Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
74fdaa49 by security tracker role at 2022-03-07T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,255 @@
+CVE-2022-26650
+ RESERVED
+CVE-2022-26649
+ RESERVED
+CVE-2022-26648
+ RESERVED
+CVE-2022-26647
+ RESERVED
+CVE-2022-26646
+ RESERVED
+CVE-2022-26645
+ RESERVED
+CVE-2022-26644
+ RESERVED
+CVE-2022-26643
+ RESERVED
+CVE-2022-26642
+ RESERVED
+CVE-2022-26641
+ RESERVED
+CVE-2022-26640
+ RESERVED
+CVE-2022-26639
+ RESERVED
+CVE-2022-26638
+ RESERVED
+CVE-2022-26637
+ RESERVED
+CVE-2022-26636
+ RESERVED
+CVE-2022-26635
+ RESERVED
+CVE-2022-26634
+ RESERVED
+CVE-2022-26633
+ RESERVED
+CVE-2022-26632
+ RESERVED
+CVE-2022-26631
+ RESERVED
+CVE-2022-26630
+ RESERVED
+CVE-2022-26629
+ RESERVED
+CVE-2022-26628
+ RESERVED
+CVE-2022-26627
+ RESERVED
+CVE-2022-26626
+ RESERVED
+CVE-2022-26625
+ RESERVED
+CVE-2022-26624
+ RESERVED
+CVE-2022-26623
+ RESERVED
+CVE-2022-26622
+ RESERVED
+CVE-2022-26621
+ RESERVED
+CVE-2022-26620
+ RESERVED
+CVE-2022-26619
+ RESERVED
+CVE-2022-26618
+ RESERVED
+CVE-2022-26617
+ RESERVED
+CVE-2022-26616
+ RESERVED
+CVE-2022-26615
+ RESERVED
+CVE-2022-26614
+ RESERVED
+CVE-2022-26613
+ RESERVED
+CVE-2022-26612
+ RESERVED
+CVE-2022-26611
+ RESERVED
+CVE-2022-26610
+ RESERVED
+CVE-2022-26609
+ RESERVED
+CVE-2022-26608
+ RESERVED
+CVE-2022-26607
+ RESERVED
+CVE-2022-26606
+ RESERVED
+CVE-2022-26605
+ RESERVED
+CVE-2022-26604
+ RESERVED
+CVE-2022-26603
+ RESERVED
+CVE-2022-26602
+ RESERVED
+CVE-2022-26601
+ RESERVED
+CVE-2022-26600
+ RESERVED
+CVE-2022-26599
+ RESERVED
+CVE-2022-26598
+ RESERVED
+CVE-2022-26597
+ RESERVED
+CVE-2022-26596
+ RESERVED
+CVE-2022-26595
+ RESERVED
+CVE-2022-26594
+ RESERVED
+CVE-2022-26593
+ RESERVED
+CVE-2022-26592
+ RESERVED
+CVE-2022-26591
+ RESERVED
+CVE-2022-26590
+ RESERVED
+CVE-2022-26589
+ RESERVED
+CVE-2022-26588
+ RESERVED
+CVE-2022-26587
+ RESERVED
+CVE-2022-26586
+ RESERVED
+CVE-2022-26585
+ RESERVED
+CVE-2022-26584
+ RESERVED
+CVE-2022-26583
+ RESERVED
+CVE-2022-26582
+ RESERVED
+CVE-2022-26581
+ RESERVED
+CVE-2022-26580
+ RESERVED
+CVE-2022-26579
+ RESERVED
+CVE-2022-26578
+ RESERVED
+CVE-2022-26577
+ RESERVED
+CVE-2022-26576
+ RESERVED
+CVE-2022-26575
+ RESERVED
+CVE-2022-26574
+ RESERVED
+CVE-2022-26573
+ RESERVED
+CVE-2022-26572
+ RESERVED
+CVE-2022-26571
+ RESERVED
+CVE-2022-26570
+ RESERVED
+CVE-2022-26569
+ RESERVED
+CVE-2022-26568
+ RESERVED
+CVE-2022-26567
+ RESERVED
+CVE-2022-26566
+ RESERVED
+CVE-2022-26565
+ RESERVED
+CVE-2022-26564
+ RESERVED
+CVE-2022-26563
+ RESERVED
+CVE-2022-26562
+ RESERVED
+CVE-2022-26561
+ RESERVED
+CVE-2022-26560
+ RESERVED
+CVE-2022-26559
+ RESERVED
+CVE-2022-26558
+ RESERVED
+CVE-2022-26557
+ RESERVED
+CVE-2022-26556
+ RESERVED
+CVE-2022-26555
+ RESERVED
+CVE-2022-26554
+ RESERVED
+CVE-2022-26553
+ RESERVED
+CVE-2022-26552
+ RESERVED
+CVE-2022-26551
+ RESERVED
+CVE-2022-26550
+ RESERVED
+CVE-2022-26549
+ RESERVED
+CVE-2022-26548
+ RESERVED
+CVE-2022-26547
+ RESERVED
+CVE-2022-26546
+ RESERVED
+CVE-2022-26545
+ RESERVED
+CVE-2022-26544
+ RESERVED
+CVE-2022-26543
+ RESERVED
+CVE-2022-26542
+ RESERVED
+CVE-2022-26541
+ RESERVED
+CVE-2022-26540
+ RESERVED
+CVE-2022-26539
+ RESERVED
+CVE-2022-26538
+ RESERVED
+CVE-2022-26537
+ RESERVED
+CVE-2022-26536
+ RESERVED
+CVE-2022-26535
+ RESERVED
+CVE-2022-26534
+ RESERVED
+CVE-2022-26533
+ RESERVED
+CVE-2022-25960
+ RESERVED
+CVE-2022-0879
+ RESERVED
+CVE-2022-0878
+ RESERVED
+CVE-2022-0877
+ RESERVED
+CVE-2022-0876
+ RESERVED
+CVE-2022-0875
+ RESERVED
+CVE-2022-0874
+ RESERVED
+CVE-2022-0873
+ RESERVED
CVE-2022-26532
RESERVED
CVE-2022-26531
@@ -22,8 +274,8 @@ CVE-2022-26522
RESERVED
CVE-2022-26521 (Abantecart through 1.3.2 allows remote authenticated
administrators to ...)
NOT-FOR-US: Abantecart
-CVE-2022-26520
- RESERVED
+CVE-2022-26520 (** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who
controls the ...)
+ TODO: check
CVE-2022-0872
RESERVED
CVE-2022-26019
@@ -77,8 +329,8 @@ CVE-2022-26491
RESERVED
CVE-2022-26489
RESERVED
-CVE-2022-26488
- RESERVED
+CVE-2022-26488 (In Python before 3.10.3 on Windows, local users can gain
privileges be ...)
+ TODO: check
CVE-2022-26487 (Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express
through ...)
NOT-FOR-US: Mitel
CVE-2021-46704 (In GenieACS 1.2.x before 1.2.8, the UI interface API is
vulnerable to ...)
@@ -94,13 +346,13 @@ CVE-2022-26490 (st21nfca_connectivity_event_received in
drivers/nfc/st21nfca/se.
NOTE:
https://git.kernel.org/linux/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1)
CVE-2022-26486
RESERVED
- {DSA-5090-1}
+ {DSA-5090-1 DLA-2933-1}
- firefox <unfixed>
- firefox-esr 91.6.1esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/#CVE-2022-26486
CVE-2022-26485
RESERVED
- {DSA-5090-1}
+ {DSA-5090-1 DLA-2933-1}
- firefox <unfixed>
- firefox-esr 91.6.1esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/#CVE-2022-26485
@@ -124,8 +376,8 @@ CVE-2022-0867
RESERVED
CVE-2022-0866
RESERVED
-CVE-2022-0865
- RESERVED
+CVE-2022-0865 (Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers
to cau ...)
+ TODO: check
CVE-2022-26476
RESERVED
CVE-2022-26475
@@ -365,6 +617,7 @@ CVE-2022-26388
RESERVED
CVE-2022-0847
RESERVED
+ {DSA-5092-1}
- linux 5.16.11-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -491,8 +744,8 @@ CVE-2022-26334
RESERVED
CVE-2022-26304
RESERVED
-CVE-2022-26131
- RESERVED
+CVE-2022-26131 (Power Line Communications PLC4TRUCKS J2497 trailer receivers
are susce ...)
+ TODO: check
CVE-2022-26124
RESERVED
CVE-2022-26086
@@ -519,8 +772,8 @@ CVE-2022-25992
RESERVED
CVE-2022-25966
RESERVED
-CVE-2022-25922
- RESERVED
+CVE-2022-25922 (Power Line Communications PLC4TRUCKS J2497 trailer brake
controllers i ...)
+ TODO: check
CVE-2022-25917
RESERVED
CVE-2022-25909
@@ -1771,12 +2024,12 @@ CVE-2022-0758
RESERVED
CVE-2022-0757
RESERVED
-CVE-2022-0756
- RESERVED
-CVE-2022-0755
- RESERVED
-CVE-2022-0754
- RESERVED
+CVE-2022-0756 (Improper Authorization in GitHub repository
salesagility/suitecrm prio ...)
+ TODO: check
+CVE-2022-0755 (Improper Access Control in GitHub repository
salesagility/suitecrm pri ...)
+ TODO: check
+CVE-2022-0754 (SQL Injection in GitHub repository salesagility/suitecrm prior
to 7.12 ...)
+ TODO: check
CVE-2022-0753 (Cross-site Scripting (XSS) - Reflected in GitHub repository
hestiacp/h ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-0752 (Cross-site Scripting (XSS) - Generic in GitHub repository
hestiacp/hes ...)
@@ -2238,8 +2491,7 @@ CVE-2022-0727 (Improper Access Control in GitHub
repository chocobozzz/peertube
- peertube <itp> (bug #950821)
CVE-2022-0726 (Improper Authorization in GitHub repository chocobozzz/peertube
prior ...)
- peertube <itp> (bug #950821)
-CVE-2022-0725 [logs plain text passwords in system log when clearing the
clipboard]
- RESERVED
+CVE-2022-0725 (A flaw was found in KeePass. The vulnerability occurs due to
logging t ...)
- keepass2 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052696
NOTE:
https://sourceforge.net/p/keepass/discussion/329220/thread/da7546b7e1/
@@ -2309,16 +2561,16 @@ CVE-2022-25624
RESERVED
CVE-2022-25623 (The Symantec Management Agent is susceptible to a privilege
escalation ...)
NOT-FOR-US: Symantec
-CVE-2022-25325
- RESERVED
-CVE-2022-25234
- RESERVED
-CVE-2022-25230
- RESERVED
-CVE-2022-21219
- RESERVED
-CVE-2022-21124
- RESERVED
+CVE-2022-25325 (Use after free vulnerability in CX-Programmer v9.76.1 and
earlier whic ...)
+ TODO: check
+CVE-2022-25234 (Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and
earlier ...)
+ TODO: check
+CVE-2022-25230 (Use after free vulnerability in CX-Programmer v9.76.1 and
earlier whic ...)
+ TODO: check
+CVE-2022-21219 (Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and
earlier ...)
+ TODO: check
+CVE-2022-21124 (Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and
earlier ...)
+ TODO: check
CVE-2022-0717 (Out-of-bounds Read in GitHub repository mruby/mruby prior to
3.2. ...)
- mruby <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9
@@ -2871,6 +3123,7 @@ CVE-2022-25377
CVE-2022-25376
RESERVED
CVE-2022-25375 (An issue was discovered in drivers/usb/gadget/function/rndis.c
in the ...)
+ {DSA-5092-1}
- linux 5.16.10-1
NOTE: https://github.com/szymonh/rndis-co
NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/1
@@ -3083,8 +3336,8 @@ CVE-2022-25316
RESERVED
CVE-2022-25312 (An XML external entity (XXE) injection vulnerability was
discovered in ...)
NOT-FOR-US: Apache Any23
-CVE-2022-21132
- RESERVED
+CVE-2022-21132 (Directory traversal vulnerability in pfSense-pkg-WireGuard
pfSense-pkg ...)
+ TODO: check
CVE-2022-0676 (Heap-based Buffer Overflow in GitHub repository
radareorg/radare2 prio ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/5ad814a1-5dd3-43f4-869b-33b8dab78485
@@ -3095,7 +3348,7 @@ CVE-2022-0675 (In certain situations it is possible for
an unmanaged rule to exi
NOTE: https://puppet.com/security/cve/CVE-2022-0675
NOTE: https://forge.puppet.com/modules/puppetlabs/firewall/3.4.0
CVE-2022-25315 (In Expat (aka libexpat) before 2.4.5, there is an integer
overflow in ...)
- {DSA-5085-1}
+ {DSA-5085-1 DLA-2935-1}
- expat 2.4.5-1
NOTE: https://github.com/libexpat/libexpat/pull/559
NOTE:
https://github.com/libexpat/libexpat/commit/eb0362808b4f9f1e2345a0cf203b8cc196d776d9
@@ -3106,7 +3359,7 @@ CVE-2022-25314 (In Expat (aka libexpat) before 2.4.5,
there is an integer overfl
NOTE: https://github.com/libexpat/libexpat/pull/560
NOTE:
https://github.com/libexpat/libexpat/commit/efcb347440ade24b9f1054671e6bd05e60b4cafd
CVE-2022-25313 (In Expat (aka libexpat) before 2.4.5, an attacker can trigger
stack ex ...)
- {DSA-5085-1}
+ {DSA-5085-1 DLA-2935-1}
- expat 2.4.5-1
NOTE: https://github.com/libexpat/libexpat/pull/558
NOTE:
https://github.com/libexpat/libexpat/commit/9b4ce651b26557f16103c3a366c91934ecd439ab
@@ -3124,8 +3377,8 @@ CVE-2022-25306 (The WP Statistics WordPress plugin is
vulnerable to Cross-Site S
NOT-FOR-US: WordPress plugin
CVE-2022-25305 (The WP Statistics WordPress plugin is vulnerable to Cross-Site
Scripti ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-21158
- RESERVED
+CVE-2022-21158 (A stored cross-site scripting vulnerability in marktext
versions prior ...)
+ TODO: check
CVE-2022-0674
RESERVED
CVE-2022-0673 (A flaw was found in LemMinX in versions prior to 0.19.0. Cache
poisoni ...)
@@ -3182,8 +3435,8 @@ CVE-2022-25296
RESERVED
CVE-2022-25295
RESERVED
-CVE-2022-25294
- RESERVED
+CVE-2022-25294 (Proofpoint Insider Threat Management Agent for Windows relies
on an in ...)
+ TODO: check
CVE-2022-25293 (A systemd stack-based buffer overflow in WatchGuard Firebox
and XTM ap ...)
NOT-FOR-US: WatchGuard
CVE-2022-25292 (A wgagent stack-based buffer overflow in WatchGuard Firebox
and XTM ap ...)
@@ -3256,6 +3509,7 @@ CVE-2022-25260 (JetBrains Hub before 2021.1.14276 was
vulnerable to blind Server
CVE-2022-25259 (JetBrains Hub before 2021.1.14276 was vulnerable to reflected
XSS. ...)
NOT-FOR-US: JetBrains Hub
CVE-2022-25258 (An issue was discovered in drivers/usb/gadget/composite.c in
the Linux ...)
+ {DSA-5092-1}
- linux 5.16.10-1
NOTE: https://github.com/szymonh/d-os-descriptor
NOTE:
https://git.kernel.org/linus/75e5b4849b81e19e9efe1654b30d7f3151c33c2c (5.17-rc4)
@@ -3409,7 +3663,7 @@ CVE-2022-25238
CVE-2022-25237
RESERVED
CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows
attackers to in ...)
- {DSA-5085-1}
+ {DSA-5085-1 DLA-2935-1}
- expat 2.4.5-1 (bug #1005895)
NOTE: https://github.com/libexpat/libexpat/pull/561
NOTE:
https://github.com/libexpat/libexpat/commit/6881a4fc8596307ab9ff2e85e605afa2e413ab71
@@ -3421,7 +3675,7 @@ CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before
2.4.5 allows attackers
NOTE:
https://github.com/libexpat/libexpat/commit/5dd52182972a35f2251a07784eda35d3d52d3e07
NOTE:
https://github.com/libexpat/libexpat/commit/c57bea96b73eee1c6d5e288f0f57efbf5238e49a
CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks
certain valid ...)
- {DSA-5085-1}
+ {DSA-5085-1 DLA-2935-1}
- expat 2.4.5-1 (bug #1005894)
NOTE: https://github.com/libexpat/libexpat/pull/562
NOTE:
https://github.com/libexpat/libexpat/commit/ee2a5b50e7d1940ba8745715b62ceb9efd3a96da
@@ -4231,6 +4485,7 @@ CVE-2022-24961 (In Portainer Agent before 2.11.1, an API
server can continue run
CVE-2022-24960
RESERVED
CVE-2022-24959 (An issue was discovered in the Linux kernel before 5.16.5.
There is a ...)
+ {DSA-5092-1}
- linux 5.16.7-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/29eb31542787e1019208a2e1047bb7c76c069536 (5.17-rc2)
@@ -4943,8 +5198,8 @@ CVE-2022-0536 (Exposure of Sensitive Information to an
Unauthorized Actor in NPM
[buster] - node-follow-redirects <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db/
NOTE:
https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445
(v1.14.8)
-CVE-2022-0535
- RESERVED
+CVE-2022-0535 (The E2Pdf WordPress plugin before 1.16.45 does not sanitise and
escape ...)
+ TODO: check
CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the
stack ou ...)
{DLA-2928-1}
- htmldoc 1.9.15-1 (unimportant)
@@ -4952,8 +5207,8 @@ CVE-2022-0534 (A vulnerability was found in htmldoc
version 1.9.15 where the sta
NOTE: Fixed by:
https://github.com/michaelrsweet/htmldoc/commit/776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50
(v1.9.15)
NOTE: Fixed by:
https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9
(v1.9.15)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-0533
- RESERVED
+CVE-2022-0533 (The Ditty (formerly Ditty News Ticker) WordPress plugin before
3.0.15 ...)
+ TODO: check
CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in
CRI-O 1.18 ...)
NOT-FOR-US: cri-o
CVE-2022-0531
@@ -5020,6 +5275,7 @@ CVE-2022-0517
RESERVED
CVE-2022-0516 [KVM: s390: Return error on SIDA memop on normal guest]
RESERVED
+ {DSA-5092-1}
- linux 5.16.10-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -5477,6 +5733,7 @@ CVE-2022-24450 (NATS nats-server before 2.7.2 has
Incorrect Access Control. Any
CVE-2022-24449
RESERVED
CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel
before 5.1 ...)
+ {DSA-5092-1}
- linux 5.16.7-1
NOTE: Fixed by:
https://git.kernel.org/linus/ac795161c93699d600db16c1a8cc23a65a1eceaf (5.17-rc2)
CVE-2022-24447 (An issue was discovered in Zoho ManageEngine Key Manager Plus
before 6 ...)
@@ -6082,14 +6339,14 @@ CVE-2022-0450
RESERVED
CVE-2022-0449
RESERVED
-CVE-2022-0448
- RESERVED
+CVE-2022-0448 (The CP Blocks WordPress plugin before 1.0.15 does not sanitise
and esc ...)
+ TODO: check
CVE-2022-0447
RESERVED
CVE-2022-0446
RESERVED
-CVE-2022-0445
- RESERVED
+CVE-2022-0445 (The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy
Cookie C ...)
+ TODO: check
CVE-2022-0444
RESERVED
CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
@@ -6098,14 +6355,14 @@ CVE-2022-0443 (Use After Free in GitHub repository
vim/vim prior to 8.2. ...)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51
NOTE:
https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461
(v8.2.4281)
-CVE-2022-0442
- RESERVED
-CVE-2022-0441
- RESERVED
-CVE-2022-0440
- RESERVED
-CVE-2022-0439
- RESERVED
+CVE-2022-0442 (The UsersWP WordPress plugin before 1.2.3.1 is missing access
controls ...)
+ TODO: check
+CVE-2022-0441 (The MasterStudy LMS WordPress plugin before 2.7.6 does to
validate som ...)
+ TODO: check
+CVE-2022-0440 (The Catch Themes Demo Import WordPress plugin before 2.1.1 does
not va ...)
+ TODO: check
+CVE-2022-0439 (The Email Subscribers & Newsletters WordPress plugin before
5.3.2 ...)
+ TODO: check
CVE-2022-0438
RESERVED
CVE-2021-46670
@@ -6205,11 +6462,12 @@ CVE-2022-23400
RESERVED
CVE-2022-0435
RESERVED
+ {DSA-5092-1}
- linux 5.16.10-1
NOTE: https://www.openwall.com/lists/oss-security/2022/02/10/1
NOTE: Fixed by:
https://git.kernel.org/linus/9aa422ad326634b76309e8ff342c246800621216
-CVE-2022-0434
- RESERVED
+CVE-2022-0434 (The Page View Count WordPress plugin before 2.4.15 does not
sanitise a ...)
+ TODO: check
CVE-2022-0433 [missing initialization in bloom filter map in
kernel/bpf/bloom_filter.c can lead to DoS]
RESERVED
- linux <not-affected> (Vulnerable code newer in a supported Debian
release; only affected experimental)
@@ -6221,26 +6479,26 @@ CVE-2022-0431
RESERVED
CVE-2022-0430
RESERVED
-CVE-2022-0429
- RESERVED
+CVE-2022-0429 (The WP Cerber Security, Anti-spam & Malware Scan WordPress
plugin ...)
+ TODO: check
CVE-2022-0428
RESERVED
CVE-2022-0427
RESERVED
-CVE-2022-0426
- RESERVED
+CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before
11.2.3 do ...)
+ TODO: check
CVE-2022-0425
RESERVED
CVE-2022-0424
RESERVED
CVE-2022-0423
RESERVED
-CVE-2022-0422
- RESERVED
+CVE-2022-0422 (The White Label CMS WordPress plugin before 2.2.9 does not
sanitise an ...)
+ TODO: check
CVE-2022-0421
RESERVED
-CVE-2022-0420
- RESERVED
+CVE-2022-0420 (The RegistrationMagic WordPress plugin before 5.0.2.2 does not
sanitis ...)
+ TODO: check
CVE-2022-24271
RESERVED
CVE-2022-24270
@@ -6401,8 +6659,8 @@ CVE-2022-24195
RESERVED
CVE-2022-24194
RESERVED
-CVE-2022-24193
- RESERVED
+CVE-2022-24193 (CasaOS before v0.2.7 was discovered to contain a command
injection vul ...)
+ TODO: check
CVE-2022-24192
RESERVED
CVE-2022-24191
@@ -6527,8 +6785,8 @@ CVE-2022-24132
RESERVED
CVE-2022-24131
RESERVED
-CVE-2022-21170
- RESERVED
+CVE-2022-21170 (Improper check for certificate revocation in i-FILTER
Ver.10.45R01 and ...)
+ TODO: check
CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2
prior ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa
@@ -6604,8 +6862,8 @@ CVE-2022-0412 (The TI WooCommerce Wishlist WordPress
plugin before 1.40.1, TI Wo
NOT-FOR-US: WordPress plugin
CVE-2022-0411 (The Asgaros Forum WordPress plugin before 2.0.0 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0410
- RESERVED
+CVE-2022-0410 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin
before ...)
+ TODO: check
CVE-2022-24122 (kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when
unprivil ...)
- linux 5.15.15-2
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -6901,8 +7159,8 @@ CVE-2022-0391 (A flaw was found in Python, specifically
within the urllib.parse
NOTE: Fixed by:
https://github.com/python/cpython/commit/6c472d3a1d334d4eeb4a25eba7bf3b01611bf667
(v3.6.14)
CVE-2022-0390
RESERVED
-CVE-2022-0389
- RESERVED
+CVE-2022-0389 (The WP Time Slots Booking Form WordPress plugin before 1.1.63
does not ...)
+ TODO: check
CVE-2022-0388
RESERVED
CVE-2021-4217 [Null pointer dereference in Unicode strings code]
@@ -6981,8 +7239,8 @@ CVE-2022-0386
RESERVED
CVE-2022-0385 (The Crazy Bone WordPress plugin through 0.6.0 does not sanitise
and es ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0384
- RESERVED
+CVE-2022-0384 (The Video Conferencing with Zoom WordPress plugin before 3.8.17
does n ...)
+ TODO: check
CVE-2021-46656 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: Bentley View
CVE-2021-46655 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
@@ -7423,8 +7681,8 @@ CVE-2021-4213
NOTE:
https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448
CVE-2022-23941
RESERVED
-CVE-2022-23940
- RESERVED
+CVE-2022-23940 (SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote
Code Execu ...)
+ TODO: check
CVE-2022-23939
RESERVED
CVE-2022-23938
@@ -7595,12 +7853,12 @@ CVE-2022-0351 (Access of Memory Location Before Start
of Buffer in GitHub reposi
NOTE:
https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d
(v8.2.4206)
CVE-2022-0350
RESERVED
-CVE-2022-0349
- RESERVED
+CVE-2022-0349 (The NotificationX WordPress plugin before 2.3.9 does not
sanitise and ...)
+ TODO: check
CVE-2022-0348 (Cross-site Scripting (XSS) - Stored in Packagist
pimcore/pimcore prior ...)
NOT-FOR-US: pimcore
-CVE-2022-0347
- RESERVED
+CVE-2022-0347 (The LoginPress | Custom Login Page Customizer WordPress plugin
before ...)
+ TODO: check
CVE-2022-0346
RESERVED
CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin
before 1.8. ...)
@@ -7962,7 +8220,7 @@ CVE-2022-23853 (The LSP (Language Server Protocol) plugin
in KDE Kate before 21.
NOTE: Fixed by:
https://commits.kde.org/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9
NOTE: Fixed by:
https://commits.kde.org/kate/7e08a58fb50d28ba96aedd5f5cd79a9479b4a0ad
CVE-2022-23852 (Expat (aka libexpat) before 2.4.4 has a signed integer
overflow in XML ...)
- {DSA-5073-1 DLA-2904-1}
+ {DSA-5073-1 DLA-2935-1 DLA-2904-1}
- expat 2.4.3-2
NOTE: https://github.com/libexpat/libexpat/pull/550
NOTE: Fixed by:
https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40
(R_2_4_4)
@@ -8114,6 +8372,7 @@ CVE-2022-0331
RESERVED
CVE-2022-0330 [drm/i915: Flush TLBs before releasing backing store]
RESERVED
+ {DSA-5092-1}
- linux 5.15.15-2
NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/12
NOTE:
https://git.kernel.org/linus/7938d61591d33394a21bdd7797a245b65428f44c
@@ -9278,8 +9537,8 @@ CVE-2022-23385
RESERVED
CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF)
in /admin ...)
NOT-FOR-US: YzmCMS
-CVE-2022-23383
- RESERVED
+CVE-2022-23383 (YzmCMS v6.3 is affected by broken access control. Without
login, unaut ...)
+ TODO: check
CVE-2022-23382
RESERVED
CVE-2022-23381
@@ -9448,8 +9707,8 @@ CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in
Packagist yetiforce/yetiforc
NOT-FOR-US: yetiforce-crm
CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav
prior to ...)
NOT-FOR-US: Grav CMS
-CVE-2022-0267
- RESERVED
+CVE-2022-0267 (The AdRotate WordPress plugin before 5.8.22 does not sanitise
and esca ...)
+ TODO: check
CVE-2021-46399
RESERVED
CVE-2021-46398 (A Cross-Site Request Forgery vulnerability exists in
Filebrowser < ...)
@@ -10235,8 +10494,8 @@ CVE-2022-0207
- vdsm <itp> (bug #668538)
CVE-2022-0206 (The NewStatPress WordPress plugin before 1.3.6 does not
properly escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0205
- RESERVED
+CVE-2022-0205 (The YOP Poll WordPress plugin before 6.3.5 does not sanitise
and escap ...)
+ TODO: check
CVE-2022-0204 [Heap overflow vulnerability in the implementation of the gatt
protocol]
RESERVED
- bluez <unfixed> (bug #1003712)
@@ -10845,6 +11104,7 @@ CVE-2022-22943 (VMware Tools for Windows (11.x.y and
10.x.y prior to 12.0.0) con
NOT-FOR-US: VMware
CVE-2022-22942 [drm/vmwgfx: Fix stale file descriptors on failed usercopy]
RESERVED
+ {DSA-5092-1}
- linux 5.15.15-2
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/27/4
@@ -11103,8 +11363,8 @@ CVE-2022-0165
RESERVED
CVE-2022-0164 (The Coming soon and Maintenance mode WordPress plugin before
3.6.8 doe ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0163
- RESERVED
+CVE-2022-0163 (The Smart Forms WordPress plugin before 2.6.71 does not have
authorisa ...)
+ TODO: check
CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build
160325 ...)
NOT-FOR-US: TP-Link
CVE-2022-0161
@@ -12589,10 +12849,10 @@ CVE-2021-44452
RESERVED
CVE-2021-43352
RESERVED
-CVE-2021-4199
- RESERVED
-CVE-2021-4198
- RESERVED
+CVE-2021-4199 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
+ TODO: check
+CVE-2021-4198 (A NULL Pointer Dereference vulnerability in the
messaging_ipc.dll comp ...)
+ TODO: check
CVE-2021-31564
RESERVED
CVE-2021-23229
@@ -12947,8 +13207,8 @@ CVE-2022-22353
RESERVED
CVE-2022-22352
RESERVED
-CVE-2022-22351
- RESERVED
+CVE-2022-22351 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged trust ...)
+ TODO: check
CVE-2022-22350 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
NOT-FOR-US: IBM
CVE-2022-22349 (IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0,
and 6.0. ...)
@@ -14151,6 +14411,7 @@ CVE-2021-45845 (The Path Sanity Check script of FreeCAD
0.19 is vulnerable to OS
NOTE: Fixed by:
https://github.com/FreeCAD/FreeCAD/commit/a73f442f88725e08f36a3614e690bdef24c3dee3
(0.19.4)
NOTE: https://tracker.freecad.org/view.php?id=4810
CVE-2021-45844 (Improper sanitization in the invocation of ODA File Converter
from Fre ...)
+ {DLA-2934-1}
- freecad 0.19.4+dfsg1-1 (bug #1005747)
NOTE: Fixed by;
https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6
(master)
NOTE: Fxied by:
https://github.com/FreeCAD/FreeCAD/commit/ad6977f940d3e64d78a4367452d9a338ad43fa1c
(0.19.4)
@@ -19688,10 +19949,10 @@ CVE-2021-44218
RESERVED
CVE-2021-44217 (In Ericsson CodeChecker through 6.18.0, a Stored Cross-site
scripting ...)
NOT-FOR-US: Ericsson
-CVE-2021-44216
- RESERVED
-CVE-2021-44215
- RESERVED
+CVE-2021-44216 (Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x
before 3.18 ...)
+ TODO: check
+CVE-2021-44215 (Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has
Insecure Pe ...)
+ TODO: check
CVE-2021-44214
RESERVED
CVE-2021-44213
@@ -20409,6 +20670,7 @@ CVE-2021-43978 (Allegro WIndows 3.3.4152.0, embeds
software administrator databa
CVE-2021-43977 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803
allows X ...)
NOT-FOR-US: SmarterTools
CVE-2021-43976 (In the Linux kernel through 5.15.2, mwifiex_usb_recv in
drivers/net/wi ...)
+ {DSA-5092-1}
- linux 5.15.15-2
NOTE:
https://patchwork.kernel.org/project/linux-wireless/patch/yx4cqjfrcta6b...@zekuns-mbp-16.fios-router.home/
CVE-2021-43975 (In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait
in driver ...)
@@ -28264,8 +28526,8 @@ CVE-2021-42188
RESERVED
CVE-2021-42187
RESERVED
-CVE-2021-42186
- RESERVED
+CVE-2021-42186 (SAS Logon Manager v9.4 was discovered to contain a
vulnerability in th ...)
+ TODO: check
CVE-2021-42185
RESERVED
CVE-2021-42184
@@ -33524,8 +33786,7 @@ CVE-2021-40082
RESERVED
CVE-2021-40081
RESERVED
-CVE-2021-3739
- RESERVED
+CVE-2021-3739 (A NULL pointer dereference flaw was found in the
btrfs_rm_device funct ...)
{DSA-4978-1}
- linux 5.14.6-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -33580,42 +33841,42 @@ CVE-2021-40066 (The access controls on the Mobility
read-only API improperly val
NOT-FOR-US: Mobility
CVE-2021-40065
RESERVED
-CVE-2021-40064
- RESERVED
-CVE-2021-40063
- RESERVED
-CVE-2021-40062
- RESERVED
-CVE-2021-40061
- RESERVED
-CVE-2021-40060
- RESERVED
-CVE-2021-40059
- RESERVED
-CVE-2021-40058
- RESERVED
-CVE-2021-40057
- RESERVED
-CVE-2021-40056
- RESERVED
-CVE-2021-40055
- RESERVED
-CVE-2021-40054
- RESERVED
-CVE-2021-40053
- RESERVED
-CVE-2021-40052
- RESERVED
-CVE-2021-40051
- RESERVED
-CVE-2021-40050
- RESERVED
-CVE-2021-40049
- RESERVED
-CVE-2021-40048
- RESERVED
-CVE-2021-40047
- RESERVED
+CVE-2021-40064 (There is a heap-based buffer overflow vulnerability in system
componen ...)
+ TODO: check
+CVE-2021-40063 (There is an improper access control vulnerability in the video
module. ...)
+ TODO: check
+CVE-2021-40062 (There is a vulnerability of copying input buffer without
checking its ...)
+ TODO: check
+CVE-2021-40061 (There is a vulnerability of accessing resources using an
incompatible ...)
+ TODO: check
+CVE-2021-40060 (There is a heap-based buffer overflow vulnerability in the
video frame ...)
+ TODO: check
+CVE-2021-40059 (There is a permission control vulnerability in the Wi-Fi
module. Succe ...)
+ TODO: check
+CVE-2021-40058 (There is a heap-based buffer overflow vulnerability in the
video frame ...)
+ TODO: check
+CVE-2021-40057 (There is a heap-based and stack-based buffer overflow
vulnerability in ...)
+ TODO: check
+CVE-2021-40056 (There is a vulnerability of copying input buffer without
checking its ...)
+ TODO: check
+CVE-2021-40055 (There is a man-in-the-middle attack vulnerability during
system update ...)
+ TODO: check
+CVE-2021-40054 (There is an integer underflow vulnerability in the atcmdserver
module. ...)
+ TODO: check
+CVE-2021-40053 (There is a permission control vulnerability in the Nearby
module. Succ ...)
+ TODO: check
+CVE-2021-40052 (There is an incorrect buffer size calculation vulnerability in
the vid ...)
+ TODO: check
+CVE-2021-40051 (There is an unauthorized access vulnerability in system
components. Su ...)
+ TODO: check
+CVE-2021-40050 (There is an out-of-bounds read vulnerability in the IFAA
module. Succe ...)
+ TODO: check
+CVE-2021-40049 (There is a permission control vulnerability in the PMS module.
Success ...)
+ TODO: check
+CVE-2021-40048 (There is an incorrect buffer size calculation vulnerability in
the vid ...)
+ TODO: check
+CVE-2021-40047 (There is a vulnerability of memory not being released after
effective ...)
+ TODO: check
CVE-2021-40046 (PCManager versions 11.1.1.95 has a privilege escalation
vulnerability. ...)
NOT-FOR-US: Huawei
CVE-2021-40045 (There is a vulnerability of signature verification mechanism
failure i ...)
@@ -33686,7 +33947,7 @@ CVE-2021-40013
RESERVED
CVE-2021-40012
RESERVED
-CVE-2021-40011 (There is an Uncontrolled resource consumption vulnerability in
the dis ...)
+CVE-2021-40011 (There is an uncontrolled resource consumption vulnerability in
the dis ...)
NOT-FOR-US: Huawei
CVE-2021-40010 (The bone voice ID trusted application (TA) has a heap overflow
vulnera ...)
NOT-FOR-US: Huawei
@@ -34547,8 +34808,7 @@ CVE-2021-39617
RESERVED
CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-204686438 ...)
NOT-FOR-US: Android
-CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs]
- RESERVED
+CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An
attacker ...)
{DLA-2808-1}
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -34562,8 +34822,7 @@ CVE-2021-3733 [Denial of service when identifying
crafted invalid RFCs]
NOTE:
https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60
(3.8.10)
NOTE:
https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da
(3.7.11)
NOTE:
https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f
(3.6.14)
-CVE-2021-3732 [overlayfs: Mounting overlayfs inside an unprivileged user
namespace can reveal files]
- RESERVED
+CVE-2021-3732 (A security issue was found in Linux kernel’s OverlayFS
subsystem ...)
{DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
@@ -36197,10 +36456,10 @@ CVE-2021-38991 (IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1
could allow a non-privileged
NOT-FOR-US: IBM
CVE-2021-38990 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged
local user ...)
NOT-FOR-US: IBM
-CVE-2021-38989
- RESERVED
-CVE-2021-38988
- RESERVED
+CVE-2021-38989 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
+ TODO: check
+CVE-2021-38988 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
+ TODO: check
CVE-2021-38987
RESERVED
CVE-2021-38986 (IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate
session after ...)
@@ -40285,8 +40544,7 @@ CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and
7.10.4 before 7.10.4-rev18
NOT-FOR-US: OX App Suite
CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before
7.10.4-rev18 allows ...)
NOT-FOR-US: OX App Suite
-CVE-2021-3660
- RESERVED
+CVE-2021-3660 (Cockpit (and its plugins) do not seem to protect itself against
clickj ...)
- cockpit 254-1
[bullseye] - cockpit <ignored> (Minor issue)
[buster] - cockpit <ignored> (Minor issue)
@@ -53407,10 +53665,10 @@ CVE-2021-32008 (This issue affects: Secomea
GateManager Version 9.6.621421014 an
NOT-FOR-US: Secomea GateManager
CVE-2021-32007
RESERVED
-CVE-2021-32006
- RESERVED
-CVE-2021-32005
- RESERVED
+CVE-2021-32006 (This issue affects: Secomea GateManager Version 9.6.621421014
and all ...)
+ TODO: check
+CVE-2021-32005 (Cross-site Scripting (XSS) vulnerability in log view of
Secomea SiteMa ...)
+ TODO: check
CVE-2021-32004 (This issue affects: Secomea GateManager All versions prior to
9.6. Imp ...)
NOT-FOR-US: Secomea GateManager
CVE-2021-32003 (Unprotected Transport of Credentials vulnerability in
SiteManager prov ...)
@@ -71333,8 +71591,8 @@ CVE-2021-25100 (The GiveWP WordPress plugin before
2.17.3 does not escape the s
NOT-FOR-US: WordPress plugin
CVE-2021-25099 (The GiveWP WordPress plugin before 2.17.3 does not sanitise
and escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25098
- RESERVED
+CVE-2021-25098 (The Pricing Tables WordPress Plugin WordPress plugin before
3.1.3 does ...)
+ TODO: check
CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper
authori ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25096 (The IP2Location Country Blocker WordPress plugin before 2.26.5
bans ca ...)
@@ -71355,8 +71613,8 @@ CVE-2021-25089 (The UpdraftPlus WordPress Backup Plugin
WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2021-25088
RESERVED
-CVE-2021-25087
- RESERVED
+CVE-2021-25087 (The Download Manager WordPress plugin before 3.2.35 does not
have any ...)
+ TODO: check
CVE-2021-25086
RESERVED
CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and
escape ...)
@@ -71403,7 +71661,7 @@ CVE-2021-25065 (The Smash Balloon Social Post Feed
WordPress plugin before 4.1.1
NOT-FOR-US: WordPress plugin
CVE-2021-25064
RESERVED
-CVE-2021-25063 (The Contact Form 7 Skins WordPress plugin through 2.5.0 does
not sanit ...)
+CVE-2021-25063 (The Skins for Contact Form 7 WordPress plugin before 2.5.1
does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before
1.1.10 doe ...)
NOT-FOR-US: WordPress plugin
@@ -71451,10 +71709,10 @@ CVE-2021-25041 (The Photo Gallery by 10Web WordPress
plugin before 1.5.68 is vul
NOT-FOR-US: WordPress plugin
CVE-2021-25040 (The Booking Calendar WordPress plugin before 8.9.2 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25039
- RESERVED
-CVE-2021-25038
- RESERVED
+CVE-2021-25039 (The WordPress Multisite Content Copier/Updater WordPress
plugin before ...)
+ TODO: check
+CVE-2021-25038 (The WordPress Multisite User Sync/Unsync WordPress plugin
before 2.1.2 ...)
+ TODO: check
CVE-2021-25037 (The All in One SEO WordPress plugin before 4.1.5.3 is affected
by an a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25036 (The All in One SEO WordPress plugin before 4.1.5.3 is affected
by a Pr ...)
@@ -71511,8 +71769,8 @@ CVE-2021-25011 (The Maps Plugin using Google Maps for
WordPress plugin before 1.
NOT-FOR-US: WordPress plugin
CVE-2021-25010 (The Post Snippets WordPress plugin before 3.1.4 does not have
CSRF che ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25009
- RESERVED
+CVE-2021-25009 (The CorreosExpress WordPress plugin through 2.6.0 generates
log files ...)
+ TODO: check
CVE-2021-25008 (The Code Snippets WordPress plugin before 2.14.3 does not
escape the s ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25007
@@ -71607,10 +71865,10 @@ CVE-2021-24963 (The LiteSpeed Cache WordPress plugin
before 4.4.4 does not escap
NOT-FOR-US: WordPress plugin
CVE-2021-24962
RESERVED
-CVE-2021-24961
- RESERVED
-CVE-2021-24960
- RESERVED
+CVE-2021-24961 (The WordPress File Upload WordPress plugin before 4.16.3,
wordpress-fi ...)
+ TODO: check
+CVE-2021-24960 (The WordPress File Upload WordPress plugin before 4.16.3,
wordpress-fi ...)
+ TODO: check
CVE-2021-24959
RESERVED
CVE-2021-24958
@@ -71623,10 +71881,10 @@ CVE-2021-24955 (The User Registration, Login Form,
User Profile & Membership
NOT-FOR-US: WordPress plugin
CVE-2021-24954 (The User Registration, Login Form, User Profile &
Membership WordP ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24953
- RESERVED
-CVE-2021-24952
- RESERVED
+CVE-2021-24953 (The Advanced iFrame WordPress plugin before 2022 does not
sanitise and ...)
+ TODO: check
+CVE-2021-24952 (The Conversios.io WordPress plugin before 4.6.2 does not
sanitise, val ...)
+ TODO: check
CVE-2021-24951 (The LearnPress WordPress plugin before 4.1.4 does not
sanitise, valida ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24950
@@ -71877,19 +72135,19 @@ CVE-2021-24828 (The Mortgage Calculator / Loan
Calculator WordPress plugin befor
NOT-FOR-US: WordPress plugin
CVE-2021-24827 (The Asgaros Forum WordPress plugin before 1.15.13 does not
validate an ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24826
- RESERVED
-CVE-2021-24825
- RESERVED
-CVE-2021-24824
- RESERVED
+CVE-2021-24826 (The Custom Content Shortcode WordPress plugin before 4.0.2
does not es ...)
+ TODO: check
+CVE-2021-24825 (The Custom Content Shortcode WordPress plugin before 4.0.2
does not va ...)
+ TODO: check
+CVE-2021-24824 (The [field] shortcode included with the Custom Content
Shortcode WordP ...)
+ TODO: check
CVE-2021-24823 (The Support Board WordPress plugin before 3.3.6 does not have
any CSRF ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24822 (The Stylish Cost Calculator WordPress plugin before 7.0.4 does
not hav ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24821
- RESERVED
-CVE-2021-24820 (The Cost Calculator WordPress plugin through 1.4 allows users
with a r ...)
+CVE-2021-24821 (The Cost Calculator WordPress plugin before 1.6 allows users
with a ro ...)
+ TODO: check
+CVE-2021-24820 (The Cost Calculator WordPress plugin through 1.6 allows
authenticated ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24819 (The Page/Post Content Shortcode WordPress plugin through 1.0
does not ...)
NOT-FOR-US: WordPress plugin
@@ -71909,8 +72167,8 @@ CVE-2021-24812 (The BetterLinks WordPress plugin before
1.2.6 does not sanitise
NOT-FOR-US: WordPress plugin
CVE-2021-24811 (The Shop Page WP WordPress plugin before 1.2.8 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24810
- RESERVED
+CVE-2021-24810 (The WP Event Manager WordPress plugin before 3.1.23 does not
escape so ...)
+ TODO: check
CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does
not check ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24808 (The BP Better Messages WordPress plugin before 1.9.9.41
sanitise (with ...)
@@ -71973,10 +72231,10 @@ CVE-2021-24780 (The Single Post Exporter WordPress
plugin through 1.1.1 does not
NOT-FOR-US: WordPress plugin
CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its
update_setting ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24778
- RESERVED
-CVE-2021-24777
- RESERVED
+CVE-2021-24778 (The test parameter of the xmlfeed in the Tradetracker-Store
WordPress ...)
+ TODO: check
+CVE-2021-24777 (The view submission functionality in the Hotscot Contact Form
WordPres ...)
+ TODO: check
CVE-2021-24776 (The WP Performance Score Booster WordPress plugin before 2.1
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24775 (The Document Embedder WordPress plugin before 1.7.5 contains a
REST en ...)
@@ -73097,8 +73355,8 @@ CVE-2021-24218 (The wp_ajax_save_fbe_settings and
wp_ajax_delete_fbe_settings AJ
NOT-FOR-US: WordPress plugin
CVE-2021-24217 (The run_action function of the Facebook for WordPress plugin
before 3. ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24216
- RESERVED
+CVE-2021-24216 (The All-in-One WP Migration WordPress plugin before 7.41 does
not vali ...)
+ TODO: check
CVE-2021-24215 (An Improper Access Control vulnerability was discovered in the
Control ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24214 (The OpenID Connect Generic Client WordPress plugin 3.8.0 and
3.8.1 did ...)
@@ -127767,16 +128025,16 @@ CVE-2020-14117
RESERVED
CVE-2020-14116
RESERVED
-CVE-2020-14115
- RESERVED
+CVE-2020-14115 (A command injection vulnerability exists in the Xiaomi Router
AX3600. ...)
+ TODO: check
CVE-2020-14114
RESERVED
CVE-2020-14113
RESERVED
-CVE-2020-14112
- RESERVED
-CVE-2020-14111
- RESERVED
+CVE-2020-14112 (Information Leak Vulnerability exists in the Xiaomi Router
AX6000. The ...)
+ TODO: check
+CVE-2020-14111 (A command injection vulnerability exists in the Xiaomi Router
AX3600. ...)
+ TODO: check
CVE-2020-14110 (AX3600 router sensitive information leaked.There is an
unauthorized in ...)
NOT-FOR-US: AX3600 router
CVE-2020-14109 (There is command injection in the meshd program in the routing
system, ...)
@@ -233823,7 +234081,7 @@ CVE-2018-15503 (The unpack implementation in Swoole
version 4.0.4 lacks correct
CVE-2018-15502 (Insecure permissions in Lone Wolf Technologies loadingDOCS
2018-08-13 ...)
NOT-FOR-US: Lone Wolf Technologies loadingDOCS
CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6
and 0.27. ...)
- {DLA-1477-1}
+ {DLA-2936-1 DLA-1477-1}
- libgit2 0.27.4+dfsg.1-0.1 (low)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406
NOTE:
https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649
@@ -246286,11 +246544,11 @@ CVE-2018-10890 (A flaw was found in moodle before
versions 3.5.1, 3.4.4, 3.3.7,
CVE-2018-10889 (A flaw was found in moodle before versions 3.5.1, 3.4.4,
3.3.7. No opt ...)
- moodle <removed>
CVE-2018-10888 (A flaw was found in libgit2 before version 0.27.3. A missing
check in ...)
- {DLA-1477-1}
+ {DLA-2936-1 DLA-1477-1}
- libgit2 0.27.4+dfsg.1-0.1 (low; bug #903508)
NOTE:
https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3
CVE-2018-10887 (A flaw was found in libgit2 before version 0.27.3. It has been
discove ...)
- {DLA-1477-1}
+ {DLA-2936-1 DLA-1477-1}
- libgit2 0.27.4+dfsg.1-0.1 (low; bug #903509)
NOTE:
https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a
NOTE:
https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22
@@ -253390,11 +253648,13 @@ CVE-2018-8100 (The JPXStream::readTilePart function
in JPXStream.cc in xpdf 4.00
NOTE: src:xpdf switched to use system poppler libary in 3.02-3
NOTE: Reproducer correctly detected as broken with jessie's poppler
build
CVE-2018-8099 (Incorrect returning of an error code in the
index.c:read_entry() funct ...)
+ {DLA-2936-1}
[experimental] - libgit2 0.27.0+dfsg.1-0.1
- libgit2 0.27.0+dfsg.1-0.6 (low; bug #892962)
[jessie] - libgit2 <no-dsa> (Minor issue)
NOTE:
https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe
CVE-2018-8098 (Integer overflow in the index.c:read_entry() function while
decompress ...)
+ {DLA-2936-1}
[experimental] - libgit2 0.27.0+dfsg.1-0.1
- libgit2 0.27.0+dfsg.1-0.6 (low; bug #892961)
[jessie] - libgit2 <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74fdaa496d4bdf7dd7d17bda37f2b00a362170a4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74fdaa496d4bdf7dd7d17bda37f2b00a362170a4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
