[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 1 08:10:27 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
519018c9 by security tracker role at 2021-12-01T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-21240
+	RESERVED
+CVE-2022-21237
+	RESERVED
+CVE-2022-21218
+	RESERVED
+CVE-2022-21212
+	RESERVED
+CVE-2022-21197
+	RESERVED
+CVE-2022-21172
+	RESERVED
+CVE-2022-21160
+	RESERVED
+CVE-2022-21140
+	RESERVED
+CVE-2022-21139
+	RESERVED
+CVE-2022-21133
+	RESERVED
+CVE-2021-44470
+	RESERVED
+CVE-2021-4037
+	RESERVED
+CVE-2021-4036
+	RESERVED
+CVE-2021-37409
+	RESERVED
+CVE-2021-37405
+	RESERVED
+CVE-2021-33847
+	RESERVED
+CVE-2021-26950
+	RESERVED
+CVE-2021-26258
+	RESERVED
+CVE-2021-26257
+	RESERVED
+CVE-2021-26251
+	RESERVED
+CVE-2021-23223
+	RESERVED
+CVE-2021-23179
+	RESERVED
 CVE-2021-44464
 	RESERVED
 CVE-2021-44453
@@ -478,8 +522,8 @@ CVE-2021-4028 [use-after-free in RDMA listen()]
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027201
 CVE-2021-4027
 	RESERVED
-CVE-2021-4026
-	RESERVED
+CVE-2021-4026 (bookstack is vulnerable to Improper Access Control ...)
+	TODO: check
 CVE-2021-4025
 	RESERVED
 CVE-2021-44235
@@ -3740,12 +3784,12 @@ CVE-2021-43362
 	RESERVED
 CVE-2021-43361
 	RESERVED
-CVE-2021-43360
-	RESERVED
-CVE-2021-43359
-	RESERVED
-CVE-2021-43358
-	RESERVED
+CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule’s serialization functi ...)
+	TODO: check
+CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allows a re ...)
+	TODO: check
+CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...)
+	TODO: check
 CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...)
 	- vim <unfixed>
 	[stretch] - vim <no-dsa> (Minor issue)
@@ -3842,7 +3886,7 @@ CVE-2021-43322
 CVE-2021-43321
 	RESERVED
 CVE-2021-43320
-	RESERVED
+	REJECTED
 CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488 is vulne ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-43318
@@ -6586,8 +6630,8 @@ CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter.
 	NOT-FOR-US: myfactory.FMS
 CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...)
 	NOT-FOR-US: myfactory.FMS
-CVE-2021-42564
-	RESERVED
+CVE-2021-42564 (An open redirect through HTML injection in confidential messages in Cr ...)
+	TODO: check
 CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) ...)
 	NOT-FOR-US: NI Service Locator
 CVE-2021-3893
@@ -10941,8 +10985,8 @@ CVE-2021-41258 (Kirby is an open source file structured CMS. In affected version
 	NOT-FOR-US: Kirby
 CVE-2021-41257
 	RESERVED
-CVE-2021-41256
-	RESERVED
+CVE-2021-41256 (nextcloud news-android is an Android client for the Nextcloud news/fee ...)
+	TODO: check
 CVE-2021-41255
 	RESERVED
 CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running  ...)
@@ -12040,8 +12084,8 @@ CVE-2021-40811
 	RESERVED
 CVE-2021-40810
 	RESERVED
-CVE-2021-40809
-	RESERVED
+CVE-2021-40809 (An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An  ...)
+	TODO: check
 CVE-2021-40808
 	RESERVED
 CVE-2021-40807
@@ -13750,8 +13794,8 @@ CVE-2021-40103 (An issue was discovered in Concrete CMS through 8.5.5. Path Trav
 	NOT-FOR-US: Concrete CMS
 CVE-2021-40102 (An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File  ...)
 	NOT-FOR-US: Concrete CMS
-CVE-2021-40101
-	RESERVED
+CVE-2021-40101 (An issue was discovered in Concrete CMS before 8.5.7. The Dashboard al ...)
+	TODO: check
 CVE-2021-40100 (An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can  ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2021-40099 (An issue was discovered in Concrete CMS through 8.5.5. Fetching the up ...)
@@ -15548,7 +15592,7 @@ CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ..
 	NOT-FOR-US: firefly-iii
 CVE-2020-36474 (SafeCurl before 0.9.2 has a DNS rebinding vulnerability. ...)
 	NOT-FOR-US: SafeCurl
-CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has a vulnerability affecting in ...)
+CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka P ...)
 	NOT-FOR-US: Jamf Pro
 CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the  ...)
 	NOT-FOR-US: MISP
@@ -22789,16 +22833,16 @@ CVE-2021-36332 (Dell EMC CloudLink 7.1 and all prior versions contain a HTML and
 	NOT-FOR-US: EMC
 CVE-2021-36331
 	RESERVED
-CVE-2021-36330
-	RESERVED
-CVE-2021-36329
-	RESERVED
-CVE-2021-36328
-	RESERVED
-CVE-2021-36327
-	RESERVED
-CVE-2021-36326
-	RESERVED
+CVE-2021-36330 (Dell EMC Streaming Data Platform versions before 1.3 contain an Insuff ...)
+	TODO: check
+CVE-2021-36329 (Dell EMC Streaming Data Platform versions before 1.3 contain an Indire ...)
+	TODO: check
+CVE-2021-36328 (Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Inj ...)
+	TODO: check
+CVE-2021-36327 (Dell EMC Streaming Data Platform versions before 1.3 contain a Server  ...)
+	TODO: check
+CVE-2021-36326 (Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL ...)
+	TODO: check
 CVE-2021-36325 (Dell BIOS contains an improper input validation vulnerability. A local ...)
 	NOT-FOR-US: Dell
 CVE-2021-36324 (Dell BIOS contains an improper input validation vulnerability. A local ...)
@@ -62453,42 +62497,42 @@ CVE-2021-20866
 	RESERVED
 CVE-2021-20865
 	RESERVED
-CVE-2021-20864
-	RESERVED
-CVE-2021-20863
-	RESERVED
-CVE-2021-20862
-	RESERVED
-CVE-2021-20861
-	RESERVED
-CVE-2021-20860
-	RESERVED
-CVE-2021-20859
-	RESERVED
-CVE-2021-20858
-	RESERVED
-CVE-2021-20857
-	RESERVED
-CVE-2021-20856
-	RESERVED
-CVE-2021-20855
-	RESERVED
-CVE-2021-20854
-	RESERVED
-CVE-2021-20853
-	RESERVED
-CVE-2021-20852
-	RESERVED
-CVE-2021-20851
-	RESERVED
+CVE-2021-20864 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2  ...)
+	TODO: check
+CVE-2021-20863 (OS command injection vulnerability in ELECOM routers (WRC-1167GST2 fir ...)
+	TODO: check
+CVE-2021-20862 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2  ...)
+	TODO: check
+CVE-2021-20861 (Improper access control vulnerability in ELECOM LAN routers (WRC-1167G ...)
+	TODO: check
+CVE-2021-20860 (Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers  ...)
+	TODO: check
+CVE-2021-20859 (ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST ...)
+	TODO: check
+CVE-2021-20858 (Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I ...)
+	TODO: check
+CVE-2021-20857 (Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I ...)
+	TODO: check
+CVE-2021-20856 (Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK f ...)
+	TODO: check
+CVE-2021-20855 (Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK f ...)
+	TODO: check
+CVE-2021-20854 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733G ...)
+	TODO: check
+CVE-2021-20853 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733G ...)
+	TODO: check
+CVE-2021-20852 (Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmwa ...)
+	TODO: check
+CVE-2021-20851 (Cross-site request forgery (CSRF) vulnerability in Browser and Operati ...)
+	TODO: check
 CVE-2021-20850 (PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and ea ...)
 	NOT-FOR-US: PowerCMS
 CVE-2021-20849
 	RESERVED
 CVE-2021-20848 (Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 a ...)
 	NOT-FOR-US: rwtxt
-CVE-2021-20847
-	RESERVED
+CVE-2021-20847 (Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G ...)
+	TODO: check
 CVE-2021-20846 (Cross-site request forgery (CSRF) vulnerability in Push Notifications  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-20845 (Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap G ...)
@@ -151679,12 +151723,12 @@ CVE-2019-17044 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execut
 CVE-2019-17043 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution pe ...)
 	NOT-FOR-US: BMC Patrol Agent
 CVE-2019-17042 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmc ...)
-	{DLA-1952-1}
+	{DLA-2835-1 DLA-1952-1}
 	- rsyslog 8.1910.0-1 (bug #942065)
 	[buster] - rsyslog <no-dsa> (Minor issue, pmcisconames module not loaded by default)
 	NOTE: https://github.com/rsyslog/rsyslog/pull/3883
 CVE-2019-17041 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfr ...)
-	{DLA-1952-1}
+	{DLA-2835-1 DLA-1952-1}
 	- rsyslog 8.1910.0-1 (bug #942067)
 	[buster] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not loaded by default)
 	NOTE: https://github.com/rsyslog/rsyslog/pull/3884
@@ -184445,7 +184489,7 @@ CVE-2018-20723 (A cross-site scripting (XSS) vulnerability exists in color_templ
 CVE-2018-20722
 	RESERVED
 CVE-2018-20721 (URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bound ...)
-	{DLA-1682-1}
+	{DLA-2834-1 DLA-1682-1}
 	- uriparser 0.9.1-1 (low)
 	NOTE: https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4
 CVE-2015-9280 (MailEnable before 8.60 allows XXE via an XML document in the request.a ...)
@@ -240452,7 +240496,7 @@ CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packe
 CVE-2018-5765
 	RESERVED
 CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync before 3. ...)
-	{DLA-1725-1 DLA-1247-1}
+	{DLA-2833-1 DLA-1725-1 DLA-1247-1}
 	- rsync 3.1.2-2.2 (bug #887588)
 	NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
 CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.7  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/519018c920581a68d9691f02eaed07b4ce96f2c5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/519018c920581a68d9691f02eaed07b4ce96f2c5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211201/064cf15e/attachment.htm>

More information about the debian-security-tracker-commits mailing list