[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 11 09:10:27 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
75777c21 by security tracker role at 2022-10-11T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,115 @@
+CVE-2022-42783
+ RESERVED
+CVE-2022-42782
+ RESERVED
+CVE-2022-42781
+ RESERVED
+CVE-2022-42780
+ RESERVED
+CVE-2022-42779
+ RESERVED
+CVE-2022-42778
+ RESERVED
+CVE-2022-42777
+ RESERVED
+CVE-2022-42776
+ RESERVED
+CVE-2022-42775
+ RESERVED
+CVE-2022-42774
+ RESERVED
+CVE-2022-42773
+ RESERVED
+CVE-2022-42772
+ RESERVED
+CVE-2022-42771
+ RESERVED
+CVE-2022-42770
+ RESERVED
+CVE-2022-42769
+ RESERVED
+CVE-2022-42768
+ RESERVED
+CVE-2022-42767
+ RESERVED
+CVE-2022-42766
+ RESERVED
+CVE-2022-42765
+ RESERVED
+CVE-2022-42764
+ RESERVED
+CVE-2022-42763
+ RESERVED
+CVE-2022-42762
+ RESERVED
+CVE-2022-42761
+ RESERVED
+CVE-2022-42760
+ RESERVED
+CVE-2022-42759
+ RESERVED
+CVE-2022-42758
+ RESERVED
+CVE-2022-42757
+ RESERVED
+CVE-2022-42756
+ RESERVED
+CVE-2022-42755
+ RESERVED
+CVE-2022-42754
+ RESERVED
+CVE-2022-42753
+ RESERVED
+CVE-2022-42752
+ RESERVED
+CVE-2022-42751
+ RESERVED
+CVE-2022-42750
+ RESERVED
+CVE-2022-42749
+ RESERVED
+CVE-2022-42748
+ RESERVED
+CVE-2022-42747
+ RESERVED
+CVE-2022-42746
+ RESERVED
+CVE-2022-42745
+ RESERVED
+CVE-2022-42744
+ RESERVED
+CVE-2022-42743
+ RESERVED
+CVE-2022-42742
+ RESERVED
+CVE-2022-42741
+ RESERVED
+CVE-2022-42740
+ RESERVED
+CVE-2022-42739
+ RESERVED
+CVE-2022-42738
+ RESERVED
+CVE-2022-42737
+ RESERVED
+CVE-2022-42736
+ RESERVED
+CVE-2022-41797
+ RESERVED
+CVE-2022-3451
+ RESERVED
+CVE-2022-3450
+ RESERVED
+CVE-2022-3449
+ RESERVED
+CVE-2022-3448
+ RESERVED
+CVE-2022-3447
+ RESERVED
+CVE-2022-3446
+ RESERVED
+CVE-2022-3445
+ RESERVED
CVE-2022-42735
RESERVED
CVE-2022-42734
@@ -506,8 +618,7 @@ CVE-2022-42499
RESERVED
CVE-2022-42498
RESERVED
-CVE-2022-3433
- RESERVED
+CVE-2022-3433 (The aeson library is not safe to use to consume untrusted JSON input. ...)
- haskell-aeson 2.0.3.0-1 (bug #1009678)
[bullseye] - haskell-aeson <no-dsa> (Minor issue)
[buster] - haskell-aeson <no-dsa> (Minor issue)
@@ -2192,18 +2303,18 @@ CVE-2022-41751
RESERVED
CVE-2022-41750
RESERVED
-CVE-2022-41749
- RESERVED
-CVE-2022-41748
- RESERVED
-CVE-2022-41747
- RESERVED
-CVE-2022-41746
- RESERVED
-CVE-2022-41745
- RESERVED
-CVE-2022-41744
- RESERVED
+CVE-2022-41749 (An origin validation error vulnerability in Trend Micro Apex One agent ...)
+ TODO: check
+CVE-2022-41748 (A registry permissions vulnerability in the Trend Micro Apex One Data ...)
+ TODO: check
+CVE-2022-41747 (An improper certification validation vulnerability in Trend Micro Apex ...)
+ TODO: check
+CVE-2022-41746 (A forced browsing vulnerability in Trend Micro Apex One could allow an ...)
+ TODO: check
+CVE-2022-41745 (An Out-of-Bounds access vulnerability in Trend Micro Apex One could al ...)
+ TODO: check
+CVE-2022-41744 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...)
+ TODO: check
CVE-2022-41700
RESERVED
CVE-2022-41646
@@ -4682,8 +4793,8 @@ CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.
NOTE: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
CVE-2022-3221 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-3220
- RESERVED
+CVE-2022-3220 (The Advanced Comment Form WordPress plugin before 1.2.1 does not sanit ...)
+ TODO: check
CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...)
NOT-FOR-US: Bento4
CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer over-rea ...)
@@ -4959,12 +5070,12 @@ CVE-2022-37332
RESERVED
CVE-2022-32774
RESERVED
-CVE-2022-3209
- RESERVED
-CVE-2022-3208
- RESERVED
-CVE-2022-3207
- RESERVED
+CVE-2022-3209 (The soledad WordPress theme before 8.2.5 does not sanitise the {id,dat ...)
+ TODO: check
+CVE-2022-3208 (The Simple File List WordPress plugin before 4.4.12 does not implement ...)
+ TODO: check
+CVE-2022-3207 (The Simple File List WordPress plugin before 4.4.12 does not sanitise ...)
+ TODO: check
CVE-2022-3206
RESERVED
CVE-2022-3205 (An XSS exists in automation controller UI where the project name is su ...)
@@ -5843,8 +5954,8 @@ CVE-2022-40259
RESERVED
CVE-2022-40258
RESERVED
-CVE-2022-40257
- RESERVED
+CVE-2022-40257 (An HTML injection vulnerability exists in CERT/CC VINCE software prior ...)
+ TODO: check
CVE-2022-40256
RESERVED
CVE-2022-40255
@@ -5861,8 +5972,8 @@ CVE-2022-40250 (An attacker can exploit this vulnerability to elevate privileges
NOT-FOR-US: AMI
CVE-2022-40249
RESERVED
-CVE-2022-40248
- RESERVED
+CVE-2022-40248 (An HTML injection vulnerability exists in CERT/CC VINCE software prior ...)
+ TODO: check
CVE-2022-40247
RESERVED
CVE-2022-40246 (A potential attacker can write one byte by arbitrary address at the ti ...)
@@ -6121,8 +6232,8 @@ CVE-2022-3155
RESERVED
- thunderbird <not-affected> (Only affects MacOS)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-3155
-CVE-2022-3154
- RESERVED
+CVE-2022-3154 (The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for ...)
+ TODO: check
CVE-2022-3153 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.040 ...)
- vim 2:9.0.0626-1 (unimportant)
NOTE: https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a
@@ -6150,8 +6261,8 @@ CVE-2022-40140 (An origin validation error vulnerability in Trend Micro Apex One
NOT-FOR-US: Trend Micro
CVE-2022-40139 (Improper validation of some components used by the rollback mechanism ...)
NOT-FOR-US: Trend Micro
-CVE-2022-40138
- RESERVED
+CVE-2022-40138 (An integer conversion error in Hermes bytecode generation, prior to co ...)
+ TODO: check
CVE-2022-40133 (A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf ...)
- linux <unfixed>
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2075
@@ -6202,10 +6313,10 @@ CVE-2022-3139
RESERVED
CVE-2022-3138 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-3137
- RESERVED
-CVE-2022-3136
- RESERVED
+CVE-2022-3137 (The Taskbuilder WordPress plugin before 1.0.8 does not validate and sa ...)
+ TODO: check
+CVE-2022-3136 (The Social Rocket WordPress plugin before 1.3.3 does not sanitise and ...)
+ TODO: check
CVE-2022-40126 (A misconfiguration in the Service Mode profile directory of Clash for ...)
NOT-FOR-US: Clash for Windows
CVE-2022-40125
@@ -8014,8 +8125,8 @@ CVE-2022-39289 (ZoneMinder is a free, open source Closed-circuit television soft
NOTE: https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488
NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security
-CVE-2022-39288
- RESERVED
+CVE-2022-39288 (fastify is a fast and low overhead web framework, for Node.js. Affecte ...)
+ TODO: check
CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF) protection mi ...)
NOT-FOR-US: tiny-csrf Nodejs module
CVE-2022-39286
@@ -9641,8 +9752,8 @@ CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0260. ..
- vim 2:9.0.0626-1 (bug #1019590)
NOTE: https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be
NOTE: https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420 (v9.0.0260)
-CVE-2022-2981
- RESERVED
+CVE-2022-2981 (The Download Monitor WordPress plugin before 4.5.98 does not ensure th ...)
+ TODO: check
CVE-2022-2980 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.025 ...)
- vim 2:9.0.0626-1 (unimportant)
NOTE: https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea
@@ -9954,14 +10065,14 @@ CVE-2022-2931
CVE-2022-2930 (Unverified Password Change in GitHub repository octoprint/octoprint pr ...)
- octoprint <itp> (bug #718591)
CVE-2022-2929 (In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 ...)
- {DSA-5251-1}
+ {DSA-5251-1 DLA-3146-1}
- isc-dhcp 4.4.3-2.1 (bug #1021320)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1
NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/
NOTE: https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/
NOTE: https://kb.isc.org/docs/cve-2022-2929
CVE-2022-2928 (In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P ...)
- {DSA-5251-1}
+ {DSA-5251-1 DLA-3146-1}
- isc-dhcp 4.4.3-2.1 (bug #1021320)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1
NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/
@@ -10653,8 +10764,8 @@ CVE-2022-38398 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apa
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903462
CVE-2022-38397
RESERVED
-CVE-2022-2891
- RESERVED
+CVE-2022-2891 (The WP 2FA WordPress plugin before 2.3.0 uses comparison operators tha ...)
+ TODO: check
CVE-2022-2890 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
NOT-FOR-US: yetiforcecrm
CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225. ...)
@@ -11074,8 +11185,8 @@ CVE-2022-2825
RESERVED
CVE-2022-2824 (Improper Access Control in GitHub repository openemr/openemr prior to ...)
NOT-FOR-US: OpenEMR
-CVE-2022-2823
- RESERVED
+CVE-2022-2823 (The Slider, Gallery, and Carousel by MetaSlider WordPress plugin befor ...)
+ TODO: check
CVE-2022-2822 (An attacker can freely brute force username and password and can takeo ...)
- octoprint <itp> (bug #718591)
CVE-2022-2821 (Missing Critical Step in Authentication in GitHub repository namelessm ...)
@@ -12772,8 +12883,8 @@ CVE-2022-37618
RESERVED
CVE-2022-37617
RESERVED
-CVE-2022-37616
- RESERVED
+CVE-2022-37616 (A prototype pollution vulnerability exists in the function copy in dom ...)
+ TODO: check
CVE-2022-37615
RESERVED
CVE-2022-37614
@@ -13547,8 +13658,8 @@ CVE-2022-2630
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
-CVE-2022-2629
- RESERVED
+CVE-2022-2629 (The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape ...)
+ TODO: check
CVE-2022-2628 (The DSGVO All in one for WP WordPress plugin before 4.2 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2627
@@ -14719,8 +14830,8 @@ CVE-2022-2556 (The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has a
NOT-FOR-US: WordPress plugin
CVE-2022-2555 (The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2554
- RESERVED
+CVE-2022-2554 (The Enable Media Replace WordPress plugin before 4.0.0 does not ensure ...)
+ TODO: check
CVE-2022-2553 (The authfile directive in the booth config file is ignored, preventing ...)
{DSA-5194-1}
- booth 1.0-268-gdce51f9-1
@@ -16717,8 +16828,8 @@ CVE-2022-2450
RESERVED
CVE-2022-2449
RESERVED
-CVE-2022-2448
- RESERVED
+CVE-2022-2448 (The reSmush.it WordPress plugin before 0.4.6 does not sanitise and esc ...)
+ TODO: check
CVE-2022-2447 (A flaw was found in Keystone. There is a time lag (up to one hour in a ...)
- python-keystonemiddleware 10.1.0-4 (bug #1021272)
[bullseye] - python-keystonemiddleware <no-dsa> (Minor issue)
@@ -16896,8 +17007,8 @@ CVE-2022-36065 (GrowthBook is an open-source platform for feature flagging and A
NOT-FOR-US: GrowthBook
CVE-2022-36064 (Shescape is a shell escape package for JavaScript. An Inefficient Regu ...)
NOT-FOR-US: Shescape
-CVE-2022-36063
- RESERVED
+CVE-2022-36063 (Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded st ...)
+ TODO: check
CVE-2022-36062 (Grafana is an open-source platform for monitoring and observability. I ...)
- grafana <removed>
CVE-2022-36061 (Elrond go is the go implementation for the Elrond Network protocol. In ...)
@@ -18604,8 +18715,8 @@ CVE-2022-2352 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does
NOT-FOR-US: WordPress plugin
CVE-2022-2351 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2350
- RESERVED
+CVE-2022-2350 (The Disable User Login WordPress plugin through 1.0.1 does not have au ...)
+ TODO: check
CVE-2022-2349
RESERVED
CVE-2022-2348
@@ -18866,8 +18977,8 @@ CVE-2022-35291 (Due to misconfigured application endpoints, SAP SuccessFactors a
NOT-FOR-US: SAP
CVE-2022-35290 (Under certain conditions SAP Authenticator for Android allows an attac ...)
NOT-FOR-US: SAP
-CVE-2022-35289
- RESERVED
+CVE-2022-35289 (A write-what-where condition in hermes caused by an integer overflow, ...)
+ TODO: check
CVE-2022-35288 (IBM Security Verify Information Queue 10.0.2 could allow a user to obt ...)
NOT-FOR-US: IBM
CVE-2022-35287 (IBM Security Verify Information Queue 10.0.2 contains hard-coded crede ...)
@@ -21386,8 +21497,8 @@ CVE-2022-34427
RESERVED
CVE-2022-34426
RESERVED
-CVE-2022-34425
- RESERVED
+CVE-2022-34425 (Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vu ...)
+ TODO: check
CVE-2022-34424 (Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a v ...)
NOT-FOR-US: Dell
CVE-2022-34423
@@ -21432,8 +21543,8 @@ CVE-2022-34404
RESERVED
CVE-2022-34403
RESERVED
-CVE-2022-34402
- RESERVED
+CVE-2022-34402 (Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service ...)
+ TODO: check
CVE-2022-34401
RESERVED
CVE-2022-34400
@@ -21590,8 +21701,8 @@ CVE-2022-34336 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulne
NOT-FOR-US: IBM
CVE-2022-34335
RESERVED
-CVE-2022-34334
- RESERVED
+CVE-2022-34334 (IBM Sterling Partner Engagement Manager 2.0 does not invalidate sessio ...)
+ TODO: check
CVE-2022-34333
RESERVED
CVE-2022-34332
@@ -26939,8 +27050,8 @@ CVE-2022-1987 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior
NOTE: https://github.com/bfabiszewski/libmobi/commit/612562bc1ea38f1708b044e7a079c47a05b1291d (v0.11)
CVE-2022-1986 (OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. ...)
NOT-FOR-US: Go Git Service
-CVE-2022-32234
- RESERVED
+CVE-2022-32234 (An out of bounds write in hermes, while handling large arrays, prior t ...)
+ TODO: check
CVE-2022-30943 (Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon ...)
NOT-FOR-US: Cybozu
CVE-2022-30602 (Operation restriction bypass in multiple applications of Cybozu Garoon ...)
@@ -69197,8 +69308,8 @@ CVE-2022-20946
RESERVED
CVE-2022-20945 (A vulnerability in the 802.11 association frame validation of Cisco Ca ...)
NOT-FOR-US: Cisco
-CVE-2022-20944
- RESERVED
+CVE-2022-20944 (A vulnerability in the software image verification functionality of Ci ...)
+ TODO: check
CVE-2022-20943
RESERVED
CVE-2022-20942
@@ -69245,8 +69356,8 @@ CVE-2022-20922
RESERVED
CVE-2022-20921 (A vulnerability in the API implementation of Cisco ACI Multi-Site Orch ...)
NOT-FOR-US: Cisco
-CVE-2022-20920
- RESERVED
+CVE-2022-20920 (A vulnerability in the SSH implementation of Cisco IOS Software and Ci ...)
+ TODO: check
CVE-2022-20919 (A vulnerability in the processing of malformed Common Industrial Proto ...)
NOT-FOR-US: Cisco
CVE-2022-20918
@@ -69255,8 +69366,8 @@ CVE-2022-20917
RESERVED
CVE-2022-20916 (A vulnerability in the web-based management interface of Cisco IoT Con ...)
NOT-FOR-US: Cisco
-CVE-2022-20915
- RESERVED
+CVE-2022-20915 (A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) wit ...)
+ TODO: check
CVE-2022-20914 (A vulnerability in the External RESTful Services (ERS) API of Cisco Id ...)
NOT-FOR-US: Cisco
CVE-2022-20913 (A vulnerability in Cisco Nexus Dashboard could allow an authenticated, ...)
@@ -69345,8 +69456,8 @@ CVE-2022-20872
RESERVED
CVE-2022-20871
RESERVED
-CVE-2022-20870
- RESERVED
+CVE-2022-20870 (A vulnerability in the egress MPLS packet processing function of Cisco ...)
+ TODO: check
CVE-2022-20869 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
NOT-FOR-US: Cisco
CVE-2022-20868
@@ -69357,8 +69468,8 @@ CVE-2022-20866 (A vulnerability in the handling of RSA keys on devices running C
NOT-FOR-US: Cisco
CVE-2022-20865 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
NOT-FOR-US: Cisco
-CVE-2022-20864
- RESERVED
+CVE-2022-20864 (A vulnerability in the password-recovery disable feature of Cisco IOS ...)
+ TODO: check
CVE-2022-20863 (A vulnerability in the messaging interface of Cisco Webex App, formerl ...)
NOT-FOR-US: Cisco
CVE-2022-20862 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -69411,8 +69522,8 @@ CVE-2022-20839
RESERVED
CVE-2022-20838
RESERVED
-CVE-2022-20837
- RESERVED
+CVE-2022-20837 (A vulnerability in the DNS application layer gateway (ALG) functionali ...)
+ TODO: check
CVE-2022-20836
RESERVED
CVE-2022-20835
@@ -69425,8 +69536,8 @@ CVE-2022-20832
RESERVED
CVE-2022-20831
RESERVED
-CVE-2022-20830
- RESERVED
+CVE-2022-20830 (A vulnerability in authentication mechanism of Cisco Software-Defined ...)
+ TODO: check
CVE-2022-20829 (A vulnerability in the packaging of Cisco Adaptive Security Device Man ...)
NOT-FOR-US: Cisco
CVE-2022-20828 (A vulnerability in the CLI parser of Cisco FirePOWER Software for Adap ...)
@@ -78705,6 +78816,7 @@ CVE-2021-3752 (A use-after-free flaw was found in the Linux kernel’s Bluet
[bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4
CVE-2021-40330 (git_connect_git in connect.c in Git before 2.30.1 allows a repository ...)
+ {DLA-3145-1}
- git 1:2.30.1-1
[bullseye] - git <no-dsa> (Minor issue)
[stretch] - git <no-dsa> (Minor issue)
@@ -91406,8 +91518,8 @@ CVE-2021-35228 (This vulnerability occurred due to missing input sanitization fo
NOT-FOR-US: Solarwinds
CVE-2021-35227 (The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and ...)
NOT-FOR-US: Solarwinds
-CVE-2021-35226
- RESERVED
+CVE-2021-35226 (An entity in Network Configuration Manager product is misconfigured an ...)
+ TODO: check
CVE-2021-35225 (Each authenticated Orion Platform user in a MSP (Managed Service Provi ...)
NOT-FOR-US: Solarwinds
CVE-2021-35224
@@ -117616,8 +117728,8 @@ CVE-2021-25046 (The Modern Events Calendar Lite WordPress plugin before 6.2.0 al
NOT-FOR-US: WordPress plugin
CVE-2021-25045 (The Asgaros Forum WordPress plugin before 1.15.15 does not validate or ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25044
- RESERVED
+CVE-2021-25044 (The Cryptocurrency Pricing list and Ticker WordPress plugin through 1. ...)
+ TODO: check
CVE-2021-25043 (The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25042 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...)
@@ -127722,6 +127834,7 @@ CVE-2021-21302 (PrestaShop is a fully scalable open source e-commerce solution.
CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS (iPhone ...)
NOT-FOR-US: Wire
CVE-2021-21300 (Git is an open-source distributed revision control system. In affected ...)
+ {DLA-3145-1}
- git 1:2.30.2-1 (bug #985120)
[stretch] - git <no-dsa> (Minor issue)
NOTE: https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75777c210d5b135313fcd52c29670a774463a05e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75777c210d5b135313fcd52c29670a774463a05e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221011/3eb18abc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list