[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 01 Dec 2021 00:10:39 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
519018c9 by security tracker role at 2021-12-01T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-21240
+       RESERVED
+CVE-2022-21237
+       RESERVED
+CVE-2022-21218
+       RESERVED
+CVE-2022-21212
+       RESERVED
+CVE-2022-21197
+       RESERVED
+CVE-2022-21172
+       RESERVED
+CVE-2022-21160
+       RESERVED
+CVE-2022-21140
+       RESERVED
+CVE-2022-21139
+       RESERVED
+CVE-2022-21133
+       RESERVED
+CVE-2021-44470
+       RESERVED
+CVE-2021-4037
+       RESERVED
+CVE-2021-4036
+       RESERVED
+CVE-2021-37409
+       RESERVED
+CVE-2021-37405
+       RESERVED
+CVE-2021-33847
+       RESERVED
+CVE-2021-26950
+       RESERVED
+CVE-2021-26258
+       RESERVED
+CVE-2021-26257
+       RESERVED
+CVE-2021-26251
+       RESERVED
+CVE-2021-23223
+       RESERVED
+CVE-2021-23179
+       RESERVED
 CVE-2021-44464
        RESERVED
 CVE-2021-44453
@@ -478,8 +522,8 @@ CVE-2021-4028 [use-after-free in RDMA listen()]
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027201
 CVE-2021-4027
        RESERVED
-CVE-2021-4026
-       RESERVED
+CVE-2021-4026 (bookstack is vulnerable to Improper Access Control ...)
+       TODO: check
 CVE-2021-4025
        RESERVED
 CVE-2021-44235
@@ -3740,12 +3784,12 @@ CVE-2021-43362
        RESERVED
 CVE-2021-43361
        RESERVED
-CVE-2021-43360
-       RESERVED
-CVE-2021-43359
-       RESERVED
-CVE-2021-43358
-       RESERVED
+CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule&#8217;s 
serialization functi ...)
+       TODO: check
+CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which 
allows a re ...)
+       TODO: check
+CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in 
URLs, w ...)
+       TODO: check
 CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...)
        - vim <unfixed>
        [stretch] - vim <no-dsa> (Minor issue)
@@ -3842,7 +3886,7 @@ CVE-2021-43322
 CVE-2021-43321
        RESERVED
 CVE-2021-43320
-       RESERVED
+       REJECTED
 CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488 
is vulne ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2021-43318
@@ -6586,8 +6630,8 @@ CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS 
via the Error parameter.
        NOT-FOR-US: myfactory.FMS
 CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. 
...)
        NOT-FOR-US: myfactory.FMS
-CVE-2021-42564
-       RESERVED
+CVE-2021-42564 (An open redirect through HTML injection in confidential 
messages in Cr ...)
+       TODO: check
 CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator 
(nisvcloc.exe) ...)
        NOT-FOR-US: NI Service Locator
 CVE-2021-3893
@@ -10941,8 +10985,8 @@ CVE-2021-41258 (Kirby is an open source file structured 
CMS. In affected version
        NOT-FOR-US: Kirby
 CVE-2021-41257
        RESERVED
-CVE-2021-41256
-       RESERVED
+CVE-2021-41256 (nextcloud news-android is an Android client for the Nextcloud 
news/fee ...)
+       TODO: check
 CVE-2021-41255
        RESERVED
 CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in 
running  ...)
@@ -12040,8 +12084,8 @@ CVE-2021-40811
        RESERVED
 CVE-2021-40810
        RESERVED
-CVE-2021-40809
-       RESERVED
+CVE-2021-40809 (An issue was discovered in Jamf Pro before 10.32.0, aka 
PI-009921. An  ...)
+       TODO: check
 CVE-2021-40808
        RESERVED
 CVE-2021-40807
@@ -13750,8 +13794,8 @@ CVE-2021-40103 (An issue was discovered in Concrete CMS 
through 8.5.5. Path Trav
        NOT-FOR-US: Concrete CMS
 CVE-2021-40102 (An issue was discovered in Concrete CMS through 8.5.5. 
Arbitrary File  ...)
        NOT-FOR-US: Concrete CMS
-CVE-2021-40101
-       RESERVED
+CVE-2021-40101 (An issue was discovered in Concrete CMS before 8.5.7. The 
Dashboard al ...)
+       TODO: check
 CVE-2021-40100 (An issue was discovered in Concrete CMS through 8.5.5. Stored 
XSS can  ...)
        NOT-FOR-US: Concrete CMS
 CVE-2021-40099 (An issue was discovered in Concrete CMS through 8.5.5. 
Fetching the up ...)
@@ -15548,7 +15592,7 @@ CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site 
Request Forgery (CSRF) ..
        NOT-FOR-US: firefly-iii
 CVE-2020-36474 (SafeCurl before 0.9.2 has a DNS rebinding vulnerability. ...)
        NOT-FOR-US: SafeCurl
-CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has a vulnerability 
affecting in ...)
+CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF 
vulnerability, aka P ...)
        NOT-FOR-US: Jamf Pro
 CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection 
via the  ...)
        NOT-FOR-US: MISP
@@ -22789,16 +22833,16 @@ CVE-2021-36332 (Dell EMC CloudLink 7.1 and all prior 
versions contain a HTML and
        NOT-FOR-US: EMC
 CVE-2021-36331
        RESERVED
-CVE-2021-36330
-       RESERVED
-CVE-2021-36329
-       RESERVED
-CVE-2021-36328
-       RESERVED
-CVE-2021-36327
-       RESERVED
-CVE-2021-36326
-       RESERVED
+CVE-2021-36330 (Dell EMC Streaming Data Platform versions before 1.3 contain 
an Insuff ...)
+       TODO: check
+CVE-2021-36329 (Dell EMC Streaming Data Platform versions before 1.3 contain 
an Indire ...)
+       TODO: check
+CVE-2021-36328 (Dell EMC Streaming Data Platform versions before 1.3 contain a 
SQL Inj ...)
+       TODO: check
+CVE-2021-36327 (Dell EMC Streaming Data Platform versions before 1.3 contain a 
Server  ...)
+       TODO: check
+CVE-2021-36326 (Dell EMC Streaming Data Platform, versions prior to 1.3 
contain an SSL ...)
+       TODO: check
 CVE-2021-36325 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
        NOT-FOR-US: Dell
 CVE-2021-36324 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
@@ -62453,42 +62497,42 @@ CVE-2021-20866
        RESERVED
 CVE-2021-20865
        RESERVED
-CVE-2021-20864
-       RESERVED
-CVE-2021-20863
-       RESERVED
-CVE-2021-20862
-       RESERVED
-CVE-2021-20861
-       RESERVED
-CVE-2021-20860
-       RESERVED
-CVE-2021-20859
-       RESERVED
-CVE-2021-20858
-       RESERVED
-CVE-2021-20857
-       RESERVED
-CVE-2021-20856
-       RESERVED
-CVE-2021-20855
-       RESERVED
-CVE-2021-20854
-       RESERVED
-CVE-2021-20853
-       RESERVED
-CVE-2021-20852
-       RESERVED
-CVE-2021-20851
-       RESERVED
+CVE-2021-20864 (Improper access control vulnerability in ELECOM routers 
(WRC-1167GST2  ...)
+       TODO: check
+CVE-2021-20863 (OS command injection vulnerability in ELECOM routers 
(WRC-1167GST2 fir ...)
+       TODO: check
+CVE-2021-20862 (Improper access control vulnerability in ELECOM routers 
(WRC-1167GST2  ...)
+       TODO: check
+CVE-2021-20861 (Improper access control vulnerability in ELECOM LAN routers 
(WRC-1167G ...)
+       TODO: check
+CVE-2021-20860 (Cross-site request forgery (CSRF) vulnerability in ELECOM LAN 
routers  ...)
+       TODO: check
+CVE-2021-20859 (ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, 
WRC-1167GST ...)
+       TODO: check
+CVE-2021-20858 (Cross-site scripting vulnerability in ELECOM LAN router 
WRC-2533GHBK-I ...)
+       TODO: check
+CVE-2021-20857 (Cross-site scripting vulnerability in ELECOM LAN router 
WRC-2533GHBK-I ...)
+       TODO: check
+CVE-2021-20856 (Cross-site scripting vulnerability in ELECOM LAN routers 
(WRH-733GBK f ...)
+       TODO: check
+CVE-2021-20855 (Cross-site scripting vulnerability in ELECOM LAN routers 
(WRH-733GBK f ...)
+       TODO: check
+CVE-2021-20854 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and 
WRH-733G ...)
+       TODO: check
+CVE-2021-20853 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and 
WRH-733G ...)
+       TODO: check
+CVE-2021-20852 (Buffer overflow vulnerability in ELECOM LAN routers 
(WRH-733GBK firmwa ...)
+       TODO: check
+CVE-2021-20851 (Cross-site request forgery (CSRF) vulnerability in Browser and 
Operati ...)
+       TODO: check
 CVE-2021-20850 (PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 
4.49 and ea ...)
        NOT-FOR-US: PowerCMS
 CVE-2021-20849
        RESERVED
 CVE-2021-20848 (Cross-site scripting vulnerability in rwtxt versions prior to 
v1.8.6 a ...)
        NOT-FOR-US: rwtxt
-CVE-2021-20847
-       RESERVED
+CVE-2021-20847 (Cross-site scripting vulnerability in Wi-Fi STATION SH-52A 
(38JP_1_11G ...)
+       TODO: check
 CVE-2021-20846 (Cross-site request forgery (CSRF) vulnerability in Push 
Notifications  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-20845 (Cross-site request forgery (CSRF) vulnerability in Unlimited 
Sitemap G ...)
@@ -151679,12 +151723,12 @@ CVE-2019-17044 (An issue was discovered in BMC 
Patrol Agent 9.0.10i. Weak execut
 CVE-2019-17043 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak 
execution pe ...)
        NOT-FOR-US: BMC Patrol Agent
 CVE-2019-17042 (An issue was discovered in Rsyslog v8.1908.0. 
contrib/pmcisconames/pmc ...)
-       {DLA-1952-1}
+       {DLA-2835-1 DLA-1952-1}
        - rsyslog 8.1910.0-1 (bug #942065)
        [buster] - rsyslog <no-dsa> (Minor issue, pmcisconames module not 
loaded by default)
        NOTE: https://github.com/rsyslog/rsyslog/pull/3883
 CVE-2019-17041 (An issue was discovered in Rsyslog v8.1908.0. 
contrib/pmaixforwardedfr ...)
-       {DLA-1952-1}
+       {DLA-2835-1 DLA-1952-1}
        - rsyslog 8.1910.0-1 (bug #942067)
        [buster] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not 
loaded by default)
        NOTE: https://github.com/rsyslog/rsyslog/pull/3884
@@ -184445,7 +184489,7 @@ CVE-2018-20723 (A cross-site scripting (XSS) 
vulnerability exists in color_templ
 CVE-2018-20722
        RESERVED
 CVE-2018-20721 (URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an 
out-of-bound ...)
-       {DLA-1682-1}
+       {DLA-2834-1 DLA-1682-1}
        - uriparser 0.9.1-1 (low)
        NOTE: 
https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4
 CVE-2015-9280 (MailEnable before 8.60 allows XXE via an XML document in the 
request.a ...)
@@ -240452,7 +240496,7 @@ CVE-2018-5766 (In Libav through 12.2, there is an 
invalid memcpy in the av_packe
 CVE-2018-5765
        RESERVED
 CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync 
before 3. ...)
-       {DLA-1725-1 DLA-1247-1}
+       {DLA-2833-1 DLA-1725-1 DLA-1247-1}
        - rsync 3.1.2-2.2 (bug #887588)
        NOTE: 
https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
 CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before 
5.3.7  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/519018c920581a68d9691f02eaed07b4ce96f2c5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/519018c920581a68d9691f02eaed07b4ce96f2c5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to