[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 11 21:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8a5beb0f by security tracker role at 2022-04-11T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2022-29063
+ RESERVED
+CVE-2022-29062
+ RESERVED
+CVE-2022-29061
+ RESERVED
+CVE-2022-29060
+ RESERVED
+CVE-2022-29059
+ RESERVED
+CVE-2022-29058
+ RESERVED
+CVE-2022-29057
+ RESERVED
+CVE-2022-29056
+ RESERVED
+CVE-2022-29055
+ RESERVED
+CVE-2022-29054
+ RESERVED
+CVE-2022-29053
+ RESERVED
+CVE-2022-29052
+ RESERVED
+CVE-2022-29051
+ RESERVED
+CVE-2022-29050
+ RESERVED
+CVE-2022-29049
+ RESERVED
+CVE-2022-29048
+ RESERVED
+CVE-2022-29047
+ RESERVED
+CVE-2022-29046
+ RESERVED
+CVE-2022-29045
+ RESERVED
+CVE-2022-29044
+ RESERVED
+CVE-2022-29043
+ RESERVED
+CVE-2022-29042
+ RESERVED
+CVE-2022-29041
+ RESERVED
+CVE-2022-29040
+ RESERVED
+CVE-2022-29039
+ RESERVED
+CVE-2022-29038
+ RESERVED
+CVE-2022-29037
+ RESERVED
+CVE-2022-29036
+ RESERVED
+CVE-2022-29035
+ RESERVED
+CVE-2022-29034
+ RESERVED
+CVE-2022-29033
+ RESERVED
+CVE-2022-29032
+ RESERVED
+CVE-2022-29031
+ RESERVED
+CVE-2022-29030
+ RESERVED
+CVE-2022-29029
+ RESERVED
+CVE-2022-29028
+ RESERVED
+CVE-2022-1315
+ RESERVED
+CVE-2022-1314
+ RESERVED
+CVE-2022-1313
+ RESERVED
+CVE-2022-1312
+ RESERVED
+CVE-2022-1311
+ RESERVED
+CVE-2022-1310
+ RESERVED
+CVE-2022-1309
+ RESERVED
+CVE-2022-1308
+ RESERVED
+CVE-2022-1307
+ RESERVED
+CVE-2022-1306
+ RESERVED
+CVE-2022-1305
+ RESERVED
+CVE-2022-1304
+ RESERVED
+CVE-2022-1303
+ RESERVED
+CVE-2022-1302
+ RESERVED
+CVE-2022-1301
+ RESERVED
+CVE-2022-1300
+ RESERVED
+CVE-2022-1299
+ RESERVED
+CVE-2022-1298
+ RESERVED
+CVE-2022-1297 (Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repo ...)
+ TODO: check
+CVE-2022-1296 (Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub reposit ...)
+ TODO: check
+CVE-2022-1295 (Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior ...)
+ TODO: check
+CVE-2022-1294
+ RESERVED
+CVE-2022-1293
+ RESERVED
+CVE-2022-1292
+ RESERVED
CVE-2022-29027
RESERVED
CVE-2022-29026
@@ -820,8 +940,8 @@ CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository strukturag/libde2
[stretch] - libde265 <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/1-other-strukturag/libde265/
NOTE: https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8
-CVE-2022-1252
- RESERVED
+CVE-2022-1252 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
+ TODO: check
CVE-2022-1251
RESERVED
CVE-2022-1250
@@ -1771,7 +1891,7 @@ CVE-2022-28290
RESERVED
CVE-2022-28289
RESERVED
- {DSA-5118-1 DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -1788,7 +1908,7 @@ CVE-2022-28287
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28287
CVE-2022-28286
RESERVED
- {DSA-5118-1 DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -1797,7 +1917,7 @@ CVE-2022-28286
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28286
CVE-2022-28285
RESERVED
- {DSA-5118-1 DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -1814,7 +1934,7 @@ CVE-2022-28283
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28283
CVE-2022-28282
RESERVED
- {DSA-5118-1 DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -1823,7 +1943,7 @@ CVE-2022-28282
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28282
CVE-2022-28281
RESERVED
- {DSA-5118-1 DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -1842,12 +1962,12 @@ CVE-2022-1198
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/3
CVE-2022-1197
RESERVED
- {DSA-5118-1}
+ {DSA-5118-1 DLA-2978-1}
- thunderbird 1:91.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1197
CVE-2022-1196
RESERVED
- {DSA-5118-1 DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-1196
@@ -3127,7 +3247,7 @@ CVE-2022-26064
RESERVED
CVE-2022-1097
RESERVED
- {DSA-5118-1 DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -4606,8 +4726,8 @@ CVE-2022-1025
NOT-FOR-US: Argo CD
CVE-2022-1024
RESERVED
-CVE-2022-1023
- RESERVED
+CVE-2022-1023 (The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not ...)
+ TODO: check
CVE-2022-1022
RESERVED
CVE-2022-1021
@@ -4676,12 +4796,12 @@ CVE-2022-1010
RESERVED
CVE-2022-1009
RESERVED
-CVE-2022-1008
- RESERVED
-CVE-2022-1007
- RESERVED
-CVE-2022-1006
- RESERVED
+CVE-2022-1008 (The One Click Demo Import WordPress plugin before 3.1.0 does not valid ...)
+ TODO: check
+CVE-2022-1007 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does not s ...)
+ TODO: check
+CVE-2022-1006 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does not s ...)
+ TODO: check
CVE-2022-1005
RESERVED
CVE-2022-1004 (Accounted time is shown in the Ticket Detail View (External Interface) ...)
@@ -4761,8 +4881,8 @@ CVE-2022-27219
RESERVED
CVE-2022-27194
RESERVED
-CVE-2022-0989
- RESERVED
+CVE-2022-0989 (An unprivileged user could use the functionality of the NS WooCommerce ...)
+ TODO: check
CVE-2022-0988 (Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable t ...)
NOT-FOR-US: Delta Electronics
CVE-2022-0987 [PackageKit: Information Disclosure in Transaction Interface via timing]
@@ -5010,8 +5130,8 @@ CVE-2022-25949 (The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 P
NOT-FOR-US: KINGSOFT
CVE-2022-0970 (Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav ...)
NOT-FOR-US: Grav CMS
-CVE-2022-0969
- RESERVED
+CVE-2022-0969 (The Image optimization & Lazy Load by Optimole WordPress plugin be ...)
+ TODO: check
CVE-2022-0968 (The microweber application allows large characters to insert in the in ...)
NOT-FOR-US: microweber
CVE-2022-0967 (Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in Gi ...)
@@ -5050,8 +5170,8 @@ CVE-2022-0951 (File Upload Restriction Bypass leading to Stored XSS Vulnerabilit
NOT-FOR-US: ShowDoc
CVE-2022-0950 (Unrestricted Upload of File with Dangerous Type in GitHub repository s ...)
NOT-FOR-US: ShowDoc
-CVE-2022-0949
- RESERVED
+CVE-2022-0949 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...)
+ TODO: check
CVE-2022-0948
RESERVED
CVE-2022-XXXX [wordpress 5.9.2]
@@ -5076,8 +5196,8 @@ CVE-2022-27158
RESERVED
CVE-2022-27157
RESERVED
-CVE-2022-27156
- RESERVED
+CVE-2022-27156 (Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. ...)
+ TODO: check
CVE-2022-27155
RESERVED
CVE-2022-27154
@@ -5158,16 +5278,16 @@ CVE-2022-27117
RESERVED
CVE-2022-27116
RESERVED
-CVE-2022-27115
- RESERVED
+CVE-2022-27115 (In Studio-42 elFinder 2.1.60, there is a vulnerability that causes rem ...)
+ TODO: check
CVE-2022-27114
RESERVED
CVE-2022-27113
RESERVED
CVE-2022-27112
RESERVED
-CVE-2022-27111
- RESERVED
+CVE-2022-27111 (Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send ...)
+ TODO: check
CVE-2022-27110 (OrangeHRM 4.10 is vulnerable to a Host header injection redirect via v ...)
- orangehrm <itp> (bug #786622)
CVE-2022-27109 (OrangeHRM 4.10 suffers from a Referer header injection redirect vulner ...)
@@ -5210,10 +5330,10 @@ CVE-2022-27091
RESERVED
CVE-2022-27090 (Cscms Music Portal System v4.2 was discovered to contain a redirection ...)
NOT-FOR-US: Cscms Music Portal System
-CVE-2022-27089
- RESERVED
-CVE-2022-27088
- RESERVED
+CVE-2022-27089 (In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in ...)
+ TODO: check
+CVE-2022-27088 (Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted servic ...)
+ TODO: check
CVE-2022-27087
RESERVED
CVE-2022-27086
@@ -5306,8 +5426,8 @@ CVE-2022-27043
RESERVED
CVE-2022-27042
RESERVED
-CVE-2022-27041
- RESERVED
+CVE-2022-27041 (Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 ...)
+ TODO: check
CVE-2022-27040
RESERVED
CVE-2022-27039
@@ -5777,10 +5897,10 @@ CVE-2022-0922 (The software does not perform any authentication for critical sys
NOT-FOR-US: Rockwell Automation
CVE-2022-0921 (Abusing Backup/Restore feature to achieve Remote Code Execution in Git ...)
NOT-FOR-US: microweber
-CVE-2022-0920
- RESERVED
-CVE-2022-0919
- RESERVED
+CVE-2022-0920 (The Salon booking system Free and Pro WordPress plugins before 7.6.3 d ...)
+ TODO: check
+CVE-2022-0919 (The Salon booking system Free and pro WordPress plugins before 7.6.3 d ...)
+ TODO: check
CVE-2022-0918 (A vulnerability was discovered in the 389 Directory Server that allows ...)
- 389-ds-base <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2055815
@@ -5791,8 +5911,8 @@ CVE-2022-0916
RESERVED
CVE-2022-0915
RESERVED
-CVE-2022-0914
- RESERVED
+CVE-2022-0914 (The Export All URLs WordPress plugin before 4.3 does not have CSRF in ...)
+ TODO: check
CVE-2022-0913 (Integer Overflow or Wraparound in GitHub repository microweber/microwe ...)
NOT-FOR-US: microweber
CVE-2022-0912 (Unrestricted Upload of File with Dangerous Type in GitHub repository m ...)
@@ -5995,8 +6115,8 @@ CVE-2022-0894 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
NOT-FOR-US: pimcore
CVE-2022-0893 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
-CVE-2022-0892
- RESERVED
+CVE-2022-0892 (The Export All URLs WordPress plugin before 4.2 does not sanitise and ...)
+ TODO: check
CVE-2021-46707
RESERVED
CVE-2021-46706
@@ -6812,10 +6932,10 @@ CVE-2022-26418
RESERVED
CVE-2022-26416
RESERVED
-CVE-2022-26414
- RESERVED
-CVE-2022-26413
- RESERVED
+CVE-2022-26414 (A potential buffer overflow vulnerability was identified in some inter ...)
+ TODO: check
+CVE-2022-26413 (A command injection vulnerability in the CGI program of Zyxel VMG3312- ...)
+ TODO: check
CVE-2022-26348
RESERVED
CVE-2022-26347
@@ -7033,8 +7153,8 @@ CVE-2022-0842 (A blind SQL injection vulnerability in McAfee Enterprise ePolicy
NOT-FOR-US: McAfee
CVE-2022-0841 (OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0. ...)
NOT-FOR-US: ljharb/npm-lockfile
-CVE-2022-0840
- RESERVED
+CVE-2022-0840 (The Easy Social Icons WordPress plugin before 3.2.1 does not properly ...)
+ TODO: check
CVE-2022-0839 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
NOT-FOR-US: liquibase
CVE-2022-0838 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...)
@@ -7120,8 +7240,8 @@ CVE-2022-0830 (The FormBuilder WordPress plugin through 1.08 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2022-0829 (Improper Authorization in GitHub repository webmin/webmin prior to 1.9 ...)
- webmin <removed>
-CVE-2022-0828
- RESERVED
+CVE-2022-0828 (The Download Manager WordPress plugin before 3.2.39 uses the uniqid ph ...)
+ TODO: check
CVE-2022-0827
RESERVED
CVE-2022-0826
@@ -8533,6 +8653,7 @@ CVE-2022-25814 (PendingIntent hijacking vulnerability in Wearable Manager Instal
CVE-2022-0743 (Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav ...)
NOT-FOR-US: Grav CMS
CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems with the ...)
+ {DLA-2979-1}
[experimental] - usbguard 1.1.0+ds-1
- usbguard 1.1.0+ds-2 (bug #1008026)
NOTE: https://github.com/USBGuard/usbguard/issues/273
@@ -8921,8 +9042,8 @@ CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim p
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea
NOTE: https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30 (v8.2.4440)
-CVE-2022-0728
- RESERVED
+CVE-2022-0728 (The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not s ...)
+ TODO: check
CVE-2022-0727 (Improper Access Control in GitHub repository chocobozzz/peertube prior ...)
- peertube <itp> (bug #950821)
CVE-2022-0726 (Improper Authorization in GitHub repository chocobozzz/peertube prior ...)
@@ -11606,7 +11727,7 @@ CVE-2022-24714 (Icinga Web 2 is an open source monitoring web interface, framewo
NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf
NOTE: https://github.com/Icinga/icingaweb2/commit/6e989d05a1568a6733a3d912001251acc51d9293
CVE-2022-24713 (regex is an implementation of regular expressions for the Rust languag ...)
- {DSA-5118-1 DSA-5113-1 DLA-2971-1}
+ {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
- firefox 99.0-1
- firefox-esr 91.8.0esr-1
- thunderbird 1:91.8.0-1
@@ -11675,8 +11796,8 @@ CVE-2022-24701
RESERVED
CVE-2022-24700
RESERVED
-CVE-2022-0556
- RESERVED
+CVE-2022-0556 (A local privilege escalation vulnerability caused by incorrect permiss ...)
+ TODO: check
CVE-2022-0555
RESERVED
CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
@@ -11837,8 +11958,8 @@ CVE-2022-0533 (The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.
NOT-FOR-US: WordPress plugin
CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18 ...)
NOT-FOR-US: cri-o
-CVE-2022-0531
- RESERVED
+CVE-2022-0531 (The Migration, Backup, Staging WordPress plugin before 0.9.70 does not ...)
+ TODO: check
CVE-2022-0530 (A flaw was found in Unzip. The vulnerability occurs during the convers ...)
- unzip <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051395
@@ -12847,8 +12968,8 @@ CVE-2022-22986 (Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG4
NOT-FOR-US: Netcommunity OG410X and OG810X series
CVE-2022-0472 (Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/ ...)
NOT-FOR-US: jsdecena/laracom
-CVE-2022-0471
- RESERVED
+CVE-2022-0471 (The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 doe ...)
+ TODO: check
CVE-2022-24294
RESERVED
CVE-2022-24293 (Certain HP Print devices may be vulnerable to potential information di ...)
@@ -12972,8 +13093,8 @@ CVE-2022-0449 (The Flexi WordPress plugin before 4.20 does not sanitise and esca
NOT-FOR-US: WordPress plugin
CVE-2022-0448 (The CP Blocks WordPress plugin before 1.0.15 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0447
- RESERVED
+CVE-2022-0447 (The Post Grid WordPress plugin before 2.1.16 does not sanitise and esc ...)
+ TODO: check
CVE-2022-0446
RESERVED
CVE-2022-0445 (The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie C ...)
@@ -15945,8 +16066,8 @@ CVE-2022-23458
RESERVED
CVE-2022-23457
RESERVED
-CVE-2022-0314
- RESERVED
+CVE-2022-0314 (The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitis ...)
+ TODO: check
CVE-2022-0313 (The Float menu WordPress plugin before 4.3.1 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0312
@@ -16428,8 +16549,8 @@ CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...)
NOT-FOR-US: calibre-web
CVE-2022-0272
RESERVED
-CVE-2022-0271
- RESERVED
+CVE-2022-0271 (The LearnPress WordPress plugin before 4.1.6 does not sanitise and esc ...)
+ TODO: check
CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes im ...)
NOT-FOR-US: bored-agent
CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm ...)
@@ -16750,8 +16871,8 @@ CVE-2022-0248 (The Contact Form Submissions WordPress plugin before 1.7.3 does n
NOT-FOR-US: WordPress plugin
CVE-2022-0247 (An issue exists in Fuchsia where VMO data can be modified through acce ...)
NOT-FOR-US: Fuchsia
-CVE-2022-0246
- RESERVED
+CVE-2022-0246 (The settings of the iQ Block Country WordPress plugin before 1.2.13 ca ...)
+ TODO: check
CVE-2022-23304 (The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplica ...)
- wpa 2:2.10-1
[bullseye] - wpa <no-dsa> (Minor issue)
@@ -24596,7 +24717,8 @@ CVE-2021-44909
RESERVED
CVE-2021-44908 (SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via c ...)
NOT-FOR-US: SailsJS Sails.jsSailsJS Sails.js
-CVE-2021-44907 (A Denial of Service vulnerability exists in qs up to 6.8.0 due to insu ...)
+CVE-2021-44907
+ REJECTED
NOT-FOR-US: qs
CVE-2021-44906 (Minimist <=1.2.5 is vulnerable to Prototype Pollution via file inde ...)
- node-minimist 1.2.6+~cs5.3.2-1
@@ -40418,8 +40540,8 @@ CVE-2021-40221
RESERVED
CVE-2021-40220
RESERVED
-CVE-2021-40219
- RESERVED
+CVE-2021-40219 (Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe them ...)
+ TODO: check
CVE-2021-40218
RESERVED
CVE-2021-40217
@@ -47786,8 +47908,8 @@ CVE-2021-37293
RESERVED
CVE-2021-37292
RESERVED
-CVE-2021-37291
- RESERVED
+CVE-2021-37291 (An SQL Injection vulnerability exists in KevinLAB Inc Building Energy ...)
+ TODO: check
CVE-2021-37290
RESERVED
CVE-2021-37289
@@ -55005,8 +55127,8 @@ CVE-2021-34252
RESERVED
CVE-2021-34251
RESERVED
-CVE-2021-34250
- RESERVED
+CVE-2021-34250 (An issue was discovered in baijiacms v4. There is a CSRF vulnerability ...)
+ TODO: check
CVE-2021-34249
RESERVED
CVE-2021-34248
@@ -78693,8 +78815,8 @@ CVE-2021-25092 (The Link Library WordPress plugin before 7.2.8 does not have CSR
NOT-FOR-US: WordPress plugin
CVE-2021-25091 (The Link Library WordPress plugin before 7.2.9 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25090
- RESERVED
+CVE-2021-25090 (The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 d ...)
+ TODO: check
CVE-2021-25089 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25088
@@ -78899,10 +79021,10 @@ CVE-2021-24989 (The Accept Donations with PayPal WordPress plugin before 1.3.4 d
NOT-FOR-US: WordPress plugin
CVE-2021-24988 (The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24987
- RESERVED
-CVE-2021-24986
- RESERVED
+CVE-2021-24987 (The Social Share, Social Login and Social Comments Plugin WordPress pl ...)
+ TODO: check
+CVE-2021-24986 (The Post Grid WordPress plugin before 2.1.16 does not escape the keywo ...)
+ TODO: check
CVE-2021-24985 (The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24984 (The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a5beb0fd6aadbd3c194e1d992b64055466f3628
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a5beb0fd6aadbd3c194e1d992b64055466f3628
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220411/c94ac5b4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list