Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e2191463 by security tracker role at 2021-09-16T20:10:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-3809
+ RESERVED
+CVE-2021-3808
+ RESERVED
+CVE-2021-3807
+ RESERVED
+CVE-2021-3806
+ RESERVED
+CVE-2021-3805
+ RESERVED
CVE-2021-41303
RESERVED
CVE-2021-41302
@@ -452,8 +462,7 @@ CVE-2021-41081
RESERVED
CVE-2021-41080
RESERVED
-CVE-2021-41079 [denial of service]
- RESERVED
+CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and
10.0.0-M1 to 10. ...)
- tomcat9 <unfixed>
- tomcat8 <removed>
NOTE:
https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E
@@ -1375,10 +1384,10 @@ CVE-2021-40672
RESERVED
CVE-2021-40671
RESERVED
-CVE-2021-40670
- RESERVED
-CVE-2021-40669
- RESERVED
+CVE-2021-40670 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the
keywords ...)
+ TODO: check
+CVE-2021-40669 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the
keywords ...)
+ TODO: check
CVE-2021-40668
RESERVED
CVE-2021-40667
@@ -1905,8 +1914,8 @@ CVE-2021-3762
RESERVED
CVE-2021-40439
RESERVED
-CVE-2021-40438
- RESERVED
+CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the
request ...)
+ TODO: check
CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate
addresses ...)
- inetutils 2:2.2-1 (bug #993476)
[bullseye] - inetutils <no-dsa> (Minor issue)
@@ -2796,10 +2805,10 @@ CVE-2021-40069
RESERVED
CVE-2021-40068
RESERVED
-CVE-2021-40067
- RESERVED
-CVE-2021-40066
- RESERVED
+CVE-2021-40067 (The access controls on the Mobility read-write API improperly
validate ...)
+ TODO: check
+CVE-2021-40066 (The access controls on the Mobility read-only API improperly
validate ...)
+ TODO: check
CVE-2021-40065
RESERVED
CVE-2021-40064
@@ -4376,7 +4385,7 @@ CVE-2021-39309
RESERVED
CVE-2021-39308
RESERVED
-CVE-2021-39307 (PDFTron’s WebViewer UI 8.0 or below renders dangerous
URLs as hy ...)
+CVE-2021-39307 (PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as
hyperlin ...)
NOT-FOR-US: PDFTron WebViewer UI
CVE-2021-39306
RESERVED
@@ -4491,8 +4500,8 @@ CVE-2021-39277
RESERVED
CVE-2021-39276
RESERVED
-CVE-2021-39275
- RESERVED
+CVE-2021-39275 (ap_escape_quotes() may write beyond the end of a buffer when
given mal ...)
+ TODO: check
CVE-2021-3717
RESERVED
- wildfly <itp> (bug #752018)
@@ -4658,8 +4667,7 @@ CVE-2021-39240 (An issue was discovered in HAProxy 2.2
before 2.2.16, 2.3 before
NOTE: https://www.mail-archive.com/[email protected]/msg41041.html
NOTE:
https://git.haproxy.org/?p=haproxy.git;a=commit;h=4b8852c70d8c4b7e225e24eb58258a15eb54c26e
NOTE:
https://git.haproxy.org/?p=haproxy.git;a=commit;h=a495e0d94876c9d39763db319f609351907a31e8
-CVE-2021-39239
- RESERVED
+CVE-2021-39239 (A vulnerability in XML processing in Apache Jena, in versions
up to 4. ...)
NOT-FOR-US: Apache Jena
CVE-2021-39238
RESERVED
@@ -4715,8 +4723,8 @@ CVE-2021-39216
RESERVED
CVE-2021-39215 (Jitsi Meet is an open source video conferencing application.
In versio ...)
- jitsi-meet <itp> (bug #760485)
-CVE-2021-39214
- RESERVED
+CVE-2021-39214 (mitmproxy is an interactive, SSL/TLS-capable intercepting
proxy. In mi ...)
+ TODO: check
CVE-2021-39213 (GLPI is a free Asset and IT management software package.
Starting in v ...)
- glpi <removed> (unimportant)
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777
@@ -4738,8 +4746,8 @@ CVE-2021-39209 (GLPI is a free Asset and IT management
software package. In vers
- glpi <removed> (unimportant)
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-5qpf-32w7-c56p
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2021-39208
- RESERVED
+CVE-2021-39208 (SharpCompress is a fully managed C# library to deal with many
compress ...)
+ TODO: check
CVE-2021-39207 (parlai is a framework for training and evaluating AI models on
a varie ...)
NOT-FOR-US: Facebook ParlAI
CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy,
which P ...)
@@ -10455,7 +10463,7 @@ CVE-2021-36719
RESERVED
CVE-2021-36718
RESERVED
-CVE-2021-36717 (In order to perform a directory traversal attack, all an
attacker need ...)
+CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal
vulnerabi ...)
NOT-FOR-US: Synerion TimeNet
CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found
in the S ...)
NOT-FOR-US: Node is-email
@@ -11652,8 +11660,8 @@ CVE-2021-36162 (Apache Dubbo supports various rules to
support configuration ove
NOT-FOR-US: Apache Dubbo
CVE-2021-36161 (Some component in Dubbo will try to print the formated string
of the i ...)
NOT-FOR-US: Apache Dubbo
-CVE-2021-36160
- RESERVED
+CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi
to read ...)
+ TODO: check
CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and
other prod ...)
NOT-FOR-US: libfetch
CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine
Linux, RDP s ...)
@@ -14838,8 +14846,8 @@ CVE-2021-34800
RESERVED
CVE-2021-34799
RESERVED
-CVE-2021-34798
- RESERVED
+CVE-2021-34798 (Malformed requests may cause the server to dereference a NULL
pointer. ...)
+ TODO: check
CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly,
allowin ...)
NOT-FOR-US: Secure 8 (Evalos)
CVE-2021-34797
@@ -15339,18 +15347,18 @@ CVE-2021-34578 (This vulnerability allows an attacker
who has access to the WBM
NOT-FOR-US: WAGO
CVE-2021-34577
RESERVED
-CVE-2021-34576
- RESERVED
+CVE-2021-34576 (In Kaden PICOFLUX Air in all known versions an information
exposure th ...)
+ TODO: check
CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions
<= 2.8.0 ...)
NOT-FOR-US: MB connect line
CVE-2021-34574 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions
<= 2.8.0 ...)
NOT-FOR-US: MB connect line
-CVE-2021-34573
- RESERVED
-CVE-2021-34572
- RESERVED
-CVE-2021-34571
- RESERVED
+CVE-2021-34573 (In Enbra EWM in Version 1.7.29 together with several tested
wireless M ...)
+ TODO: check
+CVE-2021-34572 (Enbra EWM 1.7.29 does not check for or detect replay attacks
sent by w ...)
+ TODO: check
+CVE-2021-34571 (Multiple Wireless M-Bus devices by Enbra use Hard-coded
Credentials in ...)
+ TODO: check
CVE-2021-34570
RESERVED
CVE-2021-34569
@@ -27383,8 +27391,8 @@ CVE-2021-29844
RESERVED
CVE-2021-29843
RESERVED
-CVE-2021-29842
- RESERVED
+CVE-2021-29842 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and
Liberty 17.0.0 ...)
+ TODO: check
CVE-2021-29841 (IBM Financial Transaction Manager 3.2.4 is vulnerable to
cross-site sc ...)
NOT-FOR-US: IBM
CVE-2021-29840
@@ -27417,8 +27425,8 @@ CVE-2021-29827
RESERVED
CVE-2021-29826
RESERVED
-CVE-2021-29825
- RESERVED
+CVE-2021-29825 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) coul ...)
+ TODO: check
CVE-2021-29824
RESERVED
CVE-2021-29823
@@ -27541,8 +27549,8 @@ CVE-2021-29765 (IBM PowerVM Hypervisor FW940 and FW950
could allow an attacker t
NOT-FOR-US: IBM
CVE-2021-29764
RESERVED
-CVE-2021-29763
- RESERVED
+CVE-2021-29763 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.1 ...)
+ TODO: check
CVE-2021-29762
RESERVED
CVE-2021-29761
@@ -27563,8 +27571,8 @@ CVE-2021-29754 (IBM WebSphere Application Server 7.0,
8.0, 8.5, and 9.0 is vulne
NOT-FOR-US: IBM
CVE-2021-29753
RESERVED
-CVE-2021-29752
- RESERVED
+CVE-2021-29752 (IBM Db2 11.2 and 11.5 contains an information disclosure
vulnerability ...)
+ TODO: check
CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM
Business ...)
NOT-FOR-US: IBM
CVE-2021-29750 (IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected
cryptographic al ...)
@@ -33459,10 +33467,10 @@ CVE-2021-27343 (SerenityOS Unspecified is affected
by: Buffer Overflow. The impa
NOT-FOR-US: SerenityOS
CVE-2021-27342 (An authentication brute-force protection mechanism bypass in
telnetd i ...)
NOT-FOR-US: D-Link
-CVE-2021-27341
- RESERVED
-CVE-2021-27340
- RESERVED
+CVE-2021-27341 (OpenSIS Community Edition version <= 7.6 is affected by a
local fil ...)
+ TODO: check
+CVE-2021-27340 (OpenSIS Community Edition version <= 7.6 is affected by a
reflected ...)
+ TODO: check
CVE-2021-27339
RESERVED
CVE-2021-27338 (Faraday Edge before 3.7 allows XSS via the network/create/
page and it ...)
@@ -94866,8 +94874,8 @@ CVE-2020-14132
RESERVED
CVE-2020-14131
RESERVED
-CVE-2020-14130
- RESERVED
+CVE-2020-14130 (Some js interfaces in the Xiaomi community were exposed,
causing sensi ...)
+ TODO: check
CVE-2020-14129
RESERVED
CVE-2020-14128
@@ -94878,8 +94886,8 @@ CVE-2020-14126
RESERVED
CVE-2020-14125
RESERVED
-CVE-2020-14124
- RESERVED
+CVE-2020-14124 (There is a buffer overflow in librsa.so called by
getwifipwdurl interf ...)
+ TODO: check
CVE-2020-14123
RESERVED
CVE-2020-14122
@@ -94888,8 +94896,8 @@ CVE-2020-14121
RESERVED
CVE-2020-14120
RESERVED
-CVE-2020-14119
- RESERVED
+CVE-2020-14119 (There is command injection in the addMeshNode interface of
xqnetwork.l ...)
+ TODO: check
CVE-2020-14118
RESERVED
CVE-2020-14117
@@ -94908,8 +94916,8 @@ CVE-2020-14111
RESERVED
CVE-2020-14110
RESERVED
-CVE-2020-14109
- RESERVED
+CVE-2020-14109 (There is command injection in the meshd program in the routing
system, ...)
+ TODO: check
CVE-2020-14108
RESERVED
CVE-2020-14107
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e21914639269f33c004d7353cf27ec3c222f0e08
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e21914639269f33c004d7353cf27ec3c222f0e08
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
