Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
998250bc by security tracker role at 2021-11-30T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2021-44464
+ RESERVED
+CVE-2021-44453
+ RESERVED
+CVE-2021-44451
+ RESERVED
+CVE-2021-44450
+ RESERVED
+CVE-2021-44449
+ RESERVED
+CVE-2021-44448
+ RESERVED
+CVE-2021-44447
+ RESERVED
+CVE-2021-44446
+ RESERVED
+CVE-2021-44445
+ RESERVED
+CVE-2021-44444
+ RESERVED
+CVE-2021-44443
+ RESERVED
+CVE-2021-44442
+ RESERVED
+CVE-2021-44441
+ RESERVED
+CVE-2021-44440
+ RESERVED
+CVE-2021-44439
+ RESERVED
+CVE-2021-44438
+ RESERVED
+CVE-2021-44437
+ RESERVED
+CVE-2021-44436
+ RESERVED
+CVE-2021-44435
+ RESERVED
+CVE-2021-44434
+ RESERVED
+CVE-2021-44433
+ RESERVED
+CVE-2021-44432
+ RESERVED
+CVE-2021-44431
+ RESERVED
+CVE-2021-44430
+ RESERVED
+CVE-2021-43355
+ RESERVED
+CVE-2021-41835
+ RESERVED
+CVE-2021-4035
+ RESERVED
+CVE-2021-33848
+ RESERVED
+CVE-2021-33846
+ RESERVED
+CVE-2021-33843
+ RESERVED
+CVE-2021-31562
+ RESERVED
+CVE-2021-23236
+ RESERVED
+CVE-2021-23233
+ RESERVED
+CVE-2021-23207
+ RESERVED
+CVE-2021-23196
+ RESERVED
+CVE-2021-23195
+ RESERVED
CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of
service (daem ...)
NOT-FOR-US: Serva
CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of
service (daem ...)
@@ -520,8 +592,8 @@ CVE-2022-21744
RESERVED
CVE-2022-21743
RESERVED
-CVE-2021-44230
- RESERVED
+CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on
Windows ha ...)
+ TODO: check
CVE-2021-44229
RESERVED
CVE-2021-44228
@@ -1145,8 +1217,8 @@ CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before
1.4.12 is prone to a po
- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
NOTE:
https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1
(1.4.12)
NOTE:
https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa
(1.3.17)
-CVE-2021-43998
- RESERVED
+CVE-2021-43998 (HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and
1.8.4 temp ...)
+ TODO: check
CVE-2021-43997 (Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and
ARMv8-M MPU p ...)
NOT-FOR-US: Amazon FreeRTOS
CVE-2021-43996 (The Ignition component before 1.16.15, and 2.0.x before 2.0.6,
for Lar ...)
@@ -1834,8 +1906,8 @@ CVE-2021-43773
RESERVED
CVE-2021-43772
RESERVED
-CVE-2021-43771
- RESERVED
+CVE-2021-43771 (Trend Micro Antivirus for Mac 2021 v11 (Consumer) is
vulnerable to an ...)
+ TODO: check
CVE-2021-3964
RESERVED
CVE-2021-3963 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -3769,8 +3841,8 @@ CVE-2021-43321
RESERVED
CVE-2021-43320
RESERVED
-CVE-2021-43319
- RESERVED
+CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488
is vulne ...)
+ TODO: check
CVE-2021-43318
RESERVED
CVE-2021-43317
@@ -3835,12 +3907,12 @@ CVE-2021-23214
- postgresql-9.6 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
NOTE:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=046c2c846b741a12e7fd61d8d86bf324a20e3dfc
(REL9_6_24)
-CVE-2021-43296
- RESERVED
-CVE-2021-43295
- RESERVED
-CVE-2021-43294
- RESERVED
+CVE-2021-43296 (Zoho ManageEngine SupportCenter Plus before 11016 is
vulnerable to an ...)
+ TODO: check
+CVE-2021-43295 (Zoho ManageEngine SupportCenter Plus before 11016 is
vulnerable to Ref ...)
+ TODO: check
+CVE-2021-43294 (Zoho ManageEngine SupportCenter Plus before 11016 is
vulnerable to Ref ...)
+ TODO: check
CVE-2021-43293 (Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a
remote au ...)
NOT-FOR-US: Sonatype
CVE-2021-43292
@@ -3859,12 +3931,12 @@ CVE-2021-43286
RESERVED
CVE-2021-43285
RESERVED
-CVE-2021-43284
- RESERVED
-CVE-2021-43283
- RESERVED
-CVE-2021-43282
- RESERVED
+CVE-2021-43284 (An issue was discovered on Victure WR1200 devices through
1.0.3. The r ...)
+ TODO: check
+CVE-2021-43283 (An issue was discovered on Victure WR1200 devices through
1.0.3. A com ...)
+ TODO: check
+CVE-2021-43282 (An issue was discovered on Victure WR1200 devices through
1.0.3. The d ...)
+ TODO: check
CVE-2021-43281 (MyBB before 1.8.29 allows Remote Code Injection by an admin
with the " ...)
NOT-FOR-US: MyBB
CVE-2021-43280 (A stack-based buffer overflow vulnerability exists in the DWF
file rea ...)
@@ -5036,8 +5108,8 @@ CVE-2021-3919
RESERVED
CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the
OAuth2 a ...)
NOT-FOR-US: JetBrains Ktor
-CVE-2021-43202
- RESERVED
+CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options
header is m ...)
+ TODO: check
CVE-2021-43201 (In JetBrains TeamCity before 2021.1.3, a newly created project
could t ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2021-43200 (In JetBrains TeamCity before 2021.1.2, permission checks in
the Agent ...)
@@ -6570,10 +6642,10 @@ CVE-2021-42547
RESERVED
CVE-2021-42546
RESERVED
-CVE-2021-42545
- RESERVED
-CVE-2021-42544
- RESERVED
+CVE-2021-42545 (An insufficient session expiration vulnerability exists in
Business-DN ...)
+ TODO: check
+CVE-2021-42544 (Missing Rate Limiting in Web Applications operating on
Business-DNA So ...)
+ TODO: check
CVE-2021-42543 (The affected application uses specific functions that could be
abused ...)
NOT-FOR-US: AzeoTech
CVE-2021-42542 (The affected product is vulnerable to directory traversal due
to misha ...)
@@ -8760,24 +8832,24 @@ CVE-2021-42125
RESERVED
CVE-2021-42124
RESERVED
-CVE-2021-42123
- RESERVED
-CVE-2021-42122
- RESERVED
-CVE-2021-42121
- RESERVED
-CVE-2021-42120
- RESERVED
-CVE-2021-42119
- RESERVED
-CVE-2021-42118
- RESERVED
-CVE-2021-42117
- RESERVED
-CVE-2021-42116
- RESERVED
-CVE-2021-42115
- RESERVED
+CVE-2021-42123 (Unrestricted File Upload in Web Applications operating on
Business-DNA ...)
+ TODO: check
+CVE-2021-42122 (Insufficient Input Validation in Web Applications operating on
Busines ...)
+ TODO: check
+CVE-2021-42121 (Insufficient Input Validation in Web Applications operating on
Busines ...)
+ TODO: check
+CVE-2021-42120 (Insufficient Input Validation in Web Applications operating on
Busines ...)
+ TODO: check
+CVE-2021-42119 (Persistent Cross Site Scripting in Web Applications operating
on Busin ...)
+ TODO: check
+CVE-2021-42118 (Persistent Cross Site Scripting in Web Applications operating
on Busin ...)
+ TODO: check
+CVE-2021-42117 (Insufficient Input Validation in Web Applications operating on
Busines ...)
+ TODO: check
+CVE-2021-42116 (Incorrect Access Control in Web Applications operating on
Business-DNA ...)
+ TODO: check
+CVE-2021-42115 (Missing HTTPOnly flag in Web Applications operating on
Business-DNA So ...)
+ TODO: check
CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a
vulnerability ...)
NOT-FOR-US: hardware vulnerability in DRAM devices (Blacksmith)
NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf
@@ -8844,8 +8916,8 @@ CVE-2021-41133 (Flatpak is a system for building,
distributing, and running sand
NOTE:
https://github.com/flatpak/flatpak/commit/3fc8c672676ae016f8e7cc90481b2feecbad9861
CVE-2021-42100
RESERVED
-CVE-2021-42099
- RESERVED
+CVE-2021-42099 (Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable
to file- ...)
+ TODO: check
CVE-2021-42098 (An incomplete permission check on entries in Devolutions
Remote Deskto ...)
NOT-FOR-US: Devolutions
CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege
Escalation. A csr ...)
@@ -9867,12 +9939,12 @@ CVE-2021-41681
RESERVED
CVE-2021-41680
RESERVED
-CVE-2021-41679
- RESERVED
-CVE-2021-41678
- RESERVED
-CVE-2021-41677
- RESERVED
+CVE-2021-41679 (A SQL injection vulnerability exists in version 8.0 of openSIS
when My ...)
+ TODO: check
+CVE-2021-41678 (A SQL injection vulnerability exists in version 8.0 of openSIS
when My ...)
+ TODO: check
+CVE-2021-41677 (A SQL injection vulnerability exists in version 8.0 of openSIS
when My ...)
+ TODO: check
CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy
Point o ...)
NOT-FOR-US: oretnom23 Pharmacy Point of Sale System
CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in
Sourcecodester E- ...)
@@ -12631,8 +12703,8 @@ CVE-2021-3770 (vim is vulnerable to Heap-based Buffer
Overflow ...)
NOTE: Fixed by:
https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9
(v8.2.3402)
NOTE: Followup fix for introduced memory leak:
https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1ccccb6e08e
(v8.2.3403)
NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1
-CVE-2021-3769
- RESERVED
+CVE-2021-3769 (# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and
`refined` t ...)
+ TODO: check
CVE-2021-40514
RESERVED
CVE-2021-40513
@@ -15468,12 +15540,12 @@ CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages
allow an attacker to bypas
NOT-FOR-US: OpenBMC
CVE-2021-39295
RESERVED
-CVE-2021-3727
- RESERVED
-CVE-2021-3726
- RESERVED
-CVE-2021-3725
- RESERVED
+CVE-2021-3727 (# Vulnerability in `rand-quote` and `hitokoto` plugins
**Description** ...)
+ TODO: check
+CVE-2021-3726 (# Vulnerability in `title` function **Description**: the
`title` funct ...)
+ TODO: check
+CVE-2021-3725 (Vulnerability in dirhistory plugin Description: the widgets
that go ba ...)
+ TODO: check
CVE-2021-3724
RESERVED
NOT-FOR-US: Red Hat Serverless
@@ -16294,10 +16366,10 @@ CVE-2021-39002
RESERVED
CVE-2021-39001
RESERVED
-CVE-2021-39000
- RESERVED
-CVE-2021-38999
- RESERVED
+CVE-2021-39000 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local
attacker to ob ...)
+ TODO: check
+CVE-2021-38999 (IBM MQ Appliance could allow a local attacker to obtain
sensitive info ...)
+ TODO: check
CVE-2021-38998
RESERVED
CVE-2021-38997
@@ -16360,8 +16432,8 @@ CVE-2021-38969
RESERVED
CVE-2021-38968
RESERVED
-CVE-2021-38967
- RESERVED
+CVE-2021-38967 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local
privileged use ...)
+ TODO: check
CVE-2021-38966
RESERVED
CVE-2021-38965
@@ -16378,8 +16450,8 @@ CVE-2021-38960
RESERVED
CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0,
27.0.1, and 28 ...)
NOT-FOR-US: IBM
-CVE-2021-38958
- RESERVED
+CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of
service ...)
+ TODO: check
CVE-2021-38957
RESERVED
CVE-2021-38956
@@ -33987,8 +34059,8 @@ CVE-2021-31789
RESERVED
CVE-2021-31788
RESERVED
-CVE-2021-31787
- RESERVED
+CVE-2021-31787 (The Bluetooth Classic implementation on Actions ATS2815
chipsets does ...)
+ TODO: check
CVE-2021-31786 (The Bluetooth Classic Audio implementation on Actions ATS2815
and ATS2 ...)
NOT-FOR-US: Actions ATS
CVE-2021-31785 (The Bluetooth Classic implementation on Actions ATS2815 and
ATS2819 ch ...)
@@ -46901,8 +46973,8 @@ CVE-2021-26614 (ius_get.cgi in IpTime C200 camera
allows remote code execution.
NOT-FOR-US: IpTime C200 camera
CVE-2021-26613
RESERVED
-CVE-2021-26612
- RESERVED
+CVE-2021-26612 (An improper input validation leading to arbitrary file
creation was di ...)
+ TODO: check
CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials
vulnera ...)
NOT-FOR-US: HejHome GKW-IC052 IP Camera
CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform
an integ ...)
@@ -48553,8 +48625,8 @@ CVE-2021-25989
RESERVED
CVE-2021-25988
RESERVED
-CVE-2021-25987
- RESERVED
+CVE-2021-25987 (Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored
XSS. The po ...)
+ TODO: check
CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to
Stored Cros ...)
NOT-FOR-US: Django-wiki
CVE-2021-25985 (In Factor (App Framework & Headless CMS) v1.0.4 to
v1.8.30, improp ...)
@@ -57700,8 +57772,8 @@ CVE-2021-22096 (In Spring Framework versions 5.3.0 -
5.3.10, 5.2.0 - 5.2.17, and
[buster] - libspring-java <no-dsa> (Minor issue)
[stretch] - libspring-java <ignored> (Minor issue, no known patch)
NOTE: https://github.com/spring-projects/spring-framework/issues/27647
(patch unidentifiable)
-CVE-2021-22095
- RESERVED
+CVE-2021-22095 (In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the
Spring ...)
+ TODO: check
CVE-2021-22094
RESERVED
CVE-2021-22093
@@ -80480,7 +80552,7 @@ CVE-2020-25718 [An RODC can issue (forge) administrator
tickets to other servers
NOTE: https://www.samba.org/samba/security/CVE-2020-25718.html
CVE-2020-25717 [A user on the domain can become root on domain members]
RESERVED
- {DSA-5003-1}
+ {DSA-5015-1 DSA-5003-1}
- samba 2:4.13.14+dfsg-1
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14556
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
@@ -124907,10 +124979,10 @@ CVE-2020-7882 (Using the parameter of
getPFXFolderList function, attackers can s
NOT-FOR-US: anySign
CVE-2020-7881 (The vulnerability function is enabled when the streamer service
relate ...)
NOT-FOR-US: AfreecaTV
-CVE-2020-7880
- RESERVED
-CVE-2020-7879
- RESERVED
+CVE-2020-7880 (The vulnerabilty was discovered in ActiveX module related to
NeoRS rem ...)
+ TODO: check
+CVE-2020-7879 (This issue was discovered when the ipTIME C200 IP Camera was
synchroni ...)
+ TODO: check
CVE-2020-7878
RESERVED
CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote
adminis ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/998250bc3546da83312e4f1d515d23805b7b9c36
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/998250bc3546da83312e4f1d515d23805b7b9c36
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
