Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
75777c21 by security tracker role at 2022-10-11T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,115 @@
+CVE-2022-42783
+ RESERVED
+CVE-2022-42782
+ RESERVED
+CVE-2022-42781
+ RESERVED
+CVE-2022-42780
+ RESERVED
+CVE-2022-42779
+ RESERVED
+CVE-2022-42778
+ RESERVED
+CVE-2022-42777
+ RESERVED
+CVE-2022-42776
+ RESERVED
+CVE-2022-42775
+ RESERVED
+CVE-2022-42774
+ RESERVED
+CVE-2022-42773
+ RESERVED
+CVE-2022-42772
+ RESERVED
+CVE-2022-42771
+ RESERVED
+CVE-2022-42770
+ RESERVED
+CVE-2022-42769
+ RESERVED
+CVE-2022-42768
+ RESERVED
+CVE-2022-42767
+ RESERVED
+CVE-2022-42766
+ RESERVED
+CVE-2022-42765
+ RESERVED
+CVE-2022-42764
+ RESERVED
+CVE-2022-42763
+ RESERVED
+CVE-2022-42762
+ RESERVED
+CVE-2022-42761
+ RESERVED
+CVE-2022-42760
+ RESERVED
+CVE-2022-42759
+ RESERVED
+CVE-2022-42758
+ RESERVED
+CVE-2022-42757
+ RESERVED
+CVE-2022-42756
+ RESERVED
+CVE-2022-42755
+ RESERVED
+CVE-2022-42754
+ RESERVED
+CVE-2022-42753
+ RESERVED
+CVE-2022-42752
+ RESERVED
+CVE-2022-42751
+ RESERVED
+CVE-2022-42750
+ RESERVED
+CVE-2022-42749
+ RESERVED
+CVE-2022-42748
+ RESERVED
+CVE-2022-42747
+ RESERVED
+CVE-2022-42746
+ RESERVED
+CVE-2022-42745
+ RESERVED
+CVE-2022-42744
+ RESERVED
+CVE-2022-42743
+ RESERVED
+CVE-2022-42742
+ RESERVED
+CVE-2022-42741
+ RESERVED
+CVE-2022-42740
+ RESERVED
+CVE-2022-42739
+ RESERVED
+CVE-2022-42738
+ RESERVED
+CVE-2022-42737
+ RESERVED
+CVE-2022-42736
+ RESERVED
+CVE-2022-41797
+ RESERVED
+CVE-2022-3451
+ RESERVED
+CVE-2022-3450
+ RESERVED
+CVE-2022-3449
+ RESERVED
+CVE-2022-3448
+ RESERVED
+CVE-2022-3447
+ RESERVED
+CVE-2022-3446
+ RESERVED
+CVE-2022-3445
+ RESERVED
CVE-2022-42735
RESERVED
CVE-2022-42734
@@ -506,8 +618,7 @@ CVE-2022-42499
RESERVED
CVE-2022-42498
RESERVED
-CVE-2022-3433
- RESERVED
+CVE-2022-3433 (The aeson library is not safe to use to consume untrusted JSON
input. ...)
- haskell-aeson 2.0.3.0-1 (bug #1009678)
[bullseye] - haskell-aeson <no-dsa> (Minor issue)
[buster] - haskell-aeson <no-dsa> (Minor issue)
@@ -2192,18 +2303,18 @@ CVE-2022-41751
RESERVED
CVE-2022-41750
RESERVED
-CVE-2022-41749
- RESERVED
-CVE-2022-41748
- RESERVED
-CVE-2022-41747
- RESERVED
-CVE-2022-41746
- RESERVED
-CVE-2022-41745
- RESERVED
-CVE-2022-41744
- RESERVED
+CVE-2022-41749 (An origin validation error vulnerability in Trend Micro Apex
One agent ...)
+ TODO: check
+CVE-2022-41748 (A registry permissions vulnerability in the Trend Micro Apex
One Data ...)
+ TODO: check
+CVE-2022-41747 (An improper certification validation vulnerability in Trend
Micro Apex ...)
+ TODO: check
+CVE-2022-41746 (A forced browsing vulnerability in Trend Micro Apex One could
allow an ...)
+ TODO: check
+CVE-2022-41745 (An Out-of-Bounds access vulnerability in Trend Micro Apex One
could al ...)
+ TODO: check
+CVE-2022-41744 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro
Apex One ...)
+ TODO: check
CVE-2022-41700
RESERVED
CVE-2022-41646
@@ -4682,8 +4793,8 @@ CVE-2022-3222 (Uncontrolled Recursion in GitHub
repository gpac/gpac prior to 2.
NOTE:
https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
CVE-2022-3221 (Cross-Site Request Forgery (CSRF) in GitHub repository
ikus060/rdiffwe ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-3220
- RESERVED
+CVE-2022-3220 (The Advanced Comment Form WordPress plugin before 1.2.1 does
not sanit ...)
+ TODO: check
CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL
pointer de ...)
NOT-FOR-US: Bento4
CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer
over-rea ...)
@@ -4959,12 +5070,12 @@ CVE-2022-37332
RESERVED
CVE-2022-32774
RESERVED
-CVE-2022-3209
- RESERVED
-CVE-2022-3208
- RESERVED
-CVE-2022-3207
- RESERVED
+CVE-2022-3209 (The soledad WordPress theme before 8.2.5 does not sanitise the
{id,dat ...)
+ TODO: check
+CVE-2022-3208 (The Simple File List WordPress plugin before 4.4.12 does not
implement ...)
+ TODO: check
+CVE-2022-3207 (The Simple File List WordPress plugin before 4.4.12 does not
sanitise ...)
+ TODO: check
CVE-2022-3206
RESERVED
CVE-2022-3205 (An XSS exists in automation controller UI where the project
name is su ...)
@@ -5843,8 +5954,8 @@ CVE-2022-40259
RESERVED
CVE-2022-40258
RESERVED
-CVE-2022-40257
- RESERVED
+CVE-2022-40257 (An HTML injection vulnerability exists in CERT/CC VINCE
software prior ...)
+ TODO: check
CVE-2022-40256
RESERVED
CVE-2022-40255
@@ -5861,8 +5972,8 @@ CVE-2022-40250 (An attacker can exploit this
vulnerability to elevate privileges
NOT-FOR-US: AMI
CVE-2022-40249
RESERVED
-CVE-2022-40248
- RESERVED
+CVE-2022-40248 (An HTML injection vulnerability exists in CERT/CC VINCE
software prior ...)
+ TODO: check
CVE-2022-40247
RESERVED
CVE-2022-40246 (A potential attacker can write one byte by arbitrary address
at the ti ...)
@@ -6121,8 +6232,8 @@ CVE-2022-3155
RESERVED
- thunderbird <not-affected> (Only affects MacOS)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-3155
-CVE-2022-3154
- RESERVED
+CVE-2022-3154 (The Woo Billingo Plus WordPress plugin before 4.4.5.4,
Integration for ...)
+ TODO: check
CVE-2022-3153 (NULL Pointer Dereference in GitHub repository vim/vim prior to
9.0.040 ...)
- vim 2:9.0.0626-1 (unimportant)
NOTE: https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a
@@ -6150,8 +6261,8 @@ CVE-2022-40140 (An origin validation error vulnerability
in Trend Micro Apex One
NOT-FOR-US: Trend Micro
CVE-2022-40139 (Improper validation of some components used by the rollback
mechanism ...)
NOT-FOR-US: Trend Micro
-CVE-2022-40138
- RESERVED
+CVE-2022-40138 (An integer conversion error in Hermes bytecode generation,
prior to co ...)
+ TODO: check
CVE-2022-40133 (A use-after-free(UAF) vulnerability was found in function
'vmw_execbuf ...)
- linux <unfixed>
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2075
@@ -6202,10 +6313,10 @@ CVE-2022-3139
RESERVED
CVE-2022-3138 (Cross-site Scripting (XSS) - Generic in GitHub repository
jgraph/drawi ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-3137
- RESERVED
-CVE-2022-3136
- RESERVED
+CVE-2022-3137 (The Taskbuilder WordPress plugin before 1.0.8 does not validate
and sa ...)
+ TODO: check
+CVE-2022-3136 (The Social Rocket WordPress plugin before 1.3.3 does not
sanitise and ...)
+ TODO: check
CVE-2022-40126 (A misconfiguration in the Service Mode profile directory of
Clash for ...)
NOT-FOR-US: Clash for Windows
CVE-2022-40125
@@ -8014,8 +8125,8 @@ CVE-2022-39289 (ZoneMinder is a free, open source
Closed-circuit television soft
NOTE:
https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
NOTE:
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488
NOTE: NOTE: Only supported for trusted users/behind auth, see
README.debian.security
-CVE-2022-39288
- RESERVED
+CVE-2022-39288 (fastify is a fast and low overhead web framework, for Node.js.
Affecte ...)
+ TODO: check
CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF)
protection mi ...)
NOT-FOR-US: tiny-csrf Nodejs module
CVE-2022-39286
@@ -9641,8 +9752,8 @@ CVE-2022-2982 (Use After Free in GitHub repository
vim/vim prior to 9.0.0260. ..
- vim 2:9.0.0626-1 (bug #1019590)
NOTE: https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be
NOTE:
https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420
(v9.0.0260)
-CVE-2022-2981
- RESERVED
+CVE-2022-2981 (The Download Monitor WordPress plugin before 4.5.98 does not
ensure th ...)
+ TODO: check
CVE-2022-2980 (NULL Pointer Dereference in GitHub repository vim/vim prior to
9.0.025 ...)
- vim 2:9.0.0626-1 (unimportant)
NOTE: https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea
@@ -9954,14 +10065,14 @@ CVE-2022-2931
CVE-2022-2930 (Unverified Password Change in GitHub repository
octoprint/octoprint pr ...)
- octoprint <itp> (bug #718591)
CVE-2022-2929 (In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 ->
4.1-ESV-R16-P1 ...)
- {DSA-5251-1}
+ {DSA-5251-1 DLA-3146-1}
- isc-dhcp 4.4.3-2.1 (bug #1021320)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1
NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/
NOTE: https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/
NOTE: https://kb.isc.org/docs/cve-2022-2929
CVE-2022-2928 (In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 ->
4.1-ESV-R16-P ...)
- {DSA-5251-1}
+ {DSA-5251-1 DLA-3146-1}
- isc-dhcp 4.4.3-2.1 (bug #1021320)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1
NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/
@@ -10653,8 +10764,8 @@ CVE-2022-38398 (Server-Side Request Forgery (SSRF)
vulnerability in Batik of Apa
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903462
CVE-2022-38397
RESERVED
-CVE-2022-2891
- RESERVED
+CVE-2022-2891 (The WP 2FA WordPress plugin before 2.3.0 uses comparison
operators tha ...)
+ TODO: check
CVE-2022-2890 (Cross-site Scripting (XSS) - Stored in GitHub repository
yetiforcecomp ...)
NOT-FOR-US: yetiforcecrm
CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225.
...)
@@ -11074,8 +11185,8 @@ CVE-2022-2825
RESERVED
CVE-2022-2824 (Improper Access Control in GitHub repository openemr/openemr
prior to ...)
NOT-FOR-US: OpenEMR
-CVE-2022-2823
- RESERVED
+CVE-2022-2823 (The Slider, Gallery, and Carousel by MetaSlider WordPress
plugin befor ...)
+ TODO: check
CVE-2022-2822 (An attacker can freely brute force username and password and
can takeo ...)
- octoprint <itp> (bug #718591)
CVE-2022-2821 (Missing Critical Step in Authentication in GitHub repository
namelessm ...)
@@ -12772,8 +12883,8 @@ CVE-2022-37618
RESERVED
CVE-2022-37617
RESERVED
-CVE-2022-37616
- RESERVED
+CVE-2022-37616 (A prototype pollution vulnerability exists in the function
copy in dom ...)
+ TODO: check
CVE-2022-37615
RESERVED
CVE-2022-37614
@@ -13547,8 +13658,8 @@ CVE-2022-2630
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
-CVE-2022-2629
- RESERVED
+CVE-2022-2629 (The Top Bar WordPress plugin before 3.0.4 does not sanitise and
escape ...)
+ TODO: check
CVE-2022-2628 (The DSGVO All in one for WP WordPress plugin before 4.2 does
not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2627
@@ -14719,8 +14830,8 @@ CVE-2022-2556 (The Mailchimp for WooCommerce WordPress
plugin before 2.7.2 has a
NOT-FOR-US: WordPress plugin
CVE-2022-2555 (The Yotpo Reviews for WooCommerce WordPress plugin through
2.0.4 lacks ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2554
- RESERVED
+CVE-2022-2554 (The Enable Media Replace WordPress plugin before 4.0.0 does not
ensure ...)
+ TODO: check
CVE-2022-2553 (The authfile directive in the booth config file is ignored,
preventing ...)
{DSA-5194-1}
- booth 1.0-268-gdce51f9-1
@@ -16717,8 +16828,8 @@ CVE-2022-2450
RESERVED
CVE-2022-2449
RESERVED
-CVE-2022-2448
- RESERVED
+CVE-2022-2448 (The reSmush.it WordPress plugin before 0.4.6 does not sanitise
and esc ...)
+ TODO: check
CVE-2022-2447 (A flaw was found in Keystone. There is a time lag (up to one
hour in a ...)
- python-keystonemiddleware 10.1.0-4 (bug #1021272)
[bullseye] - python-keystonemiddleware <no-dsa> (Minor issue)
@@ -16896,8 +17007,8 @@ CVE-2022-36065 (GrowthBook is an open-source platform
for feature flagging and A
NOT-FOR-US: GrowthBook
CVE-2022-36064 (Shescape is a shell escape package for JavaScript. An
Inefficient Regu ...)
NOT-FOR-US: Shescape
-CVE-2022-36063
- RESERVED
+CVE-2022-36063 (Azure RTOS USBx is a USB host, device, and on-the-go (OTG)
embedded st ...)
+ TODO: check
CVE-2022-36062 (Grafana is an open-source platform for monitoring and
observability. I ...)
- grafana <removed>
CVE-2022-36061 (Elrond go is the go implementation for the Elrond Network
protocol. In ...)
@@ -18604,8 +18715,8 @@ CVE-2022-2352 (The Post SMTP Mailer/Email Log WordPress
plugin before 2.1.7 does
NOT-FOR-US: WordPress plugin
CVE-2022-2351 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2350
- RESERVED
+CVE-2022-2350 (The Disable User Login WordPress plugin through 1.0.1 does not
have au ...)
+ TODO: check
CVE-2022-2349
RESERVED
CVE-2022-2348
@@ -18866,8 +18977,8 @@ CVE-2022-35291 (Due to misconfigured application
endpoints, SAP SuccessFactors a
NOT-FOR-US: SAP
CVE-2022-35290 (Under certain conditions SAP Authenticator for Android allows
an attac ...)
NOT-FOR-US: SAP
-CVE-2022-35289
- RESERVED
+CVE-2022-35289 (A write-what-where condition in hermes caused by an integer
overflow, ...)
+ TODO: check
CVE-2022-35288 (IBM Security Verify Information Queue 10.0.2 could allow a
user to obt ...)
NOT-FOR-US: IBM
CVE-2022-35287 (IBM Security Verify Information Queue 10.0.2 contains
hard-coded crede ...)
@@ -21386,8 +21497,8 @@ CVE-2022-34427
RESERVED
CVE-2022-34426
RESERVED
-CVE-2022-34425
- RESERVED
+CVE-2022-34425 (Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a
cryptographic key vu ...)
+ TODO: check
CVE-2022-34424 (Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x
contain a v ...)
NOT-FOR-US: Dell
CVE-2022-34423
@@ -21432,8 +21543,8 @@ CVE-2022-34404
RESERVED
CVE-2022-34403
RESERVED
-CVE-2022-34402
- RESERVED
+CVE-2022-34402 (Dell Wyse ThinOS 2205 contains a Regular Expression Denial of
Service ...)
+ TODO: check
CVE-2022-34401
RESERVED
CVE-2022-34400
@@ -21590,8 +21701,8 @@ CVE-2022-34336 (IBM WebSphere Application Server 7.0,
8.0, 8.5, and 9.0 is vulne
NOT-FOR-US: IBM
CVE-2022-34335
RESERVED
-CVE-2022-34334
- RESERVED
+CVE-2022-34334 (IBM Sterling Partner Engagement Manager 2.0 does not
invalidate sessio ...)
+ TODO: check
CVE-2022-34333
RESERVED
CVE-2022-34332
@@ -26939,8 +27050,8 @@ CVE-2022-1987 (Buffer Over-read in GitHub repository
bfabiszewski/libmobi prior
NOTE:
https://github.com/bfabiszewski/libmobi/commit/612562bc1ea38f1708b044e7a079c47a05b1291d
(v0.11)
CVE-2022-1986 (OS Command Injection in GitHub repository gogs/gogs prior to
0.12.9. ...)
NOT-FOR-US: Go Git Service
-CVE-2022-32234
- RESERVED
+CVE-2022-32234 (An out of bounds write in hermes, while handling large arrays,
prior t ...)
+ TODO: check
CVE-2022-30943 (Browsing restriction bypass vulnerability in Bulletin of
Cybozu Garoon ...)
NOT-FOR-US: Cybozu
CVE-2022-30602 (Operation restriction bypass in multiple applications of
Cybozu Garoon ...)
@@ -69197,8 +69308,8 @@ CVE-2022-20946
RESERVED
CVE-2022-20945 (A vulnerability in the 802.11 association frame validation of
Cisco Ca ...)
NOT-FOR-US: Cisco
-CVE-2022-20944
- RESERVED
+CVE-2022-20944 (A vulnerability in the software image verification
functionality of Ci ...)
+ TODO: check
CVE-2022-20943
RESERVED
CVE-2022-20942
@@ -69245,8 +69356,8 @@ CVE-2022-20922
RESERVED
CVE-2022-20921 (A vulnerability in the API implementation of Cisco ACI
Multi-Site Orch ...)
NOT-FOR-US: Cisco
-CVE-2022-20920
- RESERVED
+CVE-2022-20920 (A vulnerability in the SSH implementation of Cisco IOS
Software and Ci ...)
+ TODO: check
CVE-2022-20919 (A vulnerability in the processing of malformed Common
Industrial Proto ...)
NOT-FOR-US: Cisco
CVE-2022-20918
@@ -69255,8 +69366,8 @@ CVE-2022-20917
RESERVED
CVE-2022-20916 (A vulnerability in the web-based management interface of Cisco
IoT Con ...)
NOT-FOR-US: Cisco
-CVE-2022-20915
- RESERVED
+CVE-2022-20915 (A vulnerability in the implementation of IPv6 VPN over MPLS
(6VPE) wit ...)
+ TODO: check
CVE-2022-20914 (A vulnerability in the External RESTful Services (ERS) API of
Cisco Id ...)
NOT-FOR-US: Cisco
CVE-2022-20913 (A vulnerability in Cisco Nexus Dashboard could allow an
authenticated, ...)
@@ -69345,8 +69456,8 @@ CVE-2022-20872
RESERVED
CVE-2022-20871
RESERVED
-CVE-2022-20870
- RESERVED
+CVE-2022-20870 (A vulnerability in the egress MPLS packet processing function
of Cisco ...)
+ TODO: check
CVE-2022-20869 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
NOT-FOR-US: Cisco
CVE-2022-20868
@@ -69357,8 +69468,8 @@ CVE-2022-20866 (A vulnerability in the handling of RSA
keys on devices running C
NOT-FOR-US: Cisco
CVE-2022-20865 (A vulnerability in the CLI of Cisco FXOS Software could allow
an authe ...)
NOT-FOR-US: Cisco
-CVE-2022-20864
- RESERVED
+CVE-2022-20864 (A vulnerability in the password-recovery disable feature of
Cisco IOS ...)
+ TODO: check
CVE-2022-20863 (A vulnerability in the messaging interface of Cisco Webex App,
formerl ...)
NOT-FOR-US: Cisco
CVE-2022-20862 (A vulnerability in the web-based management interface of Cisco
Unified ...)
@@ -69411,8 +69522,8 @@ CVE-2022-20839
RESERVED
CVE-2022-20838
RESERVED
-CVE-2022-20837
- RESERVED
+CVE-2022-20837 (A vulnerability in the DNS application layer gateway (ALG)
functionali ...)
+ TODO: check
CVE-2022-20836
RESERVED
CVE-2022-20835
@@ -69425,8 +69536,8 @@ CVE-2022-20832
RESERVED
CVE-2022-20831
RESERVED
-CVE-2022-20830
- RESERVED
+CVE-2022-20830 (A vulnerability in authentication mechanism of Cisco
Software-Defined ...)
+ TODO: check
CVE-2022-20829 (A vulnerability in the packaging of Cisco Adaptive Security
Device Man ...)
NOT-FOR-US: Cisco
CVE-2022-20828 (A vulnerability in the CLI parser of Cisco FirePOWER Software
for Adap ...)
@@ -78705,6 +78816,7 @@ CVE-2021-3752 (A use-after-free flaw was found in the
Linux kernel’s Bluet
[bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4
CVE-2021-40330 (git_connect_git in connect.c in Git before 2.30.1 allows a
repository ...)
+ {DLA-3145-1}
- git 1:2.30.1-1
[bullseye] - git <no-dsa> (Minor issue)
[stretch] - git <no-dsa> (Minor issue)
@@ -91406,8 +91518,8 @@ CVE-2021-35228 (This vulnerability occurred due to
missing input sanitization fo
NOT-FOR-US: Solarwinds
CVE-2021-35227 (The HTTP interface was enabled for RabbitMQ Plugin in ARM
2020.2.6 and ...)
NOT-FOR-US: Solarwinds
-CVE-2021-35226
- RESERVED
+CVE-2021-35226 (An entity in Network Configuration Manager product is
misconfigured an ...)
+ TODO: check
CVE-2021-35225 (Each authenticated Orion Platform user in a MSP (Managed
Service Provi ...)
NOT-FOR-US: Solarwinds
CVE-2021-35224
@@ -117616,8 +117728,8 @@ CVE-2021-25046 (The Modern Events Calendar Lite
WordPress plugin before 6.2.0 al
NOT-FOR-US: WordPress plugin
CVE-2021-25045 (The Asgaros Forum WordPress plugin before 1.15.15 does not
validate or ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25044
- RESERVED
+CVE-2021-25044 (The Cryptocurrency Pricing list and Ticker WordPress plugin
through 1. ...)
+ TODO: check
CVE-2021-25043 (The WOOCS WordPress plugin before 1.3.7.3 does not sanitise
and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25042 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin
before ...)
@@ -127722,6 +127834,7 @@ CVE-2021-21302 (PrestaShop is a fully scalable open
source e-commerce solution.
CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS
(iPhone ...)
NOT-FOR-US: Wire
CVE-2021-21300 (Git is an open-source distributed revision control system. In
affected ...)
+ {DLA-3145-1}
- git 1:2.30.2-1 (bug #985120)
[stretch] - git <no-dsa> (Minor issue)
NOTE:
https://lore.kernel.org/git/[email protected]/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75777c210d5b135313fcd52c29670a774463a05e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75777c210d5b135313fcd52c29670a774463a05e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
