[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 7 20:10:25 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f1f98fc0 by security tracker role at 2021-12-07T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-44695
+	RESERVED
+CVE-2021-44694
+	RESERVED
+CVE-2021-44693
+	RESERVED
+CVE-2021-4079
+	RESERVED
+CVE-2021-4078
+	RESERVED
+CVE-2021-4077
+	RESERVED
+CVE-2021-4076
+	RESERVED
 CVE-2021-44692
 	RESERVED
 CVE-2021-44691
@@ -391,8 +405,8 @@ CVE-2021-41836
 	RESERVED
 CVE-2021-4050
 	RESERVED
-CVE-2021-4049
-	RESERVED
+CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+	TODO: check
 CVE-2021-44539
 	RESERVED
 CVE-2021-44538
@@ -417,8 +431,8 @@ CVE-2021-44529
 	RESERVED
 CVE-2021-44528
 	RESERVED
-CVE-2021-44527
-	RESERVED
+CVE-2021-44527 (A vulnerability found in UniFi Switch firmware Version 5.43.35 and ear ...)
+	TODO: check
 CVE-2021-44526
 	RESERVED
 CVE-2021-44525
@@ -842,7 +856,7 @@ CVE-2019-25053
 	RESERVED
 CVE-2021-44353
 	RESERVED
-CVE-2021-44352 (A Stack-based Buffer Overflow vlnerability exists in the Tenda AC15 V1 ...)
+CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V ...)
 	NOT-FOR-US: Tenda
 CVE-2021-44351
 	RESERVED
@@ -1350,12 +1364,12 @@ CVE-2021-44189
 	RESERVED
 CVE-2021-44188
 	RESERVED
-CVE-2021-44187
-	RESERVED
-CVE-2021-44186
-	RESERVED
-CVE-2021-44185
-	RESERVED
+CVE-2021-44187 (Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-b ...)
+	TODO: check
+CVE-2021-44186 (Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-b ...)
+	TODO: check
+CVE-2021-44185 (Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-b ...)
+	TODO: check
 CVE-2021-44184
 	RESERVED
 CVE-2021-44183
@@ -2459,8 +2473,8 @@ CVE-2021-43807
 	RESERVED
 CVE-2021-43806
 	RESERVED
-CVE-2021-43805
-	RESERVED
+CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
+	TODO: check
 CVE-2021-43804
 	RESERVED
 CVE-2021-43803
@@ -2473,8 +2487,7 @@ CVE-2021-43800 (Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254
 	NOT-FOR-US: Wiki.js
 CVE-2021-43799
 	RESERVED
-CVE-2021-43798
-	RESERVED
+CVE-2021-43798 (Grafana is an open-source platform for monitoring and observability. G ...)
 	- grafana <removed>
 CVE-2021-43797
 	RESERVED
@@ -2492,8 +2505,8 @@ CVE-2021-43791 (Zulip is an open source group chat application that combines rea
 	- zulip-server <itp> (bug #800052)
 CVE-2021-43790 (Lucet is a native WebAssembly compiler and runtime. There is a bug in  ...)
 	NOT-FOR-US: Lucet
-CVE-2021-43789
-	RESERVED
+CVE-2021-43789 (PrestaShop is an Open Source e-commerce web application. Versions of P ...)
+	TODO: check
 CVE-2021-43788 (Nodebb is an open source Node.js based forum software. Prior to v1.18. ...)
 	NOT-FOR-US: Nodebb
 CVE-2021-43787 (Nodebb is an open source Node.js based forum software. In affected ver ...)
@@ -5867,10 +5880,10 @@ CVE-2021-43178
 	RESERVED
 CVE-2021-43177
 	RESERVED
-CVE-2021-43176
-	RESERVED
-CVE-2021-43175
-	RESERVED
+CVE-2021-43176 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021  ...)
+	TODO: check
+CVE-2021-43175 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021  ...)
+	TODO: check
 CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification of Obj ...)
 	- node-json-schema 0.4.0+~7.0.9-1 (bug #999765)
 	[bullseye] - node-json-schema <no-dsa> (Minor issue)
@@ -9525,26 +9538,26 @@ CVE-2021-3875 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	NOTE: https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53/
 	NOTE: Search from cursor position introduced in: https://github.com/vim/vim/commit/04db26b36000a4677b95403ec94bd11f6cc73975 (v8.2.3110)
 	NOTE: Fixed by: https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f (v8.2.3489)
-CVE-2021-42133
-	RESERVED
-CVE-2021-42132
-	RESERVED
-CVE-2021-42131
-	RESERVED
-CVE-2021-42130
-	RESERVED
-CVE-2021-42129
-	RESERVED
-CVE-2021-42128
-	RESERVED
-CVE-2021-42127
-	RESERVED
-CVE-2021-42126
-	RESERVED
-CVE-2021-42125
-	RESERVED
-CVE-2021-42124
-	RESERVED
+CVE-2021-42133 (An exposed dangerous function vulnerability exists in Ivanti Avalanche ...)
+	TODO: check
+CVE-2021-42132 (A command Injection vulnerability exists in Ivanti Avalanche before 6. ...)
+	TODO: check
+CVE-2021-42131 (A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 a ...)
+	TODO: check
+CVE-2021-42130 (A deserialization of untrusted data vulnerability exists in Ivanti Ava ...)
+	TODO: check
+CVE-2021-42129 (A command injection vulnerability exists in Ivanti Avalanche before 6. ...)
+	TODO: check
+CVE-2021-42128 (An exposed dangerous function vulnerability exists in Ivanti Avalanche ...)
+	TODO: check
+CVE-2021-42127 (A deserialization of untrusted data vulnerability exists in Ivanti Ava ...)
+	TODO: check
+CVE-2021-42126 (An improper authorization control vulnerability exists in Ivanti Avala ...)
+	TODO: check
+CVE-2021-42125 (An unrestricted file upload vulnerability exists in Ivanti Avalanche b ...)
+	TODO: check
+CVE-2021-42124 (An improper access control vulnerability exists in Ivanti Avalanche be ...)
+	TODO: check
 CVE-2021-42123 (Unrestricted File Upload in Web Applications operating on Business-DNA ...)
 	NOT-FOR-US: Business-DNA Solutions
 CVE-2021-42122 (Insufficient Input Validation in Web Applications operating on Busines ...)
@@ -10605,8 +10618,8 @@ CVE-2021-41718
 	RESERVED
 CVE-2021-41717
 	RESERVED
-CVE-2021-41716
-	RESERVED
+CVE-2021-41716 (Maharashtra State Electricity Board Mahavitara Android Application 8.2 ...)
+	TODO: check
 CVE-2021-41715
 	RESERVED
 CVE-2021-41714
@@ -12618,8 +12631,8 @@ CVE-2021-40861
 	RESERVED
 CVE-2021-40860
 	RESERVED
-CVE-2021-40859
-	RESERVED
+CVE-2021-40859 (Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B dev ...)
+	TODO: check
 CVE-2021-40858
 	RESERVED
 CVE-2021-40857
@@ -14488,16 +14501,16 @@ CVE-2021-40098 (An issue was discovered in Concrete CMS through 8.5.5. Path Trav
 	NOT-FOR-US: Concrete CMS
 CVE-2021-40097 (An issue was discovered in Concrete CMS through 8.5.5. Authenticated p ...)
 	NOT-FOR-US: Concrete CMS
-CVE-2021-40096
-	RESERVED
-CVE-2021-40095
-	RESERVED
-CVE-2021-40094
-	RESERVED
-CVE-2021-40093
-	RESERVED
-CVE-2021-40092
-	RESERVED
+CVE-2021-40096 (A cross-site scripting (XSS) vulnerability in integration configuratio ...)
+	TODO: check
+CVE-2021-40095 (An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download ...)
+	TODO: check
+CVE-2021-40094 (A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. I ...)
+	TODO: check
+CVE-2021-40093 (A cross-site scripting (XSS) vulnerability in integration configuratio ...)
+	TODO: check
+CVE-2021-40092 (A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp  ...)
+	TODO: check
 CVE-2021-40091 (An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. ...)
 	NOT-FOR-US: SquaredUp for SCOM
 CVE-2021-40090
@@ -14879,7 +14892,7 @@ CVE-2021-39924 (Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to
 	- wireshark 3.6.0-1
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17677
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-10.html
-CVE-2021-39923 (NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3 ...)
+CVE-2021-39923 (Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 ...)
 	- wireshark 3.6.0-1
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17705
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-15.html
@@ -19835,8 +19848,8 @@ CVE-2021-37942
 	RESERVED
 CVE-2021-37941
 	RESERVED
-CVE-2021-37940
-	RESERVED
+CVE-2021-37940 (An information disclosure via GET request server-side request forgery  ...)
+	TODO: check
 CVE-2021-37939 (It was discovered that Kibana’s JIRA connector & IBM Resilie ...)
 	NOT-FOR-US: IBM
 CVE-2021-37938 (It was discovered that on Windows operating systems specifically, Kiba ...)
@@ -21804,98 +21817,98 @@ CVE-2021-37102 (There is a command injection vulnerability in CMA service module
 	NOT-FOR-US: Huawei
 CVE-2021-37101 (There is an improper authorization vulnerability in AIS-BW50-00 9.0.6. ...)
 	NOT-FOR-US: Huawei
-CVE-2021-37100
-	RESERVED
-CVE-2021-37099
-	RESERVED
+CVE-2021-37100 (There is a Improper Authentication vulnerability in Huawei Smartphone. ...)
+	TODO: check
+CVE-2021-37099 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...)
+	TODO: check
 CVE-2021-37098
 	RESERVED
 CVE-2021-37097
 	RESERVED
-CVE-2021-37096
-	RESERVED
-CVE-2021-37095
-	RESERVED
-CVE-2021-37094
-	RESERVED
+CVE-2021-37096 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+	TODO: check
+CVE-2021-37095 (There is a Integer Overflow or Wraparound vulnerability in Huawei Smar ...)
+	TODO: check
+CVE-2021-37094 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+	TODO: check
 CVE-2021-37093
 	RESERVED
 CVE-2021-37092
 	RESERVED
-CVE-2021-37091
-	RESERVED
-CVE-2021-37090
-	RESERVED
-CVE-2021-37089
-	RESERVED
-CVE-2021-37088
-	RESERVED
-CVE-2021-37087
-	RESERVED
-CVE-2021-37086
-	RESERVED
-CVE-2021-37085
-	RESERVED
-CVE-2021-37084
-	RESERVED
-CVE-2021-37083
-	RESERVED
-CVE-2021-37082
-	RESERVED
-CVE-2021-37081
-	RESERVED
-CVE-2021-37080
-	RESERVED
-CVE-2021-37079
-	RESERVED
-CVE-2021-37078
-	RESERVED
-CVE-2021-37077
-	RESERVED
-CVE-2021-37076
-	RESERVED
+CVE-2021-37091 (There is a Permissions,Privileges,and Access Controls vulnerability in ...)
+	TODO: check
+CVE-2021-37090 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+	TODO: check
+CVE-2021-37089 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...)
+	TODO: check
+CVE-2021-37088 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...)
+	TODO: check
+CVE-2021-37087 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...)
+	TODO: check
+CVE-2021-37086 (There is a Improper Preservation of Permissions vulnerability in Huawe ...)
+	TODO: check
+CVE-2021-37085 (There is a Encoding timing vulnerability in Huawei Smartphone.Successf ...)
+	TODO: check
+CVE-2021-37084 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+	TODO: check
+CVE-2021-37083 (There is a NULL Pointer Dereference vulnerability in Huawei Smartphone ...)
+	TODO: check
+CVE-2021-37082 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...)
+	TODO: check
+CVE-2021-37081 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+	TODO: check
+CVE-2021-37080 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...)
+	TODO: check
+CVE-2021-37079 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+	TODO: check
+CVE-2021-37078 (There is a Uncaught Exception vulnerability in Huawei Smartphone.Succe ...)
+	TODO: check
+CVE-2021-37077 (There is a NULL Pointer Dereference vulnerability in Huawei Smartphone ...)
+	TODO: check
+CVE-2021-37076 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+	TODO: check
 CVE-2021-37075
 	RESERVED
 CVE-2021-37074
 	RESERVED
-CVE-2021-37073
-	RESERVED
-CVE-2021-37072
-	RESERVED
-CVE-2021-37071
-	RESERVED
-CVE-2021-37070
-	RESERVED
+CVE-2021-37073 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...)
+	TODO: check
+CVE-2021-37072 (There is a Incorrect Calculation of Buffer Size vulnerability in Huawe ...)
+	TODO: check
+CVE-2021-37071 (There is a Business Logic Errors vulnerability in Huawei Smartphone.Su ...)
+	TODO: check
+CVE-2021-37070 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+	TODO: check
 CVE-2021-37069
 	RESERVED
-CVE-2021-37068
-	RESERVED
-CVE-2021-37067
-	RESERVED
-CVE-2021-37066
-	RESERVED
-CVE-2021-37065
-	RESERVED
-CVE-2021-37064
-	RESERVED
-CVE-2021-37063
-	RESERVED
-CVE-2021-37062
-	RESERVED
-CVE-2021-37061
-	RESERVED
-CVE-2021-37060
-	RESERVED
-CVE-2021-37059
-	RESERVED
-CVE-2021-37058
-	RESERVED
-CVE-2021-37057
-	RESERVED
-CVE-2021-37056
-	RESERVED
-CVE-2021-37055
-	RESERVED
+CVE-2021-37068 (There is a Resource Management Errors vulnerability in Huawei Smartpho ...)
+	TODO: check
+CVE-2021-37067 (There is a Exposure of Sensitive Information to an Unauthorized Actor  ...)
+	TODO: check
+CVE-2021-37066 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+	TODO: check
+CVE-2021-37065 (There is a Integer Overflow or Wraparound vulnerability in Huawei Smar ...)
+	TODO: check
+CVE-2021-37064 (There is a Improper Limitation of a Pathname to a Restricted Directory ...)
+	TODO: check
+CVE-2021-37063 (There is a Cryptographic Issues vulnerability in Huawei Smartphone.Suc ...)
+	TODO: check
+CVE-2021-37062 (There is a Improper Validation of Array Index vulnerability in Huawei  ...)
+	TODO: check
+CVE-2021-37061 (There is a Uncontrolled Resource Consumption vulnerability in Huawei S ...)
+	TODO: check
+CVE-2021-37060 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+	TODO: check
+CVE-2021-37059 (There is a Weaknesses Introduced During Design ...)
+	TODO: check
+CVE-2021-37058 (There is a Permissions,Privileges,and Access Controls vulnerability in ...)
+	TODO: check
+CVE-2021-37057 (There is a Improper Validation of Array Index vulnerability in Huawei  ...)
+	TODO: check
+CVE-2021-37056 (There is an Improper permission control vulnerability in Huawei Smartp ...)
+	TODO: check
+CVE-2021-37055 (There is a Logic bypass vulnerability in Huawei Smartphone.Successful  ...)
+	TODO: check
 CVE-2021-37054
 	RESERVED
 CVE-2021-37053
@@ -21908,28 +21921,28 @@ CVE-2021-37050
 	RESERVED
 CVE-2021-37049
 	RESERVED
-CVE-2021-37048
-	RESERVED
-CVE-2021-37047
-	RESERVED
-CVE-2021-37046
-	RESERVED
+CVE-2021-37048 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+	TODO: check
+CVE-2021-37047 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...)
+	TODO: check
+CVE-2021-37046 (There is a Memory leak vulnerability with the codec detection module i ...)
+	TODO: check
 CVE-2021-37045
 	RESERVED
 CVE-2021-37044
 	RESERVED
-CVE-2021-37043
-	RESERVED
-CVE-2021-37042
-	RESERVED
-CVE-2021-37041
-	RESERVED
+CVE-2021-37043 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+	TODO: check
+CVE-2021-37042 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+	TODO: check
+CVE-2021-37041 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+	TODO: check
 CVE-2021-37040
 	RESERVED
 CVE-2021-37039
 	RESERVED
-CVE-2021-37038
-	RESERVED
+CVE-2021-37038 (There is an Improper access control vulnerability in Huawei Smartphone ...)
+	TODO: check
 CVE-2021-37037
 	RESERVED
 CVE-2021-37036 (There is an information leakage vulnerability in FusionCompute 6.5.1,  ...)
@@ -21962,10 +21975,10 @@ CVE-2021-37023 (There is a Improper Access Control vulnerability in Huawei Smart
 	NOT-FOR-US: Huawei
 CVE-2021-37022 (There is a Heap-based Buffer Overflow vulnerability in Huawei Smartpho ...)
 	NOT-FOR-US: Huawei
-CVE-2021-37021
-	RESERVED
-CVE-2021-37020
-	RESERVED
+CVE-2021-37021 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+	TODO: check
+CVE-2021-37020 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+	TODO: check
 CVE-2021-37019 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
 	NOT-FOR-US: Huawei
 CVE-2021-37018 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...)
@@ -21976,14 +21989,14 @@ CVE-2021-37016 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone
 	NOT-FOR-US: Huawei
 CVE-2021-37015 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
 	NOT-FOR-US: Huawei
-CVE-2021-37014
-	RESERVED
+CVE-2021-37014 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+	TODO: check
 CVE-2021-37013 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
 	NOT-FOR-US: Huawei
 CVE-2021-37012 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...)
 	NOT-FOR-US: Huawei
-CVE-2021-37011
-	RESERVED
+CVE-2021-37011 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+	TODO: check
 CVE-2021-37010 (There is a Exposure of Sensitive Information to an Unauthorized Actor  ...)
 	NOT-FOR-US: Huawei
 CVE-2021-37009 (There is a Configuration vulnerability in Huawei Smartphone.Successful ...)
@@ -41636,7 +41649,7 @@ CVE-2021-3467 (A NULL pointer dereference flaw was found in the way Jasper versi
 	- jasper <removed>
 	NOTE: https://github.com/jasper-software/jasper/issues/268
 	NOTE: https://github.com/jasper-software/jasper/commit/c4144a6fdb2660794136d1daaa80682ee40b138b
-CVE-2021-3466 (A flaw was found in libmicrohttpd in versions before 0.9.71. A missing ...)
+CVE-2021-3466 (A flaw was found in libmicrohttpd. A missing bounds check in the post_ ...)
 	- libmicrohttpd 0.9.71-1
 	[buster] - libmicrohttpd <not-affected> (Vulnerable code introduced later)
 	[stretch] - libmicrohttpd <not-affected> (Vulnerable code introduced later)
@@ -41729,14 +41742,14 @@ CVE-2021-29118
 	RESERVED
 CVE-2021-29117
 	RESERVED
-CVE-2021-29116
-	RESERVED
-CVE-2021-29115
-	RESERVED
-CVE-2021-29114
-	RESERVED
-CVE-2021-29113
-	RESERVED
+CVE-2021-29116 (A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Serve ...)
+	TODO: check
+CVE-2021-29115 (An information disclosure vulnerability in the ArcGIS Service Director ...)
+	TODO: check
+CVE-2021-29114 (A SQL injection vulnerability in feature services provided by Esri Arc ...)
+	TODO: check
+CVE-2021-29113 (A remote file inclusion vulnerability in the ArcGIS Server help docume ...)
+	TODO: check
 CVE-2021-29112
 	RESERVED
 CVE-2021-29111
@@ -42711,8 +42724,7 @@ CVE-2021-28704 (PoD operations on misaligned GFNs T[his CNA information record r
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-388.html
-CVE-2021-28703
-	RESERVED
+CVE-2021-28703 (grant table v2 status pages may remain accessible after de-allocation  ...)
 	- xen 4.14.0+80-gd101b417b7-1
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
@@ -52260,7 +52272,7 @@ CVE-2021-24893
 	RESERVED
 CVE-2021-24892 (Insecure Direct Object Reference in edit function of Advanced Forms (F ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.1.4 does not s ...)
+CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.4.8 does not s ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24890
 	RESERVED
@@ -56509,10 +56521,10 @@ CVE-2021-22958 (A Server-Side Request Forgery vulnerability was found in concret
 	NOT-FOR-US: Concrete CMS
 CVE-2021-22957 (A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Pr ...)
 	NOT-FOR-US: UniFi Protect
-CVE-2021-22956
-	RESERVED
-CVE-2021-22955
-	RESERVED
+CVE-2021-22956 (An uncontrolled resource consumption vulnerability exists in Citrix AD ...)
+	TODO: check
+CVE-2021-22955 (A unauthenticated denial of service vulnerability exists in Citrix ADC ...)
+	TODO: check
 CVE-2021-22954
 	RESERVED
 CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to c ...)
@@ -77458,8 +77470,8 @@ CVE-2020-27415
 	RESERVED
 CVE-2020-27414 (Mahavitaran android application 7.50 and prior transmit sensitive info ...)
 	NOT-FOR-US: Mahavitaran android application
-CVE-2020-27413
-	RESERVED
+CVE-2020-27413 (An issue was discovered in Mahavitaran android application 7.50 and be ...)
+	TODO: check
 CVE-2020-27412
 	RESERVED
 CVE-2020-27411
@@ -95016,8 +95028,8 @@ CVE-2020-19613 (Server Side Request Forgery (SSRF) vulnerability in saveUrlAs fu
 	NOT-FOR-US: sunkaifei FlyCMS
 CVE-2020-19612
 	RESERVED
-CVE-2020-19611
-	RESERVED
+CVE-2020-19611 (Cross Site Scripting (XSS) in redirect module of Racktables version 0. ...)
+	TODO: check
 CVE-2020-19610
 	RESERVED
 CVE-2020-19609 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff ...)
@@ -113434,8 +113446,8 @@ CVE-2020-12142 (1. IPSec UDP key material can be retrieved from machine-to-machi
 	NOT-FOR-US: EdgeConnect
 CVE-2020-12141 (An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier  ...)
 	NOT-FOR-US: SNMP stack in Contiki-NG
-CVE-2020-12140
-	RESERVED
+CVE-2020-12140 (A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Co ...)
+	TODO: check
 CVE-2020-12139
 	RESERVED
 CVE-2020-12138 (AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1f98fc005baaaab7812b8437b3c8a72e24eddae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1f98fc005baaaab7812b8437b3c8a72e24eddae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211207/b4eb6c49/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list