[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 05 Oct 2021 13:11:07 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1483bff4 by security tracker role at 2021-10-05T20:10:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-42010
+       RESERVED
+CVE-2021-42009
+       RESERVED
+CVE-2021-3862
+       RESERVED
+CVE-2021-3861
+       RESERVED
+CVE-2021-3860
+       RESERVED
+CVE-2021-3859
+       RESERVED
 CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in 
the Linux  ...)
        - linux 5.14.6-1
        NOTE: 
https://git.kernel.org/linus/19d1532a187669ce86d5a2696eb7275310070793 (5.14-rc7)
@@ -527,8 +539,7 @@ CVE-2021-41775
        RESERVED
 CVE-2021-41774
        RESERVED
-CVE-2021-41773
-       RESERVED
+CVE-2021-41773 (A flaw was found in a change made to path normalization in 
Apache HTTP ...)
        - apache2 2.4.50-1
        [bullseye] - apache2 <not-affected> (Vulnerable code not present, only 
affects 2.4.49)
        [buster] - apache2 <not-affected> (Vulnerable code not present, only 
affects 2.4.49)
@@ -1024,12 +1035,12 @@ CVE-2021-41557
        RESERVED
 CVE-2021-41556
        RESERVED
-CVE-2021-41555
-       RESERVED
-CVE-2021-41554
-       RESERVED
-CVE-2021-41553
-       RESERVED
+CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 
21.3.3.815 (a  ...)
+       TODO: check
+CVE-2021-41554 (** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 
21.3.3.815 (a ver ...)
+       TODO: check
+CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 
21.3.3.815 (a  ...)
+       TODO: check
 CVE-2021-41552
        RESERVED
 CVE-2021-41551
@@ -1091,8 +1102,7 @@ CVE-2021-3821
 CVE-2021-3820 (inflect is vulnerable to Inefficient Regular Expression 
Complexity ...)
        NOT-FOR-US: Nodejs inflect
        NOTE: https://github.com/pksunkara/inflect
-CVE-2021-41524
-       RESERVED
+CVE-2021-41524 (While fuzzing the 2.4.49 httpd, a new null pointer dereference 
was det ...)
        - apache2 2.4.50-1
        [bullseye] - apache2 <not-affected> (Vulnerable code not present, only 
affects 2.4.49)
        [buster] - apache2 <not-affected> (Vulnerable code not present, only 
affects 2.4.49)
@@ -1623,8 +1633,8 @@ CVE-2021-41288 (Zoho ManageEngine OpManager version 
125466 and below is vulnerab
        NOT-FOR-US: Zoho ManageEngine
 CVE-2021-41287
        RESERVED
-CVE-2021-41286
-       RESERVED
+CVE-2021-41286 (Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side 
authent ...)
+       TODO: check
 CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity 
...)
        NOT-FOR-US: NervJS Taro
 CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a 
suspicion that ...)
@@ -1969,14 +1979,14 @@ CVE-2021-41118 (The DynamicPageList3 extension is a 
reporting tool for MediaWiki
        NOT-FOR-US: DynamicPageList3 MediaWiki Extension
 CVE-2021-41117
        RESERVED
-CVE-2021-41116
-       RESERVED
+CVE-2021-41116 (Composer is an open source dependency manager for the PHP 
language. In ...)
+       TODO: check
 CVE-2021-41115
        RESERVED
-CVE-2021-41114
-       RESERVED
-CVE-2021-41113
-       RESERVED
+CVE-2021-41114 (TYPO3 is an open source PHP based web content management 
system releas ...)
+       TODO: check
+CVE-2021-41113 (TYPO3 is an open source PHP based web content management 
system releas ...)
+       TODO: check
 CVE-2021-41112
        RESERVED
 CVE-2021-41111
@@ -4806,64 +4816,64 @@ CVE-2021-39896 (In all versions of GitLab CE/EE since 
version 8.0, when an admin
        - gitlab <unfixed>
 CVE-2021-39895
        RESERVED
-CVE-2021-39894
-       RESERVED
-CVE-2021-39893
-       RESERVED
+CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS 
rebinding vul ...)
+       TODO: check
+CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab 
starting with v ...)
+       TODO: check
 CVE-2021-39892
        RESERVED
-CVE-2021-39891
-       RESERVED
+CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access 
tokens creat ...)
+       TODO: check
 CVE-2021-39890
        RESERVED
-CVE-2021-39889
-       RESERVED
-CVE-2021-39888
-       RESERVED
-CVE-2021-39887
-       RESERVED
-CVE-2021-39886
-       RESERVED
+CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an 
insecure di ...)
+       TODO: check
+CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific 
API endpo ...)
+       TODO: check
+CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab 
Flavored Mar ...)
+       TODO: check
+CVE-2021-39886 (Permissions rules were not applied while issues were moved 
between pro ...)
+       TODO: check
 CVE-2021-39885 (A Stored XSS in merge request creation page in Gitlab EE 
version 13.5  ...)
        TODO: check
-CVE-2021-39884
-       RESERVED
+CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint 
discloses ...)
+       TODO: check
 CVE-2021-39883 (Improper authorization checks in GitLab EE &gt; 13.11 allows 
subgroup  ...)
        TODO: check
-CVE-2021-39882
-       RESERVED
-CVE-2021-39881
-       RESERVED
-CVE-2021-39880
-       RESERVED
+CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous 
users c ...)
+       TODO: check
+CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the 
application may ...)
+       TODO: check
+CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server 
Ruby gem ...)
+       TODO: check
 CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since 
version 7 ...)
        - gitlab <unfixed>
-CVE-2021-39878
-       RESERVED
+CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the 
Jira inte ...)
+       TODO: check
 CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 
12.2 th ...)
        - gitlab <unfixed>
 CVE-2021-39876
        RESERVED
-CVE-2021-39875
-       RESERVED
+CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is 
possible to  ...)
+       TODO: check
 CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the 
requirement to ...)
        - gitlab <unfixed>
 CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content 
spoofing vulne ...)
        - gitlab <unfixed>
-CVE-2021-39872
-       RESERVED
+CVE-2021-39872 (In all versions of GitLab CE/EE since version 14.1, an 
improper access ...)
+       TODO: check
 CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an 
instance that h ...)
        - gitlab <unfixed>
-CVE-2021-39870
-       RESERVED
-CVE-2021-39869
-       RESERVED
+CVE-2021-39870 (In all versions of GitLab CE/EE since version 11.11, an 
instance that  ...)
+       TODO: check
+CVE-2021-39869 (In all versions of GitLab CE/EE since version 8.9, project 
exports may ...)
+       TODO: check
 CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an 
authenticated l ...)
        - gitlab <unfixed>
-CVE-2021-39867
-       RESERVED
-CVE-2021-39866
-       RESERVED
+CVE-2021-39867 (In all versions of GitLab CE/EE since version 8.15, a DNS 
rebinding vu ...)
+       TODO: check
+CVE-2021-39866 (A business logic error in the project deletion process in 
GitLab 13.6  ...)
+       TODO: check
 CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 
Release ...)
        NOT-FOR-US: Adobe
 CVE-2021-39864
@@ -6441,8 +6451,7 @@ CVE-2021-39228 (Tremor is an event processing system for 
unstructured data. A vu
        NOT-FOR-US: Tremor event processing (different from Vorbis Tremor)
 CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for 
Apache  ...)
        NOT-FOR-US: ZRender
-CVE-2021-39226
-       RESERVED
+CVE-2021-39226 (Grafana is an open source data visualization platform. In 
affected ver ...)
        - grafana <removed>
 CVE-2021-39225
        RESERVED
@@ -11109,8 +11118,8 @@ CVE-2021-37225
        RESERVED
 CVE-2021-37224
        RESERVED
-CVE-2021-37223
-       RESERVED
+CVE-2021-37223 (Nagios Enterprises NagiosXI &lt;= 5.8.4 contains a Server-Side 
Request ...)
+       TODO: check
 CVE-2021-37222 (Parsers in the open source project RCDCAP before 1.0.5 allow 
remote at ...)
        NOT-FOR-US: RCDCAP
 CVE-2021-37221
@@ -15132,14 +15141,14 @@ CVE-2021-35508 (NMSAccess32.exe in TeraRecon 
AQNetClient 4.4.13 allows attackers
        NOT-FOR-US: TeraRecon AQNetClient
 CVE-2021-35507
        RESERVED
-CVE-2021-35506
-       RESERVED
-CVE-2021-35505
-       RESERVED
-CVE-2021-35504
-       RESERVED
-CVE-2021-35503
-       RESERVED
+CVE-2021-35506 (Afian FileRun 2021.03.26 allows XSS when an administrator 
encounters a ...)
+       TODO: check
+CVE-2021-35505 (Afian FileRun 2021.03.26 allows Remote Code Execution (by 
administrato ...)
+       TODO: check
+CVE-2021-35504 (Afian FileRun 2021.03.26 allows Remote Code Execution (by 
administrato ...)
+       TODO: check
+CVE-2021-35503 (Afian FileRun 2021.03.26 allows stored XSS via an HTTP 
X-Forwarded-For ...)
+       TODO: check
 CVE-2021-35502 
(app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp  ...)
        NOT-FOR-US: MISP
 CVE-2021-3622
@@ -15172,8 +15181,8 @@ CVE-2021-35499
        RESERVED
 CVE-2021-35498
        RESERVED
-CVE-2021-35497
-       RESERVED
+CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing 
tibftlserve ...)
+       TODO: check
 CVE-2021-35496
        RESERVED
 CVE-2021-35495
@@ -15184,10 +15193,10 @@ CVE-2021-35493 (The WebFOCUS Reporting Server and 
WebFOCUS Client components of
        NOT-FOR-US: WebFOCUS
 CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a 
post-authentica ...)
        NOT-FOR-US: Rapid7 Velociraptor
-CVE-2021-35492
-       RESERVED
-CVE-2021-35491
-       RESERVED
+CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an 
authenticated,  ...)
+       TODO: check
+CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza 
Streaming E ...)
+       TODO: check
 CVE-2021-35490
        RESERVED
 CVE-2021-35489
@@ -47524,22 +47533,22 @@ CVE-2021-22266
        RESERVED
 CVE-2021-22265
        RESERVED
-CVE-2021-22264
-       RESERVED
+CVE-2021-22264 (An issue has been discovered in GitLab affecting all versions 
starting ...)
+       TODO: check
 CVE-2021-22263
        RESERVED
-CVE-2021-22262
-       RESERVED
-CVE-2021-22261
-       RESERVED
+CVE-2021-22262 (Missing access control in GitLab version 13.10 and above with 
Jira Clo ...)
+       TODO: check
+CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira 
integration in ...)
+       TODO: check
 CVE-2021-22260
        RESERVED
 CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE 
starting wit ...)
        TODO: check
-CVE-2021-22258
-       RESERVED
-CVE-2021-22257
-       RESERVED
+CVE-2021-22258 (The project import/export feature in GitLab 8.9 and greater 
could be u ...)
+       TODO: check
+CVE-2021-22257 (An issue has been discovered in GitLab affecting all versions 
starting ...)
+       TODO: check
 CVE-2021-22256 (Improper authorization in GitLab CE/EE affecting all versions 
since 12 ...)
        - gitlab <unfixed>
 CVE-2021-22255 (SSRF in URL file upload in Baserow &lt;1.1.0 allows remote 
authenticat ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1483bff496ed5cd3be784c1f7e91d779dd7ecddb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1483bff496ed5cd3be784c1f7e91d779dd7ecddb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to