Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
97245f39 by security tracker role at 2021-12-13T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,433 @@
+CVE-2022-0010
+ RESERVED
+CVE-2021-45040
+ RESERVED
+CVE-2021-45039
+ RESERVED
+CVE-2021-45038
+ RESERVED
+CVE-2021-45037
+ RESERVED
+CVE-2021-45036
+ RESERVED
+CVE-2021-45035
+ RESERVED
+CVE-2021-45034
+ RESERVED
+CVE-2021-45033
+ RESERVED
+CVE-2021-45032
+ RESERVED
+CVE-2021-45031
+ RESERVED
+CVE-2021-45030
+ RESERVED
+CVE-2021-45029
+ RESERVED
+CVE-2021-45028
+ RESERVED
+CVE-2021-45027
+ RESERVED
+CVE-2021-45026
+ RESERVED
+CVE-2021-45025
+ RESERVED
+CVE-2021-45024
+ RESERVED
+CVE-2021-45023
+ RESERVED
+CVE-2021-45022
+ RESERVED
+CVE-2021-45021
+ RESERVED
+CVE-2021-45020
+ RESERVED
+CVE-2021-45019
+ RESERVED
+CVE-2021-45018
+ RESERVED
+CVE-2021-45017
+ RESERVED
+CVE-2021-45016
+ RESERVED
+CVE-2021-45015
+ RESERVED
+CVE-2021-45014
+ RESERVED
+CVE-2021-45013
+ RESERVED
+CVE-2021-45012
+ RESERVED
+CVE-2021-45011
+ RESERVED
+CVE-2021-45010
+ RESERVED
+CVE-2021-45009
+ RESERVED
+CVE-2021-45008
+ RESERVED
+CVE-2021-45007
+ RESERVED
+CVE-2021-45006
+ RESERVED
+CVE-2021-45005
+ RESERVED
+CVE-2021-45004
+ RESERVED
+CVE-2021-45003
+ RESERVED
+CVE-2021-45002
+ RESERVED
+CVE-2021-45001
+ RESERVED
+CVE-2021-45000
+ RESERVED
+CVE-2021-44999
+ RESERVED
+CVE-2021-44998
+ RESERVED
+CVE-2021-44997
+ RESERVED
+CVE-2021-44996
+ RESERVED
+CVE-2021-44995
+ RESERVED
+CVE-2021-44994
+ RESERVED
+CVE-2021-44993
+ RESERVED
+CVE-2021-44992
+ RESERVED
+CVE-2021-44991
+ RESERVED
+CVE-2021-44990
+ RESERVED
+CVE-2021-44989
+ RESERVED
+CVE-2021-44988
+ RESERVED
+CVE-2021-44987
+ RESERVED
+CVE-2021-44986
+ RESERVED
+CVE-2021-44985
+ RESERVED
+CVE-2021-44984
+ RESERVED
+CVE-2021-44983
+ RESERVED
+CVE-2021-44982
+ RESERVED
+CVE-2021-44981
+ RESERVED
+CVE-2021-44980
+ RESERVED
+CVE-2021-44979
+ RESERVED
+CVE-2021-44978
+ RESERVED
+CVE-2021-44977
+ RESERVED
+CVE-2021-44976
+ RESERVED
+CVE-2021-44975
+ RESERVED
+CVE-2021-44974
+ RESERVED
+CVE-2021-44973
+ RESERVED
+CVE-2021-44972
+ RESERVED
+CVE-2021-44971
+ RESERVED
+CVE-2021-44970
+ RESERVED
+CVE-2021-44969
+ RESERVED
+CVE-2021-44968
+ RESERVED
+CVE-2021-44967
+ RESERVED
+CVE-2021-44966 (SQL injection bypass authentication vulnerability in
PHPGURUKUL Employ ...)
+ TODO: check
+CVE-2021-44965 (Directory traversal vulnerability in /admin/includes/*
directory for P ...)
+ TODO: check
+CVE-2021-44964
+ RESERVED
+CVE-2021-44963
+ RESERVED
+CVE-2021-44962
+ RESERVED
+CVE-2021-44961
+ RESERVED
+CVE-2021-44960
+ RESERVED
+CVE-2021-44959
+ RESERVED
+CVE-2021-44958
+ RESERVED
+CVE-2021-44957
+ RESERVED
+CVE-2021-44956
+ RESERVED
+CVE-2021-44955
+ RESERVED
+CVE-2021-44954
+ RESERVED
+CVE-2021-44953
+ RESERVED
+CVE-2021-44952
+ RESERVED
+CVE-2021-44951
+ RESERVED
+CVE-2021-44950
+ RESERVED
+CVE-2021-44949
+ RESERVED
+CVE-2021-44948
+ RESERVED
+CVE-2021-44947
+ RESERVED
+CVE-2021-44946
+ RESERVED
+CVE-2021-44945
+ RESERVED
+CVE-2021-44944
+ RESERVED
+CVE-2021-44943
+ RESERVED
+CVE-2021-44942
+ RESERVED
+CVE-2021-44941
+ RESERVED
+CVE-2021-44940
+ RESERVED
+CVE-2021-44939
+ RESERVED
+CVE-2021-44938
+ RESERVED
+CVE-2021-44937
+ RESERVED
+CVE-2021-44936
+ RESERVED
+CVE-2021-44935
+ RESERVED
+CVE-2021-44934
+ RESERVED
+CVE-2021-44933
+ RESERVED
+CVE-2021-44932
+ RESERVED
+CVE-2021-44931
+ RESERVED
+CVE-2021-44930
+ RESERVED
+CVE-2021-44929
+ RESERVED
+CVE-2021-44928
+ RESERVED
+CVE-2021-44927
+ RESERVED
+CVE-2021-44926
+ RESERVED
+CVE-2021-44925
+ RESERVED
+CVE-2021-44924
+ RESERVED
+CVE-2021-44923
+ RESERVED
+CVE-2021-44922
+ RESERVED
+CVE-2021-44921
+ RESERVED
+CVE-2021-44920
+ RESERVED
+CVE-2021-44919
+ RESERVED
+CVE-2021-44918
+ RESERVED
+CVE-2021-44917
+ RESERVED
+CVE-2021-44916
+ RESERVED
+CVE-2021-44915
+ RESERVED
+CVE-2021-44914
+ RESERVED
+CVE-2021-44913
+ RESERVED
+CVE-2021-44912
+ RESERVED
+CVE-2021-44911
+ RESERVED
+CVE-2021-44910
+ RESERVED
+CVE-2021-44909
+ RESERVED
+CVE-2021-44908
+ RESERVED
+CVE-2021-44907
+ RESERVED
+CVE-2021-44906
+ RESERVED
+CVE-2021-44905
+ RESERVED
+CVE-2021-44904
+ RESERVED
+CVE-2021-44903
+ RESERVED
+CVE-2021-44902
+ RESERVED
+CVE-2021-44901
+ RESERVED
+CVE-2021-44900
+ RESERVED
+CVE-2021-44899
+ RESERVED
+CVE-2021-44898
+ RESERVED
+CVE-2021-44897
+ RESERVED
+CVE-2021-44896
+ RESERVED
+CVE-2021-44895
+ RESERVED
+CVE-2021-44894
+ RESERVED
+CVE-2021-44893
+ RESERVED
+CVE-2021-44892
+ RESERVED
+CVE-2021-44891
+ RESERVED
+CVE-2021-44890
+ RESERVED
+CVE-2021-44889
+ RESERVED
+CVE-2021-44888
+ RESERVED
+CVE-2021-44887
+ RESERVED
+CVE-2021-44886
+ RESERVED
+CVE-2021-44885
+ RESERVED
+CVE-2021-44884
+ RESERVED
+CVE-2021-44883
+ RESERVED
+CVE-2021-44882
+ RESERVED
+CVE-2021-44881
+ RESERVED
+CVE-2021-44880
+ RESERVED
+CVE-2021-44879
+ RESERVED
+CVE-2021-44878
+ RESERVED
+CVE-2021-44877
+ RESERVED
+CVE-2021-44876
+ RESERVED
+CVE-2021-44875
+ RESERVED
+CVE-2021-44874
+ RESERVED
+CVE-2021-44873
+ RESERVED
+CVE-2021-44872
+ RESERVED
+CVE-2021-44871
+ RESERVED
+CVE-2021-44870
+ RESERVED
+CVE-2021-44869
+ RESERVED
+CVE-2021-44868
+ RESERVED
+CVE-2021-44867
+ RESERVED
+CVE-2021-44866
+ RESERVED
+CVE-2021-44865
+ RESERVED
+CVE-2021-44864
+ RESERVED
+CVE-2021-44863
+ RESERVED
+CVE-2021-44862
+ RESERVED
+CVE-2021-44861
+ RESERVED
+CVE-2021-44860
+ RESERVED
+CVE-2021-44859
+ RESERVED
+CVE-2021-44858
+ RESERVED
+CVE-2021-44857
+ RESERVED
+CVE-2021-44856
+ RESERVED
+CVE-2021-44855
+ RESERVED
+CVE-2021-44854
+ RESERVED
+CVE-2021-44853
+ RESERVED
+CVE-2021-44852
+ RESERVED
+CVE-2021-44851
+ RESERVED
+CVE-2021-44850
+ RESERVED
+CVE-2021-44849
+ RESERVED
+CVE-2021-44848 (In Cibele Thinfinity VirtualUI before 3.0, /changePassword
returns dif ...)
+ TODO: check
+CVE-2021-44847 (A stack-based buffer overflow in handle_request function in
DHT.c in t ...)
+ TODO: check
+CVE-2021-44846
+ RESERVED
+CVE-2021-44845
+ RESERVED
+CVE-2021-44844
+ RESERVED
+CVE-2021-44843
+ RESERVED
+CVE-2021-44842
+ RESERVED
+CVE-2021-44841
+ RESERVED
+CVE-2021-44840
+ RESERVED
+CVE-2021-44839
+ RESERVED
+CVE-2021-44838
+ RESERVED
+CVE-2021-44837
+ RESERVED
+CVE-2021-44836
+ RESERVED
+CVE-2021-44835
+ RESERVED
+CVE-2021-44834
+ RESERVED
+CVE-2021-4107
+ RESERVED
+CVE-2021-4106
+ RESERVED
+CVE-2021-4105
+ RESERVED
+CVE-2018-25022 (The Onion module in toxcore before 0.2.2 doesn't restrict
which packet ...)
+ TODO: check
+CVE-2018-25021 (The TCP Server module in toxcore before 0.2.8 doesn't free the
TCP pri ...)
+ TODO: check
CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions
for the c ...)
NOT-FOR-US: CLI for Amazon AWS OpenSearch
CVE-2021-4104 [Deserialization of untrusted data in JMSAppender]
+ RESERVED
- apache-log4j1.2 <unfixed>
[bullseye] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not
configured to be used by default)
[buster] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not
configured to be used by default)
@@ -845,6 +1272,7 @@ CVE-2021-4051
RESERVED
CVE-2021-44543
RESERVED
+ {DLA-2844-1}
- privoxy 3.0.33-1
[bullseye] - privoxy <no-dsa> (Minor issue)
[buster] - privoxy <no-dsa> (Minor issue)
@@ -868,6 +1296,7 @@ CVE-2021-44541
NOTE:
https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0509c58045b26463844188e07c5e87c74ea21044
(v_3_0_33)
CVE-2021-44540
RESERVED
+ {DLA-2844-1}
- privoxy 3.0.33-1
[bullseye] - privoxy <no-dsa> (Minor issue)
[buster] - privoxy <no-dsa> (Minor issue)
@@ -1955,16 +2384,16 @@ CVE-2021-44157
RESERVED
CVE-2021-44156
RESERVED
-CVE-2021-44155
- RESERVED
-CVE-2021-44154
- RESERVED
-CVE-2021-44153
- RESERVED
-CVE-2021-44152
- RESERVED
-CVE-2021-44151
- RESERVED
+CVE-2021-44155 (An issue was discovered in /goform/login_process in Reprise
RLM 14.2. ...)
+ TODO: check
+CVE-2021-44154 (An issue was discovered in Reprise RLM 14.2. By using an admin
account ...)
+ TODO: check
+CVE-2021-44153 (An issue was discovered in Reprise RLM 14.2. When editing the
license ...)
+ TODO: check
+CVE-2021-44152 (An issue was discovered in Reprise RLM 14.2. Because
/goform/change_pa ...)
+ TODO: check
+CVE-2021-44151 (An issue was discovered in Reprise RLM 14.2. As the session
cookies ar ...)
+ TODO: check
CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to
prevent spoof ...)
NOT-FOR-US: tusdotnet
CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS
through ...)
@@ -2401,8 +2830,8 @@ CVE-2021-43985
RESERVED
CVE-2021-43984
RESERVED
-CVE-2021-43983
- RESERVED
+CVE-2021-43983 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable
to mult ...)
+ TODO: check
CVE-2021-43982 (Delta Electronics CNCSoft Versions 1.01.30 and prior are
vulnerable to ...)
NOT-FOR-US: Delta
CVE-2021-43981
@@ -2960,8 +3389,7 @@ CVE-2021-43820
RESERVED
CVE-2021-43819
RESERVED
-CVE-2021-43818 [HTML Cleaner allows crafted and SVG embedded scripts to pass
through]
- RESERVED
+CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python
language. ...)
- lxml <unfixed>
NOTE:
https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8
NOTE:
https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a
(lxml-4.6.5)
@@ -4927,6 +5355,7 @@ CVE-2021-43391 (An Out-of-Bounds Read vulnerability
exists when reading a DXF fi
CVE-2021-43390 (An Out-of-Bounds Write vulnerability exists when reading a DGN
file us ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15.
There is a ...)
+ {DLA-2843-1}
- linux 5.14.16-1
NOTE: https://www.openwall.com/lists/oss-security/2021/10/19/1
NOTE:
https://git.kernel.org/linus/1f3e2e97c003f80c4b087092b225c8787ff91e4d
@@ -6536,8 +6965,8 @@ CVE-2021-43119
RESERVED
CVE-2021-43118
RESERVED
-CVE-2021-43117
- RESERVED
+CVE-2021-43117 (fastadmin v1.2.1 is affected by a file upload vulnerability
which allo ...)
+ TODO: check
CVE-2021-43116
RESERVED
CVE-2021-43115
@@ -7463,6 +7892,7 @@ CVE-2021-42740 (The shell-quote package before 1.7.3 for
Node.js allows command
- node-shell-quote <unfixed> (bug #998418)
NOTE:
https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe
(1.7.3)
CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has
a buffe ...)
+ {DLA-2843-1}
- linux 5.14.16-1
NOTE: https://seclists.org/oss-sec/2021/q2/46
NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/
@@ -7886,14 +8316,14 @@ CVE-2021-42551
RESERVED
CVE-2021-42550
RESERVED
-CVE-2021-42549
- RESERVED
-CVE-2021-42548
- RESERVED
-CVE-2021-42547
- RESERVED
-CVE-2021-42546
- RESERVED
+CVE-2021-42549 (Insufficient Input Validation in the search functionality of
Wordpress ...)
+ TODO: check
+CVE-2021-42548 (Insufficient Input Validation in the search functionality of
Wordpress ...)
+ TODO: check
+CVE-2021-42547 (Insufficient Input Validation in the search functionality of
Wordpress ...)
+ TODO: check
+CVE-2021-42546 (Insufficient Input Validation in the search functionality of
Wordpress ...)
+ TODO: check
CVE-2021-42545 (An insufficient session expiration vulnerability exists in
Business-DN ...)
NOT-FOR-US: Business-DNA Solutions
CVE-2021-42544 (Missing Rate Limiting in Web Applications operating on
Business-DNA So ...)
@@ -10418,7 +10848,7 @@ CVE-2021-3860
CVE-2021-3859
RESERVED
CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in
the Linux ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -10743,6 +11173,7 @@ CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise
1.1.1 through 1.1.5 allowed
NOTE: https://github.com/hashicorp/nomad/issues/11243
NOTE: https://github.com/hashicorp/nomad/pull/11257
CVE-2021-41864 (prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the
Linux kern ...)
+ {DLA-2843-1}
- linux 5.14.12-1
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a
CVE-2021-41863
@@ -13168,12 +13599,12 @@ CVE-2021-40860 (A SQL Injection in the custom filter
query component in Genesys
NOT-FOR-US: Genesys
CVE-2021-40859 (Backdoors were discovered in Auerswald COMpact 5500R 7.8A and
8.0B dev ...)
NOT-FOR-US: Auerswald
-CVE-2021-40858
- RESERVED
-CVE-2021-40857
- RESERVED
-CVE-2021-40856
- RESERVED
+CVE-2021-40858 (Auerswald COMpact 5500R devices before 8.2B allow Arbitrary
File Discl ...)
+ TODO: check
+CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege
Escalation ...)
+ TODO: check
+CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices
allow Auth ...)
+ TODO: check
CVE-2021-40855
RESERVED
CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local
user to obt ...)
@@ -14191,7 +14622,7 @@ CVE-2021-40491 (The ftp client in GNU Inetutils before
2.2 does not validate add
NOTE:
https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
NOTE:
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd
CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end
in fs/ex ...)
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE:
https://lore.kernel.org/linux-ext4/[email protected]/
@@ -14375,6 +14806,7 @@ CVE-2021-3761 (Any CA issuer in the RPKI can trick
OctoRPKI prior to 1.3.0 into
NOTE:
https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422
CVE-2021-3760
RESERVED
+ {DLA-2843-1}
- linux 5.14.16-1 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2021/10/26/2
NOTE:
https://git.kernel.org/linus/1b1499a817c90fd1ce9453a2c98d2a01cca0e775 (5.15-rc6)
@@ -14454,7 +14886,7 @@ CVE-2021-3754
RESERVED
CVE-2021-3753
RESERVED
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE:
https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7
@@ -15236,10 +15668,10 @@ CVE-2021-40010
RESERVED
CVE-2021-40009
RESERVED
-CVE-2021-40008
- RESERVED
-CVE-2021-40007
- RESERVED
+CVE-2021-40008 (There is a memory leak vulnerability in CloudEngine 12800
V200R019C00S ...)
+ TODO: check
+CVE-2021-40007 (There is an information leak vulnerability in eCNS280_TD
V100R005C10SP ...)
+ TODO: check
CVE-2021-40006
RESERVED
CVE-2021-40005
@@ -15362,50 +15794,37 @@ CVE-2021-39947
RESERVED
CVE-2021-39946
RESERVED
-CVE-2021-39945
- RESERVED
+CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all
versions ...)
- gitlab <unfixed>
-CVE-2021-39944
- RESERVED
+CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2021-39943
RESERVED
CVE-2021-39942
RESERVED
-CVE-2021-39941
- RESERVED
+CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE
versions 12.0 ...)
- gitlab <unfixed>
-CVE-2021-39940
- RESERVED
+CVE-2021-39940 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2021-39939
- RESERVED
-CVE-2021-39938
- RESERVED
+CVE-2021-39939 (An uncontrolled resource consumption vulnerability in GitLab
Runner af ...)
+ TODO: check
+CVE-2021-39938 (A vulnerable regular expression pattern in GitLab CE/EE since
version ...)
- gitlab <unfixed>
-CVE-2021-39937
- RESERVED
+CVE-2021-39937 (A collision in access memoization logic in all versions of
GitLab CE/E ...)
- gitlab <unfixed>
-CVE-2021-39936
- RESERVED
+CVE-2021-39936 (Improper access control in GitLab CE/EE affecting all versions
startin ...)
- gitlab <unfixed>
-CVE-2021-39935
- RESERVED
+CVE-2021-39935 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2021-39934
- RESERVED
+CVE-2021-39934 (Improper access control allows any project member to retrieve
the serv ...)
- gitlab <unfixed>
-CVE-2021-39933
- RESERVED
+CVE-2021-39933 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2021-39932
- RESERVED
+CVE-2021-39932 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2021-39931
- RESERVED
+CVE-2021-39931 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2021-39930
- RESERVED
+CVE-2021-39930 (Missing authorization in GitLab EE versions between 12.4 and
14.3.6, b ...)
- gitlab <unfixed>
CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in
Wireshark 3.4 ...)
{DSA-5019-1}
@@ -15463,20 +15882,15 @@ CVE-2021-39920 (NULL pointer exception in the IPPUSB
dissector in Wireshark 3.4.
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17705
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-15.html
-CVE-2021-39919
- RESERVED
+CVE-2021-39919 (In all versions of GitLab CE/EE starting version 14.0 before
14.3.6, a ...)
- gitlab <unfixed>
-CVE-2021-39918
- RESERVED
+CVE-2021-39918 (Incorrect Authorization in GitLab EE affecting all versions
starting f ...)
- gitlab <unfixed>
-CVE-2021-39917
- RESERVED
+CVE-2021-39917 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2021-39916
- RESERVED
+CVE-2021-39916 (Lack of an access control check in the External Status Check
feature a ...)
- gitlab <unfixed>
-CVE-2021-39915
- RESERVED
+CVE-2021-39915 (Improper access control in the GraphQL API in GitLab CE/EE
affecting a ...)
- gitlab <unfixed>
CVE-2021-39914 (A regular expression denial of service issue in GitLab
versions 8.13 t ...)
- gitlab <unfixed>
@@ -15486,8 +15900,7 @@ CVE-2021-39912 (A potential DoS vulnerability was
discovered in GitLab CE/EE sta
- gitlab <unfixed>
CVE-2021-39911 (An improper access control flaw in GitLab CE/EE since version
13.9 exp ...)
- gitlab <unfixed>
-CVE-2021-39910
- RESERVED
+CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS
feature ...)
- gitlab <not-affected> (Specific to EE)
@@ -16130,7 +16543,7 @@ CVE-2021-3733 [Denial of service when identifying
crafted invalid RFCs]
NOTE:
https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f
(3.6.14)
CVE-2021-3732 [overlayfs: Mounting overlayfs inside an unprivileged user
namespace can reveal files]
RESERVED
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249
@@ -17610,12 +18023,12 @@ CVE-2021-39067
RESERVED
CVE-2021-39066
RESERVED
-CVE-2021-39065
- RESERVED
-CVE-2021-39064
- RESERVED
-CVE-2021-39063
- RESERVED
+CVE-2021-39065 (IBM Spectrum Copy Data Management 2.2.13 and earlier could
allow a rem ...)
+ TODO: check
+CVE-2021-39064 (IBM Spectrum Copy Data Management 2.2.13 and earlier has weak
authenti ...)
+ TODO: check
+CVE-2021-39063 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses
Cross-Origin ...)
+ TODO: check
CVE-2021-39062
RESERVED
CVE-2021-39061
@@ -17624,28 +18037,28 @@ CVE-2021-39060
RESERVED
CVE-2021-39059
RESERVED
-CVE-2021-39058
- RESERVED
-CVE-2021-39057
- RESERVED
+CVE-2021-39058 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses
weaker than ...)
+ TODO: check
+CVE-2021-39057 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is
vulnerable to s ...)
+ TODO: check
CVE-2021-39056
RESERVED
CVE-2021-39055
RESERVED
-CVE-2021-39054
- RESERVED
-CVE-2021-39053
- RESERVED
-CVE-2021-39052
- RESERVED
+CVE-2021-39054 (IBM Spectrum Copy Data Management 2.2.13 and earlier could
allow a rem ...)
+ TODO: check
+CVE-2021-39053 (IBM Spectrum Copy Data Management 2.2.13 and earlier could
allow a rem ...)
+ TODO: check
+CVE-2021-39052 (IBM Spectrum Copy Data Management 2.2.13 and earlier could
allow a rem ...)
+ TODO: check
CVE-2021-39051
RESERVED
-CVE-2021-39050
- RESERVED
-CVE-2021-39049
- RESERVED
-CVE-2021-39048
- RESERVED
+CVE-2021-39050 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is
vulnerable to a s ...)
+ TODO: check
+CVE-2021-39049 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is
vulnerable to a s ...)
+ TODO: check
+CVE-2021-39048 (IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a
stack based ...)
+ TODO: check
CVE-2021-39047
RESERVED
CVE-2021-39046
@@ -17846,8 +18259,8 @@ CVE-2021-38949 (IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and
9.1 LTS stores user creden
NOT-FOR-US: IBM
CVE-2021-38948 (IBM InfoSphere Information Server 11.7 is vulnerable to an XML
Externa ...)
NOT-FOR-US: IBM
-CVE-2021-38947
- RESERVED
+CVE-2021-38947 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses
weaker than ...)
+ TODO: check
CVE-2021-38946
RESERVED
CVE-2021-38945
@@ -17938,8 +18351,8 @@ CVE-2021-38903
RESERVED
CVE-2021-38902
RESERVED
-CVE-2021-38901
- RESERVED
+CVE-2021-38901 (IBM Spectrum Protect Operations Center 7.1, under special
configuratio ...)
+ TODO: check
CVE-2021-38900
RESERVED
CVE-2021-38899 (IBM Cloud Pak for Data 2.5 could allow a local user with
special privi ...)
@@ -19623,13 +20036,13 @@ CVE-2021-38206 (The mac80211 subsystem in the Linux
kernel before 5.12.13, when
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/bddc0c411a45d3718ac535a070f349be8eca8d48
CVE-2021-38205 (drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux
kernel befo ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
NOTE:
https://git.kernel.org/linus/d0d62baa7f505bd4c59cd169692ff07ec49dde37
CVE-2021-38204 (drivers/usb/host/max3421-hcd.c in the Linux kernel before
5.13.6 allow ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1 (unimportant)
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -19650,12 +20063,12 @@ CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in
the Linux kernel before 5.12.
- linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc
CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has
incorrect co ...)
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE:
https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c
CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before
5.12.11 inco ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.10.46-1
[buster] - linux 4.19.208-1
NOTE:
https://git.kernel.org/linus/b1bd5cba3306691c771d558e94baa73e8b0b96b7
@@ -19866,7 +20279,7 @@ CVE-2021-38165 (Lynx through 2.8.9 mishandles the
userinfo subcomponent of a URI
NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9
NOTE:
https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux
kernel be ...)
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE:
https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46
@@ -20420,7 +20833,7 @@ CVE-2021-3681
CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
NOT-FOR-US: showdoc
CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module
functionalit ...)
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE:
https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a
@@ -22222,7 +22635,7 @@ CVE-2021-3657 [multiple buffer overflows in
isync/mbsync]
[stretch] - isync <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/1
CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux
kernel throu ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -22607,7 +23020,7 @@ CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP
Application Insight Web Appl
CVE-2021-36981 (In the server in SerNet verinice before 1.22.2, insecure Java
deserial ...)
NOT-FOR-US: SerNet verinice
CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior
to v5. ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.10.46-3
[buster] - linux 4.19.208-1
CVE-2021-3654 [novnc allows open redirection]
@@ -23095,7 +23508,7 @@ CVE-2021-36776
CVE-2021-36775
RESERVED
CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM
nested virtu ...)
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
@@ -24489,8 +24902,8 @@ CVE-2021-36171
RESERVED
CVE-2021-36170 (An information disclosure vulnerability [CWE-200] in
FortiAnalyzerVM a ...)
NOT-FOR-US: Fortiguard
-CVE-2021-36169
- RESERVED
+CVE-2021-36169 (A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1,
FortiOS 6 ...)
+ TODO: check
CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory
('Path T ...)
NOT-FOR-US: Fortinet
CVE-2021-36167 (An improper authorization vulnerabiltiy [CWE-285] in
FortiClient Windo ...)
@@ -27140,7 +27553,7 @@ CVE-2021-35068
CVE-2021-35067 (Meross MSG100 devices before 3.2.3 allow an attacker to replay
the sam ...)
NOT-FOR-US: Meross MSG100 devices
CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux
kernel's joy ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.10.46-3
[buster] - linux 4.19.208-1
NOTE: Introduced by:
https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/
@@ -34651,8 +35064,8 @@ CVE-2021-32026
RESERVED
CVE-2021-32025
RESERVED
-CVE-2021-32024
- RESERVED
+CVE-2021-32024 (A remote code execution vulnerability in the BMP image codec
of BlackB ...)
+ TODO: check
CVE-2021-32023 (An elevation of privilege vulnerability in the message broker
of Black ...)
NOT-FOR-US: BlackBerry
CVE-2021-32022 (A low privileged delete vulnerability using CEF RPC server of
BlackBer ...)
@@ -52684,12 +53097,12 @@ CVE-2021-24974
RESERVED
CVE-2021-24973
RESERVED
-CVE-2021-24972
- RESERVED
+CVE-2021-24972 (The Pixel Cat WordPress plugin before 2.6.3 does not escape
some of it ...)
+ TODO: check
CVE-2021-24971
RESERVED
-CVE-2021-24970
- RESERVED
+CVE-2021-24970 (The All-in-One Video Gallery WordPress plugin before 2.5.0
does not sa ...)
+ TODO: check
CVE-2021-24969
RESERVED
CVE-2021-24968
@@ -52718,16 +53131,16 @@ CVE-2021-24957
RESERVED
CVE-2021-24956
RESERVED
-CVE-2021-24955
- RESERVED
-CVE-2021-24954
- RESERVED
+CVE-2021-24955 (The User Registration, Login Form, User Profile &
Membership WordP ...)
+ TODO: check
+CVE-2021-24954 (The User Registration, Login Form, User Profile &
Membership WordP ...)
+ TODO: check
CVE-2021-24953
RESERVED
CVE-2021-24952
RESERVED
-CVE-2021-24951
- RESERVED
+CVE-2021-24951 (The LearnPress WordPress plugin before 4.1.4 does not
sanitise, valida ...)
+ TODO: check
CVE-2021-24950
RESERVED
CVE-2021-24949
@@ -52736,10 +53149,10 @@ CVE-2021-24948
RESERVED
CVE-2021-24947
RESERVED
-CVE-2021-24946
- RESERVED
-CVE-2021-24945
- RESERVED
+CVE-2021-24946 (The Modern Events Calendar Lite WordPress plugin before 6.1.5
does not ...)
+ TODO: check
+CVE-2021-24945 (The Like Button Rating ♥ LikeBtn WordPress plugin before
2.6.38 ...)
+ TODO: check
CVE-2021-24944
RESERVED
CVE-2021-24943 (The Registrations for the Events Calendar WordPress plugin
before 2.7. ...)
@@ -52764,8 +53177,8 @@ CVE-2021-24934
RESERVED
CVE-2021-24933
RESERVED
-CVE-2021-24932
- RESERVED
+CVE-2021-24932 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin
before ...)
+ TODO: check
CVE-2021-24931 (The Secure Copy Content Protection and Content Locking
WordPress plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24930 (The WordPress Online Booking and Scheduling Plugin WordPress
plugin be ...)
@@ -52778,14 +53191,14 @@ CVE-2021-24927 (The My Calendar WordPress plugin
before 3.2.18 does not sanitise
NOT-FOR-US: WordPress plugin
CVE-2021-24926
RESERVED
-CVE-2021-24925
- RESERVED
+CVE-2021-24925 (The Modern Events Calendar Lite WordPress plugin before 6.1.5
does not ...)
+ TODO: check
CVE-2021-24924 (The Email Log WordPress plugin before 2.4.8 does not escape
the d para ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24923
RESERVED
-CVE-2021-24922
- RESERVED
+CVE-2021-24922 (The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF
check w ...)
+ TODO: check
CVE-2021-24921
RESERVED
CVE-2021-24920
@@ -52836,8 +53249,8 @@ CVE-2021-24898
RESERVED
CVE-2021-24897
RESERVED
-CVE-2021-24896
- RESERVED
+CVE-2021-24896 (The Caldera Forms WordPress plugin before 1.9.5 does not
sanitise and ...)
+ TODO: check
CVE-2021-24895
RESERVED
CVE-2021-24894 (The Reviews Plus WordPress plugin before 1.2.14 does not
validate the ...)
@@ -52884,10 +53297,10 @@ CVE-2021-24874
RESERVED
CVE-2021-24873 (The Tutor LMS WordPress plugin before 1.9.11 does not sanitise
and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24872
- RESERVED
-CVE-2021-24871
- RESERVED
+CVE-2021-24872 (The Get Custom Field Values WordPress plugin before 4.0 allows
users w ...)
+ TODO: check
+CVE-2021-24871 (The Get Custom Field Values WordPress plugin before 4.0.1 does
not esc ...)
+ TODO: check
CVE-2021-24870
RESERVED
CVE-2021-24869
@@ -52902,24 +53315,24 @@ CVE-2021-24865
RESERVED
CVE-2021-24864
RESERVED
-CVE-2021-24863
- RESERVED
+CVE-2021-24863 (The WP Block and Stop Bad Bots Crawlers and Spiders and Anti
Spam Prot ...)
+ TODO: check
CVE-2021-24862
RESERVED
-CVE-2021-24861
- RESERVED
+CVE-2021-24861 (The Quotes Collection WordPress plugin through 2.5.2 does not
validate ...)
+ TODO: check
CVE-2021-24860 (The BSK PDF Manager WordPress plugin before 3.1.2 does not
validate an ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24859
- RESERVED
+CVE-2021-24859 (The User Meta Shortcodes WordPress plugin through 0.5
registers a shor ...)
+ TODO: check
CVE-2021-24858
RESERVED
-CVE-2021-24857
- RESERVED
+CVE-2021-24857 (The ToTop Link WordPress plugin through 1.7.1 passes base64
encoded us ...)
+ TODO: check
CVE-2021-24856 (The Shared Files WordPress plugin before 1.6.61 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24855
- RESERVED
+CVE-2021-24855 (The Display Post Metadata WordPress plugin before 1.5.0 adds a
shortco ...)
+ TODO: check
CVE-2021-24854 (The QR Redirector WordPress plugin before 1.6.1 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24853 (The QR Redirector WordPress plugin before 1.6 does not have
capability ...)
@@ -52932,14 +53345,14 @@ CVE-2021-24850 (The Insert Pages WordPress plugin
before 3.7.0 adds a shortcode
NOT-FOR-US: WordPress plugin
CVE-2021-24849
RESERVED
-CVE-2021-24848
- RESERVED
+CVE-2021-24848 (The mediamaticAjaxRenameCategory AJAX action of the Mediamatic
WordPre ...)
+ TODO: check
CVE-2021-24847 (The importFromRedirection AJAX action of the SEO Redirection
Plugin &# ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24846
RESERVED
-CVE-2021-24845
- RESERVED
+CVE-2021-24845 (The Improved Include Page WordPress plugin through 1.2 allows
passing ...)
+ TODO: check
CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24843
@@ -52956,8 +53369,8 @@ CVE-2021-24838
RESERVED
CVE-2021-24837
RESERVED
-CVE-2021-24836
- RESERVED
+CVE-2021-24836 (The Temporary Login Without Password WordPress plugin before
1.7.1 doe ...)
+ TODO: check
CVE-2021-24835 (The WCFM – Frontend Manager for WooCommerce along with
Bookings ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24834 (The YOP Poll WordPress plugin before 6.3.1 is affected by a
stored Cro ...)
@@ -52990,12 +53403,12 @@ CVE-2021-24821
RESERVED
CVE-2021-24820
RESERVED
-CVE-2021-24819
- RESERVED
-CVE-2021-24818
- RESERVED
-CVE-2021-24817
- RESERVED
+CVE-2021-24819 (The Page/Post Content Shortcode WordPress plugin through 1.0
does not ...)
+ TODO: check
+CVE-2021-24818 (The WP Limits WordPress plugin through 1.0 does not have CSRF
check wh ...)
+ TODO: check
+CVE-2021-24817 (The Ultimate NoFollow WordPress plugin through 1.4.8 does not
sanitise ...)
+ TODO: check
CVE-2021-24816 (The Phoenix Media Rename WordPress plugin before 3.4.4 does
not have c ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24815 (The Accept Donations with PayPal WordPress plugin before 1.3.2
does no ...)
@@ -53038,18 +53451,18 @@ CVE-2021-24797
RESERVED
CVE-2021-24796 (The My Tickets WordPress plugin before 1.8.31 does not
properly saniti ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24795
- RESERVED
+CVE-2021-24795 (The Filter Portfolio Gallery WordPress plugin through 1.5 is
lacking C ...)
+ TODO: check
CVE-2021-24794 (The Connections Business Directory WordPress plugin before
10.4.3 does ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24793 (The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24792
- RESERVED
+CVE-2021-24792 (The Shiny Buttons WordPress plugin through 1.1.0 does not have
any aut ...)
+ TODO: check
CVE-2021-24791 (The Header Footer Code Manager WordPress plugin before 1.1.14
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24790
- RESERVED
+CVE-2021-24790 (The Contact Form Advanced Database WordPress plugin through
1.0.8 does ...)
+ TODO: check
CVE-2021-24789 (The Flat Preloader WordPress plugin before 1.5.5 does not
escape some ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24788 (The Batch Cat WordPress plugin through 0.3 defines 3 custom
AJAX actio ...)
@@ -53060,16 +53473,16 @@ CVE-2021-24786
RESERVED
CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24784
- RESERVED
+CVE-2021-24784 (The WP Admin Logo Changer WordPress plugin through 1.0 does
not have C ...)
+ TODO: check
CVE-2021-24783 (The Post Expirator WordPress plugin before 2.6.0 does not have
proper ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24782
- RESERVED
+CVE-2021-24782 (The Flex Local Fonts WordPress plugin through 1.0.0 does not
escape th ...)
+ TODO: check
CVE-2021-24781 (The Image Source Control WordPress plugin before 2.3.1 allows
users wi ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24780
- RESERVED
+CVE-2021-24780 (The Single Post Exporter WordPress plugin through 1.1.1 does
not have ...)
+ TODO: check
CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its
update_setting ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24778
@@ -53086,8 +53499,8 @@ CVE-2021-24773 (The WordPress Download Manager
WordPress plugin before 3.2.16 do
NOT-FOR-US: WordPress plugin
CVE-2021-24772 (The Stream WordPress plugin before 3.8.2 does not sanitise and
validat ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24771
- RESERVED
+CVE-2021-24771 (The Inspirational Quote Rotator WordPress plugin through 1.0.0
does no ...)
+ TODO: check
CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not
perform ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1
does not v ...)
@@ -53116,8 +53529,8 @@ CVE-2021-24758 (The Email Log WordPress plugin before
2.4.7 does not properly va
NOT-FOR-US: WordPress plugin
CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not
perform ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24756
- RESERVED
+CVE-2021-24756 (The WP System Log WordPress plugin before 1.0.21 does not
sanitise, va ...)
+ TODO: check
CVE-2021-24755 (The myCred WordPress plugin before 2.3 does not validate or
escape the ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does
not valida ...)
@@ -53134,8 +53547,8 @@ CVE-2021-24749 (The URL Shortify WordPress plugin
before 1.5.1 does not have CSR
NOT-FOR-US: WordPress plugin
CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not
properl ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24747
- RESERVED
+CVE-2021-24747 (The SEO Booster WordPress plugin through 3.7 allows for
authenticated ...)
+ TODO: check
CVE-2021-24746
RESERVED
CVE-2021-24745 (The About Author Box WordPress plugin before 1.0.2 does not
sanitise a ...)
@@ -53218,8 +53631,8 @@ CVE-2021-24707
RESERVED
CVE-2021-24706 (The Qwizcards – online quizzes and flashcards WordPress
plugin b ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24705
- RESERVED
+CVE-2021-24705 (The NEX-Forms WordPress plugin through 7.9.4 does not escape
some of i ...)
+ TODO: check
CVE-2021-24704
RESERVED
CVE-2021-24703 (The Download Plugin WordPress plugin before 1.6.1 does not
have capabi ...)
@@ -58205,7 +58618,7 @@ CVE-2021-22545 (An attacker can craft a specific IdaPro
*.i64 file that will cau
CVE-2021-22544
RESERVED
CVE-2021-22543 (An issue was discovered in Linux: KVM through Improper
handling of VM_ ...)
- {DLA-2785-1}
+ {DLA-2843-1 DLA-2785-1}
- linux 5.10.46-2
[buster] - linux 4.19.208-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/3
@@ -58737,8 +59150,8 @@ CVE-2021-22281
RESERVED
CVE-2021-22280
RESERVED
-CVE-2021-22279
- RESERVED
+CVE-2021-22279 (A Missing Authentication vulnerability in RobotWare for the
OmniCore r ...)
+ TODO: check
CVE-2021-22278 (A certificate validation vulnerability in PCM600 Update
Manager allows ...)
NOT-FOR-US: PCM600 Update Manager
CVE-2021-22277
@@ -63868,12 +64281,12 @@ CVE-2021-20869
RESERVED
CVE-2021-20868
RESERVED
-CVE-2021-20867
- RESERVED
-CVE-2021-20866
- RESERVED
-CVE-2021-20865
- RESERVED
+CVE-2021-20867 (Advanced Custom Fields versions prior to 5.11 and Advanced
Custom Fiel ...)
+ TODO: check
+CVE-2021-20866 (Advanced Custom Fields versions prior to 5.11 and Advanced
Custom Fiel ...)
+ TODO: check
+CVE-2021-20865 (Advanced Custom Fields versions prior to 5.11 and Advanced
Custom Fiel ...)
+ TODO: check
CVE-2021-20864 (Improper access control vulnerability in ELECOM routers
(WRC-1167GST2 ...)
NOT-FOR-US: ELECOM
CVE-2021-20863 (OS command injection vulnerability in ELECOM routers
(WRC-1167GST2 fir ...)
@@ -64975,11 +65388,13 @@ CVE-2021-20323
RESERVED
CVE-2021-20322 [new DNS Cache Poisoning Attack based on ICMP fragment needed
packets replies]
RESERVED
+ {DLA-2843-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230
CVE-2021-20321
RESERVED
+ {DLA-2843-1}
- linux 5.14.12-1
NOTE:
https://git.kernel.org/linus/a295aef603e109a47af355477326bd41151765b6 (5.15-rc5)
CVE-2021-20320
@@ -64996,6 +65411,7 @@ CVE-2021-20318
RESERVED
NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
CVE-2021-20317 (A flaw was found in the Linux kernel. A corrupted timer tree
caused th ...)
+ {DLA-2843-1}
- linux 5.4.6-1
NOTE:
https://git.kernel.org/linus/511885d7061eda3eb1faf3f57dcc936ff75863f1 (5.4-rc1)
CVE-2021-20316
@@ -73800,6 +74216,7 @@ CVE-2021-0921
NOT-FOR-US: Android
CVE-2021-0920
RESERVED
+ {DLA-2843-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -102906,24 +103323,21 @@ CVE-2020-16158 (GoPro gpmf-parser through 1.5 has a
stack out-of-bounds write vu
NOT-FOR-US: GoPro
CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before
2.1.7 vi ...)
NOT-FOR-US: Nagios Log Server
-CVE-2020-16156 [Signature Verification Bypass]
- RESERVED
+CVE-2020-16156 (CPAN 2.28 allows Signature Verification Bypass. ...)
- perl <unfixed>
[bullseye] - perl <no-dsa> (Minor issue)
[buster] - perl <no-dsa> (Minor issue)
[stretch] - perl <no-dsa> (Minor issue)
NOTE:
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
NOTE:
http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
-CVE-2020-16155 [does not uniquely define signed data]
- RESERVED
+CVE-2020-16155 (The CPAN::Checksums package 2.12 for Perl does not uniquely
define sig ...)
- libcpan-checksums-perl <unfixed>
[bullseye] - libcpan-checksums-perl <no-dsa> (Minor issue)
[buster] - libcpan-checksums-perl <no-dsa> (Minor issue)
[stretch] - libcpan-checksums-perl <no-dsa> (Minor issue)
NOTE:
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
NOTE:
http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
-CVE-2020-16154 [Signature Verification Bypass]
- RESERVED
+CVE-2020-16154 (The App::cpanminus package 1.7044 for Perl allows Signature
Verificati ...)
- cpanminus <unfixed>
[bullseye] - cpanminus <no-dsa> (Minor issue)
[buster] - cpanminus <no-dsa> (Minor issue)
@@ -103029,7 +103443,7 @@ CVE-2020-16120 (Overlayfs did not properly perform
permission checking when copy
[stretch] - linux <not-affected> (Vulnerable configuration combination
not possible)
NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6
CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable
by a loca ...)
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/7
@@ -135198,8 +135612,8 @@ CVE-2020-4498 (IBM MQ Appliance 9.1 LTS and 9.1 CD
could allow a local privilege
NOT-FOR-US: IBM
CVE-2020-4497
RESERVED
-CVE-2020-4496
- RESERVED
+CVE-2020-4496 (The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server
connect ...)
+ TODO: check
CVE-2020-4495 (IBM Jazz Foundation and IBM Engineering products could allow a
remote ...)
NOT-FOR-US: IBM
CVE-2020-4494 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and
Windows ...)
@@ -137744,7 +138158,7 @@ CVE-2020-3704 (u'While processing invalid connection
request PDU which is nonsta
CVE-2020-3703 (u'Buffer over-read issue in Bluetooth peripheral firmware due
to lack ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal
errors ...)
- {DSA-4978-1 DLA-2785-1}
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE:
https://lore.kernel.org/linux-wireless/CABvG-CVvPF++0vuGzCrBj8+s=bcx1gwwfiw1_somu_gvnct...@mail.gmail.com/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97245f3913054622955a6d50b4f6380f4172c2c0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97245f3913054622955a6d50b4f6380f4172c2c0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
