[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 1 20:10:29 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f72f6de6 by security tracker role at 2021-12-01T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2021-44511
+ RESERVED
+CVE-2021-44510
+ RESERVED
+CVE-2021-44509
+ RESERVED
+CVE-2021-44508
+ RESERVED
+CVE-2021-44507
+ RESERVED
+CVE-2021-44506
+ RESERVED
+CVE-2021-44505
+ RESERVED
+CVE-2021-44504
+ RESERVED
+CVE-2021-44503
+ RESERVED
+CVE-2021-44502
+ RESERVED
+CVE-2021-44501
+ RESERVED
+CVE-2021-44500
+ RESERVED
+CVE-2021-44499
+ RESERVED
+CVE-2021-44498
+ RESERVED
+CVE-2021-44497
+ RESERVED
+CVE-2021-44496
+ RESERVED
+CVE-2021-44495
+ RESERVED
+CVE-2021-44494
+ RESERVED
+CVE-2021-44493
+ RESERVED
+CVE-2021-44492
+ RESERVED
+CVE-2021-44491
+ RESERVED
+CVE-2021-44490
+ RESERVED
+CVE-2021-44489
+ RESERVED
+CVE-2021-44488
+ RESERVED
+CVE-2021-44487
+ RESERVED
+CVE-2021-44486
+ RESERVED
+CVE-2021-44485
+ RESERVED
+CVE-2021-44484
+ RESERVED
+CVE-2021-44483
+ RESERVED
+CVE-2021-44482
+ RESERVED
+CVE-2021-44481
+ RESERVED
+CVE-2021-44480 (Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who ...)
+ TODO: check
+CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted wlength ...)
+ TODO: check
+CVE-2021-44478
+ RESERVED
+CVE-2021-4038
+ RESERVED
CVE-2022-21240
RESERVED
CVE-2022-21237
@@ -418,14 +488,14 @@ CVE-2021-44282
RESERVED
CVE-2021-44281
RESERVED
-CVE-2021-44280
- RESERVED
-CVE-2021-44279
- RESERVED
+CVE-2021-44280 (attendance management system 1.0 is affected by a SQL injection vulner ...)
+ TODO: check
+CVE-2021-44279 (Librenms 21.11.0 is affected by is affected by a Cross Site Scripting ...)
+ TODO: check
CVE-2021-44278
RESERVED
-CVE-2021-44277
- RESERVED
+CVE-2021-44277 (Librenms 21.11.0 is affected by is affected by a Cross Site Scripting ...)
+ TODO: check
CVE-2021-44276
RESERVED
CVE-2021-44275
@@ -690,8 +760,8 @@ CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input D
NOTE: https://huntr.dev/bounties/9814baa8-7bdd-4e31-a132-d9d15653409e/
NOTE: https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd
NOTE: Issues only in janus-demos built from src:janus
-CVE-2021-4019
- RESERVED
+CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ TODO: check
CVE-2021-44220
RESERVED
CVE-2021-44219 (Gin-Vue-Admin before 2.4.6 mishandles a SQL database. ...)
@@ -720,10 +790,10 @@ CVE-2021-44208
RESERVED
CVE-2021-44207
RESERVED
-CVE-2021-4018
- RESERVED
-CVE-2021-4017
- RESERVED
+CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ TODO: check
+CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-44206
RESERVED
CVE-2021-44205
@@ -748,8 +818,8 @@ CVE-2021-44196
RESERVED
CVE-2021-4016
RESERVED
-CVE-2021-4015
- RESERVED
+CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4014
@@ -1042,22 +1112,22 @@ CVE-2021-3996
RESERVED
CVE-2021-3995
RESERVED
-CVE-2021-3994
- RESERVED
-CVE-2021-3993
- RESERVED
-CVE-2021-3992
- RESERVED
+CVE-2021-3994 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
+ TODO: check
+CVE-2021-3993 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
+CVE-2021-3992 (kimai2 is vulnerable to Improper Access Control ...)
+ TODO: check
CVE-2021-44078
RESERVED
CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-3991
RESERVED
-CVE-2021-3990
- RESERVED
-CVE-2021-3989
- RESERVED
+CVE-2021-3990 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
+ TODO: check
+CVE-2021-3989 (showdoc is vulnerable to URL Redirection to Untrusted Site ...)
+ TODO: check
CVE-2021-3988
RESERVED
CVE-2021-3987
@@ -1136,12 +1206,12 @@ CVE-2021-44042
RESERVED
CVE-2021-44041
RESERVED
-CVE-2021-3985
- RESERVED
-CVE-2021-3984
- RESERVED
-CVE-2021-3983
- RESERVED
+CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...)
+ TODO: check
+CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ TODO: check
+CVE-2021-3983 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...)
+ TODO: check
CVE-2022-21742
RESERVED
CVE-2021-44040
@@ -1954,8 +2024,8 @@ CVE-2021-43772
RESERVED
CVE-2021-43771 (Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an ...)
NOT-FOR-US: Trend Micro
-CVE-2021-3964
- RESERVED
+CVE-2021-3964 (elgg is vulnerable to Authorization Bypass Through User-Controlled Key ...)
+ TODO: check
CVE-2021-3963 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: kimai2
CVE-2021-3962 (A flaw was found in ImageMagick where it did not properly sanitize cer ...)
@@ -2934,34 +3004,34 @@ CVE-2021-43700
RESERVED
CVE-2021-43699
RESERVED
-CVE-2021-43698 (An unspecified version of phpWhois is affected by a Cross Site Scripti ...)
+CVE-2021-43698 (phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripti ...)
NOT-FOR-US: phpWhois
-CVE-2021-43697 (An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cr ...)
+CVE-2021-43697 (Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a C ...)
NOT-FOR-US: Workerman-ThinkPHP-Redis
-CVE-2021-43696 (An unspecified version of twmap is affected by a Cross Site Scripting ...)
+CVE-2021-43696 (twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerab ...)
NOT-FOR-US: twmap
-CVE-2021-43695 (An unspecified version of issabelPBX is affected by a Cross Site Scrip ...)
+CVE-2021-43695 (issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vu ...)
NOT-FOR-US: issabelPBX
CVE-2021-43694
RESERVED
CVE-2021-43693 (vesta 0.9.8-24 is affected by a file inclusion vulnerability in file w ...)
NOT-FOR-US: Vesta Control Panel
-CVE-2021-43692 (An unspecified version of youtube-php-mirroring is affected by a Cross ...)
+CVE-2021-43692 (youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross ...)
NOT-FOR-US: youtube-php-mirroring
-CVE-2021-43691 (An unspecified version of tripexpress is affected by a path manipulati ...)
+CVE-2021-43691 (tripexpress v1.1 is affected by a path manipulation vulnerability in f ...)
NOT-FOR-US: tripexpress
-CVE-2021-43690
- RESERVED
-CVE-2021-43689
- RESERVED
+CVE-2021-43690 (YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
+ TODO: check
+CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by is affected by a Cros ...)
+ TODO: check
CVE-2021-43688
RESERVED
-CVE-2021-43687
- RESERVED
+CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulne ...)
+ TODO: check
CVE-2021-43686
RESERVED
-CVE-2021-43685
- RESERVED
+CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...)
+ TODO: check
CVE-2021-43684
RESERVED
CVE-2021-43683
@@ -3579,8 +3649,8 @@ CVE-2021-43453
RESERVED
CVE-2021-43452
RESERVED
-CVE-2021-43451
- RESERVED
+CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee Record Manag ...)
+ TODO: check
CVE-2021-43450
RESERVED
CVE-2021-43449
@@ -6146,8 +6216,8 @@ CVE-2021-42778
RESERVED
CVE-2021-42777
RESERVED
-CVE-2021-42776
- RESERVED
+CVE-2021-42776 (CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE ...)
+ TODO: check
CVE-2021-42775 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager
CVE-2021-42774 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
@@ -9874,7 +9944,8 @@ CVE-2021-41750
RESERVED
CVE-2021-41749
RESERVED
-CVE-2021-41748 (An Incorrect Access Control issue exists in all versions of Portainer. ...)
+CVE-2021-41748
+ REJECTED
NOT-FOR-US: Portainer
CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...)
NOT-FOR-US: Csdn APP
@@ -9932,7 +10003,8 @@ CVE-2021-41722
RESERVED
CVE-2021-41721
RESERVED
-CVE-2021-41720 (** DISPUTED ** A command injection vulnerability in Lodash 4.17.21 all ...)
+CVE-2021-41720
+ REJECTED
- node-lodash <unfixed> (unimportant)
NOTE: https://github.com/lodash/lodash/issues/5261
NOTE: Disputed security impact and validitity of the issue
@@ -13621,8 +13693,8 @@ CVE-2021-40155 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020
NOT-FOR-US: Autodesk
CVE-2021-3747 (The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, acciden ...)
NOT-FOR-US: Multipass
-CVE-2021-40154
- RESERVED
+CVE-2021-40154 (NXP LPC55S69 devices before A3 have a buffer over-read via a crafted w ...)
+ TODO: check
CVE-2021-40152
RESERVED
CVE-2021-40151
@@ -17368,8 +17440,7 @@ CVE-2021-38577
RESERVED
CVE-2021-38576
RESERVED
-CVE-2021-38575 [edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe]
- RESERVED
+CVE-2021-38575 (NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. ...)
- edk2 2021.08-1
[bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
@@ -26934,8 +27005,8 @@ CVE-2021-34601
RESERVED
CVE-2021-34600
RESERVED
-CVE-2021-34599
- RESERVED
+CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...)
+ TODO: check
CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...)
NOT-FOR-US: Phoenix
CVE-2021-34597 (Improper Input Validation vulnerability in PC Worx Automation Suite of ...)
@@ -31855,8 +31926,8 @@ CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface o
NOT-FOR-US: FortiPortal
CVE-2021-32593
RESERVED
-CVE-2021-32592
- RESERVED
+CVE-2021-32592 (An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 ...)
+ TODO: check
CVE-2021-32591
RESERVED
CVE-2021-32590 (Multiple improper neutralization of special elements used in an SQL co ...)
@@ -39142,8 +39213,8 @@ CVE-2021-29865
RESERVED
CVE-2021-29864
RESERVED
-CVE-2021-29863
- RESERVED
+CVE-2021-29863 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forge ...)
+ TODO: check
CVE-2021-29862 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
NOT-FOR-US: IBM
CVE-2021-29861 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
@@ -39170,8 +39241,8 @@ CVE-2021-29851 (IBM Planning Analytics 2.0 could allow a remote attacker to obta
NOT-FOR-US: IBM
CVE-2021-29850
RESERVED
-CVE-2021-29849
- RESERVED
+CVE-2021-29849 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...)
+ TODO: check
CVE-2021-29848
RESERVED
CVE-2021-29847
@@ -39310,8 +39381,8 @@ CVE-2021-29781 (IBM Partner Engagement Manager 2.0 could allow a remote attacker
NOT-FOR-US: IBM
CVE-2021-29780 (IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authent ...)
NOT-FOR-US: IBM
-CVE-2021-29779
- RESERVED
+CVE-2021-29779 (IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitiv ...)
+ TODO: check
CVE-2021-29778
RESERVED
CVE-2021-29777 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
@@ -47725,8 +47796,8 @@ CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU) may
NOT-FOR-US: AMD
CVE-2021-26335 (Improper input and range checking in the Platform Security Processor ( ...)
NOT-FOR-US: AMD
-CVE-2021-26334
- RESERVED
+CVE-2021-26334 (The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower ...)
+ TODO: check
CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...)
NOT-FOR-US: AMD
CVE-2021-26332
@@ -48745,8 +48816,8 @@ CVE-2021-25969 (In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnera
NOT-FOR-US: Camaleon CMS
CVE-2021-25968 (In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a ...)
NOT-FOR-US: OpenCMS
-CVE-2021-25967
- RESERVED
+CVE-2021-25967 (In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerab ...)
+ TODO: check
CVE-2021-25966 (In “Orchard core CMS” application, versions 1.0.0-beta1-33 ...)
NOT-FOR-US: Orchard CMS
CVE-2021-25965 (In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site ...)
@@ -63016,12 +63087,12 @@ CVE-2021-20613
RESERVED
CVE-2021-20612
RESERVED
-CVE-2021-20611
- RESERVED
-CVE-2021-20610
- RESERVED
-CVE-2021-20609
- RESERVED
+CVE-2021-20611 (Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/0 ...)
+ TODO: check
+CVE-2021-20610 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
+ TODO: check
+CVE-2021-20609 (Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series ...)
+ TODO: check
CVE-2021-20608
RESERVED
CVE-2021-20607
@@ -63438,8 +63509,8 @@ CVE-2021-20402 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allo
NOT-FOR-US: IBM
CVE-2021-20401 (IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a ...)
NOT-FOR-US: IBM
-CVE-2021-20400
- RESERVED
+CVE-2021-20400 (IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic al ...)
+ TODO: check
CVE-2021-20399 (IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulner ...)
NOT-FOR-US: IBM
CVE-2021-20398
@@ -118228,8 +118299,8 @@ CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML in
NOT-FOR-US: WebAccess/NMS
CVE-2020-10628 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...)
NOT-FOR-US: ControlEdge PLC
-CVE-2020-10627
- RESERVED
+CVE-2020-10627 (Insulet Omnipod Insulin Management System insulin pump product ID 1919 ...)
+ TODO: check
CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...)
NOT-FOR-US: Fazecast jSerialComm
CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f72f6de6702d7b3700c53997289fda0def094707
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f72f6de6702d7b3700c53997289fda0def094707
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211201/8d0940b7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list