[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 11 21:10:31 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8bfe8d58 by security tracker role at 2021-10-11T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,221 @@
+CVE-2021-42255
+ RESERVED
+CVE-2021-42254
+ RESERVED
+CVE-2021-42253
+ RESERVED
+CVE-2021-42252 (An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/ ...)
+ TODO: check
+CVE-2021-42251
+ RESERVED
+CVE-2021-42250
+ RESERVED
+CVE-2021-42249
+ RESERVED
+CVE-2021-42248
+ RESERVED
+CVE-2021-42247
+ RESERVED
+CVE-2021-42246
+ RESERVED
+CVE-2021-42245
+ RESERVED
+CVE-2021-42244
+ RESERVED
+CVE-2021-42243
+ RESERVED
+CVE-2021-42242
+ RESERVED
+CVE-2021-42241
+ RESERVED
+CVE-2021-42240
+ RESERVED
+CVE-2021-42239
+ RESERVED
+CVE-2021-42238
+ RESERVED
+CVE-2021-42237
+ RESERVED
+CVE-2021-42236
+ RESERVED
+CVE-2021-42235
+ RESERVED
+CVE-2021-42234
+ RESERVED
+CVE-2021-42233
+ RESERVED
+CVE-2021-42232
+ RESERVED
+CVE-2021-42231
+ RESERVED
+CVE-2021-42230
+ RESERVED
+CVE-2021-42229
+ RESERVED
+CVE-2021-42228
+ RESERVED
+CVE-2021-42227
+ RESERVED
+CVE-2021-42226
+ RESERVED
+CVE-2021-42225
+ RESERVED
+CVE-2021-42224
+ RESERVED
+CVE-2021-42223
+ RESERVED
+CVE-2021-42222
+ RESERVED
+CVE-2021-42221
+ RESERVED
+CVE-2021-42220
+ RESERVED
+CVE-2021-42219
+ RESERVED
+CVE-2021-42218
+ RESERVED
+CVE-2021-42217
+ RESERVED
+CVE-2021-42216
+ RESERVED
+CVE-2021-42215
+ RESERVED
+CVE-2021-42214
+ RESERVED
+CVE-2021-42213
+ RESERVED
+CVE-2021-42212
+ RESERVED
+CVE-2021-42211
+ RESERVED
+CVE-2021-42210
+ RESERVED
+CVE-2021-42209
+ RESERVED
+CVE-2021-42208
+ RESERVED
+CVE-2021-42207
+ RESERVED
+CVE-2021-42206
+ RESERVED
+CVE-2021-42205
+ RESERVED
+CVE-2021-42204
+ RESERVED
+CVE-2021-42203
+ RESERVED
+CVE-2021-42202
+ RESERVED
+CVE-2021-42201
+ RESERVED
+CVE-2021-42200
+ RESERVED
+CVE-2021-42199
+ RESERVED
+CVE-2021-42198
+ RESERVED
+CVE-2021-42197
+ RESERVED
+CVE-2021-42196
+ RESERVED
+CVE-2021-42195
+ RESERVED
+CVE-2021-42194
+ RESERVED
+CVE-2021-42193
+ RESERVED
+CVE-2021-42192
+ RESERVED
+CVE-2021-42191
+ RESERVED
+CVE-2021-42190
+ RESERVED
+CVE-2021-42189
+ RESERVED
+CVE-2021-42188
+ RESERVED
+CVE-2021-42187
+ RESERVED
+CVE-2021-42186
+ RESERVED
+CVE-2021-42185
+ RESERVED
+CVE-2021-42184
+ RESERVED
+CVE-2021-42183
+ RESERVED
+CVE-2021-42182
+ RESERVED
+CVE-2021-42181
+ RESERVED
+CVE-2021-42180
+ RESERVED
+CVE-2021-42179
+ RESERVED
+CVE-2021-42178
+ RESERVED
+CVE-2021-42177
+ RESERVED
+CVE-2021-42176
+ RESERVED
+CVE-2021-42175
+ RESERVED
+CVE-2021-42174
+ RESERVED
+CVE-2021-42173
+ RESERVED
+CVE-2021-42172
+ RESERVED
+CVE-2021-42171
+ RESERVED
+CVE-2021-42170
+ RESERVED
+CVE-2021-42169
+ RESERVED
+CVE-2021-42168
+ RESERVED
+CVE-2021-42167
+ RESERVED
+CVE-2021-42166
+ RESERVED
+CVE-2021-42165
+ RESERVED
+CVE-2021-42164
+ RESERVED
+CVE-2021-42163
+ RESERVED
+CVE-2021-42162
+ RESERVED
+CVE-2021-42161
+ RESERVED
+CVE-2021-42160
+ RESERVED
+CVE-2021-42159
+ RESERVED
+CVE-2021-42158
+ RESERVED
+CVE-2021-42157
+ RESERVED
+CVE-2021-42156
+ RESERVED
+CVE-2021-42155
+ RESERVED
+CVE-2021-42154
+ RESERVED
+CVE-2021-42153
+ RESERVED
+CVE-2021-42152
+ RESERVED
+CVE-2021-42151
+ RESERVED
+CVE-2021-42150
+ RESERVED
+CVE-2021-42149
+ RESERVED
+CVE-2021-42148
+ RESERVED
+CVE-2021-3877
+ RESERVED
CVE-2021-42147
RESERVED
CVE-2021-42146
@@ -735,14 +953,11 @@ CVE-2021-23139
RESERVED
CVE-2021-3845
RESERVED
-CVE-2021-41832
- RESERVED
+CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...)
NOT-FOR-US: Apache OpenOffice
-CVE-2021-41831
- RESERVED
+CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of signed d ...)
NOT-FOR-US: Apache OpenOffice
-CVE-2021-41830
- RESERVED
+CVE-2021-41830 (It is possible for an attacker to manipulate signed documents and macr ...)
NOT-FOR-US: Apache OpenOffice
CVE-2021-3844
RESERVED
@@ -808,29 +1023,25 @@ CVE-2021-41803
RESERVED
CVE-2021-41802 (HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a ...)
NOT-FOR-US: HashiCorp Vault
-CVE-2021-41801
- RESERVED
+CVE-2021-41801 (The ReplaceText extension through 1.41 for MediaWiki has Incorrect Acc ...)
{DSA-4979-1}
- mediawiki 1:1.35.4-1
[stretch] - mediawiki <not-affected> (The vulnerable code was introduced later)
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
NOTE: https://phabricator.wikimedia.org/T279090
-CVE-2021-41800
- RESERVED
+CVE-2021-41800 (MediaWiki before 1.36.2 allows a denial of service (resource consumpti ...)
{DSA-4979-1}
- mediawiki 1:1.35.4-1
[stretch] - mediawiki <not-affected> (The vulnerable code was introduced later)
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
NOTE: https://phabricator.wikimedia.org/T284419
NOTE: Fixed by https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
-CVE-2021-41799
- RESERVED
+CVE-2021-41799 (MediaWiki before 1.36.2 allows a denial of service (resource consumpti ...)
{DSA-4979-1 DLA-2779-1}
- mediawiki 1:1.35.4-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
NOTE: https://phabricator.wikimedia.org/T290379
-CVE-2021-41798
- RESERVED
+CVE-2021-41798 (MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages a ...)
{DSA-4979-1 DLA-2779-1}
- mediawiki 1:1.35.4-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
@@ -994,7 +1205,7 @@ CVE-2021-41734
RESERVED
CVE-2021-41733
RESERVED
-CVE-2021-41732 (An issue was discovered in zeek version 4.1.0. There is a HTTP request ...)
+CVE-2021-41732 (** DISPUTED ** An issue was discovered in zeek version 4.1.0. There is ...)
- zeek <unfixed> (unimportant)
NOTE: https://github.com/zeek/zeek/issues/1798
NOTE: Disputed validitity of the security issue
@@ -2328,8 +2539,8 @@ CVE-2021-41119
RESERVED
CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...)
NOT-FOR-US: DynamicPageList3 MediaWiki Extension
-CVE-2021-41117
- RESERVED
+CVE-2021-41117 (keypair is a a RSA PEM key generator written in javascript. keypair im ...)
+ TODO: check
CVE-2021-41116 (Composer is an open source dependency manager for the PHP language. In ...)
- composer <not-affected> (Only affects Windows)
NOTE: https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf
@@ -2842,18 +3053,18 @@ CVE-2021-40891
RESERVED
CVE-2021-40890
RESERVED
-CVE-2021-40889
- RESERVED
-CVE-2021-40888
- RESERVED
-CVE-2021-40887
- RESERVED
-CVE-2021-40886
- RESERVED
+CVE-2021-40889 (CMSUno version 1.7.2 is affected by a PHP code execution vulnerability ...)
+ TODO: check
+CVE-2021-40888 (Projectsend version r1295 is affected by Cross Site Scripting (XSS) du ...)
+ TODO: check
+CVE-2021-40887 (Projectsend version r1295 is affected by a directory traversal vulnera ...)
+ TODO: check
+CVE-2021-40886 (Projectsend version r1295 is affected by a directory traversal vulnera ...)
+ TODO: check
CVE-2021-40885
RESERVED
-CVE-2021-40884
- RESERVED
+CVE-2021-40884 (Projectsend version r1295 is affected by sensitive information disclos ...)
+ TODO: check
CVE-2021-40883
RESERVED
CVE-2021-40882
@@ -3493,8 +3704,8 @@ CVE-2021-40619
RESERVED
CVE-2021-40618
RESERVED
-CVE-2021-40617
- RESERVED
+CVE-2021-40617 (An SQL Injection vulnerability exists in openSIS Community Edition ver ...)
+ TODO: check
CVE-2021-40616
RESERVED
CVE-2021-40615
@@ -3641,12 +3852,12 @@ CVE-2021-40545
RESERVED
CVE-2021-40544
RESERVED
-CVE-2021-40543
- RESERVED
-CVE-2021-40542
- RESERVED
-CVE-2021-40541
- RESERVED
+CVE-2021-40543 (Opensis-Classic Version 8.0 is affected by a SQL injection vulnerabili ...)
+ TODO: check
+CVE-2021-40542 (Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). ...)
+ TODO: check
+CVE-2021-40541 (PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the pr ...)
+ TODO: check
CVE-2021-40540 (ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info ...)
- ulfius 2.7.1-2 (bug #993851)
[bullseye] - ulfius 2.7.1-1+deb11u1
@@ -4410,8 +4621,8 @@ CVE-2021-40241
RESERVED
CVE-2021-40240
RESERVED
-CVE-2021-40239
- RESERVED
+CVE-2021-40239 (A Buffer Overflow vulnerability exists in the latest version of Minift ...)
+ TODO: check
CVE-2021-40238 (A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel ...)
NOT-FOR-US: Webuzo
CVE-2021-40237
@@ -4506,14 +4717,14 @@ CVE-2021-40193
RESERVED
CVE-2021-40192
RESERVED
-CVE-2021-40191
- RESERVED
+CVE-2021-40191 (Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due ...)
+ TODO: check
CVE-2021-40190
RESERVED
-CVE-2021-40189
- RESERVED
-CVE-2021-40188
- RESERVED
+CVE-2021-40189 (PHPFusion 9.03.110 is affected by a remote code execution vulnerabilit ...)
+ TODO: check
+CVE-2021-40188 (PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerabili ...)
+ TODO: check
CVE-2021-40187
RESERVED
CVE-2021-40186
@@ -4781,7 +4992,7 @@ CVE-2021-40087 (An issue was discovered in PrimeKey EJBCA before 7.6.0. When aud
CVE-2021-40086 (An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the ...)
NOT-FOR-US: PrimeKey
CVE-2021-40085 (An issue was discovered in OpenStack Neutron before 16.4.1, 17.x befor ...)
- {DSA-4983-1}
+ {DSA-4983-1 DLA-2781-1}
- neutron 2:18.1.0-3 (bug #993398)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/31/2
NOTE: https://launchpad.net/bugs/1939733
@@ -6482,8 +6693,8 @@ CVE-2021-39319
RESERVED
CVE-2021-39318
RESERVED
-CVE-2021-39317
- RESERVED
+CVE-2021-39317 (Versions up to, and including, 1.0.6, of the Access Demo Importer Word ...)
+ TODO: check
CVE-2021-39316 (The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39315
@@ -8477,7 +8688,7 @@ CVE-2021-38501
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501
CVE-2021-38500
RESERVED
- {DSA-4981-1}
+ {DSA-4981-1 DLA-2782-1}
- firefox 93.0-1
- firefox-esr 91.2.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38500
@@ -8501,7 +8712,7 @@ CVE-2021-38497
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497
CVE-2021-38496
RESERVED
- {DSA-4981-1}
+ {DSA-4981-1 DLA-2782-1}
- firefox 93.0-1
- firefox-esr 91.2.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38496
@@ -11777,8 +11988,8 @@ CVE-2021-37125
RESERVED
CVE-2021-37124
RESERVED
-CVE-2021-37123
- RESERVED
+CVE-2021-37123 (There is an improper authentication vulnerability in Hero-CT060 before ...)
+ TODO: check
CVE-2021-37122
RESERVED
CVE-2021-37121
@@ -16576,10 +16787,10 @@ CVE-2021-35062 (A Shell Metacharacter Injection vulnerability in result.php in D
NOT-FOR-US: DRK Odenwaldkreis Testerfassung
CVE-2021-35061 (Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkre ...)
NOT-FOR-US: DRK Odenwaldkreis Testerfassung
-CVE-2021-35060
- RESERVED
-CVE-2021-35059
- RESERVED
+CVE-2021-35060 (/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthe ...)
+ TODO: check
+CVE-2021-35059 (OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enrol ...)
+ TODO: check
CVE-2021-35058
RESERVED
CVE-2021-35057
@@ -23984,8 +24195,7 @@ CVE-2021-32029 (A flaw was found in postgresql. Using an UPDATE ... RETURNING co
[stretch] - postgresql-9.6 <not-affected> (Vulnerable code introduced later)
NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a71cfc56bf6013e3ea1d673acaf73fe7ebbd6bf3 (REL_13_3)
-CVE-2021-32028
- RESERVED
+CVE-2021-32028 (A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO ...)
{DSA-4915-1 DLA-2662-1}
- postgresql-13 13.3-1
- postgresql-11 <removed>
@@ -31881,12 +32091,12 @@ CVE-2021-29008 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows rem
NOT-FOR-US: SEO Panel
CVE-2021-29007
RESERVED
-CVE-2021-29006
- RESERVED
-CVE-2021-29005
- RESERVED
-CVE-2021-29004
- RESERVED
+CVE-2021-29006 (rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An ...)
+ TODO: check
+CVE-2021-29005 (Insecure permission of chmod command on rConfig server 3.9.6 exists. A ...)
+ TODO: check
+CVE-2021-29004 (rConfig 3.9.6 is affected by SQL Injection. A user must be authenticat ...)
+ TODO: check
CVE-2021-29003 (Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers ...)
NOT-FOR-US: Genexis devices
CVE-2021-29002 (A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 e ...)
@@ -35209,10 +35419,10 @@ CVE-2021-27667
CVE-2021-27666
RESERVED
NOT-FOR-US: Android
-CVE-2021-27665
- RESERVED
-CVE-2021-27664
- RESERVED
+CVE-2021-27665 (An unauthenticated remote user could exploit a potential integer overf ...)
+ TODO: check
+CVE-2021-27664 (Under certain configurations an unauthenticated remote user could be g ...)
+ TODO: check
CVE-2021-27663 (A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM ...)
NOT-FOR-US: Johnson Controls
CVE-2021-27662 (The KT-1 door controller is susceptible to replay or man-in-the-middle ...)
@@ -36700,8 +36910,8 @@ CVE-2021-27004
RESERVED
CVE-2021-27003
RESERVED
-CVE-2021-27002
- RESERVED
+CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...)
+ TODO: check
CVE-2021-27001
RESERVED
CVE-2021-27000
@@ -37720,8 +37930,8 @@ CVE-2021-26590
RESERVED
CVE-2021-26589
RESERVED
-CVE-2021-26588
- RESERVED
+CVE-2021-26588 (A potential security vulnerability has been identified in HPE 3PAR Sto ...)
+ TODO: check
CVE-2021-26587 (A potential DOM-based Cross Site Scripting security vulnerability has ...)
NOT-FOR-US: HPE StoreOnce
CVE-2021-26586 (A potential security vulnerability has been identified in the HPE Edge ...)
@@ -40099,8 +40309,7 @@ CVE-2021-25740 (A security issue was discovered with Kubernetes that could enabl
NOTE: https://www.openwall.com/lists/oss-security/2021/07/14/1
CVE-2021-25739
RESERVED
-CVE-2021-25738
- RESERVED
+CVE-2021-25738 (Loading specially-crafted yaml with the Kubernetes Java Client library ...)
NOT-FOR-US: Kubernetes Java client
CVE-2021-25737 (A security issue was discovered in Kubernetes where a user may be able ...)
- kubernetes <unfixed> (bug #990793)
@@ -40377,8 +40586,7 @@ CVE-2021-25634
NOTE: Fixed by: https://github.com/LibreOffice/core/commit/94ce59dd02fcfcaa1eb4f195b45a9a2edbd58242 (7-0)
NOTE: Fixed by: https://github.com/LibreOffice/core/commit/89befefb98487a27bff1003084e1200320828b3f (7-1)
NOTE: Fixed by: https://github.com/LibreOffice/core/commit/b776cf1281660cf495e12824872576bb8e99d569 (7-1)
-CVE-2021-25633
- RESERVED
+CVE-2021-25633 (LibreOffice supports digital signatures of ODF documents and macros wi ...)
- libreoffice 1:7.2.0-2
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633
NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/1
@@ -42403,8 +42611,8 @@ CVE-2021-24739
RESERVED
CVE-2021-24738
RESERVED
-CVE-2021-24737
- RESERVED
+CVE-2021-24737 (The Comments – wpDiscuz WordPress plugin through 7.3.0 does not ...)
+ TODO: check
CVE-2021-24736
RESERVED
CVE-2021-24735
@@ -42437,10 +42645,10 @@ CVE-2021-24722
RESERVED
CVE-2021-24721
RESERVED
-CVE-2021-24720
- RESERVED
-CVE-2021-24719
- RESERVED
+CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 wa ...)
+ TODO: check
+CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Refle ...)
+ TODO: check
CVE-2021-24718
RESERVED
CVE-2021-24717
@@ -42453,14 +42661,14 @@ CVE-2021-24714
RESERVED
CVE-2021-24713
RESERVED
-CVE-2021-24712
- RESERVED
-CVE-2021-24711
- RESERVED
+CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17 does not p ...)
+ TODO: check
+CVE-2021-24711 (The del_reistered_domains AJAX action of the Software License Manager ...)
+ TODO: check
CVE-2021-24710
RESERVED
-CVE-2021-24709
- RESERVED
+CVE-2021-24709 (The Weather Effect WordPress plugin before 1.3.6 does not properly val ...)
+ TODO: check
CVE-2021-24708
RESERVED
CVE-2021-24707
@@ -42495,10 +42703,10 @@ CVE-2021-24693
RESERVED
CVE-2021-24692
RESERVED
-CVE-2021-24691
- RESERVED
-CVE-2021-24690
- RESERVED
+CVE-2021-24691 (The Quiz And Survey Master WordPress plugin before 7.3.2 does not esca ...)
+ TODO: check
+CVE-2021-24690 (The Chained Quiz WordPress plugin before 1.2.7.2 does not properly san ...)
+ TODO: check
CVE-2021-24689
RESERVED
CVE-2021-24688
@@ -42511,12 +42719,12 @@ CVE-2021-24685
RESERVED
CVE-2021-24684
RESERVED
-CVE-2021-24683
- RESERVED
+CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have any CSR ...)
+ TODO: check
CVE-2021-24682
RESERVED
-CVE-2021-24681
- RESERVED
+CVE-2021-24681 (The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or ...)
+ TODO: check
CVE-2021-24680
RESERVED
CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin ...)
@@ -42565,8 +42773,8 @@ CVE-2021-24658 (The Erident Custom Login and Dashboard WordPress plugin before 3
NOT-FOR-US: WordPress plugin
CVE-2021-24657 (The Limit Login Attempts WordPress plugin before 4.0.50 does not escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24656
- RESERVED
+CVE-2021-24656 (The Simple Social Media Share Buttons WordPress plugin before 3.2.4 do ...)
+ TODO: check
CVE-2021-24655
RESERVED
CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly ...)
@@ -42575,8 +42783,8 @@ CVE-2021-24653
RESERVED
CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24651
- RESERVED
+CVE-2021-24651 (The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated us ...)
+ TODO: check
CVE-2021-24650
RESERVED
CVE-2021-24649
@@ -42723,10 +42931,10 @@ CVE-2021-24579 (The bt_bb_get_grid AJAX action of the Bold Page Builder WordPres
NOT-FOR-US: WordPress plugin
CVE-2021-24578
RESERVED
-CVE-2021-24577
- RESERVED
-CVE-2021-24576
- RESERVED
+CVE-2021-24577 (The Coming soon and Maintenance mode WordPress plugin before 3.5.3 doe ...)
+ TODO: check
+CVE-2021-24576 (The Easy Accordion WordPress plugin before 2.0.22 does not properly sa ...)
+ TODO: check
CVE-2021-24575
RESERVED
CVE-2021-24574 (The Simple Banner WordPress plugin before 2.10.4 does not sanitise and ...)
@@ -42751,8 +42959,8 @@ CVE-2021-24565 (The Contact Form 7 Captcha WordPress plugin before 0.0.9 does no
NOT-FOR-US: WordPress plugin
CVE-2021-24564 (The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sa ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24563
- RESERVED
+CVE-2021-24563 (The Frontend Uploader WordPress plugin through 1.3.2 does not prevent ...)
+ TODO: check
CVE-2021-24562 (The LMS by LifterLMS – Online Course, Membership & Learning ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24561 (The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_gr ...)
@@ -42785,10 +42993,10 @@ CVE-2021-24548 (The Mimetic Books WordPress plugin through 0.2.13 was vulnerable
NOT-FOR-US: WordPress plugin
CVE-2021-24547 (The KN Fix Your Title WordPress plugin through 1.0.1 was vulnerable to ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24546
- RESERVED
-CVE-2021-24545
- RESERVED
+CVE-2021-24546 (The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin ...)
+ TODO: check
+CVE-2021-24545 (The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitis ...)
+ TODO: check
CVE-2021-24544
RESERVED
CVE-2021-24543
@@ -47998,8 +48206,8 @@ CVE-2021-22265
RESERVED
CVE-2021-22264 (An issue has been discovered in GitLab affecting all versions starting ...)
TODO: check
-CVE-2021-22263
- RESERVED
+CVE-2021-22263 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2021-22262 (Missing access control in GitLab version 13.10 and above with Jira Clo ...)
TODO: check
CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira integration in ...)
@@ -54964,10 +55172,10 @@ CVE-2021-20124
RESERVED
CVE-2021-20123
RESERVED
-CVE-2021-20122
- RESERVED
-CVE-2021-20121
- RESERVED
+CVE-2021-20122 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...)
+ TODO: check
+CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...)
+ TODO: check
CVE-2021-20120
RESERVED
CVE-2021-20119
@@ -63541,8 +63749,8 @@ CVE-2021-0585 (In beginWrite and beginRead of MessageQueueBase.h, there is a pos
NOT-FOR-US: Android
CVE-2021-0584 (In verifyBufferObject of Parcel.cpp, there is a possible out of bounds ...)
NOT-FOR-US: Android
-CVE-2021-0583
- RESERVED
+CVE-2021-0583 (In onCreate of BluetoothPairingDialog, there is a possible way to enab ...)
+ TODO: check
CVE-2021-0582 (In wifi driver, there is a possible out of bounds read due to a missin ...)
NOT-FOR-US: MediaTek components for Android
CVE-2021-0581 (In wifi driver, there is a possible out of bounds read due to a missin ...)
@@ -67180,8 +67388,8 @@ CVE-2020-27374
RESERVED
CVE-2020-27373
RESERVED
-CVE-2020-27372
- RESERVED
+CVE-2020-27372 (A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1 ...)
+ TODO: check
CVE-2020-27371
RESERVED
CVE-2020-27370
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bfe8d58e2c51ca7b454103e0e46ad582cbba7ac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bfe8d58e2c51ca7b454103e0e46ad582cbba7ac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211011/3e6f29b4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list