Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
046c7072 by security tracker role at 2021-10-27T08:10:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2021-43044
+ RESERVED
+CVE-2021-43043
+ RESERVED
+CVE-2021-43042
+ RESERVED
+CVE-2021-43041
+ RESERVED
+CVE-2021-43040
+ RESERVED
+CVE-2021-43039
+ RESERVED
+CVE-2021-43038
+ RESERVED
+CVE-2021-43037
+ RESERVED
+CVE-2021-43036
+ RESERVED
+CVE-2021-43035
+ RESERVED
+CVE-2021-43034
+ RESERVED
+CVE-2021-43033
+ RESERVED
+CVE-2021-3912
+ RESERVED
+CVE-2021-3911
+ RESERVED
+CVE-2021-3910
+ RESERVED
+CVE-2021-3909
+ RESERVED
+CVE-2021-3908
+ RESERVED
+CVE-2021-3907
+ RESERVED
CVE-2021-3906
RESERVED
CVE-2018-25019
@@ -3837,8 +3873,8 @@ CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote
unauthenticated attacker
CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3
before 2.4 a ...)
- onionshare <undetermined>
TODO: check details, exact fixing commits unclear
-CVE-2021-41866
- RESERVED
+CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed
Template Na ...)
+ TODO: check
CVE-2021-3853
RESERVED
CVE-2021-3852
@@ -11875,8 +11911,8 @@ CVE-2021-38452 (A path traversal vulnerability in the
Moxa MXview Network Manage
NOT-FOR-US: Moxa
CVE-2021-38451 (The affected product’s proprietary protocol CSC allows
for calli ...)
NOT-FOR-US: AUVESY
-CVE-2021-38450
- RESERVED
+CVE-2021-38450 (The affected controllers do not properly sanitize the input
containing ...)
+ TODO: check
CVE-2021-38449 (Some API functions permit by-design writing or copying data
into a giv ...)
NOT-FOR-US: AUVESY
CVE-2021-38448
@@ -15091,26 +15127,26 @@ CVE-2021-37133
RESERVED
CVE-2021-37132
RESERVED
-CVE-2021-37131
- RESERVED
-CVE-2021-37130
- RESERVED
-CVE-2021-37129
- RESERVED
+CVE-2021-37131 (There is a CSV injection vulnerability in ManageOne, iManager
NetEco a ...)
+ TODO: check
+CVE-2021-37130 (There is a path traversal vulnerability in Huawei FusionCube
6.0.2.The ...)
+ TODO: check
+CVE-2021-37129 (There is an out of bounds write vulnerability in some Huawei
products. ...)
+ TODO: check
CVE-2021-37128
RESERVED
-CVE-2021-37127
- RESERVED
+CVE-2021-37127 (There is a signature management vulnerability in some huawei
products. ...)
+ TODO: check
CVE-2021-37126
RESERVED
CVE-2021-37125
RESERVED
-CVE-2021-37124
- RESERVED
+CVE-2021-37124 (There is a path traversal vulnerability in Huawei PC product.
Because ...)
+ TODO: check
CVE-2021-37123 (There is an improper authentication vulnerability in
Hero-CT060 before ...)
NOT-FOR-US: Hero-CT060
-CVE-2021-37122
- RESERVED
+CVE-2021-37122 (There is a use-after-free (UAF) vulnerability in Huawei
products. An a ...)
+ TODO: check
CVE-2021-37121
RESERVED
CVE-2021-37120
@@ -19559,14 +19595,14 @@ CVE-2021-35238 (User with Orion Platform Admin Rights
could store XSS through UR
NOT-FOR-US: Solarwinds
CVE-2021-35237
RESERVED
-CVE-2021-35236
- RESERVED
-CVE-2021-35235
- RESERVED
+CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog
Server 9.7 ...)
+ TODO: check
+CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog
Server ...)
+ TODO: check
CVE-2021-35234
RESERVED
-CVE-2021-35233
- RESERVED
+CVE-2021-35233 (The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog
Server ...)
+ TODO: check
CVE-2021-35232
RESERVED
CVE-2021-35231 (As a result of an unquoted service path vulnerability present
in the K ...)
@@ -24944,8 +24980,8 @@ CVE-2021-32953
RESERVED
CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading
procedure ...)
NOT-FOR-US: Open Design Alliance
-CVE-2021-32951
- RESERVED
+CVE-2021-32951 (WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an
improper aut ...)
+ TODO: check
CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF
files in ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32949
@@ -30335,7 +30371,8 @@ CVE-2021-30853
REJECTED
CVE-2021-30852
REJECTED
-CVE-2021-30851 (A memory corruption vulnerability was addressed with improved
locking.)
+CVE-2021-30851
+ REJECTED
- webkit2gtk 2.34.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.1-1
@@ -30343,11 +30380,13 @@ CVE-2021-30851 (A memory corruption vulnerability was
addressed with improved lo
CVE-2021-30850 (An access issue was addressed with improved access
restrictions. This ...)
NOT-FOR-US: Apple
CVE-2021-30849 (Multiple memory corruption issues were addressed with improved
memory ...)
+ {DSA-4976-1 DSA-4975-1}
- webkit2gtk 2.32.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.32.4-1
NOTE: https://webkitgtk.org/security/WSA-2021-0006.html
CVE-2021-30848 (A memory corruption issue was addressed with improved memory
handling. ...)
+ {DSA-4976-1 DSA-4975-1}
- webkit2gtk 2.32.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.32.4-1
@@ -41048,8 +41087,8 @@ CVE-2021-26612
RESERVED
CVE-2021-26611
RESERVED
-CVE-2021-26610
- RESERVED
+CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform
an integ ...)
+ TODO: check
CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A
SQL-Inject ...)
NOT-FOR-US: WordPress plugin
CVE-2021-26608 (An arbitrary file download and execution vulnerability was
found in th ...)
@@ -47751,8 +47790,8 @@ CVE-2021-23879 (Unquoted service path vulnerability in
McAfee Endpoint Product R
NOT-FOR-US: McAfee
CVE-2021-23878 (Clear text storage of sensitive Information in memory
vulnerability in ...)
NOT-FOR-US: McAfee
-CVE-2021-23877
- RESERVED
+CVE-2021-23877 (Privilege escalation vulnerability in the Windows trial
installer of M ...)
+ TODO: check
CVE-2021-23876 (Bypass Remote Procedure call in McAfee Total Protection (MTP)
prior to ...)
NOT-FOR-US: McAfee
CVE-2021-23875
@@ -81064,8 +81103,8 @@ CVE-2020-22866
RESERVED
CVE-2020-22865
RESERVED
-CVE-2020-22864
- RESERVED
+CVE-2020-22864 (A cross site scripting (XSS) vulnerability in the Insert Video
functio ...)
+ TODO: check
CVE-2020-22863
RESERVED
CVE-2020-22862
@@ -118863,8 +118902,8 @@ CVE-2020-7869 (An improper input validation
vulnerability of ZOOK software (remo
NOT-FOR-US: ZOOK software
CVE-2020-7868 (A remote code execution vulnerability exists in helpUS(remote
administ ...)
NOT-FOR-US: helpUS(remote administration tool)
-CVE-2020-7867
- RESERVED
+CVE-2020-7867 (An improper input validation vulnerability in Helpu solution
could all ...)
+ TODO: check
CVE-2020-7866 (When using XPLATFORM 9.2.2.270 or earlier versions ActiveX
component, ...)
NOT-FOR-US: XPLATFORM
CVE-2020-7865 (A vulnerability(improper input validation) in the ExECM CoreB2B
soluti ...)
@@ -185307,8 +185346,8 @@ CVE-2019-3558 (Python Facebook Thrift servers would
not error upon receiving mes
NOT-FOR-US: Thrift servers
CVE-2019-3557 (The implementations of streams for bz2 and php://output
improperly imp ...)
- hhvm <removed>
-CVE-2019-3556
- RESERVED
+CVE-2019-3556 (HHVM supports the use of an "admin" server which accepts
administrativ ...)
+ TODO: check
CVE-2019-3555
RESERVED
CVE-2019-3554 (Wangle's AcceptRoutingHandler incorrectly casts a socket when
acceptin ...)
@@ -279900,7 +279939,7 @@ CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and
older, 9.3.x (all configurat
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667
NOTE: https://github.com/eclipse/jetty.project/commit/a285deea
CVE-2017-7655 (In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null
Dereference vu ...)
- {DLA-1972-1}
+ {DLA-2793-1 DLA-1972-1}
- mosquitto 1.5.4-1 (low)
[stretch] - mosquitto <no-dsa> (Minor issue)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775
@@ -421010,8 +421049,8 @@ CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL
before 0.9.8s and 1.x befor
- openssl 1.0.0f-1
CVE-2011-4575 (Cross-site scripting (XSS) vulnerability in the JMX console in
JBoss E ...)
NOT-FOR-US: JMX Console
-CVE-2011-4574
- RESERVED
+CVE-2011-4574 (PolarSSL versions prior to v1.1 use the HAVEGE random number
generatio ...)
+ TODO: check
CVE-2011-4573 (Red Hat JBoss Operations Network (JON) before 2.4.2 does not
properly ...)
NOT-FOR-US: JBoss Operations Network
CVE-2011-4572 (Cross-site scripting (XSS) vulnerability in
inc/tesmodrewite.php in CF ...)
@@ -422289,12 +422328,12 @@ CVE-2011-4127 (The Linux kernel before 3.2.2 does
not properly restrict SG_IO io
{DSA-2443-1 DSA-2389-1}
- libguestfs 1:1.14.8-1
- linux-2.6 <removed>
-CVE-2011-4126
- RESERVED
-CVE-2011-4125
- RESERVED
-CVE-2011-4124
- RESERVED
+CVE-2011-4126 (Race condition issues were found in Calibre at
devices/linux_mount_hel ...)
+ TODO: check
+CVE-2011-4125 (A untrusted search path issue was found in Calibre at
devices/linux_mo ...)
+ TODO: check
+CVE-2011-4124 (Input validation issues were found in Calibre at
devices/linux_mount_h ...)
+ TODO: check
CVE-2011-4123
REJECTED
CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in
OpenPAM be ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/046c7072fe1e244f0b05999c099e19063bbc2e3c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/046c7072fe1e244f0b05999c099e19063bbc2e3c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
