[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 2 20:10:25 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fe8bc520 by security tracker role at 2021-12-02T20:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,27 @@
+CVE-2021-44521
+	RESERVED
+CVE-2021-4046
+	RESERVED
+CVE-2021-4045
+	RESERVED
+CVE-2021-4044
+	RESERVED
+CVE-2021-4043
+	RESERVED
+CVE-2021-4042
+	RESERVED
+CVE-2021-4041
+	RESERVED
+CVE-2021-4040
+	RESERVED
+CVE-2021-4039
+	RESERVED
 CVE-2021-44520
 	RESERVED
 CVE-2021-44519
 	RESERVED
-CVE-2021-44518
-	RESERVED
+CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...)
+	TODO: check
 CVE-2021-44517
 	RESERVED
 CVE-2021-44516
@@ -16,10 +34,10 @@ CVE-2021-44513
 	RESERVED
 CVE-2021-44512
 	RESERVED
-CVE-2015-20106
-	RESERVED
-CVE-2015-20105
-	RESERVED
+CVE-2015-20106 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not esc ...)
+	TODO: check
+CVE-2015-20105 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not hav ...)
+	TODO: check
 CVE-2021-44511
 	RESERVED
 CVE-2021-44510
@@ -515,11 +533,11 @@ CVE-2021-44281
 	RESERVED
 CVE-2021-44280 (attendance management system 1.0 is affected by a SQL injection vulner ...)
 	NOT-FOR-US: attendance management system
-CVE-2021-44279 (Librenms 21.11.0 is affected by is affected by a Cross Site Scripting  ...)
+CVE-2021-44279 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
 	NOT-FOR-US: LibreNMS
 CVE-2021-44278
 	RESERVED
-CVE-2021-44277 (Librenms 21.11.0 is affected by is affected by a Cross Site Scripting  ...)
+CVE-2021-44277 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
 	NOT-FOR-US: LibreNMS
 CVE-2021-44276
 	RESERVED
@@ -1215,8 +1233,8 @@ CVE-2021-44052
 	RESERVED
 CVE-2021-44051
 	RESERVED
-CVE-2021-44050
-	RESERVED
+CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...)
+	TODO: check
 CVE-2021-44049
 	RESERVED
 CVE-2021-44048
@@ -1999,8 +2017,8 @@ CVE-2021-43797
 	RESERVED
 CVE-2021-43796
 	RESERVED
-CVE-2021-43795
-	RESERVED
+CVE-2021-43795 (Armeria is an open source microservice framework. In affected versions ...)
+	TODO: check
 CVE-2021-43794 (Discourse is an open source discussion platform. In affected versions  ...)
 	NOT-FOR-US: Discourse
 CVE-2021-43793 (Discourse is an open source discussion platform. In affected versions  ...)
@@ -3053,28 +3071,28 @@ CVE-2021-43691 (tripexpress v1.1 is affected by a path manipulation vulnerabilit
 	NOT-FOR-US: tripexpress
 CVE-2021-43690 (YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
 	NOT-FOR-US: YurunProxy
-CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by is affected by a Cros ...)
+CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by a Cross Site Scriptin ...)
 	TODO: check
 CVE-2021-43688
 	RESERVED
 CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulne ...)
 	NOT-FOR-US: Chamilo-lms
-CVE-2021-43686
-	RESERVED
+CVE-2021-43686 (nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerabilit ...)
+	TODO: check
 CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...)
 	TODO: check
 CVE-2021-43684
 	RESERVED
-CVE-2021-43683
-	RESERVED
-CVE-2021-43682
-	RESERVED
-CVE-2021-43681
-	RESERVED
+CVE-2021-43683 (pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerabili ...)
+	TODO: check
+CVE-2021-43682 (thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site  ...)
+	TODO: check
+CVE-2021-43681 (SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulne ...)
+	TODO: check
 CVE-2021-43680
 	RESERVED
-CVE-2021-43679
-	RESERVED
+CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...)
+	TODO: check
 CVE-2021-43678
 	RESERVED
 CVE-2021-43677
@@ -3197,6 +3215,7 @@ CVE-2021-43620 (An issue was discovered in the fruity crate through 0.2.0 for Ru
 CVE-2021-43619
 	RESERVED
 CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m ...)
+	{DLA-2837-1}
 	- gmp 2:6.2.1+dfsg-3 (bug #994405)
 	[bullseye] - gmp <no-dsa> (Minor issue)
 	[buster] - gmp <no-dsa> (Minor issue)
@@ -3364,8 +3383,8 @@ CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of Input
 	NOT-FOR-US: django-helpdesk
 CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote attackers (fro ...)
 	NOT-FOR-US: Diffie Hellmann kex protocol issue
-CVE-2021-3944
-	RESERVED
+CVE-2021-3944 (bookstack is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+	TODO: check
 CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
 	- moodle <removed>
 CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...)
@@ -3478,7 +3497,7 @@ CVE-2021-43528
 	RESERVED
 CVE-2021-43527 [Heap overflow in NSS when verifying DSA/RSA-PSS DER-encoded signatures]
 	RESERVED
-	{DSA-5016-1}
+	{DSA-5016-1 DLA-2836-1}
 	- nss 2:3.73-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/4
 	NOTE: https://hg.mozilla.org/projects/nss/rev/6b3dc97a8767d9dc5c4c181597d1341d0899aa58 (NSS_3_73_BRANCH)
@@ -13304,10 +13323,10 @@ CVE-2021-40336
 	RESERVED
 CVE-2021-40335
 	RESERVED
-CVE-2021-40334
-	RESERVED
-CVE-2021-40333
-	RESERVED
+CVE-2021-40334 (Missing Handler vulnerability in the proprietary management protocol ( ...)
+	TODO: check
+CVE-2021-40333 (Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM ...)
+	TODO: check
 CVE-2021-40332
 	RESERVED
 CVE-2021-3759 [unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks]
@@ -55254,20 +55273,20 @@ CVE-2021-23266
 	RESERVED
 CVE-2021-23265
 	RESERVED
-CVE-2021-23264
-	RESERVED
-CVE-2021-23263
-	RESERVED
-CVE-2021-23262
-	RESERVED
-CVE-2021-23261
-	RESERVED
-CVE-2021-23260
-	RESERVED
-CVE-2021-23259
-	RESERVED
-CVE-2021-23258
-	RESERVED
+CVE-2021-23264 (Installations, where crafter-search is not protected, allow unauthenti ...)
+	TODO: check
+CVE-2021-23263 (Unauthenticated remote attackers can read textual content via FreeMark ...)
+	TODO: check
+CVE-2021-23262 (Authenticated administrators may modify the main YAML configuration fi ...)
+	TODO: check
+CVE-2021-23261 (Authenticated administrators may override the system configuration fil ...)
+	TODO: check
+CVE-2021-23260 (Authenticated users with Site roles may inject XSS scripts via file na ...)
+	TODO: check
+CVE-2021-23259 (Authenticated users with Administrator or Developer roles may execute  ...)
+	TODO: check
+CVE-2021-23258 (Authenticated users with Administrator or Developer roles may execute  ...)
+	TODO: check
 CVE-2021-23257
 	RESERVED
 CVE-2021-23256



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe8bc5201f29a2faa19cf67bacce0775be608a17

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe8bc5201f29a2faa19cf67bacce0775be608a17
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211202/cd62daa3/attachment.htm>

More information about the debian-security-tracker-commits mailing list