[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 06 Dec 2021 12:10:42 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
741b2cf8 by security tracker role at 2021-12-06T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-4074
+       RESERVED
+CVE-2021-4073
+       RESERVED
+CVE-2021-4072
+       RESERVED
+CVE-2021-4071
+       RESERVED
 CVE-2021-44674
        RESERVED
 CVE-2021-44673
@@ -252,8 +260,8 @@ CVE-2021-4070
        RESERVED
 CVE-2021-44549
        RESERVED
-CVE-2021-4069
-       RESERVED
+CVE-2021-4069 (vim is vulnerable to Use After Free ...)
+       TODO: check
 CVE-2021-44548
        RESERVED
 CVE-2021-4068
@@ -1744,13 +1752,13 @@ CVE-2021-3975 [segmentation fault during VM shutdown 
can lead to vdsm hung]
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024326
        NOTE: Fixed by: 
https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7
 (v7.1.0-rc2)
 CVE-2021-44025 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to 
XSS in han ...)
-       {DSA-5013-1}
+       {DSA-5013-1 DLA-2840-1}
        - roundcube 1.5.0+dfsg.1-1 (bug #1000156)
        NOTE: https://github.com/roundcube/roundcubemail/issues/8193
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a
 (1.4.12)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7
 (1.3.17)
 CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a 
potentia ...)
-       {DSA-5013-1}
+       {DSA-5013-1 DLA-2840-1}
        - roundcube 1.5.0+dfsg.1-1 (bug #1000156)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1
 (1.4.12)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa
 (1.3.17)
@@ -2107,8 +2115,8 @@ CVE-2021-43938
        RESERVED
 CVE-2021-43937
        RESERVED
-CVE-2021-43936
-       RESERVED
+CVE-2021-43936 (The software allows the attacker to upload or transfer files 
of danger ...)
+       TODO: check
 CVE-2021-43935
        RESERVED
 CVE-2021-43934
@@ -2117,8 +2125,8 @@ CVE-2021-43933
        RESERVED
 CVE-2021-43932
        RESERVED
-CVE-2021-43931
-       RESERVED
+CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, 
but the im ...)
+       TODO: check
 CVE-2021-43930
        RESERVED
 CVE-2021-43929
@@ -2379,8 +2387,8 @@ CVE-2021-43802
        RESERVED
 CVE-2021-43801
        RESERVED
-CVE-2021-43800
-       RESERVED
+CVE-2021-43800 (Wiki.js is a wiki app built on Node.js. Prior to version 
2.5.254, dire ...)
+       TODO: check
 CVE-2021-43799
        RESERVED
 CVE-2021-43798
@@ -2411,8 +2419,7 @@ CVE-2021-43786 (Nodebb is an open source Node.js based 
forum software. In affect
        NOT-FOR-US: Nodebb
 CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker 
componen ...)
        NOT-FOR-US: @joeattardi/emoji-button
-CVE-2021-43784
-       RESERVED
+CVE-2021-43784 (runc is a CLI tool for spawning and running containers on 
Linux accord ...)
        - runc 1.0.3+ds1-1
        NOTE: 
https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f
        NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/1
@@ -2421,8 +2428,8 @@ CVE-2021-43783 (@backstage/plugin-scaffolder-backend is 
the backend for the defa
        NOT-FOR-US: @backstage/plugin-scaffolder-backend
 CVE-2021-43782
        RESERVED
-CVE-2021-43781
-       RESERVED
+CVE-2021-43781 (Invenio-Drafts-Resources is a submission/deposit module for 
Invenio, a ...)
+       TODO: check
 CVE-2021-43780 (Redash is a package for data visualization and sharing. In 
versions 10 ...)
        NOT-FOR-US: Redash
 CVE-2021-43779
@@ -4040,12 +4047,12 @@ CVE-2021-43473
        RESERVED
 CVE-2021-43472
        RESERVED
-CVE-2021-43471
-       RESERVED
+CVE-2021-43471 (In Canon LBP223 printers, the System Manager Mode login does 
not requi ...)
+       TODO: check
 CVE-2021-43470
        RESERVED
-CVE-2021-43469
-       RESERVED
+CVE-2021-43469 (VINGA WR-N300U 77.102.1.4853 is affected by a command 
execution vulner ...)
+       TODO: check
 CVE-2021-43468
        RESERVED
 CVE-2021-43467
@@ -14789,8 +14796,8 @@ CVE-2021-39892
        RESERVED
 CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access 
tokens creat ...)
        - gitlab <unfixed>
-CVE-2021-39890
-       RESERVED
+CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some 
specific  ...)
+       TODO: check
 CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an 
insecure di ...)
        - gitlab <not-affected> (Specific to Enterprise Edition)
 CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific 
API endpo ...)
@@ -23665,8 +23672,8 @@ CVE-2021-36200
        RESERVED
 CVE-2021-36199
        RESERVED
-CVE-2021-36198
-       RESERVED
+CVE-2021-36198 (Successful exploitation of this vulnerability could allow an 
unauthori ...)
+       TODO: check
 CVE-2021-36197
        RESERVED
 CVE-2021-36196
@@ -26005,14 +26012,14 @@ CVE-2021-35247
        RESERVED
 CVE-2021-35246
        RESERVED
-CVE-2021-35245
-       RESERVED
+CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can 
move, cre ...)
+       TODO: check
 CVE-2021-35244
        RESERVED
 CVE-2021-35243
        RESERVED
-CVE-2021-35242
-       RESERVED
+CVE-2021-35242 (Serv-U server responds with valid CSRFToken when the request 
contains  ...)
+       TODO: check
 CVE-2021-35241
        RESERVED
 CVE-2021-35240 (A security researcher stored XSS via a Help Server setting. 
This affec ...)
@@ -42515,6 +42522,7 @@ CVE-2021-28703
        NOTE: Debian including the fix.
        NOTE: 
https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e
 (4.14.0-rc1)
 CVE-2021-28702 (PCI devices with RMRRs not deassigned correctly Certain PCI 
devices in ...)
+       {DSA-5017-1}
        - xen 4.14.3+32-g9de3671772-1
        [buster] - xen <not-affected> (Vulnerable code introduced later)
        [stretch] - xen <not-affected> (Vulnerable code introduced later)
@@ -51752,8 +51760,8 @@ CVE-2021-25043
        RESERVED
 CVE-2021-25042
        RESERVED
-CVE-2021-25041
-       RESERVED
+CVE-2021-25041 (The Photo Gallery by 10Web WordPress plugin before 1.5.68 is 
vulnerabl ...)
+       TODO: check
 CVE-2021-25040
        RESERVED
 CVE-2021-25039
@@ -51948,34 +51956,34 @@ CVE-2021-24945
        RESERVED
 CVE-2021-24944
        RESERVED
-CVE-2021-24943
-       RESERVED
+CVE-2021-24943 (The Registrations for the Events Calendar WordPress plugin 
before 2.7. ...)
+       TODO: check
 CVE-2021-24942
        RESERVED
 CVE-2021-24941
        RESERVED
 CVE-2021-24940
        RESERVED
-CVE-2021-24939
-       RESERVED
-CVE-2021-24938
-       RESERVED
+CVE-2021-24939 (The LoginWP (Formerly Peter's Login Redirect) WordPress plugin 
before  ...)
+       TODO: check
+CVE-2021-24938 (The WOOCS WordPress plugin before 1.3.7.1 does not sanitise 
and escape ...)
+       TODO: check
 CVE-2021-24937
        RESERVED
 CVE-2021-24936
        RESERVED
-CVE-2021-24935
-       RESERVED
+CVE-2021-24935 (The WP Google Fonts WordPress plugin before 3.1.5 does not 
escape the  ...)
+       TODO: check
 CVE-2021-24934
        RESERVED
 CVE-2021-24933
        RESERVED
 CVE-2021-24932
        RESERVED
-CVE-2021-24931
-       RESERVED
-CVE-2021-24930
-       RESERVED
+CVE-2021-24931 (The Secure Copy Content Protection and Content Locking 
WordPress plugi ...)
+       TODO: check
+CVE-2021-24930 (The WordPress Online Booking and Scheduling Plugin WordPress 
plugin be ...)
+       TODO: check
 CVE-2021-24929
        RESERVED
 CVE-2021-24928
@@ -51986,8 +51994,8 @@ CVE-2021-24926
        RESERVED
 CVE-2021-24925
        RESERVED
-CVE-2021-24924
-       RESERVED
+CVE-2021-24924 (The Email Log WordPress plugin before 2.4.8 does not escape 
the d para ...)
+       TODO: check
 CVE-2021-24923
        RESERVED
 CVE-2021-24922
@@ -52000,14 +52008,14 @@ CVE-2021-24919
        RESERVED
 CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 
4.0.1 did n ...)
        NOT-FOR-US: WordPress plugin
-CVE-2021-24917
-       RESERVED
+CVE-2021-24917 (The WPS Hide Login WordPress plugin before 1.9.1 has a bug 
which allow ...)
+       TODO: check
 CVE-2021-24916
        RESERVED
 CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not 
have cap ...)
        NOT-FOR-US: WordPress plugin
-CVE-2021-24914
-       RESERVED
+CVE-2021-24914 (The Tawk.To Live Chat WordPress plugin before 0.6.0 does not 
have capa ...)
+       TODO: check
 CVE-2021-24913
        RESERVED
 CVE-2021-24912
@@ -52102,8 +52110,8 @@ CVE-2021-24868
        RESERVED
 CVE-2021-24867
        RESERVED
-CVE-2021-24866
-       RESERVED
+CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not 
properly san ...)
+       TODO: check
 CVE-2021-24865
        RESERVED
 CVE-2021-24864
@@ -52316,8 +52324,8 @@ CVE-2021-24761
        RESERVED
 CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 
does not  ...)
        NOT-FOR-US: WordPress plugin
-CVE-2021-24759
-       RESERVED
+CVE-2021-24759 (The PDF.js Viewer WordPress plugin before 2.0.2 does not 
escape some o ...)
+       TODO: check
 CVE-2021-24758 (The Email Log WordPress plugin before 2.4.7 does not properly 
validate ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not 
perform  ...)
@@ -52398,16 +52406,16 @@ CVE-2021-24720 (The GeoDirectory Business Directory 
WordPress plugin before 2.1.
        NOT-FOR-US: WordPress plugin
 CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable 
to Refle ...)
        NOT-FOR-US: WordPress theme
-CVE-2021-24718
-       RESERVED
+CVE-2021-24718 (The Contact Form, Survey &amp; Popup Form Plugin for WordPress 
plugin  ...)
+       TODO: check
 CVE-2021-24717 (The AutomatorWP WordPress plugin before 1.7.6 does not perform 
capabil ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24716 (The Modern Events Calendar Lite WordPress plugin before 5.22.3 
does no ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24715 (The WP Sitemap Page WordPress plugin before 1.7.0 does not 
properly sa ...)
        NOT-FOR-US: WordPress plugin
-CVE-2021-24714
-       RESERVED
+CVE-2021-24714 (The Import any XML or CSV File to WordPress plugin before 
3.6.3 does n ...)
+       TODO: check
 CVE-2021-24713 (The Video Lessons Manager WordPress plugin before 1.7.2 and 
Video Less ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17 
does not p ...)
@@ -58212,8 +58220,8 @@ CVE-2021-22172 (Improper authorization in GitLab 12.8+ 
allows a guest user in a
 CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab 
Pages f ...)
        [experimental] - gitlab 13.6.6-1
        - gitlab <unfixed>
-CVE-2021-22170
-       RESERVED
+CVE-2021-22170 (Assuming a database breach, nonce reuse issues in GitLab 11.6+ 
allows  ...)
+       TODO: check
 CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which 
leaked intern ...)
        - gitlab <not-affected> (Specific to EE)
        NOTE: 
https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/741b2cf810e25675b0a5d6424f4764ef949b517b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/741b2cf810e25675b0a5d6424f4764ef949b517b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to