[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 8 20:10:24 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
10259a36 by security tracker role at 2021-11-08T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-3935
+ RESERVED
+CVE-2021-3934
+ RESERVED
+CVE-2021-3933
+ RESERVED
CVE-2021-43521
RESERVED
CVE-2021-43520
@@ -2660,8 +2666,8 @@ CVE-2021-42771 (Babel.Locale in Babel before 2.9.1 allows attackers to load arbi
- python-babel 2.8.0+dfsg.1-7 (bug #987824)
NOTE: https://www.tenable.com/security/research/tra-2021-14
NOTE: https://github.com/python-babel/babel/pull/782
-CVE-2021-42770
- RESERVED
+CVE-2021-42770 (A Cross-site scripting (XSS) vulnerability was discovered in OPNsense ...)
+ TODO: check
CVE-2021-42769
RESERVED
CVE-2021-42768
@@ -6303,8 +6309,8 @@ CVE-2021-41735
RESERVED
CVE-2021-41734
RESERVED
-CVE-2021-41733
- RESERVED
+CVE-2021-41733 (Oppia 3.1.4 does not verify that certain URLs are valid before navigat ...)
+ TODO: check
CVE-2021-41732 (** DISPUTED ** An issue was discovered in zeek version 4.1.0. There is ...)
- zeek <unfixed> (unimportant)
NOTE: https://github.com/zeek/zeek/issues/1798
@@ -8945,8 +8951,8 @@ CVE-2021-40579
RESERVED
CVE-2021-40578
RESERVED
-CVE-2021-40577
- RESERVED
+CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+ TODO: check
CVE-2021-40576
RESERVED
CVE-2021-40575
@@ -11636,8 +11642,8 @@ CVE-2021-39422
RESERVED
CVE-2021-39421
RESERVED
-CVE-2021-39420
- RESERVED
+CVE-2021-39420 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0. ...)
+ TODO: check
CVE-2021-39419
RESERVED
CVE-2021-39418
@@ -12349,8 +12355,8 @@ CVE-2021-39184 (Electron is a framework for writing cross-platform desktop appli
- electron <itp> (bug #842420)
CVE-2021-39183
RESERVED
-CVE-2021-39182
- RESERVED
+CVE-2021-39182 (EnroCrypt is a Python module for encryption and hashing. Prior to vers ...)
+ TODO: check
CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior to ver ...)
NOT-FOR-US: OpenOlat
CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A path trave ...)
@@ -15621,8 +15627,8 @@ CVE-2021-37852
RESERVED
CVE-2021-37851
RESERVED
-CVE-2021-37850
- RESERVED
+CVE-2021-37850 (ESET was made aware of a vulnerability in its consumer and business pr ...)
+ TODO: check
CVE-2021-37849
RESERVED
CVE-2021-37848 (common/password.c in Pengutronix barebox through 2021.07.0 leaks timin ...)
@@ -28420,12 +28426,12 @@ CVE-2021-32485 (In modem 2G RRM, there is a possible system crash due to a heap
NOT-FOR-US: modem 2G RRM
CVE-2021-32484 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...)
NOT-FOR-US: modem 2G RRM
-CVE-2021-32483
- RESERVED
-CVE-2021-32482
- RESERVED
-CVE-2021-32481
- RESERVED
+CVE-2021-32483 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...)
+ TODO: check
+CVE-2021-32482 (Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the ...)
+ TODO: check
+CVE-2021-32481 (Cloudera Hue 4.6.0 allows XSS via the type parameter. ...)
+ TODO: check
CVE-2021-32480
RESERVED
CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17 ...)
@@ -34690,8 +34696,8 @@ CVE-2021-30134
RESERVED
CVE-2021-30133 (A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, C ...)
NOT-FOR-US: CloverDX
-CVE-2021-30132
- RESERVED
+CVE-2021-30132 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...)
+ TODO: check
CVE-2021-30131
RESERVED
CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...)
@@ -35007,8 +35013,8 @@ CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command exec
NOT-FOR-US: marktext
CVE-2021-29995 (A Cross Site Request Forgery (CSRF) issue in Server Console in CloverD ...)
NOT-FOR-US: CloverDX
-CVE-2021-29994
- RESERVED
+CVE-2021-29994 (Cloudera Hue 4.6.0 allows XSS. ...)
+ TODO: check
CVE-2021-29993 (Firefox for Android allowed navigations through the `intent://` protoc ...)
- firefox <not-affected> (Specific to Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-29993
@@ -35480,8 +35486,8 @@ CVE-2021-29845
RESERVED
CVE-2021-29844 (IBM Jazz Team Server products is vulnerable to server-side request for ...)
NOT-FOR-US: IBM
-CVE-2021-29843
- RESERVED
+CVE-2021-29843 (IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial o ...)
+ TODO: check
CVE-2021-29842 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0 ...)
NOT-FOR-US: IBM
CVE-2021-29841 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...)
@@ -35696,8 +35702,8 @@ CVE-2021-29737 (IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Informa
NOT-FOR-US: IBM
CVE-2021-29736 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
NOT-FOR-US: IBM
-CVE-2021-29735
- RESERVED
+CVE-2021-29735 (IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulner ...)
+ TODO: check
CVE-2021-29734
RESERVED
CVE-2021-29733
@@ -36998,8 +37004,8 @@ CVE-2021-29245 (BTCPay Server through 1.0.7.0 uses a weak method Next to produce
NOT-FOR-US: BTCPay Server
CVE-2021-29244
RESERVED
-CVE-2021-29243
- RESERVED
+CVE-2021-29243 (Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. ...)
+ TODO: check
CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper input vali ...)
NOT-FOR-US: CODESYS Control Runtime
CVE-2021-29241 (CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer dereference that ...)
@@ -40018,12 +40024,12 @@ CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl
- jpeg-xl <itp> (bug #948862)
CVE-2021-28025
RESERVED
-CVE-2021-28024
- RESERVED
-CVE-2021-28023
- RESERVED
-CVE-2021-28022
- RESERVED
+CVE-2021-28024 (Unauthorized system access in the login form in ServiceTonic Helpdesk ...)
+ TODO: check
+CVE-2021-28023 (Arbitrary file upload in Service import feature in ServiceTonic Helpde ...)
+ TODO: check
+CVE-2021-28022 (Blind SQL injection in the login form in ServiceTonic Helpdesk softwar ...)
+ TODO: check
CVE-2021-28021 (Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...)
- libstb <undetermined>
NOTE: https://github.com/nothings/stb/issues/1108
@@ -44978,8 +44984,8 @@ CVE-2021-25981
RESERVED
CVE-2021-25980
RESERVED
-CVE-2021-25979
- RESERVED
+CVE-2021-25979 (Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insuffi ...)
+ TODO: check
CVE-2021-25978 (Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stor ...)
NOT-FOR-US: Apostrophe CMS
CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS du ...)
@@ -47852,16 +47858,16 @@ CVE-2021-24846
RESERVED
CVE-2021-24845
RESERVED
-CVE-2021-24844
- RESERVED
+CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...)
+ TODO: check
CVE-2021-24843
RESERVED
CVE-2021-24842
RESERVED
CVE-2021-24841
RESERVED
-CVE-2021-24840
- RESERVED
+CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...)
+ TODO: check
CVE-2021-24839
RESERVED
CVE-2021-24838
@@ -47870,24 +47876,24 @@ CVE-2021-24837
RESERVED
CVE-2021-24836
RESERVED
-CVE-2021-24835
- RESERVED
+CVE-2021-24835 (The WCFM – Frontend Manager for WooCommerce along with Bookings ...)
+ TODO: check
CVE-2021-24834
RESERVED
CVE-2021-24833
RESERVED
-CVE-2021-24832
- RESERVED
+CVE-2021-24832 (The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CS ...)
+ TODO: check
CVE-2021-24831
RESERVED
CVE-2021-24830
RESERVED
-CVE-2021-24829
- RESERVED
+CVE-2021-24829 (The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 d ...)
+ TODO: check
CVE-2021-24828
RESERVED
-CVE-2021-24827
- RESERVED
+CVE-2021-24827 (The Asgaros Forum WordPress plugin before 1.15.13 does not validate an ...)
+ TODO: check
CVE-2021-24826
RESERVED
CVE-2021-24825
@@ -47908,8 +47914,8 @@ CVE-2021-24818
RESERVED
CVE-2021-24817
RESERVED
-CVE-2021-24816
- RESERVED
+CVE-2021-24816 (The Phoenix Media Rename WordPress plugin before 3.4.4 does not have c ...)
+ TODO: check
CVE-2021-24815
RESERVED
CVE-2021-24814
@@ -47926,10 +47932,10 @@ CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does not
NOT-FOR-US: WordPress plugin
CVE-2021-24808 (The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24807
- RESERVED
-CVE-2021-24806
- RESERVED
+CVE-2021-24807 (The Support Board WordPress plugin before 3.3.5 allows Authenticated ( ...)
+ TODO: check
+CVE-2021-24806 (The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when ad ...)
+ TODO: check
CVE-2021-24805
RESERVED
CVE-2021-24804
@@ -47938,14 +47944,14 @@ CVE-2021-24803
RESERVED
CVE-2021-24802
RESERVED
-CVE-2021-24801
- RESERVED
+CVE-2021-24801 (The WP Survey Plus WordPress plugin through 1.0 does not have any auth ...)
+ TODO: check
CVE-2021-24800
RESERVED
CVE-2021-24799 (The Far Future Expiry Header WordPress plugin before 1.5 does not have ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24798
- RESERVED
+CVE-2021-24798 (The WP Header Images WordPress plugin before 2.0.1 does not sanitise a ...)
+ TODO: check
CVE-2021-24797
RESERVED
CVE-2021-24796
@@ -47958,14 +47964,14 @@ CVE-2021-24793 (The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 do
NOT-FOR-US: WordPress plugin
CVE-2021-24792
RESERVED
-CVE-2021-24791
- RESERVED
+CVE-2021-24791 (The Header Footer Code Manager WordPress plugin before 1.1.14 does not ...)
+ TODO: check
CVE-2021-24790
RESERVED
CVE-2021-24789 (The Flat Preloader WordPress plugin before 1.5.5 does not escape some ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24788
- RESERVED
+CVE-2021-24788 (The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actio ...)
+ TODO: check
CVE-2021-24787
RESERVED
CVE-2021-24786
@@ -47974,8 +47980,8 @@ CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitis
NOT-FOR-US: WordPress plugin
CVE-2021-24784
RESERVED
-CVE-2021-24783
- RESERVED
+CVE-2021-24783 (The Post Expirator WordPress plugin before 2.6.0 does not have proper ...)
+ TODO: check
CVE-2021-24782
RESERVED
CVE-2021-24781 (The Image Source Control WordPress plugin before 2.3.1 allows users wi ...)
@@ -48006,10 +48012,10 @@ CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does
NOT-FOR-US: WordPress plugin
CVE-2021-24768
RESERVED
-CVE-2021-24767
- RESERVED
-CVE-2021-24766
- RESERVED
+CVE-2021-24767 (The Redirect 404 Error Page to Homepage or Custom Page with Logs WordP ...)
+ TODO: check
+CVE-2021-24766 (The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress p ...)
+ TODO: check
CVE-2021-24765
RESERVED
CVE-2021-24764
@@ -48078,8 +48084,8 @@ CVE-2021-24733
RESERVED
CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plu ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24731
- RESERVED
+CVE-2021-24731 (The Registration Forms – User profile, Content Restriction, Spam ...)
+ TODO: check
CVE-2021-24730
RESERVED
CVE-2021-24729
@@ -48096,10 +48102,10 @@ CVE-2021-24724 (The Timetable and Event Schedule by MotoPress WordPress plugin b
NOT-FOR-US: WordPress plugin
CVE-2021-24723 (The WP Reactions Lite WordPress plugin before 1.3.6 does not properly ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24722 (The Restaurant Menu by MotoPress WordPress plugin through 2.4.0 does n ...)
+CVE-2021-24722 (The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24721
- RESERVED
+CVE-2021-24721 (The Loco Translate WordPress plugin before 2.5.4 mishandles data input ...)
+ TODO: check
CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 wa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Refle ...)
@@ -48120,16 +48126,16 @@ CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17 does
NOT-FOR-US: WordPress plugin
CVE-2021-24711 (The del_reistered_domains AJAX action of the Software License Manager ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24710
- RESERVED
+CVE-2021-24710 (The Print-O-Matic WordPress plugin before 2.0.3 does not escape some o ...)
+ TODO: check
CVE-2021-24709 (The Weather Effect WordPress plugin before 1.3.6 does not properly val ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24708
- RESERVED
+CVE-2021-24708 (The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 ...)
+ TODO: check
CVE-2021-24707
RESERVED
-CVE-2021-24706
- RESERVED
+CVE-2021-24706 (The Qwizcards – online quizzes and flashcards WordPress plugin b ...)
+ TODO: check
CVE-2021-24705
RESERVED
CVE-2021-24704
@@ -48138,24 +48144,24 @@ CVE-2021-24703
RESERVED
CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not properly sanit ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24701
- RESERVED
+CVE-2021-24701 (The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize m ...)
+ TODO: check
CVE-2021-24700
RESERVED
CVE-2021-24699 (The Easy Media Download WordPress plugin before 1.1.7 does not escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24698
- RESERVED
-CVE-2021-24697
- RESERVED
+CVE-2021-24698 (The Simple Download Monitor WordPress plugin before 3.9.6 allows users ...)
+ TODO: check
+CVE-2021-24697 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...)
+ TODO: check
CVE-2021-24696
RESERVED
-CVE-2021-24695
- RESERVED
+CVE-2021-24695 (The Simple Download Monitor WordPress plugin before 3.9.6 saves logs i ...)
+ TODO: check
CVE-2021-24694
RESERVED
-CVE-2021-24693
- RESERVED
+CVE-2021-24693 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...)
+ TODO: check
CVE-2021-24692
RESERVED
CVE-2021-24691 (The Quiz And Survey Master WordPress plugin before 7.3.2 does not esca ...)
@@ -48192,8 +48198,8 @@ CVE-2021-24676 (The Better Find and Replace WordPress plugin before 1.2.9 does n
NOT-FOR-US: WordPress plugin
CVE-2021-24675 (The One User Avatar WordPress plugin before 2.3.7 does not check for C ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24674
- RESERVED
+CVE-2021-24674 (The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF ...)
+ TODO: check
CVE-2021-24673 (The Appointment Hour Booking WordPress plugin before 1.3.16 does not e ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24672 (The One User Avatar WordPress plugin before 2.3.7 does not escape the ...)
@@ -48202,8 +48208,8 @@ CVE-2021-24671 (The MX Time Zone Clocks WordPress plugin before 3.4.1 does not e
NOT-FOR-US: WordPress plugin
CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape some short ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24669
- RESERVED
+CVE-2021-24669 (The MAZ Loader – Preloader Builder for WordPress plugin before 1 ...)
+ TODO: check
CVE-2021-24668
RESERVED
CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered in : S ...)
@@ -48212,8 +48218,8 @@ CVE-2021-24666 (The Podlove Podcast Publisher WordPress plugin before 3.5.6 cont
NOT-FOR-US: WordPress plugin
CVE-2021-24665 (The WP Video Lightbox WordPress plugin before 1.9.3 does not escape th ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24664
- RESERVED
+CVE-2021-24664 (The School Management System – WPSchoolPress WordPress plugin be ...)
+ TODO: check
CVE-2021-24663 (The Simple Schools Staff Directory WordPress plugin through 1.1 does n ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24662 (The Game Server Status WordPress plugin through 1.0 does not validate ...)
@@ -48246,12 +48252,12 @@ CVE-2021-24649
RESERVED
CVE-2021-24648
RESERVED
-CVE-2021-24647
- RESERVED
-CVE-2021-24646
- RESERVED
-CVE-2021-24645
- RESERVED
+CVE-2021-24647 (The Registration Forms – User profile, Content Restriction, Spam ...)
+ TODO: check
+CVE-2021-24646 (The Booking.com Banner Creator WordPress plugin through 1.4.2 does not ...)
+ TODO: check
+CVE-2021-24645 (The Booking.com Product Helper WordPress plugin through 1.0.1 does not ...)
+ TODO: check
CVE-2021-24644
RESERVED
CVE-2021-24643 (The WP Map Block WordPress plugin before 1.2.3 does not escape some at ...)
@@ -48278,20 +48284,20 @@ CVE-2021-24633 (The Countdown Block WordPress plugin before 1.1.2 does not have
NOT-FOR-US: WordPress plugin
CVE-2021-24632 (The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24631
- RESERVED
-CVE-2021-24630
- RESERVED
-CVE-2021-24629
- RESERVED
-CVE-2021-24628
- RESERVED
-CVE-2021-24627
- RESERVED
-CVE-2021-24626
- RESERVED
-CVE-2021-24625
- RESERVED
+CVE-2021-24631 (The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise ...)
+ TODO: check
+CVE-2021-24630 (The Schreikasten WordPress plugin through 0.14.18 does not sanitise or ...)
+ TODO: check
+CVE-2021-24629 (The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise ...)
+ TODO: check
+CVE-2021-24628 (The Wow Forms WordPress plugin through 3.1.3 does not sanitise or esca ...)
+ TODO: check
+CVE-2021-24627 (The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise ...)
+ TODO: check
+CVE-2021-24626 (The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF ...)
+ TODO: check
+CVE-2021-24625 (The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or ...)
+ TODO: check
CVE-2021-24624 (The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress ...)
@@ -48308,8 +48314,8 @@ CVE-2021-24618 (The Donate With QRCode WordPress plugin before 1.4.5 does not sa
NOT-FOR-US: WordPress plugin
CVE-2021-24617 (The GamePress WordPress plugin through 1.1.0 does not escape the op_ed ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24616
- RESERVED
+CVE-2021-24616 (The AddToAny Share Buttons WordPress plugin before 1.7.48 does not esc ...)
+ TODO: check
CVE-2021-24615 (The Wechat Reward WordPress plugin through 1.7 does not sanitise or es ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24614 (The Book appointment online WordPress plugin before 1.39 does not sani ...)
@@ -48326,8 +48332,8 @@ CVE-2021-24609 (The WP Mapa Politico Espana WordPress plugin before 3.7.0 does n
NOT-FOR-US: WordPress plugin
CVE-2021-24608 (The Formidable Form Builder – Contact Form, Survey & Quiz Fo ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24607
- RESERVED
+CVE-2021-24607 (The Storefront Footer Text WordPress plugin through 1.0.1 does not san ...)
+ TODO: check
CVE-2021-24606 (The Availability Calendar WordPress plugin before 1.2.1 does not escap ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24605 (The create_post_page AJAX action of the Custom Post View Generator Wor ...)
@@ -48352,8 +48358,8 @@ CVE-2021-24596 (The youForms for WordPress plugin through 1.0.5 does not sanitis
NOT-FOR-US: WordPress plugin
CVE-2021-24595 (The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSR ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24594
- RESERVED
+CVE-2021-24594 (The Translate WordPress – Google Language Translator WordPress p ...)
+ TODO: check
CVE-2021-24593 (The Business Hours Indicator WordPress plugin before 2.3.5 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24592 (The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise s ...)
@@ -48390,8 +48396,8 @@ CVE-2021-24577 (The Coming soon and Maintenance mode WordPress plugin before 3.5
NOT-FOR-US: WordPress plugin
CVE-2021-24576 (The Easy Accordion WordPress plugin before 2.0.22 does not properly sa ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24575
- RESERVED
+CVE-2021-24575 (The School Management System – WPSchoolPress WordPress plugin be ...)
+ TODO: check
CVE-2021-24574 (The Simple Banner WordPress plugin before 2.10.4 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24573
@@ -48466,8 +48472,8 @@ CVE-2021-24539 (The Coming Soon, Under Construction & Maintenance Mode By Da
NOT-FOR-US: WordPress plugin
CVE-2021-24538 (The Current Book WordPress plugin through 1.0.1 does not sanitize user ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24537
- RESERVED
+CVE-2021-24537 (The Similar Posts WordPress plugin through 3.1.5 allow high privilege ...)
+ TODO: check
CVE-2021-24536 (The Custom Login Redirect WordPress plugin through 1.0.0 does not have ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24535 (The Light Messages WordPress plugin through 1.0 is lacking CSRF check ...)
@@ -54178,8 +54184,8 @@ CVE-2021-22053
RESERVED
CVE-2021-22052
RESERVED
-CVE-2021-22051
- RESERVED
+CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...)
+ TODO: check
CVE-2021-22050
RESERVED
CVE-2021-22049
@@ -130507,8 +130513,8 @@ CVE-2020-4162 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to
NOT-FOR-US: IBM
CVE-2020-4161 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
NOT-FOR-US: IBM
-CVE-2020-4160
- RESERVED
+CVE-2020-4160 (IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attac ...)
+ TODO: check
CVE-2020-4159
RESERVED
CVE-2020-4158
@@ -130521,10 +130527,10 @@ CVE-2020-4155
RESERVED
CVE-2020-4154
RESERVED
-CVE-2020-4153
- RESERVED
-CVE-2020-4152
- RESERVED
+CVE-2020-4153 (IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-sit ...)
+ TODO: check
+CVE-2020-4152 (IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or sec ...)
+ TODO: check
CVE-2020-4151 (IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attac ...)
NOT-FOR-US: IBM
CVE-2020-4150
@@ -132735,7 +132741,7 @@ CVE-2019-19812
RESERVED
CVE-2019-19811
RESERVED
-CVE-2019-19810 (Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Jav ...)
+CVE-2019-19810 (Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserializ ...)
NOT-FOR-US: Zoom
CVE-2019-19809
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10259a36e09c76621f797ddbb88129327ee30e3c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10259a36e09c76621f797ddbb88129327ee30e3c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211108/b35d7c5d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list