diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2021-11-29 20:10:21 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2021-11-29 20:10:21 +0000 |
| commit | a12538c06f9c964172afda1e918a550239ba2275 (patch) | |
| tree | ba5e707c616cb380385799975a2cfdf029648895 | |
| parent | 6c4eb3ba769671f1ba7326e19921d323e81c0dbc (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2017.list | 4 | ||||
| -rw-r--r-- | data/CVE/2019.list | 12 | ||||
| -rw-r--r-- | data/CVE/2020.list | 5 | ||||
| -rw-r--r-- | data/CVE/2021.list | 399 |
4 files changed, 334 insertions, 86 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index bafc5c83b0..e504f9e00b 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,5 +1,5 @@ -CVE-2017-20008 - RESERVED +CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...) + TODO: check CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...) NOT-FOR-US: Ingeteam INGEPAC DA AU CVE-2017-20006 (UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack:: ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index fdd007e843..1e7525985e 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -4209,7 +4209,7 @@ CVE-2019-19480 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x thro NOTE: fixes are not related "directly" to the CVE assignment for the incorrect NOTE: free operation in sc_pkcs15_decode_prkdf_entry. CVE-2019-19479 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0. ...) - {DLA-2046-1} + {DLA-2832-1 DLA-2046-1} - opensc 0.20.0-1 (bug #947383) [buster] - opensc <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 @@ -12909,12 +12909,12 @@ CVE-2019-15948 (Texas Instruments CC256x and WL18xx dual-mode Bluetooth controll CVE-2019-15947 (In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted ...) - bitcoin 0.20.1~dfsg-1 (bug #939608) CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet ...) - {DLA-1916-1} + {DLA-2832-1 DLA-1916-1} - opensc 0.20.0-1 (bug #939669) [buster] - opensc <no-dsa> (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740 CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitst ...) - {DLA-1916-1} + {DLA-2832-1 DLA-1916-1} - opensc 0.20.0-1 (bug #939668) [buster] - opensc <no-dsa> (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68 @@ -33277,14 +33277,12 @@ CVE-2019-8924 (XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or NOT-FOR-US: XAMPP CVE-2019-8923 (XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf ...) NOT-FOR-US: XAMPP -CVE-2019-8922 - RESERVED +CVE-2019-8922 (A heap-based buffer overflow was discovered in bluetoothd in BlueZ thr ...) {DLA-2827-1} - bluez 5.54-1 NOTE: https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6c7243fb6ab90b7b855cead98c66394fedea135f (5.51) -CVE-2019-8921 - RESERVED +CVE-2019-8921 (An issue was discovered in bluetoothd in BlueZ through 5.48. The vulne ...) {DLA-2827-1} - bluez 5.54-1 NOTE: https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/ diff --git a/data/CVE/2020.list b/data/CVE/2020.list index ecbee0db7d..3aa383a4a2 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -3486,12 +3486,14 @@ CVE-2020-35076 CVE-2020-35061 RESERVED CVE-2020-35037 + RESERVED NOT-FOR-US: WordPress plugin events-manager CVE-2020-35030 RESERVED CVE-2020-35017 RESERVED CVE-2020-35012 + RESERVED NOT-FOR-US: WordPress plugin events-manager CVE-2020-35001 RESERVED @@ -10910,16 +10912,19 @@ CVE-2020-26574 (** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2. CVE-2020-26573 RESERVED CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a ...) + {DLA-2832-1} - opensc 0.21.0-1 (bug #972035) [buster] - opensc <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 NOTE: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 (0.21.0-rc1) CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...) + {DLA-2832-1} - opensc 0.21.0-1 (bug #972036) [buster] - opensc <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612 NOTE: https://github.com/OpenSC/OpenSC/commit/ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43 (0.21.0-rc1) CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 ha ...) + {DLA-2832-1} - opensc 0.21.0-1 (bug #972037) [buster] - opensc <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 0181620a72..e5b470d209 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,249 @@ +CVE-2021-44353 + RESERVED +CVE-2021-44352 + RESERVED +CVE-2021-44351 + RESERVED +CVE-2021-44350 + RESERVED +CVE-2021-44349 + RESERVED +CVE-2021-44348 + RESERVED +CVE-2021-44347 + RESERVED +CVE-2021-44346 + RESERVED +CVE-2021-44345 + RESERVED +CVE-2021-44344 + RESERVED +CVE-2021-44343 + RESERVED +CVE-2021-44342 + RESERVED +CVE-2021-44341 + RESERVED +CVE-2021-44340 + RESERVED +CVE-2021-44339 + RESERVED +CVE-2021-44338 + RESERVED +CVE-2021-44337 + RESERVED +CVE-2021-44336 + RESERVED +CVE-2021-44335 + RESERVED +CVE-2021-44334 + RESERVED +CVE-2021-44333 + RESERVED +CVE-2021-44332 + RESERVED +CVE-2021-44331 + RESERVED +CVE-2021-44330 + RESERVED +CVE-2021-44329 + RESERVED +CVE-2021-44328 + RESERVED +CVE-2021-44327 + RESERVED +CVE-2021-44326 + RESERVED +CVE-2021-44325 + RESERVED +CVE-2021-44324 + RESERVED +CVE-2021-44323 + RESERVED +CVE-2021-44322 + RESERVED +CVE-2021-44321 + RESERVED +CVE-2021-44320 + RESERVED +CVE-2021-44319 + RESERVED +CVE-2021-44318 + RESERVED +CVE-2021-44317 + RESERVED +CVE-2021-44316 + RESERVED +CVE-2021-44315 + RESERVED +CVE-2021-44314 + RESERVED +CVE-2021-44313 + RESERVED +CVE-2021-44312 + RESERVED +CVE-2021-44311 + RESERVED +CVE-2021-44310 + RESERVED +CVE-2021-44309 + RESERVED +CVE-2021-44308 + RESERVED +CVE-2021-44307 + RESERVED +CVE-2021-44306 + RESERVED +CVE-2021-44305 + RESERVED +CVE-2021-44304 + RESERVED +CVE-2021-44303 + RESERVED +CVE-2021-44302 + RESERVED +CVE-2021-44301 + RESERVED +CVE-2021-44300 + RESERVED +CVE-2021-44299 + RESERVED +CVE-2021-44298 + RESERVED +CVE-2021-44297 + RESERVED +CVE-2021-44296 + RESERVED +CVE-2021-44295 + RESERVED +CVE-2021-44294 + RESERVED +CVE-2021-44293 + RESERVED +CVE-2021-44292 + RESERVED +CVE-2021-44291 + RESERVED +CVE-2021-44290 + RESERVED +CVE-2021-44289 + RESERVED +CVE-2021-44288 + RESERVED +CVE-2021-44287 + RESERVED +CVE-2021-44286 + RESERVED +CVE-2021-44285 + RESERVED +CVE-2021-44284 + RESERVED +CVE-2021-44283 + RESERVED +CVE-2021-44282 + RESERVED +CVE-2021-44281 + RESERVED +CVE-2021-44280 + RESERVED +CVE-2021-44279 + RESERVED +CVE-2021-44278 + RESERVED +CVE-2021-44277 + RESERVED +CVE-2021-44276 + RESERVED +CVE-2021-44275 + RESERVED +CVE-2021-44274 + RESERVED +CVE-2021-44273 + RESERVED +CVE-2021-44272 + RESERVED +CVE-2021-44271 + RESERVED +CVE-2021-44270 + RESERVED +CVE-2021-44269 + RESERVED +CVE-2021-44268 + RESERVED +CVE-2021-44267 + RESERVED +CVE-2021-44266 + RESERVED +CVE-2021-44265 + RESERVED +CVE-2021-44264 + RESERVED +CVE-2021-44263 + RESERVED +CVE-2021-44262 + RESERVED +CVE-2021-44261 + RESERVED +CVE-2021-44260 + RESERVED +CVE-2021-44259 + RESERVED +CVE-2021-44258 + RESERVED +CVE-2021-44257 + RESERVED +CVE-2021-44256 + RESERVED +CVE-2021-44255 + RESERVED +CVE-2021-44254 + RESERVED +CVE-2021-44253 + RESERVED +CVE-2021-44252 + RESERVED +CVE-2021-44251 + RESERVED +CVE-2021-44250 + RESERVED +CVE-2021-44249 + RESERVED +CVE-2021-44248 + RESERVED +CVE-2021-44247 + RESERVED +CVE-2021-44246 + RESERVED +CVE-2021-44245 + RESERVED +CVE-2021-44244 + RESERVED +CVE-2021-44243 + RESERVED +CVE-2021-44242 + RESERVED +CVE-2021-44241 + RESERVED +CVE-2021-44240 + RESERVED +CVE-2021-44239 + RESERVED +CVE-2021-44238 + RESERVED +CVE-2021-44237 + RESERVED +CVE-2021-44236 + RESERVED +CVE-2021-4032 + RESERVED +CVE-2021-4031 + RESERVED +CVE-2021-4030 + RESERVED +CVE-2021-4029 + RESERVED +CVE-2021-4028 + RESERVED CVE-2021-4027 RESERVED CVE-2021-4026 @@ -102,18 +348,18 @@ CVE-2021-44205 RESERVED CVE-2021-44204 RESERVED -CVE-2021-44203 - RESERVED -CVE-2021-44202 - RESERVED -CVE-2021-44201 - RESERVED -CVE-2021-44200 - RESERVED -CVE-2021-44199 - RESERVED -CVE-2021-44198 - RESERVED +CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...) + TODO: check +CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...) + TODO: check +CVE-2021-44201 (Cross-site scripting (XSS) was possible in notification pop-ups. The f ...) + TODO: check +CVE-2021-44200 (Self cross-site scripting (XSS) was possible on devices page. The foll ...) + TODO: check +CVE-2021-44199 (DLL hijacking could lead to denial of service. The following products ...) + TODO: check +CVE-2021-44198 (DLL hijacking could lead to local privilege escalation. The following ...) + TODO: check CVE-2021-44197 RESERVED CVE-2021-44196 @@ -412,7 +658,7 @@ CVE-2021-3992 RESERVED CVE-2021-44078 RESERVED -CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306 is vulnerable to unaut ...) +CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-3991 RESERVED @@ -1274,22 +1520,22 @@ CVE-2021-43700 RESERVED CVE-2021-43699 RESERVED -CVE-2021-43698 - RESERVED -CVE-2021-43697 - RESERVED -CVE-2021-43696 - RESERVED -CVE-2021-43695 - RESERVED +CVE-2021-43698 (An unspecified version of phpWhois is affected by a Cross Site Scripti ...) + TODO: check +CVE-2021-43697 (An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cr ...) + TODO: check +CVE-2021-43696 (An unspecified version of twmap is affected by a Cross Site Scripting ...) + TODO: check +CVE-2021-43695 (An unspecified version of issabelPBX is affected by a Cross Site Scrip ...) + TODO: check CVE-2021-43694 RESERVED -CVE-2021-43693 - RESERVED -CVE-2021-43692 - RESERVED -CVE-2021-43691 - RESERVED +CVE-2021-43693 (vesta 0.9.8-24 is affected by a file inclusion vulnerability in file w ...) + TODO: check +CVE-2021-43692 (An unspecified version of youtube-php-mirroring is affected by a Cross ...) + TODO: check +CVE-2021-43691 (An unspecified version of tripexpress is affected by a path manipulati ...) + TODO: check CVE-2021-43690 RESERVED CVE-2021-43689 @@ -4358,10 +4604,10 @@ CVE-2021-42367 RESERVED CVE-2021-42366 RESERVED -CVE-2021-42365 - RESERVED -CVE-2021-42364 - RESERVED +CVE-2021-42365 (The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2021-42364 (The Stetic WordPress plugin is vulnerable to Cross-Site Request Forger ...) + TODO: check CVE-2021-42363 (The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2021-42362 (The WordPress Popular Posts WordPress plugin is vulnerable to arbitrar ...) @@ -4372,8 +4618,8 @@ CVE-2021-42360 (On sites that also had the Elementor plugin for WordPress instal NOT-FOR-US: Elementor plugin for WordPress CVE-2021-42359 (WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-di ...) NOT-FOR-US: WP DSGVO Tools (GDPR) -CVE-2021-42358 - RESERVED +CVE-2021-42358 (The Contact Form With Captcha WordPress plugin is vulnerable to Cross- ...) + TODO: check CVE-2021-42357 RESERVED CVE-2021-42356 @@ -7399,8 +7645,7 @@ CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64) CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity ...) NOT-FOR-US: nth-check -CVE-2021-3802 - RESERVED +CVE-2021-3802 (A vulnerability found in udisks2. This flaw allows an attacker to inpu ...) {DLA-2809-1} - udisks2 2.9.4-1 [bullseye] - udisks2 <no-dsa> (Minor issue) @@ -10005,8 +10250,8 @@ CVE-2021-39997 RESERVED CVE-2021-39996 RESERVED -CVE-2021-39995 - RESERVED +CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware management. ...) + TODO: check CVE-2021-39994 RESERVED CVE-2021-39993 @@ -14103,8 +14348,8 @@ CVE-2021-38285 RESERVED CVE-2021-38284 RESERVED -CVE-2021-38283 - RESERVED +CVE-2021-38283 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...) + TODO: check CVE-2021-38282 RESERVED CVE-2021-38281 @@ -14453,8 +14698,8 @@ CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2 NOT-FOR-US: Chikitsa Patient Management System CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for non-htt ...) NOT-FOR-US: Obsidian -CVE-2021-38147 - RESERVED +CVE-2021-38147 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...) + TODO: check CVE-2021-38146 (The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_1 ...) NOT-FOR-US: Wipro Holmes Orchestrator CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...) @@ -46322,8 +46567,8 @@ CVE-2021-24929 RESERVED CVE-2021-24928 RESERVED -CVE-2021-24927 - RESERVED +CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...) + TODO: check CVE-2021-24926 RESERVED CVE-2021-24925 @@ -46340,14 +46585,14 @@ CVE-2021-24920 RESERVED CVE-2021-24919 RESERVED -CVE-2021-24918 - RESERVED +CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did n ...) + TODO: check CVE-2021-24917 RESERVED CVE-2021-24916 RESERVED -CVE-2021-24915 - RESERVED +CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not have cap ...) + TODO: check CVE-2021-24914 RESERVED CVE-2021-24913 @@ -46360,8 +46605,8 @@ CVE-2021-24910 RESERVED CVE-2021-24909 RESERVED -CVE-2021-24908 - RESERVED +CVE-2021-24908 (The Check & Log Email WordPress plugin before 1.0.4 does not escap ...) + TODO: check CVE-2021-24907 RESERVED CVE-2021-24906 @@ -46378,8 +46623,8 @@ CVE-2021-24901 RESERVED CVE-2021-24900 RESERVED -CVE-2021-24899 - RESERVED +CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and ...) + TODO: check CVE-2021-24898 RESERVED CVE-2021-24897 @@ -46398,8 +46643,8 @@ CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.1.4 does NOT-FOR-US: WordPress plugin CVE-2021-24890 RESERVED -CVE-2021-24889 - RESERVED +CVE-2021-24889 (The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not es ...) + TODO: check CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2021-24887 @@ -46410,8 +46655,8 @@ CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the p NOT-FOR-US: WordPress plugin CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allows to ...) NOT-FOR-US: WordPress plugin -CVE-2021-24883 - RESERVED +CVE-2021-24883 (The Popup Anything WordPress plugin before 2.0.4 does not escape the L ...) + TODO: check CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2021-24881 @@ -46424,8 +46669,8 @@ CVE-2021-24878 RESERVED CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...) NOT-FOR-US: WordPress plugin -CVE-2021-24876 - RESERVED +CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...) + TODO: check CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.3 ...) NOT-FOR-US: WordPress plugin CVE-2021-24874 @@ -46456,8 +46701,8 @@ CVE-2021-24862 RESERVED CVE-2021-24861 RESERVED -CVE-2021-24860 - RESERVED +CVE-2021-24860 (The BSK PDF Manager WordPress plugin before 3.1.2 does not validate an ...) + TODO: check CVE-2021-24859 RESERVED CVE-2021-24858 @@ -46492,8 +46737,8 @@ CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not va NOT-FOR-US: WordPress plugin CVE-2021-24843 RESERVED -CVE-2021-24842 - RESERVED +CVE-2021-24842 (The Bulk Datetime Change WordPress plugin before 1.12 does not enforce ...) + TODO: check CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...) @@ -46532,8 +46777,8 @@ CVE-2021-24824 RESERVED CVE-2021-24823 RESERVED -CVE-2021-24822 - RESERVED +CVE-2021-24822 (The Stylish Cost Calculator WordPress plugin before 7.0.4 does not hav ...) + TODO: check CVE-2021-24821 RESERVED CVE-2021-24820 @@ -46554,8 +46799,8 @@ CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not san NOT-FOR-US: WordPress plugin CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not sanitise and es ...) NOT-FOR-US: WordPress plugin -CVE-2021-24811 - RESERVED +CVE-2021-24811 (The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and e ...) + TODO: check CVE-2021-24810 RESERVED CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does not check ...) @@ -46640,8 +46885,8 @@ CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not pe NOT-FOR-US: WordPress plugin CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...) NOT-FOR-US: WordPress plugin -CVE-2021-24768 - RESERVED +CVE-2021-24768 (The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly ...) + TODO: check CVE-2021-24767 (The Redirect 404 Error Page to Homepage or Custom Page with Logs WordP ...) NOT-FOR-US: WordPress plugin CVE-2021-24766 (The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress p ...) @@ -46666,28 +46911,28 @@ CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not pe NOT-FOR-US: WordPress plugin CVE-2021-24756 RESERVED -CVE-2021-24755 - RESERVED +CVE-2021-24755 (The myCred WordPress plugin before 2.3 does not validate or escape the ...) + TODO: check CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2021-24753 RESERVED CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform capability ...) NOT-FOR-US: WordPress plugins -CVE-2021-24751 - RESERVED +CVE-2021-24751 (The GenerateBlocks WordPress plugin before 1.4.0 does not validate the ...) + TODO: check CVE-2021-24750 RESERVED -CVE-2021-24749 - RESERVED -CVE-2021-24748 - RESERVED +CVE-2021-24749 (The URL Shortify WordPress plugin before 1.5.1 does not have CSRF chec ...) + TODO: check +CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not properl ...) + TODO: check CVE-2021-24747 RESERVED CVE-2021-24746 RESERVED -CVE-2021-24745 - RESERVED +CVE-2021-24745 (The About Author Box WordPress plugin before 1.0.2 does not sanitise a ...) + TODO: check CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 ...) NOT-FOR-US: WordPress plugin CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...) |