[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 01 Oct 2021 13:10:49 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e32d43d9 by security tracker role at 2021-10-01T20:10:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2021-41850
+       RESERVED
+CVE-2021-41849
+       RESERVED
+CVE-2021-41848
+       RESERVED
+CVE-2021-41847
+       RESERVED
+CVE-2021-41846
+       RESERVED
+CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify 
Secret Server ...)
+       TODO: check
+CVE-2021-41844
+       RESERVED
+CVE-2021-41843
+       RESERVED
+CVE-2021-41842
+       RESERVED
+CVE-2021-41841
+       RESERVED
+CVE-2021-41840
+       RESERVED
+CVE-2021-41839
+       RESERVED
+CVE-2021-41838
+       RESERVED
+CVE-2021-41837
+       RESERVED
+CVE-2021-41833
+       RESERVED
+CVE-2021-3848
+       RESERVED
+CVE-2021-3847
+       RESERVED
+CVE-2021-3846
+       RESERVED
+CVE-2021-23139
+       RESERVED
 CVE-2021-3845
        RESERVED
 CVE-2021-41832
@@ -72,21 +110,25 @@ CVE-2021-41802
        RESERVED
 CVE-2021-41801
        RESERVED
+       {DSA-4979-1}
        - mediawiki 1:1.35.4-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
        NOTE: https://phabricator.wikimedia.org/T279090
 CVE-2021-41800
        RESERVED
+       {DSA-4979-1}
        - mediawiki 1:1.35.4-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
        NOTE: https://phabricator.wikimedia.org/T284419
 CVE-2021-41799
        RESERVED
+       {DSA-4979-1}
        - mediawiki 1:1.35.4-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
        NOTE: https://phabricator.wikimedia.org/T290379
 CVE-2021-41798
        RESERVED
+       {DSA-4979-1}
        - mediawiki 1:1.35.4-1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
        NOTE: https://phabricator.wikimedia.org/T285515
@@ -412,12 +454,12 @@ CVE-2021-41651
        RESERVED
 CVE-2021-41650
        RESERVED
-CVE-2021-41649
-       RESERVED
-CVE-2021-41648
-       RESERVED
-CVE-2021-41647
-       RESERVED
+CVE-2021-41649 (An un-authenticated SQL Injection exists in PuneethReddyHC 
online-shop ...)
+       TODO: check
+CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC 
online-shop ...)
+       TODO: check
+CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL 
injection vul ...)
+       TODO: check
 CVE-2021-41646
        RESERVED
 CVE-2021-41645
@@ -611,8 +653,8 @@ CVE-2021-41562
        RESERVED
 CVE-2021-41561
        RESERVED
-CVE-2021-3825
-       RESERVED
+CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk 
software is  ...)
+       TODO: check
 CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote 
attackers to in ...)
        NOT-FOR-US: OpenVPN Access Server
 CVE-2021-3823
@@ -816,30 +858,30 @@ CVE-2021-41469
        RESERVED
 CVE-2021-41468
        RESERVED
-CVE-2021-41467
-       RESERVED
+CVE-2021-41467 (Cross-site scripting (XSS) vulnerability in 
application/controllers/dr ...)
+       TODO: check
 CVE-2021-41466
        RESERVED
-CVE-2021-41465
-       RESERVED
-CVE-2021-41464
-       RESERVED
-CVE-2021-41463
-       RESERVED
-CVE-2021-41462
-       RESERVED
-CVE-2021-41461
-       RESERVED
+CVE-2021-41465 (Cross-site scripting (XSS) vulnerability in 
concrete/elements/collecti ...)
+       TODO: check
+CVE-2021-41464 (Cross-site scripting (XSS) vulnerability in 
concrete/elements/collecti ...)
+       TODO: check
+CVE-2021-41463 (Cross-site scripting (XSS) vulnerability in 
toos/permissions/dialogs/a ...)
+       TODO: check
+CVE-2021-41462 (Cross-site scripting (XSS) vulnerability in 
concrete/elements/collecti ...)
+       TODO: check
+CVE-2021-41461 (Cross-site scripting (XSS) vulnerability in 
concrete/elements/collecti ...)
+       TODO: check
 CVE-2021-41460
        RESERVED
-CVE-2021-41459
-       RESERVED
+CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at 
src/filters/dmx_n ...)
+       TODO: check
 CVE-2021-41458
        RESERVED
-CVE-2021-41457
-       RESERVED
-CVE-2021-41456
-       RESERVED
+CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at 
src/filters/dmx_nh ...)
+       TODO: check
+CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at 
src/filters/dmx_n ...)
+       TODO: check
 CVE-2021-41455
        RESERVED
 CVE-2021-41454
@@ -1573,8 +1615,8 @@ CVE-2021-41112
        RESERVED
 CVE-2021-41111
        RESERVED
-CVE-2021-41110
-       RESERVED
+CVE-2021-41110 (cwlviewer is a web application to view and share Common 
Workflow Langu ...)
+       TODO: check
 CVE-2021-41109 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Parse Server
 CVE-2021-41108
@@ -1871,22 +1913,22 @@ CVE-2021-40977
        RESERVED
 CVE-2021-40976
        RESERVED
-CVE-2021-40975
-       RESERVED
+CVE-2021-40975 (Cross-site scripting (XSS) vulnerability in 
application/modules/admin/ ...)
+       TODO: check
 CVE-2021-40974
        RESERVED
-CVE-2021-40973
-       RESERVED
-CVE-2021-40972
-       RESERVED
-CVE-2021-40971
-       RESERVED
-CVE-2021-40970
-       RESERVED
-CVE-2021-40969
-       RESERVED
-CVE-2021-40968
-       RESERVED
+CVE-2021-40973 (Cross-site scripting (XSS) vulnerability in 
templates/installer/step-0 ...)
+       TODO: check
+CVE-2021-40972 (Cross-site scripting (XSS) vulnerability in 
templates/installer/step-0 ...)
+       TODO: check
+CVE-2021-40971 (Cross-site scripting (XSS) vulnerability in 
templates/installer/step-0 ...)
+       TODO: check
+CVE-2021-40970 (Cross-site scripting (XSS) vulnerability in 
templates/installer/step-0 ...)
+       TODO: check
+CVE-2021-40969 (Cross-site scripting (XSS) vulnerability in 
templates/installer/step-0 ...)
+       TODO: check
+CVE-2021-40968 (Cross-site scripting (XSS) vulnerability in 
templates/installer/step-0 ...)
+       TODO: check
 CVE-2021-40967
        RESERVED
 CVE-2021-40966 (A Stored XSS exists in TinyFileManager All version up to and 
including ...)
@@ -1901,8 +1943,8 @@ CVE-2021-40962
        RESERVED
 CVE-2021-40961
        RESERVED
-CVE-2021-40960
-       RESERVED
+CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal 
vulnerabil ...)
+       TODO: check
 CVE-2021-40959
        RESERVED
 CVE-2021-40958
@@ -1965,22 +2007,22 @@ CVE-2021-40930
        RESERVED
 CVE-2021-40929
        RESERVED
-CVE-2021-40928
-       RESERVED
-CVE-2021-40927
-       RESERVED
-CVE-2021-40926
-       RESERVED
-CVE-2021-40925
-       RESERVED
-CVE-2021-40924
-       RESERVED
-CVE-2021-40923
-       RESERVED
-CVE-2021-40922
-       RESERVED
-CVE-2021-40921
-       RESERVED
+CVE-2021-40928 (Cross-site scripting (XSS) vulnerability in index.php in 
FlexTV beta d ...)
+       TODO: check
+CVE-2021-40927 (Cross-site scripting (XSS) vulnerability in callback.php in 
Spotify-fo ...)
+       TODO: check
+CVE-2021-40926 (Cross-site scripting (XSS) vulnerability in 
demos/demo.mysqli.php in g ...)
+       TODO: check
+CVE-2021-40925 (Cross-site scripting (XSS) vulnerability in 
dompdf/dompdf/www/demo.php ...)
+       TODO: check
+CVE-2021-40924 (Cross-site scripting (XSS) vulnerability in install/index.php 
in bugs  ...)
+       TODO: check
+CVE-2021-40923 (Cross-site scripting (XSS) vulnerability in install/index.php 
in bugs  ...)
+       TODO: check
+CVE-2021-40922 (Cross-site scripting (XSS) vulnerability in install/index.php 
in bugs  ...)
+       TODO: check
+CVE-2021-40921 (Cross-site scripting (XSS) vulnerability in 
_contactform.inc.php in De ...)
+       TODO: check
 CVE-2021-40920
        RESERVED
 CVE-2021-40919
@@ -8679,24 +8721,24 @@ CVE-2021-38106
        RESERVED
 CVE-2021-38105
        RESERVED
-CVE-2021-38104
-       RESERVED
-CVE-2021-38103
-       RESERVED
+CVE-2021-38104 (IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected 
by an Ou ...)
+       TODO: check
+CVE-2021-38103 (IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected 
by an Ou ...)
+       TODO: check
 CVE-2021-38102
        RESERVED
 CVE-2021-38101
        RESERVED
 CVE-2021-38100
        RESERVED
-CVE-2021-38099
-       RESERVED
+CVE-2021-38099 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is 
affected by ...)
+       TODO: check
 CVE-2021-38098
        RESERVED
-CVE-2021-38097
-       RESERVED
-CVE-2021-38096
-       RESERVED
+CVE-2021-38097 (Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write 
vulnera ...)
+       TODO: check
+CVE-2021-38096 (Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an 
Out-of-bounds ...)
+       TODO: check
 CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote 
unauthenticated at ...)
        NOT-FOR-US: Planview Spigit
 CVE-2021-38094 (Integer Overflow vulnerability in function filter_sobel in 
libavfilter ...)
@@ -15169,8 +15211,8 @@ CVE-2021-35299 (Incorrect Access Control in Zammad 
1.0.x up to 4.0.0 allows atta
        - zammad <itp> (bug #841355)
 CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows 
remote a ...)
        - zammad <itp> (bug #841355)
-CVE-2021-35297
-       RESERVED
+CVE-2021-35297 (Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable 
to remo ...)
+       TODO: check
 CVE-2021-35296
        RESERVED
 CVE-2021-35295
@@ -15393,6 +15435,7 @@ CVE-2021-35199 (NETSCOUT nGeniusONE 6.3.0 build 1196 
and earlier allows Stored C
 CVE-2021-35198 (NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored 
Cross-S ...)
        NOT-FOR-US: NETSCOUT
 CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 
1.35.3, and  ...)
+       {DSA-4979-1}
        - mediawiki 1:1.35.3-1
        [bullseye] - mediawiki <postponed> (Minor issue, wait until next 1.35.x 
release)
        [buster] - mediawiki <postponed> (Minor issue, wait until next 1.31.x 
release)
@@ -30728,12 +30771,12 @@ CVE-2021-29112
        RESERVED
 CVE-2021-29111
        RESERVED
-CVE-2021-29110
-       RESERVED
-CVE-2021-29109
-       RESERVED
-CVE-2021-29108
-       RESERVED
+CVE-2021-29110 (Stored cross-site scripting (XSS) issue in Esri Portal for 
ArcGIS may  ...)
+       TODO: check
+CVE-2021-29109 (A reflected XSS vulnerability in Esri Portal for ArcGIS 
version 10.9 a ...)
+       TODO: check
+CVE-2021-29108 (There is an privilege escalation vulnerability in 
organization-specifi ...)
+       TODO: check
 CVE-2021-29107 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS 
Server Man ...)
        NOT-FOR-US: ArcGIS Server Manager
 CVE-2021-29106 (A reflected Cross Site Scripting (XSS) vulnerability in Esri 
ArcGIS Se ...)
@@ -43368,8 +43411,8 @@ CVE-2021-23895 (Deserialization of untrusted data 
vulnerability in McAfee Databa
        NOT-FOR-US: McAfee
 CVE-2021-23894 (Deserialization of untrusted data vulnerability in McAfee 
Database Sec ...)
        NOT-FOR-US: McAfee
-CVE-2021-23893
-       RESERVED
+CVE-2021-23893 (Privilege Escalation vulnerability in a Windows system driver 
of McAfe ...)
+       TODO: check
 CVE-2021-23892 (By exploiting a time of check to time of use (TOCTOU) race 
condition d ...)
        NOT-FOR-US: McAfee
 CVE-2021-23891 (Privilege Escalation vulnerability in McAfee Total Protection 
(MTP) pr ...)
@@ -80661,12 +80704,12 @@ CVE-2020-21016
        RESERVED
 CVE-2020-21015
        RESERVED
-CVE-2020-21014
-       RESERVED
-CVE-2020-21013
-       RESERVED
-CVE-2020-21012
-       RESERVED
+CVE-2020-21014 (emlog v6.0.0 contains an arbitrary file deletion vulnerability 
in admi ...)
+       TODO: check
+CVE-2020-21013 (emlog v6.0.0 contains a SQL injection via /admin/comment.php. 
...)
+       TODO: check
+CVE-2020-21012 (Sourcecodester Hotel and Lodge Management System 2.0 is 
vulnerable to  ...)
+       TODO: check
 CVE-2020-21011
        RESERVED
 CVE-2020-21010



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e32d43d9662c84bb50cef20298ae890b60cb5c80

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e32d43d9662c84bb50cef20298ae890b60cb5c80
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to