[Git][security-tracker-team/security-tracker][master] automatic update

Tue, 07 Dec 2021 00:10:30 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2fa36984 by security tracker role at 2021-12-07T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2021-44692
+       RESERVED
+CVE-2021-44691
+       RESERVED
+CVE-2021-44690
+       RESERVED
+CVE-2021-44689
+       RESERVED
+CVE-2021-44688
+       RESERVED
+CVE-2021-44687
+       RESERVED
+CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is 
vulnerable ...)
+       TODO: check
+CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the 
Branches Aren' ...)
+       TODO: check
+CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. 
The ran ...)
+       TODO: check
+CVE-2021-44683
+       RESERVED
+CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault 
through 1 ...)
+       TODO: check
+CVE-2021-44681 (An issue (5 of 6) was discovered in Veritas Enterprise Vault 
through 1 ...)
+       TODO: check
+CVE-2021-44680 (An issue (4 of 6) was discovered in Veritas Enterprise Vault 
through 1 ...)
+       TODO: check
+CVE-2021-44679 (An issue (3 of 6) was discovered in Veritas Enterprise Vault 
through 1 ...)
+       TODO: check
+CVE-2021-44678 (An issue (2 of 6) was discovered in Veritas Enterprise Vault 
through 1 ...)
+       TODO: check
+CVE-2021-44677 (An issue (1 of 6) was discovered in Veritas Enterprise Vault 
through 1 ...)
+       TODO: check
+CVE-2021-44676
+       RESERVED
+CVE-2021-44675
+       RESERVED
+CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF) 
...)
+       TODO: check
 CVE-2021-4074
        RESERVED
 CVE-2021-4073
@@ -267,53 +305,69 @@ CVE-2021-4069 (vim is vulnerable to Use After Free ...)
 CVE-2021-44548
        RESERVED
 CVE-2021-4068
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4067
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4066
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4065
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4064
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4063
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4062
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4061
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4060
        RESERVED
 CVE-2021-4059
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4058
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4057
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4056
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4055
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4054
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4053
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4052
+       RESERVED
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4051
@@ -413,14 +467,12 @@ CVE-2021-44515
        RESERVED
 CVE-2021-44514
        RESERVED
-CVE-2021-44513
-       RESERVED
+CVE-2021-44513 (Insecure creation of temporary directories in tmate-ssh-server 
2.3.0 a ...)
        - tmate-ssh-server <unfixed> (bug #1001225)
        NOTE: Fixed by: 
https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596
        NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189388
-CVE-2021-44512
-       RESERVED
+CVE-2021-44512 (World-writable permissions on the /tmp/tmate/sessions 
directory in tma ...)
        - tmate-ssh-server <unfixed> (bug #1001225)
        NOTE: Fixed by: 
https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596
        NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2
@@ -2438,6 +2490,7 @@ CVE-2021-43786 (Nodebb is an open source Node.js based 
forum software. In affect
 CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker 
componen ...)
        NOT-FOR-US: @joeattardi/emoji-button
 CVE-2021-43784 (runc is a CLI tool for spawning and running containers on 
Linux accord ...)
+       {DLA-2841-1}
        - runc 1.0.3+ds1-1
        NOTE: 
https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f
        NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/1
@@ -13850,8 +13903,8 @@ CVE-2021-40315
        RESERVED
 CVE-2021-40314
        RESERVED
-CVE-2021-40313
-       RESERVED
+CVE-2021-40313 (Piwigo v11.5 was discovered to contain a SQL injection 
vulnerability v ...)
+       TODO: check
 CVE-2021-40312
        RESERVED
 CVE-2021-40311
@@ -14372,8 +14425,8 @@ CVE-2021-40093
        RESERVED
 CVE-2021-40092
        RESERVED
-CVE-2021-40091
-       RESERVED
+CVE-2021-40091 (An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. 
...)
+       TODO: check
 CVE-2021-40090
        RESERVED
 CVE-2021-40089 (An issue was discovered in PrimeKey EJBCA before 7.6.0. The 
General Pu ...)
@@ -21136,8 +21189,8 @@ CVE-2021-37300
        RESERVED
 CVE-2021-37299
        RESERVED
-CVE-2021-37298
-       RESERVED
+CVE-2021-37298 (Laravel v5.1 was discovered to contain a deserialization 
vulnerability ...)
+       TODO: check
 CVE-2021-37297
        RESERVED
 CVE-2021-37296
@@ -22888,14 +22941,14 @@ CVE-2021-36569
        RESERVED
 CVE-2021-36568
        RESERVED
-CVE-2021-36567
-       RESERVED
+CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization 
vulnerabil ...)
+       TODO: check
 CVE-2021-36566
        RESERVED
 CVE-2021-36565
        RESERVED
-CVE-2021-36564
-       RESERVED
+CVE-2021-36564 (ThinkPHP v6.0.8 was discovered to contain a deserialization 
vulnerabil ...)
+       TODO: check
 CVE-2021-36563 (The CheckMK management web console (versions 1.5.0 to 2.0.0) 
does not  ...)
        - check-mk <removed>
 CVE-2021-36562
@@ -35017,10 +35070,10 @@ CVE-2021-31634
        RESERVED
 CVE-2021-31633
        RESERVED
-CVE-2021-31632
-       RESERVED
-CVE-2021-31631
-       RESERVED
+CVE-2021-31632 (b2evolution CMS v7.2.3 was discovered to contain a SQL 
injection vulne ...)
+       TODO: check
+CVE-2021-31631 (b2evolution CMS v7.2.3 was discovered to contain a Cross-Site 
Request  ...)
+       TODO: check
 CVE-2021-31630 (Command Injection in Open PLC Webserver v3 allows remote 
attackers to  ...)
        NOT-FOR-US: Open PLC webserver
 CVE-2021-31629



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fa36984f043f286b18ed9540ba37b159aca15ef

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fa36984f043f286b18ed9540ba37b159aca15ef
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to