Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad76cd28 by security tracker role at 2021-12-23T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel
through 5.15 ...)
+ TODO: check
+CVE-2021-45468
+ RESERVED
+CVE-2021-45467
+ RESERVED
+CVE-2021-45466
+ RESERVED
+CVE-2021-45465
+ RESERVED
+CVE-2021-4160
+ RESERVED
+CVE-2021-4159
+ RESERVED
CVE-2021-45464
RESERVED
CVE-2021-45463 (GEGL before 0.4.34 allows shell expansion when a pathname in a
constru ...)
@@ -1723,8 +1737,8 @@ CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is
vulnerable to stored cross
NOT-FOR-US: DIAEnergie
CVE-2021-4119 (bookstack is vulnerable to Improper Access Control ...)
NOT-FOR-US: bookstack
-CVE-2021-4118
- RESERVED
+CVE-2021-4118 (pytorch-lightning is vulnerable to Deserialization of Untrusted
Data ...)
+ TODO: check
CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors ...)
NOT-FOR-US: yetiforcecrm
CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input
During ...)
@@ -2724,8 +2738,8 @@ CVE-2021-26255
RESERVED
CVE-2021-23189
RESERVED
-CVE-2021-23175
- RESERVED
+CVE-2021-23175 (NVIDIA GeForce Experience contains a vulnerability in user
authorizati ...)
+ TODO: check
CVE-2021-23171
RESERVED
CVE-2021-23170
@@ -3152,10 +3166,10 @@ CVE-2021-44602
RESERVED
CVE-2021-44601
RESERVED
-CVE-2021-44600
- RESERVED
-CVE-2021-44599
- RESERVED
+CVE-2021-44600 (The password parameter on Simple Online Mens Salon Management
System ( ...)
+ TODO: check
+CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0
system a ...)
+ TODO: check
CVE-2021-44598
RESERVED
CVE-2021-44597
@@ -3262,8 +3276,8 @@ CVE-2021-4069 (vim is vulnerable to Use After Free ...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/
NOTE:
https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9
(v8.2.3741)
-CVE-2021-44548
- RESERVED
+CVE-2021-44548 (An Improper Input Validation vulnerability in
DataImportHandler of Apa ...)
+ TODO: check
CVE-2021-4068 (Insufficient data validation in new tab page in Google Chrome
prior to ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -3398,8 +3412,8 @@ CVE-2021-44528 [Possible Open Redirect in Host
Authorization Middleware]
NOTE: Introduced by:
https://github.com/rails/rails/commit/07ec8062e605ba4e9bd153e1d264b02ac4ab8a0f
(v6.0.0.beta1)
CVE-2021-44527 (A vulnerability found in UniFi Switch firmware Version 5.43.35
and ear ...)
NOT-FOR-US: UniFi Switch firmware
-CVE-2021-44526
- RESERVED
+CVE-2021-44526 (Zoho ManageEngine ServiceDesk Plus before 12003 allows
authentication ...)
+ TODO: check
CVE-2021-44525 (Zoho ManageEngine PAM360 before build 5303 allows attackers to
modify ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-44524 (A vulnerability has been identified in SiPass integrated V2.76
(All ve ...)
@@ -3997,8 +4011,8 @@ CVE-2021-44275
RESERVED
CVE-2021-44274
RESERVED
-CVE-2021-44273
- RESERVED
+CVE-2021-44273 (e2guardian v5.4.x <= v5.4.3r is affected by missing SSL
certificate ...)
+ TODO: check
CVE-2021-44272
RESERVED
CVE-2021-44271
@@ -5407,8 +5421,8 @@ CVE-2021-43856
RESERVED
CVE-2021-43855
RESERVED
-CVE-2021-43854
- RESERVED
+CVE-2021-43854 (NLTK (Natural Language Toolkit) is a suite of open source
Python modul ...)
+ TODO: check
CVE-2021-43853 (Ajax.NET Professional (AjaxPro) is an AJAX framework available
for Mic ...)
TODO: check
CVE-2021-43852
@@ -5417,8 +5431,8 @@ CVE-2021-43851 (Anuko Time Tracker is an open source,
web-based time tracking ap
NOT-FOR-US: Anuko Time Tracker
CVE-2021-43850
RESERVED
-CVE-2021-43849
- RESERVED
+CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single
and simpl ...)
+ TODO: check
CVE-2021-43848
RESERVED
CVE-2021-43847 (HumHub is an open-source social network kit written in PHP.
Prior to H ...)
@@ -10416,7 +10430,7 @@ CVE-2021-42555
CVE-2021-42554
RESERVED
CVE-2021-3892 [memory leak in fib6_rule_suppress could result in DoS]
- RESERVED
+ REJECTED
- linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/ca7a03c4175366a92cee0ccc4fec0038c3266e26
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014623
@@ -17426,10 +17440,10 @@ CVE-2021-40163
RESERVED
CVE-2021-40162
RESERVED
-CVE-2021-40161
- RESERVED
-CVE-2021-40160
- RESERVED
+CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution
through m ...)
+ TODO: check
+CVE-2021-40160 (A maliciously crafted PDF file prior to 9.0.7 may be forced to
read be ...)
+ TODO: check
CVE-2021-40159
RESERVED
CVE-2021-40158
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad76cd281e677ecc1a2a4b94583e3c74c700d80c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad76cd281e677ecc1a2a4b94583e3c74c700d80c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
