Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
60591c83 by security tracker role at 2022-02-07T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,547 @@
-CVE-2022-24408
+CVE-2022-24665
+ RESERVED
+CVE-2022-24664
+ RESERVED
+CVE-2022-24663
+ RESERVED
+CVE-2022-24662
+ RESERVED
+CVE-2022-24661
+ RESERVED
+CVE-2022-24660
+ RESERVED
+CVE-2022-24659
+ RESERVED
+CVE-2022-24658
+ RESERVED
+CVE-2022-24657
+ RESERVED
+CVE-2022-24656
+ RESERVED
+CVE-2022-24655
+ RESERVED
+CVE-2022-24654
+ RESERVED
+CVE-2022-24653
+ RESERVED
+CVE-2022-24652
+ RESERVED
+CVE-2022-24651
+ RESERVED
+CVE-2022-24650
+ RESERVED
+CVE-2022-24649
+ RESERVED
+CVE-2022-24648
+ RESERVED
+CVE-2022-24647
+ RESERVED
+CVE-2022-24646
+ RESERVED
+CVE-2022-24645
+ RESERVED
+CVE-2022-24644
+ RESERVED
+CVE-2022-24643
+ RESERVED
+CVE-2022-24642
+ RESERVED
+CVE-2022-24641
+ RESERVED
+CVE-2022-24640
+ RESERVED
+CVE-2022-24639
+ RESERVED
+CVE-2022-24638
+ RESERVED
+CVE-2022-24637
+ RESERVED
+CVE-2022-24636
+ RESERVED
+CVE-2022-24635
+ RESERVED
+CVE-2022-24634
+ RESERVED
+CVE-2022-24633
+ RESERVED
+CVE-2022-24632
+ RESERVED
+CVE-2022-24631
+ RESERVED
+CVE-2022-24630
+ RESERVED
+CVE-2022-24629
+ RESERVED
+CVE-2022-24628
+ RESERVED
+CVE-2022-24627
+ RESERVED
+CVE-2022-24626
+ RESERVED
+CVE-2022-24625
+ RESERVED
+CVE-2022-24624
+ RESERVED
+CVE-2022-24623
+ RESERVED
+CVE-2022-24622
+ RESERVED
+CVE-2022-24621
+ RESERVED
+CVE-2022-24620
+ RESERVED
+CVE-2022-24619
+ RESERVED
+CVE-2022-24618
+ RESERVED
+CVE-2022-24617
+ RESERVED
+CVE-2022-24616
+ RESERVED
+CVE-2022-24615
+ RESERVED
+CVE-2022-24614
+ RESERVED
+CVE-2022-24613
+ RESERVED
+CVE-2022-24612
+ RESERVED
+CVE-2022-24611
+ RESERVED
+CVE-2022-24610
+ RESERVED
+CVE-2022-24609
+ RESERVED
+CVE-2022-24608
+ RESERVED
+CVE-2022-24607
+ RESERVED
+CVE-2022-24606
+ RESERVED
+CVE-2022-24605
+ RESERVED
+CVE-2022-24604
+ RESERVED
+CVE-2022-24603
+ RESERVED
+CVE-2022-24602
+ RESERVED
+CVE-2022-24601
+ RESERVED
+CVE-2022-24600
+ RESERVED
+CVE-2022-24599
+ RESERVED
+CVE-2022-24598
+ RESERVED
+CVE-2022-24597
+ RESERVED
+CVE-2022-24596
+ RESERVED
+CVE-2022-24595
+ RESERVED
+CVE-2022-24594
+ RESERVED
+CVE-2022-24593
+ RESERVED
+CVE-2022-24592
+ RESERVED
+CVE-2022-24591
+ RESERVED
+CVE-2022-24590
+ RESERVED
+CVE-2022-24589
+ RESERVED
+CVE-2022-24588
+ RESERVED
+CVE-2022-24587
+ RESERVED
+CVE-2022-24586
+ RESERVED
+CVE-2022-24585
+ RESERVED
+CVE-2022-24584
+ RESERVED
+CVE-2022-24583
+ RESERVED
+CVE-2022-24582
+ RESERVED
+CVE-2022-24581
+ RESERVED
+CVE-2022-24580
+ RESERVED
+CVE-2022-24579
+ RESERVED
+CVE-2022-24578
+ RESERVED
+CVE-2022-24577
+ RESERVED
+CVE-2022-24576
+ RESERVED
+CVE-2022-24575
+ RESERVED
+CVE-2022-24574
+ RESERVED
+CVE-2022-24573
+ RESERVED
+CVE-2022-24572
+ RESERVED
+CVE-2022-24571
+ RESERVED
+CVE-2022-24570
+ RESERVED
+CVE-2022-24569
+ RESERVED
+CVE-2022-24568
+ RESERVED
+CVE-2022-24567
+ RESERVED
+CVE-2022-24566
+ RESERVED
+CVE-2022-24565
+ RESERVED
+CVE-2022-24564
+ RESERVED
+CVE-2022-24563
+ RESERVED
+CVE-2022-24562
+ RESERVED
+CVE-2022-24561
+ RESERVED
+CVE-2022-24560
+ RESERVED
+CVE-2022-24559
+ RESERVED
+CVE-2022-24558
+ RESERVED
+CVE-2022-24557
+ RESERVED
+CVE-2022-24556
+ RESERVED
+CVE-2022-24555
+ RESERVED
+CVE-2022-24554
+ RESERVED
+CVE-2022-24553
+ RESERVED
+CVE-2022-24552 (StarWind SAN and NAS before 0.2 build 1685 allows remote code
executio ...)
+ TODO: check
+CVE-2022-24551 (StarWind SAN and NAS before 0.2 build 1685 allows users to
reset other ...)
+ TODO: check
+CVE-2022-24550
+ RESERVED
+CVE-2022-24549
+ RESERVED
+CVE-2022-24548
+ RESERVED
+CVE-2022-24547
+ RESERVED
+CVE-2022-24546
+ RESERVED
+CVE-2022-24545
+ RESERVED
+CVE-2022-24544
+ RESERVED
+CVE-2022-24543
+ RESERVED
+CVE-2022-24542
+ RESERVED
+CVE-2022-24541
+ RESERVED
+CVE-2022-24540
+ RESERVED
+CVE-2022-24539
+ RESERVED
+CVE-2022-24538
+ RESERVED
+CVE-2022-24537
+ RESERVED
+CVE-2022-24536
+ RESERVED
+CVE-2022-24535
+ RESERVED
+CVE-2022-24534
+ RESERVED
+CVE-2022-24533
+ RESERVED
+CVE-2022-24532
+ RESERVED
+CVE-2022-24531
+ RESERVED
+CVE-2022-24530
+ RESERVED
+CVE-2022-24529
+ RESERVED
+CVE-2022-24528
+ RESERVED
+CVE-2022-24527
+ RESERVED
+CVE-2022-24526
+ RESERVED
+CVE-2022-24525
+ RESERVED
+CVE-2022-24524
+ RESERVED
+CVE-2022-24523
RESERVED
-CVE-2022-0501
+CVE-2022-24522
RESERVED
+CVE-2022-24521
+ RESERVED
+CVE-2022-24520
+ RESERVED
+CVE-2022-24519
+ RESERVED
+CVE-2022-24518
+ RESERVED
+CVE-2022-24517
+ RESERVED
+CVE-2022-24516
+ RESERVED
+CVE-2022-24515
+ RESERVED
+CVE-2022-24514
+ RESERVED
+CVE-2022-24513
+ RESERVED
+CVE-2022-24512
+ RESERVED
+CVE-2022-24511
+ RESERVED
+CVE-2022-24510
+ RESERVED
+CVE-2022-24509
+ RESERVED
+CVE-2022-24508
+ RESERVED
+CVE-2022-24507
+ RESERVED
+CVE-2022-24506
+ RESERVED
+CVE-2022-24505
+ RESERVED
+CVE-2022-24504
+ RESERVED
+CVE-2022-24503
+ RESERVED
+CVE-2022-24502
+ RESERVED
+CVE-2022-24501
+ RESERVED
+CVE-2022-24500
+ RESERVED
+CVE-2022-24499
+ RESERVED
+CVE-2022-24498
+ RESERVED
+CVE-2022-24497
+ RESERVED
+CVE-2022-24496
+ RESERVED
+CVE-2022-24495
+ RESERVED
+CVE-2022-24494
+ RESERVED
+CVE-2022-24493
+ RESERVED
+CVE-2022-24492
+ RESERVED
+CVE-2022-24491
+ RESERVED
+CVE-2022-24490
+ RESERVED
+CVE-2022-24489
+ RESERVED
+CVE-2022-24488
+ RESERVED
+CVE-2022-24487
+ RESERVED
+CVE-2022-24486
+ RESERVED
+CVE-2022-24485
+ RESERVED
+CVE-2022-24484
+ RESERVED
+CVE-2022-24483
+ RESERVED
+CVE-2022-24482
+ RESERVED
+CVE-2022-24481
+ RESERVED
+CVE-2022-24480
+ RESERVED
+CVE-2022-24479
+ RESERVED
+CVE-2022-24478
+ RESERVED
+CVE-2022-24477
+ RESERVED
+CVE-2022-24476
+ RESERVED
+CVE-2022-24475
+ RESERVED
+CVE-2022-24474
+ RESERVED
+CVE-2022-24473
+ RESERVED
+CVE-2022-24472
+ RESERVED
+CVE-2022-24471
+ RESERVED
+CVE-2022-24470
+ RESERVED
+CVE-2022-24469
+ RESERVED
+CVE-2022-24468
+ RESERVED
+CVE-2022-24467
+ RESERVED
+CVE-2022-24466
+ RESERVED
+CVE-2022-24465
+ RESERVED
+CVE-2022-24464
+ RESERVED
+CVE-2022-24463
+ RESERVED
+CVE-2022-24462
+ RESERVED
+CVE-2022-24461
+ RESERVED
+CVE-2022-24460
+ RESERVED
+CVE-2022-24459
+ RESERVED
+CVE-2022-24458
+ RESERVED
+CVE-2022-24457
+ RESERVED
+CVE-2022-24456
+ RESERVED
+CVE-2022-24455
+ RESERVED
+CVE-2022-24454
+ RESERVED
+CVE-2022-24453
+ RESERVED
+CVE-2022-24452
+ RESERVED
+CVE-2022-24451
+ RESERVED
+CVE-2022-24450
+ RESERVED
+CVE-2022-24449
+ RESERVED
+CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel
before 5.1 ...)
+ TODO: check
+CVE-2022-24447
+ RESERVED
+CVE-2022-24446
+ RESERVED
+CVE-2022-24445
+ RESERVED
+CVE-2022-24444
+ RESERVED
+CVE-2022-24443
+ RESERVED
+CVE-2022-24442
+ RESERVED
+CVE-2022-24428
+ RESERVED
+CVE-2022-24427
+ RESERVED
+CVE-2022-24426
+ RESERVED
+CVE-2022-24425
+ RESERVED
+CVE-2022-24424
+ RESERVED
+CVE-2022-24423
+ RESERVED
+CVE-2022-24422
+ RESERVED
+CVE-2022-24421
+ RESERVED
+CVE-2022-24420
+ RESERVED
+CVE-2022-24419
+ RESERVED
+CVE-2022-24418
+ RESERVED
+CVE-2022-24417
+ RESERVED
+CVE-2022-24416
+ RESERVED
+CVE-2022-24415
+ RESERVED
+CVE-2022-24414
+ RESERVED
+CVE-2022-24413
+ RESERVED
+CVE-2022-24412
+ RESERVED
+CVE-2022-24411
+ RESERVED
+CVE-2022-24410
+ RESERVED
+CVE-2022-24409
+ RESERVED
+CVE-2022-24380
+ RESERVED
+CVE-2022-22147
+ RESERVED
+CVE-2022-21130
+ RESERVED
+CVE-2022-0515
+ RESERVED
+CVE-2022-0514
+ RESERVED
+CVE-2022-0513
+ RESERVED
+CVE-2022-0512
+ RESERVED
+CVE-2022-0511
+ RESERVED
+CVE-2022-0510
+ RESERVED
+CVE-2022-0509
+ RESERVED
+CVE-2022-0508
+ RESERVED
+CVE-2022-0507
+ RESERVED
+CVE-2022-0506
+ RESERVED
+CVE-2022-0505
+ RESERVED
+CVE-2022-0504
+ RESERVED
+CVE-2022-0503
+ RESERVED
+CVE-2022-0502 (Cross-site Scripting (XSS) - Stored in Packagist
remdex/livehelperchat ...)
+ TODO: check
+CVE-2021-46675
+ RESERVED
+CVE-2021-46674
+ RESERVED
+CVE-2021-46673
+ RESERVED
+CVE-2021-46672
+ RESERVED
+CVE-2013-20004 (StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory
leak. ...)
+ TODO: check
+CVE-2007-20001 (StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket
exhaustio ...)
+ TODO: check
+CVE-2022-24408
+ RESERVED
+CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist
ptrofimov/beanstal ...)
+ TODO: check
CVE-2022-0500
RESERVED
CVE-2022-0499
RESERVED
CVE-2022-0498
- RESERVED
+ REJECTED
CVE-2022-0497
RESERVED
CVE-2022-0496
@@ -18,7 +552,7 @@ CVE-2022-0494
RESERVED
CVE-2022-0493
RESERVED
-CVE-2021-46671 [information leak]
+CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an
array, and co ...)
- atftp 0.7.git20210915-1 (bug #1004974)
[bullseye] - atftp <no-dsa> (Minor issue)
[buster] - atftp <no-dsa> (Minor issue)
@@ -106,8 +640,7 @@ CVE-2022-24384
RESERVED
CVE-2022-21241
RESERVED
-CVE-2022-0487 [Use after free in moxart_remove]
- RESERVED
+CVE-2022-0487 (A use-after-free vulnerability was found in
rtsx_usb_ms_drv_remove in ...)
- linux <unfixed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1194516
NOTE:
https://lore.kernel.org/all/[email protected]/
@@ -115,8 +648,8 @@ CVE-2022-0486
RESERVED
CVE-2022-0485
RESERVED
-CVE-2022-0484
- RESERVED
+CVE-2022-0484 (Lack of validation of URLs causes Mirantis Container Cloud Lens
Extens ...)
+ TODO: check
CVE-2022-0483
RESERVED
CVE-2022-0482
@@ -169,8 +702,8 @@ CVE-2022-24350
RESERVED
CVE-2022-24349
RESERVED
-CVE-2022-24348
- RESERVED
+CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory
traversal ...)
+ TODO: check
CVE-2022-24347
RESERVED
CVE-2022-24346
@@ -237,8 +770,8 @@ CVE-2022-21194
RESERVED
CVE-2022-21177
RESERVED
-CVE-2022-0481
- RESERVED
+CVE-2022-0481 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
+ TODO: check
CVE-2022-24324
RESERVED
CVE-2022-24323
@@ -283,10 +816,10 @@ CVE-2022-0476
RESERVED
CVE-2022-0475
RESERVED
-CVE-2022-0474
- RESERVED
-CVE-2022-0473
- RESERVED
+CVE-2022-0474 (Full list of recipients from customer users in a contact field
could b ...)
+ TODO: check
+CVE-2022-0473 (OTRS administrators can configure dynamic field and inject
malicious J ...)
+ TODO: check
CVE-2022-24308
RESERVED
CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect
access cont ...)
@@ -307,8 +840,8 @@ CVE-2022-24295
RESERVED
CVE-2022-22986
RESERVED
-CVE-2022-0472
- RESERVED
+CVE-2022-0472 (Unrestricted Upload of File with Dangerous Type in Packagist
jsdecena/ ...)
+ TODO: check
CVE-2022-0471
RESERVED
CVE-2022-24294
@@ -468,8 +1001,8 @@ CVE-2022-24284
RESERVED
CVE-2022-24283
RESERVED
-CVE-2022-0437
- RESERVED
+CVE-2022-0437 (Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.
...)
+ TODO: check
CVE-2022-0436
RESERVED
CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a
convert_const_to_ ...)
@@ -600,14 +1133,14 @@ CVE-2022-24264 (Cuppa CMS v1.0 was discovered to contain
a SQL injection vulnera
NOT-FOR-US: Cuppa CMS
CVE-2022-24263 (Hospital Management System v4.0 was discovered to contain a
SQL inject ...)
NOT-FOR-US: Hospital Management System
-CVE-2022-24262
- RESERVED
+CVE-2022-24262 (The config restore function of Voipmonitor GUI before v24.96
does not ...)
+ TODO: check
CVE-2022-24261
RESERVED
-CVE-2022-24260
- RESERVED
-CVE-2022-24259
- RESERVED
+CVE-2022-24260 (A SQL injection vulnerability in Voipmonitor GUI before v24.96
allows ...)
+ TODO: check
+CVE-2022-24259 (An incorrect check in the component cdr.php of Voipmonitor GUI
before ...)
+ TODO: check
CVE-2022-24258
RESERVED
CVE-2022-24257
@@ -626,8 +1159,8 @@ CVE-2022-24251
RESERVED
CVE-2022-24250
RESERVED
-CVE-2022-24249
- RESERVED
+CVE-2022-24249 (A Null Pointer Dereference vulnerability exists in GPAC 1.1.0
via the ...)
+ TODO: check
CVE-2022-24248
RESERVED
CVE-2022-24247
@@ -883,6 +1416,7 @@ CVE-2022-0416
CVE-2022-0415
RESERVED
CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows
attacke ...)
+ {DLA-2913-1}
- xterm 370-2 (bug #1004689)
[bullseye] - xterm <no-dsa> (Minor issue)
[buster] - xterm <no-dsa> (Minor issue)
@@ -890,8 +1424,7 @@ CVE-2022-24130 (xterm through Patch 370, when Sixel
support is enabled, allows a
NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/2
NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/3
NOTE:
https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d
-CVE-2022-24129
- RESERVED
+CVE-2022-24129 (The OIDC OP plugin before 3.0.4 for Shibboleth Identity
Provider allow ...)
NOT-FOR-US: Shibboleth identity provider OIDC OP plugin
CVE-2022-24128
RESERVED
@@ -960,12 +1493,12 @@ CVE-2022-24117
RESERVED
CVE-2022-24116
RESERVED
-CVE-2022-24115
- RESERVED
-CVE-2022-24114
- RESERVED
-CVE-2022-24113
- RESERVED
+CVE-2022-24115 (Local privilege escalation due to unrestricted loading of
unsigned lib ...)
+ TODO: check
+CVE-2022-24114 (Local privilege escalation due to race condition on
application startu ...)
+ TODO: check
+CVE-2022-24113 (Local privilege escalation due to excessive permissions
assigned to ch ...)
+ TODO: check
CVE-2022-0409
RESERVED
CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
@@ -1191,8 +1724,8 @@ CVE-2022-24036
RESERVED
CVE-2022-23921
RESERVED
-CVE-2022-22987
- RESERVED
+CVE-2022-22987 (The affected product has a hardcoded private key available
inside the ...)
+ TODO: check
CVE-2022-21798
RESERVED
CVE-2022-21154
@@ -1542,8 +2075,8 @@ CVE-2022-23982
RESERVED
CVE-2022-23981
RESERVED
-CVE-2022-23980
- RESERVED
+CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr
– Ye ...)
+ TODO: check
CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2022-23978
@@ -1564,10 +2097,10 @@ CVE-2022-0382 [net ticp:fix a kernel-infoleak in
__tipc_sendmsg()]
RESERVED
- linux 5.15.15-1
NOTE: Fixed by:
https://git.kernel.org/linus/d6d86830705f173fca6087a3e67ceaf68db80523
-CVE-2022-0381
- RESERVED
-CVE-2022-0380
- RESERVED
+CVE-2022-0381 (The Embed Swagger WordPress plugin is vulnerable to Reflected
Cross-Si ...)
+ TODO: check
+CVE-2022-0380 (The Fotobook WordPress plugin is vulnerable to Reflected
Cross-Site Sc ...)
+ TODO: check
CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist
microweber/microweber ...)
NOT-FOR-US: microweber
CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist
microweber/microwe ...)
@@ -1586,10 +2119,10 @@ CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in
Packagist bytefury/crater
NOT-FOR-US: Crater
CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE
Services API 1. ...)
NOT-FOR-US: controller/org.controller/org.controller.js in the CVE
Services API
-CVE-2018-25029
- RESERVED
-CVE-2013-20003
- RESERVED
+CVE-2018-25029 (The Z-Wave specification requires that S2 security can be
downgraded t ...)
+ TODO: check
+CVE-2013-20003 (Z-Wave devices from Sierra Designs (circa 2013) and Silicon
Labs (usin ...)
+ TODO: check
CVE-2022-23973
RESERVED
CVE-2022-23972
@@ -1658,10 +2191,10 @@ CVE-2021-46559 (The firmware on Moxa TN-5900 devices
through 3.1 has a weak algo
NOT-FOR-US: Moxa
CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in
the relea ...)
NOT-FOR-US: Bromite
-CVE-2022-23947
- RESERVED
-CVE-2022-23946
- RESERVED
+CVE-2022-23947 (A stack-based buffer overflow vulnerability exists in the
Gerber Viewe ...)
+ TODO: check
+CVE-2022-23946 (A stack-based buffer overflow vulnerability exists in the
Gerber Viewe ...)
+ TODO: check
CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP.
This iss ...)
NOT-FOR-US: Apache ShenYu Admin
CVE-2022-23944 (User can access /plugin api without authentication. This issue
affecte ...)
@@ -1682,8 +2215,8 @@ CVE-2022-0367
RESERVED
CVE-2022-0366 (An authenticated and authorized agent user could potentially
gain admi ...)
NOT-FOR-US: Sophos
-CVE-2022-0365
- RESERVED
+CVE-2022-0365 (The affected product is vulnerable to an authenticated OS
command inje ...)
+ TODO: check
CVE-2022-0364
RESERVED
CVE-2022-0363
@@ -1789,8 +2322,8 @@ CVE-2021-4211
RESERVED
CVE-2021-4210
RESERVED
-CVE-2022-23913
- RESERVED
+CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an
attacker coul ...)
+ TODO: check
CVE-2022-23912
RESERVED
CVE-2022-23911
@@ -2308,7 +2841,7 @@ CVE-2022-23839
RESERVED
CVE-2022-23838
RESERVED
-CVE-2022-23837 (In api.rb in Sidekiq before 6.4.0, there is no limit on the
number of ...)
+CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no
limit on the ...)
- ruby-sidekiq <unfixed> (bug #1004193)
NOTE:
https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
(v6.4.0)
CVE-2022-23836
@@ -2426,8 +2959,8 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9
before 4.9.8 and 5.1 b
NOTE: 2FA support is not packaged in Debian
CVE-2022-23806
RESERVED
-CVE-2022-23805
- RESERVED
+CVE-2022-23805 (A security out-of-bounds read information disclosure
vulnerability in ...)
+ TODO: check
CVE-2022-23804
RESERVED
CVE-2022-23803
@@ -2514,8 +3047,8 @@ CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim
prior to 8.2. ...)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08
NOTE:
https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc
(v8.2.4151)
-CVE-2022-0317
- RESERVED
+CVE-2022-0317 (An improper input validation vulnerability in go-attestation
before 0. ...)
+ TODO: check
CVE-2022-0316
RESERVED
CVE-2022-0315
@@ -2850,18 +3383,18 @@ CVE-2022-23616
RESERVED
CVE-2022-23615
RESERVED
-CVE-2022-23614
- RESERVED
+CVE-2022-23614 (Twig is an open source template language for PHP. When in a
sandbox mo ...)
+ TODO: check
CVE-2022-23613
RESERVED
CVE-2022-23612
RESERVED
-CVE-2022-23611
- RESERVED
+CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on
Windows ...)
+ TODO: check
CVE-2022-23610
RESERVED
-CVE-2022-23609
- RESERVED
+CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on
Windows ...)
+ TODO: check
CVE-2022-23608
RESERVED
CVE-2022-23607 (treq is an HTTP library inspired by requests but written on
top of Twi ...)
@@ -2870,8 +3403,8 @@ CVE-2022-23607 (treq is an HTTP library inspired by
requests but written on top
NOTE:
https://github.com/twisted/treq/commit/1da6022cc880bbcff59321abe02bf8498b89efb2
(release-22.1.0)
CVE-2022-23606
RESERVED
-CVE-2022-23605
- RESERVED
+CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol.
In versio ...)
+ TODO: check
CVE-2022-23604
RESERVED
CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application
for use wi ...)
@@ -2882,8 +3415,8 @@ CVE-2022-23601 (Symfony is a PHP framework for web and
console applications and
- symfony <not-affected> (Vulnerable code not present; no Debian
released version contained the vulnerable code)
NOTE:
https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms
NOTE:
https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50
-CVE-2022-23600
- RESERVED
+CVE-2022-23600 (fleet is an open source device management, built on osquery.
Versions ...)
+ TODO: check
CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone
2.1 - 4.3 ...)
NOT-FOR-US: Plone
CVE-2022-23598 (laminas-form is a package for validating and displaying simple
and com ...)
@@ -2892,84 +3425,84 @@ CVE-2022-23597 (Element Desktop is a Matrix client for
desktop platforms with El
NOT-FOR-US: Element Desktop
CVE-2022-23596 (Junrar is an open source java RAR archive library. In affected
version ...)
NOT-FOR-US: Junrar
-CVE-2022-23595
- RESERVED
-CVE-2022-23594
- RESERVED
-CVE-2022-23593
- RESERVED
-CVE-2022-23592
- RESERVED
-CVE-2022-23591
- RESERVED
-CVE-2022-23590
- RESERVED
-CVE-2022-23589
- RESERVED
-CVE-2022-23588
- RESERVED
-CVE-2022-23587
- RESERVED
-CVE-2022-23586
- RESERVED
-CVE-2022-23585
- RESERVED
-CVE-2022-23584
- RESERVED
-CVE-2022-23583
- RESERVED
-CVE-2022-23582
- RESERVED
-CVE-2022-23581
- RESERVED
-CVE-2022-23580
- RESERVED
-CVE-2022-23579
- RESERVED
-CVE-2022-23578
- RESERVED
-CVE-2022-23577
- RESERVED
-CVE-2022-23576
- RESERVED
-CVE-2022-23575
- RESERVED
-CVE-2022-23574
- RESERVED
-CVE-2022-23573
- RESERVED
-CVE-2022-23572
- RESERVED
-CVE-2022-23571
- RESERVED
-CVE-2022-23570
- RESERVED
+CVE-2022-23595 (Tensorflow is an Open Source Machine Learning Framework. When
building ...)
+ TODO: check
+CVE-2022-23594 (Tensorflow is an Open Source Machine Learning Framework. The
TFG diale ...)
+ TODO: check
+CVE-2022-23593 (Tensorflow is an Open Source Machine Learning Framework. The
`simplify ...)
+ TODO: check
+CVE-2022-23592 (Tensorflow is an Open Source Machine Learning Framework.
TensorFlow's ...)
+ TODO: check
+CVE-2022-23591 (Tensorflow is an Open Source Machine Learning Framework. The
`GraphDef ...)
+ TODO: check
+CVE-2022-23590 (Tensorflow is an Open Source Machine Learning Framework. A
`GraphDef` ...)
+ TODO: check
+CVE-2022-23589 (Tensorflow is an Open Source Machine Learning Framework. Under
certain ...)
+ TODO: check
+CVE-2022-23588 (Tensorflow is an Open Source Machine Learning Framework. A
malicious u ...)
+ TODO: check
+CVE-2022-23587 (Tensorflow is an Open Source Machine Learning Framework. Under
certain ...)
+ TODO: check
+CVE-2022-23586 (Tensorflow is an Open Source Machine Learning Framework. A
malicious u ...)
+ TODO: check
+CVE-2022-23585 (Tensorflow is an Open Source Machine Learning Framework. When
decoding ...)
+ TODO: check
+CVE-2022-23584 (Tensorflow is an Open Source Machine Learning Framework. A
malicious u ...)
+ TODO: check
+CVE-2022-23583 (Tensorflow is an Open Source Machine Learning Framework. A
malicious u ...)
+ TODO: check
+CVE-2022-23582 (Tensorflow is an Open Source Machine Learning Framework. A
malicious u ...)
+ TODO: check
+CVE-2022-23581 (Tensorflow is an Open Source Machine Learning Framework. The
Grappler ...)
+ TODO: check
+CVE-2022-23580 (Tensorflow is an Open Source Machine Learning Framework.
During shape ...)
+ TODO: check
+CVE-2022-23579 (Tensorflow is an Open Source Machine Learning Framework. The
Grappler ...)
+ TODO: check
+CVE-2022-23578 (Tensorflow is an Open Source Machine Learning Framework. If a
graph no ...)
+ TODO: check
+CVE-2022-23577 (Tensorflow is an Open Source Machine Learning Framework. The
implement ...)
+ TODO: check
+CVE-2022-23576 (Tensorflow is an Open Source Machine Learning Framework. The
implement ...)
+ TODO: check
+CVE-2022-23575 (Tensorflow is an Open Source Machine Learning Framework. The
implement ...)
+ TODO: check
+CVE-2022-23574 (Tensorflow is an Open Source Machine Learning Framework. There
is a ty ...)
+ TODO: check
+CVE-2022-23573 (Tensorflow is an Open Source Machine Learning Framework. The
implement ...)
+ TODO: check
+CVE-2022-23572 (Tensorflow is an Open Source Machine Learning Framework. Under
certain ...)
+ TODO: check
+CVE-2022-23571 (Tensorflow is an Open Source Machine Learning Framework. When
decoding ...)
+ TODO: check
+CVE-2022-23570 (Tensorflow is an Open Source Machine Learning Framework. When
decoding ...)
+ TODO: check
CVE-2022-23569 (Tensorflow is an Open Source Machine Learning Framework.
Multiple oper ...)
- tensorflow <itp> (bug #804612)
CVE-2022-23568 (Tensorflow is an Open Source Machine Learning Framework. The
implement ...)
- tensorflow <itp> (bug #804612)
CVE-2022-23567 (Tensorflow is an Open Source Machine Learning Framework. The
implement ...)
- tensorflow <itp> (bug #804612)
-CVE-2022-23566
- RESERVED
-CVE-2022-23565
- RESERVED
-CVE-2022-23564
- RESERVED
-CVE-2022-23563
- RESERVED
-CVE-2022-23562
- RESERVED
-CVE-2022-23561
- RESERVED
-CVE-2022-23560
- RESERVED
-CVE-2022-23559
- RESERVED
-CVE-2022-23558
- RESERVED
-CVE-2022-23557
- RESERVED
+CVE-2022-23566 (Tensorflow is an Open Source Machine Learning Framework.
TensorFlow is ...)
+ TODO: check
+CVE-2022-23565 (Tensorflow is an Open Source Machine Learning Framework. An
attacker c ...)
+ TODO: check
+CVE-2022-23564 (Tensorflow is an Open Source Machine Learning Framework. When
decoding ...)
+ TODO: check
+CVE-2022-23563 (Tensorflow is an Open Source Machine Learning Framework. In
multiple p ...)
+ TODO: check
+CVE-2022-23562 (Tensorflow is an Open Source Machine Learning Framework. The
implement ...)
+ TODO: check
+CVE-2022-23561 (Tensorflow is an Open Source Machine Learning Framework. An
attacker c ...)
+ TODO: check
+CVE-2022-23560 (Tensorflow is an Open Source Machine Learning Framework. An
attacker c ...)
+ TODO: check
+CVE-2022-23559 (Tensorflow is an Open Source Machine Learning Framework. An
attacker c ...)
+ TODO: check
+CVE-2022-23558 (Tensorflow is an Open Source Machine Learning Framework. An
attacker c ...)
+ TODO: check
+CVE-2022-23557 (Tensorflow is an Open Source Machine Learning Framework. An
attacker c ...)
+ TODO: check
CVE-2022-23556
RESERVED
CVE-2022-23555
@@ -3510,8 +4043,8 @@ CVE-2022-23381
RESERVED
CVE-2022-23380
RESERVED
-CVE-2022-23379
- RESERVED
+CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection
vulnerability via ...)
+ TODO: check
CVE-2022-23378
RESERVED
CVE-2022-23377
@@ -3608,10 +4141,10 @@ CVE-2022-23332
RESERVED
CVE-2022-23331
RESERVED
-CVE-2022-23330
- RESERVED
-CVE-2022-23329
- RESERVED
+CVE-2022-23330 (A remote code execution (RCE) vulnerability in
HelloWorldAddonControll ...)
+ TODO: check
+CVE-2022-23329 (A vulnerability in
${"freemarker.template.utility.Execute"?new() of UJ ...)
+ TODO: check
CVE-2022-23328
RESERVED
CVE-2022-23327
@@ -3628,8 +4161,8 @@ CVE-2022-23322
RESERVED
CVE-2022-23321
RESERVED
-CVE-2022-23320
- RESERVED
+CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate
reports ...)
+ TODO: check
CVE-2022-23319
RESERVED
CVE-2022-23318
@@ -3668,7 +4201,7 @@ CVE-2022-0267
RESERVED
CVE-2021-46399
RESERVED
-CVE-2021-46398 (A Cross-Site Request Forgery (CSRF) vulnerability exists in
Filebrowse ...)
+CVE-2021-46398 (A Cross-Site Request Forgery vulnerability exists in
Filebrowser < ...)
TODO: check
CVE-2021-46397
RESERVED
@@ -3686,8 +4219,8 @@ CVE-2021-46391
RESERVED
CVE-2021-46390
RESERVED
-CVE-2021-46389
- RESERVED
+CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to
commit 882925 ...)
+ TODO: check
CVE-2021-46388
RESERVED
CVE-2021-46387
@@ -3746,8 +4279,8 @@ CVE-2021-46361
RESERVED
CVE-2021-46360
RESERVED
-CVE-2021-46359
- RESERVED
+CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service
vulnerabilit ...)
+ TODO: check
CVE-2021-46358
RESERVED
CVE-2021-46357
@@ -3986,8 +4519,7 @@ CVE-2022-23303 (The implementations of SAE in hostapd
before 2.10 and wpa_suppli
[stretch] - wpa <not-affected> (CVE-2019-9494 was not applied and is
marked as ignored)
NOTE: https://w1.fi/security/2022-1/
NOTE: Issue exists because of an incomplete fix for CVE-2019-9494
-CVE-2022-0264 [bpf: Fix kernel address leakage in atomic fetch]
- RESERVED
+CVE-2022-0264 (A vulnerability was found in the Linux kernel's eBPF verifier
when han ...)
- linux 5.15.5-2
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -4097,12 +4629,12 @@ CVE-2022-23265
RESERVED
CVE-2022-23264
RESERVED
-CVE-2022-23263
- RESERVED
-CVE-2022-23262
- RESERVED
-CVE-2022-23261
- RESERVED
+CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-23262 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-23261 (Microsoft Edge (Chromium-based) Tampering Vulnerability. ...)
+ TODO: check
CVE-2022-23260
RESERVED
CVE-2022-23259
@@ -4255,8 +4787,8 @@ CVE-2022-23208
RESERVED
CVE-2022-23207
RESERVED
-CVE-2022-0227
- RESERVED
+CVE-2022-0227 (Business Logic Errors in GitHub repository
silverstripe/silverstripe-f ...)
+ TODO: check
CVE-2021-46303
RESERVED
CVE-2021-46302
@@ -4314,8 +4846,8 @@ CVE-2022-0220 (The check_privacy_settings AJAX action of
the WordPress GDPR Word
NOT-FOR-US: WordPress plugin
CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub
reposi ...)
NOT-FOR-US: jadx
-CVE-2022-0218
- RESERVED
+CVE-2022-0218 (The WP HTML Mail WordPress plugin is vulnerable to unauthorized
access ...)
+ TODO: check
CVE-2022-0216
RESERVED
CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock
notifier ...)
@@ -4334,8 +4866,8 @@ CVE-2022-0211
RESERVED
CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP
Google Map ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-44779
- RESERVED
+CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered
in [GWA] ...)
+ TODO: check
CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to
single or ...)
NOT-FOR-US: WordPress plugin
CVE-2021-44760
@@ -4358,8 +4890,7 @@ CVE-2021-23174 (Authenticated (admin+) Persistent
Cross-Site Scripting (XSS) vul
NOT-FOR-US: WordPress plugin
CVE-2021-23150
RESERVED
-CVE-2022-23206
- RESERVED
+CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6,
an unpr ...)
NOT-FOR-US: Apache Traffic Control
CVE-2022-23205
RESERVED
@@ -4403,8 +4934,8 @@ CVE-2022-23186
RESERVED
CVE-2022-23185
RESERVED
-CVE-2022-23184
- RESERVED
+CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and
HTTPS bin ...)
+ TODO: check
CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time
of use ...)
- tomcat9 <unfixed>
- tomcat8 <removed>
@@ -5057,8 +5588,8 @@ CVE-2022-22941
RESERVED
CVE-2022-22940
RESERVED
-CVE-2022-22939
- RESERVED
+CVE-2022-22939 (VMware Cloud Foundation contains an information disclosure
vulnerabili ...)
+ TODO: check
CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client
for Windo ...)
NOT-FOR-US: VMware
CVE-2022-22937
@@ -5073,8 +5604,7 @@ CVE-2022-22933
RESERVED
CVE-2022-22932 (Apache Karaf obr:* commands and run goal on the
karaf-maven-plugin hav ...)
- apache-karaf <itp> (bug #881297)
-CVE-2022-22931
- RESERVED
+CVE-2022-22931 (Fix of CVE-2021-40525 do not prepend delimiters upon valid
directory v ...)
NOT-FOR-US: Apache James
CVE-2022-22930 (A remote code execution (RCE) vulnerability in the Template
Management ...)
NOT-FOR-US: MCMS
@@ -5622,12 +6152,12 @@ CVE-2022-22835
RESERVED
CVE-2022-22834
RESERVED
-CVE-2022-22833
- RESERVED
-CVE-2022-22832
- RESERVED
-CVE-2022-22831
- RESERVED
+CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker
can obta ...)
+ TODO: check
+CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2.
Authorization data i ...)
+ TODO: check
+CVE-2022-22831 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker
can add ...)
+ TODO: check
CVE-2022-22830
RESERVED
CVE-2022-22829
@@ -5735,8 +6265,8 @@ CVE-2022-22806
RESERVED
CVE-2022-22805
RESERVED
-CVE-2022-22804
- RESERVED
+CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
+ TODO: check
CVE-2022-22803
RESERVED
CVE-2022-22802
@@ -5989,10 +6519,10 @@ CVE-2022-0151 (An issue has been discovered in GitLab
affecting all versions sta
- gitlab <unfixed>
CVE-2022-0150
RESERVED
-CVE-2022-0149
- RESERVED
-CVE-2022-0148
- RESERVED
+CVE-2022-0149 (The WooCommerce WordPress plugin before 2.7.1 was affected by a
Reflec ...)
+ TODO: check
+CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+
Social Icon ...)
+ TODO: check
CVE-2022-0147
RESERVED
CVE-2022-0146
@@ -6055,18 +6585,18 @@ CVE-2021-46146 (An issue was discovered in MediaWiki
before 1.35.5, 1.36.x befor
NOT-FOR-US: MediaWiki extension WikiBaseMediainfo
CVE-2022-22728
RESERVED
-CVE-2022-22727
- RESERVED
-CVE-2022-22726
- RESERVED
-CVE-2022-22725
- RESERVED
-CVE-2022-22724
- RESERVED
-CVE-2022-22723
- RESERVED
-CVE-2022-22722
- RESERVED
+CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that
could al ...)
+ TODO: check
+CVE-2022-22726 (A CWE-20: Improper Input Validation vulnerability exists that
could al ...)
+ TODO: check
+CVE-2022-22725 (A CWE-120: Buffer Copy without Checking Size of Input
vulnerability ex ...)
+ TODO: check
+CVE-2022-22724 (A CWE-400: Uncontrolled Resource Consumption vulnerability
exists that ...)
+ TODO: check
+CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input
vulnerability ex ...)
+ TODO: check
+CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists
that cou ...)
+ TODO: check
CVE-2022-22721
RESERVED
CVE-2022-22720
@@ -6162,8 +6692,8 @@ CVE-2022-22691 (The password reset component deployed
within Umbraco uses the ho
NOT-FOR-US: Umbraco CMS
CVE-2022-22690 (Within the Umbraco CMS, a configuration element named
"UmbracoApplicat ...)
NOT-FOR-US: Umbraco CMS
-CVE-2022-22689
- RESERVED
+CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4,
14.0.0, an ...)
+ TODO: check
CVE-2022-22688
RESERVED
CVE-2022-22687
@@ -6180,12 +6710,12 @@ CVE-2022-22682
RESERVED
CVE-2022-22681
RESERVED
-CVE-2022-22680
- RESERVED
-CVE-2022-22679
- RESERVED
-CVE-2022-22150
- RESERVED
+CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor
vulnerabili ...)
+ TODO: check
+CVE-2022-22679 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
+ TODO: check
+CVE-2022-22150 (A memory corruption vulnerability exists in the JavaScript
engine of F ...)
+ TODO: check
CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain
a remo ...)
NOT-FOR-US: Tenable
CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a
replay atta ...)
@@ -7656,7 +8186,7 @@ CVE-2022-0078
RESERVED
CVE-2021-45959
REJECTED
-CVE-2021-45958 (UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based
buffer ove ...)
+CVE-2021-45958 (** DISPUTED ** UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a
stack-b ...)
- ujson <unfixed> (bug #1005140)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
NOTE: https://github.com/ultrajson/ultrajson/issues/501
@@ -9463,8 +9993,7 @@ CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are
vulnerable to a stack-b
NOT-FOR-US: Omron CX-One
CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for
Node.js ...)
NOT-FOR-US: Node windows
-CVE-2021-4154 [cgroup: verify that source is a string]
- RESERVED
+CVE-2021-4154 (A use-after-free flaw was found in cgroup1_parse_param in
kernel/cgrou ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -9757,8 +10286,8 @@ CVE-2021-45431
RESERVED
CVE-2021-45430
RESERVED
-CVE-2021-45429
- RESERVED
+CVE-2021-45429 (A Buffer Overflow vulnerablity exists in VirusTotal YARA git
commit: 6 ...)
+ TODO: check
CVE-2021-45428 (TLR-2005KSH is affected by an incorrect access control
vulnerability. ...)
NOT-FOR-US: TLR-2005KSH
CVE-2021-45427 (Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by:
unauthenticated ar ...)
@@ -9802,8 +10331,8 @@ CVE-2021-45410
RESERVED
CVE-2021-45409
RESERVED
-CVE-2021-45408
- RESERVED
+CVE-2021-45408 (Open Redirect vulnerability exists in SeedDMS 6.0.15 in
out.Login.php, ...)
+ TODO: check
CVE-2021-45407
RESERVED
CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an
attacker to ...)
@@ -10115,7 +10644,7 @@ CVE-2021-45270
RESERVED
CVE-2021-45269
RESERVED
-CVE-2021-45268 (A Cross Site Request Forgery (CSRF) vulnerability exists in
Backdrop C ...)
+CVE-2021-45268 (** DISPUTED ** A Cross Site Request Forgery (CSRF)
vulnerability exist ...)
NOT-FOR-US: Backdrop CMS
CVE-2021-45267 (An invalid memory address dereference vulnerability exists in
gpac 1.1 ...)
- gpac <unfixed>
@@ -12848,8 +13377,8 @@ CVE-2021-4044 (Internally libssl in OpenSSL calls
X509_verify_cert() on the clie
[experimental] - openssl 3.0.1-1
- openssl <not-affected> (Vulnerable code not present)
NOTE: https://www.openssl.org/news/secadv/20211214.txt
-CVE-2021-4043
- RESERVED
+CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior
to 1.1.0 ...)
+ TODO: check
CVE-2021-4042
RESERVED
CVE-2021-4041 [Improper shell escaping in ansible-runner]
@@ -13734,12 +14263,12 @@ CVE-2021-4018 (snipe-it is vulnerable to Improper
Neutralization of Input During
NOT-FOR-US: snipe-it
CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: ShowDoc
-CVE-2021-44206
- RESERVED
-CVE-2021-44205
- RESERVED
-CVE-2021-44204
- RESERVED
+CVE-2021-44206 (Local privilege escalation due to DLL hijacking vulnerability
in Acron ...)
+ TODO: check
+CVE-2021-44205 (Local privilege escalation due to DLL hijacking vulnerability.
The fol ...)
+ TODO: check
+CVE-2021-44204 (Local privilege escalation via named pipe due to improper
access contr ...)
+ TODO: check
CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection
plan deta ...)
NOT-FOR-US: Acronis
CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity
details. Th ...)
@@ -14846,16 +15375,16 @@ CVE-2021-43931 (The authentication algorithm of the
WebHMI portal is sound, but
NOT-FOR-US: Distributed Data Systems
CVE-2021-43930
RESERVED
-CVE-2021-43929
- RESERVED
-CVE-2021-43928
- RESERVED
-CVE-2021-43927
- RESERVED
-CVE-2021-43926
- RESERVED
-CVE-2021-43925
- RESERVED
+CVE-2021-43929 (Improper neutralization of special elements in output used by
a downst ...)
+ TODO: check
+CVE-2021-43928 (Improper neutralization of special elements used in an OS
command ('OS ...)
+ TODO: check
+CVE-2021-43927 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2021-43926 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2021-43925 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
CVE-2021-43924
RESERVED
CVE-2021-43923
@@ -15046,8 +15575,8 @@ CVE-2021-43843 (jsx-slack is a package for building
JSON objects for Slack block
NOT-FOR-US: jsx-slack
CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions
2.5.257 and e ...)
NOT-FOR-US: Wiki.js
-CVE-2021-43841
- RESERVED
+CVE-2021-43841 (XWiki is a generic wiki platform offering runtime services for
applica ...)
+ TODO: check
CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web
clients. In ...)
TODO: check
CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In
Cronos nodes ...)
@@ -16381,8 +16910,8 @@ CVE-2021-43637 (Amazon WorkSpaces agent is affected by
Buffer Overflow. IOCTL Ha
NOT-FOR-US: Amazon
CVE-2021-43636
RESERVED
-CVE-2021-43635
- RESERVED
+CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex
before 1.4. ...)
+ TODO: check
CVE-2021-43634
RESERVED
CVE-2021-43633
@@ -19492,8 +20021,8 @@ CVE-2021-42835 (An issue was discovered in Plex Media
Server through 1.24.4.5081
NOT-FOR-US: Plex Media Server
CVE-2021-42834
RESERVED
-CVE-2021-42833
- RESERVED
+CVE-2021-42833 (A Use of Hardcoded Credentials vulnerability exists in
AquaView versio ...)
+ TODO: check
CVE-2021-42832
RESERVED
CVE-2021-42831
@@ -23173,8 +23702,7 @@ CVE-2021-41817 (Date.parse in the date gem through
3.2.0 for Ruby allows ReDoS (
NOTE: Followups to mimic previous behaviour:
NOTE:
https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d
(v3.2.2)
NOTE:
https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664
(v3.2.2)
-CVE-2021-41816 [Buffer Overrun in CGI.escape_html]
- RESERVED
+CVE-2021-41816 (CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has
an integ ...)
{DSA-5067-1}
- ruby3.0 <unfixed> (bug #1002995)
- ruby2.7 2.7.5-1
@@ -23961,7 +24489,7 @@ CVE-2021-41498 (Buffer overflow in ajaxsoundstudio.com
Pyo &lt and 1.03 in t
NOTE:
https://github.com/belangeo/pyo/commit/017702c73332a8560c8554a36250a6da587a2418
(1.0.4)
CVE-2021-41497 (Null pointer reference in CMS_Conservative_increment_obj in
RaRe-Techn ...)
NOT-FOR-US: RaRe-Technologies bounter
-CVE-2021-41496 (Buffer overflow in the array_from_pyobj function of
fortranobject.c in ...)
+CVE-2021-41496 (** DISPUTED ** Buffer overflow in the array_from_pyobj
function of for ...)
- numpy <unfixed>
[bullseye] - numpy <no-dsa> (Minor issue)
NOTE: https://github.com/numpy/numpy/issues/19000
@@ -26625,8 +27153,8 @@ CVE-2021-40422
RESERVED
CVE-2021-40421
RESERVED
-CVE-2021-40420
- RESERVED
+CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
+ TODO: check
CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary
of reol ...)
NOT-FOR-US: Reolink
CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service
as a jo ...)
@@ -26659,12 +27187,12 @@ CVE-2021-40405
RESERVED
CVE-2021-40404 (An authentication bypass vulnerability exists in the
cgiserver.cgi Log ...)
NOT-FOR-US: Reolink
-CVE-2021-40403
- RESERVED
+CVE-2021-40403 (An information disclosure vulnerability exists in the
pick-and-place r ...)
+ TODO: check
CVE-2021-40402
RESERVED
-CVE-2021-40401
- RESERVED
+CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture
definiti ...)
+ TODO: check
CVE-2021-40400
RESERVED
CVE-2021-40399
@@ -29376,8 +29904,8 @@ CVE-2021-39282 (Live555 through 1.08 has a memory leak
in AC3AudioStreamParser f
NOTE:
http://lists.live555.com/pipermail/live-devel/2021-August/021970.html
CVE-2021-39281
RESERVED
-CVE-2021-39280
- RESERVED
+CVE-2021-39280 (Certain Korenix JetWave devices allow authenticated users to
execute a ...)
+ TODO: check
CVE-2021-39279 (Certain MOXA devices allow Authenticated Command Injection via
/forms/ ...)
NOT-FOR-US: MOXA
CVE-2021-39278 (Certain MOXA devices allow reflected XSS via the Config Import
menu. T ...)
@@ -30090,8 +30618,8 @@ CVE-2021-39023
RESERVED
CVE-2021-39022
RESERVED
-CVE-2021-39021
- RESERVED
+CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently
or send ...)
+ TODO: check
CVE-2021-39020
RESERVED
CVE-2021-39019
@@ -30212,8 +30740,8 @@ CVE-2021-38962
RESERVED
CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This
vulnerab ...)
NOT-FOR-US: IBM
-CVE-2021-38960
- RESERVED
+CVE-2021-38960 (IBM OPENBMC OP920, OP930, and OP940 could allow an
unauthenticated use ...)
+ TODO: check
CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0,
27.0.1, and 28 ...)
NOT-FOR-US: IBM
CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of
service ...)
@@ -32213,8 +32741,8 @@ CVE-2021-38173 (Btrbk before 0.31.2 allows command
execution because of the mish
[buster] - btrbk 0.27.1-1+deb10u1
NOTE: Fixed by:
https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584
(v0.31.2)
NOTE: Introduced by:
https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144
(v0.23.0-rc1)
-CVE-2021-38172
- RESERVED
+CVE-2021-38172 (perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian
initially ...)
+ TODO: check
CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4
does not ...)
{DSA-4998-1 DSA-4990-1 DLA-2818-1}
- ffmpeg 7:4.4.1-1
@@ -32323,8 +32851,8 @@ CVE-2021-38132
RESERVED
CVE-2021-38131
RESERVED
-CVE-2021-38130
- RESERVED
+CVE-2021-38130 (A potential Information leakage vulnerability has been
identified in v ...)
+ TODO: check
CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro
Focus O ...)
NOT-FOR-US: Micro Focus
CVE-2021-38128
@@ -37135,11 +37663,9 @@ CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC
Swift 1.1.1 and earlier allows
NOT-FOR-US: gRPC Swift
CVE-2021-36153 (Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC
Swift 1.1. ...)
NOT-FOR-US: gRPC Swift
-CVE-2021-36152
- RESERVED
+CVE-2021-36152 (Apache Gobblin trusts all certificates used for LDAP
connections in Go ...)
NOT-FOR-US: Apache Gobblin
-CVE-2021-36151
- RESERVED
+CVE-2021-36151 (In Apache Gobblin, the Hadoop token is written to a temp file
that is ...)
NOT-FOR-US: Apache Gobblin
CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the
generated cert ...)
NOT-FOR-US: OpenShift
@@ -43651,7 +44177,7 @@ CVE-2021-33432
RESERVED
CVE-2021-33431
RESERVED
-CVE-2021-33430 (A Buffer Overflow vulnerability exists in NumPy 1.9.x in the
PyArray_N ...)
+CVE-2021-33430 (** DISPUTED ** A Buffer Overflow vulnerability exists in NumPy
1.9.x i ...)
- numpy 1:1.21.4-2
[bullseye] - numpy <no-dsa> (Minor issue)
NOTE: https://github.com/numpy/numpy/issues/18939
@@ -45426,8 +45952,8 @@ CVE-2021-32734 (Nextcloud Server is a Nextcloud package
that handles data storag
- nextcloud-server <itp> (bug #941708)
CVE-2021-32733 (Nextcloud Text is a collaborative document editing application
that us ...)
NOT-FOR-US: Nextcloud Text
-CVE-2021-32732
- RESERVED
+CVE-2021-32732 (### Impact It's possible to know if a user has or not an
account in a ...)
+ TODO: check
CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
NOT-FOR-US: XWiki
CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
@@ -47173,8 +47699,8 @@ CVE-2021-32037 (An authorized user may trigger an
invariant which may result in
- mongodb <removed>
[stretch] - mongodb <end-of-life>
(https://lists.debian.org/debian-lts/2020/11/msg00058.html)
NOTE: https://jira.mongodb.org/browse/SERVER-59071
-CVE-2021-32036
- RESERVED
+CVE-2021-32036 (An authenticated user without any specific authorizations may
be able ...)
+ TODO: check
CVE-2021-32035
RESERVED
CVE-2021-32034
@@ -52546,7 +53072,7 @@ CVE-2021-30123 (FFmpeg <=4.3 contains a buffer
overflow vulnerability in liba
NOTE: Introduced in
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
CVE-2021-30122
RESERVED
-CVE-2021-30121 (Local file inclusion exists in Kaseya VSA before 9.5.6. ...)
+CVE-2021-30121 (Authenticated local file inclusion in Kaseya VSA < v9.5.6
...)
NOT-FOR-US: Kaseya
CVE-2021-30120 (Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA
requiremen ...)
NOT-FOR-US: Kaseya
@@ -54465,18 +54991,18 @@ CVE-2021-29400 (A cross-site request forgery (CSRF)
vulnerability in the My SMTP
NOT-FOR-US: My SMTP Contact plugin for GetSimple CMS
CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to
inadequate filt ...)
NOT-FOR-US: XMB
-CVE-2021-29398
- RESERVED
-CVE-2021-29397
- RESERVED
-CVE-2021-29396
- RESERVED
-CVE-2021-29395
- RESERVED
-CVE-2021-29394
- RESERVED
-CVE-2021-29393
- RESERVED
+CVE-2021-29398 (Directory traversal in
/northstar/Common/NorthFileManager/fileManagerO ...)
+ TODO: check
+CVE-2021-29397 (Cleartext Transmission of Sensitive Information in
/northstar/Admin/lo ...)
+ TODO: check
+CVE-2021-29396 (Systemic Insecure Permissions in Northstar Technologies Inc
NorthStar ...)
+ TODO: check
+CVE-2021-29395 (Directory travesal in /northstar/filemanager/download.jsp in
Northstar ...)
+ TODO: check
+CVE-2021-29394 (Account Hijacking in /northstar/Admin/changePassword.jsp in
Northstar ...)
+ TODO: check
+CVE-2021-29393 (Remote Code Execution in cominput.jsp and comoutput.jsp in
Northstar T ...)
+ TODO: check
CVE-2021-29392
RESERVED
CVE-2021-29391
@@ -54871,10 +55397,10 @@ CVE-2021-29221 (A local privilege escalation
vulnerability was discovered in Erl
- erlang <not-affected> (Windows-specific)
CVE-2021-29220
RESERVED
-CVE-2021-29219
- RESERVED
-CVE-2021-29218
- RESERVED
+CVE-2021-29219 (A potential local buffer overflow vulnerability has been
identified in ...)
+ TODO: check
+CVE-2021-29218 (A local unquoted search path security vulnerability has been
identifie ...)
+ TODO: check
CVE-2021-29217
RESERVED
CVE-2021-29216
@@ -56664,8 +57190,8 @@ CVE-2021-28505
RESERVED
CVE-2021-28504
RESERVED
-CVE-2021-28503
- RESERVED
+CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may
skip re ...)
+ TODO: check
CVE-2021-28502
RESERVED
CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the
incorrec ...)
@@ -61585,13 +62111,13 @@ CVE-2021-26476 (EPrints 3.4.2 allows remote attackers
to execute OS commands via
NOT-FOR-US: EPrints
CVE-2021-26475 (EPrints 3.4.2 exposes a reflected XSS opportunity in the via a
cgi/cal ...)
NOT-FOR-US: EPrints
-CVE-2021-26474 (Vembu BDR Suite before 4.2.0 allows Unauthenticated SSRF via a
GET req ...)
+CVE-2021-26474 (Various Vembu products allow an attacker to execute a
(non-blind) http ...)
NOT-FOR-US: Vembu BDR Suite
-CVE-2021-26473 (Vembu BDR Suite before 4.2.0 allows Unauthenticated file write
via a G ...)
+CVE-2021-26473 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1
the http ...)
NOT-FOR-US: Vembu BDR Suite
-CVE-2021-26472 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote
Code Execut ...)
+CVE-2021-26472 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1
installed ...)
NOT-FOR-US: Vembu BDR Suite
-CVE-2021-26471 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote
Code Execut ...)
+CVE-2021-26471 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1,
the http ...)
NOT-FOR-US: Vembu BDR Suite
CVE-2021-26470
RESERVED
@@ -65232,8 +65758,8 @@ CVE-2021-25116
RESERVED
CVE-2021-25115
RESERVED
-CVE-2021-25114
- RESERVED
+CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does
not escape ...)
+ TODO: check
CVE-2021-25113
RESERVED
CVE-2021-25112
@@ -65244,18 +65770,18 @@ CVE-2021-25110
RESERVED
CVE-2021-25109
RESERVED
-CVE-2021-25108
- RESERVED
+CVE-2021-25108 (The IP2Location Country Blocker WordPress plugin before 2.26.6
does no ...)
+ TODO: check
CVE-2021-25107
RESERVED
-CVE-2021-25106
- RESERVED
-CVE-2021-25105
- RESERVED
+CVE-2021-25106 (The Privacy Policy Generator, Terms & Conditions Generator
WordPre ...)
+ TODO: check
+CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape
some of ...)
+ TODO: check
CVE-2021-25104
RESERVED
-CVE-2021-25103
- RESERVED
+CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin
before 2.9.7 ...)
+ TODO: check
CVE-2021-25102
RESERVED
CVE-2021-25101
@@ -65268,10 +65794,10 @@ CVE-2021-25098
RESERVED
CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper
authori ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25096
- RESERVED
-CVE-2021-25095
- RESERVED
+CVE-2021-25096 (The IP2Location Country Blocker WordPress plugin before 2.26.5
bans ca ...)
+ TODO: check
+CVE-2021-25095 (The IP2Location Country Blocker WordPress plugin before 2.26.5
does no ...)
+ TODO: check
CVE-2021-25094
RESERVED
CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have
authorisa ...)
@@ -65292,8 +65818,8 @@ CVE-2021-25086
RESERVED
CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and
escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25084
- RESERVED
+CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2,
advanced-cron ...)
+ TODO: check
CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin
before 2.7. ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25082
@@ -65306,8 +65832,8 @@ CVE-2021-25079 (The Contact Form Entries WordPress
plugin before 1.2.4 does not
NOT-FOR-US: WordPress plugin
CVE-2021-25078 (The Affiliates Manager WordPress plugin before 2.9.0 does not
validate ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25077
- RESERVED
+CVE-2021-25077 (The Store Toolkit for WooCommerce WordPress plugin before
2.3.2 does n ...)
+ TODO: check
CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25075
@@ -65402,8 +65928,8 @@ CVE-2021-25031 (The Image Hover Effects Ultimate (Image
Gallery, Effects, Lightb
NOT-FOR-US: WordPress plugin
CVE-2021-25030 (The Events Made Easy WordPress plugin before 2.2.36 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25029
- RESERVED
+CVE-2021-25029 (The CLUEVO LMS, E-Learning Platform WordPress plugin before
1.8.1 does ...)
+ TODO: check
CVE-2021-25028 (The Event Tickets WordPress plugin before 5.2.2 does not
validate the ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before
2.6.2 does ...)
@@ -65452,8 +65978,8 @@ CVE-2021-25006
RESERVED
CVE-2021-25005 (The SEUR Oficial WordPress plugin before 1.7.0 does not
sanitize and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25004
- RESERVED
+CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP
file with ...)
+ TODO: check
CVE-2021-25003
RESERVED
CVE-2021-25002
@@ -65474,8 +66000,8 @@ CVE-2021-24995
RESERVED
CVE-2021-24994
RESERVED
-CVE-2021-24993
- RESERVED
+CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26
does not h ...)
+ TODO: check
CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before
2.5.5 does ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24991 (The WooCommerce PDF Invoices & Packing Slips WordPress
plugin befo ...)
@@ -65566,8 +66092,8 @@ CVE-2021-24949 (The "WP Search Filters" widget of The
Plus Addons for Elementor
NOT-FOR-US: WordPress plugin
CVE-2021-24948 (The Plus Addons for Elementor - Pro WordPress plugin before
5.0.7 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24947
- RESERVED
+CVE-2021-24947 (The RVM WordPress plugin before 6.4.2 does not have proper
authorisati ...)
+ TODO: check
CVE-2021-24946 (The Modern Events Calendar Lite WordPress plugin before 6.1.5
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24945 (The Like Button Rating ♥ LikeBtn WordPress plugin before
2.6.38 ...)
@@ -65604,8 +66130,8 @@ CVE-2021-24930 (The WordPress Online Booking and
Scheduling Plugin WordPress plu
NOT-FOR-US: WordPress plugin
CVE-2021-24929
RESERVED
-CVE-2021-24928
- RESERVED
+CVE-2021-24928 (The Rearrange Woocommerce Products WordPress plugin before
3.0.8 does ...)
+ TODO: check
CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24926 (The Domain Check WordPress plugin before 1.0.17 does not
sanitise and ...)
@@ -65700,12 +66226,12 @@ CVE-2021-24882 (The Slideshow Gallery WordPress
plugin before 1.7.4 does not san
NOT-FOR-US: WordPress plugin
CVE-2021-24881
RESERVED
-CVE-2021-24880
- RESERVED
-CVE-2021-24879
- RESERVED
-CVE-2021-24878
- RESERVED
+CVE-2021-24880 (The SupportCandy WordPress plugin before 2.2.7 does not
validate and e ...)
+ TODO: check
+CVE-2021-24879 (The SupportCandy WordPress plugin before 2.2.7 does not have
CSRF chec ...)
+ TODO: check
+CVE-2021-24878 (The SupportCandy WordPress plugin before 2.2.7 does not
sanitise and e ...)
+ TODO: check
CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not
validate the o ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin
before 2.7. ...)
@@ -65774,16 +66300,16 @@ CVE-2021-24845 (The Improved Include Page WordPress
plugin through 1.2 allows pa
NOT-FOR-US: WordPress plugin
CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not
validate ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24843
- RESERVED
+CVE-2021-24843 (The SupportCandy WordPress plugin before 2.2.7 does not have
CRSF chec ...)
+ TODO: check
CVE-2021-24842 (The Bulk Datetime Change WordPress plugin before 1.12 does not
enforce ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise
and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows
unauthenticated use ...)
NOT-FOR-US: WordPress theme
-CVE-2021-24839
- RESERVED
+CVE-2021-24839 (The SupportCandy WordPress plugin before 2.2.5 does not have
authorisa ...)
+ TODO: check
CVE-2021-24838 (The AnyComment WordPress plugin through 0.2.17 has an API
endpoint whi ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24837
@@ -66124,7 +66650,7 @@ CVE-2021-24670 (The CoolClock WordPress plugin before
4.3.5 does not escape some
NOT-FOR-US: WordPress plugin
CVE-2021-24669 (The MAZ Loader – Preloader Builder for WordPress plugin
before 1 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24668 (The MAZ Loader WordPress plugin through 1.3.4 does not enforce
nonce c ...)
+CVE-2021-24668 (The MAZ Loader WordPress plugin before 1.4.1 does not enforce
nonce ch ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24667 (A stored cross-site scripting vulnerability has been
discovered in : S ...)
NOT-FOR-US: FortiGuard
@@ -66774,7 +67300,7 @@ CVE-2021-24345 (The page lists-management feature of
the Sendit WP Newsletter Wo
NOT-FOR-US: WordPress plugin
CVE-2021-24344 (The Easy Preloader WordPress plugin through 1.0.0 does not
sanitise it ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24343 (The iFlyChat - WordPress Chat plugin through 4.6.4 does not
sanitise i ...)
+CVE-2021-24343 (The iFlyChat WordPress plugin before 4.7.0 does not sanitise
its APP I ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24342 (The JNews WordPress theme before 8.0.6 did not sanitise the
cat_id par ...)
NOT-FOR-US: WordPress theme
@@ -68769,8 +69295,8 @@ CVE-2021-23509 (This affects the package json-ptr
before 3.0.0. A type confusion
NOT-FOR-US: Node json-ptr
CVE-2021-23508
RESERVED
-CVE-2021-23507
- RESERVED
+CVE-2021-23507 (The package object-path-set before 1.0.2 are vulnerable to
Prototype P ...)
+ TODO: check
CVE-2021-23506
RESERVED
CVE-2021-23505
@@ -68789,8 +69315,8 @@ CVE-2021-23499
RESERVED
CVE-2021-23498
RESERVED
-CVE-2021-23497
- RESERVED
+CVE-2021-23497 (This affects the package @strikeentco/set before 1.0.2. It
allows an a ...)
+ TODO: check
CVE-2021-23496
RESERVED
CVE-2021-23495
@@ -68844,8 +69370,8 @@ CVE-2021-23472 (This affects versions before 1.19.1 of
package bootstrap-table.
NOTE: URL in CVE has moved.
https://github.com/wenzhixin/bootstrap-table/pull/5941
CVE-2021-23471
RESERVED
-CVE-2021-23470
- RESERVED
+CVE-2021-23470 (This affects the package putil-merge before 3.8.0. The merge()
functio ...)
+ TODO: check
CVE-2021-23469
RESERVED
CVE-2021-23468
@@ -71607,16 +72133,16 @@ CVE-2021-22290
RESERVED
CVE-2021-22289
RESERVED
-CVE-2021-22288
- RESERVED
+CVE-2021-22288 (Improper Input Validation vulnerability in the ABB SPIET800
and PNI800 ...)
+ TODO: check
CVE-2021-22287
RESERVED
-CVE-2021-22286
- RESERVED
-CVE-2021-22285
- RESERVED
-CVE-2021-22284
- RESERVED
+CVE-2021-22286 (Improper Input Validation vulnerability in the ABB SPIET800
and PNI800 ...)
+ TODO: check
+CVE-2021-22285 (Improper Handling of Exceptional Conditions, Improper Check
for Unusua ...)
+ TODO: check
+CVE-2021-22284 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
+ TODO: check
CVE-2021-22283
RESERVED
CVE-2021-22282
@@ -72349,32 +72875,32 @@ CVE-2021-3009
RESERVED
CVE-2021-3008
RESERVED
-CVE-2021-21971
- RESERVED
-CVE-2021-21970
- RESERVED
-CVE-2021-21969
- RESERVED
-CVE-2021-21968
- RESERVED
+CVE-2021-21971 (An out-of-bounds write vulnerability exists in the URL_decode
function ...)
+ TODO: check
+CVE-2021-21970 (An out-of-bounds write vulnerability exists in the
HandleSeaCloudMessa ...)
+ TODO: check
+CVE-2021-21969 (An out-of-bounds write vulnerability exists in the
HandleSeaCloudMessa ...)
+ TODO: check
+CVE-2021-21968 (A file write vulnerability exists in the OTA update task
functionality ...)
+ TODO: check
CVE-2021-21967
RESERVED
CVE-2021-21966
RESERVED
-CVE-2021-21965
- RESERVED
-CVE-2021-21964
- RESERVED
-CVE-2021-21963
- RESERVED
-CVE-2021-21962
- RESERVED
-CVE-2021-21961
- RESERVED
-CVE-2021-21960
- RESERVED
-CVE-2021-21959
- RESERVED
+CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote
configur ...)
+ TODO: check
+CVE-2021-21964 (A denial of service vulnerability exists in the Modbus
configuration f ...)
+ TODO: check
+CVE-2021-21963 (An information disclosure vulnerability exists in the Web
Server funct ...)
+ TODO: check
+CVE-2021-21962 (A heap-based buffer overflow vulnerability exists in the OTA
Update u- ...)
+ TODO: check
+CVE-2021-21961 (A stack-based buffer overflow vulnerability exists in the NBNS
functio ...)
+ TODO: check
+CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the
LLMNR f ...)
+ TODO: check
+CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of
Sealevel Syste ...)
+ TODO: check
CVE-2021-21958
RESERVED
CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote
Server funct ...)
@@ -124615,10 +125141,10 @@ CVE-2020-12968
REJECTED
CVE-2020-12967 (The lack of nested page table protection in the AMD SEV/SEV-ES
feature ...)
NOT-FOR-US: AMD
-CVE-2020-12966
- RESERVED
-CVE-2020-12965
- RESERVED
+CVE-2020-12966 (AMD EPYC™ Processors contain an information disclosure
vulnerabi ...)
+ TODO: check
+CVE-2020-12965 (When combined with specific software sequences, AMD CPUs may
transient ...)
+ TODO: check
CVE-2020-12964 (A potential privilege escalation/denial of service issue
exists in the ...)
NOT-FOR-US: Intel / AMD
CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD
Graphics D ...)
@@ -124771,8 +125297,7 @@ CVE-2020-12893 (Stack Buffer Overflow in AMD Graphics
Driver for Windows 10 in E
NOT-FOR-US: Intel / AMD
CVE-2020-12892 (An untrusted search path in AMD Radeon settings Installer may
lead to ...)
NOT-FOR-US: Intel / AMD
-CVE-2020-12891
- RESERVED
+CVE-2020-12891 (AMD Radeon Software may be vulnerable to DLL Hijacking through
path va ...)
NOT-FOR-US: AMD
CVE-2020-12890 (Improper handling of pointers in the System Management Mode
(SMM) hand ...)
NOT-FOR-US: AMD
@@ -140157,8 +140682,8 @@ CVE-2020-7536 (A CWE-754:Improper Check for Unusual
or Exceptional Conditions vu
NOT-FOR-US: Modicon
CVE-2020-7535 (A CWE-22: Improper Limitation of a Pathname to a Restricted
Directory ...)
NOT-FOR-US: Modicon
-CVE-2020-7534
- RESERVED
+CVE-2020-7534 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability
exists on t ...)
+ TODO: check
CVE-2020-7533 (A CWE-255: Credentials Management vulnerability exists in Web
Server o ...)
NOT-FOR-US: Modicon
CVE-2020-7532 (A CWE-502 Deserialization of Untrusted Data vulnerability
exists in SC ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60591c831241145b246717e0fe59701057b934c8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60591c831241145b246717e0fe59701057b934c8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
