Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2a307b4b by security tracker role at 2021-11-01T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-43174
+ RESERVED
+CVE-2021-43173
+ RESERVED
+CVE-2021-43172
+ RESERVED
+CVE-2021-3917
+ RESERVED
CVE-2021-43171
RESERVED
CVE-2021-43170
@@ -176,18 +184,18 @@ CVE-2021-43084
RESERVED
CVE-2021-3916
RESERVED
-CVE-2015-10001
- RESERVED
+CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF
check whe ...)
+ TODO: check
CVE-2021-43083
RESERVED
CVE-2021-43082
RESERVED
CVE-2021-3915
RESERVED
-CVE-2020-36505
- RESERVED
-CVE-2020-36504
- RESERVED
+CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is
lacking ...)
+ TODO: check
+CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have
CSRF check ...)
+ TODO: check
CVE-2021-43081
RESERVED
CVE-2021-43080
@@ -332,12 +340,12 @@ CVE-2021-3907
RESERVED
CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with
Dangerous ...)
NOT-FOR-US: bookstack
-CVE-2018-25019
- RESERVED
-CVE-2015-20067
- RESERVED
-CVE-2015-20019
- RESERVED
+CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have
any auth ...)
+ TODO: check
+CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does
not have p ...)
+ TODO: check
+CVE-2015-20019 (The Content text slider on post WordPress plugin before 6.9
does not s ...)
+ TODO: check
CVE-2021-43032
RESERVED
CVE-2021-43031
@@ -391,8 +399,8 @@ CVE-2021-3903 (vim is vulnerable to Heap-based Buffer
Overflow ...)
NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
NOTE:
https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
NOTE: PoC crashes starting with
https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8
(v8.2.0149)
-CVE-2020-36503
- RESERVED
+CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7
does no ...)
+ TODO: check
CVE-2021-43010
RESERVED
CVE-2021-43009
@@ -579,8 +587,8 @@ CVE-2021-42919
RESERVED
CVE-2021-42918
RESERVED
-CVE-2021-42917
- RESERVED
+CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows
attacker ...)
+ TODO: check
CVE-2021-42916
RESERVED
CVE-2021-42915
@@ -1372,8 +1380,8 @@ CVE-2021-42559
RESERVED
CVE-2021-42558
RESERVED
-CVE-2021-42557
- RESERVED
+CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to
bypass API ...)
+ TODO: check
CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive
extract ...)
NOT-FOR-US: Rasa X
CVE-2021-42555
@@ -3952,8 +3960,8 @@ CVE-2021-3858 (snipe-it is vulnerable to Cross-Site
Request Forgery (CSRF) ...)
NOT-FOR-US: snipe-it
CVE-2021-3857
RESERVED
-CVE-2021-41973
- RESERVED
+CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request
may cau ...)
+ TODO: check
CVE-2021-41972
RESERVED
CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with
ENABLE_ ...)
@@ -11282,8 +11290,8 @@ CVE-2021-38849
RESERVED
CVE-2021-38848
RESERVED
-CVE-2021-38847
- RESERVED
+CVE-2021-38847 (S-Cart v6.4.1 and below was discovered to contain an arbitrary
file up ...)
+ TODO: check
CVE-2021-38846
RESERVED
CVE-2021-38845
@@ -11770,10 +11778,10 @@ CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access
control on the /auth/v1/us
NOT-FOR-US: Eigen
CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the
/auth/v1/sso/conf ...)
NOT-FOR-US: Eigen
-CVE-2021-3705
- RESERVED
-CVE-2021-3704
- RESERVED
+CVE-2021-3705 (Potential security vulnerabilities have been discovered on a
certain H ...)
+ TODO: check
+CVE-2021-3704 (Potential security vulnerabilities have been discovered on a
certain H ...)
+ TODO: check
CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when
NDEBUG is u ...)
- polipo <removed>
[buster] - polipo <ignored> (Minor issue)
@@ -19030,6 +19038,7 @@ CVE-2021-35604 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
- mysql-8.0 <unfixed>
- mysql-5.7 <removed>
CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
+ {DSA-5000-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 <unfixed>
@@ -19066,6 +19075,7 @@ CVE-2021-35588 (Vulnerability in the Java SE, Oracle
GraalVM Enterprise Edition
CVE-2021-35587
RESERVED
CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
+ {DSA-5000-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 <unfixed>
@@ -19084,6 +19094,7 @@ CVE-2021-35580 (Vulnerability in the Oracle
Applications Manager product of Orac
CVE-2021-35579
RESERVED
CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
+ {DSA-5000-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 <unfixed>
@@ -19108,15 +19119,18 @@ CVE-2021-35569 (Vulnerability in the Oracle
Applications Manager product of Orac
CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
NOT-FOR-US: Oracle
CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
+ {DSA-5000-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 <unfixed>
CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of
Oracle E-B ...)
NOT-FOR-US: Oracle
CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
+ {DSA-5000-1}
- openjdk-11 11.0.13+8-1
- openjdk-8 <unfixed>
CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
+ {DSA-5000-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 <unfixed>
@@ -19125,12 +19139,14 @@ CVE-2021-35563 (Vulnerability in the Oracle Shipping
Execution product of Oracle
CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of
Oracle E-B ...)
NOT-FOR-US: Oracle
CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
+ {DSA-5000-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 <unfixed>
CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE
(component: Dep ...)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
+ {DSA-5000-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 <unfixed>
@@ -19139,6 +19155,7 @@ CVE-2021-35558 (Vulnerability in the Core RDBMS
component of Oracle Database Ser
CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database
Server. S ...)
NOT-FOR-US: Oracle
CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
+ {DSA-5000-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 <unfixed>
@@ -19153,6 +19170,7 @@ CVE-2021-35552 (Vulnerability in the Oracle WebLogic
Server product of Oracle Fu
CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle
Database Serve ...)
NOT-FOR-US: Oracle
CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
+ {DSA-5000-1}
- openjdk-11 11.0.13+8-1
- openjdk-8 <unfixed>
CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
@@ -26023,6 +26041,7 @@ CVE-2021-32687 (Redis is an open source, in-memory
database that persists on dis
- redis 5:6.0.16-1
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q
CVE-2021-32686 (PJSIP is a free and open source multimedia communication
library writt ...)
+ {DSA-4999-1}
- asterisk 1:16.16.1~dfsg-2 (bug #991931)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -26390,7 +26409,7 @@ CVE-2021-32560 (The Logging subsystem in OctoPrint
before 1.6.0 has incorrect ac
CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301
when addin ...)
NOT-FOR-US: pywin32
CVE-2021-32558 (An issue was discovered in Sangoma Asterisk 13.x before
13.38.3, 16.x ...)
- {DLA-2729-1}
+ {DSA-4999-1 DLA-2729-1}
- asterisk 1:16.16.1~dfsg-2 (bug #991710)
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-008.html
CVE-2021-32557 (It was discovered that the process_report() function in
data/whoopsie- ...)
@@ -35168,10 +35187,10 @@ CVE-2021-29215
RESERVED
CVE-2021-29214
RESERVED
-CVE-2021-29213
- RESERVED
-CVE-2021-29212
- RESERVED
+CVE-2021-29213 (A potential local bypass of security restrictions
vulnerability has be ...)
+ TODO: check
+CVE-2021-29212 (A remote unauthenticated directory traversal security
vulnerability ha ...)
+ TODO: check
CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated
Lights-Out ...)
NOT-FOR-US: HPE
CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered
in HPE I ...)
@@ -37515,8 +37534,8 @@ CVE-2021-28217
RESERVED
CVE-2021-3441 (A potential security vulnerability has been identified for the
HP Offi ...)
NOT-FOR-US: HP
-CVE-2021-3440
- RESERVED
+CVE-2021-3440 (HP Print and Scan Doctor, an application within the HP Smart
App for W ...)
+ TODO: check
CVE-2021-3439
RESERVED
CVE-2021-3438 (A potential buffer overflow in the software drivers for certain
HP Las ...)
@@ -39020,8 +39039,8 @@ CVE-2021-27645 (The nameserver caching daemon (nscd) in
the GNU C Library (aka g
NOTE: Fixed by:
https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673
NOTE: Introducing commit present in Debian since 2.28-1 with addition of
NOTE:
https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919
-CVE-2021-27644
- RESERVED
+CVE-2021-27644 (In Apache DolphinScheduler before 1.3.6 versions, authorized
users can ...)
+ TODO: check
CVE-2021-27643 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
NOT-FOR-US: SAP
CVE-2021-27642 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
@@ -40454,10 +40473,10 @@ CVE-2021-27007
RESERVED
CVE-2021-27006
RESERVED
-CVE-2021-27005
- RESERVED
-CVE-2021-27004
- RESERVED
+CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16,
9.7P16, ...)
+ TODO: check
+CVE-2021-27004 (System Manager 9.x versions 9.7 and higher prior to 9.7P16,
9.8P7 and ...)
+ TODO: check
CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14,
9.8P5 a ...)
NOT-FOR-US: Clustered Data ONTAP (NetApp)
CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible
to a vul ...)
@@ -41107,10 +41126,10 @@ CVE-2021-26742
RESERVED
CVE-2021-26741
RESERVED
-CVE-2021-26740
- RESERVED
-CVE-2021-26739
- RESERVED
+CVE-2021-26740 (Arbitrary file upload vulnerability sysupload.php in millken
doyocms 2 ...)
+ TODO: check
+CVE-2021-26739 (SQL Injection vulnerability in pay.php in millken doyocms 2.3,
allows ...)
+ TODO: check
CVE-2021-26738
RESERVED
CVE-2021-26737
@@ -43567,16 +43586,16 @@ CVE-2021-25880
RESERVED
CVE-2021-25879
RESERVED
-CVE-2021-25878
- RESERVED
-CVE-2021-25877
- RESERVED
-CVE-2021-25876
- RESERVED
-CVE-2021-25875
- RESERVED
-CVE-2021-25874
- RESERVED
+CVE-2021-25878 (AVideo/YouPHPTube 10.0 and prior is affected by multiple
reflected Cro ...)
+ TODO: check
+CVE-2021-25877 (AVideo/YouPHPTube 10.0 and prior is affected by Insecure file
write. A ...)
+ TODO: check
+CVE-2021-25876 (AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross
Script S ...)
+ TODO: check
+CVE-2021-25875 (AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has
multiple reflec ...)
+ TODO: check
+CVE-2021-25874 (AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected
by a SQ ...)
+ TODO: check
CVE-2021-25873
RESERVED
CVE-2021-25872
@@ -46020,18 +46039,18 @@ CVE-2021-24815
RESERVED
CVE-2021-24814
RESERVED
-CVE-2021-24813
- RESERVED
+CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not
sanitise ...)
+ TODO: check
CVE-2021-24812
RESERVED
CVE-2021-24811
RESERVED
CVE-2021-24810
RESERVED
-CVE-2021-24809
- RESERVED
-CVE-2021-24808
- RESERVED
+CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does
not check ...)
+ TODO: check
+CVE-2021-24808 (The BP Better Messages WordPress plugin before 1.9.9.41
sanitise (with ...)
+ TODO: check
CVE-2021-24807
RESERVED
CVE-2021-24806
@@ -46048,8 +46067,8 @@ CVE-2021-24801
RESERVED
CVE-2021-24800
RESERVED
-CVE-2021-24799
- RESERVED
+CVE-2021-24799 (The Far Future Expiry Header WordPress plugin before 1.5 does
not have ...)
+ TODO: check
CVE-2021-24798
RESERVED
CVE-2021-24797
@@ -46058,18 +46077,18 @@ CVE-2021-24796
RESERVED
CVE-2021-24795
RESERVED
-CVE-2021-24794
- RESERVED
-CVE-2021-24793
- RESERVED
+CVE-2021-24794 (The Connections Business Directory WordPress plugin before
10.4.3 does ...)
+ TODO: check
+CVE-2021-24793 (The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12
does not ...)
+ TODO: check
CVE-2021-24792
RESERVED
CVE-2021-24791
RESERVED
CVE-2021-24790
RESERVED
-CVE-2021-24789
- RESERVED
+CVE-2021-24789 (The Flat Preloader WordPress plugin before 1.5.5 does not
escape some ...)
+ TODO: check
CVE-2021-24788
RESERVED
CVE-2021-24787
@@ -46084,8 +46103,8 @@ CVE-2021-24783
RESERVED
CVE-2021-24782
RESERVED
-CVE-2021-24781
- RESERVED
+CVE-2021-24781 (The Image Source Control WordPress plugin before 2.3.1 allows
users wi ...)
+ TODO: check
CVE-2021-24780
RESERVED
CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its
update_setting ...)
@@ -46100,14 +46119,14 @@ CVE-2021-24775
RESERVED
CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does
not valid ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24773
- RESERVED
+CVE-2021-24773 (The WordPress Download Manager WordPress plugin before 3.2.16
does not ...)
+ TODO: check
CVE-2021-24772
RESERVED
CVE-2021-24771
RESERVED
-CVE-2021-24770
- RESERVED
+CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not
perform ...)
+ TODO: check
CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1
does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24768
@@ -46132,8 +46151,8 @@ CVE-2021-24759
RESERVED
CVE-2021-24758
RESERVED
-CVE-2021-24757
- RESERVED
+CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not
perform ...)
+ TODO: check
CVE-2021-24756
RESERVED
CVE-2021-24755
@@ -46162,8 +46181,8 @@ CVE-2021-24744 (The WordPress Contact Forms by Cimatti
WordPress plugin before 1
NOT-FOR-US: WordPress plugin
CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2
allows use ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24742
- RESERVED
+CVE-2021-24742 (The Logo Slider and Showcase WordPress plugin before 1.3.37
allows Edi ...)
+ TODO: check
CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not
escape multip ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape
some of it ...)
@@ -46200,10 +46219,10 @@ CVE-2021-24725 (The Comment Link Remove and Other
Comment Tools WordPress plugin
NOT-FOR-US: WordPress plugin
CVE-2021-24724 (The Timetable and Event Schedule by MotoPress WordPress plugin
before ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24723
- RESERVED
-CVE-2021-24722
- RESERVED
+CVE-2021-24723 (The WP Reactions Lite WordPress plugin before 1.3.6 does not
properly ...)
+ TODO: check
+CVE-2021-24722 (The Restaurant Menu by MotoPress WordPress plugin through
2.4.0 does n ...)
+ TODO: check
CVE-2021-24721
RESERVED
CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before
2.1.1.3 wa ...)
@@ -46212,12 +46231,12 @@ CVE-2021-24719 (The Enfold Enfold WordPress theme
before 4.8.4 was vulnerable to
NOT-FOR-US: WordPress theme
CVE-2021-24718
RESERVED
-CVE-2021-24717
- RESERVED
-CVE-2021-24716
- RESERVED
-CVE-2021-24715
- RESERVED
+CVE-2021-24717 (The AutomatorWP WordPress plugin before 1.7.6 does not perform
capabil ...)
+ TODO: check
+CVE-2021-24716 (The Modern Events Calendar Lite WordPress plugin before 5.22.3
does no ...)
+ TODO: check
+CVE-2021-24715 (The WP Sitemap Page WordPress plugin before 1.7.0 does not
properly sa ...)
+ TODO: check
CVE-2021-24714
RESERVED
CVE-2021-24713
@@ -46276,14 +46295,14 @@ CVE-2021-24687 (The Modern Events Calendar Lite
WordPress plugin before 5.22.2 d
NOT-FOR-US: WordPress plugin
CVE-2021-24686
RESERVED
-CVE-2021-24685
- RESERVED
+CVE-2021-24685 (The Flat Preloader WordPress plugin before 1.5.4 does not
enforce nonc ...)
+ TODO: check
CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before
1.4.12 a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have
any CSR ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24682
- RESERVED
+CVE-2021-24682 (The Cool Tag Cloud WordPress plugin before 2.26 does not
escape the st ...)
+ TODO: check
CVE-2021-24681 (The Duplicate Page WordPress plugin through 4.4.2 does not
sanitise or ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24680
@@ -46398,8 +46417,8 @@ CVE-2021-24626
RESERVED
CVE-2021-24625
RESERVED
-CVE-2021-24624
- RESERVED
+CVE-2021-24624 (The MP3 Audio Player for Music, Radio & Podcast by Sonaar
WordPres ...)
+ TODO: check
CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24622 (The Customer Service Software & Support Ticket System
WordPress pl ...)
@@ -46502,12 +46521,12 @@ CVE-2021-24574 (The Simple Banner WordPress plugin
before 2.10.4 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2021-24573
RESERVED
-CVE-2021-24572
- RESERVED
+CVE-2021-24572 (The Accept Donations with PayPal WordPress plugin before 1.3.1
provide ...)
+ TODO: check
CVE-2021-24571 (The HD Quiz WordPress plugin before 1.8.4 does not escape some
of its ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24570
- RESERVED
+CVE-2021-24570 (The Accept Donations with PayPal WordPress plugin before 1.3.1
offers ...)
+ TODO: check
CVE-2021-24569 (The Cookie Notice & Compliance for GDPR / CCPA WordPress
plugin be ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24568 (The AddToAny Share Buttons WordPress plugin before 1.7.46 does
not san ...)
@@ -46568,8 +46587,8 @@ CVE-2021-24541 (The Wonder PDF Embed WordPress plugin
before 1.7 does not escape
NOT-FOR-US: WordPress plugin
CVE-2021-24540 (The Wonder Video Embed WordPress plugin before 1.8 does not
escape par ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24539
- RESERVED
+CVE-2021-24539 (The Coming Soon, Under Construction & Maintenance Mode By
Dazzler ...)
+ TODO: check
CVE-2021-24538 (The Current Book WordPress plugin through 1.0.1 does not
sanitize user ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24537
@@ -51170,10 +51189,10 @@ CVE-2021-22566
RESERVED
CVE-2021-22565
RESERVED
-CVE-2021-22564
- RESERVED
-CVE-2021-22563
- RESERVED
+CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger
than an i ...)
+ TODO: check
+CVE-2021-22563 (Invalid JPEG XL images using libjxl can cause an out of bounds
access ...)
+ TODO: check
CVE-2021-22562
RESERVED
CVE-2021-22561
@@ -64281,8 +64300,8 @@ CVE-2020-28704
RESERVED
CVE-2020-28703
RESERVED
-CVE-2020-28702
- RESERVED
+CVE-2020-28702 (A SQL injection vulnerability in TopicMapper.xml of PybbsCMS
v5.2.1 al ...)
+ TODO: check
CVE-2020-28701
RESERVED
CVE-2020-28700
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a307b4b04f3fb008e24edf318500c3b199a1691
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a307b4b04f3fb008e24edf318500c3b199a1691
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
