[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 2 21:10:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0c455d8d by security tracker role at 2022-05-02T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2022-30125
+ RESERVED
+CVE-2022-30124
+ RESERVED
+CVE-2022-30123
+ RESERVED
+CVE-2022-30122
+ RESERVED
+CVE-2022-30121
+ RESERVED
+CVE-2022-30120
+ RESERVED
+CVE-2022-30119
+ RESERVED
+CVE-2022-30118
+ RESERVED
+CVE-2022-30117
+ RESERVED
+CVE-2022-30116
+ RESERVED
+CVE-2022-30115
+ RESERVED
+CVE-2022-1551
+ RESERVED
+CVE-2022-1550
+ RESERVED
+CVE-2022-1549
+ RESERVED
+CVE-2022-1548
+ RESERVED
+CVE-2022-1547
+ RESERVED
+CVE-2022-1546
+ RESERVED
CVE-2022-30114
RESERVED
CVE-2022-30113
@@ -564,8 +598,7 @@ CVE-2022-1516
- linux 5.17.3-1 (unimportant)
NOTE: Fixed by: https://git.kernel.org/linus/7781607938c8371d4c2b243527430241c62e39c2 (5.18-rc1)
NOTE: CONFIG_X25 is not set in Debian
-CVE-2022-1515
- RESERVED
+CVE-2022-1515 (A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarRea ...)
- libmatio 1.5.22-1
NOTE: https://github.com/tbeu/matio/issues/186
NOTE: Fixed by: https://github.com/tbeu/matio/commit/b53b62b756920f4c1509f4ee06427f66c3b5c9c4 (v1.5.22)
@@ -877,8 +910,7 @@ CVE-2022-1477
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1476
RESERVED
-CVE-2022-1475
- RESERVED
+CVE-2022-1475 (An integer overflow vulnerability was found in FFmpeg 5.0.1 and in pre ...)
{DSA-5124-1}
- ffmpeg 7:4.4.2-1
[buster] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -1861,8 +1893,8 @@ CVE-2022-29446
RESERVED
CVE-2022-29445
RESERVED
-CVE-2022-29444
- RESERVED
+CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerabi ...)
+ TODO: check
CVE-2022-29443
RESERVED
CVE-2022-29442
@@ -2249,32 +2281,32 @@ CVE-2022-1379
RESERVED
CVE-2022-29266 (In APache APISIX before 3.13.1, the jwt-auth plugin has a security iss ...)
NOT-FOR-US: Apache APISIX
-CVE-2022-1378
- RESERVED
-CVE-2022-1377
- RESERVED
-CVE-2022-1376
- RESERVED
-CVE-2022-1375
- RESERVED
-CVE-2022-1374
- RESERVED
+CVE-2022-1378 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-1377 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-1376 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-1375 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-1374 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
CVE-2022-1373
RESERVED
-CVE-2022-1372
- RESERVED
-CVE-2022-1371
- RESERVED
-CVE-2022-1370
- RESERVED
-CVE-2022-1369
- RESERVED
+CVE-2022-1372 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-1371 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-1370 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-1369 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
CVE-2022-1368
RESERVED
-CVE-2022-1367
- RESERVED
-CVE-2022-1366
- RESERVED
+CVE-2022-1367 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-1366 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
CVE-2022-1365 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
NOT-FOR-US: lquixada/cross-fetch
CVE-2022-29265 (Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML ...)
@@ -2982,8 +3014,8 @@ CVE-2022-1302 (In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an un
NOT-FOR-US: MZ Automation LibIEC61850
CVE-2022-1301
RESERVED
-CVE-2022-1300
- RESERVED
+CVE-2022-1300 (Multiple Version of TRUMPF TruTops products expose a service function ...)
+ TODO: check
CVE-2022-1299
RESERVED
CVE-2022-1298
@@ -3788,10 +3820,10 @@ CVE-2022-1283 (NULL Pointer Dereference in r_bin_ne_get_entrypoints function in
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013
NOTE: https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67
-CVE-2022-1282
- RESERVED
-CVE-2022-1281
- RESERVED
+CVE-2022-1282 (The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not prop ...)
+ TODO: check
+CVE-2022-1281 (The Photo Gallery WordPress plugin through 1.6.3 does not properly esc ...)
+ TODO: check
CVE-2022-1280 (A use-after-free vulnerability was found in drm_lease_held in drivers/ ...)
- linux 5.15.3-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/12/3
@@ -3809,14 +3841,14 @@ CVE-2022-1275
RESERVED
CVE-2022-1274
RESERVED
-CVE-2022-1273
- RESERVED
+CVE-2022-1273 (The Import WP WordPress plugin before 2.4.6 does not validate the impo ...)
+ TODO: check
CVE-2022-1272
RESERVED
CVE-2022-1270
RESERVED
-CVE-2022-1269
- RESERVED
+CVE-2022-1269 (The Fast Flow WordPress plugin before 1.2.11 does not sanitise and esc ...)
+ TODO: check
CVE-2022-1268
RESERVED
CVE-2022-1267
@@ -3841,8 +3873,8 @@ CVE-2022-1257 (Insecure storage of sensitive information vulnerability in MA for
NOT-FOR-US: McAfee
CVE-2022-1256 (A local privilege escalation vulnerability in MA for Windows prior to ...)
NOT-FOR-US: McAfee
-CVE-2022-1255
- RESERVED
+CVE-2022-1255 (The Import and export users and customers WordPress plugin before 1.19 ...)
+ TODO: check
CVE-2022-1254 (A URL redirection vulnerability in Skyhigh SWG in main releases 10.x p ...)
NOT-FOR-US: Skyhigh SWG
CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository strukturag/libde265 pr ...)
@@ -3854,8 +3886,8 @@ CVE-2022-1252 (Exposure of Private Personal Information to an Unauthorized Actor
NOT-FOR-US: gnuboard5
CVE-2022-1251
RESERVED
-CVE-2022-1250
- RESERVED
+CVE-2022-1250 (The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise a ...)
+ TODO: check
CVE-2022-1248 (A vulnerability was found in SAP Information System 1.0 which has been ...)
NOT-FOR-US: SAP
CVE-2022-1247
@@ -3918,8 +3950,8 @@ CVE-2022-1240 (Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub r
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc
NOTE: https://github.com/radareorg/radare2/commit/ca8d8b39f3e34a4fd943270330b80f1148129de4
-CVE-2022-1239
- RESERVED
+CVE-2022-1239 (The HubSpot WordPress plugin before 8.8.15 does not validate the proxy ...)
+ TODO: check
CVE-2022-1238 (Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub reposi ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/47422cdf-aad2-4405-a6a1-6f63a3a93200
@@ -4036,8 +4068,8 @@ CVE-2022-28615
RESERVED
CVE-2022-28614
RESERVED
-CVE-2022-28613
- RESERVED
+CVE-2022-28613 (A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU5 ...)
+ TODO: check
CVE-2022-28610
RESERVED
CVE-2022-26838
@@ -4160,12 +4192,12 @@ CVE-2022-28575
RESERVED
CVE-2022-28574
RESERVED
-CVE-2022-28573
- RESERVED
-CVE-2022-28572
- RESERVED
-CVE-2022-28571
- RESERVED
+CVE-2022-28573 (D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injectio ...)
+ TODO: check
+CVE-2022-28572 (Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vu ...)
+ TODO: check
+CVE-2022-28571 (D-link 882 DIR882A1_FW130B06 was discovered to contain a command injec ...)
+ TODO: check
CVE-2022-28570
RESERVED
CVE-2022-28569
@@ -5756,12 +5788,12 @@ CVE-2022-28058 (Verydows v2.0 was discovered to contain an arbitrary file deleti
NOT-FOR-US: Verydows
CVE-2022-28057
RESERVED
-CVE-2022-28056
- RESERVED
+CVE-2022-28056 (ShopXO v2.2.5 and below was discovered to contain a system re-install ...)
+ TODO: check
CVE-2022-28055
RESERVED
-CVE-2022-28054
- RESERVED
+CVE-2022-28054 (Improper sanitization of trigger action scripts in VanDyke Software VS ...)
+ TODO: check
CVE-2022-28053 (Typemill v1.5.3 was discovered to contain an arbitrary file upload vul ...)
NOT-FOR-US: Typemill
CVE-2022-28052 (Directory Traversal vulnerability in file cn/roothub/store/FileSystemS ...)
@@ -5915,10 +5947,10 @@ CVE-2022-27985 (CuppaCMS v1.0 was discovered to contain a SQL injection vulnerab
NOT-FOR-US: CuppaCMS
CVE-2022-27984 (CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability ...)
NOT-FOR-US: CuppaCMS
-CVE-2022-27983
- RESERVED
-CVE-2022-27982
- RESERVED
+CVE-2022-27983 (RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an ...)
+ TODO: check
+CVE-2022-27982 (RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a ...)
+ TODO: check
CVE-2022-27981
RESERVED
CVE-2022-27980
@@ -6843,8 +6875,8 @@ CVE-2022-1048 (A use-after-free flaw was found in the Linux kernel’s sound
NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/4
CVE-2022-1047
RESERVED
-CVE-2022-1046
- RESERVED
+CVE-2022-1046 (The Visual Form Builder WordPress plugin before 3.0.7 does not sanitis ...)
+ TODO: check
CVE-2022-1045 (Stored XSS viva .svg file upload in GitHub repository polonel/trudesk ...)
NOT-FOR-US: Trudesk
CVE-2022-1044
@@ -7200,8 +7232,8 @@ CVE-2022-27468 (Monstaftp v2.10.3 was discovered to contain an arbitrary file up
NOT-FOR-US: Monstaftp
CVE-2022-27467
RESERVED
-CVE-2022-27466
- RESERVED
+CVE-2022-27466 (MCMS v5.2.27 was discovered to contain a SQL injection vulnerability i ...)
+ TODO: check
CVE-2022-27465
RESERVED
CVE-2022-27464
@@ -8274,8 +8306,8 @@ CVE-2022-0954 (Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Sho
NOT-FOR-US: microweber
CVE-2022-0953 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0952
- RESERVED
+CVE-2022-0952 (The Sitemap by click5 WordPress plugin before 1.0.36 does not have aut ...)
+ TODO: check
CVE-2022-0951 (File Upload Restriction Bypass leading to Stored XSS Vulnerability in ...)
NOT-FOR-US: ShowDoc
CVE-2022-0950 (Unrestricted Upload of File with Dangerous Type in GitHub repository s ...)
@@ -9016,6 +9048,7 @@ CVE-2021-46708 (The swagger-ui-dist package before 4.1.3 for Node.js could allow
- node-swagger-ui <itp> (bug #871461)
- swagger-ui <itp> (bug #895422)
CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow exception a ...)
+ {DLA-2990-1}
- jackson-databind 2.13.2.2-1 (bug #1007109)
[bullseye] - jackson-databind <no-dsa> (Minor issue)
[buster] - jackson-databind <no-dsa> (Minor issue)
@@ -10496,10 +10529,10 @@ CVE-2022-26328
RESERVED
CVE-2022-26327
RESERVED
-CVE-2022-26326
- RESERVED
-CVE-2022-26325
- RESERVED
+CVE-2022-26326 (Potential open redirection vulnerability when URL is crafted in specif ...)
+ TODO: check
+CVE-2022-26325 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Man ...)
+ TODO: check
CVE-2022-26324
RESERVED
CVE-2022-26323
@@ -11005,8 +11038,8 @@ CVE-2022-0785 (The Daily Prayer Time WordPress plugin before 2022.03.01 does not
NOT-FOR-US: WordPress plugin
CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does not sani ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0783
- RESERVED
+CVE-2022-0783 (The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 ...)
+ TODO: check
CVE-2022-0782 (The Donations WordPress plugin through 1.8 does not sanitise and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0781
@@ -11029,12 +11062,12 @@ CVE-2022-0775
RESERVED
CVE-2022-0774
RESERVED
-CVE-2022-0773
- RESERVED
+CVE-2022-0773 (The Documentor WordPress plugin through 1.5.3 fails to sanitize and es ...)
+ TODO: check
CVE-2022-0772 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...)
NOT-FOR-US: LibreNMS
-CVE-2022-0771
- RESERVED
+CVE-2022-0771 (The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, ...)
+ TODO: check
CVE-2022-0770 (The Translate WordPress with GTranslate WordPress plugin before 2.9.9 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0769 (The Users Ultra WordPress plugin through 3.1.0 fails to properly sanit ...)
@@ -13185,8 +13218,8 @@ CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netm
NOT-FOR-US: Go github.com/gravitl/netmaker
CVE-2022-0663
RESERVED
-CVE-2022-0662
- RESERVED
+CVE-2022-0662 (The AdRotate WordPress plugin before 5.8.23 does not sanitise and esca ...)
+ TODO: check
CVE-2022-0661 (The Ad Injection WordPress plugin through 1.2.0.19 does not properly s ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...)
@@ -13307,8 +13340,8 @@ CVE-2022-0651 (The WP Statistics WordPress plugin is vulnerable to SQL Injection
NOT-FOR-US: WordPress plugin
CVE-2022-0650
RESERVED
-CVE-2022-0649
- RESERVED
+CVE-2022-0649 (The AdRotate WordPress plugin before 5.8.23 does not escape Group Name ...)
+ TODO: check
CVE-2021-46699 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
NOT-FOR-US: Siemens
CVE-2022-25257
@@ -16512,8 +16545,8 @@ CVE-2022-0430 (Exposure of Sensitive Information to an Unauthorized Actor in Git
NOTE: Fixed by: https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b (3.1.0)
CVE-2022-0429 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0428
- RESERVED
+CVE-2022-0428 (The Content Egg WordPress plugin before 5.3.0 does not sanitise and es ...)
+ TODO: check
CVE-2022-0427 (Missing sanitization of HTML attributes in Jupyter notebooks in all ve ...)
TODO: check
CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 do ...)
@@ -16825,8 +16858,8 @@ CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa
NOTE: https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6 (5.6.0)
-CVE-2022-0418
- RESERVED
+CVE-2022-0418 (The Event List WordPress plugin before 0.8.8 does not sanitise and esc ...)
+ TODO: check
CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. ...)
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
@@ -17842,8 +17875,8 @@ CVE-2022-23906 (CMS Made Simple v2.2.15 was discovered to contain a Remote Comma
NOT-FOR-US: CMS Made Simple
CVE-2022-23905
RESERVED
-CVE-2022-23904
- RESERVED
+CVE-2022-23904 (Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request ...)
+ TODO: check
CVE-2022-23903 (A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-ad ...)
NOT-FOR-US: pear-admin-think
CVE-2022-23902 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...)
@@ -20850,8 +20883,8 @@ CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s
NOT-FOR-US: WordPress plugin
CVE-2022-0192 (A DLL search path vulnerability was reported in Lenovo PCManager prior ...)
NOT-FOR-US: Lenovo
-CVE-2022-0191
- RESERVED
+CVE-2022-0191 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 do ...)
+ TODO: check
CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0189 (The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise a ...)
@@ -20974,10 +21007,10 @@ CVE-2022-23067
RESERVED
CVE-2022-23066
RESERVED
-CVE-2022-23065
- RESERVED
-CVE-2022-23064
- RESERVED
+CVE-2022-23065 (In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS ...)
+ TODO: check
+CVE-2022-23064 (In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Head ...)
+ TODO: check
CVE-2022-23063
RESERVED
CVE-2022-23062
@@ -39998,8 +40031,8 @@ CVE-2021-41812
RESERVED
CVE-2021-41811
RESERVED
-CVE-2021-41810
- RESERVED
+CVE-2021-41810 (Admin tool allows storing configuration data with script which may the ...)
+ TODO: check
CVE-2021-41809 (SSRF vulnerability in M-Files Server products with versions before 22. ...)
NOT-FOR-US: M-Files Server
CVE-2021-41808 (In M-Files Server product with versions before 21.11.10775.0, enabling ...)
@@ -43778,8 +43811,7 @@ CVE-2021-40321
RESERVED
CVE-2021-40320
RESERVED
-CVE-2021-3750 [hcd-ehci: DMA reentrancy issue leads to use-after-free]
- RESERVED
+CVE-2021-3750 (A DMA reentrancy issue was found in the USB EHCI controller emulation ...)
- qemu <unfixed>
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
@@ -52806,8 +52838,7 @@ CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal vul
NOT-FOR-US: Synerion TimeNet
CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in the S ...)
NOT-FOR-US: Node is-email
-CVE-2021-3643 [buffer overflow read vulnerability]
- RESERVED
+CVE-2021-3643 (A flaw was found in sox 14.4.1. The lsx_adpcm_init function within lib ...)
- sox <unfixed> (bug #1010374)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980626
NOTE: Triggered by same reproducer as for CVE-2021-23210
@@ -63001,7 +63032,7 @@ CVE-2021-32502
CVE-2021-32501
REJECTED
CVE-2021-32500
- RESERVED
+ REJECTED
CVE-2021-32499 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...)
NOT-FOR-US: SICK SOPAS ET
CVE-2021-32498 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...)
@@ -70257,8 +70288,8 @@ CVE-2021-29861 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged loca
NOT-FOR-US: IBM
CVE-2021-29860 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
NOT-FOR-US: IBM
-CVE-2021-29859
- RESERVED
+CVE-2021-29859 (IBM ICP4A - User Management System Component (IBM Cloud Pak for Busine ...)
+ TODO: check
CVE-2021-29858
RESERVED
CVE-2021-29857
@@ -82294,8 +82325,8 @@ CVE-2021-25104
RESERVED
CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before 2.9.7 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25102
- RESERVED
+CVE-2021-25102 (The All In One WP Security & Firewall WordPress plugin before 4.4. ...)
+ TODO: check
CVE-2021-25101 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25100 (The GiveWP WordPress plugin before 2.17.3 does not escape the s parame ...)
@@ -82326,8 +82357,8 @@ CVE-2021-25088
RESERVED
CVE-2021-25087 (The Download Manager WordPress plugin before 3.2.35 does not have any ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25086
- RESERVED
+CVE-2021-25086 (The Advanced Page Visit Counter WordPress plugin through 5.0.8 does no ...)
+ TODO: check
CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced C ...)
@@ -82494,8 +82525,8 @@ CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP fil
NOT-FOR-US: WordPress plugin
CVE-2021-25003 (The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25002
- RESERVED
+CVE-2021-25002 (The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any au ...)
+ TODO: check
CVE-2021-25001 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25000 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c455d8d63fc34013f2148a6bb682d09882c592c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c455d8d63fc34013f2148a6bb682d09882c592c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220502/249ac110/attachment.htm>
More information about the debian-security-tracker-commits
mailing list