[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 26 Dec 2021 12:10:45 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
38a07dfa by security tracker role at 2021-12-26T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-4174
+       RESERVED
+CVE-2021-4173
+       RESERVED
+CVE-2021-4172
+       RESERVED
+CVE-2021-4171
+       RESERVED
 CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation. 
This aff ...)
        NOT-FOR-US: Netgear
 CVE-2021-45678 (NETGEAR RAX200 devices before 1.0.5.132 are affected by 
insecure code. ...)
@@ -374,12 +382,12 @@ CVE-2021-45493 (Certain NETGEAR devices are affected by 
disclosure of administra
        NOT-FOR-US: Netgear
 CVE-2021-4170
        RESERVED
-CVE-2021-4169
-       RESERVED
+CVE-2021-4169 (livehelperchat is vulnerable to Improper Neutralization of 
Input Durin ...)
+       TODO: check
 CVE-2021-45492
        RESERVED
-CVE-2021-4168
-       RESERVED
+CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+       TODO: check
 CVE-2021-45491
        RESERVED
 CVE-2021-45490
@@ -3649,8 +3657,8 @@ CVE-2021-44600 (The password parameter on Simple Online 
Mens Salon Management Sy
        NOT-FOR-US: Simple Online Mens Salon Management System (MSMS)
 CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0 
system a ...)
        NOT-FOR-US: Online Enrollment Management System
-CVE-2021-44598
-       RESERVED
+CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site 
Scripting ...)
+       TODO: check
 CVE-2021-44597
        RESERVED
 CVE-2021-44596
@@ -18486,13 +18494,13 @@ CVE-2021-39931 (An issue has been discovered in 
GitLab CE/EE affecting all versi
 CVE-2021-39930 (Missing authorization in GitLab EE versions between 12.4 and 
14.3.6, b ...)
        - gitlab <unfixed>
 CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in 
Wireshark 3.4 ...)
-       {DSA-5019-1}
+       {DSA-5019-1 DLA-2849-1}
        - wireshark 3.6.0-1
        [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17651
        NOTE: https://www.wireshark.org/security/wnpa-sec-2021-07.html
 CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in 
Wireshark 3.4.0 ...)
-       {DSA-5019-1}
+       {DSA-5019-1 DLA-2849-1}
        - wireshark 3.6.0-1
        [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704
@@ -18507,31 +18515,31 @@ CVE-2021-39926 (Buffer overflow in the Bluetooth 
HCI_ISO dissector in Wireshark
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17649
        NOTE: https://www.wireshark.org/security/wnpa-sec-2021-08.html
 CVE-2021-39925 (Buffer overflow in the Bluetooth SDP dissector in Wireshark 
3.4.0 to 3 ...)
-       {DSA-5019-1}
+       {DSA-5019-1 DLA-2849-1}
        - wireshark 3.6.0-1
        [buster] - wireshark 2.6.20-0+deb10u2
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17635
        NOTE: https://www.wireshark.org/security/wnpa-sec-2021-09.html
 CVE-2021-39924 (Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 
to 3.4.9  ...)
-       {DSA-5019-1}
+       {DSA-5019-1 DLA-2849-1}
        - wireshark 3.6.0-1
        [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17677
        NOTE: https://www.wireshark.org/security/wnpa-sec-2021-10.html
 CVE-2021-39923 (Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 
and 3.2.0 ...)
-       {DSA-5019-1}
+       {DSA-5019-1 DLA-2849-1}
        - wireshark 3.6.0-1
        [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17684
        NOTE: https://www.wireshark.org/security/wnpa-sec-2021-11.html
 CVE-2021-39922 (Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 
3.4.9 an ...)
-       {DSA-5019-1}
+       {DSA-5019-1 DLA-2849-1}
        - wireshark 3.6.0-1
        [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17636
        NOTE: https://www.wireshark.org/security/wnpa-sec-2021-12.html
 CVE-2021-39921 (NULL pointer exception in the Modbus dissector in Wireshark 
3.4.0 to 3 ...)
-       {DSA-5019-1}
+       {DSA-5019-1 DLA-2849-1}
        - wireshark 3.6.0-1
        [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17703
@@ -61989,7 +61997,7 @@ CVE-2021-22236 (Due to improper handling of OAuth 
client IDs, new subscriptions
        - gitlab <unfixed>
        NOTE: 
https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
 CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 
to 3.2.14 ...)
-       {DSA-5019-1}
+       {DSA-5019-1 DLA-2849-1}
        [experimental] - wireshark 3.4.7-1~exp1
        - wireshark 3.4.7-1
        [buster] - wireshark <no-dsa> (Minor issue)
@@ -62061,7 +62069,7 @@ CVE-2021-22209 (An issue has been discovered in GitLab 
CE/EE affecting all versi
 CVE-2021-22208 (An issue has been discovered in GitLab affecting versions 
starting wit ...)
        - gitlab <unfixed>
 CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 
3.4.0 to ...)
-       {DSA-5019-1}
+       {DSA-5019-1 DLA-2849-1}
        [experimental] - wireshark 3.4.6-1~exp1
        - wireshark 3.4.7-1 (bug #987853)
        [buster] - wireshark <no-dsa> (Minor issue)
@@ -160799,7 +160807,7 @@ CVE-2019-15533 (XENFCoreSharp before 2019-07-16 
allows SQL injection in web/veri
 CVE-2019-15532 (CyberChef before 8.31.2 allows XSS in 
core/operations/TextEncodingBrut ...)
        NOT-FOR-US: CyberChef
 CVE-2019-15531 (GNU Libextractor through 1.9 has a heap-based buffer over-read 
in the  ...)
-       {DLA-1904-1}
+       {DLA-2851-1 DLA-1904-1}
        - libextractor 1:1.9-2 (bug #935553)
        [buster] - libextractor <no-dsa> (Minor issue)
        NOTE: https://bugs.gnunet.org/view.php?id=5846
@@ -161852,7 +161860,7 @@ CVE-2019-15166 (lmp_print_data_link_subobjs() in 
print-lmp.c in tcpdump before 4
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
 CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate 
the PHB ...)
-       {DLA-1967-1}
+       {DLA-2850-1 DLA-1967-1}
        - libpcap 1.9.1-1 (low; bug #941697)
        [buster] - libpcap <ignored> (Minor issue)
        NOTE: 
https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a07dfa4f740fbcef3aca71ec25e270b87f6310

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a07dfa4f740fbcef3aca71ec25e270b87f6310
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to