Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
55d010c7 by security tracker role at 2021-11-04T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2021-43357
+ RESERVED
+CVE-2021-43350
+ RESERVED
+CVE-2021-43349
+ RESERVED
+CVE-2021-43348
+ RESERVED
+CVE-2021-43347
+ RESERVED
+CVE-2021-43346
+ RESERVED
+CVE-2021-43345
+ RESERVED
+CVE-2021-43344
+ RESERVED
+CVE-2021-43343
+ RESERVED
+CVE-2021-43342
+ RESERVED
+CVE-2021-43341
+ RESERVED
+CVE-2021-43340
+ RESERVED
+CVE-2021-43339 (In Ericsson Network Location MPS GMPC21, it is possible to
inject comm ...)
+ TODO: check
+CVE-2021-43338 (In Ericsson Network Location MPS GMPC21, it is possible to
creates a n ...)
+ TODO: check
+CVE-2021-43337
+ RESERVED
+CVE-2021-42743
+ RESERVED
+CVE-2021-3926
+ RESERVED
+CVE-2021-3925
+ RESERVED
+CVE-2021-33845
+ RESERVED
+CVE-2021-31559
+ RESERVED
+CVE-2021-26253
+ RESERVED
CVE-2021-43336
RESERVED
CVE-2021-43335
@@ -136,7 +178,7 @@ CVE-2021-43272
RESERVED
CVE-2021-43271
RESERVED
-CVE-2021-43270 (Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus)
3.1.0-dev-00148, 3. ...)
+CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail)
3.1.0-dev-00148, 3. ...)
NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus)
CVE-2021-43269
RESERVED
@@ -1698,8 +1740,8 @@ CVE-2015-20067 (The WP Attachment Export WordPress plugin
before 0.2.4 does not
NOT-FOR-US: WordPress plugin
CVE-2015-20019 (The Content text slider on post WordPress plugin before 6.9
does not s ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-43032
- RESERVED
+CVE-2021-43032 (In XenForo through 2.2.7, a threat actor with access to the
admin pane ...)
+ TODO: check
CVE-2021-43031
RESERVED
CVE-2021-43030
@@ -2255,7 +2297,7 @@ CVE-2021-42774
CVE-2021-42773
RESERVED
CVE-2021-42772
- RESERVED
+ REJECTED
CVE-2021-42771 (Babel.Locale in Babel before 2.9.1 allows attackers to load
arbitrary ...)
{DLA-2790-1}
- python-babel 2.8.0+dfsg.1-7 (bug #987824)
@@ -6262,8 +6304,8 @@ CVE-2021-41564 (Tad Honor viewing book list function is
vulnerable to authorizat
NOT-FOR-US: Tad Honor
CVE-2021-41563 (Tad Book3 editing book function does not filter special
characters. Un ...)
NOT-FOR-US: Tad Book3
-CVE-2021-41562
- RESERVED
+CVE-2021-41562 (A vulnerability in Snow Snow Agent for Windows allows a
non-admin user ...)
+ TODO: check
CVE-2021-41561
RESERVED
CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk
software is ...)
@@ -6427,8 +6469,8 @@ CVE-2021-41494
RESERVED
CVE-2021-41493
RESERVED
-CVE-2021-41492
- RESERVED
+CVE-2021-41492 (Multiple SQL Injection vulnerabilities exist in Sourcecodester
Simple ...)
+ TODO: check
CVE-2021-41491
RESERVED
CVE-2021-41490
@@ -6782,7 +6824,7 @@ CVE-2021-41324 (Directory traversal in the Copy, Move,
and Delete features in Py
NOT-FOR-US: Pydio Cells
CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells
2.2.9 allow ...)
NOT-FOR-US: Pydio Cells
-CVE-2021-41322 (Polycom VVX 400/410 version 5.3.1 allows low-privileged users
to chang ...)
+CVE-2021-41322 (Poly VVX 400/410 5.3.1 allows low-privileged users to change
the Admin ...)
NOT-FOR-US: Poly VVX 400/410
CVE-2021-41321
RESERVED
@@ -17612,7 +17654,7 @@ CVE-2021-36801 (Akaunting version 2.1.12 and earlier
suffers from an authenticat
NOT-FOR-US: Akaunting
CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code
injection iss ...)
NOT-FOR-US: Akaunting
-CVE-2021-36799 (Hard-coded password and salt for encryption of project files
in KNX As ...)
+CVE-2021-36799 (** UNSUPPORTED WHEN ASSIGNED ** KNX ETS5 through 5.7.6 uses
the hard-c ...)
NOT-FOR-US: KNX ETS5
CVE-2021-36798 (A Denial-of-Service (DoS) vulnerability was discovered in Team
Server ...)
NOT-FOR-US: HelpSystems Cobalt Strike
@@ -21763,8 +21805,8 @@ CVE-2021-3610 [heap-based buffer overflow in
ReadTIFFImage() in coders/tiff.c]
RESERVED
- imagemagick <not-affected> (Specific to Imagemagick 7)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
-CVE-2021-35053
- RESERVED
+CVE-2021-35053 (Possible system denial of service in case of arbitrary
changing Firefo ...)
+ TODO: check
CVE-2021-35052
RESERVED
CVE-2021-35051
@@ -24655,8 +24697,8 @@ CVE-2021-33802
RESERVED
CVE-2021-33801
RESERVED
-CVE-2021-33800
- RESERVED
+CVE-2021-33800 (In Druid 1.2.3, visiting the path with parameter in a certain
function ...)
+ TODO: check
CVE-2021-33799
RESERVED
CVE-2021-33798
@@ -40282,7 +40324,8 @@ CVE-2021-27725
RESERVED
CVE-2021-27724
RESERVED
-CVE-2021-27723 (An issue was discovered in Nsasoft US LLC Product Key Explorer
4.2.7. ...)
+CVE-2021-27723
+ REJECTED
NOT-FOR-US: Nsasoft US LLC Product Key Explorer
CVE-2021-27722 (An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5.
The progr ...)
NOT-FOR-US: Nsasoft US LLC SpotAuditor
@@ -51526,8 +51569,7 @@ CVE-2021-22962
RESERVED
CVE-2021-22961 (A code injection vulnerability exists within the firewall
software of ...)
NOT-FOR-US: GlassWire
-CVE-2021-22960 [HTTP Request Smuggling when parsing the body]
- RESERVED
+CVE-2021-22960 (The parse function in llhttp < 2.1.4 and < 6.0.6.
ignores chunk ...)
- nodejs 12.22.7~dfsg-1
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by
security support)
NOTE:
https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-when-parsing-the-body-medium-cve-2021-22960
@@ -100420,7 +100462,7 @@ CVE-2020-14935 (Buffer overflows were discovered in
Contiki-NG 4.4 through 4.5,
NOT-FOR-US: Contiki-NG
CVE-2020-14934 (Buffer overflows were discovered in Contiki-NG 4.4 through
4.5, in the ...)
NOT-FOR-US: Contiki-NG
-CVE-2020-14933 (compose.php in SquirrelMail 1.4.22 calls unserialize for the
$attachme ...)
+CVE-2020-14933 (** DISPUTED ** compose.php in SquirrelMail 1.4.22 calls
unserialize fo ...)
- squirrelmail <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1
CVE-2020-14932 (compose.php in SquirrelMail 1.4.22 calls unserialize for the
$mailtoda ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55d010c7bd95e3fd59053c0bbc31993d9861eeeb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55d010c7bd95e3fd59053c0bbc31993d9861eeeb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
