[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 4 21:10:36 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
757cc0f1 by security tracker role at 2022-04-04T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2022-28651
+ RESERVED
+CVE-2022-28650
+ RESERVED
+CVE-2022-28649
+ RESERVED
+CVE-2022-28648
+ RESERVED
+CVE-2022-28647
+ RESERVED
+CVE-2022-28646
+ RESERVED
+CVE-2022-28645
+ RESERVED
+CVE-2022-28644
+ RESERVED
+CVE-2022-28643
+ RESERVED
+CVE-2022-28642
+ RESERVED
+CVE-2022-28641
+ RESERVED
+CVE-2022-28640
+ RESERVED
+CVE-2022-28639
+ RESERVED
+CVE-2022-28638
+ RESERVED
+CVE-2022-28637
+ RESERVED
+CVE-2022-28636
+ RESERVED
+CVE-2022-28635
+ RESERVED
+CVE-2022-28634
+ RESERVED
+CVE-2022-28633
+ RESERVED
+CVE-2022-28632
+ RESERVED
+CVE-2022-28631
+ RESERVED
+CVE-2022-28630
+ RESERVED
+CVE-2022-28629
+ RESERVED
+CVE-2022-28628
+ RESERVED
+CVE-2022-28627
+ RESERVED
+CVE-2022-28626
+ RESERVED
+CVE-2022-28625
+ RESERVED
+CVE-2022-28624
+ RESERVED
+CVE-2022-28623
+ RESERVED
+CVE-2022-28622
+ RESERVED
+CVE-2022-28621
+ RESERVED
+CVE-2022-28620
+ RESERVED
+CVE-2022-28619
+ RESERVED
+CVE-2022-28618
+ RESERVED
+CVE-2022-28617
+ RESERVED
+CVE-2022-28616
+ RESERVED
+CVE-2022-28615
+ RESERVED
+CVE-2022-28614
+ RESERVED
+CVE-2022-28613
+ RESERVED
+CVE-2022-28610
+ RESERVED
+CVE-2022-26838
+ RESERVED
+CVE-2022-1231
+ RESERVED
+CVE-2022-1230
+ RESERVED
+CVE-2022-1229
+ RESERVED
+CVE-2022-1228
+ RESERVED
+CVE-2022-1227
+ RESERVED
+CVE-2022-1226
+ RESERVED
+CVE-2022-1225 (Incorrect Privilege Assignment in GitHub repository phpipam/phpipam pr ...)
+ TODO: check
+CVE-2022-1224 (Improper Authorization in GitHub repository phpipam/phpipam prior to 1 ...)
+ TODO: check
+CVE-2022-1223 (Improper Access Control in GitHub repository phpipam/phpipam prior to ...)
+ TODO: check
+CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...)
+ TODO: check
+CVE-2022-1221
+ RESERVED
+CVE-2022-1220
+ RESERVED
+CVE-2022-1219
+ RESERVED
+CVE-2022-1218
+ RESERVED
+CVE-2022-1217
+ RESERVED
+CVE-2022-1216
+ RESERVED
+CVE-2022-1215
+ RESERVED
+CVE-2021-46783
+ RESERVED
CVE-2022-28609
RESERVED
CVE-2022-28608
@@ -984,20 +1102,20 @@ CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repo
NOTE: https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8
CVE-2022-1171
RESERVED
-CVE-2022-1170
- RESERVED
-CVE-2022-1169
- RESERVED
-CVE-2022-1168
- RESERVED
-CVE-2022-1167
- RESERVED
-CVE-2022-1166
- RESERVED
-CVE-2022-1165
- RESERVED
-CVE-2022-1164
- RESERVED
+CVE-2022-1170 (In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there ...)
+ TODO: check
+CVE-2022-1169 (There is a XSS vulnerability in Careerfy. ...)
+ TODO: check
+CVE-2022-1168 (There is a Cross-Site Scripting vulnerability in the JobSearch WP JobS ...)
+ TODO: check
+CVE-2022-1167 (There are unauthenticated reflected Cross-Site Scripting (XSS) vulnera ...)
+ TODO: check
+CVE-2022-1166 (The JobMonster Theme was vulnerable to Directory Listing in the /wp-co ...)
+ TODO: check
+CVE-2022-1165 (The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers ...)
+ TODO: check
+CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in the bu ...)
+ TODO: check
CVE-2022-28219
RESERVED
CVE-2022-28218
@@ -1534,10 +1652,10 @@ CVE-2022-28065
RESERVED
CVE-2022-28064
RESERVED
-CVE-2022-28063
- RESERVED
-CVE-2022-28062
- RESERVED
+CVE-2022-28063 (Simple Bakery Shop Management System v1.0 contains a file disclosure v ...)
+ TODO: check
+CVE-2022-28062 (Car Rental System v1.0 contains an arbitrary file upload vulnerability ...)
+ TODO: check
CVE-2022-28061
RESERVED
CVE-2022-28060
@@ -3019,10 +3137,10 @@ CVE-2022-27438
RESERVED
CVE-2022-27437
RESERVED
-CVE-2022-27436
- RESERVED
-CVE-2022-27435
- RESERVED
+CVE-2022-27436 (A cross-site scripting (XSS) vulnerability in /public/admin/index.php? ...)
+ TODO: check
+CVE-2022-27435 (An unrestricted file upload at /public/admin/index.php?add_product of ...)
+ TODO: check
CVE-2022-27434
RESERVED
CVE-2022-27433
@@ -3453,8 +3571,8 @@ CVE-2022-27241
RESERVED
CVE-2022-1027
RESERVED
-CVE-2022-1026
- RESERVED
+CVE-2022-1026 (Kyocera multifunction printers running vulnerable versions of Net View ...)
+ TODO: check
CVE-2022-1025
RESERVED
NOT-FOR-US: Argo CD
@@ -3601,8 +3719,8 @@ CVE-2022-0992
RESERVED
CVE-2022-0991 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...)
NOT-FOR-US: admidio
-CVE-2022-0990
- RESERVED
+CVE-2022-0990 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...)
+ TODO: check
CVE-2020-36519 (Mimecast Email Security before 2020-01-10 allows any admin to spoof an ...)
NOT-FOR-US: Mimecast Email Security
CVE-2022-27221
@@ -3884,8 +4002,8 @@ CVE-2022-0960 (Stored XSS viva .properties file upload in GitHub repository star
NOT-FOR-US: ShowDoc
CVE-2022-0959 (A malicious, but authorised and authenticated user can construct an HT ...)
- pgadmin4 <itp> (bug #834129)
-CVE-2022-0958
- RESERVED
+CVE-2022-0958 (The Mark Posts WordPress plugin before 2.0.1 does not escape new marke ...)
+ TODO: check
CVE-2022-0957 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior ...)
NOT-FOR-US: ShowDoc
CVE-2022-0956 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior ...)
@@ -4306,8 +4424,8 @@ CVE-2022-0941 (Stored XSS due to Unrestricted File Upload in GitHub repository s
NOT-FOR-US: ShowDoc
CVE-2022-0940 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...)
NOT-FOR-US: ShowDoc
-CVE-2022-0939
- RESERVED
+CVE-2022-0939 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...)
+ TODO: check
CVE-2022-0938 (Stored XSS via file upload in GitHub repository star7th/showdoc prior ...)
NOT-FOR-US: ShowDoc
CVE-2021-46709 (phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows para ...)
@@ -4825,8 +4943,8 @@ CVE-2022-0903 (A call stack overflow bug in the SAML login feature in Mattermost
- mattermost-server <itp> (bug #823556)
CVE-2022-0902
RESERVED
-CVE-2022-0901
- RESERVED
+CVE-2022-0901 (The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sa ...)
+ TODO: check
CVE-2022-0900
RESERVED
CVE-2022-0899
@@ -5075,14 +5193,14 @@ CVE-2022-0889 (The Ninja Forms - File Uploads Extension WordPress plugin is vuln
NOT-FOR-US: WordPress plugin
CVE-2022-0888 (The Ninja Forms - File Uploads Extension WordPress plugin is vulnerabl ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0887
- RESERVED
+CVE-2022-0887 (The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize ...)
+ TODO: check
CVE-2022-0886
REJECTED
CVE-2022-0885
RESERVED
-CVE-2022-0884
- RESERVED
+CVE-2022-0884 (The Profile Builder WordPress plugin before 3.6.8 does not sanitise an ...)
+ TODO: check
CVE-2022-0883
RESERVED
CVE-2022-0882
@@ -5227,8 +5345,8 @@ CVE-2022-26618
RESERVED
CVE-2022-26617
RESERVED
-CVE-2022-26616
- RESERVED
+CVE-2022-26616 (PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to pe ...)
+ TODO: check
CVE-2022-26615
RESERVED
CVE-2022-26614
@@ -5315,8 +5433,8 @@ CVE-2022-26574
RESERVED
CVE-2022-26573 (Maccms v10 was discovered to contain multiple reflected cross-site scr ...)
NOT-FOR-US: Maccms
-CVE-2022-26572
- RESERVED
+CVE-2022-26572 (Xerox ColorQube 8580 was discovered to contain an access control issue ...)
+ TODO: check
CVE-2022-26571
RESERVED
CVE-2022-26570
@@ -5700,8 +5818,8 @@ CVE-2022-25889
RESERVED
CVE-2022-21224
RESERVED
-CVE-2022-0864
- RESERVED
+CVE-2022-0864 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 ...)
+ TODO: check
CVE-2022-0863
RESERVED
CVE-2022-0862 (A lack of password change protection vulnerability in a depreciated AP ...)
@@ -5887,8 +6005,8 @@ CVE-2022-0839 (Improper Restriction of XML External Entity Reference in GitHub r
NOT-FOR-US: liquibase
CVE-2022-0838 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...)
NOT-FOR-US: Hestia Control Panel
-CVE-2022-0837
- RESERVED
+CVE-2022-0837 (The Amelia WordPress plugin before 1.0.48 does not have proper authori ...)
+ TODO: check
CVE-2022-0836
RESERVED
CVE-2022-26365
@@ -5914,6 +6032,7 @@ CVE-2022-26356
CVE-2022-26355 (Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deplo ...)
NOT-FOR-US: Citrix
CVE-2022-26354 (A flaw was found in the vhost-vsock device of QEMU. In case of error, ...)
+ {DLA-2970-1}
- qemu <unfixed>
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
@@ -5939,8 +6058,8 @@ CVE-2022-0832 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
NOT-FOR-US: pimcore
CVE-2022-0831 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
-CVE-2022-0830
- RESERVED
+CVE-2022-0830 (The FormBuilder WordPress plugin through 1.08 does not have CSRF check ...)
+ TODO: check
CVE-2022-0829 (Improper Authorization in GitHub repository webmin/webmin prior to 1.9 ...)
- webmin <removed>
CVE-2022-0828
@@ -5949,8 +6068,8 @@ CVE-2022-0827
RESERVED
CVE-2022-0826
RESERVED
-CVE-2022-0825
- RESERVED
+CVE-2022-0825 (The Amelia WordPress plugin before 1.0.49 does not have proper authori ...)
+ TODO: check
CVE-2022-0824 (Improper Access Control to Remote Code Execution in GitHub repository ...)
- webmin <removed>
CVE-2022-0823
@@ -7948,8 +8067,8 @@ CVE-2022-0711 (A flaw was found in the way HAProxy processed HTTP responses cont
NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=eb1bdcb7cf6e7bd1690f7dcc6d97de3d79b54cdc (v2.2.21)
CVE-2022-0710 (The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vu ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0709
- RESERVED
+CVE-2022-0709 (The Booking Package WordPress plugin before 1.5.29 requires a token fo ...)
+ TODO: check
CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of the c ...)
- mattermost-server <itp> (bug #823556)
NOTE: MMSA-2022-0082
@@ -8028,8 +8147,8 @@ CVE-2022-25571 (Bluedon Information Security Technologies Co.,Ltd Internet Acces
NOT-FOR-US: Bluedon
CVE-2022-25570 (In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to ...)
NOT-FOR-US: Passwordstate
-CVE-2022-25569
- RESERVED
+CVE-2022-25569 (Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static S ...)
+ TODO: check
CVE-2022-25568 (MotionEye v0.42.1 and below allows attackers to access sensitive infor ...)
NOT-FOR-US: MotionEye
CVE-2022-25567
@@ -10153,10 +10272,10 @@ CVE-2022-24816
RESERVED
CVE-2022-24815
RESERVED
-CVE-2022-24814
- RESERVED
-CVE-2022-24813
- RESERVED
+CVE-2022-24814 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2022-24813 (CreateWiki is Miraheze's MediaWiki extension for requesting & crea ...)
+ TODO: check
CVE-2022-24812
RESERVED
CVE-2022-24811
@@ -10179,8 +10298,8 @@ CVE-2022-24803 (Asciidoctor-include-ext is Asciidoctor’s standard include
TODO: check
CVE-2022-24802 (deepmerge-ts is a typescript library providing functionality to deep m ...)
TODO: check
-CVE-2022-24801
- RESERVED
+CVE-2022-24801 (Twisted is an event-based framework for internet applications, support ...)
+ TODO: check
CVE-2022-24800
RESERVED
CVE-2022-24799
@@ -10210,12 +10329,12 @@ CVE-2022-24789 (C1 CMS is an open-source, .NET based Content Management System (
NOT-FOR-US: C1 CMS
CVE-2022-24788
RESERVED
-CVE-2022-24787
- RESERVED
+CVE-2022-24787 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
+ TODO: check
CVE-2022-24786
RESERVED
-CVE-2022-24785
- RESERVED
+CVE-2022-24785 (Moment.js is a JavaScript date library for parsing, validating, manipu ...)
+ TODO: check
CVE-2022-24784 (Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and ...)
NOT-FOR-US: Statamic
CVE-2022-24783 (Deno is a runtime for JavaScript and TypeScript. The versions of Deno ...)
@@ -10636,8 +10755,8 @@ CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanst
NOT-FOR-US: beanstalk_console
CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...)
- jenkins <removed>
-CVE-2022-0537
- RESERVED
+CVE-2022-0537 (The MapPress Maps for WordPress plugin before 2.73.13 allows a high pr ...)
+ TODO: check
CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM foll ...)
- node-follow-redirects 1.14.8+~1.14.0-1
[bullseye] - node-follow-redirects 1.13.1-1+deb11u1
@@ -11962,8 +12081,8 @@ CVE-2022-0433 (A NULL pointer dereference flaw was found in the Linux kernel's B
NOTE: Fixed by: https://git.kernel.org/linus/3ccdcee28415c4226de05438b4d89eb5514edf73 (5.17-rc1)
CVE-2022-0432 (Prototype Pollution in GitHub repository mastodon/mastodon prior to 3. ...)
NOT-FOR-US: Mastodon
-CVE-2022-0431
- RESERVED
+CVE-2022-0431 (The Insights from Google PageSpeed WordPress plugin before 4.0.4 does ...)
+ TODO: check
CVE-2022-0430 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
- httpie <unfixed>
[bullseye] - httpie <no-dsa> (Minor issue)
@@ -12155,8 +12274,8 @@ CVE-2022-24193 (CasaOS before v0.2.7 was discovered to contain a command injecti
NOT-FOR-US: CasaOS
CVE-2022-24192
RESERVED
-CVE-2022-24191
- RESERVED
+CVE-2022-24191 (In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can l ...)
+ TODO: check
CVE-2022-24190
RESERVED
CVE-2022-24189
@@ -12407,10 +12526,10 @@ CVE-2022-0406 (Improper Authorization in GitHub repository janeczku/calibre-web
TODO: check
CVE-2022-0405 (Improper Access Control in GitHub repository janeczku/calibre-web prio ...)
NOT-FOR-US: calibre-web
-CVE-2022-0404
- RESERVED
-CVE-2022-0403
- RESERVED
+CVE-2022-0404 (The Material Design for Contact Form 7 WordPress plugin through 2.6.4 ...)
+ TODO: check
+CVE-2022-0403 (The Library File Manager WordPress plugin before 5.2.3 is using an out ...)
+ TODO: check
CVE-2022-0402
RESERVED
CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12. ...)
@@ -14038,7 +14157,7 @@ CVE-2022-0322 (A flaw was found in the sctp_make_strreset_req function in net/sc
[bullseye] - linux 5.10.84-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/a2d859e3fc97e79d907761550dbc03ff1b36479c (5.15-rc6)
-CVE-2022-0321 (The WP Voting Contest WordPress plugin through 2.1 does not sanitise a ...)
+CVE-2022-0321 (The WP Voting Contest WordPress plugin before 3.0 does not sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before 5.0.5 does ...)
NOT-FOR-US: WordPress plugin
@@ -15877,7 +15996,8 @@ CVE-2022-23208
RESERVED
CVE-2022-23207
RESERVED
-CVE-2022-0227 (Business Logic Errors in GitHub repository silverstripe/silverstripe-f ...)
+CVE-2022-0227
+ REJECTED
NOT-FOR-US: Silverstripe CMS
CVE-2021-46303
RESERVED
@@ -25872,8 +25992,8 @@ CVE-2021-44140 (Remote attackers may delete arbitrary files in a system hosting
- jspwiki <removed>
CVE-2021-44139 (Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). ...)
NOT-FOR-US: alibaba/Sentinel
-CVE-2021-44138
- RESERVED
+CVE-2021-44138 (There is a Directory traversal vulnerability in Caucho Resin, as distr ...)
+ TODO: check
CVE-2021-44137
RESERVED
CVE-2021-44136
@@ -28951,28 +29071,28 @@ CVE-2021-43466 (In the thymeleaf-spring5:3.0.12 component, thymeleaf combined wi
NOT-FOR-US: thymeleaf-spring5
CVE-2021-43465
RESERVED
-CVE-2021-43464
- RESERVED
-CVE-2021-43463
- RESERVED
-CVE-2021-43462
- RESERVED
-CVE-2021-43461
- RESERVED
-CVE-2021-43460
- RESERVED
-CVE-2021-43459
- RESERVED
-CVE-2021-43458
- RESERVED
-CVE-2021-43457
- RESERVED
-CVE-2021-43456
- RESERVED
-CVE-2021-43455
- RESERVED
-CVE-2021-43454
- RESERVED
+CVE-2021-43464 (A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2. ...)
+ TODO: check
+CVE-2021-43463 (An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a s ...)
+ TODO: check
+CVE-2021-43462 (A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Serve ...)
+ TODO: check
+CVE-2021-43461 (Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server ...)
+ TODO: check
+CVE-2021-43460 (An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 ...)
+ TODO: check
+CVE-2021-43459 (A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Serve ...)
+ TODO: check
+CVE-2021-43458 (An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via ...)
+ TODO: check
+CVE-2021-43457 (An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a spec ...)
+ TODO: check
+CVE-2021-43456 (An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0 ...)
+ TODO: check
+CVE-2021-43455 (An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a spe ...)
+ TODO: check
+CVE-2021-43454 (An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.3 ...)
+ TODO: check
CVE-2021-43453
RESERVED
CVE-2021-43452
@@ -29086,6 +29206,7 @@ CVE-2021-43401
CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: snipe-it
CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEMU. It ...)
+ {DLA-2970-1}
- qemu 1:6.2+dfsg-1
[bullseye] - qemu <postponed> (Minor issue)
[buster] - qemu <postponed> (Minor issue)
@@ -39016,7 +39137,7 @@ CVE-2021-3749 (axios is vulnerable to Inefficient Regular Expression Complexity
NOTE: https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
NOTE: https://github.com/axios/axios/pull/3980
CVE-2021-3748 (A use-after-free vulnerability was found in the virtio-net device of Q ...)
- {DSA-4980-1}
+ {DSA-4980-1 DLA-2970-1}
- qemu 1:6.1+dfsg-6 (bug #993401)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1998514
NOTE: When fixing this issue make sure to not open CVE-2022-26353
@@ -53051,6 +53172,7 @@ CVE-2021-3594 (An invalid pointer initialization issue was found in the SLiRP ne
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824 (v4.6.0)
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
CVE-2021-3593 (An invalid pointer initialization issue was found in the SLiRP network ...)
+ {DLA-2970-1}
- libslirp 4.6.1-1 (bug #989994)
[bullseye] - libslirp 4.4.0-1+deb11u2
- qemu 1:4.1-2
@@ -55286,8 +55408,8 @@ CVE-2021-33618 (Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as de
- dolibarr <removed>
CVE-2021-33617 (Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/ ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2021-33616
- RESERVED
+CVE-2021-33616 (RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. ...)
+ TODO: check
CVE-2021-33615
RESERVED
CVE-2021-33620 (Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause ...)
@@ -77421,8 +77543,8 @@ CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was vulne
NOT-FOR-US: WordPress plugin
CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25113
- RESERVED
+CVE-2021-25113 (The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have ...)
+ TODO: check
CVE-2021-25112 (The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25111
@@ -77551,8 +77673,8 @@ CVE-2021-25050 (The Remove Footer Credit WordPress plugin before 1.0.11 does pro
NOT-FOR-US: WordPress plugin
CVE-2021-25049 (The Mobile Events Manager WordPress plugin before 1.4.4 does not sanit ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25048
- RESERVED
+CVE-2021-25048 (The KingComposer WordPress plugin through 2.9.6 does not have authoris ...)
+ TODO: check
CVE-2021-25047 (The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affecte ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25046 (The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed a ...)
@@ -90736,6 +90858,7 @@ CVE-2021-20197 (There is an open race window when writing output in the followin
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=365f5fb6d0f0da83817431a275e99e6f6babbe04
NOTE: binutils not covered by security support
CVE-2021-20196 (A NULL pointer dereference flaw was found in the floppy disk emulator ...)
+ {DLA-2970-1}
- qemu 1:6.2+dfsg-1 (bug #984453)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Fix along in future DSA)
@@ -100708,8 +100831,8 @@ CVE-2020-28064
RESERVED
CVE-2020-28063 (A file upload issue exists in all versions of ArticleCMS which allows ...)
NOT-FOR-US: ArticleCMS
-CVE-2020-28062
- RESERVED
+CVE-2020-28062 (An Access Control vulnerability exists in HisiPHP 2.0.11 via special p ...)
+ TODO: check
CVE-2020-28061
RESERVED
CVE-2020-28060
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/757cc0f12f7d40a9fec85c70ab180054d794eb0d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/757cc0f12f7d40a9fec85c70ab180054d794eb0d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220404/f0f2aae9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list