Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
898e84b3 by security tracker role at 2021-10-29T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3968,8 +3968,8 @@ CVE-2021-41876
RESERVED
CVE-2021-41875
RESERVED
-CVE-2021-41874
- RESERVED
+CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of
Portain ...)
+ TODO: check
CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top
box produ ...)
NOT-FOR-US: Penguin Aurora TV Box 41502
CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a
denial of s ...)
@@ -4296,12 +4296,12 @@ CVE-2021-41750
RESERVED
CVE-2021-41749
RESERVED
-CVE-2021-41748
- RESERVED
+CVE-2021-41748 (An Incorrect Access Control issue exists in all versions of
Portainer. ...)
+ TODO: check
CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP
4.10.0, wh ...)
NOT-FOR-US: Csdn APP
-CVE-2021-41746
- RESERVED
+CVE-2021-41746 (SQL Injection vulnerability exists in all versions of Yonyou
TurboCRM. ...)
+ TODO: check
CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where
attackers can us ...)
NOT-FOR-US: ShowDoc
CVE-2021-41744 (All versions of yongyou PLM are affected by a command
injection issue. ...)
@@ -4444,12 +4444,12 @@ CVE-2021-41678
RESERVED
CVE-2021-41677
RESERVED
-CVE-2021-41676
- RESERVED
-CVE-2021-41675
- RESERVED
-CVE-2021-41674
- RESERVED
+CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy
Point o ...)
+ TODO: check
+CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in
Sourcecodester E- ...)
+ TODO: check
+CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester
E-Negosyo Syst ...)
+ TODO: check
CVE-2021-41673
RESERVED
CVE-2021-41672
@@ -4504,14 +4504,14 @@ CVE-2021-41648 (An un-authenticated SQL Injection
exists in PuneethReddyHC onlin
NOT-FOR-US: PuneethReddyHC online-shopping-system
CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL
injection vul ...)
NOT-FOR-US: Kaushik Jadhav Online Food Ordering Web App
-CVE-2021-41646
- RESERVED
-CVE-2021-41645
- RESERVED
-CVE-2021-41644
- RESERVED
-CVE-2021-41643
- RESERVED
+CVE-2021-41646 (Remote Code Execution (RCE) vulnerability exists in
Sourcecodester Onl ...)
+ TODO: check
+CVE-2021-41645 (Remote Code Execution (RCE) vulnerability exists in
Sourcecodester Bud ...)
+ TODO: check
+CVE-2021-41644 (Remote Code Exection (RCE) vulnerability exists in
Sourcecodester Onli ...)
+ TODO: check
+CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in
Sourcecodester Chu ...)
+ TODO: check
CVE-2021-41642
RESERVED
CVE-2021-41641
@@ -5526,14 +5526,14 @@ CVE-2021-41191 (Roblox-Purchasing-Hub is an open source
Roblox product purchasin
NOT-FOR-US: Roblox-Purchasing-Hub
CVE-2021-41190
RESERVED
-CVE-2021-41189
- RESERVED
+CVE-2021-41189 (DSpace is an open source turnkey repository application. In
version 7. ...)
+ TODO: check
CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to
5.7.6 c ...)
NOT-FOR-US: Shopware
CVE-2021-41187
RESERVED
-CVE-2021-41186
- RESERVED
+CVE-2021-41186 (Fluentd collects events from various data sources and writes
them to f ...)
+ TODO: check
CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system.
An exploi ...)
NOT-FOR-US: Mycodo
CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior
to vers ...)
@@ -7570,8 +7570,8 @@ CVE-2021-3757 (immer is vulnerable to Improperly
Controlled Modification of Obje
NOTE: https://github.com/immerjs/immer
CVE-2021-40331
RESERVED
-CVE-2021-3756
- RESERVED
+CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow ...)
+ TODO: check
CVE-2021-3755
REJECTED
CVE-2021-3754
@@ -10340,8 +10340,8 @@ CVE-2021-39181 (OpenOlat is a web-based learning
management system (LMS). Prior
NOT-FOR-US: OpenOlat
CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A
path trave ...)
NOT-FOR-US: OpenOLAT
-CVE-2021-39179
- RESERVED
+CVE-2021-39179 (DHIS 2 is an information system for data capture, management,
validati ...)
+ TODO: check
CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between
10.0.0 and 1 ...)
NOT-FOR-US: next.js
CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and
Minecraft: J ...)
@@ -14630,8 +14630,8 @@ CVE-2021-37404
RESERVED
CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive
Authent ...)
NOT-FOR-US: firefly-iii
-CVE-2021-3662
- RESERVED
+CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be
vulnerable to ...)
+ TODO: check
CVE-2021-3661
RESERVED
CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before
7.10.4-rev18 allows ...)
@@ -19725,8 +19725,8 @@ CVE-2021-35239 (A security researcher found a user with
Orion map manage rights
NOT-FOR-US: SolarWinds
CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through
URL POST ...)
NOT-FOR-US: Solarwinds
-CVE-2021-35237
- RESERVED
+CVE-2021-35237 (A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server
has left ...)
+ TODO: check
CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog
Server 9.7 ...)
NOT-FOR-US: SolarWinds
CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog
Server ...)
@@ -28018,8 +28018,8 @@ CVE-2021-31863 (Insufficient input validation in the
Git repository integration
- redmine <unfixed> (bug #990792)
NOTE: https://www.redmine.org/news/131
NOTE:
https://www.redmine.org/projects/redmine/repository/revisions/20962
-CVE-2021-31862
- RESERVED
+CVE-2021-31862 (SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp
parameter withou ...)
+ TODO: check
CVE-2021-31861
RESERVED
CVE-2021-31860
@@ -28681,14 +28681,14 @@ CVE-2021-31629
RESERVED
CVE-2021-31628
RESERVED
-CVE-2021-31627
- RESERVED
+CVE-2021-31627 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through
V15.03.05.19(6 ...)
+ TODO: check
CVE-2021-31626
RESERVED
CVE-2021-31625
RESERVED
-CVE-2021-31624
- RESERVED
+CVE-2021-31624 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through
V15.03.05.19(6 ...)
+ TODO: check
CVE-2021-31623
RESERVED
CVE-2021-31622
@@ -37314,8 +37314,8 @@ CVE-2021-28218
RESERVED
CVE-2021-28217
RESERVED
-CVE-2021-3441
- RESERVED
+CVE-2021-3441 (A potential security vulnerability has been identified for the
HP Offi ...)
+ TODO: check
CVE-2021-3440
RESERVED
CVE-2021-3439
@@ -52110,10 +52110,10 @@ CVE-2021-22040
RESERVED
CVE-2021-22039
RESERVED
-CVE-2021-22038
- RESERVED
-CVE-2021-22037
- RESERVED
+CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed
temporary ...)
+ TODO: check
+CVE-2021-22037 (Under certain circumstances, when manipulating the Windows
registry, I ...)
+ TODO: check
CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an
open redi ...)
NOT-FOR-US: VMware
CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a
CSV(Comma Se ...)
@@ -82851,8 +82851,8 @@ CVE-2020-22081
RESERVED
CVE-2020-22080
RESERVED
-CVE-2020-22079
- RESERVED
+CVE-2020-22079 (Stack-based buffer overflow in Tenda AC-10U AC1200 Router
US_AC10UV1.0 ...)
+ TODO: check
CVE-2020-22078
RESERVED
CVE-2020-22077
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/898e84b3194695cfed286c6a67beb0fb69042c0f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/898e84b3194695cfed286c6a67beb0fb69042c0f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
