[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 03 Dec 2021 12:10:32 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
60ea8f2a by security tracker role at 2021-12-03T20:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2021-44543
+       RESERVED
+CVE-2021-44542
+       RESERVED
+CVE-2021-44541
+       RESERVED
+CVE-2021-44540
+       RESERVED
+CVE-2021-43353
+       RESERVED
+CVE-2021-41836
+       RESERVED
+CVE-2021-4050
+       RESERVED
+CVE-2021-4049
+       RESERVED
 CVE-2021-44539
        RESERVED
 CVE-2021-44538
@@ -434,18 +450,18 @@ CVE-2019-25053
        RESERVED
 CVE-2021-44353
        RESERVED
-CVE-2021-44352
-       RESERVED
+CVE-2021-44352 (A Stack-based Buffer Overflow vlnerability exists in the Tenda 
AC15 V1 ...)
+       TODO: check
 CVE-2021-44351
        RESERVED
 CVE-2021-44350
        RESERVED
-CVE-2021-44349
-       RESERVED
-CVE-2021-44348
-       RESERVED
-CVE-2021-44347
-       RESERVED
+CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the 
id parame ...)
+       TODO: check
+CVE-2021-44348 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the 
id parame ...)
+       TODO: check
+CVE-2021-44347 (SQL Injection vulnerability exists in TuziCMS v2.0.6 in 
App\Manage\Con ...)
+       TODO: check
 CVE-2021-44346
        RESERVED
 CVE-2021-44345
@@ -582,8 +598,8 @@ CVE-2021-44280 (attendance management system 1.0 is 
affected by a SQL injection
        NOT-FOR-US: attendance management system
 CVE-2021-44279 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) 
vulnerabi ...)
        NOT-FOR-US: LibreNMS
-CVE-2021-44278
-       RESERVED
+CVE-2021-44278 (Librenms 21.11.0 is affected by a path manipulation 
vulnerability in i ...)
+       TODO: check
 CVE-2021-44277 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) 
vulnerabi ...)
        NOT-FOR-US: LibreNMS
 CVE-2021-44276
@@ -1195,8 +1211,8 @@ CVE-2021-4001 [race condition when the EBPF map is frozen]
        [buster] - linux <not-affected> (Vulnerable code introduced later)
        [stretch] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://git.kernel.org/linus/353050be4c19e102178ccc05988101887c25ae53
-CVE-2021-4000
-       RESERVED
+CVE-2021-4000 (showdoc is vulnerable to URL Redirection to Untrusted Site ...)
+       TODO: check
 CVE-2021-3999
        RESERVED
 CVE-2021-3998
@@ -1335,8 +1351,8 @@ CVE-2021-3982 [Distributions using CAP_SYS_NICE in 
gnome-shell may be exposed to
        TODO: recheck classification when RH provides more information
 CVE-2021-3981
        RESERVED
-CVE-2021-3980
-       RESERVED
+CVE-2021-3980 (elgg is vulnerable to Exposure of Private Personal Information 
to an U ...)
+       TODO: check
 CVE-2021-3979
        RESERVED
 CVE-2021-44034
@@ -1359,14 +1375,14 @@ CVE-2021-44024
        RESERVED
 CVE-2021-44023
        RESERVED
-CVE-2021-44022
-       RESERVED
-CVE-2021-44021
-       RESERVED
-CVE-2021-44020
-       RESERVED
-CVE-2021-44019
-       RESERVED
+CVE-2021-44022 (A reachable assertion vulnerability in Trend Micro Apex One 
could allo ...)
+       TODO: check
+CVE-2021-44021 (An unnecessary privilege vulnerability in Trend Micro 
Worry-Free Busin ...)
+       TODO: check
+CVE-2021-44020 (An unnecessary privilege vulnerability in Trend Micro 
Worry-Free Busin ...)
+       TODO: check
+CVE-2021-44019 (An unnecessary privilege vulnerability in Trend Micro 
Worry-Free Busin ...)
+       TODO: check
 CVE-2021-3978
        RESERVED
 CVE-2021-3977
@@ -1446,8 +1462,8 @@ CVE-2021-43993
        RESERVED
 CVE-2021-43992
        RESERVED
-CVE-2021-43991
-       RESERVED
+CVE-2021-43991 (The Kentico Xperience CMS version 13.0 &#8211; 13.0.43 is 
vulnerable t ...)
+       TODO: check
 CVE-2021-43990
        RESERVED
 CVE-2021-43989
@@ -2119,8 +2135,8 @@ CVE-2021-43774
        RESERVED
 CVE-2021-43773
        RESERVED
-CVE-2021-43772
-       RESERVED
+CVE-2021-43772 (Trend Micro Security 2021 v17.0 (Consumer) contains a 
vulnerability th ...)
+       TODO: check
 CVE-2021-43771 (Trend Micro Antivirus for Mac 2021 v11 (Consumer) is 
vulnerable to an  ...)
        NOT-FOR-US: Trend Micro
 CVE-2021-3964 (elgg is vulnerable to Authorization Bypass Through 
User-Controlled Key ...)
@@ -3147,14 +3163,14 @@ CVE-2021-43678
        RESERVED
 CVE-2021-43677
        RESERVED
-CVE-2021-43676
-       RESERVED
+CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation 
vulnerabil ...)
+       TODO: check
 CVE-2021-43675
        RESERVED
-CVE-2021-43674
-       RESERVED
-CVE-2021-43673
-       RESERVED
+CVE-2021-43674 (** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is 
affected by a p ...)
+       TODO: check
+CVE-2021-43673 (dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting 
(XSS) v ...)
+       TODO: check
 CVE-2021-43672
        RESERVED
 CVE-2021-43671
@@ -13248,6 +13264,7 @@ CVE-2021-40393
 CVE-2021-40392
        RESERVED
 CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill 
format T-code ...)
+       {DLA-2839-1}
        - gerbv 2.7.1-1
        [bullseye] - gerbv <no-dsa> (Minor issue)
        [buster] - gerbv <no-dsa> (Minor issue)
@@ -16806,8 +16823,8 @@ CVE-2021-38911 (IBM Security Risk Manager on CP4S 
1.7.0.0 stores user credential
        NOT-FOR-US: IBM
 CVE-2021-38910
        RESERVED
-CVE-2021-38909
-       RESERVED
+CVE-2021-38909 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to 
cross-site scr ...)
+       TODO: check
 CVE-2021-38908
        RESERVED
 CVE-2021-38907
@@ -39315,8 +39332,8 @@ CVE-2021-29869
        RESERVED
 CVE-2021-29868 (IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to 
obtain s ...)
        NOT-FOR-US: IBM
-CVE-2021-29867
-       RESERVED
+CVE-2021-29867 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an 
authenticated to ...)
+       TODO: check
 CVE-2021-29866
        RESERVED
 CVE-2021-29865
@@ -39537,8 +39554,8 @@ CVE-2021-29758 (IBM Sterling B2B Integrator Standard 
Edition 5.2.0.0 through 6.1
        NOT-FOR-US: IBM
 CVE-2021-29757 (IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to 
cross-site r ...)
        NOT-FOR-US: IBM
-CVE-2021-29756
-       RESERVED
+CVE-2021-29756 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to 
cross-site req ...)
+       TODO: check
 CVE-2021-29755
        RESERVED
 CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is 
vulnerable  ...)
@@ -39611,14 +39628,14 @@ CVE-2021-29721
        RESERVED
 CVE-2021-29720
        RESERVED
-CVE-2021-29719
-       RESERVED
+CVE-2021-29719 (IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to 
client s ...)
+       TODO: check
 CVE-2021-29718
        RESERVED
 CVE-2021-29717
        RESERVED
-CVE-2021-29716
-       RESERVED
+CVE-2021-29716 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level 
user to ...)
+       TODO: check
 CVE-2021-29715 (IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote 
user to ...)
        NOT-FOR-US: IBM
 CVE-2021-29714 (IBM Content Navigator 3.0.CD could allow a malicious user to 
cause a d ...)
@@ -58445,16 +58462,19 @@ CVE-2021-21902
 CVE-2021-21901
        RESERVED
 CVE-2021-21900 (A code execution vulnerability exists in the 
dxfRW::processLType() fun ...)
+       {DLA-2838-1}
        - librecad <unfixed>
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1351
        NOTE: librecad bundles libdxfrw
        NOTE: 
https://github.com/LibreCAD/libdxfrw/commit/fcd977cc7f8f6cc7f012e5b72d33cf7d77b3fa69
 CVE-2021-21899 (A code execution vulnerability exists in the 
dwgCompressor::copyCompBy ...)
+       {DLA-2838-1}
        - librecad <unfixed>
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350
        NOTE: librecad bundles libdxfrw
        NOTE: 
https://github.com/LibreCAD/libdxfrw/commit/6417118874333309aa10c4e59f954c3905a6e8b5
 CVE-2021-21898 (A code execution vulnerability exists in the 
dwgCompressor::decompress ...)
+       {DLA-2838-1}
        - librecad <unfixed>
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1349
        NOTE: librecad bundles libdxfrw
@@ -63459,8 +63479,8 @@ CVE-2021-20495
        RESERVED
 CVE-2021-20494 (IBM Security Identity Manager Adapters 6.0 and 7.0 are 
vulnerable to a ...)
        NOT-FOR-US: IBM
-CVE-2021-20493
-       RESERVED
+CVE-2021-20493 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to 
cross-site scr ...)
+       TODO: check
 CVE-2021-20492 (IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty 
Java Batch ...)
        NOT-FOR-US: IBM
 CVE-2021-20491 (IBM Spectrum Protect Server 7.1 and 8.1 is subject to a 
stack-based bu ...)
@@ -63505,8 +63525,8 @@ CVE-2021-20472
        RESERVED
 CVE-2021-20471
        RESERVED
-CVE-2021-20470
-       RESERVED
+CVE-2021-20470 (IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that 
users sho ...)
+       TODO: check
 CVE-2021-20469
        RESERVED
 CVE-2021-20468



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60ea8f2a8afa2f79c4f7a720b7eab23dcfcdbedc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60ea8f2a8afa2f79c4f7a720b7eab23dcfcdbedc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to