Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cf217137 by security tracker role at 2021-11-13T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2021-43615
+ RESERVED
+CVE-2021-43614
+ RESERVED
+CVE-2021-43613
+ RESERVED
+CVE-2021-43612
+ RESERVED
+CVE-2021-43611 (Belledonne Belle-sip before 5.0.20 can crash applications such
as Linp ...)
+ TODO: check
+CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such
as Linp ...)
+ TODO: check
+CVE-2021-43609
+ RESERVED
+CVE-2021-43608
+ RESERVED
+CVE-2021-43607
+ RESERVED
+CVE-2021-43606
+ RESERVED
+CVE-2021-43605
+ RESERVED
+CVE-2021-43604
+ RESERVED
+CVE-2021-43603
+ RESERVED
+CVE-2021-43602
+ RESERVED
+CVE-2021-43601
+ RESERVED
+CVE-2021-43600
+ RESERVED
+CVE-2021-43599
+ RESERVED
+CVE-2021-43598
+ RESERVED
+CVE-2021-43597
+ RESERVED
+CVE-2021-43596
+ RESERVED
+CVE-2021-43595
+ RESERVED
+CVE-2021-43594
+ RESERVED
+CVE-2021-43593
+ RESERVED
+CVE-2021-43592
+ RESERVED
+CVE-2021-43591
+ RESERVED
+CVE-2021-43590
+ RESERVED
+CVE-2021-43589
+ RESERVED
+CVE-2021-43588
+ RESERVED
+CVE-2021-43587
+ RESERVED
+CVE-2021-43586
+ RESERVED
+CVE-2021-43585
+ RESERVED
+CVE-2021-43584
+ RESERVED
+CVE-2021-43583
+ RESERVED
+CVE-2021-3956
+ RESERVED
+CVE-2021-3955
+ RESERVED
+CVE-2021-3954
+ RESERVED
+CVE-2021-3953
+ RESERVED
+CVE-2021-3952
+ RESERVED
+CVE-2021-3951
+ RESERVED
CVE-2021-43582
RESERVED
CVE-2021-43581
@@ -622,10 +700,10 @@ CVE-2021-43334
RESERVED
CVE-2021-43333
RESERVED
-CVE-2021-43332
- RESERVED
-CVE-2021-43331
- RESERVED
+CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the
Cgi/admindb.py ad ...)
+ TODO: check
+CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted URL to the
Cgi/options.py user ...)
+ TODO: check
CVE-2021-43330
RESERVED
CVE-2021-43329
@@ -3372,8 +3450,8 @@ CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS
via the UID parameter. .
NOT-FOR-US: myfactory.FMS
CVE-2021-42564
RESERVED
-CVE-2021-42563
- RESERVED
+CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator
(nisvcloc.exe) ...)
+ TODO: check
CVE-2021-3893
RESERVED
CVE-2021-42562
@@ -6354,8 +6432,8 @@ CVE-2021-41830 (It is possible for an attacker to
manipulate signed documents an
NOT-FOR-US: Apache OpenOffice
CVE-2021-3844
RESERVED
-CVE-2021-3843
- RESERVED
+CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM
in some ...)
+ TODO: check
CVE-2021-3842
RESERVED
CVE-2021-3841
@@ -6459,8 +6537,8 @@ CVE-2021-41789
RESERVED
CVE-2021-41788
RESERVED
-CVE-2021-3840
- RESERVED
+CVE-2021-3840 (A dependency confusion vulnerability was reported in the
Antilles open ...)
+ TODO: check
CVE-2021-41787
RESERVED
CVE-2021-41786
@@ -7746,8 +7824,8 @@ CVE-2021-41231
RESERVED
CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In
affected ve ...)
NOT-FOR-US: Pomerium
-CVE-2021-41229
- RESERVED
+CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected
versions a ...)
+ TODO: check
CVE-2021-41228 (TensorFlow is an open source platform for machine learning. In
affecte ...)
- tensorflow <itp> (bug #804612)
CVE-2021-41227 (TensorFlow is an open source platform for machine learning. In
affecte ...)
@@ -8713,22 +8791,22 @@ CVE-2021-40820
RESERVED
CVE-2021-40819
RESERVED
-CVE-2021-3793
- RESERVED
-CVE-2021-3792
- RESERVED
-CVE-2021-3791
- RESERVED
-CVE-2021-3790
- RESERVED
-CVE-2021-3789
- RESERVED
-CVE-2021-3788
- RESERVED
-CVE-2021-3787
- RESERVED
-CVE-2021-3786
- RESERVED
+CVE-2021-3793 (An improper access control vulnerability was reported in some
Motorola ...)
+ TODO: check
+CVE-2021-3792 (Some device communications in some Motorola-branded Binatone
Hubble Ca ...)
+ TODO: check
+CVE-2021-3791 (An information disclosure vulnerability was reported in some
Motorola- ...)
+ TODO: check
+CVE-2021-3790 (A buffer overflow was reported in the local web server of some
Motorol ...)
+ TODO: check
+CVE-2021-3789 (An information disclosure vulnerability was reported in some
Motorola- ...)
+ TODO: check
+CVE-2021-3788 (An exposed debug interface was reported in some
Motorola-branded Binat ...)
+ TODO: check
+CVE-2021-3787 (A vulnerability was reported in some Motorola-branded Binatone
Hubble ...)
+ TODO: check
+CVE-2021-3786 (A potential vulnerability in the SMI callback function used in
CSME co ...)
+ TODO: check
CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During
Web Pa ...)
NOT-FOR-US: yourls
CVE-2021-3784
@@ -12250,8 +12328,8 @@ CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site
Request Forgery (CSRF) ..
NOT-FOR-US: firefly-iii
CVE-2020-36474 (SafeCurl before 0.9.2 has a DNS rebinding vulnerability. ...)
NOT-FOR-US: SafeCurl
-CVE-2021-39303
- RESERVED
+CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has a vulnerability
affecting in ...)
+ TODO: check
CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection
via the ...)
NOT-FOR-US: MISP
CVE-2021-39301
@@ -12299,18 +12377,18 @@ CVE-2021-39293
NOTE:
https://github.com/golang/go/commit/6c480017ae600b2c90a264a922e041df04dfa785
(1.16.8)
CVE-2021-39292
RESERVED
-CVE-2021-3723
- RESERVED
+CVE-2021-3723 (A command injection vulnerability was reported in the
Integrated Manag ...)
+ TODO: check
CVE-2021-3722
RESERVED
CVE-2021-3721
RESERVED
-CVE-2021-3720
- RESERVED
-CVE-2021-3719
- RESERVED
-CVE-2021-3718
- RESERVED
+CVE-2021-3720 (An information disclosure vulnerability was reported in the
Time Weath ...)
+ TODO: check
+CVE-2021-3719 (A potential vulnerability in the SMI callback function that
saves and ...)
+ TODO: check
+CVE-2021-3718 (A denial of service vulnerability was reported in some ThinkPad
models ...)
+ TODO: check
CVE-2021-39291 (Certain NetModule devices allow credentials via GET parameters
to CLI- ...)
NOT-FOR-US: NetModule devices
CVE-2021-39290 (Certain NetModule devices allow Limited Session Fixation via
PHPSESSID ...)
@@ -13770,8 +13848,8 @@ CVE-2021-38686
RESERVED
CVE-2021-38685
RESERVED
-CVE-2021-38684
- RESERVED
+CVE-2021-38684 (A stack buffer overflow vulnerability has been reported to
affect QNAP ...)
+ TODO: check
CVE-2021-38683
RESERVED
CVE-2021-38682
@@ -19496,12 +19574,12 @@ CVE-2021-36327
RESERVED
CVE-2021-36326
RESERVED
-CVE-2021-36325
- RESERVED
-CVE-2021-36324
- RESERVED
-CVE-2021-36323
- RESERVED
+CVE-2021-36325 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
+ TODO: check
+CVE-2021-36324 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
+ TODO: check
+CVE-2021-36323 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
+ TODO: check
CVE-2021-36322
RESERVED
CVE-2021-36321
@@ -19516,8 +19594,8 @@ CVE-2021-36317
RESERVED
CVE-2021-36316
RESERVED
-CVE-2021-36315
- RESERVED
+CVE-2021-36315 (Dell EMC PowerScale Nodes contain a hardware design flaw. This
may all ...)
+ TODO: check
CVE-2021-36314
RESERVED
CVE-2021-36313
@@ -19536,8 +19614,8 @@ CVE-2021-36307
RESERVED
CVE-2021-36306
RESERVED
-CVE-2021-36305
- RESERVED
+CVE-2021-36305 (Dell PowerScale OneFS contains an Unsynchronized Access to
Shared Data ...)
+ TODO: check
CVE-2021-36304
RESERVED
CVE-2021-36303
@@ -23391,8 +23469,8 @@ CVE-2021-3600
[buster] - linux 4.19.208-1
NOTE:
https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90
NOTE: https://www.openwall.com/lists/oss-security/2021/06/23/1
-CVE-2021-3599
- RESERVED
+CVE-2021-3599 (A potential vulnerability in the SMI callback function used to
access ...)
+ TODO: check
CVE-2021-34681
RESERVED
CVE-2021-34680
@@ -24161,8 +24239,8 @@ CVE-2021-34359
RESERVED
CVE-2021-34358
RESERVED
-CVE-2021-34357
- RESERVED
+CVE-2021-34357 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
CVE-2021-34356 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
NOT-FOR-US: QNAP
CVE-2021-34355 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
@@ -25415,8 +25493,8 @@ CVE-2021-33806 (The BDew BdLib library before 1.16.1.7
for Minecraft allows remo
NOT-FOR-US: BDew BdLib library
CVE-2021-33805
REJECTED
-CVE-2021-3577
- RESERVED
+CVE-2021-3577 (An unauthenticated remote code execution vulnerability was
reported in ...)
+ TODO: check
CVE-2021-3576 (Execution with Unnecessary Privileges vulnerability in
Bitdefender End ...)
NOT-FOR-US: Bitdefender
CVE-2021-3575 [heap-buffer-overflow in color.c may lead to DoS]
@@ -30440,8 +30518,8 @@ CVE-2021-31868 (Rapid7 Nexpose version 6.6.95 and
earlier allows authenticated u
NOT-FOR-US: Rapid7 Nexpose
CVE-2021-31867 (Pimcore Customer Data Framework version 3.0.0 and earlier
suffers from ...)
NOT-FOR-US: Pimcore
-CVE-2021-3519
- RESERVED
+CVE-2021-3519 (A vulnerability was reported in some Lenovo Desktop models that
could ...)
+ TODO: check
CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker
to lear ...)
{DLA-2658-1}
- redmine <unfixed> (bug #990792)
@@ -55841,8 +55919,8 @@ CVE-2021-21530 (Dell OpenManage Enterprise-Modular
(OME-M) versions prior to 1.3
NOT-FOR-US: Dell
CVE-2021-21529 (Dell System Update (DSU) 1.9 and earlier versions contain a
denial of ...)
NOT-FOR-US: Dell System Update (DSU)
-CVE-2021-21528
- RESERVED
+CVE-2021-21528 (Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x
contain an ...)
+ TODO: check
CVE-2021-21527 (Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper
neutralization o ...)
NOT-FOR-US: Dell
CVE-2021-21526 (Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege
escalation in ...)
@@ -87581,8 +87659,8 @@ CVE-2020-21143
RESERVED
CVE-2020-21142 (Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the
IPfire ...)
NOT-FOR-US: IPFire
-CVE-2020-21141
- RESERVED
+CVE-2020-21141 (iCMS v7.0.15 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
CVE-2020-21140
RESERVED
CVE-2020-21139 (EC Cloud E-Commerce System v1.3 was discovered to contain a
Cross-Site ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf217137e527b8b17b0eb359754f11d90818a232
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf217137e527b8b17b0eb359754f11d90818a232
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
