[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 9 20:10:27 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9c8fc767 by security tracker role at 2021-12-09T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2021-44759
+ RESERVED
+CVE-2021-4088
+ RESERVED
+CVE-2021-4087
+ RESERVED
+CVE-2021-4086
+ RESERVED
+CVE-2021-4085
+ RESERVED
+CVE-2021-4084
+ RESERVED
+CVE-2021-4083
+ RESERVED
+CVE-2021-4082
+ RESERVED
+CVE-2021-4081
+ RESERVED
CVE-2021-44758
RESERVED
CVE-2021-44757
@@ -777,8 +795,8 @@ CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted wl
NOT-FOR-US: NXP Kinetis K82 devices
CVE-2021-44478
RESERVED
-CVE-2021-4038
- RESERVED
+CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...)
+ TODO: check
CVE-2022-21240
RESERVED
CVE-2022-21237
@@ -2707,8 +2725,8 @@ CVE-2021-43799
RESERVED
CVE-2021-43798 (Grafana is an open-source platform for monitoring and observability. G ...)
- grafana <removed>
-CVE-2021-43797
- RESERVED
+CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...)
+ TODO: check
CVE-2021-43796
RESERVED
CVE-2021-43795 (Armeria is an open source microservice framework. In affected versions ...)
@@ -3743,8 +3761,8 @@ CVE-2021-43705
RESERVED
CVE-2021-43704
RESERVED
-CVE-2021-43703
- RESERVED
+CVE-2021-43703 (An Incorrect Access Control vulnerability exists in zzcms less than or ...)
+ TODO: check
CVE-2021-43702
RESERVED
CVE-2021-43701
@@ -3950,8 +3968,7 @@ CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such a
NOT-FOR-US: Belledonne Belle-sip
CVE-2021-43609
RESERVED
-CVE-2021-43608 [SQL Injection Security Vulnerability]
- RESERVED
+CVE-2021-43608 (Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of o ...)
- php-doctrine-dbal <not-affected> (Vulnerable code introduced in 3.0.0)
NOTE: Bug was introduced in 3.0.0, and fixed in experimental in 3.1.4+dfsg-1 and
NOTE: only present in experimental suite.
@@ -4547,8 +4564,7 @@ CVE-2021-43412 (An issue was discovered in GNU Hurd before 0.9 20210404-9. libpo
- hurd 1:0.9.git20210404-9
CVE-2021-43411 (An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying ...)
- hurd 1:0.9.git20210404-9
-CVE-2021-43410
- RESERVED
+CVE-2021-43410 (Apache Airavata Django Portal allows CRLF log injection because of lac ...)
NOT-FOR-US: Apache Airavata
CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: twill
@@ -6037,8 +6053,8 @@ CVE-2021-43206
RESERVED
CVE-2021-43205
RESERVED
-CVE-2021-43204
- RESERVED
+CVE-2021-43204 (A improper control of a resource through its lifetime in Fortinet Fort ...)
+ TODO: check
CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: firefly-iii
CVE-2021-3920 (grav-plugin-admin is vulnerable to Improper Neutralization of Input Du ...)
@@ -6337,20 +6353,20 @@ CVE-2021-43073
RESERVED
CVE-2021-43072
RESERVED
-CVE-2021-43071
- RESERVED
+CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6. ...)
+ TODO: check
CVE-2021-43070
RESERVED
CVE-2021-43069
RESERVED
-CVE-2021-43068
- RESERVED
+CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator version 6.4.0 ...)
+ TODO: check
CVE-2021-43067 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
NOT-FOR-US: FortiGuard
CVE-2021-43066
RESERVED
-CVE-2021-43065
- RESERVED
+CVE-2021-43065 (A incorrect permission assignment for critical resource in Fortinet Fo ...)
+ TODO: check
CVE-2021-43064 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
NOT-FOR-US: FortiGuard
CVE-2021-43063 (A improper neutralization of input during web page generation ('cross- ...)
@@ -7077,8 +7093,8 @@ CVE-2021-42761
RESERVED
CVE-2021-42760 (A improper neutralization of special elements used in an sql command ( ...)
NOT-FOR-US: FortiGuard
-CVE-2021-42759
- RESERVED
+CVE-2021-42759 (A violation of secure design principles in Fortinet Meru AP version 8. ...)
+ TODO: check
CVE-2021-42758 (An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 a ...)
NOT-FOR-US: FortiGuard
CVE-2021-42757 (A buffer overflow [CWE-121] in the TFTP client library of FortiOS befo ...)
@@ -10883,14 +10899,14 @@ CVE-2021-41699
RESERVED
CVE-2021-41698
RESERVED
-CVE-2021-41697
- RESERVED
-CVE-2021-41696
- RESERVED
-CVE-2021-41695
- RESERVED
-CVE-2021-41694
- RESERVED
+CVE-2021-41697 (A reflected Cross Site Scripting (XSS) vulnerability exists in Premium ...)
+ TODO: check
+CVE-2021-41696 (An authentication bypass (account takeover) vulnerability exists in Pr ...)
+ TODO: check
+CVE-2021-41695 (An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 v ...)
+ TODO: check
+CVE-2021-41694 (An Incorrect Access Control vulnerability exists in Premiumdatingscrip ...)
+ TODO: check
CVE-2021-41693
RESERVED
CVE-2021-41692
@@ -11286,8 +11302,8 @@ CVE-2021-3819 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ..
NOT-FOR-US: firefly-iii
CVE-2021-3818 (grav is vulnerable to Reliance on Cookies without Validation and Integ ...)
NOT-FOR-US: Grav CMS
-CVE-2021-3817
- RESERVED
+CVE-2021-3817 (wbce_cms is vulnerable to Improper Neutralization of Special Elements ...)
+ TODO: check
CVE-2021-41523
RESERVED
CVE-2021-41522
@@ -11448,8 +11464,8 @@ CVE-2021-41451
RESERVED
CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 al ...)
NOT-FOR-US: TP-Link
-CVE-2021-41449
- RESERVED
+CVE-2021-41449 (A path traversal attack in web interfaces of Netgear RAX35, RAX38, and ...)
+ TODO: check
CVE-2021-41448
RESERVED
CVE-2021-41447
@@ -11873,8 +11889,8 @@ CVE-2021-41267 (Symfony/Http-Kernel is the HTTP kernel component for Symfony, a
NOTE: https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487 (v5.3.12)
CVE-2021-41266 (Minio console is a graphical user interface for the for MinIO operator ...)
NOT-FOR-US: Minio console
-CVE-2021-41265
- RESERVED
+CVE-2021-41265 (Flask-AppBuilder is a development framework built on top of Flask. Ver ...)
+ TODO: check
CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract development. In ...)
NOT-FOR-US: OpenZeppelin Contracts
CVE-2021-41263 (rails_multisite provides multi-db support for Rails applications. In a ...)
@@ -11920,8 +11936,8 @@ CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter noteb
- jupyterhub 2.0.0+ds1-1
NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7
NOTE: https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
-CVE-2021-41246
- RESERVED
+CVE-2021-41246 (Express OpenID Connect is express JS middleware implementing sign on f ...)
+ TODO: check
CVE-2021-41245
RESERVED
CVE-2021-41244 (Grafana is an open-source platform for monitoring and observability. I ...)
@@ -14280,14 +14296,14 @@ CVE-2021-40284 (D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overfl
NOT-FOR-US: D-Link
CVE-2021-40283
RESERVED
-CVE-2021-40282
- RESERVED
-CVE-2021-40281
- RESERVED
-CVE-2021-40280
- RESERVED
-CVE-2021-40279
- RESERVED
+CVE-2021-40282 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 202 ...)
+ TODO: check
+CVE-2021-40281 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...)
+ TODO: check
+CVE-2021-40280 (An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 ...)
+ TODO: check
+CVE-2021-40279 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...)
+ TODO: check
CVE-2021-40278
RESERVED
CVE-2021-40277
@@ -17411,8 +17427,8 @@ CVE-2021-39004
RESERVED
CVE-2021-39003
RESERVED
-CVE-2021-39002
- RESERVED
+CVE-2021-39002 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2021-39001
RESERVED
CVE-2021-39000 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to ob ...)
@@ -17513,8 +17529,8 @@ CVE-2021-38953
RESERVED
CVE-2021-38952
RESERVED
-CVE-2021-38951
- RESERVED
+CVE-2021-38951 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ TODO: check
CVE-2021-38950
RESERVED
CVE-2021-38949 (IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials ...)
@@ -17553,8 +17569,8 @@ CVE-2021-38933
RESERVED
CVE-2021-38932
RESERVED
-CVE-2021-38931
- RESERVED
+CVE-2021-38931 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
+ TODO: check
CVE-2021-38930
RESERVED
CVE-2021-38929
@@ -17563,8 +17579,8 @@ CVE-2021-38928
RESERVED
CVE-2021-38927
RESERVED
-CVE-2021-38926
- RESERVED
+CVE-2021-38926 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2021-38925 (IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 ...)
NOT-FOR-US: IBM
CVE-2021-38924
@@ -21642,7 +21658,7 @@ CVE-2021-37255
RESERVED
CVE-2021-37254 (In M-Files Web product with versions before 20.10.9524.1 and 20.10.944 ...)
NOT-FOR-US: M-Files
-CVE-2021-37253 (M-Files Web before 20.10.9524.1 allows a denial of service via overlap ...)
+CVE-2021-37253 (** DISPUTED ** M-Files Web before 20.10.9524.1 allows a denial of serv ...)
NOT-FOR-US: M-Files Web
CVE-2021-37252
RESERVED
@@ -24114,8 +24130,8 @@ CVE-2021-36196
RESERVED
CVE-2021-36195 (Multiple command injection vulnerabilities in the command line interpr ...)
NOT-FOR-US: FortiGuard
-CVE-2021-36194
- RESERVED
+CVE-2021-36194 (Multiple stack-based buffer overflows in the API controllers of FortiW ...)
+ TODO: check
CVE-2021-36193
RESERVED
CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
@@ -24124,8 +24140,8 @@ CVE-2021-36191 (A url redirection to untrusted site ('open redirect') in Fortine
NOT-FOR-US: FortiGuard
CVE-2021-36190 (A unintended proxy or intermediary ('confused deputy') in Fortinet For ...)
NOT-FOR-US: FortiGuard
-CVE-2021-36189
- RESERVED
+CVE-2021-36189 (A missing encryption of sensitive data in Fortinet FortiClientEMS vers ...)
+ TODO: check
CVE-2021-36188 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2021-36187 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0 ...)
@@ -24168,8 +24184,8 @@ CVE-2021-36169
RESERVED
CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...)
NOT-FOR-US: Fortinet
-CVE-2021-36167
- RESERVED
+CVE-2021-36167 (An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windo ...)
+ TODO: check
CVE-2021-36166
RESERVED
CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by c ...)
@@ -40512,8 +40528,8 @@ CVE-2021-29680
RESERVED
CVE-2021-29679 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated us ...)
NOT-FOR-US: IBM
-CVE-2021-29678
- RESERVED
+CVE-2021-29678 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2021-29677 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...)
NOT-FOR-US: IBM
CVE-2021-29676 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...)
@@ -57825,14 +57841,14 @@ CVE-2021-22570
RESERVED
CVE-2021-22569
RESERVED
-CVE-2021-22568
- RESERVED
+CVE-2021-22568 (When using the dart pub publish command to publish a package to a thir ...)
+ TODO: check
CVE-2021-22567
RESERVED
CVE-2021-22566
RESERVED
-CVE-2021-22565
- RESERVED
+CVE-2021-22565 (An attacker could prematurely expire a verification code, making it un ...)
+ TODO: check
CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger than an i ...)
NOT-FOR-US: libjxl
CVE-2021-22563 (Invalid JPEG XL images using libjxl can cause an out of bounds access ...)
@@ -59161,10 +59177,10 @@ CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server
NOT-FOR-US: Dream Report ODS Remote Connector
CVE-2021-21956
RESERVED
-CVE-2021-21955
- RESERVED
-CVE-2021-21954
- RESERVED
+CVE-2021-21955 (An authentication bypass vulnerability exists in the get_aes_key_info_ ...)
+ TODO: check
+CVE-2021-21954 (A command execution vulnerability exists in the wifi_country_code_upda ...)
+ TODO: check
CVE-2021-21953
RESERVED
CVE-2021-21952
@@ -64531,8 +64547,8 @@ CVE-2021-20375 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an
NOT-FOR-US: IBM
CVE-2021-20374 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...)
NOT-FOR-US: IBM
-CVE-2021-20373
- RESERVED
+CVE-2021-20373 (IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Inform ...)
+ TODO: check
CVE-2021-20372 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote ...)
NOT-FOR-US: IBM
CVE-2021-20371 (IBM Jazz Foundation and IBM Engineering products could allow a remote ...)
@@ -65451,26 +65467,26 @@ CVE-2021-20148
RESERVED
CVE-2021-20147
RESERVED
-CVE-2021-20146
- RESERVED
-CVE-2021-20145
- RESERVED
-CVE-2021-20144
- RESERVED
-CVE-2021-20143
- RESERVED
-CVE-2021-20142
- RESERVED
-CVE-2021-20141
- RESERVED
-CVE-2021-20140
- RESERVED
-CVE-2021-20139
- RESERVED
-CVE-2021-20138
- RESERVED
-CVE-2021-20137
- RESERVED
+CVE-2021-20146 (An unprotected ssh private key exists on the Gryphon devices which cou ...)
+ TODO: check
+CVE-2021-20145 (Gryphon Tower routers contain an unprotected openvpn configuration fil ...)
+ TODO: check
+CVE-2021-20144 (An unauthenticated command injection vulnerability exists in the param ...)
+ TODO: check
+CVE-2021-20143 (An unauthenticated command injection vulnerability exists in the param ...)
+ TODO: check
+CVE-2021-20142 (An unauthenticated command injection vulnerability exists in the param ...)
+ TODO: check
+CVE-2021-20141 (An unauthenticated command injection vulnerability exists in the param ...)
+ TODO: check
+CVE-2021-20140 (An unauthenticated command injection vulnerability exists in the param ...)
+ TODO: check
+CVE-2021-20139 (An unauthenticated command injection vulnerability exists in the param ...)
+ TODO: check
+CVE-2021-20138 (An unauthenticated command injection vulnerability exists in multiple ...)
+ TODO: check
+CVE-2021-20137 (A reflected cross-site scripting vulnerability exists in the url param ...)
+ TODO: check
CVE-2021-20136 (ManageEngine Log360 Builds < 5235 are affected by an improper acces ...)
NOT-FOR-US: ManageEngine
CVE-2021-20135 (Nessus versions 8.15.2 and earlier were found to contain a local privi ...)
@@ -65555,6 +65571,7 @@ CVE-2021-20096 (Cross-site request forgery in OpenOversight 0.6.4 allows a remot
NOT-FOR-US: OpenOversight
CVE-2021-20095
REJECTED
+ {DSA-5018-1}
CVE-2021-20094 (A denial of service vulnerability exists in Wibu-Systems CodeMeter ver ...)
NOT-FOR-US: Wibu-Systems CodeMeter
CVE-2021-20093 (A buffer over-read vulnerability exists in Wibu-Systems CodeMeter vers ...)
@@ -95145,10 +95162,10 @@ CVE-2020-19685
RESERVED
CVE-2020-19684
RESERVED
-CVE-2020-19683
- RESERVED
-CVE-2020-19682
- RESERVED
+CVE-2020-19683 (A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile a ...)
+ TODO: check
+CVE-2020-19682 (A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7 ...)
+ TODO: check
CVE-2020-19681
RESERVED
CVE-2020-19680
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c8fc76738cc53f5cdc33dfd2ba3d760d35d8e7d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c8fc76738cc53f5cdc33dfd2ba3d760d35d8e7d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211209/ca9aa825/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list