[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 05 Nov 2021 13:10:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7b787ebe by security tracker role at 2021-11-05T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2021-43409
+       RESERVED
+CVE-2021-43408
+       RESERVED
+CVE-2021-43407
+       RESERVED
+CVE-2021-43406 (An issue was discovered in FusionPBX before 4.5.30. The 
fax_post_size  ...)
+       TODO: check
+CVE-2021-43405 (An issue was discovered in FusionPBX before 4.5.30. The 
fax_extension  ...)
+       TODO: check
+CVE-2021-43404 (An issue was discovered in FusionPBX before 4.5.30. The FAX 
file name  ...)
+       TODO: check
+CVE-2021-43403 (An issue was discovered in FusionPBX before 4.5.30. The 
log_viewer.php ...)
+       TODO: check
+CVE-2021-43402
+       RESERVED
+CVE-2021-43401
+       RESERVED
+CVE-2021-3931
+       RESERVED
+CVE-2021-3930
+       RESERVED
+CVE-2021-3929
+       RESERVED
 CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A 
use-after- ...)
        - bluez <unfixed> (bug #998626)
        NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8
@@ -93,10 +117,10 @@ CVE-2021-43359
        RESERVED
 CVE-2021-43358
        RESERVED
-CVE-2021-3928
-       RESERVED
-CVE-2021-3927
-       RESERVED
+CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...)
+       TODO: check
+CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
+       TODO: check
 CVE-2021-43357
        RESERVED
 CVE-2021-43350
@@ -219,8 +243,8 @@ CVE-2021-43298
        RESERVED
 CVE-2021-43297
        RESERVED
-CVE-2021-3924
-       RESERVED
+CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a 
Restricte ...)
+       TODO: check
 CVE-2021-23222
        RESERVED
 CVE-2021-23214
@@ -1668,8 +1692,8 @@ CVE-2021-43085
        RESERVED
 CVE-2021-43084
        RESERVED
-CVE-2021-3916
-       RESERVED
+CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to 
a Rest ...)
+       TODO: check
 CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF 
check whe ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-43083
@@ -2256,8 +2280,8 @@ CVE-2021-42839
        RESERVED
 CVE-2021-42838
        RESERVED
-CVE-2021-42837
-       RESERVED
+CVE-2021-42837 (An issue was discovered in Talend Data Catalog before 
7.3-20210930. Af ...)
+       TODO: check
 CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial 
of servic ...)
        - golang-github-tidwall-gjson <unfixed>
        NOTE: 
https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
@@ -2580,14 +2604,14 @@ CVE-2021-42703
        RESERVED
 CVE-2021-42702
        RESERVED
-CVE-2021-42701
-       RESERVED
+CVE-2021-42701 (An attacker could prepare a specially crafted project file 
that, if op ...)
+       TODO: check
 CVE-2021-42700
        RESERVED
-CVE-2021-42699
-       RESERVED
-CVE-2021-42698
-       RESERVED
+CVE-2021-42699 (The affected product is vulnerable to cookie information being 
transmi ...)
+       TODO: check
+CVE-2021-42698 (Project files are stored memory objects in the form of binary 
serializ ...)
+       TODO: check
 CVE-2021-42697 (Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack 
exhausti ...)
        NOT-FOR-US: Akka HTTP
 CVE-2021-42696
@@ -2640,26 +2664,26 @@ CVE-2021-42673
        RESERVED
 CVE-2021-42672
        RESERVED
-CVE-2021-42671
-       RESERVED
-CVE-2021-42670
-       RESERVED
-CVE-2021-42669
-       RESERVED
-CVE-2021-42668
-       RESERVED
-CVE-2021-42667
-       RESERVED
-CVE-2021-42666
-       RESERVED
-CVE-2021-42665
-       RESERVED
-CVE-2021-42664
-       RESERVED
-CVE-2021-42663
-       RESERVED
-CVE-2021-42662
-       RESERVED
+CVE-2021-42671 (An incorrect access control vulnerability exists in 
Sourcecodester Eng ...)
+       TODO: check
+CVE-2021-42670 (A SQL injection vulnerability exists in Sourcecodester 
Engineers Onlin ...)
+       TODO: check
+CVE-2021-42669 (A file upload vulnerability exists in Sourcecodester Engineers 
Online  ...)
+       TODO: check
+CVE-2021-42668 (A SQL Injection vulnerability exists in Sourcecodester 
Engineers Onlin ...)
+       TODO: check
+CVE-2021-42667 (A SQL Injection vulnerability exists in Sourcecodester Online 
Event Bo ...)
+       TODO: check
+CVE-2021-42666 (A SQL Injection vulnerability exists in Sourcecodester 
Engineers Onlin ...)
+       TODO: check
+CVE-2021-42665 (An SQL Injection vulnerability exists in Sourcecodester 
Engineers Onli ...)
+       TODO: check
+CVE-2021-42664 (A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in 
Sourcecod ...)
+       TODO: check
+CVE-2021-42663 (An HTML injection vulnerability exists in Sourcecodester 
Online Event  ...)
+       TODO: check
+CVE-2021-42662 (A Stored Cross Site Scripting (XSS) vulnerability exists in 
Sourcecode ...)
+       TODO: check
 CVE-2021-42661
        RESERVED
 CVE-2021-42660
@@ -2920,8 +2944,8 @@ CVE-2021-42545
        RESERVED
 CVE-2021-42544
        RESERVED
-CVE-2021-42543
-       RESERVED
+CVE-2021-42543 (The affected application uses specific functions that could be 
abused  ...)
+       TODO: check
 CVE-2021-42542 (The affected product is vulnerable to directory traversal due 
to misha ...)
        NOT-FOR-US: Emerson
 CVE-2021-42541
@@ -4340,7 +4364,7 @@ CVE-2021-42345
        RESERVED
 CVE-2021-42344
        RESERVED
-CVE-2021-42343 (An issue was discovered in Dask (aka python-dask) through 
2021.09.1. S ...)
+CVE-2021-42343 (An issue was discovered in the Dask distributed package before 
2021.10 ...)
        - dask <unfixed>
        TODO: check details if fixed upstream in 2021.10.0
 CVE-2021-42342 (An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. 
In the fi ...)
@@ -4809,8 +4833,8 @@ CVE-2021-42239
        RESERVED
 CVE-2021-42238
        RESERVED
-CVE-2021-42237
-       RESERVED
+CVE-2021-42237 (Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is 
vulnera ...)
+       TODO: check
 CVE-2021-42236
        RESERVED
 CVE-2021-42235
@@ -7442,6 +7466,7 @@ CVE-2021-41101 (wire-server is an open-source back end 
for Wire, a secure collab
 CVE-2021-41100 (Wire-server is the backing server for the open source wire 
secure mess ...)
        NOT-FOR-US: wire-server
 CVE-2021-41099 (Redis is an open source, in-memory database that persists on 
disk. An  ...)
+       {DSA-5001-1 DLA-2810-1}
        - redis 5:6.0.16-1
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph
 CVE-2021-41098 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader 
parsers wit ...)
@@ -7509,6 +7534,7 @@ CVE-2021-3803 (nth-check is vulnerable to Inefficient 
Regular Expression Complex
        NOT-FOR-US: nth-check
 CVE-2021-3802
        RESERVED
+       {DLA-2809-1}
        - udisks2 2.9.4-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649
        NOTE: 
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
@@ -11356,18 +11382,18 @@ CVE-2021-39418
        RESERVED
 CVE-2021-39417
        RESERVED
-CVE-2021-39416
-       RESERVED
+CVE-2021-39416 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in 
Remote C ...)
+       TODO: check
 CVE-2021-39415
        RESERVED
 CVE-2021-39414
        RESERVED
-CVE-2021-39413
-       RESERVED
-CVE-2021-39412
-       RESERVED
-CVE-2021-39411
-       RESERVED
+CVE-2021-39413 (Multiple Cross Site Scripting (XSS) vulnerabilities exits in 
SEO Panel ...)
+       TODO: check
+CVE-2021-39412 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in 
PHPGuruk ...)
+       TODO: check
+CVE-2021-39411 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in 
PHPGuruku ...)
+       TODO: check
 CVE-2021-39410
        RESERVED
 CVE-2021-39409
@@ -21199,8 +21225,7 @@ CVE-2021-35370
        RESERVED
 CVE-2021-35369
        RESERVED
-CVE-2021-35368 [CRS Request Body Bypass]
-       RESERVED
+CVE-2021-35368 (OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x 
before 3.2.1 ...)
        - modsecurity-crs 3.3.2-1 (bug #992000)
        [bullseye] - modsecurity-crs 3.3.0-1+deb11u1
        [buster] - modsecurity-crs 3.1.0-1+deb10u2
@@ -27387,6 +27412,7 @@ CVE-2021-32764 (Discourse is an open-source discussion 
platform. In Discourse ve
 CVE-2021-32763 (OpenProject is open-source, web-based project management 
software. In  ...)
        NOT-FOR-US: OpenProject
 CVE-2021-32762 (Redis is an open source, in-memory database that persists on 
disk. The ...)
+       {DSA-5001-1 DLA-2810-1}
        - redis 5:6.0.16-1
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr
 CVE-2021-32761 (Redis is an in-memory database that persists on disk. A 
vulnerability  ...)
@@ -27594,6 +27620,7 @@ CVE-2021-32689 (Nextcloud Talk is a fully on-premises 
audio/video and chat commu
 CVE-2021-32688 (Nextcloud Server is a Nextcloud package that handles data 
storage. Nex ...)
        - nextcloud-server <itp> (bug #941708)
 CVE-2021-32687 (Redis is an open source, in-memory database that persists on 
disk. An  ...)
+       {DSA-5001-1 DLA-2810-1}
        - redis 5:6.0.16-1
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q
 CVE-2021-32686 (PJSIP is a free and open source multimedia communication 
library writt ...)
@@ -27631,6 +27658,7 @@ CVE-2021-32677 (FastAPI is a web framework for building 
APIs with Python 3.6+ ba
 CVE-2021-32676 (Nextcloud Talk is a fully on-premises audio/video and chat 
communicati ...)
        NOT-FOR-US: Nextcloud Talk
 CVE-2021-32675 (Redis is an open source, in-memory database that persists on 
disk. Whe ...)
+       {DSA-5001-1 DLA-2810-1}
        - redis 5:6.0.16-1
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p
 CVE-2021-32674 (Zope is an open-source web application server. This advisory 
extends t ...)
@@ -27638,6 +27666,7 @@ CVE-2021-32674 (Zope is an open-source web application 
server. This advisory ext
 CVE-2021-32673 (reg-keygen-git-hash-plugin is a reg-suit plugin to detect the 
snapshot ...)
        NOT-FOR-US: reg-keygen-git-hash-plugin
 CVE-2021-32672 (Redis is an open source, in-memory database that persists on 
disk. Whe ...)
+       {DSA-5001-1 DLA-2810-1}
        - redis 5:6.0.16-1
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm
 CVE-2021-32671 (Flarum is a forum software for building communities. Flarum's 
translat ...)
@@ -27735,14 +27764,17 @@ CVE-2021-32630 (Admidio is a free, open source user 
management system for websit
 CVE-2021-32629 (Cranelift is an open-source code generator maintained by 
Bytecode Alli ...)
        NOT-FOR-US: Cranelift
 CVE-2021-32628 (Redis is an open source, in-memory database that persists on 
disk. An  ...)
+       {DSA-5001-1}
        - redis 5:6.0.16-1
        [stretch] - redis <no-dsa> (Minor issue; invasive patch)
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr
 CVE-2021-32627 (Redis is an open source, in-memory database that persists on 
disk. In  ...)
+       {DSA-5001-1}
        - redis 5:6.0.16-1
        [stretch] - redis <no-dsa> (Minor issue; invasive patch)
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v
 CVE-2021-32626 (Redis is an open source, in-memory database that persists on 
disk. In  ...)
+       {DSA-5001-1 DLA-2810-1}
        - redis 5:6.0.16-1
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c
 CVE-2021-32625 (Redis is an open source (BSD licensed), in-memory data 
structure store ...)
@@ -35350,8 +35382,8 @@ CVE-2021-29755
        RESERVED
 CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is 
vulnerable  ...)
        NOT-FOR-US: IBM
-CVE-2021-29753
-       RESERVED
+CVE-2021-29753 (IBM Business Automation Workflow 18. 19, 20, 21, and IBM 
Business Proc ...)
+       TODO: check
 CVE-2021-29752 (IBM Db2 11.2 and 11.5 contains an information disclosure 
vulnerability ...)
        NOT-FOR-US: IBM
 CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM 
Business ...)
@@ -42442,8 +42474,8 @@ CVE-2021-26846
        RESERVED
 CVE-2021-26845 (Information Exposure vulnerability in Hitachi ABB Power Grids 
eSOMS al ...)
        NOT-FOR-US: Hitachi
-CVE-2021-26844
-       RESERVED
+CVE-2021-26844 (A cross-site scripting (XSS) vulnerability in Power Admin PA 
Server Mo ...)
+       TODO: check
 CVE-2021-26843 (An issue was discovered in sthttpd through 2.27.1. On systems 
where th ...)
        - thttpd <removed>
 CVE-2020-36243 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command 
Injecti ...)
@@ -81592,12 +81624,12 @@ CVE-2020-23569
        RESERVED
 CVE-2020-23568
        RESERVED
-CVE-2020-23567
-       RESERVED
-CVE-2020-23566
-       RESERVED
-CVE-2020-23565
-       RESERVED
+CVE-2020-23567 (Irfanview v4.53 allows attackers to to cause a denial of 
service (DoS) ...)
+       TODO: check
+CVE-2020-23566 (Irfanview v4.53 was discovered to contain an infinity loop via 
JPEG200 ...)
+       TODO: check
+CVE-2020-23565 (Irfanview v4.53 allows attackers to execute arbitrary code via 
a craft ...)
+       TODO: check
 CVE-2020-23564
        RESERVED
 CVE-2020-23563



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b787ebe8da7911eeaf8e4c79463250ed0153c16

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b787ebe8da7911eeaf8e4c79463250ed0153c16
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to