[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 3 20:10:22 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
60ea8f2a by security tracker role at 2021-12-03T20:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2021-44543
+ RESERVED
+CVE-2021-44542
+ RESERVED
+CVE-2021-44541
+ RESERVED
+CVE-2021-44540
+ RESERVED
+CVE-2021-43353
+ RESERVED
+CVE-2021-41836
+ RESERVED
+CVE-2021-4050
+ RESERVED
+CVE-2021-4049
+ RESERVED
CVE-2021-44539
RESERVED
CVE-2021-44538
@@ -434,18 +450,18 @@ CVE-2019-25053
RESERVED
CVE-2021-44353
RESERVED
-CVE-2021-44352
- RESERVED
+CVE-2021-44352 (A Stack-based Buffer Overflow vlnerability exists in the Tenda AC15 V1 ...)
+ TODO: check
CVE-2021-44351
RESERVED
CVE-2021-44350
RESERVED
-CVE-2021-44349
- RESERVED
-CVE-2021-44348
- RESERVED
-CVE-2021-44347
- RESERVED
+CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
+ TODO: check
+CVE-2021-44348 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
+ TODO: check
+CVE-2021-44347 (SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Con ...)
+ TODO: check
CVE-2021-44346
RESERVED
CVE-2021-44345
@@ -582,8 +598,8 @@ CVE-2021-44280 (attendance management system 1.0 is affected by a SQL injection
NOT-FOR-US: attendance management system
CVE-2021-44279 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
NOT-FOR-US: LibreNMS
-CVE-2021-44278
- RESERVED
+CVE-2021-44278 (Librenms 21.11.0 is affected by a path manipulation vulnerability in i ...)
+ TODO: check
CVE-2021-44277 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
NOT-FOR-US: LibreNMS
CVE-2021-44276
@@ -1195,8 +1211,8 @@ CVE-2021-4001 [race condition when the EBPF map is frozen]
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/353050be4c19e102178ccc05988101887c25ae53
-CVE-2021-4000
- RESERVED
+CVE-2021-4000 (showdoc is vulnerable to URL Redirection to Untrusted Site ...)
+ TODO: check
CVE-2021-3999
RESERVED
CVE-2021-3998
@@ -1335,8 +1351,8 @@ CVE-2021-3982 [Distributions using CAP_SYS_NICE in gnome-shell may be exposed to
TODO: recheck classification when RH provides more information
CVE-2021-3981
RESERVED
-CVE-2021-3980
- RESERVED
+CVE-2021-3980 (elgg is vulnerable to Exposure of Private Personal Information to an U ...)
+ TODO: check
CVE-2021-3979
RESERVED
CVE-2021-44034
@@ -1359,14 +1375,14 @@ CVE-2021-44024
RESERVED
CVE-2021-44023
RESERVED
-CVE-2021-44022
- RESERVED
-CVE-2021-44021
- RESERVED
-CVE-2021-44020
- RESERVED
-CVE-2021-44019
- RESERVED
+CVE-2021-44022 (A reachable assertion vulnerability in Trend Micro Apex One could allo ...)
+ TODO: check
+CVE-2021-44021 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
+ TODO: check
+CVE-2021-44020 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
+ TODO: check
+CVE-2021-44019 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
+ TODO: check
CVE-2021-3978
RESERVED
CVE-2021-3977
@@ -1446,8 +1462,8 @@ CVE-2021-43993
RESERVED
CVE-2021-43992
RESERVED
-CVE-2021-43991
- RESERVED
+CVE-2021-43991 (The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable t ...)
+ TODO: check
CVE-2021-43990
RESERVED
CVE-2021-43989
@@ -2119,8 +2135,8 @@ CVE-2021-43774
RESERVED
CVE-2021-43773
RESERVED
-CVE-2021-43772
- RESERVED
+CVE-2021-43772 (Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability th ...)
+ TODO: check
CVE-2021-43771 (Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an ...)
NOT-FOR-US: Trend Micro
CVE-2021-3964 (elgg is vulnerable to Authorization Bypass Through User-Controlled Key ...)
@@ -3147,14 +3163,14 @@ CVE-2021-43678
RESERVED
CVE-2021-43677
RESERVED
-CVE-2021-43676
- RESERVED
+CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...)
+ TODO: check
CVE-2021-43675
RESERVED
-CVE-2021-43674
- RESERVED
-CVE-2021-43673
- RESERVED
+CVE-2021-43674 (** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a p ...)
+ TODO: check
+CVE-2021-43673 (dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) v ...)
+ TODO: check
CVE-2021-43672
RESERVED
CVE-2021-43671
@@ -13248,6 +13264,7 @@ CVE-2021-40393
CVE-2021-40392
RESERVED
CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format T-code ...)
+ {DLA-2839-1}
- gerbv 2.7.1-1
[bullseye] - gerbv <no-dsa> (Minor issue)
[buster] - gerbv <no-dsa> (Minor issue)
@@ -16806,8 +16823,8 @@ CVE-2021-38911 (IBM Security Risk Manager on CP4S 1.7.0.0 stores user credential
NOT-FOR-US: IBM
CVE-2021-38910
RESERVED
-CVE-2021-38909
- RESERVED
+CVE-2021-38909 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scr ...)
+ TODO: check
CVE-2021-38908
RESERVED
CVE-2021-38907
@@ -39315,8 +39332,8 @@ CVE-2021-29869
RESERVED
CVE-2021-29868 (IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain s ...)
NOT-FOR-US: IBM
-CVE-2021-29867
- RESERVED
+CVE-2021-29867 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to ...)
+ TODO: check
CVE-2021-29866
RESERVED
CVE-2021-29865
@@ -39537,8 +39554,8 @@ CVE-2021-29758 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1
NOT-FOR-US: IBM
CVE-2021-29757 (IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site r ...)
NOT-FOR-US: IBM
-CVE-2021-29756
- RESERVED
+CVE-2021-29756 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site req ...)
+ TODO: check
CVE-2021-29755
RESERVED
CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
@@ -39611,14 +39628,14 @@ CVE-2021-29721
RESERVED
CVE-2021-29720
RESERVED
-CVE-2021-29719
- RESERVED
+CVE-2021-29719 (IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client s ...)
+ TODO: check
CVE-2021-29718
RESERVED
CVE-2021-29717
RESERVED
-CVE-2021-29716
- RESERVED
+CVE-2021-29716 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to ...)
+ TODO: check
CVE-2021-29715 (IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to ...)
NOT-FOR-US: IBM
CVE-2021-29714 (IBM Content Navigator 3.0.CD could allow a malicious user to cause a d ...)
@@ -58445,16 +58462,19 @@ CVE-2021-21902
CVE-2021-21901
RESERVED
CVE-2021-21900 (A code execution vulnerability exists in the dxfRW::processLType() fun ...)
+ {DLA-2838-1}
- librecad <unfixed>
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1351
NOTE: librecad bundles libdxfrw
NOTE: https://github.com/LibreCAD/libdxfrw/commit/fcd977cc7f8f6cc7f012e5b72d33cf7d77b3fa69
CVE-2021-21899 (A code execution vulnerability exists in the dwgCompressor::copyCompBy ...)
+ {DLA-2838-1}
- librecad <unfixed>
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350
NOTE: librecad bundles libdxfrw
NOTE: https://github.com/LibreCAD/libdxfrw/commit/6417118874333309aa10c4e59f954c3905a6e8b5
CVE-2021-21898 (A code execution vulnerability exists in the dwgCompressor::decompress ...)
+ {DLA-2838-1}
- librecad <unfixed>
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1349
NOTE: librecad bundles libdxfrw
@@ -63459,8 +63479,8 @@ CVE-2021-20495
RESERVED
CVE-2021-20494 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...)
NOT-FOR-US: IBM
-CVE-2021-20493
- RESERVED
+CVE-2021-20493 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scr ...)
+ TODO: check
CVE-2021-20492 (IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch ...)
NOT-FOR-US: IBM
CVE-2021-20491 (IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based bu ...)
@@ -63505,8 +63525,8 @@ CVE-2021-20472
RESERVED
CVE-2021-20471
RESERVED
-CVE-2021-20470
- RESERVED
+CVE-2021-20470 (IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users sho ...)
+ TODO: check
CVE-2021-20469
RESERVED
CVE-2021-20468
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60ea8f2a8afa2f79c4f7a720b7eab23dcfcdbedc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60ea8f2a8afa2f79c4f7a720b7eab23dcfcdbedc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211203/2761eae9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list