Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f7e36a4e by security tracker role at 2021-08-16T20:10:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,507 @@
+CVE-2021-39108
+ RESERVED
+CVE-2021-39107
+ RESERVED
+CVE-2021-39106
+ RESERVED
+CVE-2021-39105
+ RESERVED
+CVE-2021-39104
+ RESERVED
+CVE-2021-39103
+ RESERVED
+CVE-2021-39102
+ RESERVED
+CVE-2021-39101
+ RESERVED
+CVE-2021-39100
+ RESERVED
+CVE-2021-39099
+ RESERVED
+CVE-2021-39098
+ RESERVED
+CVE-2021-39097
+ RESERVED
+CVE-2021-39096
+ RESERVED
+CVE-2021-39095
+ RESERVED
+CVE-2021-39094
+ RESERVED
+CVE-2021-39093
+ RESERVED
+CVE-2021-39092
+ RESERVED
+CVE-2021-39091
+ RESERVED
+CVE-2021-39090
+ RESERVED
+CVE-2021-39089
+ RESERVED
+CVE-2021-39088
+ RESERVED
+CVE-2021-39087
+ RESERVED
+CVE-2021-39086
+ RESERVED
+CVE-2021-39085
+ RESERVED
+CVE-2021-39084
+ RESERVED
+CVE-2021-39083
+ RESERVED
+CVE-2021-39082
+ RESERVED
+CVE-2021-39081
+ RESERVED
+CVE-2021-39080
+ RESERVED
+CVE-2021-39079
+ RESERVED
+CVE-2021-39078
+ RESERVED
+CVE-2021-39077
+ RESERVED
+CVE-2021-39076
+ RESERVED
+CVE-2021-39075
+ RESERVED
+CVE-2021-39074
+ RESERVED
+CVE-2021-39073
+ RESERVED
+CVE-2021-39072
+ RESERVED
+CVE-2021-39071
+ RESERVED
+CVE-2021-39070
+ RESERVED
+CVE-2021-39069
+ RESERVED
+CVE-2021-39068
+ RESERVED
+CVE-2021-39067
+ RESERVED
+CVE-2021-39066
+ RESERVED
+CVE-2021-39065
+ RESERVED
+CVE-2021-39064
+ RESERVED
+CVE-2021-39063
+ RESERVED
+CVE-2021-39062
+ RESERVED
+CVE-2021-39061
+ RESERVED
+CVE-2021-39060
+ RESERVED
+CVE-2021-39059
+ RESERVED
+CVE-2021-39058
+ RESERVED
+CVE-2021-39057
+ RESERVED
+CVE-2021-39056
+ RESERVED
+CVE-2021-39055
+ RESERVED
+CVE-2021-39054
+ RESERVED
+CVE-2021-39053
+ RESERVED
+CVE-2021-39052
+ RESERVED
+CVE-2021-39051
+ RESERVED
+CVE-2021-39050
+ RESERVED
+CVE-2021-39049
+ RESERVED
+CVE-2021-39048
+ RESERVED
+CVE-2021-39047
+ RESERVED
+CVE-2021-39046
+ RESERVED
+CVE-2021-39045
+ RESERVED
+CVE-2021-39044
+ RESERVED
+CVE-2021-39043
+ RESERVED
+CVE-2021-39042
+ RESERVED
+CVE-2021-39041
+ RESERVED
+CVE-2021-39040
+ RESERVED
+CVE-2021-39039
+ RESERVED
+CVE-2021-39038
+ RESERVED
+CVE-2021-39037
+ RESERVED
+CVE-2021-39036
+ RESERVED
+CVE-2021-39035
+ RESERVED
+CVE-2021-39034
+ RESERVED
+CVE-2021-39033
+ RESERVED
+CVE-2021-39032
+ RESERVED
+CVE-2021-39031
+ RESERVED
+CVE-2021-39030
+ RESERVED
+CVE-2021-39029
+ RESERVED
+CVE-2021-39028
+ RESERVED
+CVE-2021-39027
+ RESERVED
+CVE-2021-39026
+ RESERVED
+CVE-2021-39025
+ RESERVED
+CVE-2021-39024
+ RESERVED
+CVE-2021-39023
+ RESERVED
+CVE-2021-39022
+ RESERVED
+CVE-2021-39021
+ RESERVED
+CVE-2021-39020
+ RESERVED
+CVE-2021-39019
+ RESERVED
+CVE-2021-39018
+ RESERVED
+CVE-2021-39017
+ RESERVED
+CVE-2021-39016
+ RESERVED
+CVE-2021-39015
+ RESERVED
+CVE-2021-39014
+ RESERVED
+CVE-2021-39013
+ RESERVED
+CVE-2021-39012
+ RESERVED
+CVE-2021-39011
+ RESERVED
+CVE-2021-39010
+ RESERVED
+CVE-2021-39009
+ RESERVED
+CVE-2021-39008
+ RESERVED
+CVE-2021-39007
+ RESERVED
+CVE-2021-39006
+ RESERVED
+CVE-2021-39005
+ RESERVED
+CVE-2021-39004
+ RESERVED
+CVE-2021-39003
+ RESERVED
+CVE-2021-39002
+ RESERVED
+CVE-2021-39001
+ RESERVED
+CVE-2021-39000
+ RESERVED
+CVE-2021-38999
+ RESERVED
+CVE-2021-38998
+ RESERVED
+CVE-2021-38997
+ RESERVED
+CVE-2021-38996
+ RESERVED
+CVE-2021-38995
+ RESERVED
+CVE-2021-38994
+ RESERVED
+CVE-2021-38993
+ RESERVED
+CVE-2021-38992
+ RESERVED
+CVE-2021-38991
+ RESERVED
+CVE-2021-38990
+ RESERVED
+CVE-2021-38989
+ RESERVED
+CVE-2021-38988
+ RESERVED
+CVE-2021-38987
+ RESERVED
+CVE-2021-38986
+ RESERVED
+CVE-2021-38985
+ RESERVED
+CVE-2021-38984
+ RESERVED
+CVE-2021-38983
+ RESERVED
+CVE-2021-38982
+ RESERVED
+CVE-2021-38981
+ RESERVED
+CVE-2021-38980
+ RESERVED
+CVE-2021-38979
+ RESERVED
+CVE-2021-38978
+ RESERVED
+CVE-2021-38977
+ RESERVED
+CVE-2021-38976
+ RESERVED
+CVE-2021-38975
+ RESERVED
+CVE-2021-38974
+ RESERVED
+CVE-2021-38973
+ RESERVED
+CVE-2021-38972
+ RESERVED
+CVE-2021-38971
+ RESERVED
+CVE-2021-38970
+ RESERVED
+CVE-2021-38969
+ RESERVED
+CVE-2021-38968
+ RESERVED
+CVE-2021-38967
+ RESERVED
+CVE-2021-38966
+ RESERVED
+CVE-2021-38965
+ RESERVED
+CVE-2021-38964
+ RESERVED
+CVE-2021-38963
+ RESERVED
+CVE-2021-38962
+ RESERVED
+CVE-2021-38961
+ RESERVED
+CVE-2021-38960
+ RESERVED
+CVE-2021-38959
+ RESERVED
+CVE-2021-38958
+ RESERVED
+CVE-2021-38957
+ RESERVED
+CVE-2021-38956
+ RESERVED
+CVE-2021-38955
+ RESERVED
+CVE-2021-38954
+ RESERVED
+CVE-2021-38953
+ RESERVED
+CVE-2021-38952
+ RESERVED
+CVE-2021-38951
+ RESERVED
+CVE-2021-38950
+ RESERVED
+CVE-2021-38949
+ RESERVED
+CVE-2021-38948
+ RESERVED
+CVE-2021-38947
+ RESERVED
+CVE-2021-38946
+ RESERVED
+CVE-2021-38945
+ RESERVED
+CVE-2021-38944
+ RESERVED
+CVE-2021-38943
+ RESERVED
+CVE-2021-38942
+ RESERVED
+CVE-2021-38941
+ RESERVED
+CVE-2021-38940
+ RESERVED
+CVE-2021-38939
+ RESERVED
+CVE-2021-38938
+ RESERVED
+CVE-2021-38937
+ RESERVED
+CVE-2021-38936
+ RESERVED
+CVE-2021-38935
+ RESERVED
+CVE-2021-38934
+ RESERVED
+CVE-2021-38933
+ RESERVED
+CVE-2021-38932
+ RESERVED
+CVE-2021-38931
+ RESERVED
+CVE-2021-38930
+ RESERVED
+CVE-2021-38929
+ RESERVED
+CVE-2021-38928
+ RESERVED
+CVE-2021-38927
+ RESERVED
+CVE-2021-38926
+ RESERVED
+CVE-2021-38925
+ RESERVED
+CVE-2021-38924
+ RESERVED
+CVE-2021-38923
+ RESERVED
+CVE-2021-38922
+ RESERVED
+CVE-2021-38921
+ RESERVED
+CVE-2021-38920
+ RESERVED
+CVE-2021-38919
+ RESERVED
+CVE-2021-38918
+ RESERVED
+CVE-2021-38917
+ RESERVED
+CVE-2021-38916
+ RESERVED
+CVE-2021-38915
+ RESERVED
+CVE-2021-38914
+ RESERVED
+CVE-2021-38913
+ RESERVED
+CVE-2021-38912
+ RESERVED
+CVE-2021-38911
+ RESERVED
+CVE-2021-38910
+ RESERVED
+CVE-2021-38909
+ RESERVED
+CVE-2021-38908
+ RESERVED
+CVE-2021-38907
+ RESERVED
+CVE-2021-38906
+ RESERVED
+CVE-2021-38905
+ RESERVED
+CVE-2021-38904
+ RESERVED
+CVE-2021-38903
+ RESERVED
+CVE-2021-38902
+ RESERVED
+CVE-2021-38901
+ RESERVED
+CVE-2021-38900
+ RESERVED
+CVE-2021-38899
+ RESERVED
+CVE-2021-38898
+ RESERVED
+CVE-2021-38897
+ RESERVED
+CVE-2021-38896
+ RESERVED
+CVE-2021-38895
+ RESERVED
+CVE-2021-38894
+ RESERVED
+CVE-2021-38893
+ RESERVED
+CVE-2021-38892
+ RESERVED
+CVE-2021-38891
+ RESERVED
+CVE-2021-38890
+ RESERVED
+CVE-2021-38889
+ RESERVED
+CVE-2021-38888
+ RESERVED
+CVE-2021-38887
+ RESERVED
+CVE-2021-38886
+ RESERVED
+CVE-2021-38885
+ RESERVED
+CVE-2021-38884
+ RESERVED
+CVE-2021-38883
+ RESERVED
+CVE-2021-38882
+ RESERVED
+CVE-2021-38881
+ RESERVED
+CVE-2021-38880
+ RESERVED
+CVE-2021-38879
+ RESERVED
+CVE-2021-38878
+ RESERVED
+CVE-2021-38877
+ RESERVED
+CVE-2021-38876
+ RESERVED
+CVE-2021-38875
+ RESERVED
+CVE-2021-38874
+ RESERVED
+CVE-2021-38873
+ RESERVED
+CVE-2021-38872
+ RESERVED
+CVE-2021-38871
+ RESERVED
+CVE-2021-38870
+ RESERVED
+CVE-2021-38869
+ RESERVED
+CVE-2021-38868
+ RESERVED
+CVE-2021-38867
+ RESERVED
+CVE-2021-38866
+ RESERVED
+CVE-2021-38865
+ RESERVED
+CVE-2021-38864
+ RESERVED
+CVE-2021-38863
+ RESERVED
+CVE-2021-38862
+ RESERVED
+CVE-2021-38861
+ RESERVED
+CVE-2021-38860
+ RESERVED
+CVE-2021-38859
+ RESERVED
+CVE-2021-3712
+ RESERVED
+CVE-2021-3711
+ RESERVED
CVE-2021-38858
RESERVED
CVE-2021-38857
@@ -198,22 +702,22 @@ CVE-2021-38760
RESERVED
CVE-2021-38759
RESERVED
-CVE-2021-38758
- RESERVED
-CVE-2021-38757
- RESERVED
-CVE-2021-38756
- RESERVED
-CVE-2021-38755
- RESERVED
-CVE-2021-38754
- RESERVED
-CVE-2021-38753
- RESERVED
-CVE-2021-38752
- RESERVED
-CVE-2021-38751
- RESERVED
+CVE-2021-38758 (Directory traversal in Online Catering Reservation System due
to lack ...)
+ TODO: check
+CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management
System ta ...)
+ TODO: check
+CVE-2021-38756 (Persistent cross-site scripting (XSS) in Hospital Management
System ta ...)
+ TODO: check
+CVE-2021-38755 (Unauthenticated doctor entry deletion in Hospital Management
System in ...)
+ TODO: check
+CVE-2021-38754 (SQL Injection vulnerability in Hospital Management System due
to lack ...)
+ TODO: check
+CVE-2021-38753 (An unrestricted file upload on Simple Image Gallery Web App
can be exp ...)
+ TODO: check
+CVE-2021-38752 (A cross-site scripting (XSS) vulnerability in Online Catering
Reservat ...)
+ TODO: check
+CVE-2021-38751 (A HTTP Host header attack exists in ExponentCMS 2.6 and below
in /expo ...)
+ TODO: check
CVE-2021-38750
RESERVED
CVE-2021-38749
@@ -519,10 +1023,10 @@ CVE-2021-38610
RESERVED
CVE-2021-38609
RESERVED
-CVE-2021-38608
- RESERVED
-CVE-2021-38607
- RESERVED
+CVE-2021-38608 (Incorrect Access Control in Tranquil WAPT Enterprise - before
1.8.2.73 ...)
+ TODO: check
+CVE-2021-38607 (Crocoblock JetEngine before 2.6.1 allows XSS by remote
authenticated u ...)
+ TODO: check
CVE-2021-38606 (reNgine through 0.5 relies on a predictable directory name.
...)
NOT-FOR-US: reNgine
CVE-2021-38605
@@ -1158,8 +1662,8 @@ CVE-2021-38317
RESERVED
CVE-2021-38316
RESERVED
-CVE-2021-38315
- RESERVED
+CVE-2021-38315 (The SP Project & Document Manager WordPress plugin is
vulnerable t ...)
+ TODO: check
CVE-2021-38314
RESERVED
CVE-2021-38313
@@ -2595,8 +3099,8 @@ CVE-2021-37709
RESERVED
CVE-2021-37708
RESERVED
-CVE-2021-37707
- RESERVED
+CVE-2021-37707 (### Impact Manipulation of product reviews via API ### Patches
We reco ...)
+ TODO: check
CVE-2021-37706
RESERVED
CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service
platform. S ...)
@@ -6673,8 +7177,7 @@ CVE-2021-35937 [TOCTOU race in checks for unsafe symlinks]
[buster] - rpm <no-dsa> (Minor issue)
[stretch] - rpm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964125
-CVE-2021-35936
- RESERVED
+CVE-2021-35936 (If remote logging is not used, the worker (in the case of
CeleryExecut ...)
- airflow <itp> (bug #819700)
CVE-2021-3626
RESERVED
@@ -7857,14 +8360,14 @@ CVE-2021-35397 (A path traversal vulnerability in the
static router for Drogon f
NOT-FOR-US: Drogon
CVE-2021-35396
RESERVED
-CVE-2021-35395
- RESERVED
-CVE-2021-35394
- RESERVED
-CVE-2021-35393
- RESERVED
-CVE-2021-35392
- RESERVED
+CVE-2021-35395 (Realtek Jungle SDK version v2.x up to v3.4.14B provides an
HTTP web se ...)
+ TODO: check
+CVE-2021-35394 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a
diagnostic t ...)
+ TODO: check
+CVE-2021-35393 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a
'WiFi Simple ...)
+ TODO: check
+CVE-2021-35392 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a
'WiFi Simple ...)
+ TODO: check
CVE-2021-35391
RESERVED
CVE-2021-35390
@@ -9471,44 +9974,44 @@ CVE-2021-34669
RESERVED
CVE-2021-34668
RESERVED
-CVE-2021-34667
- RESERVED
-CVE-2021-34666
- RESERVED
-CVE-2021-34665
- RESERVED
-CVE-2021-34664
- RESERVED
-CVE-2021-34663
- RESERVED
+CVE-2021-34667 (The Calendar_plugin WordPress plugin is vulnerable to
Reflected Cross- ...)
+ TODO: check
+CVE-2021-34666 (The Add Sidebar WordPress plugin is vulnerable to Reflected
Cross-Site ...)
+ TODO: check
+CVE-2021-34665 (The WP SEO Tags WordPress plugin is vulnerable to Reflected
Cross-Site ...)
+ TODO: check
+CVE-2021-34664 (The Moova for WooCommerce WordPress plugin is vulnerable to
Reflected ...)
+ TODO: check
+CVE-2021-34663 (The jQuery Tagline Rotator WordPress plugin is vulnerable to
Reflected ...)
+ TODO: check
CVE-2021-34662
RESERVED
CVE-2021-34661 (The WP Fusion Lite WordPress plugin is vulnerable to
Cross-Site Reques ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-34660 (The WP Fusion Lite WordPress plugin is vulnerable to Reflected
Cross-S ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-34659
- RESERVED
-CVE-2021-34658
- RESERVED
-CVE-2021-34657
- RESERVED
-CVE-2021-34656
- RESERVED
-CVE-2021-34655
- RESERVED
-CVE-2021-34654
- RESERVED
-CVE-2021-34653
- RESERVED
-CVE-2021-34652
- RESERVED
-CVE-2021-34651
- RESERVED
+CVE-2021-34659 (The Plugmatter Pricing Table Lite WordPress plugin is
vulnerable to Re ...)
+ TODO: check
+CVE-2021-34658 (The Simple Popup Newsletter WordPress plugin is vulnerable to
Reflecte ...)
+ TODO: check
+CVE-2021-34657 (The 2TypoFR WordPress plugin is vulnerable to Reflected
Cross-Site Scr ...)
+ TODO: check
+CVE-2021-34656 (The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat
WordPress ...)
+ TODO: check
+CVE-2021-34655 (The Custom Post Type Relations WordPress plugin is vulnerable
to Refle ...)
+ TODO: check
+CVE-2021-34654 (The Custom Post Type Relations WordPress plugin is vulnerable
to Refle ...)
+ TODO: check
+CVE-2021-34653 (The WP Fountain WordPress plugin is vulnerable to Reflected
Cross-Site ...)
+ TODO: check
+CVE-2021-34652 (The Media Usage WordPress plugin is vulnerable to Reflected
Cross-Site ...)
+ TODO: check
+CVE-2021-34651 (The Scribble Maps WordPress plugin is vulnerable to Reflected
Cross-Si ...)
+ TODO: check
CVE-2021-34650
RESERVED
-CVE-2021-34649
- RESERVED
+CVE-2021-34649 (The Simple Behance Portfolio WordPress plugin is vulnerable to
Reflect ...)
+ TODO: check
CVE-2021-34648
RESERVED
CVE-2021-34647
@@ -9517,14 +10020,14 @@ CVE-2021-34646
RESERVED
CVE-2021-34645
RESERVED
-CVE-2021-34644
- RESERVED
-CVE-2021-34643
- RESERVED
-CVE-2021-34642
- RESERVED
-CVE-2021-34641
- RESERVED
+CVE-2021-34644 (The Multiplayer Games WordPress plugin is vulnerable to
Reflected Cros ...)
+ TODO: check
+CVE-2021-34643 (The Skaut bazar WordPress plugin is vulnerable to Reflected
Cross-Site ...)
+ TODO: check
+CVE-2021-34642 (The Smart Email Alerts WordPress plugin is vulnerable to
Reflected Cro ...)
+ TODO: check
+CVE-2021-34641 (The SEOPress WordPress plugin is vulnerable to Stored
Cross-Site-Scrip ...)
+ TODO: check
CVE-2021-34640 (The Securimage-WP-Fixed WordPress plugin is vulnerable to
Reflected Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34639 (Authenticated File Upload in WordPress Download Manager <=
3.1.24 a ...)
@@ -12913,8 +13416,7 @@ CVE-2021-33194 (golang.org/x/net before
v0.0.0-20210520170846-37e1c6afe023 allow
NOTE:
https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ
NOTE: https://github.com/golang/go/issues/46288
TODO: check completeness
-CVE-2021-33193 [Apache mod_proxy HTTP2 request line injection]
- RESERVED
+CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation
and be for ...)
- apache2 2.4.48-4
[bullseye] - apache2 2.4.48-3.1+deb11u1
[buster] - apache2 <postponed> (Revisit when a suitable backport is
available for 2.4.38)
@@ -13767,8 +14269,8 @@ CVE-2021-32827
RESERVED
CVE-2021-32826
RESERVED
-CVE-2021-32825
- RESERVED
+CVE-2021-32825 (bblfshd is an open source self-hosted server for source code
parsing. ...)
+ TODO: check
CVE-2021-32824
RESERVED
CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a
potential deni ...)
@@ -13779,8 +14281,8 @@ CVE-2021-32823 (In the bindata RubyGem before version
2.4.10 there is a potentia
NOTE:
https://github.com/dmendel/bindata/commit/d99f050b88337559be2cb35906c1f8da49531323
NOTE:
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#update-bindata-dependency
NOTE:
https://github.com/dmendel/bindata/blob/v2.4.10/ChangeLog.rdoc#version-2410-2021-05-18-
-CVE-2021-32822
- RESERVED
+CVE-2021-32822 (The npm hbs package is an Express view engine wrapper for
Handlebars. ...)
+ TODO: check
CVE-2021-32821
RESERVED
CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express.
Express-ha ...)
@@ -21080,7 +21582,7 @@ CVE-2021-29990
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29990
CVE-2021-29989
RESERVED
- {DSA-4959-1 DSA-4956-1 DLA-2740-1}
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird 1:78.13.0-1
@@ -21089,7 +21591,7 @@ CVE-2021-29989
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29989
CVE-2021-29988
RESERVED
- {DSA-4959-1 DSA-4956-1 DLA-2740-1}
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird 1:78.13.0-1
@@ -21104,7 +21606,7 @@ CVE-2021-29987
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29987
CVE-2021-29986
RESERVED
- {DSA-4959-1 DSA-4956-1 DLA-2740-1}
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird 1:78.13.0-1
@@ -21113,7 +21615,7 @@ CVE-2021-29986
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29986
CVE-2021-29985
RESERVED
- {DSA-4959-1 DSA-4956-1 DLA-2740-1}
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird 1:78.13.0-1
@@ -21122,7 +21624,7 @@ CVE-2021-29985
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29985
CVE-2021-29984
RESERVED
- {DSA-4959-1 DSA-4956-1 DLA-2740-1}
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird 1:78.13.0-1
@@ -21147,7 +21649,7 @@ CVE-2021-29981
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29981
CVE-2021-29980
RESERVED
- {DSA-4959-1 DSA-4956-1 DLA-2740-1}
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird 1:78.13.0-1
@@ -34414,8 +34916,8 @@ CVE-2021-24550
RESERVED
CVE-2021-24549
RESERVED
-CVE-2021-24548
- RESERVED
+CVE-2021-24548 (The Mimetic Books WordPress plugin through 0.2.13 was
vulnerable to Au ...)
+ TODO: check
CVE-2021-24547
RESERVED
CVE-2021-24546
@@ -34428,22 +34930,22 @@ CVE-2021-24543
RESERVED
CVE-2021-24542
RESERVED
-CVE-2021-24541
- RESERVED
-CVE-2021-24540
- RESERVED
+CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not
escape param ...)
+ TODO: check
+CVE-2021-24540 (The Wonder Video Embed WordPress plugin before 1.8 does not
escape par ...)
+ TODO: check
CVE-2021-24539
RESERVED
-CVE-2021-24538
- RESERVED
+CVE-2021-24538 (The Current Book WordPress plugin through 1.0.1 does not
sanitize user ...)
+ TODO: check
CVE-2021-24537
RESERVED
-CVE-2021-24536
- RESERVED
-CVE-2021-24535
- RESERVED
-CVE-2021-24534
- RESERVED
+CVE-2021-24536 (The Custom Login Redirect WordPress plugin through 1.0.0 does
not have ...)
+ TODO: check
+CVE-2021-24535 (The Light Messages WordPress plugin through 1.0 is lacking
CSRF check ...)
+ TODO: check
+CVE-2021-24534 (The PhoneTrack Meu Site Manager WordPress plugin through 0.1
does not ...)
+ TODO: check
CVE-2021-24533
RESERVED
CVE-2021-24532
@@ -34456,10 +34958,10 @@ CVE-2021-24529
RESERVED
CVE-2021-24528
RESERVED
-CVE-2021-24527
- RESERVED
-CVE-2021-24526
- RESERVED
+CVE-2021-24527 (The User Registration & User Profile – Profile
Builder WordP ...)
+ TODO: check
+CVE-2021-24526 (The Form Maker by 10Web – Mobile-Friendly Drag &
Drop Contac ...)
+ TODO: check
CVE-2021-24525
RESERVED
CVE-2021-24524
@@ -34472,10 +34974,10 @@ CVE-2021-24521 (The Side Menu Lite – add sticky
fixed buttons WordPress pl
NOT-FOR-US: Wordpress plugin
CVE-2021-24520 (The Stock in & out WordPress plugin through 1.0.4 lacks
proper san ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24519
- RESERVED
-CVE-2021-24518
- RESERVED
+CVE-2021-24519 (The VikRentCar Car Rental Management System WordPress plugin
before 1. ...)
+ TODO: check
+CVE-2021-24518 (The WPFront Notification Bar WordPress plugin before
2.0.0.07176 does ...)
+ TODO: check
CVE-2021-24517
RESERVED
CVE-2021-24516
@@ -34486,8 +34988,8 @@ CVE-2021-24514
RESERVED
CVE-2021-24513
RESERVED
-CVE-2021-24512
- RESERVED
+CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4
has an a ...)
+ TODO: check
CVE-2021-24511
RESERVED
CVE-2021-24510
@@ -34568,8 +35070,8 @@ CVE-2021-24473 (The User Profile Picture WordPress
plugin before 2.6.0 was affec
NOT-FOR-US: WordPress plugin
CVE-2021-24472 (The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio
WordPress ...)
NOT-FOR-US: WordPress theme
-CVE-2021-24471
- RESERVED
+CVE-2021-24471 (The YouTube Embed WordPress plugin before 5.2.2 does not
validate, esc ...)
+ TODO: check
CVE-2021-24470 (The Yada Wiki WordPress plugin before 3.4.1 did not sanitise,
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24469
@@ -34578,8 +35080,8 @@ CVE-2021-24468 (The Leaflet Map WordPress plugin before
3.0.0 does not escape so
NOT-FOR-US: WordPress plugin
CVE-2021-24467 (The Leaflet Map WordPress plugin before 3.0.0 does not verify
the CSRF ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24466
- RESERVED
+CVE-2021-24466 (The Verse-O-Matic WordPress plugin through 4.1.1 does not have
any CSR ...)
+ TODO: check
CVE-2021-24465
RESERVED
CVE-2021-24464 (The YouTube Embed, Playlist and Popup by WpDevArt WordPress
plugin bef ...)
@@ -34620,8 +35122,8 @@ CVE-2021-24447 (The WP Image Zoom WordPress plugin
before 1.47 did not validate
NOT-FOR-US: WordPress plugin
CVE-2021-24446
RESERVED
-CVE-2021-24445
- RESERVED
+CVE-2021-24445 (The My Site Audit WordPress plugin through 1.2.4 does not
sanitise or ...)
+ TODO: check
CVE-2021-24444 (The TaxoPress – Create and Manage Taxonomies, Tags,
Categories W ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24443 (The About Me widget of the Youzify – BuddyPress
Community, User ...)
@@ -34688,10 +35190,10 @@ CVE-2021-24413
RESERVED
CVE-2021-24412
RESERVED
-CVE-2021-24411
- RESERVED
-CVE-2021-24410
- RESERVED
+CVE-2021-24411 (The Social Tape WordPress plugin through 1.0 does not have
CSRF checks ...)
+ TODO: check
+CVE-2021-24410 (The తెలుగు
బైబ&# ...)
+ TODO: check
CVE-2021-24409 (The Prismatic WordPress plugin before 2.8 does not escape the
'tab' GE ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24408 (The Prismatic WordPress plugin before 2.8 does not sanitise or
validat ...)
@@ -34750,8 +35252,8 @@ CVE-2021-24382 (The Smart Slider 3 Free and pro
WordPress plugins before 3.5.0.9
NOT-FOR-US: WordPress plugin
CVE-2021-24381
RESERVED
-CVE-2021-24380
- RESERVED
+CVE-2021-24380 (The Shantz WordPress QOTD WordPress plugin through 1.2.2 is
lacking an ...)
+ TODO: check
CVE-2021-24379 (The Comments Like Dislike WordPress plugin before 1.1.4 allows
users t ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24378 (The Autoptimize WordPress plugin before 2.7.8 does not check
for malic ...)
@@ -34784,10 +35286,10 @@ CVE-2021-24365 (The Admin Columns WordPress plugin
Free before 4.3.2 and Pro bef
NOT-FOR-US: WordPress plugin
CVE-2021-24364 (The Jannah WordPress theme before 5.4.4 did not properly
sanitize the ...)
NOT-FOR-US: WordPress theme
-CVE-2021-24363
- RESERVED
-CVE-2021-24362
- RESERVED
+CVE-2021-24363 (The Photo Gallery by 10Web – Mobile-Friendly Image
Gallery WordP ...)
+ TODO: check
+CVE-2021-24362 (The Photo Gallery by 10Web – Mobile-Friendly Image
Gallery WordP ...)
+ TODO: check
CVE-2021-24361 (In the Location Manager WordPress plugin before 2.1.0.10, the
AJAX act ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24360 (The Yes/No Chart WordPress plugin before 1.0.12 did not
sanitise its s ...)
@@ -36957,10 +37459,10 @@ CVE-2021-23425
RESERVED
CVE-2021-23424
RESERVED
-CVE-2021-23423
- RESERVED
-CVE-2021-23422
- RESERVED
+CVE-2021-23423 (This affects the package bikeshed before 3.0.0. This can occur
when an ...)
+ TODO: check
+CVE-2021-23422 (This affects the package bikeshed before 3.0.0. This can occur
when an ...)
+ TODO: check
CVE-2021-23421 (All versions of package merge-change are vulnerable to
Prototype Pollu ...)
TODO: check
CVE-2021-23420 (This affects the package codeception/codeception from 4.0.0
and before ...)
@@ -37982,34 +38484,31 @@ CVE-2021-22942
RESERVED
CVE-2021-22941
RESERVED
-CVE-2021-22940
- RESERVED
+CVE-2021-22940 (Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a
use aft ...)
- nodejs 12.22.5~dfsg-1
[bullseye] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930
not applied)
[buster] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not
applied)
[stretch] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930
not applied)
NOTE:
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22940
-CVE-2021-22939
- RESERVED
+CVE-2021-22939 (If the Node.js https API was used incorrectly and "undefined"
was in p ...)
- nodejs 12.22.5~dfsg-1
[bullseye] - nodejs 12.22.5~dfsg-2~11u1
NOTE:
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#incomplete-validation-of-rejectunauthorized-parameter-low-cve-2021-22939
-CVE-2021-22938
- RESERVED
-CVE-2021-22937
- RESERVED
-CVE-2021-22936
- RESERVED
-CVE-2021-22935
- RESERVED
-CVE-2021-22934
- RESERVED
-CVE-2021-22933
- RESERVED
-CVE-2021-22932
- RESERVED
-CVE-2021-22931 [cares upgrade - Improper handling of untypical characters in
domain names]
- RESERVED
+CVE-2021-22938 (A vulnerability in Pulse Connect Secure before 9.1R12 could
allow an a ...)
+ TODO: check
+CVE-2021-22937 (A vulnerability in Pulse Connect Secure before 9.1R12 could
allow an a ...)
+ TODO: check
+CVE-2021-22936 (A vulnerability in Pulse Connect Secure before 9.1R12 could
allow a th ...)
+ TODO: check
+CVE-2021-22935 (A vulnerability in Pulse Connect Secure before 9.1R12 could
allow an a ...)
+ TODO: check
+CVE-2021-22934 (A vulnerability in Pulse Connect Secure before 9.1R12 could
allow an a ...)
+ TODO: check
+CVE-2021-22933 (A vulnerability in Pulse Connect Secure before 9.1R12 could
allow an a ...)
+ TODO: check
+CVE-2021-22932 (An issue has been identified in the CTX269106 mitigation tool
for Citr ...)
+ TODO: check
+CVE-2021-22931 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to
Remote Co ...)
- nodejs <undetermined>
NOTE:
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931
TODO: check, nodejs uses system c-ares which fixed CVE-2021-3672 and so
this entry might be not-affected
@@ -40506,12 +41005,12 @@ CVE-2021-21863 (A unsafe deserialization
vulnerability exists in the ComponentMo
NOT-FOR-US: CODESYS
CVE-2021-21862
RESERVED
-CVE-2021-21861
- RESERVED
-CVE-2021-21860
- RESERVED
-CVE-2021-21859
- RESERVED
+CVE-2021-21861 (An exploitable integer truncation vulnerability exists within
the MPEG ...)
+ TODO: check
+CVE-2021-21860 (An exploitable integer truncation vulnerability exists within
the MPEG ...)
+ TODO: check
+CVE-2021-21859 (An exploitable integer truncation vulnerability exists within
the MPEG ...)
+ TODO: check
CVE-2021-21858
RESERVED
CVE-2021-21857
@@ -57652,8 +58151,8 @@ CVE-2021-0116
RESERVED
CVE-2021-0115
RESERVED
-CVE-2021-0114
- RESERVED
+CVE-2021-0114 (Insecure default variable initialization for the Intel BSSA DFT
featur ...)
+ TODO: check
CVE-2021-0113 (Out of bounds write in the BMC firmware for Intel(R) Server
Board M10J ...)
NOT-FOR-US: Intel
CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows
before ...)
@@ -77556,22 +78055,22 @@ CVE-2020-18707
RESERVED
CVE-2020-18706
RESERVED
-CVE-2020-18705
- RESERVED
-CVE-2020-18704
- RESERVED
-CVE-2020-18703
- RESERVED
-CVE-2020-18702
- RESERVED
-CVE-2020-18701
- RESERVED
+CVE-2020-18705 (XML External Entities (XXE) in Quokka v0.4.0 allows remote
attackers t ...)
+ TODO: check
+CVE-2020-18704 (Unrestricted Upload of File with Dangerous Type in
Django-Widgy v0.8.4 ...)
+ TODO: check
+CVE-2020-18703 (XML External Entities (XXE) in Quokka v0.4.0 allows remote
attackers t ...)
+ TODO: check
+CVE-2020-18702 (Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote
attackers to ...)
+ TODO: check
+CVE-2020-18701 (Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote
attacke ...)
+ TODO: check
CVE-2020-18700
RESERVED
-CVE-2020-18699
- RESERVED
-CVE-2020-18698
- RESERVED
+CVE-2020-18699 (Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows
remote attac ...)
+ TODO: check
+CVE-2020-18698 (Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote
attacker ...)
+ TODO: check
CVE-2020-18697
RESERVED
CVE-2020-18696
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7e36a4ef0901c713b15a5dcfdfe1509d16bbddd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7e36a4ef0901c713b15a5dcfdfe1509d16bbddd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
