f285e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/538120a82f99bea10bf5d80502f4bb28518f285e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits