[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 10 20:10:26 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e52d7315 by security tracker role at 2021-12-10T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-21822
+ RESERVED
+CVE-2022-21821
+ RESERVED
+CVE-2022-21820
+ RESERVED
+CVE-2022-21819
+ RESERVED
+CVE-2022-21818
+ RESERVED
+CVE-2022-21817
+ RESERVED
+CVE-2022-21816
+ RESERVED
+CVE-2022-21815
+ RESERVED
+CVE-2022-21814
+ RESERVED
+CVE-2022-21813
+ RESERVED
+CVE-2021-44795
+ RESERVED
+CVE-2021-44794
+ RESERVED
+CVE-2021-44793
+ RESERVED
+CVE-2021-44792
+ RESERVED
+CVE-2021-44791
+ RESERVED
+CVE-2021-44790
+ RESERVED
+CVE-2021-4095
+ RESERVED
+CVE-2021-4094
+ RESERVED
+CVE-2021-4093
+ RESERVED
+CVE-2021-4092
+ RESERVED
+CVE-2021-4091
+ RESERVED
+CVE-2021-4090
+ RESERVED
CVE-2022-21812
RESERVED
CVE-2022-21804
@@ -90,14 +134,14 @@ CVE-2021-4086
RESERVED
CVE-2021-4085
RESERVED
-CVE-2021-4084
- RESERVED
+CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ TODO: check
CVE-2021-4083
RESERVED
-CVE-2021-4082
- RESERVED
-CVE-2021-4081
- RESERVED
+CVE-2021-4082 (pimcore is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
+CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ TODO: check
CVE-2021-44758
RESERVED
CVE-2021-44757
@@ -1535,8 +1579,7 @@ CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Wind
NOT-FOR-US: Burp Suite (different from src:burp)
CVE-2021-44229
RESERVED
-CVE-2021-44228
- RESERVED
+CVE-2021-44228 (Apache Log4j2 <=2.14.1 JNDI features used in configuration, log mes ...)
- apache-log4j2 <unfixed>
- apache-log4j1.2 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
@@ -1949,7 +1992,7 @@ CVE-2021-3998
RESERVED
CVE-2021-3997
RESERVED
-CVE-2021-44079 (In the wazuh-slack active response script in Wazuh before 4.2.5, untru ...)
+CVE-2021-44079 (In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, ...)
NOT-FOR-US: Wazuh
CVE-2021-3996
RESERVED
@@ -2785,8 +2828,8 @@ CVE-2021-43815
RESERVED
CVE-2021-43814
RESERVED
-CVE-2021-43813
- RESERVED
+CVE-2021-43813 (Grafana is an open-source platform for monitoring and observability. G ...)
+ TODO: check
CVE-2021-43812
RESERVED
CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neural Ma ...)
@@ -11184,8 +11227,8 @@ CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2.
[buster] - squid <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r
NOTE: Fixed by: http://www.squid-cache.org/Versions/v5/changesets/squid-5-533b4359f16cf9ed15a6d709a57a4b06e4222cfe.patch
-CVE-2021-3829
- RESERVED
+CVE-2021-3829 (openwhyd is vulnerable to URL Redirection to Untrusted Site ...)
+ TODO: check
CVE-2021-41610
RESERVED
CVE-2021-41609
@@ -13028,8 +13071,8 @@ CVE-2021-40836
RESERVED
CVE-2021-40835
RESERVED
-CVE-2021-40834
- RESERVED
+CVE-2021-40834 (A user interface overlay vulnerability was discovered in F-secure SAFE ...)
+ TODO: check
CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
NOT-FOR-US: F-Secure
CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
@@ -15215,11 +15258,13 @@ CVE-2021-39930
RESERVED
- gitlab <unfixed>
CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4 ...)
+ {DSA-5019-1}
- wireshark 3.6.0-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17651
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-07.html
CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 ...)
+ {DSA-5019-1}
- wireshark 3.6.0-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704
@@ -15227,36 +15272,43 @@ CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark
CVE-2021-39927
RESERVED
CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 ...)
+ {DSA-5019-1}
- wireshark 3.6.0-1
[buster] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17649
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-08.html
CVE-2021-39925 (Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3 ...)
+ {DSA-5019-1}
- wireshark 3.6.0-1
[buster] - wireshark 2.6.20-0+deb10u2
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17635
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-09.html
CVE-2021-39924 (Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 ...)
+ {DSA-5019-1}
- wireshark 3.6.0-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17677
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-10.html
CVE-2021-39923 (Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 ...)
+ {DSA-5019-1}
- wireshark 3.6.0-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17705
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-15.html
CVE-2021-39922 (Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 an ...)
+ {DSA-5019-1}
- wireshark 3.6.0-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17636
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-12.html
CVE-2021-39921 (NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3 ...)
+ {DSA-5019-1}
- wireshark 3.6.0-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17703
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-14.html
CVE-2021-39920 (NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3 ...)
+ {DSA-5019-1}
- wireshark 3.6.0-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17705
@@ -17664,8 +17716,8 @@ CVE-2021-38939
RESERVED
CVE-2021-38938
RESERVED
-CVE-2021-38937
- RESERVED
+CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authent ...)
+ TODO: check
CVE-2021-38936
RESERVED
CVE-2021-38935
@@ -17704,8 +17756,8 @@ CVE-2021-38919
RESERVED
CVE-2021-38918
RESERVED
-CVE-2021-38917
- RESERVED
+CVE-2021-38917 (IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker ...)
+ TODO: check
CVE-2021-38916
RESERVED
CVE-2021-38915 (IBM Data Risk Manager 2.0.6 stores user credentials in plain clear tex ...)
@@ -20203,10 +20255,10 @@ CVE-2021-37937
RESERVED
CVE-2021-37936
RESERVED
-CVE-2021-37935
- RESERVED
-CVE-2021-37934
- RESERVED
+CVE-2021-37935 (An information disclosure vulnerability in the login page of Huntflow ...)
+ TODO: check
+CVE-2021-37934 (Due to insufficient server-side login-attempt limit enforcement, a vul ...)
+ TODO: check
CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow Enterpri ...)
NOT-FOR-US: Huntflow Enterprise
CVE-2021-37932
@@ -21931,12 +21983,12 @@ CVE-2021-37191 (A vulnerability has been identified in SINEMA Remote Connect Ser
NOT-FOR-US: Siemens
CVE-2021-37190 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
NOT-FOR-US: Siemens
-CVE-2021-37189
- RESERVED
-CVE-2021-37188
- RESERVED
-CVE-2021-37187
- RESERVED
+CVE-2021-37189 (An issue was discovered on Digi TransPort Gateway devices through 5.2. ...)
+ TODO: check
+CVE-2021-37188 (An issue was discovered on Digi TransPort devices through 2021-07-21. ...)
+ TODO: check
+CVE-2021-37187 (An issue was discovered on Digi TransPort devices through 2021-07-21. ...)
+ TODO: check
CVE-2021-37186 (A vulnerability has been identified in LOGO! CMR2020 (All versions < ...)
NOT-FOR-US: Siemens
CVE-2021-37185
@@ -22584,8 +22636,8 @@ CVE-2021-36913
RESERVED
CVE-2021-36912
RESERVED
-CVE-2021-36911
- RESERVED
+CVE-2021-36911 (Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPres ...)
+ TODO: check
CVE-2021-36910
RESERVED
CVE-2021-36909 (Authenticated Database Reset vulnerability in WordPress WP Reset PRO P ...)
@@ -24875,8 +24927,8 @@ CVE-2021-35980
RESERVED
CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0. The 'encry ...)
NOT-FOR-US: Digi RealPort
-CVE-2021-35978
- RESERVED
+CVE-2021-35978 (An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ...)
+ TODO: check
CVE-2021-35977 (An issue was discovered in Digi RealPort for Windows through 4.8.488.0 ...)
NOT-FOR-US: Digi RealPort
CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0 ...)
@@ -35325,12 +35377,12 @@ CVE-2021-31749
RESERVED
CVE-2021-31748
RESERVED
-CVE-2021-31747
- RESERVED
-CVE-2021-31746
- RESERVED
-CVE-2021-31745
- RESERVED
+CVE-2021-31747 (Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in upd ...)
+ TODO: check
+CVE-2021-31746 (Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to ...)
+ TODO: check
+CVE-2021-31745 (Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 ...)
+ TODO: check
CVE-2021-31744
RESERVED
CVE-2021-31743
@@ -41880,8 +41932,8 @@ CVE-2021-29216
RESERVED
CVE-2021-29215
RESERVED
-CVE-2021-29214
- RESERVED
+CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...)
+ TODO: check
CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...)
NOT-FOR-US: HPE
CVE-2021-29212 (A remote unauthenticated directory traversal security vulnerability ha ...)
@@ -44958,10 +45010,10 @@ CVE-2021-27986
RESERVED
CVE-2021-27985
RESERVED
-CVE-2021-27984
- RESERVED
-CVE-2021-27983
- RESERVED
+CVE-2021-27984 (In Pluck-4.7.15 admin background a remote command execution vulnerabil ...)
+ TODO: check
+CVE-2021-27983 (Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 ...)
+ TODO: check
CVE-2021-27982
RESERVED
CVE-2021-27981
@@ -58625,6 +58677,7 @@ CVE-2021-22236 (Due to improper handling of OAuth client IDs, new subscriptions
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 ...)
+ {DSA-5019-1}
[experimental] - wireshark 3.4.7-1~exp1
- wireshark 3.4.7-1
[buster] - wireshark <no-dsa> (Minor issue)
@@ -58657,6 +58710,7 @@ CVE-2021-22224 (A cross-site request forgery vulnerability in the GraphQL API in
CVE-2021-22223 (Client-Side code injection through Feature Flag name in GitLab CE/EE s ...)
- gitlab <unfixed>
CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allow ...)
+ {DSA-5019-1}
[experimental] - wireshark 3.4.6-1~exp1
- wireshark 3.4.7-1
[buster] - wireshark <not-affected> (Vulnerability introduced in 3.4)
@@ -58696,6 +58750,7 @@ CVE-2021-22209 (An issue has been discovered in GitLab CE/EE affecting all versi
CVE-2021-22208 (An issue has been discovered in GitLab affecting versions starting wit ...)
- gitlab <unfixed>
CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to ...)
+ {DSA-5019-1}
[experimental] - wireshark 3.4.6-1~exp1
- wireshark 3.4.7-1 (bug #987853)
[buster] - wireshark <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e52d7315022e5fe074aeb577860759afcf9aa28f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e52d7315022e5fe074aeb577860759afcf9aa28f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211210/039a7850/attachment.htm>
More information about the debian-security-tracker-commits
mailing list