Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
48590ec8 by security tracker role at 2022-03-01T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,455 @@
+CVE-2022-26333
+ RESERVED
+CVE-2022-26332 (Cipi 3.1.15 allows Add Server stored XSS via the /api/servers
name fie ...)
+ TODO: check
+CVE-2022-26331
+ RESERVED
+CVE-2022-26330
+ RESERVED
+CVE-2022-26329
+ RESERVED
+CVE-2022-26328
+ RESERVED
+CVE-2022-26327
+ RESERVED
+CVE-2022-26326
+ RESERVED
+CVE-2022-26325
+ RESERVED
+CVE-2022-26324
+ RESERVED
+CVE-2022-26323
+ RESERVED
+CVE-2022-26322
+ RESERVED
+CVE-2022-26321
+ RESERVED
+CVE-2022-26320
+ RESERVED
+CVE-2022-26319
+ RESERVED
+CVE-2022-26318
+ RESERVED
+CVE-2022-26317
+ RESERVED
+CVE-2022-26316
+ RESERVED
+CVE-2022-26315 (qrcp through 0.8.4, in receive mode, allows ../ Directory
Traversal vi ...)
+ TODO: check
+CVE-2022-26314
+ RESERVED
+CVE-2022-26313
+ RESERVED
+CVE-2022-26312
+ RESERVED
+CVE-2022-26311
+ RESERVED
+CVE-2022-26310
+ RESERVED
+CVE-2022-26309
+ RESERVED
+CVE-2022-26308
+ RESERVED
+CVE-2022-26307
+ RESERVED
+CVE-2022-26306
+ RESERVED
+CVE-2022-26305
+ RESERVED
+CVE-2022-26301
+ RESERVED
+CVE-2022-26300
+ RESERVED
+CVE-2022-26299
+ RESERVED
+CVE-2022-26298
+ RESERVED
+CVE-2022-26297
+ RESERVED
+CVE-2022-26296
+ RESERVED
+CVE-2022-26295
+ RESERVED
+CVE-2022-26294
+ RESERVED
+CVE-2022-26293
+ RESERVED
+CVE-2022-26292
+ RESERVED
+CVE-2022-26291
+ RESERVED
+CVE-2022-26290
+ RESERVED
+CVE-2022-26289
+ RESERVED
+CVE-2022-26288
+ RESERVED
+CVE-2022-26287
+ RESERVED
+CVE-2022-26286
+ RESERVED
+CVE-2022-26285
+ RESERVED
+CVE-2022-26284
+ RESERVED
+CVE-2022-26283
+ RESERVED
+CVE-2022-26282
+ RESERVED
+CVE-2022-26281
+ RESERVED
+CVE-2022-26280
+ RESERVED
+CVE-2022-26279
+ RESERVED
+CVE-2022-26278
+ RESERVED
+CVE-2022-26277
+ RESERVED
+CVE-2022-26276
+ RESERVED
+CVE-2022-26275
+ RESERVED
+CVE-2022-26274
+ RESERVED
+CVE-2022-26273
+ RESERVED
+CVE-2022-26272
+ RESERVED
+CVE-2022-26271
+ RESERVED
+CVE-2022-26270
+ RESERVED
+CVE-2022-26269
+ RESERVED
+CVE-2022-26268
+ RESERVED
+CVE-2022-26267
+ RESERVED
+CVE-2022-26266
+ RESERVED
+CVE-2022-26265
+ RESERVED
+CVE-2022-26264
+ RESERVED
+CVE-2022-26263
+ RESERVED
+CVE-2022-26262
+ RESERVED
+CVE-2022-26261
+ RESERVED
+CVE-2022-26260
+ RESERVED
+CVE-2022-26259
+ RESERVED
+CVE-2022-26258
+ RESERVED
+CVE-2022-26257
+ RESERVED
+CVE-2022-26256
+ RESERVED
+CVE-2022-26255
+ RESERVED
+CVE-2022-26254
+ RESERVED
+CVE-2022-26253
+ RESERVED
+CVE-2022-26252
+ RESERVED
+CVE-2022-26251
+ RESERVED
+CVE-2022-26250
+ RESERVED
+CVE-2022-26249
+ RESERVED
+CVE-2022-26248
+ RESERVED
+CVE-2022-26247
+ RESERVED
+CVE-2022-26246
+ RESERVED
+CVE-2022-26245
+ RESERVED
+CVE-2022-26244
+ RESERVED
+CVE-2022-26243
+ RESERVED
+CVE-2022-26242
+ RESERVED
+CVE-2022-26241
+ RESERVED
+CVE-2022-26240
+ RESERVED
+CVE-2022-26239
+ RESERVED
+CVE-2022-26238
+ RESERVED
+CVE-2022-26237
+ RESERVED
+CVE-2022-26236
+ RESERVED
+CVE-2022-26235
+ RESERVED
+CVE-2022-26234
+ RESERVED
+CVE-2022-26233
+ RESERVED
+CVE-2022-26232
+ RESERVED
+CVE-2022-26231
+ RESERVED
+CVE-2022-26230
+ RESERVED
+CVE-2022-26229
+ RESERVED
+CVE-2022-26228
+ RESERVED
+CVE-2022-26227
+ RESERVED
+CVE-2022-26226
+ RESERVED
+CVE-2022-26225
+ RESERVED
+CVE-2022-26224
+ RESERVED
+CVE-2022-26223
+ RESERVED
+CVE-2022-26222
+ RESERVED
+CVE-2022-26221
+ RESERVED
+CVE-2022-26220
+ RESERVED
+CVE-2022-26219
+ RESERVED
+CVE-2022-26218
+ RESERVED
+CVE-2022-26217
+ RESERVED
+CVE-2022-26216
+ RESERVED
+CVE-2022-26215
+ RESERVED
+CVE-2022-26214
+ RESERVED
+CVE-2022-26213
+ RESERVED
+CVE-2022-26212
+ RESERVED
+CVE-2022-26211
+ RESERVED
+CVE-2022-26210
+ RESERVED
+CVE-2022-26209
+ RESERVED
+CVE-2022-26208
+ RESERVED
+CVE-2022-26207
+ RESERVED
+CVE-2022-26206
+ RESERVED
+CVE-2022-26205
+ RESERVED
+CVE-2022-26204
+ RESERVED
+CVE-2022-26203
+ RESERVED
+CVE-2022-26202
+ RESERVED
+CVE-2022-26201
+ RESERVED
+CVE-2022-26200
+ RESERVED
+CVE-2022-26199
+ RESERVED
+CVE-2022-26198
+ RESERVED
+CVE-2022-26197
+ RESERVED
+CVE-2022-26196
+ RESERVED
+CVE-2022-26195
+ RESERVED
+CVE-2022-26194
+ RESERVED
+CVE-2022-26193
+ RESERVED
+CVE-2022-26192
+ RESERVED
+CVE-2022-26191
+ RESERVED
+CVE-2022-26190
+ RESERVED
+CVE-2022-26189
+ RESERVED
+CVE-2022-26188
+ RESERVED
+CVE-2022-26187
+ RESERVED
+CVE-2022-26186
+ RESERVED
+CVE-2022-26185
+ RESERVED
+CVE-2022-26184
+ RESERVED
+CVE-2022-26183
+ RESERVED
+CVE-2022-26182
+ RESERVED
+CVE-2022-26181 (Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a
heap-bu ...)
+ TODO: check
+CVE-2022-26180
+ RESERVED
+CVE-2022-26179
+ RESERVED
+CVE-2022-26178
+ RESERVED
+CVE-2022-26177
+ RESERVED
+CVE-2022-26176
+ RESERVED
+CVE-2022-26175
+ RESERVED
+CVE-2022-26174
+ RESERVED
+CVE-2022-26173
+ RESERVED
+CVE-2022-26172
+ RESERVED
+CVE-2022-26171
+ RESERVED
+CVE-2022-26170
+ RESERVED
+CVE-2022-26169
+ RESERVED
+CVE-2022-26168
+ RESERVED
+CVE-2022-26167
+ RESERVED
+CVE-2022-26166
+ RESERVED
+CVE-2022-26165
+ RESERVED
+CVE-2022-26164
+ RESERVED
+CVE-2022-26163
+ RESERVED
+CVE-2022-26162
+ RESERVED
+CVE-2022-26161
+ RESERVED
+CVE-2022-26160
+ RESERVED
+CVE-2022-26159 (The auto-completion plugin in Ametys CMS before 4.5.0 allows a
remote ...)
+ TODO: check
+CVE-2022-26158 (An issue was discovered in the web application in Cherwell
Service Man ...)
+ TODO: check
+CVE-2022-26157 (An issue was discovered in the web application in Cherwell
Service Man ...)
+ TODO: check
+CVE-2022-26156 (An issue was discovered in the web application in Cherwell
Service Man ...)
+ TODO: check
+CVE-2022-26155 (An issue was discovered in the web application in Cherwell
Service Man ...)
+ TODO: check
+CVE-2022-26154
+ RESERVED
+CVE-2022-26153
+ RESERVED
+CVE-2022-26152
+ RESERVED
+CVE-2022-26151
+ RESERVED
+CVE-2022-26150
+ RESERVED
+CVE-2022-26080
+ RESERVED
+CVE-2022-26057
+ RESERVED
+CVE-2022-0810
+ RESERVED
+CVE-2022-0809
+ RESERVED
+CVE-2022-0808
+ RESERVED
+CVE-2022-0807
+ RESERVED
+CVE-2022-0806
+ RESERVED
+CVE-2022-0805
+ RESERVED
+CVE-2022-0804
+ RESERVED
+CVE-2022-0803
+ RESERVED
+CVE-2022-0802
+ RESERVED
+CVE-2022-0801
+ RESERVED
+CVE-2022-0800
+ RESERVED
+CVE-2022-0799
+ RESERVED
+CVE-2022-0798
+ RESERVED
+CVE-2022-0797
+ RESERVED
+CVE-2022-0796
+ RESERVED
+CVE-2022-0795
+ RESERVED
+CVE-2022-0794
+ RESERVED
+CVE-2022-0793
+ RESERVED
+CVE-2022-0792
+ RESERVED
+CVE-2022-0791
+ RESERVED
+CVE-2022-0790
+ RESERVED
+CVE-2022-0789
+ RESERVED
+CVE-2022-0788
+ RESERVED
+CVE-2022-0787
+ RESERVED
+CVE-2022-0786
+ RESERVED
+CVE-2022-0785
+ RESERVED
+CVE-2022-0784
+ RESERVED
+CVE-2022-0783
+ RESERVED
+CVE-2022-0782
+ RESERVED
+CVE-2022-0781
+ RESERVED
+CVE-2022-0780
+ RESERVED
+CVE-2022-0779
+ RESERVED
+CVE-2022-0778
+ RESERVED
+CVE-2022-0777
+ RESERVED
+CVE-2022-0776
+ RESERVED
+CVE-2022-0775
+ RESERVED
+CVE-2022-0774
+ RESERVED
+CVE-2022-0773
+ RESERVED
+CVE-2022-0772 (Cross-site Scripting (XSS) - Stored in GitHub repository
librenms/libr ...)
+ TODO: check
+CVE-2022-0771
+ RESERVED
+CVE-2022-0770
+ RESERVED
+CVE-2022-0769
+ RESERVED
+CVE-2022-0768 (Server-Side Request Forgery (SSRF) in GitHub repository
rudloff/alltub ...)
+ TODO: check
CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows remote authenticated
administr ...)
NOT-FOR-US: MODX Revolution
CVE-2022-26148
@@ -729,8 +1181,8 @@ CVE-2022-25815
RESERVED
CVE-2022-25814
RESERVED
-CVE-2022-0743
- RESERVED
+CVE-2022-0743 (Cross-site Scripting (XSS) - Stored in GitHub repository
getgrav/grav ...)
+ TODO: check
CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems
with the ...)
- usbguard <unfixed>
NOTE: https://github.com/USBGuard/usbguard/issues/273
@@ -1137,8 +1589,8 @@ CVE-2022-0718
CVE-2022-25643 (seatd-launch in seatd 0.6.x before 0.6.4 allows removing files
with es ...)
- seatd 0.6.4-1 (bug #1006308)
NOTE:
https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E
-CVE-2022-25642
- RESERVED
+CVE-2022-25642 (Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A
crafted ch ...)
+ TODO: check
CVE-2022-25641
RESERVED
CVE-2022-25640 (In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly
enforce a re ...)
@@ -1667,20 +2119,20 @@ CVE-2022-25415
RESERVED
CVE-2022-25414 (Tenda AC9 V15.03.2.21_cn was discovered to contain a stack
overflow vi ...)
NOT-FOR-US: Tenda
-CVE-2022-25413
- RESERVED
-CVE-2022-25412
- RESERVED
-CVE-2022-25411
- RESERVED
-CVE-2022-25410
- RESERVED
-CVE-2022-25409
- RESERVED
-CVE-2022-25408
- RESERVED
-CVE-2022-25407
- RESERVED
+CVE-2022-25413 (Maxsite CMS v108 was discovered to contain a stored cross-site
scripti ...)
+ TODO: check
+CVE-2022-25412 (Maxsite CMS v180 was discovered to contain multiple arbitrary
file del ...)
+ TODO: check
+CVE-2022-25411 (A Remote Code Execution (RCE) vulnerability at /admin/options
in Maxsi ...)
+ TODO: check
+CVE-2022-25410 (Maxsite CMS v180 was discovered to contain a stored cross-site
scripti ...)
+ TODO: check
+CVE-2022-25409 (Hospital Management System v1.0 was discovered to contain a
stored cro ...)
+ TODO: check
+CVE-2022-25408 (Hospital Management System v1.0 was discovered to contain a
stored cro ...)
+ TODO: check
+CVE-2022-25407 (Hospital Management System v1.0 was discovered to contain a
stored cro ...)
+ TODO: check
CVE-2022-25406 (Tongda2000 v11.10 was discovered to contain a SQL injection
vulnerabil ...)
NOT-FOR-US: Tongda2000
CVE-2022-25405 (Tongda2000 v11.10 was discovered to contain a SQL injection
vulnerabil ...)
@@ -1815,8 +2267,8 @@ CVE-2021-46700 (In libsixel 1.8.6,
sixel_encoder_output_without_macro (called fr
[bullseye] - libsixel <no-dsa> (Minor issue)
[buster] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/158
-CVE-2021-4222
- RESERVED
+CVE-2021-4222 (The WP-Paginate WordPress plugin before 2.1.4 does not sanitise
and es ...)
+ TODO: check
CVE-2022-25367
RESERVED
CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because,
although it ...)
@@ -2839,10 +3291,10 @@ CVE-2022-25031
RESERVED
CVE-2022-25030
RESERVED
-CVE-2022-25029
- RESERVED
-CVE-2022-25028
- RESERVED
+CVE-2022-25029 (Home Owners Collection Management System v1.0 was discovered
to contai ...)
+ TODO: check
+CVE-2022-25028 (Home Owners Collection Management System v1.0 was discovered
to contai ...)
+ TODO: check
CVE-2022-25027
RESERVED
CVE-2022-25026
@@ -2851,28 +3303,28 @@ CVE-2022-25025
RESERVED
CVE-2022-25024
RESERVED
-CVE-2022-25023
- RESERVED
-CVE-2022-25022
- RESERVED
+CVE-2022-25023 (Audio File commit 004065d was discovered to contain a
heap-buffer over ...)
+ TODO: check
+CVE-2022-25022 (A cross-site scripting (XSS) vulnerability in Htmly v2.8.1
allows atta ...)
+ TODO: check
CVE-2022-25021
RESERVED
-CVE-2022-25020
- RESERVED
+CVE-2022-25020 (A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7
allows att ...)
+ TODO: check
CVE-2022-25019
REJECTED
-CVE-2022-25018
- RESERVED
+CVE-2022-25018 (Pluxml v5.8.7 was discovered to allow attackers to execute
arbitrary c ...)
+ TODO: check
CVE-2022-25017
RESERVED
CVE-2022-25016
RESERVED
-CVE-2022-25015
- RESERVED
-CVE-2022-25014
- RESERVED
-CVE-2022-25013
- RESERVED
+CVE-2022-25015 (A stored cross-site scripting (XSS) vulnerability in Ice Hrm
30.0.0.OS ...)
+ TODO: check
+CVE-2022-25014 (Ice Hrm 30.0.0.OS was discovered to contain a reflected
cross-site scr ...)
+ TODO: check
+CVE-2022-25013 (Ice Hrm 30.0.0.OS was discovered to contain multiple reflected
cross-s ...)
+ TODO: check
CVE-2022-25012
RESERVED
CVE-2022-25011
@@ -3570,10 +4022,10 @@ CVE-2022-24714
RESERVED
CVE-2022-24713
RESERVED
-CVE-2022-24712
- RESERVED
-CVE-2022-24711
- RESERVED
+CVE-2022-24712 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP
full-stack web fr ...)
+ TODO: check
+CVE-2022-24711 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP
full-stack web fr ...)
+ TODO: check
CVE-2022-24710 (Weblate is a copyleft software web-based continuous
localization syste ...)
TODO: check
CVE-2022-24709 (@awsui/components-react is the main AWS UI package which
contains Reac ...)
@@ -3683,8 +4135,8 @@ CVE-2022-24687 (HashiCorp Consul and Consul Enterprise
1.8.0 through 1.9.14, 1.1
CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17,
1.1.11, and ...)
- nomad <unfixed>
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
-CVE-2022-24685
- RESERVED
+CVE-2022-24685 (HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x
before 1 ...)
+ TODO: check
CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x
before 1.1.1 ...)
- nomad <undetermined>
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
@@ -4047,10 +4499,10 @@ CVE-2022-24574
RESERVED
CVE-2022-24573
RESERVED
-CVE-2022-24572
- RESERVED
-CVE-2022-24571
- RESERVED
+CVE-2022-24572 (Car Driving School Management System v1.0 is affected by Cross
Site Sc ...)
+ TODO: check
+CVE-2022-24571 (Car Driving School Management System v1.0 is affected by SQL
injection ...)
+ TODO: check
CVE-2022-24570
RESERVED
CVE-2022-24569
@@ -4300,8 +4752,8 @@ CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c
in the Linux kernel befo
NOTE: Fixed by:
https://git.kernel.org/linus/ac795161c93699d600db16c1a8cc23a65a1eceaf (5.17-rc2)
CVE-2022-24447
RESERVED
-CVE-2022-24446
- RESERVED
+CVE-2022-24446 (An issue was discovered in Zoho ManageEngine Key Manager Plus
6.1.6. A ...)
+ TODO: check
CVE-2022-24445
REJECTED
CVE-2022-24444
@@ -5419,10 +5871,10 @@ CVE-2022-0413 (Use After Free in GitHub repository
vim/vim prior to 8.2. ...)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38
NOTE:
https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a
(v8.2.4253)
-CVE-2022-0412
- RESERVED
-CVE-2022-0411
- RESERVED
+CVE-2022-0412 (The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI
WooComm ...)
+ TODO: check
+CVE-2022-0411 (The Asgaros Forum WordPress plugin before 2.0.0 does not
sanitise and ...)
+ TODO: check
CVE-2022-0410
RESERVED
CVE-2022-24122 (kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when
unprivil ...)
@@ -5798,8 +6250,8 @@ CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in
Packagist remdex/livehelpe
NOT-FOR-US: livehelperchat
CVE-2022-0386
RESERVED
-CVE-2022-0385
- RESERVED
+CVE-2022-0385 (The Crazy Bone WordPress plugin through 0.6.0 does not sanitise
and es ...)
+ TODO: check
CVE-2022-0384
RESERVED
CVE-2021-46656 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
@@ -6028,10 +6480,10 @@ CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has
an integer overflow in the
NOTE: Fixed by:
https://github.com/libexpat/libexpat/commit/ede41d1e186ed2aba88a06e84cac839b770af3a1
(R_2_4_4)
CVE-2022-23989
RESERVED
-CVE-2022-23988
- RESERVED
-CVE-2022-23987
- RESERVED
+CVE-2022-23988 (The WS Form LITE and Pro WordPress plugins before 1.8.176 do
not sanit ...)
+ TODO: check
+CVE-2022-23987 (The WS Form LITE and Pro WordPress plugins before 1.8.176 do
not sanit ...)
+ TODO: check
CVE-2022-23984 (Sensitive information disclosure discovered in wpDiscuz
WordPress plug ...)
NOT-FOR-US: WordPress plugin
CVE-2022-23983 (Cross-Site Request Forgery (CSRF) vulnerability leading to
plugin Sett ...)
@@ -6056,8 +6508,8 @@ CVE-2022-23974
RESERVED
CVE-2022-23103
RESERVED
-CVE-2022-0383
- RESERVED
+CVE-2022-0383 (The WP Review Slider WordPress plugin before 11.0 does not
sanitise an ...)
+ TODO: check
CVE-2022-0382 (An information leak flaw was found due to uninitialized memory
in the ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -6072,8 +6524,8 @@ CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in
Packagist microweber/micro
NOT-FOR-US: microweber
CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist
microweber/microwe ...)
NOT-FOR-US: microweber
-CVE-2022-0377
- RESERVED
+CVE-2022-0377 (Users of the LearnPress WordPress plugin before 4.1.5 can
upload an im ...)
+ TODO: check
CVE-2022-0376
RESERVED
CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist
remdex/livehelperchat ...)
@@ -6206,8 +6658,8 @@ CVE-2022-0361 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b
NOTE:
https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366
(v8.2.4215)
-CVE-2022-0360
- RESERVED
+CVE-2022-0360 (The Easy Drag And drop All Import : WP Ultimate CSV Importer
WordPress ...)
+ TODO: check
CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -6308,20 +6760,20 @@ CVE-2021-4210
RESERVED
CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an
attacker coul ...)
NOT-FOR-US: Apache ActiveMQ Artemis
-CVE-2022-23912
- RESERVED
-CVE-2022-23911
- RESERVED
+CVE-2022-23912 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7
does no ...)
+ TODO: check
+CVE-2022-23911 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7
does no ...)
+ TODO: check
CVE-2022-23910
RESERVED
CVE-2022-23909
RESERVED
CVE-2022-23908
RESERVED
-CVE-2022-23907
- RESERVED
-CVE-2022-23906
- RESERVED
+CVE-2022-23907 (CMS Made Simple v2.2.15 was discovered to contain a reflected
cross-si ...)
+ TODO: check
+CVE-2022-23906 (CMS Made Simple v2.2.15 was discovered to contain a Remote
Command Exe ...)
+ TODO: check
CVE-2022-23905
RESERVED
CVE-2022-23904
@@ -6422,8 +6874,8 @@ CVE-2022-0347
RESERVED
CVE-2022-0346
RESERVED
-CVE-2022-0345
- RESERVED
+CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin
before 1.8. ...)
+ TODO: check
CVE-2022-0344
RESERVED
CVE-2022-0343
@@ -6938,8 +7390,8 @@ CVE-2022-0330 [drm/i915: Flush TLBs before releasing
backing store]
NOTE:
https://git.kernel.org/linus/7938d61591d33394a21bdd7797a245b65428f44c
CVE-2022-0329
REJECTED
-CVE-2022-0328
- RESERVED
+CVE-2022-0328 (The Simple Membership WordPress plugin before 4.0.9 does not
have CSRF ...)
+ TODO: check
CVE-2022-0327
RESERVED
CVE-2021-46403
@@ -9263,8 +9715,8 @@ CVE-2022-0191
RESERVED
CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before
1.2.6 is ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0189
- RESERVED
+CVE-2022-0189 (The WP RSS Aggregator WordPress plugin before 4.20 does not
sanitise a ...)
+ TODO: check
CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even
not logge ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0187
@@ -10663,8 +11115,8 @@ CVE-2022-0152 (An issue has been discovered in GitLab
affecting all versions sta
- gitlab <unfixed>
CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
-CVE-2022-0150
- RESERVED
+CVE-2022-0150 (The WP Accessibility Helper (WAH) WordPress plugin before
0.6.0.7 does ...)
+ TODO: check
CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1
was affe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+
Social Icon ...)
@@ -12609,8 +13061,8 @@ CVE-2021-4189 [ftplib should not use the host from the
PASV response]
NOTE:
https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33
(v3.7.11)
NOTE:
https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88
(v3.6.14)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036020
-CVE-2022-22262
- RESERVED
+CVE-2022-22262 (ROG Live Service’s function for deleting temp files
created by i ...)
+ TODO: check
CVE-2022-0077
RESERVED
CVE-2022-0076
@@ -13926,8 +14378,8 @@ CVE-2021-4155
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813
NOTE:
https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/1
-CVE-2020-36510
- RESERVED
+CVE-2020-36510 (The 15Zine WordPress theme before 3.3.0 does not sanitise and
escape t ...)
+ TODO: check
CVE-2022-22261
RESERVED
CVE-2022-22260
@@ -14496,8 +14948,8 @@ CVE-2021-45416 (Reflected Cross-site scripting (XSS)
vulnerability in RosarioSIS
NOT-FOR-US: RosarioSIS
CVE-2021-45415
RESERVED
-CVE-2021-45414
- RESERVED
+CVE-2021-45414 (A Remote Code Execution (RCE) vulnerability exists in
DataRobot throug ...)
+ TODO: check
CVE-2021-45413
RESERVED
CVE-2021-45412
@@ -16147,10 +16599,10 @@ CVE-2021-44964
RESERVED
CVE-2021-44963
RESERVED
-CVE-2021-44962
- RESERVED
-CVE-2021-44961
- RESERVED
+CVE-2021-44962 (An out-of-bounds read vulnerability exists in the
GCode::extrude() fun ...)
+ TODO: check
+CVE-2021-44961 (A memory leakage flaw exists in the class PerimeterGenerator
of Slic3r ...)
+ TODO: check
CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot
function in the ...)
- svgpp <unfixed>
[bullseye] - svgpp <no-dsa> (Minor issue)
@@ -18045,14 +18497,14 @@ CVE-2021-44344
RESERVED
CVE-2021-44343
RESERVED
-CVE-2021-44342
- RESERVED
+CVE-2021-44342 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer
Overflo ...)
+ TODO: check
CVE-2021-44341
RESERVED
-CVE-2021-44340
- RESERVED
-CVE-2021-44339
- RESERVED
+CVE-2021-44340 (David Brackeen ok-file-formats dev version is vulnerable to
Buffer Ove ...)
+ TODO: check
+CVE-2021-44339 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer
Overflo ...)
+ TODO: check
CVE-2021-44338
RESERVED
CVE-2021-44337
@@ -18061,14 +18513,14 @@ CVE-2021-44336
RESERVED
CVE-2021-44335
RESERVED
-CVE-2021-44334
- RESERVED
+CVE-2021-44334 (David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer
Overflo ...)
+ TODO: check
CVE-2021-44333
RESERVED
CVE-2021-44332
RESERVED
-CVE-2021-44331
- RESERVED
+CVE-2021-44331 (ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function
encode_ ...)
+ TODO: check
CVE-2021-44330
RESERVED
CVE-2021-44329
@@ -19609,8 +20061,8 @@ CVE-2021-43947 (Affected versions of Atlassian Jira
Server and Data Center allow
NOT-FOR-US: Atlassian
CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center
allow authe ...)
NOT-FOR-US: Atlassian
-CVE-2021-43945
- RESERVED
+CVE-2021-43945 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
+ TODO: check
CVE-2021-43944
RESERVED
CVE-2021-43943 (Affected versions of Atlassian Jira Service Management Server
and Data ...)
@@ -21215,8 +21667,8 @@ CVE-2021-43621
RESERVED
CVE-2021-43620 (An issue was discovered in the fruity crate through 0.2.0 for
Rust. Se ...)
NOT-FOR-US: Rust crate fruity
-CVE-2021-43619
- RESERVED
+CVE-2021-43619 (Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow
issue in ...)
+ TODO: check
CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1
has an m ...)
{DLA-2837-1}
- gmp 2:6.2.1+dfsg-3 (bug #994405)
@@ -23677,8 +24129,8 @@ CVE-2021-43088
RESERVED
CVE-2021-43087
RESERVED
-CVE-2021-43086
- RESERVED
+CVE-2021-43086 (ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the
compressi ...)
+ TODO: check
CVE-2021-43085
RESERVED
CVE-2021-43084
@@ -24056,8 +24508,8 @@ CVE-2021-42953
RESERVED
CVE-2021-42952 (Zepl Notebooks before 2021-10-25 are affected by a sandbox
escape vuln ...)
NOT-FOR-US: Zepl Notebooks
-CVE-2021-42951
- RESERVED
+CVE-2021-42951 (A Remote Code Execution (RCE) vulnerability exists in
Algorithmia MSOL ...)
+ TODO: check
CVE-2021-42950
RESERVED
CVE-2021-42949
@@ -24452,8 +24904,8 @@ CVE-2021-42769
RESERVED
CVE-2021-42768
RESERVED
-CVE-2021-42767
- RESERVED
+CVE-2021-42767 (A directory traversal vulnerability in the Apoc plugins in
Neo4J Graph ...)
+ TODO: check
CVE-2021-42766 (The Proof-of-Stake (PoS) Ethereum consensus protocol through
2021-10-1 ...)
NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol
CVE-2021-42765 (The Proof-of-Stake (PoS) Ethereum consensus protocol through
2021-10-1 ...)
@@ -29715,10 +30167,10 @@ CVE-2021-41114 (TYPO3 is an open source PHP based web
content management system
NOT-FOR-US: Typo3
CVE-2021-41113 (TYPO3 is an open source PHP based web content management
system releas ...)
NOT-FOR-US: Typo3
-CVE-2021-41112
- RESERVED
-CVE-2021-41111
- RESERVED
+CVE-2021-41112 (Rundeck is an open source automation service with a web
console, comma ...)
+ TODO: check
+CVE-2021-41111 (Rundeck is an open source automation service with a web
console, comma ...)
+ TODO: check
CVE-2021-41110 (cwlviewer is a web application to view and share Common
Workflow Langu ...)
NOT-FOR-US: cwlviewer
CVE-2021-41109 (Parse Server is an open source backend that can be deployed to
any inf ...)
@@ -30046,7 +30498,7 @@ CVE-2021-40986 (A remote arbitrary command execution
vulnerability was discovere
NOT-FOR-US: Aruba
CVE-2021-3800
RESERVED
-CVE-2021-40985 (Buffer overflow vulnerability in htmldoc before 1.9.12, allows
attacke ...)
+CVE-2021-40985 (A stack-based buffer under-read in htmldoc before 1.9.12,
allows attac ...)
{DLA-2928-1}
- htmldoc 1.9.13-1 (unimportant)
[bullseye] - htmldoc 1.9.11-4+deb11u1
@@ -40402,27 +40854,27 @@ CVE-2021-36822
CVE-2021-36821
RESERVED
CVE-2021-36820
- RESERVED
+ REJECTED
CVE-2021-36819
- RESERVED
+ REJECTED
CVE-2021-36818
- RESERVED
+ REJECTED
CVE-2021-36817
- RESERVED
+ REJECTED
CVE-2021-36816
- RESERVED
+ REJECTED
CVE-2021-36815
- RESERVED
+ REJECTED
CVE-2021-36814
- RESERVED
+ REJECTED
CVE-2021-36813
- RESERVED
+ REJECTED
CVE-2021-36812
- RESERVED
+ REJECTED
CVE-2021-36811
- RESERVED
+ REJECTED
CVE-2021-36810
- RESERVED
+ REJECTED
CVE-2021-36809
RESERVED
CVE-2021-36808 (A local attacker could bypass the app password using a race
condition ...)
@@ -65085,23 +65537,23 @@ CVE-2021-27017
- puppet <not-affected> (Specific to the Puppet 7.x stack)
NOTE: https://puppet.com/security/cve/CVE-2021-27017/
CVE-2021-27016
- RESERVED
+ REJECTED
CVE-2021-27015
- RESERVED
+ REJECTED
CVE-2021-27014
- RESERVED
+ REJECTED
CVE-2021-27013
- RESERVED
+ REJECTED
CVE-2021-27012
- RESERVED
+ REJECTED
CVE-2021-27011
- RESERVED
+ REJECTED
CVE-2021-27010
- RESERVED
+ REJECTED
CVE-2021-27009
- RESERVED
+ REJECTED
CVE-2021-27008
- RESERVED
+ REJECTED
CVE-2021-27007 (NetApp Virtual Desktop Service (VDS) when used with an HTML5
gateway i ...)
NOT-FOR-US: NetApp Virtual Desktop Service
CVE-2021-27006 (StorageGRID (formerly StorageGRID Webscale) versions 11.5
prior to 11. ...)
@@ -65117,7 +65569,7 @@ CVE-2021-27002 (NetApp Cloud Manager versions prior to
3.9.10 are susceptible to
CVE-2021-27001 (Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16,
9.7P16, 9.8 ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2021-27000
- RESERVED
+ REJECTED
CVE-2021-26999 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive
information ...)
NOT-FOR-US: NetApp Cloud Manager
CVE-2021-26998 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive
information ...)
@@ -70110,8 +70562,8 @@ CVE-2021-25120
RESERVED
CVE-2021-25119
RESERVED
-CVE-2021-25118
- RESERVED
+CVE-2021-25118 (The Yoast SEO WordPress plugin before 17.3 discloses the full
internal ...)
+ TODO: check
CVE-2021-25117
RESERVED
CVE-2021-25116
@@ -70122,8 +70574,8 @@ CVE-2021-25114 (The Paid Memberships Pro WordPress
plugin before 2.6.7 does not
NOT-FOR-US: WordPress plugin
CVE-2021-25113
RESERVED
-CVE-2021-25112
- RESERVED
+CVE-2021-25112 (The WHMCS Bridge WordPress plugin before 6.4b does not
sanitise and es ...)
+ TODO: check
CVE-2021-25111
RESERVED
CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allows any
logged in u ...)
@@ -70184,8 +70636,8 @@ CVE-2021-25083 (The Registrations for the Events
Calendar WordPress plugin befor
NOT-FOR-US: WordPress plugin
CVE-2021-25082 (The Popup Builder WordPress plugin before 4.0.7 does not
validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25081
- RESERVED
+CVE-2021-25081 (The Maps Plugin using Google Maps for WordPress plugin before
1.8.4 do ...)
+ TODO: check
CVE-2021-25080 (The Contact Form Entries WordPress plugin before 1.1.7 does
not valida ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does
not saniti ...)
@@ -70262,8 +70714,8 @@ CVE-2021-25044
RESERVED
CVE-2021-25043 (The WOOCS WordPress plugin before 1.3.7.3 does not sanitise
and escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25042
- RESERVED
+CVE-2021-25042 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin
before ...)
+ TODO: check
CVE-2021-25041 (The Photo Gallery by 10Web WordPress plugin before 1.5.68 is
vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25040 (The Booking Calendar WordPress plugin before 8.9.2 does not
sanitise a ...)
@@ -70278,8 +70730,8 @@ CVE-2021-25036 (The All in One SEO WordPress plugin
before 4.1.5.3 is affected b
NOT-FOR-US: WordPress plugin
CVE-2021-25035 (The Backup and Staging by WP Time Capsule WordPress plugin
before 1.22 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25034
- RESERVED
+CVE-2021-25034 (The WP User WordPress plugin before 7.0 does not sanitise and
escape s ...)
+ TODO: check
CVE-2021-25033 (The WordPress Newsletter Plugin WordPress plugin before 1.6.5
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25032 (The PublishPress Capabilities WordPress plugin before 2.3.1,
PublishPr ...)
@@ -70324,10 +70776,10 @@ CVE-2021-25013 (The Qubely WordPress plugin before
1.7.8 does not have authorisa
NOT-FOR-US: WordPress plugin
CVE-2021-25012
RESERVED
-CVE-2021-25011
- RESERVED
-CVE-2021-25010
- RESERVED
+CVE-2021-25011 (The Maps Plugin using Google Maps for WordPress plugin before
1.8.1 do ...)
+ TODO: check
+CVE-2021-25010 (The Post Snippets WordPress plugin before 3.1.4 does not have
CSRF che ...)
+ TODO: check
CVE-2021-25009
RESERVED
CVE-2021-25008 (The Code Snippets WordPress plugin before 2.14.3 does not
escape the s ...)
@@ -70358,8 +70810,8 @@ CVE-2021-24996
RESERVED
CVE-2021-24995
RESERVED
-CVE-2021-24994
- RESERVED
+CVE-2021-24994 (The Migration, Backup, Staging WordPress plugin before 0.9.69
does not ...)
+ TODO: check
CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26
does not h ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before
2.5.5 does ...)
@@ -70392,8 +70844,8 @@ CVE-2021-24979 (The Paid Memberships Pro WordPress
plugin before 2.6.6 does not
NOT-FOR-US: WordPress plugin
CVE-2021-24978
RESERVED
-CVE-2021-24977
- RESERVED
+CVE-2021-24977 (The Use Any Font | Custom Font Uploader WordPress plugin
before 6.2.1 ...)
+ TODO: check
CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24975 (The NextScripts: Social Networks Auto-Poster WordPress plugin
before 4 ...)
@@ -70404,8 +70856,8 @@ CVE-2021-24973 (The Site Reviews WordPress plugin
before 5.17.3 does not sanitis
NOT-FOR-US: WordPress plugin
CVE-2021-24972 (The Pixel Cat WordPress plugin before 2.6.3 does not escape
some of it ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24971
- RESERVED
+CVE-2021-24971 (The WP Responsive Menu WordPress plugin before 3.1.7.1 does
not have c ...)
+ TODO: check
CVE-2021-24970 (The All-in-One Video Gallery WordPress plugin before 2.5.0
does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24969 (The WordPress Download Manager WordPress plugin before 3.2.22
does not ...)
@@ -70480,8 +70932,8 @@ CVE-2021-24935 (The WP Google Fonts WordPress plugin
before 3.1.5 does not escap
NOT-FOR-US: WordPress plugin
CVE-2021-24934 (The Visual CSS Style Editor WordPress plugin before 7.5.4 does
not san ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24933
- RESERVED
+CVE-2021-24933 (The Dynamic Widgets WordPress plugin through 1.5.16 does not
escape th ...)
+ TODO: check
CVE-2021-24932 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin
before ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24931 (The Secure Copy Content Protection and Content Locking
WordPress plugi ...)
@@ -70506,8 +70958,8 @@ CVE-2021-24922 (The Pixel Cat WordPress plugin before
2.6.2 does not have CSRF c
NOT-FOR-US: WordPress plugin
CVE-2021-24921 (The Advanced Database Cleaner WordPress plugin before 3.0.4
does not s ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24920
- RESERVED
+CVE-2021-24920 (The StatCounter WordPress plugin before 2.0.7 does not
sanitise and es ...)
+ TODO: check
CVE-2021-24919 (The Wicked Folders WordPress plugin before 2.8.10 does not
sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before
4.0.1 did n ...)
@@ -70520,8 +70972,8 @@ CVE-2021-24915 (The Contest Gallery WordPress plugin
before 13.1.0.6 does not ha
NOT-FOR-US: WordPress plugin
CVE-2021-24914 (The Tawk.To Live Chat WordPress plugin before 0.6.0 does not
have capa ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24913
- RESERVED
+CVE-2021-24913 (The Logo Showcase with Slick Slider WordPress plugin before
2.0.1 does ...)
+ TODO: check
CVE-2021-24912
RESERVED
CVE-2021-24911
@@ -70540,18 +70992,18 @@ CVE-2021-24905
RESERVED
CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does
not impl ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24903
- RESERVED
+CVE-2021-24903 (The GRAND FlaGallery WordPress plugin through 6.1.2 does not
sanitise ...)
+ TODO: check
CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress
plugin be ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24901
- RESERVED
+CVE-2021-24901 (The Security Audit WordPress plugin through 1.0.0 does not
sanitise an ...)
+ TODO: check
CVE-2021-24900 (The Ninja Tables WordPress plugin before 4.1.8 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24898
- RESERVED
+CVE-2021-24898 (The EditableTable WordPress plugin through 0.1.4 does not
sanitise and ...)
+ TODO: check
CVE-2021-24897
RESERVED
CVE-2021-24896 (The Caldera Forms WordPress plugin before 1.9.5 does not
sanitise and ...)
@@ -70618,8 +71070,8 @@ CVE-2021-24866 (The WP Data Access WordPress plugin
before 5.0.0 does not proper
NOT-FOR-US: WordPress plugin
CVE-2021-24865 (The Advanced Custom Fields: Extended WordPress plugin before
0.8.8.7 d ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24864
- RESERVED
+CVE-2021-24864 (The WP Cloudy, weather plugin WordPress plugin before 4.4.9
does not e ...)
+ TODO: check
CVE-2021-24863 (The WP Block and Stop Bad Bots Crawlers and Spiders and Anti
Spam Prot ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24862 (The RegistrationMagic WordPress plugin before 5.0.1.6 does not
escape ...)
@@ -70700,14 +71152,14 @@ CVE-2021-24825
RESERVED
CVE-2021-24824
RESERVED
-CVE-2021-24823
- RESERVED
+CVE-2021-24823 (The Support Board WordPress plugin before 3.3.6 does not have
any CSRF ...)
+ TODO: check
CVE-2021-24822 (The Stylish Cost Calculator WordPress plugin before 7.0.4 does
not hav ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24821
RESERVED
-CVE-2021-24820
- RESERVED
+CVE-2021-24820 (The Cost Calculator WordPress plugin through 1.4 allows users
with a r ...)
+ TODO: check
CVE-2021-24819 (The Page/Post Content Shortcode WordPress plugin through 1.0
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24818 (The WP Limits WordPress plugin through 1.0 does not have CSRF
check wh ...)
@@ -70740,8 +71192,8 @@ CVE-2021-24805
RESERVED
CVE-2021-24804 (The Simple JWT Login WordPress plugin before 3.2.1 does not
have nonce ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24803
- RESERVED
+CVE-2021-24803 (The Core Tweaks WP Setup WordPress plugin through 4.1 allows
to bulk-s ...)
+ TODO: check
CVE-2021-24802 (The Colorful Categories WordPress plugin before 2.0.15 does
not enforc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24801 (The WP Survey Plus WordPress plugin through 1.0 does not have
any auth ...)
@@ -70886,8 +71338,8 @@ CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress
– DearFlip WordPre
NOT-FOR-US: WordPress plugin
CVE-2021-24731 (The Registration Forms – User profile, Content
Restriction, Spam ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24730
- RESERVED
+CVE-2021-24730 (The Logo Showcase with Slick Slider WordPress plugin before
1.2.5 does ...)
+ TODO: check
CVE-2021-24729 (The Logo Showcase with Slick Slider WordPress plugin before
1.2.4 does ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24728 (The Membership & Content Restriction – Paid Member
Subscript ...)
@@ -70938,8 +71390,8 @@ CVE-2021-24706 (The Qwizcards – online quizzes
and flashcards WordPress pl
NOT-FOR-US: WordPress plugin
CVE-2021-24705 (The NEX-Forms WordPress plugin through 7.9.4 does not escape
some of i ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24704
- RESERVED
+CVE-2021-24704 (In the Orange Form WordPress plugin through 1.0, the
process_bulk_acti ...)
+ TODO: check
CVE-2021-24703 (The Download Plugin WordPress plugin before 1.6.1 does not
have capabi ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not
properly sanit ...)
@@ -70968,10 +71420,10 @@ CVE-2021-24691 (The Quiz And Survey Master WordPress
plugin before 7.3.2 does no
NOT-FOR-US: WordPress plugin
CVE-2021-24690 (The Chained Quiz WordPress plugin before 1.2.7.2 does not
properly san ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24689
- RESERVED
-CVE-2021-24688
- RESERVED
+CVE-2021-24689 (The Contact Forms - Drag & Drop Contact Form Builder
WordPress plu ...)
+ TODO: check
+CVE-2021-24688 (The Orange Form WordPress plugin through 1.0.1 does not have
any autho ...)
+ TODO: check
CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2
does no ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24686 (The SVG Support WordPress plugin before 2.3.20 does not escape
the "CS ...)
@@ -77982,8 +78434,7 @@ CVE-2021-21710
RESERVED
CVE-2021-21709
RESERVED
-CVE-2021-21708
- RESERVED
+CVE-2021-21708 (In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and
8.1.x belo ...)
{DSA-5082-1}
- php8.1 <unfixed>
- php7.4 <removed>
@@ -106570,10 +107021,10 @@ CVE-2020-22847
RESERVED
CVE-2020-22846
RESERVED
-CVE-2020-22845
- RESERVED
-CVE-2020-22844
- RESERVED
+CVE-2020-22845 (A buffer overflow in Mikrotik RouterOS 6.47 allows
unauthenticated att ...)
+ TODO: check
+CVE-2020-22844 (A buffer overflow in Mikrotik RouterOS 6.47 allows
unauthenticated att ...)
+ TODO: check
CVE-2020-22843
RESERVED
CVE-2020-22842 (CMS Made Simple before 2.2.15 allows XSS via the m1_mod
parameter in a ...)
@@ -130118,8 +130569,8 @@ CVE-2020-12777 (A function in Combodo iTop contains a
vulnerability of Broken Ac
NOT-FOR-US: Combodo iTop
CVE-2020-12776 (Openfind Mail2000 contains Broken Access Control
vulnerability, which ...)
NOT-FOR-US: Openfind Mail2000
-CVE-2020-12775
- RESERVED
+CVE-2020-12775 (Hicos citizen certificate client-side component does not
filter specia ...)
+ TODO: check
CVE-2020-12774 (D-Link DSL-7740C does not properly validate user input, which
allows a ...)
NOT-FOR-US: D-Link
CVE-2020-12773 (A security misconfiguration vulnerability exists in the SDK of
some Re ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48590ec8c1694cc9504cd8ea5ff520fff796cd67
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48590ec8c1694cc9504cd8ea5ff520fff796cd67
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
