Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
29775026 by security tracker role at 2022-01-24T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,433 @@
+CVE-2022-23913
+ RESERVED
+CVE-2022-23912
+ RESERVED
+CVE-2022-23911
+ RESERVED
+CVE-2022-23910
+ RESERVED
+CVE-2022-23909
+ RESERVED
+CVE-2022-23908
+ RESERVED
+CVE-2022-23907
+ RESERVED
+CVE-2022-23906
+ RESERVED
+CVE-2022-23905
+ RESERVED
+CVE-2022-23904
+ RESERVED
+CVE-2022-23903
+ RESERVED
+CVE-2022-23902
+ RESERVED
+CVE-2022-23901
+ RESERVED
+CVE-2022-23900
+ RESERVED
+CVE-2022-23899
+ RESERVED
+CVE-2022-23898
+ RESERVED
+CVE-2022-23897
+ RESERVED
+CVE-2022-23896
+ RESERVED
+CVE-2022-23895
+ RESERVED
+CVE-2022-23894
+ RESERVED
+CVE-2022-23893
+ RESERVED
+CVE-2022-23892
+ RESERVED
+CVE-2022-23891
+ RESERVED
+CVE-2022-23890
+ RESERVED
+CVE-2022-23889
+ RESERVED
+CVE-2022-23888
+ RESERVED
+CVE-2022-23887
+ RESERVED
+CVE-2022-23886
+ RESERVED
+CVE-2022-23885
+ RESERVED
+CVE-2022-23884
+ RESERVED
+CVE-2022-23883
+ RESERVED
+CVE-2022-23882
+ RESERVED
+CVE-2022-23881
+ RESERVED
+CVE-2022-23880
+ RESERVED
+CVE-2022-23879
+ RESERVED
+CVE-2022-23878
+ RESERVED
+CVE-2022-23877
+ RESERVED
+CVE-2022-23876
+ RESERVED
+CVE-2022-23875
+ RESERVED
+CVE-2022-23874
+ RESERVED
+CVE-2022-23873
+ RESERVED
+CVE-2022-23872
+ RESERVED
+CVE-2022-23871
+ RESERVED
+CVE-2022-23870
+ RESERVED
+CVE-2022-23869
+ RESERVED
+CVE-2022-23868
+ RESERVED
+CVE-2022-23867
+ RESERVED
+CVE-2022-23866
+ RESERVED
+CVE-2022-23865
+ RESERVED
+CVE-2022-0352
+ RESERVED
+CVE-2022-0351
+ RESERVED
+CVE-2022-0350
+ RESERVED
+CVE-2022-0349
+ RESERVED
+CVE-2022-0348
+ RESERVED
+CVE-2022-0347
+ RESERVED
+CVE-2022-0346
+ RESERVED
+CVE-2022-0345
+ RESERVED
+CVE-2022-0344
+ RESERVED
+CVE-2022-0343
+ RESERVED
+CVE-2022-0342
+ RESERVED
+CVE-2021-46558
+ RESERVED
+CVE-2021-46557
+ RESERVED
+CVE-2021-46556
+ RESERVED
+CVE-2021-46555
+ RESERVED
+CVE-2021-46554
+ RESERVED
+CVE-2021-46553
+ RESERVED
+CVE-2021-46552
+ RESERVED
+CVE-2021-46551
+ RESERVED
+CVE-2021-46550
+ RESERVED
+CVE-2021-46549
+ RESERVED
+CVE-2021-46548
+ RESERVED
+CVE-2021-46547
+ RESERVED
+CVE-2021-46546
+ RESERVED
+CVE-2021-46545
+ RESERVED
+CVE-2021-46544
+ RESERVED
+CVE-2021-46543
+ RESERVED
+CVE-2021-46542
+ RESERVED
+CVE-2021-46541
+ RESERVED
+CVE-2021-46540
+ RESERVED
+CVE-2021-46539
+ RESERVED
+CVE-2021-46538
+ RESERVED
+CVE-2021-46537
+ RESERVED
+CVE-2021-46536
+ RESERVED
+CVE-2021-46535
+ RESERVED
+CVE-2021-46534
+ RESERVED
+CVE-2021-46533
+ RESERVED
+CVE-2021-46532
+ RESERVED
+CVE-2021-46531
+ RESERVED
+CVE-2021-46530
+ RESERVED
+CVE-2021-46529
+ RESERVED
+CVE-2021-46528
+ RESERVED
+CVE-2021-46527
+ RESERVED
+CVE-2021-46526
+ RESERVED
+CVE-2021-46525
+ RESERVED
+CVE-2021-46524
+ RESERVED
+CVE-2021-46523
+ RESERVED
+CVE-2021-46522
+ RESERVED
+CVE-2021-46521
+ RESERVED
+CVE-2021-46520
+ RESERVED
+CVE-2021-46519
+ RESERVED
+CVE-2021-46518
+ RESERVED
+CVE-2021-46517
+ RESERVED
+CVE-2021-46516
+ RESERVED
+CVE-2021-46515
+ RESERVED
+CVE-2021-46514
+ RESERVED
+CVE-2021-46513
+ RESERVED
+CVE-2021-46512
+ RESERVED
+CVE-2021-46511
+ RESERVED
+CVE-2021-46510
+ RESERVED
+CVE-2021-46509
+ RESERVED
+CVE-2021-46508
+ RESERVED
+CVE-2021-46507
+ RESERVED
+CVE-2021-46506
+ RESERVED
+CVE-2021-46505
+ RESERVED
+CVE-2021-46504
+ RESERVED
+CVE-2021-46503
+ RESERVED
+CVE-2021-46502
+ RESERVED
+CVE-2021-46501
+ RESERVED
+CVE-2021-46500
+ RESERVED
+CVE-2021-46499
+ RESERVED
+CVE-2021-46498
+ RESERVED
+CVE-2021-46497
+ RESERVED
+CVE-2021-46496
+ RESERVED
+CVE-2021-46495
+ RESERVED
+CVE-2021-46494
+ RESERVED
+CVE-2021-46493
+ RESERVED
+CVE-2021-46492
+ RESERVED
+CVE-2021-46491
+ RESERVED
+CVE-2021-46490
+ RESERVED
+CVE-2021-46489
+ RESERVED
+CVE-2021-46488
+ RESERVED
+CVE-2021-46487
+ RESERVED
+CVE-2021-46486
+ RESERVED
+CVE-2021-46485
+ RESERVED
+CVE-2021-46484
+ RESERVED
+CVE-2021-46483
+ RESERVED
+CVE-2021-46482
+ RESERVED
+CVE-2021-46481
+ RESERVED
+CVE-2021-46480
+ RESERVED
+CVE-2021-46479
+ RESERVED
+CVE-2021-46478
+ RESERVED
+CVE-2021-46477
+ RESERVED
+CVE-2021-46476
+ RESERVED
+CVE-2021-46475
+ RESERVED
+CVE-2021-46474
+ RESERVED
+CVE-2021-46473
+ RESERVED
+CVE-2021-46472
+ RESERVED
+CVE-2021-46471
+ RESERVED
+CVE-2021-46470
+ RESERVED
+CVE-2021-46469
+ RESERVED
+CVE-2021-46468
+ RESERVED
+CVE-2021-46467
+ RESERVED
+CVE-2021-46466
+ RESERVED
+CVE-2021-46465
+ RESERVED
+CVE-2021-46464
+ RESERVED
+CVE-2021-46463
+ RESERVED
+CVE-2021-46462
+ RESERVED
+CVE-2021-46461
+ RESERVED
+CVE-2021-46460
+ RESERVED
+CVE-2021-46459
+ RESERVED
+CVE-2021-46458
+ RESERVED
+CVE-2021-46457
+ RESERVED
+CVE-2021-46456
+ RESERVED
+CVE-2021-46455
+ RESERVED
+CVE-2021-46454
+ RESERVED
+CVE-2021-46453
+ RESERVED
+CVE-2021-46452
+ RESERVED
+CVE-2021-46451 (An SQL Injection vulnerabilty exists in Sourcecodester Online
Project ...)
+ TODO: check
+CVE-2021-46450
+ RESERVED
+CVE-2021-46449
+ RESERVED
+CVE-2021-46448
+ RESERVED
+CVE-2021-46447
+ RESERVED
+CVE-2021-46446
+ RESERVED
+CVE-2021-46445
+ RESERVED
+CVE-2021-46444
+ RESERVED
+CVE-2021-46443
+ RESERVED
+CVE-2021-46442
+ RESERVED
+CVE-2021-46441
+ RESERVED
+CVE-2021-46440
+ RESERVED
+CVE-2021-46439
+ RESERVED
+CVE-2021-46438
+ RESERVED
+CVE-2021-46437
+ RESERVED
+CVE-2021-46436
+ RESERVED
+CVE-2021-46435
+ RESERVED
+CVE-2021-46434
+ RESERVED
+CVE-2021-46433
+ RESERVED
+CVE-2021-46432
+ RESERVED
+CVE-2021-46431
+ RESERVED
+CVE-2021-46430
+ RESERVED
+CVE-2021-46429
+ RESERVED
+CVE-2021-46428
+ RESERVED
+CVE-2021-46427
+ RESERVED
+CVE-2021-46426
+ RESERVED
+CVE-2021-46425
+ RESERVED
+CVE-2021-46424
+ RESERVED
+CVE-2021-46423
+ RESERVED
+CVE-2021-46422
+ RESERVED
+CVE-2021-46421
+ RESERVED
+CVE-2021-46420
+ RESERVED
+CVE-2021-46419
+ RESERVED
+CVE-2021-46418
+ RESERVED
+CVE-2021-46417
+ RESERVED
+CVE-2021-46416
+ RESERVED
+CVE-2021-46415
+ RESERVED
+CVE-2021-46414
+ RESERVED
+CVE-2021-46413
+ RESERVED
+CVE-2021-46412
+ RESERVED
+CVE-2021-46411
+ RESERVED
+CVE-2021-46410
+ RESERVED
+CVE-2021-46409
+ RESERVED
+CVE-2021-46408
+ RESERVED
+CVE-2021-46407
+ RESERVED
+CVE-2021-46406
+ RESERVED
+CVE-2021-46405
+ RESERVED
+CVE-2021-46404
+ RESERVED
CVE-2022-23864
RESERVED
CVE-2022-23863
@@ -954,8 +1384,8 @@ CVE-2022-23439
RESERVED
CVE-2022-23438
RESERVED
-CVE-2022-23437
- RESERVED
+CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java
(XercesJ) XML pa ...)
+ TODO: check
CVE-2022-0311
RESERVED
{DSA-5054-1}
@@ -1379,8 +1809,8 @@ CVE-2022-0271
RESERVED
CVE-2022-0270
RESERVED
-CVE-2022-0269
- RESERVED
+CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist
yetiforce/yetiforce-crm ...)
+ TODO: check
CVE-2022-0268
RESERVED
CVE-2022-0267
@@ -2257,8 +2687,8 @@ CVE-2022-23128 (Incomplete List of Disallowed Inputs
vulnerability in Mitsubishi
NOT-FOR-US: Mitsubishi
CVE-2022-23127 (Cross-site Scripting vulnerability in Mitsubishi Electric MC
Works64 v ...)
NOT-FOR-US: Mitsubishi
-CVE-2022-23126
- RESERVED
+CVE-2022-23126 (TeslaMate before 1.25.1 (when using the default Docker
configuration) ...)
+ TODO: check
CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External
Entity R ...)
NOT-FOR-US: corenlp
CVE-2022-0197 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery
(CSRF) ...)
@@ -4792,8 +5222,8 @@ CVE-2022-22298
RESERVED
CVE-2022-22297
RESERVED
-CVE-2022-22296
- RESERVED
+CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System
1.0 is vul ...)
+ TODO: check
CVE-2022-22295
RESERVED
CVE-2022-22294
@@ -5350,7 +5780,7 @@ CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write
in hb_bit_set_invertib
NOTE:
https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81
(2.9.1)
TODO: check correctness of commit, might not affect any Debian released
version
CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has
an out-o ...)
- {DLA-2885-1}
+ {DLA-2895-1 DLA-2885-1}
- qtsvg-opensource-src 5.15.2-4 (bug #1002991)
[bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
@@ -8417,6 +8847,7 @@ CVE-2021-45080
RESERVED
CVE-2021-45079
RESERVED
+ {DSA-5056-1}
- strongswan <unfixed>
NOTE:
https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html
NOTE: Patches: https://download.strongswan.org/security/CVE-2021-45079/
@@ -8906,8 +9337,8 @@ CVE-2021-44983
RESERVED
CVE-2021-44982
RESERVED
-CVE-2021-44981
- RESERVED
+CVE-2021-44981 (In QuickBox Pro v2.5.8 and below, the config.php file has a
variable w ...)
+ TODO: check
CVE-2021-44980
RESERVED
CVE-2021-44979
@@ -9574,8 +10005,8 @@ CVE-2021-23148
RESERVED
CVE-2021-44759
RESERVED
-CVE-2021-4088
- RESERVED
+CVE-2021-4088 (SQL injection vulnerability in Data Loss Protection (DLP) ePO
extensio ...)
+ TODO: check
CVE-2021-4087
RESERVED
CVE-2021-4086
@@ -11594,6 +12025,7 @@ CVE-2021-44079 (In the wazuh-slack active response
script in Wazuh 4.2.x before
NOT-FOR-US: Wazuh
CVE-2021-3996
RESERVED
+ {DSA-5055-1}
- util-linux 2.37.3-1
[buster] - util-linux <not-affected> (Vulnerable code introduced later)
[stretch] - util-linux <not-affected> (Vulnerable code introduced later)
@@ -11603,6 +12035,7 @@ CVE-2021-3996
NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2
CVE-2021-3995
RESERVED
+ {DSA-5055-1}
- util-linux 2.37.3-1
[buster] - util-linux <not-affected> (Vulnerable code introduced later)
[stretch] - util-linux <not-affected> (Vulnerable code introduced later)
@@ -12044,6 +12477,7 @@ CVE-2022-21701 (Istio is an open platform to connect,
manage, and secure microse
CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed
for build ...)
TODO: check
CVE-2022-21699 (IPython (Interactive Python) is a command shell for
interactive comput ...)
+ {DLA-2896-1}
- ipython <unfixed> (bug #1004122)
NOTE:
https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
NOTE: Fixed by:
https://github.com/ipython/ipython/commit/1ec91ebf328bdf3450130de4b4604c79dc1e19d9
@@ -13196,9 +13630,11 @@ CVE-2022-21367 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
- mysql-5.7 <removed>
- mysql-8.0 <unfixed>
CVE-2022-21366 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
CVE-2022-21365 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
@@ -13211,6 +13647,7 @@ CVE-2022-21362 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2022-21361 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
CVE-2022-21360 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
@@ -13252,10 +13689,12 @@ CVE-2022-21343
CVE-2022-21342 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21341 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
CVE-2022-21340 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
@@ -13328,6 +13767,7 @@ CVE-2022-21307 (Vulnerability in the MySQL Cluster
product of Oracle MySQL (comp
CVE-2022-21306 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
CVE-2022-21305 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
@@ -13344,6 +13784,7 @@ CVE-2022-21301 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2022-21300 (Vulnerability in the PeopleSoft Enterprise CS SA Integration
Pack prod ...)
NOT-FOR-US: Oracle
CVE-2022-21299 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
@@ -13352,22 +13793,26 @@ CVE-2022-21298 (Vulnerability in the Oracle Solaris
product of Oracle Systems (c
CVE-2022-21297 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21296 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
CVE-2022-21295 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox <not-affected> (Windows-specific)
CVE-2022-21294 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
CVE-2022-21293 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
CVE-2022-21292 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
CVE-2022-21291 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
@@ -13386,9 +13831,11 @@ CVE-2022-21285 (Vulnerability in the MySQL Cluster
product of Oracle MySQL (comp
CVE-2022-21284 (Vulnerability in the MySQL Cluster product of Oracle MySQL
(component: ...)
NOT-FOR-US: MySQL Cluster
CVE-2022-21283 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
CVE-2022-21282 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
@@ -13401,6 +13848,7 @@ CVE-2022-21279 (Vulnerability in the MySQL Cluster
product of Oracle MySQL (comp
CVE-2022-21278 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21277 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
CVE-2022-21276 (Vulnerability in the Oracle Communications Billing and Revenue
Managem ...)
@@ -13462,6 +13910,7 @@ CVE-2022-21250 (Vulnerability in the Oracle Trade
Management product of Oracle E
CVE-2022-21249 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21248 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5057-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.14+9-1
- openjdk-17 17.0.2+8-1
@@ -14451,8 +14900,8 @@ CVE-2021-43422
RESERVED
CVE-2021-43421
RESERVED
-CVE-2021-43420
- RESERVED
+CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester
Online Paym ...)
+ TODO: check
CVE-2021-43419
RESERVED
CVE-2021-43418
@@ -16191,7 +16640,7 @@ CVE-2021-43115
CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI
CA publis ...)
{DSA-5033-1}
- fort-validator 1.5.2-1
-CVE-2021-43113 (iTextPDF in iText before 7.1.17 allows command injection via a
Compare ...)
+CVE-2021-43113 (iTextPDF in iText 7 and up to 7.1.17 allows command injection
via a Co ...)
NOT-FOR-US: iText
CVE-2021-43112
RESERVED
@@ -19650,8 +20099,8 @@ CVE-2021-42170
RESERVED
CVE-2021-42169 (The Simple Payroll System with Dynamic Tax Bracket in PHP
using SQLite ...)
NOT-FOR-US: Dynamic Tax Bracket in PHP using SQLite Free Source Code
-CVE-2021-42168
- RESERVED
+CVE-2021-42168 (Cross Site Scripting (XSS) in Sourcecodester Try My Recipe
(Recipe Sha ...)
+ TODO: check
CVE-2021-42167
RESERVED
CVE-2021-42166
@@ -20264,12 +20713,12 @@ CVE-2021-41932
RESERVED
CVE-2021-41931 (The Company's Recruitment Management System in id=2 of the
parameter f ...)
NOT-FOR-US: Company's Recruitment Management System
-CVE-2021-41930
- RESERVED
-CVE-2021-41929
- RESERVED
-CVE-2021-41928
- RESERVED
+CVE-2021-41930 (Cross site scripting (XSS) vulnerability in Sourcecodester
Online Covi ...)
+ TODO: check
+CVE-2021-41929 (Cross Site Scripting (XSS) in Sourcecodester The Electric
Billing Mana ...)
+ TODO: check
+CVE-2021-41928 (SQL injection in Sourcecodester Try My Recipe (Recipe Sharing
Website ...)
+ TODO: check
CVE-2021-41927
RESERVED
CVE-2021-41926
@@ -20937,12 +21386,12 @@ CVE-2021-41662
RESERVED
CVE-2021-41661
RESERVED
-CVE-2021-41660
- RESERVED
-CVE-2021-41659
- RESERVED
-CVE-2021-41658
- RESERVED
+CVE-2021-41660 (SQL injection vulnerability in Sourcecodester Patient
Appointment Sche ...)
+ TODO: check
+CVE-2021-41659 (SQL injection vulnerability in Sourcecodester Banking System
v1 by ore ...)
+ TODO: check
+CVE-2021-41658 (Cross Site Scripting (XSS) in Sourcecodester Student Quarterly
Grading ...)
+ TODO: check
CVE-2021-41657
RESERVED
CVE-2021-41656
@@ -21387,10 +21836,10 @@ CVE-2021-41474
RESERVED
CVE-2021-41473
RESERVED
-CVE-2021-41472
- RESERVED
-CVE-2021-41471
- RESERVED
+CVE-2021-41472 (SQL injection vulnerability in Sourcecodester Simple
Membership System ...)
+ TODO: check
+CVE-2021-41471 (SQL injection vulnerability in Sourcecodester South Gate Inn
Online Re ...)
+ TODO: check
CVE-2021-41470
RESERVED
CVE-2021-41469
@@ -22749,12 +23198,12 @@ CVE-2021-40911
RESERVED
CVE-2021-40910
RESERVED
-CVE-2021-40909
- RESERVED
-CVE-2021-40908
- RESERVED
-CVE-2021-40907
- RESERVED
+CVE-2021-40909 (Cross site scripting (XSS) vulnerability in sourcecodester PHP
CRUD wi ...)
+ TODO: check
+CVE-2021-40908 (SQL injection vulnerability in Login.php in Sourcecodester
Purchase Or ...)
+ TODO: check
+CVE-2021-40907 (SQL injection vulnerability in Sourcecodester Storage Unit
Rental Mana ...)
+ TODO: check
CVE-2021-40906
RESERVED
CVE-2021-40905
@@ -23496,8 +23945,8 @@ CVE-2021-40598
RESERVED
CVE-2021-40597
RESERVED
-CVE-2021-40596
- RESERVED
+CVE-2021-40596 (SQL injection vulnerability in Login.php in sourcecodester
Online Lear ...)
+ TODO: check
CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave
Management ...)
NOT-FOR-US: Sourcecodester
CVE-2021-40594
@@ -37254,8 +37703,8 @@ CVE-2021-35007
RESERVED
CVE-2021-35006
RESERVED
-CVE-2021-35005
- RESERVED
+CVE-2021-35005 (This vulnerability allows local attackers to disclose
sensitive inform ...)
+ TODO: check
CVE-2021-35004 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: TP-Link
CVE-2021-35003 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
@@ -45847,7 +46296,7 @@ CVE-2021-31591
RESERVED
CVE-2021-31590 (PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect
JSON Webtok ...)
NOT-FOR-US: PwnDoc
-CVE-2021-31589 (BeyondTrust Secure Remote Access Base Software through 6.0.1
allows an ...)
+CVE-2021-31589 (A cross-site scripting (XSS) vulnerability has been reported
and confi ...)
NOT-FOR-US: BeyondTrust
CVE-2021-31588
RESERVED
@@ -50385,7 +50834,7 @@ CVE-2021-3482 (A flaw was found in Exiv2 in versions
before and including 0.27.4
NOTE:
https://github.com/Exiv2/exiv2/commit/cac151ec052d44da3dc779e9e4028e581acb128a
CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted
svg file]
RESERVED
- {DLA-2885-1}
+ {DLA-2895-1 DLA-2885-1}
- qtsvg-opensource-src 5.15.2-3 (bug #986798)
[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
- qt4-x11 <removed>
@@ -62614,28 +63063,28 @@ CVE-2021-25085
RESERVED
CVE-2021-25084
RESERVED
-CVE-2021-25083
- RESERVED
+CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin
before 2.7. ...)
+ TODO: check
CVE-2021-25082
RESERVED
CVE-2021-25081
RESERVED
-CVE-2021-25080
- RESERVED
-CVE-2021-25079
- RESERVED
-CVE-2021-25078
- RESERVED
+CVE-2021-25080 (The Contact Form Entries WordPress plugin before 1.1.7 does
not valida ...)
+ TODO: check
+CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does
not saniti ...)
+ TODO: check
+CVE-2021-25078 (The Affiliates Manager WordPress plugin before 2.9.0 does not
validate ...)
+ TODO: check
CVE-2021-25077
RESERVED
-CVE-2021-25076
- RESERVED
+CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not
validate ...)
+ TODO: check
CVE-2021-25075
RESERVED
-CVE-2021-25074
- RESERVED
-CVE-2021-25073
- RESERVED
+CVE-2021-25074 (The WebP Converter for Media WordPress plugin before 4.0.3
contains a ...)
+ TODO: check
+CVE-2021-25073 (The WP125 WordPress plugin before 1.5.5 does not have CSRF
checks in v ...)
+ TODO: check
CVE-2021-25072
RESERVED
CVE-2021-25071
@@ -62656,8 +63105,8 @@ CVE-2021-25064
RESERVED
CVE-2021-25063
RESERVED
-CVE-2021-25062
- RESERVED
+CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before
1.1.10 doe ...)
+ TODO: check
CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was
affected by a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25060
@@ -62682,16 +63131,16 @@ CVE-2021-25051 (The Modal Window WordPress plugin
before 5.2.2 within the wow-co
NOT-FOR-US: WordPress plugin
CVE-2021-25050
RESERVED
-CVE-2021-25049
- RESERVED
+CVE-2021-25049 (The Mobile Events Manager WordPress plugin before 1.4.4 does
not sanit ...)
+ TODO: check
CVE-2021-25048
RESERVED
CVE-2021-25047 (The 10Web Social Photo Feed WordPress plugin before 1.4.29 was
affecte ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25046 (The Modern Events Calendar Lite WordPress plugin before 6.2.0
alloed a ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25045
- RESERVED
+CVE-2021-25045 (The Asgaros Forum WordPress plugin before 1.15.15 does not
validate or ...)
+ TODO: check
CVE-2021-25044
RESERVED
CVE-2021-25043 (The WOOCS WordPress plugin before 1.3.7.3 does not sanitise
and escape ...)
@@ -62710,22 +63159,22 @@ CVE-2021-25037 (The All in One SEO WordPress plugin
before 4.1.5.3 is affected b
NOT-FOR-US: WordPress plugin
CVE-2021-25036 (The All in One SEO WordPress plugin before 4.1.5.3 is affected
by a Pr ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25035
- RESERVED
+CVE-2021-25035 (The Backup and Staging by WP Time Capsule WordPress plugin
before 1.22 ...)
+ TODO: check
CVE-2021-25034
RESERVED
CVE-2021-25033
RESERVED
CVE-2021-25032 (The PublishPress Capabilities WordPress plugin before 2.3.1,
PublishPr ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25031
- RESERVED
+CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects,
Lightbox, Co ...)
+ TODO: check
CVE-2021-25030 (The Events Made Easy WordPress plugin before 2.2.36 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25029
RESERVED
-CVE-2021-25028
- RESERVED
+CVE-2021-25028 (The Event Tickets WordPress plugin before 5.2.2 does not
validate the ...)
+ TODO: check
CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before
2.6.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25026
@@ -62746,16 +63195,16 @@ CVE-2021-25019
RESERVED
CVE-2021-25018
RESERVED
-CVE-2021-25017
- RESERVED
+CVE-2021-25017 (The Tutor LMS WordPress plugin before 1.9.12 does not escape
the searc ...)
+ TODO: check
CVE-2021-25016 (The Chaty WordPress plugin before 2.8.3 and Chaty Pro
WordPress plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25015
- RESERVED
+CVE-2021-25015 (The myCred WordPress plugin before 2.4 does not sanitise and
escape th ...)
+ TODO: check
CVE-2021-25014
RESERVED
-CVE-2021-25013
- RESERVED
+CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have
authorisation a ...)
+ TODO: check
CVE-2021-25012
RESERVED
CVE-2021-25011
@@ -62764,8 +63213,8 @@ CVE-2021-25010
RESERVED
CVE-2021-25009
RESERVED
-CVE-2021-25008
- RESERVED
+CVE-2021-25008 (The Code Snippets WordPress plugin before 2.14.3 does not
escape the s ...)
+ TODO: check
CVE-2021-25007
RESERVED
CVE-2021-25006
@@ -62802,16 +63251,16 @@ CVE-2021-24991 (The WooCommerce PDF Invoices &
Packing Slips WordPress plugi
NOT-FOR-US: WordPress plugin
CVE-2021-24990
RESERVED
-CVE-2021-24989
- RESERVED
+CVE-2021-24989 (The Accept Donations with PayPal WordPress plugin before 1.3.4
does no ...)
+ TODO: check
CVE-2021-24988 (The WP RSS Aggregator WordPress plugin before 4.19.3 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24987
RESERVED
CVE-2021-24986
RESERVED
-CVE-2021-24985
- RESERVED
+CVE-2021-24985 (The Easy Forms for Mailchimp WordPress plugin before 6.8.6
does not sa ...)
+ TODO: check
CVE-2021-24984 (The WPFront User Role Editor WordPress plugin before
3.2.1.11184 does ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24983
@@ -62828,12 +63277,12 @@ CVE-2021-24978
RESERVED
CVE-2021-24977
RESERVED
-CVE-2021-24976
- RESERVED
+CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not
sanitise and ...)
+ TODO: check
CVE-2021-24975
RESERVED
-CVE-2021-24974
- RESERVED
+CVE-2021-24974 (The Product Feed PRO for WooCommerce WordPress plugin before
11.0.7 do ...)
+ TODO: check
CVE-2021-24973 (The Site Reviews WordPress plugin before 5.17.3 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24972 (The Pixel Cat WordPress plugin before 2.6.3 does not escape
some of it ...)
@@ -62844,14 +63293,14 @@ CVE-2021-24970 (The All-in-One Video Gallery
WordPress plugin before 2.5.0 does
NOT-FOR-US: WordPress plugin
CVE-2021-24969 (The WordPress Download Manager WordPress plugin before 3.2.22
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24968
- RESERVED
+CVE-2021-24968 (The Ultimate FAQ WordPress plugin before 2.1.2 does not have
capabilit ...)
+ TODO: check
CVE-2021-24967 (The Contact Form & Lead Form Elementor Builder WordPress
plugin be ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24966
RESERVED
-CVE-2021-24965
- RESERVED
+CVE-2021-24965 (The Five Star Restaurant Reservations WordPress plugin before
2.4.8 do ...)
+ TODO: check
CVE-2021-24964 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not
properly ve ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24963 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not
escape the ...)
@@ -62908,8 +63357,8 @@ CVE-2021-24938 (The WOOCS WordPress plugin before
1.3.7.1 does not sanitise and
NOT-FOR-US: WordPress plugin
CVE-2021-24937
RESERVED
-CVE-2021-24936
- RESERVED
+CVE-2021-24936 (The WP Extra File Types WordPress plugin before 0.5.1 does not
have CS ...)
+ TODO: check
CVE-2021-24935 (The WP Google Fonts WordPress plugin before 3.1.5 does not
escape the ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24934
@@ -62934,8 +63383,8 @@ CVE-2021-24925 (The Modern Events Calendar Lite
WordPress plugin before 6.1.5 do
NOT-FOR-US: WordPress plugin
CVE-2021-24924 (The Email Log WordPress plugin before 2.4.8 does not escape
the d para ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24923
- RESERVED
+CVE-2021-24923 (The Newsletter, SMTP, Email marketing and Subscribe forms by
Sendinblu ...)
+ TODO: check
CVE-2021-24922 (The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF
check w ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24921
@@ -62968,8 +63417,8 @@ CVE-2021-24908 (The Check & Log Email WordPress
plugin before 1.0.4 does not
NOT-FOR-US: WordPress plugin
CVE-2021-24907 (The Contact Form, Drag and Drop Form Builder for WordPress
plugin befo ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24906
- RESERVED
+CVE-2021-24906 (The Protect WP Admin WordPress plugin before 3.6.2 does not
check for ...)
+ TODO: check
CVE-2021-24905
RESERVED
CVE-2021-24904
@@ -63050,8 +63499,8 @@ CVE-2021-24867
RESERVED
CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not
properly san ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24865
- RESERVED
+CVE-2021-24865 (The Advanced Custom Fields: Extended WordPress plugin before
0.8.8.7 d ...)
+ TODO: check
CVE-2021-24864
RESERVED
CVE-2021-24863 (The WP Block and Stop Bad Bots Crawlers and Spiders and Anti
Spam Prot ...)
@@ -63064,8 +63513,8 @@ CVE-2021-24860 (The BSK PDF Manager WordPress plugin
before 3.1.2 does not valid
NOT-FOR-US: WordPress plugin
CVE-2021-24859 (The User Meta Shortcodes WordPress plugin through 0.5
registers a shor ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24858
- RESERVED
+CVE-2021-24858 (The Cookie Notification Plugin for WordPress plugin before
1.0.9 does ...)
+ TODO: check
CVE-2021-24857 (The ToTop Link WordPress plugin through 1.7.1 passes base64
encoded us ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24856 (The Shared Files WordPress plugin before 1.6.61 does not
sanitise and ...)
@@ -63314,8 +63763,8 @@ CVE-2021-24735 (The Compact WP Audio Player WordPress
plugin before 1.9.7 does n
NOT-FOR-US: WordPress plugin
CVE-2021-24734 (The Compact WP Audio Player WordPress plugin before 1.9.7 does
not esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24733
- RESERVED
+CVE-2021-24733 (The WP Post Page Clone WordPress plugin before 1.2 allows
users with a ...)
+ TODO: check
CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress – DearFlip
WordPress plu ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24731 (The Registration Forms – User profile, Content
Restriction, Spam ...)
@@ -63388,12 +63837,12 @@ CVE-2021-24698 (The Simple Download Monitor WordPress
plugin before 3.9.6 allows
NOT-FOR-US: WordPress plugin
CVE-2021-24697 (The Simple Download Monitor WordPress plugin before 3.9.5 does
not esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24696
- RESERVED
+CVE-2021-24696 (The Simple Download Monitor WordPress plugin before 3.9.9 does
not enf ...)
+ TODO: check
CVE-2021-24695 (The Simple Download Monitor WordPress plugin before 3.9.6
saves logs i ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24694
- RESERVED
+CVE-2021-24694 (The Simple Download Monitor WordPress plugin before 3.9.11
could allow ...)
+ TODO: check
CVE-2021-24693 (The Simple Download Monitor WordPress plugin before 3.9.5 does
not esc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24692
@@ -63934,8 +64383,8 @@ CVE-2021-24425 (The Floating Notification Bar, Sticky
Menu on Scroll, and Sticky
NOT-FOR-US: WordPress plugin
CVE-2021-24424 (The WP Reset – Most Advanced WordPress Reset Tool
WordPress plug ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24423
- RESERVED
+CVE-2021-24423 (The UpdraftPlus WordPress Backup Plugin WordPress plugin
before 1.6.59 ...)
+ TODO: check
CVE-2021-24422
RESERVED
CVE-2021-24421 (The WP JobSearch WordPress plugin before 1.7.4 did not
sanitise or esc ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/297750265b1ed26557b3032b42675c0d3623d876
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/297750265b1ed26557b3032b42675c0d3623d876
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
