Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
21f6f5fe by security tracker role at 2021-12-28T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-45913
+ RESERVED
+CVE-2021-45912
+ RESERVED
+CVE-2021-44775
+ RESERVED
+CVE-2021-44465
+ RESERVED
+CVE-2021-4187
+ RESERVED
CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based
buffer ...)
- gif2apng <unfixed> (bug #1002687)
CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based
buffer ...)
@@ -16,8 +26,8 @@ CVE-2021-45905 (OpenWrt 21.02.1 allows XSS via the Traffic
Rules Name screen. ..
NOT-FOR-US: OpenWrt
CVE-2021-45904 (OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name
screen. ...)
NOT-FOR-US: OpenWrt
-CVE-2021-45903
- RESERVED
+CVE-2021-45903 (A persistent cross-site scripting (XSS) issue in the web
interface of ...)
+ TODO: check
CVE-2021-45902
RESERVED
CVE-2021-45901
@@ -206,12 +216,12 @@ CVE-2021-45816
RESERVED
CVE-2021-45815
RESERVED
-CVE-2021-45814
- RESERVED
-CVE-2021-45813
- RESERVED
-CVE-2021-45812
- RESERVED
+CVE-2021-45814 (Nettmp NNT 5.1 is affected by a SQL injection vulnerability.
An attack ...)
+ TODO: check
+CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting
(XSS) vu ...)
+ TODO: check
+CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a
Cross Site ...)
+ TODO: check
CVE-2021-45811
RESERVED
CVE-2021-45810
@@ -372,8 +382,8 @@ CVE-2021-45733
RESERVED
CVE-2021-4180
RESERVED
-CVE-2021-4179
- RESERVED
+CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of
Input Durin ...)
+ TODO: check
CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for
Rust. The it ...)
TODO: check
CVE-2021-45719 (An issue was discovered in the rusqlite crate 0.25.x before
0.25.4 and ...)
@@ -1575,8 +1585,8 @@ CVE-2021-45427
RESERVED
CVE-2021-45426
RESERVED
-CVE-2021-45425
- RESERVED
+CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage
versions 8.3 an ...)
+ TODO: check
CVE-2021-45424
RESERVED
CVE-2021-45423
@@ -2532,7 +2542,7 @@ CVE-2022-21945
RESERVED
CVE-2022-21944
RESERVED
-CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding
2.12.3) di ...)
+CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding
2.12.3 and ...)
{DSA-5024-1 DLA-2852-1}
- apache-log4j2 2.17.0-1 (bug #1001891)
NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
@@ -2649,7 +2659,7 @@ CVE-2021-42550 (In logback version 1.2.7 and prior
versions, an attacker with th
NOTE: https://jira.qos.ch/browse/LOGBACK-1591
NOTE:
https://github.com/qos-ch/logback/commit/21d772f2bc2ed780b01b4fe108df7e29707763f1
(v_1.2.8)
CVE-2021-44771
- RESERVED
+ REJECTED
CVE-2021-4124 (janus-gateway is vulnerable to Improper Neutralization of Input
During ...)
- janus <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/a6ca142e-60aa-4d6f-b231-5d1bcd1b7190
@@ -2662,7 +2672,7 @@ CVE-2021-4122
CVE-2021-4121 (yetiforcecrm is vulnerable to Improper Neutralization of Input
During ...)
NOT-FOR-US: yetiforcecrm
CVE-2021-23151
- RESERVED
+ REJECTED
CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel
through 5. ...)
- linux <unfixed> (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -5235,7 +5245,7 @@ CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition
before 2021.11 on Wind
NOT-FOR-US: Burp Suite (different from src:burp)
CVE-2021-44229
RESERVED
-CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through
2.15.0 JNDI ...)
+CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security
releases 2. ...)
{DSA-5020-1 DLA-2842-1}
- apache-log4j2 2.15.0-1 (bug #1001478)
- apache-log4j1.2 <not-affected> (Vulnerable code not present)
@@ -7998,12 +8008,12 @@ CVE-2021-3941
NOTE: Fixed by:
https://github.com/AcademySoftwareFoundation/openexr/commit/a0cfa81153b2464b864c5fe39a53cb03339092ed
CVE-2021-3940
RESERVED
-CVE-2021-43556
- RESERVED
+CVE-2021-43556 (FATEK WinProladder Versions 3.30_24518 and prior are
vulnerable to a s ...)
+ TODO: check
CVE-2021-43555 (mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly
validat ...)
NOT-FOR-US: mySCADA myDESIGNER
-CVE-2021-43554
- RESERVED
+CVE-2021-43554 (FATEK WinProladder Versions 3.30_24518 and prior are
vulnerable to an ...)
+ TODO: check
CVE-2021-43553 (PI Vision could disclose information to a user with
insufficient privi ...)
NOT-FOR-US: OSIsoft
CVE-2021-43552 (The use of a hard-coded cryptographic key significantly
increases the ...)
@@ -11386,8 +11396,8 @@ CVE-2021-42585
RESERVED
CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in
Convos-Chat before ...)
NOT-FOR-US: Convos-Chat
-CVE-2021-42583
- RESERVED
+CVE-2021-42583 (A Broken or Risky Cryptographic Algorithm exists in Max
Mazurov Maddy ...)
+ TODO: check
CVE-2021-42582
RESERVED
CVE-2021-42581
@@ -17431,8 +17441,8 @@ CVE-2021-40581
RESERVED
CVE-2021-40580
RESERVED
-CVE-2021-40579
- RESERVED
+CVE-2021-40579 (https://www.sourcecodester.com/ Online Enrollment Management
System in ...)
+ TODO: check
CVE-2021-40578 (Authenticated Blind & Error-based SQL injection
vulnerability was ...)
NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free
Source Code
CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in
Sourcecode ...)
@@ -25303,10 +25313,10 @@ CVE-2021-3660
[bullseye] - cockpit <ignored> (Minor issue)
[buster] - cockpit <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980688
-CVE-2021-37401
- RESERVED
-CVE-2021-37400
- RESERVED
+CVE-2021-37401 (An attacker may obtain the user credentials from file servers,
backup ...)
+ TODO: check
+CVE-2021-37400 (An attacker may obtain the user credentials from the
communication bet ...)
+ TODO: check
CVE-2021-37399
RESERVED
CVE-2021-37398
@@ -28795,7 +28805,7 @@ CVE-2021-35942 (The wordexp function in the GNU C
Library (aka glibc) through 2.
CVE-2021-35941 (Western Digital WD My Book Live (2.x and later) and WD My Book
Live Du ...)
NOT-FOR-US: Western Digital
CVE-2021-3630 (An out-of-bounds write vulnerability was found in DjVuLibre in
DJVU::D ...)
- {DLA-2702-1}
+ {DSA-5032-1 DLA-2702-1}
- djvulibre 3.5.27.1-12
NOTE: https://sourceforge.net/p/djvu/bugs/302/
NOTE:
https://sourceforge.net/p/djvu/djvulibre-git/ci/7b0ef20690e08f1fe124aebbf42f6310e2f40f81/
@@ -30889,10 +30899,10 @@ CVE-2021-35034
RESERVED
CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818,
NBG7815, WSQ20, ...)
NOT-FOR-US: Zyxel
-CVE-2021-35032
- RESERVED
-CVE-2021-35031
- RESERVED
+CVE-2021-35032 (A vulnerability in the 'libsal.so' of the Zyxel GS1900 series
firmware ...)
+ TODO: check
+CVE-2021-35031 (A vulnerability in the TFTP client of Zyxel GS1900 series
firmware, XG ...)
+ TODO: check
CVE-2021-35030 (A vulnerability was found in the CGI program in Zyxel GS1900-8
firmwar ...)
NOT-FOR-US: Zyxel
CVE-2021-35029 (An authentication bypasss vulnerability in the web-based
management in ...)
@@ -37092,22 +37102,22 @@ CVE-2021-3546 (An out-of-bounds write vulnerability
was found in the virtio vhos
CVE-2021-3542
REJECTED
CVE-2021-32493 (A flaw was found in djvulibre-3.5.28 and earlier. A heap
buffer overfl ...)
- {DLA-2667-1}
+ {DSA-5032-1 DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943424
NOTE:
https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/
(chunk #3 / Patch12)
CVE-2021-32492 (A flaw was found in djvulibre-3.5.28 and earlier. An out of
bounds rea ...)
- {DLA-2667-1}
+ {DSA-5032-1 DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943410
NOTE:
https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/
(chunk #1 / Patch10)
CVE-2021-32491 (A flaw was found in djvulibre-3.5.28 and earlier. An integer
overflow ...)
- {DLA-2667-1}
+ {DSA-5032-1 DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943409
NOTE:
https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/
(chunk #5 / Patch9)
CVE-2021-32490 (A flaw was found in djvulibre-3.5.28 and earlier. An out of
bounds wri ...)
- {DLA-2667-1}
+ {DSA-5032-1 DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408
NOTE:
https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/
(chunk #4 / Patch8)
@@ -40014,7 +40024,7 @@ CVE-2021-3502 (A flaw was found in avahi 0.8-5. A
reachable assertion is present
NOTE: Fixed by:
https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c
NOTE: Introduced by:
https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49
(v0.8)
CVE-2021-3500 (A flaw was found in djvulibre-3.5.28 and earlier. A Stack
overflow in ...)
- {DLA-2667-1}
+ {DSA-5032-1 DLA-2667-1}
- djvulibre 3.5.28-2 (bug #988215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685
NOTE: Patch in Fedora (not upstream'ed):
https://src.fedoraproject.org/rpms/djvulibre/c/fc359410f7131e4ea0a892ef78e6da72f29afeee.patch
@@ -60304,8 +60314,8 @@ CVE-2021-3097
RESERVED
CVE-2021-3096
RESERVED
-CVE-2021-3095
- RESERVED
+CVE-2021-3095 (A remote attacker with write access to PI Vision could inject
code int ...)
+ TODO: check
CVE-2021-3094
RESERVED
CVE-2021-3093
@@ -60314,8 +60324,8 @@ CVE-2021-3092
RESERVED
CVE-2021-3091
RESERVED
-CVE-2021-3090
- RESERVED
+CVE-2021-3090 (PI Vision could disclose information to a user with
insufficient privi ...)
+ TODO: check
CVE-2021-3089
RESERVED
CVE-2021-3088
@@ -140147,8 +140157,8 @@ CVE-2019-20084
RESERVED
CVE-2019-20083
RESERVED
-CVE-2019-20082
- RESERVED
+CVE-2019-20082 (ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow
via a long ...)
+ TODO: check
CVE-2019-20081
RESERVED
CVE-2019-20080
@@ -148933,7 +148943,7 @@ CVE-2019-18805 (An issue was discovered in
net/ipv4/sysctl_net_ipv4.c in the Lin
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/19fad20d15a6494f47f85d869f00b11343ee5c78
CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the
function DJVU:: ...)
- {DLA-2667-1 DLA-1985-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1985-1}
- djvulibre 3.5.27.1-14 (bug #945114)
NOTE: https://sourceforge.net/p/djvu/bugs/309/
NOTE:
https://sourceforge.net/p/djvu/djvulibre-git/ci/c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125/
@@ -162511,22 +162521,22 @@ CVE-2019-15147 (GoPro GPMF-parser 1.2.2 has an
out-of-bounds read and SEGV in GP
CVE-2019-15146 (GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4
bytes) in ...)
NOT-FOR-US: gpmf-parser
CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service
attack ...)
- {DLA-2667-1 DLA-1902-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
NOTE: https://sourceforge.net/p/djvu/bugs/298/
NOTE:
https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka
GArrayTemplate< ...)
- {DLA-2667-1 DLA-1902-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
NOTE: https://sourceforge.net/p/djvu/bugs/299/
NOTE:
https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows
attackers to c ...)
- {DLA-2667-1 DLA-1902-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
NOTE: https://sourceforge.net/p/djvu/bugs/297/
NOTE:
https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component
allows a ...)
- {DLA-2667-1 DLA-1902-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
NOTE: https://sourceforge.net/p/djvu/bugs/296/
NOTE:
https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
@@ -186348,7 +186358,7 @@ CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior
to version 2018.12 allows
CVE-2019-7650
RESERVED
CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2
has CL ...)
- {DLA-1717-1}
+ {DLA-2861-1 DLA-1717-1}
- rdflib 4.2.2-2 (low; bug #921751)
NOTE: Debian specific issue as respective scripts are overwritten in
Debian
NOTE: packaging as wrappers invoking python -m.
@@ -211649,7 +211659,7 @@ CVE-2018-1000807 (Python Cryptographic Authority
pyopenssl version prior to vers
NOTE: https://github.com/pyca/pyopenssl/pull/723
NOTE:
https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5,
1.17.6 con ...)
- {DLA-1556-1}
+ {DLA-2860-1 DLA-1556-1}
- paramiko 2.4.2-0.1 (bug #910760)
NOTE: https://github.com/paramiko/paramiko/issues/1283
NOTE:
https://github.com/paramiko/paramiko/commit/56c96a659658acdbb873aef8809a7b508434dcce
@@ -212128,8 +212138,8 @@ CVE-2018-17877 (A lottery smart contract
implementation for Greedy 599, an Ether
NOT-FOR-US: Greedy 599
CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0
version o ...)
NOT-FOR-US: Coaster CMS
-CVE-2018-17875
- RESERVED
+CVE-2018-17875 (A remote code execution issue in the ping command on Poly Trio
8800 5. ...)
+ TODO: check
CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
NOT-FOR-US: ExpressionEngine
CVE-2018-17873 (An incorrect access control vulnerability in the FTP
configuration of ...)
@@ -238931,7 +238941,7 @@ CVE-2018-7751 (The svg_probe function in
libavformat/img2dec.c in FFmpeg through
- libav <not-affected> (Vulnerable code not present)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f
CVE-2018-7750 (transport.py in the SSH server implementation of Paramiko
before 1.17. ...)
- {DLA-1556-1}
+ {DLA-2860-1 DLA-1556-1}
- paramiko 2.4.2-0.1 (bug #892859)
[wheezy] - paramiko <no-dsa> (Minor issue)
NOTE: https://github.com/paramiko/paramiko/issues/1175
@@ -332004,7 +332014,7 @@ CVE-2016-3738 (Red Hat OpenShift Enterprise 3.2 does
not properly restrict acces
CVE-2016-3737 (The server in Red Hat JBoss Operations Network (JON) before
3.3.6 allo ...)
NOT-FOR-US: Red Hat / JBoss Operations Network server
CVE-2016-3736
- RESERVED
+ REJECTED
CVE-2016-3735
RESERVED
CVE-2016-3734 (Cross-site request forgery (CSRF) vulnerability in
markposts.php in Mo ...)
@@ -333631,7 +333641,7 @@ CVE-2016-3104 (mongod in MongoDB 2.6, when using
2.4-style users, and 2.4 allow
NOTE: MongoDB 2.4 installation with authentication enabled, upgraded
NOTE: to 2.6, and did not complete a full upgrade
CVE-2016-3103
- RESERVED
+ REJECTED
CVE-2016-3102 (The Script Security plugin before 1.18.1 in Jenkins might allow
remote ...)
- jenkins <removed>
CVE-2016-3101 (Cross-site scripting (XSS) vulnerability in the Extra Columns
plugin b ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21f6f5fe1b93a2d0b59ae0d7db49880dd3972c06
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21f6f5fe1b93a2d0b59ae0d7db49880dd3972c06
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
