[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 14 20:10:24 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
96ab0c42 by security tracker role at 2022-03-14T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2022-27169
+ RESERVED
+CVE-2022-27167
+ RESERVED
+CVE-2022-27166
+ RESERVED
+CVE-2022-26511
+ RESERVED
+CVE-2022-26510
+ RESERVED
+CVE-2022-26303
+ RESERVED
+CVE-2022-26082
+ RESERVED
+CVE-2022-26081
+ RESERVED
+CVE-2022-26077
+ RESERVED
+CVE-2022-26067
+ RESERVED
+CVE-2022-26043
+ RESERVED
+CVE-2022-26026
+ RESERVED
+CVE-2022-25969
+ RESERVED
+CVE-2022-25949
+ RESERVED
+CVE-2022-0970
+ RESERVED
+CVE-2022-0969
+ RESERVED
+CVE-2022-0968
+ RESERVED
+CVE-2022-0967
+ RESERVED
+CVE-2022-0966
+ RESERVED
+CVE-2022-0965
+ RESERVED
+CVE-2022-0964
+ RESERVED
+CVE-2022-0963
+ RESERVED
+CVE-2022-0962 (Stored XSS viva .webma file upload in GitHub repository star7th/showdo ...)
+ TODO: check
+CVE-2022-0961
+ RESERVED
+CVE-2022-0960 (Stored XSS viva .properties file upload in GitHub repository star7th/s ...)
+ TODO: check
+CVE-2022-0959
+ RESERVED
+CVE-2022-0958
+ RESERVED
+CVE-2022-0957
+ RESERVED
+CVE-2022-0956
+ RESERVED
+CVE-2022-0955
+ RESERVED
+CVE-2022-0954
+ RESERVED
+CVE-2022-0953
+ RESERVED
+CVE-2022-0952
+ RESERVED
+CVE-2022-0951
+ RESERVED
+CVE-2022-0950
+ RESERVED
+CVE-2022-0949
+ RESERVED
+CVE-2022-0948
+ RESERVED
CVE-2022-XXXX [wordpress 5.9.2]
- wordpress 5.9.2+dfsg1-1 (bug #1007145)
NOTE: https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/
@@ -371,8 +445,8 @@ CVE-2022-26982
RESERVED
CVE-2022-0947
RESERVED
-CVE-2022-0946
- RESERVED
+CVE-2022-0946 (Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc ...)
+ TODO: check
CVE-2022-0945
RESERVED
CVE-2022-0944
@@ -386,14 +460,14 @@ CVE-2022-26980
RESERVED
CVE-2022-0942
RESERVED
-CVE-2022-0941
- RESERVED
-CVE-2022-0940
- RESERVED
+CVE-2022-0941 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...)
+ TODO: check
+CVE-2022-0940 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...)
+ TODO: check
CVE-2022-0939
RESERVED
-CVE-2022-0938
- RESERVED
+CVE-2022-0938 (Stored XSS via file upload in GitHub repository star7th/showdoc prior ...)
+ TODO: check
CVE-2021-46709 (phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows para ...)
- phpliteadmin 1.9.8.2-2
NOTE: https://bitbucket.org/phpliteadmin/public/issues/399/xss-vulnerability
@@ -2010,8 +2084,8 @@ CVE-2022-0823
RESERVED
CVE-2022-26352
RESERVED
-CVE-2022-26351
- RESERVED
+CVE-2022-26351 (Canon imagePROGRAF and imageRUNNER devices through 2022-03-14 generate ...)
+ TODO: check
CVE-2022-26350
RESERVED
CVE-2022-26345
@@ -2118,8 +2192,8 @@ CVE-2022-26322
RESERVED
CVE-2022-26321
RESERVED
-CVE-2022-26320
- RESERVED
+CVE-2022-26320 (The Rambus SafeZone Basic Crypto Module, as used in certain Fujifilm ( ...)
+ TODO: check
CVE-2022-26319 (An installer search patch element vulnerability in Trend Micro Portabl ...)
NOT-FOR-US: Trend Micro
CVE-2022-26318 (On WatchGuard Firebox and XTM appliances, an unauthenticated user can ...)
@@ -3286,8 +3360,8 @@ CVE-2022-21190
RESERVED
CVE-2022-21189
RESERVED
-CVE-2022-21187
- RESERVED
+CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command Injection v ...)
+ TODO: check
CVE-2022-21186
RESERVED
CVE-2022-21169
@@ -3974,14 +4048,14 @@ CVE-2022-0705
RESERVED
CVE-2022-0704
RESERVED
-CVE-2022-0703
- RESERVED
-CVE-2022-0702
- RESERVED
-CVE-2022-0701
- RESERVED
-CVE-2022-0700
- RESERVED
+CVE-2022-0703 (The GD Mylist WordPress plugin through 1.1.1 does not sanitise and esc ...)
+ TODO: check
+CVE-2022-0702 (The Petfinder Listings WordPress plugin through 1.0.18 does not escape ...)
+ TODO: check
+CVE-2022-0701 (The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Re ...)
+ TODO: check
+CVE-2022-0700 (The Simple Tracking WordPress plugin before 1.7 does not sanitise and ...)
+ TODO: check
CVE-2022-0699
RESERVED
CVE-2022-25597
@@ -4499,8 +4573,8 @@ CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim p
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782
NOTE: https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87 (v8.2.4418)
-CVE-2022-0684
- RESERVED
+CVE-2022-0684 (The WP Home Page Menu WordPress plugin before 3.1 does not sanitise an ...)
+ TODO: check
CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...)
- libsixel <unfixed>
[bullseye] - libsixel <no-dsa> (Minor issue)
@@ -4690,8 +4764,8 @@ CVE-2022-25305 (The WP Statistics WordPress plugin is vulnerable to Cross-Site S
NOT-FOR-US: WordPress plugin
CVE-2022-21158 (A stored cross-site scripting vulnerability in marktext versions prior ...)
NOT-FOR-US: marktext
-CVE-2022-0674
- RESERVED
+CVE-2022-0674 (The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail ...)
+ TODO: check
CVE-2022-0673 (A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoni ...)
NOT-FOR-US: LemMinX
CVE-2022-0672 (A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redi ...)
@@ -4720,10 +4794,10 @@ CVE-2022-0661
RESERVED
CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...)
NOT-FOR-US: microweber
-CVE-2022-0659
- RESERVED
-CVE-2022-0658
- RESERVED
+CVE-2022-0659 (The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some ...)
+ TODO: check
+CVE-2022-0658 (The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and ...)
+ TODO: check
CVE-2022-0657
RESERVED
CVE-2022-0656
@@ -4881,8 +4955,8 @@ CVE-2022-23810 (Template injection (Improper Neutralization of Special Elements
NOT-FOR-US: a-blog cms
CVE-2022-21142 (Authentication bypass vulnerability in a-blog cms Ver.2.8.x series ver ...)
NOT-FOR-US: a-blog cms
-CVE-2022-0648
- RESERVED
+CVE-2022-0648 (The Team Circle Image Slider With Lightbox WordPress plugin before 1.0 ...)
+ TODO: check
CVE-2022-0647
RESERVED
CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Transpo ...)
@@ -5268,8 +5342,8 @@ CVE-2022-0603
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
CVE-2022-0602
RESERVED
-CVE-2022-0601
- RESERVED
+CVE-2022-0601 (The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 ...)
+ TODO: check
CVE-2022-0600
RESERVED
CVE-2022-0599
@@ -5284,8 +5358,8 @@ CVE-2022-0595
RESERVED
CVE-2022-0594
RESERVED
-CVE-2022-0593
- RESERVED
+CVE-2022-0593 (The Login with phone number WordPress plugin before 1.3.7 includes a f ...)
+ TODO: check
CVE-2022-0592
RESERVED
CVE-2022-0591
@@ -6269,8 +6343,8 @@ CVE-2022-24735
RESERVED
CVE-2022-24734 (MyBB is a free and open source forum software. In affected versions th ...)
NOT-FOR-US: MyBB
-CVE-2022-24733
- RESERVED
+CVE-2022-24733 (Sylius is an open source eCommerce platform. Prior to versions 1.9.10, ...)
+ TODO: check
CVE-2022-24732 (Maddy Mail Server is an open source SMTP compatible email server. Vers ...)
NOT-FOR-US: Maddy Mail Server
CVE-2022-24731
@@ -6281,7 +6355,8 @@ CVE-2022-24729
RESERVED
CVE-2022-24728
RESERVED
-CVE-2022-24727 (Weblate is a web based localization tool with tight version control in ...)
+CVE-2022-24727
+ REJECTED
- weblate <itp> (bug #745661)
CVE-2022-24726 (Istio is an open platform to connect, manage, and secure microservices ...)
NOT-FOR-US: Istio
@@ -6811,16 +6886,16 @@ CVE-2022-24580
RESERVED
CVE-2022-24579
RESERVED
-CVE-2022-24578
- RESERVED
-CVE-2022-24577
- RESERVED
-CVE-2022-24576
- RESERVED
-CVE-2022-24575
- RESERVED
-CVE-2022-24574
- RESERVED
+CVE-2022-24578 (GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddStrin ...)
+ TODO: check
+CVE-2022-24577 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ...)
+ TODO: check
+CVE-2022-24576 (GPAC 1.0.1 is affected by Use After Free through MP4Box. ...)
+ TODO: check
+CVE-2022-24575 (GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box ...)
+ TODO: check
+CVE-2022-24574 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_f ...)
+ TODO: check
CVE-2022-24573 (A stored cross-site scripting (XSS) vulnerability in the admin interfa ...)
NOT-FOR-US: Element-IT
CVE-2022-24572 (Car Driving School Management System v1.0 is affected by Cross Site Sc ...)
@@ -7164,8 +7239,8 @@ CVE-2022-0505 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microwe
NOT-FOR-US: microweber
CVE-2022-0504 (Generation of Error Message Containing Sensitive Information in Packag ...)
NOT-FOR-US: microweber
-CVE-2022-0503
- RESERVED
+CVE-2022-0503 (The WordPress Multisite Content Copier/Updater WordPress plugin before ...)
+ TODO: check
CVE-2022-0502 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2021-46675
@@ -7295,14 +7370,14 @@ CVE-2022-24389
RESERVED
CVE-2022-24388
RESERVED
-CVE-2022-24387
- RESERVED
-CVE-2022-24386
- RESERVED
-CVE-2022-24385
- RESERVED
-CVE-2022-24384
- RESERVED
+CVE-2022-24387 (With administrator or admin privileges the application can be tricked ...)
+ TODO: check
+CVE-2022-24386 (Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterToo ...)
+ TODO: check
+CVE-2022-24385 (A Direct Object Access vulnerability in SmarterTools SmarterTrack lead ...)
+ TODO: check
+CVE-2022-24384 (Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack ...)
+ TODO: check
CVE-2022-21241 (Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a rem ...)
NOT-FOR-US: CSV+
CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in ...)
@@ -7498,8 +7573,8 @@ CVE-2022-0480
NOTE: https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)
CVE-2022-0479
RESERVED
-CVE-2022-0478
- RESERVED
+CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress plugin ...)
+ TODO: check
CVE-2022-0477
RESERVED
CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...)
@@ -7683,8 +7758,8 @@ CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih include
NOT-FOR-US: Dart SDK
CVE-2022-0450
RESERVED
-CVE-2022-0449
- RESERVED
+CVE-2022-0449 (The Flexi WordPress plugin before 4.20 does not sanitise and escape va ...)
+ TODO: check
CVE-2022-0448 (The CP Blocks WordPress plugin before 1.0.15 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0447
@@ -8282,8 +8357,8 @@ CVE-2022-0400 [Out of bounds read in the smc protocol stack]
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044575
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)
-CVE-2022-0399
- RESERVED
+CVE-2022-0399 (The Advanced Product Labels for WooCommerce WordPress plugin before 1. ...)
+ TODO: check
CVE-2022-0398
RESERVED
CVE-2022-0397
@@ -8988,8 +9063,7 @@ CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. Th
NOT-FOR-US: Apache ShenYu Admin
CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...)
NOT-FOR-US: Apache ShenYu Admin
-CVE-2022-23943 [mod_sed: Read/write beyond bounds]
- RESERVED
+CVE-2022-23943 (Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server all ...)
- apache2 2.4.53-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-23943
CVE-2022-23942
@@ -9768,8 +9842,8 @@ CVE-2022-0329
REJECTED
CVE-2022-0328 (The Simple Membership WordPress plugin before 4.0.9 does not have CSRF ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0327
- RESERVED
+CVE-2022-0327 (The Master Addons for Elementor WordPress plugin before 1.8.5 does not ...)
+ TODO: check
CVE-2021-46403
RESERVED
CVE-2021-4208 (The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and ...)
@@ -9881,8 +9955,8 @@ CVE-2022-0322 [DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c]
[bullseye] - linux 5.10.84-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/a2d859e3fc97e79d907761550dbc03ff1b36479c (5.15-rc6)
-CVE-2022-0321
- RESERVED
+CVE-2022-0321 (The WP Voting Contest WordPress plugin through 2.1 does not sanitise a ...)
+ TODO: check
CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before 5.0.5 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2. ...)
@@ -11396,8 +11470,8 @@ CVE-2022-0256 (pimcore is vulnerable to Improper Neutralization of Input During
NOT-FOR-US: pimcore
CVE-2022-0255 (The Database Backup for WordPress plugin before 2.5.1 does not properl ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0254
- RESERVED
+CVE-2022-0254 (The WordPress Zero Spam WordPress plugin before 5.2.11 does not proper ...)
+ TODO: check
CVE-2022-0253 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
NOT-FOR-US: livehelperchat
CVE-2022-0252 (The GiveWP WordPress plugin before 2.17.3 does not escape the json par ...)
@@ -11408,8 +11482,8 @@ CVE-2022-0250
RESERVED
CVE-2022-0249
RESERVED
-CVE-2022-0248
- RESERVED
+CVE-2022-0248 (The Contact Form Submissions WordPress plugin before 1.7.3 does not sa ...)
+ TODO: check
CVE-2022-0247 (An issue exists in Fuchsia where VMO data can be modified through acce ...)
NOT-FOR-US: Fuchsia
CVE-2022-0246
@@ -11654,8 +11728,8 @@ CVE-2022-0232 (The User Registration, Login & Landing Pages WordPress plugin
NOT-FOR-US: WordPress plugin
CVE-2022-0231 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: livehelperchat
-CVE-2022-0230
- RESERVED
+CVE-2022-0230 (The Better WordPress Google XML Sitemaps WordPress plugin through 1.4. ...)
+ TODO: check
CVE-2022-0229
RESERVED
CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...)
@@ -12755,24 +12829,24 @@ CVE-2022-0171
RESERVED
CVE-2022-0170 (peertube is vulnerable to Improper Access Control ...)
- peertube <itp> (bug #950821)
-CVE-2022-0169
- RESERVED
+CVE-2022-0169 (The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not vali ...)
+ TODO: check
CVE-2022-0168
RESERVED
CVE-2022-0167
RESERVED
CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to 5.7. ...)
NOT-FOR-US: McAfee
-CVE-2022-0165
- RESERVED
+CVE-2022-0165 (The Page Builder KingComposer WordPress plugin through 2.9.6 does not ...)
+ TODO: check
CVE-2022-0164 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0163 (The Smart Forms WordPress plugin before 2.6.71 does not have authorisa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 ...)
NOT-FOR-US: TP-Link
-CVE-2022-0161
- RESERVED
+CVE-2022-0161 (The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise ...)
+ TODO: check
CVE-2022-0160
RESERVED
CVE-2021-46269
@@ -13504,10 +13578,10 @@ CVE-2022-22736
RESERVED
- firefox <not-affected> (Only affects Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22736
-CVE-2022-22735
- RESERVED
-CVE-2022-22734
- RESERVED
+CVE-2022-22735 (The Simple Quotation WordPress plugin through 1.3.2 does not have auth ...)
+ TODO: check
+CVE-2022-22734 (The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF ...)
+ TODO: check
CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: Apache ShardingSphere ElasticJob-UI
CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -13524,8 +13598,8 @@ CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was
NOT-FOR-US: WordPress plugin
CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0147
- RESERVED
+CVE-2022-0147 (The Cookie Information | Free GDPR Consent Solution WordPress plugin b ...)
+ TODO: check
CVE-2022-0146
RESERVED
CVE-2022-0145
@@ -13598,16 +13672,13 @@ CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input vulnerabil
NOT-FOR-US: Schneider Electric
CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...)
NOT-FOR-US: Schneider Electric
-CVE-2022-22721 [Possible buffer overflow with very large or unlimited LimitXMLRequestBody]
- RESERVED
+CVE-2022-22721 (If LimitXMLRequestBody is set to allow request bodies larger than 350M ...)
- apache2 2.4.53-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721
-CVE-2022-22720 [HTTP request smuggling vulnerability]
- RESERVED
+CVE-2022-22720 (Apache HTTP Server 2.4.52 and earlier fails to close inbound connectio ...)
- apache2 2.4.53-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720
-CVE-2022-22719 [mod_lua Use of uninitialized value of in r:parsebody]
- RESERVED
+CVE-2022-22719 (A carefully crafted request body can cause a read to a random memory a ...)
- apache2 2.4.53-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22719
CVE-2022-22718 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
@@ -14615,10 +14686,10 @@ CVE-2022-22356
RESERVED
CVE-2022-22355
RESERVED
-CVE-2022-22354
- RESERVED
-CVE-2022-22353
- RESERVED
+CVE-2022-22354 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum C ...)
+ TODO: check
+CVE-2022-22353 (IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 c ...)
+ TODO: check
CVE-2022-22352
RESERVED
CVE-2022-22351 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trust ...)
@@ -14627,16 +14698,16 @@ CVE-2022-22350 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged
NOT-FOR-US: IBM
CVE-2022-22349 (IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0. ...)
NOT-FOR-US: IBM
-CVE-2022-22348
- RESERVED
+CVE-2022-22348 (IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is ...)
+ TODO: check
CVE-2022-22347
RESERVED
-CVE-2022-22346
- RESERVED
+CVE-2022-22346 (IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is ...)
+ TODO: check
CVE-2022-22345
RESERVED
-CVE-2022-22344
- RESERVED
+CVE-2022-22344 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerab ...)
+ TODO: check
CVE-2022-22343
RESERVED
CVE-2022-22342
@@ -19020,8 +19091,8 @@ CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL
NOT-FOR-US: PHPGURUKUL Employee Record Management System
CVE-2021-44965 (Directory traversal vulnerability in /admin/includes/* directory for P ...)
NOT-FOR-US: PHPGURUKUL Employee Record Management System
-CVE-2021-44964
- RESERVED
+CVE-2021-44964 (Use after free in garbage collector and finalizer of lgc.c in Lua inte ...)
+ TODO: check
CVE-2021-44963
RESERVED
CVE-2021-44962 (An out-of-bounds read vulnerability exists in the GCode::extrude() fun ...)
@@ -29999,8 +30070,8 @@ CVE-2021-42173
RESERVED
CVE-2021-42172
RESERVED
-CVE-2021-42171
- RESERVED
+CVE-2021-42171 (Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can ...)
+ TODO: check
CVE-2021-42170
RESERVED
CVE-2021-42169 (The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite ...)
@@ -30579,8 +30650,8 @@ CVE-2021-41954
RESERVED
CVE-2021-41953
RESERVED
-CVE-2021-41952
- RESERVED
+CVE-2021-41952 (Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via ...)
+ TODO: check
CVE-2021-41951 (ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Si ...)
NOT-FOR-US: ResourceSpace
CVE-2021-41950 (A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 ...)
@@ -37804,16 +37875,16 @@ CVE-2021-39057 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerabl
NOT-FOR-US: IBM
CVE-2021-39056 (The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (E ...)
NOT-FOR-US: IBM
-CVE-2021-39055
- RESERVED
+CVE-2021-39055 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerab ...)
+ TODO: check
CVE-2021-39054 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
NOT-FOR-US: IBM
CVE-2021-39053 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
NOT-FOR-US: IBM
CVE-2021-39052 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
NOT-FOR-US: IBM
-CVE-2021-39051
- RESERVED
+CVE-2021-39051 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerab ...)
+ TODO: check
CVE-2021-39050 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a s ...)
NOT-FOR-US: IBM
CVE-2021-39049 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a s ...)
@@ -37972,8 +38043,8 @@ CVE-2021-38973 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receiv
NOT-FOR-US: IBM
CVE-2021-38972 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
NOT-FOR-US: IBM
-CVE-2021-38971
- RESERVED
+CVE-2021-38971 (IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7 ...)
+ TODO: check
CVE-2021-38970
RESERVED
CVE-2021-38969
@@ -49234,8 +49305,8 @@ CVE-2021-34344 (A stack buffer overflow vulnerability has been reported to affec
NOT-FOR-US: QNAP
CVE-2021-34343 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
NOT-FOR-US: QNAP
-CVE-2022-20001
- RESERVED
+CVE-2022-20001 (fish is a command line shell. fish version 3.1.0 through version 3.3.1 ...)
+ TODO: check
CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not perfor ...)
- bluez 5.55-3.1 (bug #989700)
[buster] - bluez <not-affected> (Vulnerable code introduced later)
@@ -73236,8 +73307,8 @@ CVE-2021-25028 (The Event Tickets WordPress plugin before 5.2.2 does not validat
NOT-FOR-US: WordPress plugin
CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25026
- RESERVED
+CVE-2021-25026 (The Patreon WordPress plugin before 1.8.2 does not sanitise and escape ...)
+ TODO: check
CVE-2021-25025 (The EventCalendar WordPress plugin before 1.1.51 does not have proper ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25024 (The EventCalendar WordPress plugin before 1.1.51 does not escape some ...)
@@ -73274,16 +73345,16 @@ CVE-2021-25009 (The CorreosExpress WordPress plugin through 2.6.0 generates log
NOT-FOR-US: WordPress plugin
CVE-2021-25008 (The Code Snippets WordPress plugin before 2.14.3 does not escape the s ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25007
- RESERVED
-CVE-2021-25006
- RESERVED
+CVE-2021-25007 (The MOLIE WordPress plugin through 0.5 does not validate and escape a ...)
+ TODO: check
+CVE-2021-25006 (The MOLIE WordPress plugin through 0.5 does not escape the course_id p ...)
+ TODO: check
CVE-2021-25005 (The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and e ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25003
- RESERVED
+CVE-2021-25003 (The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a ...)
+ TODO: check
CVE-2021-25002
RESERVED
CVE-2021-25001 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
@@ -73296,10 +73367,10 @@ CVE-2021-24998 (The Simple JWT Login WordPress plugin before 3.3.0 can be used t
NOT-FOR-US: WordPress plugin
CVE-2021-24997 (The WP Guppy WordPress plugin before 1.3 does not have any authorisati ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24996
- RESERVED
-CVE-2021-24995
- RESERVED
+CVE-2021-24996 (The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not s ...)
+ TODO: check
+CVE-2021-24995 (The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not prope ...)
+ TODO: check
CVE-2021-24994 (The Migration, Backup, Staging WordPress plugin before 0.9.69 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26 does not h ...)
@@ -73324,8 +73395,8 @@ CVE-2021-24984 (The WPFront User Role Editor WordPress plugin before 3.2.1.11184
NOT-FOR-US: WordPress plugin
CVE-2021-24983 (The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24982
- RESERVED
+CVE-2021-24982 (The Child Theme Generator WordPress plugin through 2.2.7 does not sani ...)
+ TODO: check
CVE-2021-24981 (The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24980 (The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise a ...)
@@ -73356,8 +73427,8 @@ CVE-2021-24968 (The Ultimate FAQ WordPress plugin before 2.1.2 does not have cap
NOT-FOR-US: WordPress plugin
CVE-2021-24967 (The Contact Form & Lead Form Elementor Builder WordPress plugin be ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24966
- RESERVED
+CVE-2021-24966 (The Error Log Viewer WordPress plugin through 1.1.1 does not validate ...)
+ TODO: check
CVE-2021-24965 (The Five Star Restaurant Reservations WordPress plugin before 2.4.8 do ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24964 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly ve ...)
@@ -73370,10 +73441,10 @@ CVE-2021-24961 (The WordPress File Upload WordPress plugin before 4.16.3, wordpr
NOT-FOR-US: WordPress plugin
CVE-2021-24960 (The WordPress File Upload WordPress plugin before 4.16.3, wordpress-fi ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24959
- RESERVED
-CVE-2021-24958
- RESERVED
+CVE-2021-24959 (The WP Email Users WordPress plugin through 1.7.6 does not escape the ...)
+ TODO: check
+CVE-2021-24958 (The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not ...)
+ TODO: check
CVE-2021-24957
RESERVED
CVE-2021-24956 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plug ...)
@@ -73388,8 +73459,8 @@ CVE-2021-24952 (The Conversios.io WordPress plugin before 4.6.2 does not sanitis
NOT-FOR-US: WordPress plugin
CVE-2021-24951 (The LearnPress WordPress plugin before 4.1.4 does not sanitise, valida ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24950
- RESERVED
+CVE-2021-24950 (The Insight Core WordPress plugin through 1.0 does not have any author ...)
+ TODO: check
CVE-2021-24949 (The "WP Search Filters" widget of The Plus Addons for Elementor - Pro ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24948 (The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does ...)
@@ -73408,8 +73479,8 @@ CVE-2021-24942
RESERVED
CVE-2021-24941 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24940
- RESERVED
+CVE-2021-24940 (The Persian Woocommerce WordPress plugin through 5.8.0 does not escape ...)
+ TODO: check
CVE-2021-24939 (The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24938 (The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape ...)
@@ -73494,12 +73565,12 @@ CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not sanitis
NOT-FOR-US: WordPress plugin
CVE-2021-24898 (The EditableTable WordPress plugin through 0.1.4 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24897
- RESERVED
+CVE-2021-24897 (The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or e ...)
+ TODO: check
CVE-2021-24896 (The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24895
- RESERVED
+CVE-2021-24895 (The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and e ...)
+ TODO: check
CVE-2021-24894 (The Reviews Plus WordPress plugin before 1.2.14 does not validate the ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24893 (The Stars Rating WordPress plugin before 3.5.1 does not validate the s ...)
@@ -73904,8 +73975,8 @@ CVE-2021-24694 (The Simple Download Monitor WordPress plugin before 3.9.11 could
NOT-FOR-US: WordPress plugin
CVE-2021-24693 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24692
- RESERVED
+CVE-2021-24692 (The Simple Download Monitor WordPress plugin before 3.9.5 allows users ...)
+ TODO: check
CVE-2021-24691 (The Quiz And Survey Master WordPress plugin before 7.3.2 does not esca ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24690 (The Chained Quiz WordPress plugin before 1.2.7.2 does not properly san ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96ab0c42a86b325ab8c498368e180b3d66543cd5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96ab0c42a86b325ab8c498368e180b3d66543cd5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220314/5ebcca91/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list