[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 8 08:10:24 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
18b48696 by security tracker role at 2021-12-08T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2021-44738
+ RESERVED
+CVE-2021-44737
+ RESERVED
+CVE-2021-44736
+ RESERVED
+CVE-2021-44735
+ RESERVED
+CVE-2021-44734
+ RESERVED
+CVE-2021-44733
+ RESERVED
+CVE-2021-44732
+ RESERVED
+CVE-2021-44731
+ RESERVED
+CVE-2021-44730
+ RESERVED
+CVE-2021-44729
+ RESERVED
+CVE-2021-44728
+ RESERVED
+CVE-2021-44727
+ RESERVED
+CVE-2021-44726 (KNIME Server before 4.13.4 allows XSS via the old WebPortal login page ...)
+ TODO: check
+CVE-2021-44725 (KNIME Server before 4.13.4 allows directory traversal in a request for ...)
+ TODO: check
+CVE-2021-44724
+ RESERVED
+CVE-2021-44723
+ RESERVED
+CVE-2021-44722
+ RESERVED
+CVE-2021-44721
+ RESERVED
+CVE-2021-44720
+ RESERVED
+CVE-2021-44719
+ RESERVED
+CVE-2021-44718
+ RESERVED
+CVE-2021-44717
+ RESERVED
+CVE-2021-44716
+ RESERVED
+CVE-2021-44715
+ RESERVED
+CVE-2021-44714
+ RESERVED
+CVE-2021-44713
+ RESERVED
+CVE-2021-44712
+ RESERVED
+CVE-2021-44711
+ RESERVED
+CVE-2021-44710
+ RESERVED
+CVE-2021-44709
+ RESERVED
+CVE-2021-44708
+ RESERVED
+CVE-2021-44707
+ RESERVED
+CVE-2021-44706
+ RESERVED
+CVE-2021-44705
+ RESERVED
+CVE-2021-44704
+ RESERVED
+CVE-2021-44703
+ RESERVED
+CVE-2021-44702
+ RESERVED
+CVE-2021-44701
+ RESERVED
+CVE-2021-44700
+ RESERVED
+CVE-2021-44699
+ RESERVED
+CVE-2021-44698
+ RESERVED
+CVE-2021-44697
+ RESERVED
+CVE-2021-44696
+ RESERVED
CVE-2021-44695
RESERVED
CVE-2021-44694
@@ -707,8 +793,7 @@ CVE-2021-44422
RESERVED
CVE-2021-44421
RESERVED
-CVE-2021-44420 [Potential bypass of an upstream access control based on URL paths]
- RESERVED
+CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...)
- python-django 2:3.2.10-1
[bullseye] - python-django <no-dsa> (Minor issue)
[buster] - python-django <no-dsa> (Minor issue)
@@ -1463,10 +1548,10 @@ CVE-2021-44151
RESERVED
CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...)
NOT-FOR-US: tusdotnet
-CVE-2021-44149
- RESERVED
-CVE-2021-44148
- RESERVED
+CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through ...)
+ TODO: check
+CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...)
+ TODO: check
CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...)
NOT-FOR-US: Claris
CVE-2021-44146
@@ -1931,8 +2016,8 @@ CVE-2021-43965
RESERVED
CVE-2021-43964
RESERVED
-CVE-2021-43963
- RESERVED
+CVE-2021-43963 (An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. ...)
+ TODO: check
CVE-2021-43962
RESERVED
CVE-2021-43961
@@ -2464,12 +2549,12 @@ CVE-2021-43812
RESERVED
CVE-2021-43811
RESERVED
-CVE-2021-43810
- RESERVED
+CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...)
+ TODO: check
CVE-2021-43809
RESERVED
-CVE-2021-43808
- RESERVED
+CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...)
+ TODO: check
CVE-2021-43807
RESERVED
CVE-2021-43806
@@ -3655,10 +3740,10 @@ CVE-2021-43640
RESERVED
CVE-2021-43639
RESERVED
-CVE-2021-43638
- RESERVED
-CVE-2021-43637
- RESERVED
+CVE-2021-43638 (Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL ...)
+ TODO: check
+CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler ...)
+ TODO: check
CVE-2021-43636
RESERVED
CVE-2021-43635
@@ -6255,7 +6340,7 @@ CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..", t
TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki
CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...)
NOT-FOR-US: bookstack
-CVE-2018-25020 [bpf: fix truncated jump targets on heavy expansions]
+CVE-2018-25020 (The BPF subsystem in the Linux kernel before 4.17 mishandles situation ...)
- linux 4.17.3-1
NOTE: https://git.kernel.org/linus/050fad7c4534c13c8eb1d9c2ba66012e014773cb (4.17-rc7)
CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...)
@@ -6332,76 +6417,76 @@ CVE-2021-43008
RESERVED
CVE-2021-43007
RESERVED
-CVE-2021-43006
- RESERVED
+CVE-2021-43006 (AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOC ...)
+ TODO: check
CVE-2021-43005
RESERVED
CVE-2021-43004
RESERVED
-CVE-2021-43003
- RESERVED
-CVE-2021-43002
- RESERVED
+CVE-2021-43003 (Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL ...)
+ TODO: check
+CVE-2021-43002 (Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handle ...)
+ TODO: check
CVE-2021-43001
RESERVED
-CVE-2021-43000
- RESERVED
+CVE-2021-43000 (Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL ...)
+ TODO: check
CVE-2021-42999
RESERVED
CVE-2021-42998
RESERVED
CVE-2021-42997
RESERVED
-CVE-2021-42996
- RESERVED
+CVE-2021-42996 (Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in th ...)
+ TODO: check
CVE-2021-42995
RESERVED
-CVE-2021-42994
- RESERVED
-CVE-2021-42993
- RESERVED
+CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the ...)
+ TODO: check
+CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x ...)
+ TODO: check
CVE-2021-42992
RESERVED
CVE-2021-42991
RESERVED
-CVE-2021-42990
- RESERVED
+CVE-2021-42990 (FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x2 ...)
+ TODO: check
CVE-2021-42989
RESERVED
-CVE-2021-42988
- RESERVED
-CVE-2021-42987
- RESERVED
-CVE-2021-42986
- RESERVED
+CVE-2021-42988 (Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler ...)
+ TODO: check
+CVE-2021-42987 (Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler ...)
+ TODO: check
+CVE-2021-42986 (NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Han ...)
+ TODO: check
CVE-2021-42985
RESERVED
CVE-2021-42984
RESERVED
-CVE-2021-42983
- RESERVED
+CVE-2021-42983 (NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Hand ...)
+ TODO: check
CVE-2021-42982
RESERVED
CVE-2021-42981
RESERVED
-CVE-2021-42980
- RESERVED
-CVE-2021-42979
- RESERVED
+CVE-2021-42980 (NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0 ...)
+ TODO: check
+CVE-2021-42979 (NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler ...)
+ TODO: check
CVE-2021-42978
RESERVED
-CVE-2021-42977
- RESERVED
-CVE-2021-42976
- RESERVED
+CVE-2021-42977 (NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Ha ...)
+ TODO: check
+CVE-2021-42976 (NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Han ...)
+ TODO: check
CVE-2021-42975
RESERVED
CVE-2021-42974
RESERVED
-CVE-2021-42973
- RESERVED
-CVE-2021-42972
- RESERVED
+CVE-2021-42973 (NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x2200 ...)
+ TODO: check
+CVE-2021-42972 (NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001 ...)
+ TODO: check
CVE-2021-42971
RESERVED
CVE-2021-42970
@@ -6984,8 +7069,7 @@ CVE-2021-42718
RESERVED
CVE-2021-3894
RESERVED
-CVE-2021-42717 [ModSecurity DoS Vulnerability in JSON Parsing]
- RESERVED
+CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...)
- modsecurity 3.0.6-1
- modsecurity-apache 2.9.5-1
[stretch] - modsecurity-apache <postponed> (revisit when/if fixed upstream)
@@ -7056,22 +7140,22 @@ CVE-2021-42690
RESERVED
CVE-2021-42689
RESERVED
-CVE-2021-42688
- RESERVED
-CVE-2021-42687
- RESERVED
-CVE-2021-42686
- RESERVED
-CVE-2021-42685
- RESERVED
+CVE-2021-42688 (An Integer Overflow vulnerability exists in Accops HyWorks Windows Cli ...)
+ TODO: check
+CVE-2021-42687 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...)
+ TODO: check
+CVE-2021-42686 (An Integer Overflow exists in Accops HyWorks Windows Client prior to v ...)
+ TODO: check
+CVE-2021-42685 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...)
+ TODO: check
CVE-2021-42684
RESERVED
-CVE-2021-42683
- RESERVED
-CVE-2021-42682
- RESERVED
-CVE-2021-42681
- RESERVED
+CVE-2021-42683 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...)
+ TODO: check
+CVE-2021-42682 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...)
+ TODO: check
+CVE-2021-42681 (A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools pri ...)
+ TODO: check
CVE-2021-42680
RESERVED
CVE-2021-42679
@@ -7303,8 +7387,8 @@ CVE-2021-42569
RESERVED
CVE-2021-42568 (Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers ...)
NOT-FOR-US: Sonatype
-CVE-2021-42567
- RESERVED
+CVE-2021-42567 (Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST ...)
+ TODO: check
CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter. ...)
NOT-FOR-US: myfactory.FMS
CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...)
@@ -11510,12 +11594,12 @@ CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow
NOT-FOR-US: Atlassian
CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...)
NOT-FOR-US: Atlassian
-CVE-2021-41311
- RESERVED
+CVE-2021-41311 (Affected versions of Atlassian Jira Server and Data Center allow attac ...)
+ TODO: check
CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
NOT-FOR-US: Atlassian
-CVE-2021-41309
- RESERVED
+CVE-2021-41309 (Affected versions of Atlassian Jira Server and Data Center allow a use ...)
+ TODO: check
CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
NOT-FOR-US: Atlassian
CVE-2021-41307 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
@@ -13278,8 +13362,8 @@ CVE-2021-40580
RESERVED
CVE-2021-40579
RESERVED
-CVE-2021-40578
- RESERVED
+CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerability was ...)
+ TODO: check
CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
NOT-FOR-US: Sourcecodester
CVE-2021-40576
@@ -14043,8 +14127,8 @@ CVE-2021-40290
RESERVED
CVE-2021-40289
RESERVED
-CVE-2021-40288
- RESERVED
+CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...)
+ TODO: check
CVE-2021-40287
RESERVED
CVE-2021-40286
@@ -17695,8 +17779,8 @@ CVE-2021-38761
RESERVED
CVE-2021-38760
RESERVED
-CVE-2021-38759
- RESERVED
+CVE-2021-38759 (Raspberry Pi OS through 5.10 has the raspberry default password for th ...)
+ TODO: check
CVE-2021-38758 (Directory traversal vulnerability in Online Catering Reservation Syste ...)
NOT-FOR-US: Directory traversal in Online Catering Reservation System
CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...)
@@ -22645,8 +22729,8 @@ CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack th
NOT-FOR-US: HCC Embedded InterNiche NicheStack
CVE-2021-36761
RESERVED
-CVE-2021-36760
- RESERVED
+CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server ...)
+ TODO: check
CVE-2021-36759
RESERVED
CVE-2021-3651
@@ -24040,8 +24124,8 @@ CVE-2021-36135
RESERVED
CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...)
NOT-FOR-US: McAfee
-CVE-2021-36133
- RESERVED
+CVE-2021-36133 (The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...)
+ TODO: check
CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...)
NOT-FOR-US: FileImport MediaWiki extension
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
@@ -27863,10 +27947,10 @@ CVE-2021-34546 (An unauthenticated attacker with physical access to a computer w
NOT-FOR-US: NetSetMan Pro
CVE-2021-34545
RESERVED
-CVE-2021-34544
- RESERVED
-CVE-2021-34543
- RESERVED
+CVE-2021-34544 (An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2 ...)
+ TODO: check
+CVE-2021-34543 (The web administration server in Solar-Log 500 before 2.8.2 Build 52 d ...)
+ TODO: check
CVE-2021-34542
RESERVED
CVE-2021-34541
@@ -42833,8 +42917,8 @@ CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a remo
- envoyproxy <itp> (bug #987544)
CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...)
NOT-FOR-US: Pion WebRTC
-CVE-2021-28680
- RESERVED
+CVE-2021-28680 (The devise_masquerade gem before 1.3 allows certain attacks when a pas ...)
+ TODO: check
CVE-2021-28679
RESERVED
CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...)
@@ -48027,8 +48111,8 @@ CVE-2021-3372
RESERVED
CVE-2021-3371
RESERVED
-CVE-2021-3370
- RESERVED
+CVE-2021-3370 (DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vul ...)
+ TODO: check
CVE-2021-3369
RESERVED
CVE-2021-3368
@@ -54023,8 +54107,8 @@ CVE-2021-24043
RESERVED
CVE-2021-24042
RESERVED
-CVE-2021-24041
- RESERVED
+CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...)
+ TODO: check
CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the ...)
NOT-FOR-US: Facebook ParlAI
CVE-2021-24039
@@ -77590,8 +77674,8 @@ CVE-2020-27358 (An issue was discovered in REDCap 8.11.6 through 9.x before 10.
NOT-FOR-US: REDCap
CVE-2020-27357
RESERVED
-CVE-2020-27356
- RESERVED
+CVE-2020-27356 (The debug-meta-data plugin 1.1.2 for WordPress allows XSS. ...)
+ TODO: check
CVE-2020-27355
RESERVED
CVE-2020-27354
@@ -89003,8 +89087,8 @@ CVE-2020-22423
RESERVED
CVE-2020-22422
RESERVED
-CVE-2020-22421
- RESERVED
+CVE-2020-22421 (74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vu ...)
+ TODO: check
CVE-2020-22420
RESERVED
CVE-2020-22419
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18b486964b11ab4d532ce17cddc9989afe395df9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18b486964b11ab4d532ce17cddc9989afe395df9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211208/42bf4baa/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list