[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 8 08:10:24 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18b48696 by security tracker role at 2021-12-08T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2021-44738
+	RESERVED
+CVE-2021-44737
+	RESERVED
+CVE-2021-44736
+	RESERVED
+CVE-2021-44735
+	RESERVED
+CVE-2021-44734
+	RESERVED
+CVE-2021-44733
+	RESERVED
+CVE-2021-44732
+	RESERVED
+CVE-2021-44731
+	RESERVED
+CVE-2021-44730
+	RESERVED
+CVE-2021-44729
+	RESERVED
+CVE-2021-44728
+	RESERVED
+CVE-2021-44727
+	RESERVED
+CVE-2021-44726 (KNIME Server before 4.13.4 allows XSS via the old WebPortal login page ...)
+	TODO: check
+CVE-2021-44725 (KNIME Server before 4.13.4 allows directory traversal in a request for ...)
+	TODO: check
+CVE-2021-44724
+	RESERVED
+CVE-2021-44723
+	RESERVED
+CVE-2021-44722
+	RESERVED
+CVE-2021-44721
+	RESERVED
+CVE-2021-44720
+	RESERVED
+CVE-2021-44719
+	RESERVED
+CVE-2021-44718
+	RESERVED
+CVE-2021-44717
+	RESERVED
+CVE-2021-44716
+	RESERVED
+CVE-2021-44715
+	RESERVED
+CVE-2021-44714
+	RESERVED
+CVE-2021-44713
+	RESERVED
+CVE-2021-44712
+	RESERVED
+CVE-2021-44711
+	RESERVED
+CVE-2021-44710
+	RESERVED
+CVE-2021-44709
+	RESERVED
+CVE-2021-44708
+	RESERVED
+CVE-2021-44707
+	RESERVED
+CVE-2021-44706
+	RESERVED
+CVE-2021-44705
+	RESERVED
+CVE-2021-44704
+	RESERVED
+CVE-2021-44703
+	RESERVED
+CVE-2021-44702
+	RESERVED
+CVE-2021-44701
+	RESERVED
+CVE-2021-44700
+	RESERVED
+CVE-2021-44699
+	RESERVED
+CVE-2021-44698
+	RESERVED
+CVE-2021-44697
+	RESERVED
+CVE-2021-44696
+	RESERVED
 CVE-2021-44695
 	RESERVED
 CVE-2021-44694
@@ -707,8 +793,7 @@ CVE-2021-44422
 	RESERVED
 CVE-2021-44421
 	RESERVED
-CVE-2021-44420 [Potential bypass of an upstream access control based on URL paths]
-	RESERVED
+CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...)
 	- python-django 2:3.2.10-1
 	[bullseye] - python-django <no-dsa> (Minor issue)
 	[buster] - python-django <no-dsa> (Minor issue)
@@ -1463,10 +1548,10 @@ CVE-2021-44151
 	RESERVED
 CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...)
 	NOT-FOR-US: tusdotnet
-CVE-2021-44149
-	RESERVED
-CVE-2021-44148
-	RESERVED
+CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through  ...)
+	TODO: check
+CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...)
+	TODO: check
 CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...)
 	NOT-FOR-US: Claris
 CVE-2021-44146
@@ -1931,8 +2016,8 @@ CVE-2021-43965
 	RESERVED
 CVE-2021-43964
 	RESERVED
-CVE-2021-43963
-	RESERVED
+CVE-2021-43963 (An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. ...)
+	TODO: check
 CVE-2021-43962
 	RESERVED
 CVE-2021-43961
@@ -2464,12 +2549,12 @@ CVE-2021-43812
 	RESERVED
 CVE-2021-43811
 	RESERVED
-CVE-2021-43810
-	RESERVED
+CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...)
+	TODO: check
 CVE-2021-43809
 	RESERVED
-CVE-2021-43808
-	RESERVED
+CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...)
+	TODO: check
 CVE-2021-43807
 	RESERVED
 CVE-2021-43806
@@ -3655,10 +3740,10 @@ CVE-2021-43640
 	RESERVED
 CVE-2021-43639
 	RESERVED
-CVE-2021-43638
-	RESERVED
-CVE-2021-43637
-	RESERVED
+CVE-2021-43638 (Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL  ...)
+	TODO: check
+CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler  ...)
+	TODO: check
 CVE-2021-43636
 	RESERVED
 CVE-2021-43635
@@ -6255,7 +6340,7 @@ CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..", t
 	TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki
 CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous  ...)
 	NOT-FOR-US: bookstack
-CVE-2018-25020 [bpf: fix truncated jump targets on heavy expansions]
+CVE-2018-25020 (The BPF subsystem in the Linux kernel before 4.17 mishandles situation ...)
 	- linux 4.17.3-1
 	NOTE: https://git.kernel.org/linus/050fad7c4534c13c8eb1d9c2ba66012e014773cb (4.17-rc7)
 CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...)
@@ -6332,76 +6417,76 @@ CVE-2021-43008
 	RESERVED
 CVE-2021-43007
 	RESERVED
-CVE-2021-43006
-	RESERVED
+CVE-2021-43006 (AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOC ...)
+	TODO: check
 CVE-2021-43005
 	RESERVED
 CVE-2021-43004
 	RESERVED
-CVE-2021-43003
-	RESERVED
-CVE-2021-43002
-	RESERVED
+CVE-2021-43003 (Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL ...)
+	TODO: check
+CVE-2021-43002 (Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handle ...)
+	TODO: check
 CVE-2021-43001
 	RESERVED
-CVE-2021-43000
-	RESERVED
+CVE-2021-43000 (Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL  ...)
+	TODO: check
 CVE-2021-42999
 	RESERVED
 CVE-2021-42998
 	RESERVED
 CVE-2021-42997
 	RESERVED
-CVE-2021-42996
-	RESERVED
+CVE-2021-42996 (Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in th ...)
+	TODO: check
 CVE-2021-42995
 	RESERVED
-CVE-2021-42994
-	RESERVED
-CVE-2021-42993
-	RESERVED
+CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the ...)
+	TODO: check
+CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x ...)
+	TODO: check
 CVE-2021-42992
 	RESERVED
 CVE-2021-42991
 	RESERVED
-CVE-2021-42990
-	RESERVED
+CVE-2021-42990 (FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x2 ...)
+	TODO: check
 CVE-2021-42989
 	RESERVED
-CVE-2021-42988
-	RESERVED
-CVE-2021-42987
-	RESERVED
-CVE-2021-42986
-	RESERVED
+CVE-2021-42988 (Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler  ...)
+	TODO: check
+CVE-2021-42987 (Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler ...)
+	TODO: check
+CVE-2021-42986 (NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Han ...)
+	TODO: check
 CVE-2021-42985
 	RESERVED
 CVE-2021-42984
 	RESERVED
-CVE-2021-42983
-	RESERVED
+CVE-2021-42983 (NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Hand ...)
+	TODO: check
 CVE-2021-42982
 	RESERVED
 CVE-2021-42981
 	RESERVED
-CVE-2021-42980
-	RESERVED
-CVE-2021-42979
-	RESERVED
+CVE-2021-42980 (NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0 ...)
+	TODO: check
+CVE-2021-42979 (NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler  ...)
+	TODO: check
 CVE-2021-42978
 	RESERVED
-CVE-2021-42977
-	RESERVED
-CVE-2021-42976
-	RESERVED
+CVE-2021-42977 (NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Ha ...)
+	TODO: check
+CVE-2021-42976 (NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Han ...)
+	TODO: check
 CVE-2021-42975
 	RESERVED
 CVE-2021-42974
 	RESERVED
-CVE-2021-42973
-	RESERVED
-CVE-2021-42972
-	RESERVED
+CVE-2021-42973 (NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x2200 ...)
+	TODO: check
+CVE-2021-42972 (NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001 ...)
+	TODO: check
 CVE-2021-42971
 	RESERVED
 CVE-2021-42970
@@ -6984,8 +7069,7 @@ CVE-2021-42718
 	RESERVED
 CVE-2021-3894
 	RESERVED
-CVE-2021-42717 [ModSecurity DoS Vulnerability in JSON Parsing]
-	RESERVED
+CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...)
 	- modsecurity 3.0.6-1
 	- modsecurity-apache 2.9.5-1
 	[stretch] - modsecurity-apache <postponed> (revisit when/if fixed upstream)
@@ -7056,22 +7140,22 @@ CVE-2021-42690
 	RESERVED
 CVE-2021-42689
 	RESERVED
-CVE-2021-42688
-	RESERVED
-CVE-2021-42687
-	RESERVED
-CVE-2021-42686
-	RESERVED
-CVE-2021-42685
-	RESERVED
+CVE-2021-42688 (An Integer Overflow vulnerability exists in Accops HyWorks Windows Cli ...)
+	TODO: check
+CVE-2021-42687 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...)
+	TODO: check
+CVE-2021-42686 (An Integer Overflow exists in Accops HyWorks Windows Client prior to v ...)
+	TODO: check
+CVE-2021-42685 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...)
+	TODO: check
 CVE-2021-42684
 	RESERVED
-CVE-2021-42683
-	RESERVED
-CVE-2021-42682
-	RESERVED
-CVE-2021-42681
-	RESERVED
+CVE-2021-42683 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...)
+	TODO: check
+CVE-2021-42682 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...)
+	TODO: check
+CVE-2021-42681 (A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools pri ...)
+	TODO: check
 CVE-2021-42680
 	RESERVED
 CVE-2021-42679
@@ -7303,8 +7387,8 @@ CVE-2021-42569
 	RESERVED
 CVE-2021-42568 (Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers  ...)
 	NOT-FOR-US: Sonatype
-CVE-2021-42567
-	RESERVED
+CVE-2021-42567 (Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST ...)
+	TODO: check
 CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter. ...)
 	NOT-FOR-US: myfactory.FMS
 CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...)
@@ -11510,12 +11594,12 @@ CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow
 	NOT-FOR-US: Atlassian
 CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...)
 	NOT-FOR-US: Atlassian
-CVE-2021-41311
-	RESERVED
+CVE-2021-41311 (Affected versions of Atlassian Jira Server and Data Center allow attac ...)
+	TODO: check
 CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
 	NOT-FOR-US: Atlassian
-CVE-2021-41309
-	RESERVED
+CVE-2021-41309 (Affected versions of Atlassian Jira Server and Data Center allow a use ...)
+	TODO: check
 CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-41307 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
@@ -13278,8 +13362,8 @@ CVE-2021-40580
 	RESERVED
 CVE-2021-40579
 	RESERVED
-CVE-2021-40578
-	RESERVED
+CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerability was  ...)
+	TODO: check
 CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
 	NOT-FOR-US: Sourcecodester
 CVE-2021-40576
@@ -14043,8 +14127,8 @@ CVE-2021-40290
 	RESERVED
 CVE-2021-40289
 	RESERVED
-CVE-2021-40288
-	RESERVED
+CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...)
+	TODO: check
 CVE-2021-40287
 	RESERVED
 CVE-2021-40286
@@ -17695,8 +17779,8 @@ CVE-2021-38761
 	RESERVED
 CVE-2021-38760
 	RESERVED
-CVE-2021-38759
-	RESERVED
+CVE-2021-38759 (Raspberry Pi OS through 5.10 has the raspberry default password for th ...)
+	TODO: check
 CVE-2021-38758 (Directory traversal vulnerability in Online Catering Reservation Syste ...)
 	NOT-FOR-US: Directory traversal in Online Catering Reservation System
 CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...)
@@ -22645,8 +22729,8 @@ CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack th
 	NOT-FOR-US: HCC Embedded InterNiche NicheStack
 CVE-2021-36761
 	RESERVED
-CVE-2021-36760
-	RESERVED
+CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server  ...)
+	TODO: check
 CVE-2021-36759
 	RESERVED
 CVE-2021-3651
@@ -24040,8 +24124,8 @@ CVE-2021-36135
 	RESERVED
 CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...)
 	NOT-FOR-US: McAfee
-CVE-2021-36133
-	RESERVED
+CVE-2021-36133 (The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...)
+	TODO: check
 CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...)
 	NOT-FOR-US: FileImport MediaWiki extension
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
@@ -27863,10 +27947,10 @@ CVE-2021-34546 (An unauthenticated attacker with physical access to a computer w
 	NOT-FOR-US: NetSetMan Pro
 CVE-2021-34545
 	RESERVED
-CVE-2021-34544
-	RESERVED
-CVE-2021-34543
-	RESERVED
+CVE-2021-34544 (An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2 ...)
+	TODO: check
+CVE-2021-34543 (The web administration server in Solar-Log 500 before 2.8.2 Build 52 d ...)
+	TODO: check
 CVE-2021-34542
 	RESERVED
 CVE-2021-34541
@@ -42833,8 +42917,8 @@ CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a remo
 	- envoyproxy <itp> (bug #987544)
 CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...)
 	NOT-FOR-US: Pion WebRTC
-CVE-2021-28680
-	RESERVED
+CVE-2021-28680 (The devise_masquerade gem before 1.3 allows certain attacks when a pas ...)
+	TODO: check
 CVE-2021-28679
 	RESERVED
 CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...)
@@ -48027,8 +48111,8 @@ CVE-2021-3372
 	RESERVED
 CVE-2021-3371
 	RESERVED
-CVE-2021-3370
-	RESERVED
+CVE-2021-3370 (DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vul ...)
+	TODO: check
 CVE-2021-3369
 	RESERVED
 CVE-2021-3368
@@ -54023,8 +54107,8 @@ CVE-2021-24043
 	RESERVED
 CVE-2021-24042
 	RESERVED
-CVE-2021-24041
-	RESERVED
+CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...)
+	TODO: check
 CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the  ...)
 	NOT-FOR-US: Facebook ParlAI
 CVE-2021-24039
@@ -77590,8 +77674,8 @@ CVE-2020-27358 (An issue was discovered in REDCap 8.11.6 through 9.x before 10.
 	NOT-FOR-US: REDCap
 CVE-2020-27357
 	RESERVED
-CVE-2020-27356
-	RESERVED
+CVE-2020-27356 (The debug-meta-data plugin 1.1.2 for WordPress allows XSS. ...)
+	TODO: check
 CVE-2020-27355
 	RESERVED
 CVE-2020-27354
@@ -89003,8 +89087,8 @@ CVE-2020-22423
 	RESERVED
 CVE-2020-22422
 	RESERVED
-CVE-2020-22421
-	RESERVED
+CVE-2020-22421 (74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vu ...)
+	TODO: check
 CVE-2020-22420
 	RESERVED
 CVE-2020-22419



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18b486964b11ab4d532ce17cddc9989afe395df9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18b486964b11ab4d532ce17cddc9989afe395df9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211208/42bf4baa/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list