Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
538120a8 by security tracker role at 2022-02-01T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2022-24294
+ RESERVED
+CVE-2022-24293
+ RESERVED
+CVE-2022-24292
+ RESERVED
+CVE-2022-24291
+ RESERVED
+CVE-2022-24290
+ RESERVED
+CVE-2022-24289
+ RESERVED
+CVE-2022-24288
+ RESERVED
+CVE-2022-24287
+ RESERVED
+CVE-2022-21799
+ RESERVED
+CVE-2022-21173
+ RESERVED
+CVE-2022-0470
+ RESERVED
+CVE-2022-0469
+ RESERVED
+CVE-2022-0468
+ RESERVED
+CVE-2022-0467
+ RESERVED
+CVE-2022-0466
+ RESERVED
+CVE-2022-0465
+ RESERVED
+CVE-2022-0464
+ RESERVED
+CVE-2022-0463
+ RESERVED
+CVE-2022-0462
+ RESERVED
+CVE-2022-0461
+ RESERVED
+CVE-2022-0460
+ RESERVED
+CVE-2022-0459
+ RESERVED
+CVE-2022-0458
+ RESERVED
+CVE-2022-0457
+ RESERVED
+CVE-2022-0456
+ RESERVED
+CVE-2022-0455
+ RESERVED
+CVE-2022-0454
+ RESERVED
+CVE-2022-0453
+ RESERVED
+CVE-2022-0452
+ RESERVED
+CVE-2022-0451
+ RESERVED
+CVE-2022-0450
+ RESERVED
+CVE-2022-0449
+ RESERVED
+CVE-2022-0448
+ RESERVED
+CVE-2022-0447
+ RESERVED
+CVE-2022-0446
+ RESERVED
+CVE-2022-0445
+ RESERVED
+CVE-2022-0444
+ RESERVED
+CVE-2022-0443
+ RESERVED
+CVE-2022-0442
+ RESERVED
+CVE-2022-0441
+ RESERVED
+CVE-2022-0440
+ RESERVED
+CVE-2022-0439
+ RESERVED
+CVE-2022-0438
+ RESERVED
+CVE-2021-46670
+ RESERVED
CVE-2022-24286
RESERVED
CVE-2022-24285
@@ -213,18 +301,18 @@ CVE-2022-24225
RESERVED
CVE-2022-24224
RESERVED
-CVE-2022-24223
- RESERVED
-CVE-2022-24222
- RESERVED
-CVE-2022-24221
- RESERVED
-CVE-2022-24220
- RESERVED
-CVE-2022-24219
- RESERVED
-CVE-2022-24218
- RESERVED
+CVE-2022-24223 (AtomCMS v2.0 was discovered to contain a SQL injection
vulnerability v ...)
+ TODO: check
+CVE-2022-24222 (eliteCMS v1.0 was discovered to contain a SQL injection
vulnerability ...)
+ TODO: check
+CVE-2022-24221 (eliteCMS v1.0 was discovered to contain a SQL injection
vulnerability ...)
+ TODO: check
+CVE-2022-24220 (eliteCMS v1.0 was discovered to contain a SQL injection
vulnerability ...)
+ TODO: check
+CVE-2022-24219 (eliteCMS v1.0 was discovered to contain a SQL injection
vulnerability ...)
+ TODO: check
+CVE-2022-24218 (An issue in /admin/delete_image.php of eliteCMS v1.0 allows
attackers ...)
+ TODO: check
CVE-2022-24217
RESERVED
CVE-2022-24216
@@ -401,12 +489,12 @@ CVE-2022-24131
RESERVED
CVE-2022-21170
RESERVED
-CVE-2022-0419
- RESERVED
+CVE-2022-0419 (NULL Pointer Dereference in NPM radare2.js prior to 6.0.0. ...)
+ TODO: check
CVE-2022-0418
RESERVED
-CVE-2022-0417
- RESERVED
+CVE-2022-0417 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...)
+ TODO: check
CVE-2022-0416
RESERVED
CVE-2022-0415
@@ -457,7 +545,7 @@ CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2
allows an application
NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2
CVE-2022-0414 (Business Logic Errors in Packagist dolibarr/dolibarr prior to
16.0. ...)
- dolibarr <removed>
-CVE-2022-0413 (Use After Free in Conda vim prior to 8.2. ...)
+CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -494,7 +582,7 @@ CVE-2022-24113
RESERVED
CVE-2022-0409
RESERVED
-CVE-2022-0408 (Stack-based Buffer Overflow in Conda vim prior to 8.2. ...)
+CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -518,8 +606,8 @@ CVE-2022-0403
RESERVED
CVE-2022-0402
RESERVED
-CVE-2022-0401
- RESERVED
+CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12. ...)
+ TODO: check
CVE-2022-0400 [Out of bounds read in the smc protocol stack]
RESERVED
- linux <unfixed>
@@ -1840,6 +1928,7 @@ CVE-2022-23834
RESERVED
CVE-2022-23833
RESERVED
+ {DLA-2906-1}
- python-django <unfixed> (bug #1004752)
NOTE:
https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
NOTE:
https://github.com/django/django/commit/fc18f36c4ab94399366ca2f2007b3692559a6f23
(main)
@@ -2013,8 +2102,8 @@ CVE-2022-0322 [DoS in sctp_addto_chunk in
net/sctp/sm_make_chunk.c]
NOTE:
https://git.kernel.org/linus/a2d859e3fc97e79d907761550dbc03ff1b36479c (5.15-rc6)
CVE-2022-0321
RESERVED
-CVE-2022-0320
- RESERVED
+CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before
5.0.5 does ...)
+ TODO: check
CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -2377,20 +2466,19 @@ CVE-2022-23609
RESERVED
CVE-2022-23608
RESERVED
-CVE-2022-23607
- RESERVED
+CVE-2022-23607 (treq is an HTTP library inspired by requests but written on
top of Twi ...)
+ TODO: check
CVE-2022-23606
RESERVED
CVE-2022-23605
RESERVED
CVE-2022-23604
RESERVED
-CVE-2022-23603
- RESERVED
-CVE-2022-23602
- RESERVED
-CVE-2022-23601 [CSRF token missing in forms]
- RESERVED
+CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application
for use wi ...)
+ TODO: check
+CVE-2022-23602 (Nimforum is a lightweight alternative to Discourse written in
Nim. In ...)
+ TODO: check
+CVE-2022-23601 (Symfony is a PHP framework for web and console applications
and a set ...)
- symfony <not-affected> (Vulnerable code not present; no Debian
released version contained the vulnerable code)
NOTE:
https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms
NOTE:
https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50
@@ -2400,10 +2488,10 @@ CVE-2022-23599 (Products.ATContentTypes are the core
content types for Plone 2.1
NOT-FOR-US: Plone
CVE-2022-23598 (laminas-form is a package for validating and displaying simple
and com ...)
NOT-FOR-US: laminas-form
-CVE-2022-23597
- RESERVED
-CVE-2022-23596
- RESERVED
+CVE-2022-23597 (Element Desktop is a Matrix client for desktop platforms with
Element ...)
+ TODO: check
+CVE-2022-23596 (Junrar is an open source java RAR archive library. In affected
version ...)
+ TODO: check
CVE-2022-23595
RESERVED
CVE-2022-23594
@@ -3798,8 +3886,8 @@ CVE-2022-0222
RESERVED
CVE-2022-0221
RESERVED
-CVE-2022-0220
- RESERVED
+CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR
WordPress ...)
+ TODO: check
CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub
reposi ...)
NOT-FOR-US: jadx
CVE-2022-0218
@@ -4808,8 +4896,8 @@ CVE-2021-46255 (eyouCMS V1.5.5-UTF8-SP3_1 suffers from
Arbitrary file deletion d
NOT-FOR-US: eyouCMS
CVE-2021-46254
RESERVED
-CVE-2021-46253
- RESERVED
+CVE-2021-46253 (A cross-site scripting (XSS) vulnerability in the Create Post
function ...)
+ TODO: check
CVE-2021-46252
RESERVED
CVE-2021-46251
@@ -5138,6 +5226,7 @@ CVE-2022-22819
RESERVED
CVE-2022-22818
RESERVED
+ {DLA-2906-1}
- python-django <unfixed> (bug #1004752)
NOTE:
https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
NOTE:
https://github.com/django/django/commit/394517f07886495efcf79f95c7ee402a9437bd68
(main)
@@ -6748,8 +6837,8 @@ CVE-2021-46095
RESERVED
CVE-2021-46094
RESERVED
-CVE-2021-46093
- RESERVED
+CVE-2021-46093 (eliteCMS v1.0 is vulnerable to Insecure Permissions via
manage_uploads ...)
+ TODO: check
CVE-2021-46092
RESERVED
CVE-2021-46091
@@ -9230,8 +9319,8 @@ CVE-2021-45417 (AIDE before 0.17.4 allows local users to
obtain root privileges
- aide 0.17.4-1
NOTE:
https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc
(v0.17.4)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3
-CVE-2021-45416
- RESERVED
+CVE-2021-45416 (Reflected Cross-site scripting (XSS) vulnerability in
RosarioSIS 8.2.1 ...)
+ TODO: check
CVE-2021-45415
RESERVED
CVE-2021-45414
@@ -11523,8 +11612,8 @@ CVE-2021-44748
RESERVED
CVE-2021-44747
RESERVED
-CVE-2021-44746
- RESERVED
+CVE-2021-44746 (UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0
and prior ...)
+ TODO: check
CVE-2021-44745
RESERVED
CVE-2021-44744
@@ -12420,8 +12509,7 @@ CVE-2021-44464 (Vigilant Software Suite (Mastermed
Dashboard) version 2.0.1.3 co
NOT-FOR-US: Vigilant Software Suite (Mastermed Dashboard)
CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable
debug interf ...)
NOT-FOR-US: mySCADA myPRO
-CVE-2021-44451
- RESERVED
+CVE-2021-44451 (Apache Superset up to and including 1.3.2 allowed for
registered datab ...)
NOT-FOR-US: Apache Superset
CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All
versions < ...)
NOT-FOR-US: Siemens
@@ -14026,8 +14114,8 @@ CVE-2022-21689 (OnionShare is an open source tool that
lets you securely and ano
CVE-2022-21688 (OnionShare is an open source tool that lets you securely and
anonymous ...)
- onionshare <unfixed>
NOTE:
https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v
-CVE-2022-21687
- RESERVED
+CVE-2022-21687 (gh-ost is a triggerless online schema migration solution for
MySQL. Ve ...)
+ TODO: check
CVE-2022-21686 (PrestaShop is an Open Source e-commerce platform. Starting
with versio ...)
NOT-FOR-US: PrestaShop
CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to
commit ...)
@@ -14360,8 +14448,8 @@ CVE-2021-43860 (Flatpak is a Linux application
sandboxing and distribution frame
NOTE:
https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee
NOTE:
https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451
NOTE:
https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042
-CVE-2021-43859
- RESERVED
+CVE-2021-43859 (XStream is an open source java library to serialize objects to
XML and ...)
+ TODO: check
CVE-2021-43858 (MinIO is a Kubernetes native application for cloud storage.
Prior to v ...)
NOT-FOR-US: MinIO
CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy
prior to ...)
@@ -14389,8 +14477,8 @@ CVE-2021-43850 (Discourse is an open source platform
for community discussion. I
NOT-FOR-US: Discourse
CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single
and simpl ...)
NOT-FOR-US: cordova-plugin-fingerprint-aio
-CVE-2021-43848
- RESERVED
+CVE-2021-43848 (h2o is an open source http server. In code prior to the
`8c0eca3` comm ...)
+ TODO: check
CVE-2021-43847 (HumHub is an open-source social network kit written in PHP.
Prior to H ...)
NOT-FOR-US: HumHub Social Network Kit Enterprise
CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus
e-commer ...)
@@ -16236,10 +16324,10 @@ CVE-2021-43512
RESERVED
CVE-2021-43511
RESERVED
-CVE-2021-43510
- RESERVED
-CVE-2021-43509
- RESERVED
+CVE-2021-43510 (SQL Injection vulnerability exists in Sourcecodester Simple
Client Man ...)
+ TODO: check
+CVE-2021-43509 (SQL Injection vulnerability exists in Sourcecodester Simple
Client Man ...)
+ TODO: check
CVE-2021-43508
RESERVED
CVE-2021-43507
@@ -23118,8 +23206,7 @@ CVE-2021-3827
NOT-FOR-US: Keycloak
CVE-2021-41572
RESERVED
-CVE-2021-41571
- RESERVED
+CVE-2021-41571 (In Apache Pulsar it is possible to access data from BookKeeper
that do ...)
NOT-FOR-US: Apache Pulsar
CVE-2021-41570
RESERVED
@@ -24438,8 +24525,8 @@ CVE-2021-41042
RESERVED
CVE-2021-41041
RESERVED
-CVE-2021-41040
- RESERVED
+CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14,
the CoA ...)
+ TODO: check
CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5
client conn ...)
- mosquitto <unfixed> (bug #1001028)
[buster] - mosquitto <not-affected> (Vulnerable code introduced later)
@@ -30453,8 +30540,8 @@ CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2
before 4.2.17, 4.4 befor
NOTE:
https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f
(rt-4.2.17)
CVE-2021-38561
RESERVED
-CVE-2021-38560
- RESERVED
+CVE-2021-38560 (Ivanti Service Manager 2021.1 allows reflected XSS via the
appName par ...)
+ TODO: check
CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in
prenota.php ...)
- hoteldruid 3.0.3-1
[bullseye] - hoteldruid <no-dsa> (Minor issue)
@@ -64595,32 +64682,32 @@ CVE-2021-25099
RESERVED
CVE-2021-25098
RESERVED
-CVE-2021-25097
- RESERVED
+CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper
authori ...)
+ TODO: check
CVE-2021-25096
RESERVED
CVE-2021-25095
RESERVED
CVE-2021-25094
RESERVED
-CVE-2021-25093
- RESERVED
-CVE-2021-25092
- RESERVED
-CVE-2021-25091
- RESERVED
+CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have
authorisa ...)
+ TODO: check
+CVE-2021-25092 (The Link Library WordPress plugin before 7.2.8 does not have
CSRF chec ...)
+ TODO: check
+CVE-2021-25091 (The Link Library WordPress plugin before 7.2.9 does not
sanitise and e ...)
+ TODO: check
CVE-2021-25090
RESERVED
-CVE-2021-25089
- RESERVED
+CVE-2021-25089 (The UpdraftPlus WordPress Backup Plugin WordPress plugin
before 1.16.6 ...)
+ TODO: check
CVE-2021-25088
RESERVED
CVE-2021-25087
RESERVED
CVE-2021-25086
RESERVED
-CVE-2021-25085
- RESERVED
+CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and
escape ...)
+ TODO: check
CVE-2021-25084
RESERVED
CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin
before 2.7. ...)
@@ -64645,8 +64732,8 @@ CVE-2021-25074 (The WebP Converter for Media WordPress
plugin before 4.0.3 conta
NOT-FOR-US: WordPress plugin
CVE-2021-25073 (The WP125 WordPress plugin before 1.5.5 does not have CSRF
checks in v ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25072
- RESERVED
+CVE-2021-25072 (The NextScripts: Social Networks Auto-Poster WordPress plugin
before 4 ...)
+ TODO: check
CVE-2021-25071
RESERVED
CVE-2021-25070
@@ -64663,8 +64750,8 @@ CVE-2021-25065 (The Smash Balloon Social Post Feed
WordPress plugin before 4.1.1
NOT-FOR-US: WordPress plugin
CVE-2021-25064
RESERVED
-CVE-2021-25063
- RESERVED
+CVE-2021-25063 (The Contact Form 7 Skins WordPress plugin through 2.5.0 does
not sanit ...)
+ TODO: check
CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before
1.1.10 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was
affected by a ...)
@@ -64823,8 +64910,8 @@ CVE-2021-24985 (The Easy Forms for Mailchimp WordPress
plugin before 6.8.6 does
NOT-FOR-US: WordPress plugin
CVE-2021-24984 (The WPFront User Role Editor WordPress plugin before
3.2.1.11184 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24983
- RESERVED
+CVE-2021-24983 (The Asset CleanUp: Page Speed Booster WordPress plugin before
1.3.8.5 ...)
+ TODO: check
CVE-2021-24982
RESERVED
CVE-2021-24981 (The Directorist WordPress plugin before 7.0.6.2 was vulnerable
to Cros ...)
@@ -64839,8 +64926,8 @@ CVE-2021-24977
RESERVED
CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24975
- RESERVED
+CVE-2021-24975 (The NextScripts: Social Networks Auto-Poster WordPress plugin
before 4 ...)
+ TODO: check
CVE-2021-24974 (The Product Feed PRO for WooCommerce WordPress plugin before
11.0.7 do ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24973 (The Site Reviews WordPress plugin before 5.17.3 does not
sanitise and ...)
@@ -64901,8 +64988,8 @@ CVE-2021-24946 (The Modern Events Calendar Lite
WordPress plugin before 6.1.5 do
NOT-FOR-US: WordPress plugin
CVE-2021-24945 (The Like Button Rating ♥ LikeBtn WordPress plugin before
2.6.38 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24944
- RESERVED
+CVE-2021-24944 (The Custom Dashboard & Login Page WordPress plugin before
7.0 does ...)
+ TODO: check
CVE-2021-24943 (The Registrations for the Events Calendar WordPress plugin
before 2.7. ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24942
@@ -64915,14 +65002,14 @@ CVE-2021-24939 (The LoginWP (Formerly Peter's Login
Redirect) WordPress plugin b
NOT-FOR-US: WordPress plugin
CVE-2021-24938 (The WOOCS WordPress plugin before 1.3.7.1 does not sanitise
and escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24937
- RESERVED
+CVE-2021-24937 (The Asset CleanUp: Page Speed Booster WordPress plugin before
1.3.8.5 ...)
+ TODO: check
CVE-2021-24936 (The WP Extra File Types WordPress plugin before 0.5.1 does not
have CS ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24935 (The WP Google Fonts WordPress plugin before 3.1.5 does not
escape the ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24934
- RESERVED
+CVE-2021-24934 (The Visual CSS Style Editor WordPress plugin before 7.5.4 does
not san ...)
+ TODO: check
CVE-2021-24933
RESERVED
CVE-2021-24932 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin
before ...)
@@ -64937,8 +65024,8 @@ CVE-2021-24928
RESERVED
CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24926
- RESERVED
+CVE-2021-24926 (The Domain Check WordPress plugin before 1.0.17 does not
sanitise and ...)
+ TODO: check
CVE-2021-24925 (The Modern Events Calendar Lite WordPress plugin before 6.1.5
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24924 (The Email Log WordPress plugin before 2.4.8 does not escape
the d para ...)
@@ -64951,8 +65038,8 @@ CVE-2021-24921
RESERVED
CVE-2021-24920
RESERVED
-CVE-2021-24919
- RESERVED
+CVE-2021-24919 (The Wicked Folders WordPress plugin before 2.8.10 does not
sanitise an ...)
+ TODO: check
CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before
4.0.1 did n ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24917 (The WPS Hide Login WordPress plugin before 1.9.1 has a bug
which allow ...)
@@ -64989,8 +65076,8 @@ CVE-2021-24902 (The Typebot | Build beautiful
conversational forms WordPress plu
NOT-FOR-US: WordPress plugin
CVE-2021-24901
RESERVED
-CVE-2021-24900
- RESERVED
+CVE-2021-24900 (The Ninja Tables WordPress plugin before 4.1.8 does not
sanitise and e ...)
+ TODO: check
CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24898
@@ -65053,8 +65140,8 @@ CVE-2021-24870
RESERVED
CVE-2021-24869
RESERVED
-CVE-2021-24868
- RESERVED
+CVE-2021-24868 (The Document Embedder WordPress plugin before 1.7.9 contains a
AJAX ac ...)
+ TODO: check
CVE-2021-24867
RESERVED
CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not
properly san ...)
@@ -65161,8 +65248,8 @@ CVE-2021-24816 (The Phoenix Media Rename WordPress
plugin before 3.4.4 does not
NOT-FOR-US: WordPress plugin
CVE-2021-24815 (The Accept Donations with PayPal WordPress plugin before 1.3.2
does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24814
- RESERVED
+CVE-2021-24814 (The check_privacy_settings AJAX action of the WordPress GDPR
WordPress ...)
+ TODO: check
CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not
sanitise and es ...)
@@ -65239,8 +65326,8 @@ CVE-2021-24777
RESERVED
CVE-2021-24776 (The WP Performance Score Booster WordPress plugin before 2.1
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24775
- RESERVED
+CVE-2021-24775 (The Document Embedder WordPress plugin before 1.7.5 contains a
REST en ...)
+ TODO: check
CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does
not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24773 (The WordPress Download Manager WordPress plugin before 3.2.16
does not ...)
@@ -65259,16 +65346,16 @@ CVE-2021-24767 (The Redirect 404 Error Page to
Homepage or Custom Page with Logs
NOT-FOR-US: WordPress plugin
CVE-2021-24766 (The 404 to 301 – Redirect, Log and Notify 404 Errors
WordPress p ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24765
- RESERVED
-CVE-2021-24764
- RESERVED
-CVE-2021-24763
- RESERVED
-CVE-2021-24762
- RESERVED
-CVE-2021-24761
- RESERVED
+CVE-2021-24765 (The Perfect Survey WordPress plugin through 1.5.2 does not
validate an ...)
+ TODO: check
+CVE-2021-24764 (The Perfect Survey WordPress plugin before 1.5.2 does not
sanitise and ...)
+ TODO: check
+CVE-2021-24763 (The Perfect Survey WordPress plugin before 1.5.2 does not have
proper ...)
+ TODO: check
+CVE-2021-24762 (The Perfect Survey WordPress plugin before 1.5.2 does not
validate and ...)
+ TODO: check
+CVE-2021-24761 (The Error Log Viewer WordPress plugin through 1.1.1 does not
perform n ...)
+ TODO: check
CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24759 (The PDF.js Viewer WordPress plugin before 2.0.2 does not
escape some o ...)
@@ -65375,8 +65462,8 @@ CVE-2021-24709 (The Weather Effect WordPress plugin
before 1.3.6 does not proper
NOT-FOR-US: WordPress plugin
CVE-2021-24708 (The Export any WordPress data to XML/CSV WordPress plugin
before 1.3.1 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24707
- RESERVED
+CVE-2021-24707 (The Learning Courses WordPress plugin before 5.0 does not
sanitise and ...)
+ TODO: check
CVE-2021-24706 (The Qwizcards – online quizzes and flashcards WordPress
plugin b ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24705 (The NEX-Forms WordPress plugin through 7.9.4 does not escape
some of i ...)
@@ -65417,8 +65504,8 @@ CVE-2021-24688
RESERVED
CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2
does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24686
- RESERVED
+CVE-2021-24686 (The SVG Support WordPress plugin before 2.3.20 does not escape
the "CS ...)
+ TODO: check
CVE-2021-24685 (The Flat Preloader WordPress plugin before 1.5.4 does not
enforce nonc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before
1.4.12 a ...)
@@ -65493,8 +65580,8 @@ CVE-2021-24650
RESERVED
CVE-2021-24649
RESERVED
-CVE-2021-24648
- RESERVED
+CVE-2021-24648 (The RegistrationMagic WordPress plugin before 5.0.1.9 does not
sanitis ...)
+ TODO: check
CVE-2021-24647 (The Registration Forms – User profile, Content
Restriction, Spam ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24646 (The Booking.com Banner Creator WordPress plugin before 1.4.3
does not ...)
@@ -136827,8 +136914,7 @@ CVE-2020-8563 (In Kubernetes clusters using VSphere
as a cloud provider, with a
NOTE: https://github.com/kubernetes/kubernetes/pull/95236
NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk
NOTE: https://github.com/kubernetes/kubernetes/issues/95621
-CVE-2020-8562
- RESERVED
+CVE-2020-8562 (As mitigations to a report from 2019 and CVE-2020-8555,
Kubernetes att ...)
- kubernetes <unfixed> (bug #990793)
[bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only
ships the client)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/8
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/538120a82f99bea10bf5d80502f4bb28518f285e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/538120a82f99bea10bf5d80502f4bb28518f285e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
