[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 14 20:10:43 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
60c9847a by security tracker role at 2021-12-14T20:10:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2021-45050
+ RESERVED
+CVE-2021-45049
+ RESERVED
+CVE-2021-45048
+ RESERVED
+CVE-2021-45047
+ RESERVED
+CVE-2021-45046 (It was found that the fix to address CVE-2021-44228 in Apache Log4j 2. ...)
+ TODO: check
+CVE-2021-45045
+ RESERVED
+CVE-2021-45044
+ RESERVED
+CVE-2021-44768
+ RESERVED
+CVE-2021-44544
+ RESERVED
+CVE-2021-44471
+ RESERVED
+CVE-2021-4119
+ RESERVED
+CVE-2021-4118
+ RESERVED
+CVE-2021-4117
+ RESERVED
+CVE-2021-4116
+ RESERVED
+CVE-2021-4115
+ RESERVED
+CVE-2021-4114
+ RESERVED
+CVE-2021-4113
+ RESERVED
+CVE-2021-4112
+ RESERVED
+CVE-2021-4111
+ RESERVED
+CVE-2021-31558
+ RESERVED
+CVE-2021-23228
+ RESERVED
CVE-2022-21933
RESERVED
CVE-2022-21932
@@ -264,10 +306,10 @@ CVE-2021-45017
RESERVED
CVE-2021-45016
RESERVED
-CVE-2021-45015
- RESERVED
-CVE-2021-45014
- RESERVED
+CVE-2021-45015 (taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\inclu ...)
+ TODO: check
+CVE-2021-45014 (There is an upload sql injection vulnerability in the background of ta ...)
+ TODO: check
CVE-2021-45013
RESERVED
CVE-2021-45012
@@ -396,8 +438,8 @@ CVE-2021-44951
RESERVED
CVE-2021-44950
RESERVED
-CVE-2021-44949
- RESERVED
+CVE-2021-44949 (glFusion CMS 1.7.9 is affected by an access control vulnerability via ...)
+ TODO: check
CVE-2021-44948
RESERVED
CVE-2021-44947
@@ -420,12 +462,12 @@ CVE-2021-44939
RESERVED
CVE-2021-44938
RESERVED
-CVE-2021-44937
- RESERVED
+CVE-2021-44937 (glFusion CMS v1.7.9 is affected by an arbitrary user registration vuln ...)
+ TODO: check
CVE-2021-44936
RESERVED
-CVE-2021-44935
- RESERVED
+CVE-2021-44935 (glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vul ...)
+ TODO: check
CVE-2021-44934
RESERVED
CVE-2021-44933
@@ -629,8 +671,8 @@ CVE-2021-44835
RESERVED
CVE-2021-44834
RESERVED
-CVE-2021-4107
- RESERVED
+CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
+ TODO: check
CVE-2021-4106
RESERVED
CVE-2021-4105
@@ -647,8 +689,7 @@ CVE-2018-25021 (The TCP Server module in toxcore before 0.2.8 doesn't free the T
NOTE: https://github.com/TokTok/c-toxcore/pull/1216
CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...)
NOT-FOR-US: CLI for Amazon AWS OpenSearch
-CVE-2021-4104 [Deserialization of untrusted data in JMSAppender]
- RESERVED
+CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ...)
- apache-log4j1.2 <unfixed>
[bullseye] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
[buster] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
@@ -1172,8 +1213,8 @@ CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF) ...)
NOT-FOR-US: snipe-it
CVE-2021-4074
RESERVED
-CVE-2021-4073
- RESERVED
+CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...)
+ TODO: check
CVE-2021-4072
RESERVED
CVE-2021-4071
@@ -1430,8 +1471,8 @@ CVE-2021-44550
RESERVED
CVE-2021-4070
RESERVED
-CVE-2021-44549
- RESERVED
+CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on top of ...)
+ TODO: check
CVE-2021-4069 (vim is vulnerable to Use After Free ...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/
@@ -1540,16 +1581,15 @@ CVE-2021-44540
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb07592c0912cf938a50fcd009fa29a0a (v_3_0_33)
CVE-2021-43353
RESERVED
-CVE-2021-41836
- RESERVED
+CVE-2021-41836 (The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Si ...)
+ TODO: check
CVE-2021-4050 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
NOT-FOR-US: livehelperchat
CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: livehelperchat
CVE-2021-44539
RESERVED
-CVE-2021-44538
- RESERVED
+CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 is vul ...)
- element-web <itp> (bug #866502)
- olm 3.2.8~dfsg-1 (bug #1001664)
[buster] - olm <not-affected> (Vulnerable code introduced later)
@@ -1583,12 +1623,12 @@ CVE-2021-44526
RESERVED
CVE-2021-44525
RESERVED
-CVE-2021-44524
- RESERVED
-CVE-2021-44523
- RESERVED
-CVE-2021-44522
- RESERVED
+CVE-2021-44524 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
+ TODO: check
+CVE-2021-44523 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
+ TODO: check
+CVE-2021-44522 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
+ TODO: check
CVE-2021-44477
RESERVED
CVE-2021-4048 (An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, an ...)
@@ -1618,8 +1658,7 @@ CVE-2021-4046
RESERVED
CVE-2021-4045
RESERVED
-CVE-2021-4044
- RESERVED
+CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the client si ...)
[experimental] - openssl <unfixed>
- openssl <not-affected> (Vulnerable code not present)
NOTE: https://www.openssl.org/news/secadv/20211214.txt
@@ -1788,48 +1827,48 @@ CVE-2021-44453
RESERVED
CVE-2021-44451
RESERVED
-CVE-2021-44450
- RESERVED
-CVE-2021-44449
- RESERVED
-CVE-2021-44448
- RESERVED
-CVE-2021-44447
- RESERVED
-CVE-2021-44446
- RESERVED
-CVE-2021-44445
- RESERVED
-CVE-2021-44444
- RESERVED
-CVE-2021-44443
- RESERVED
-CVE-2021-44442
- RESERVED
-CVE-2021-44441
- RESERVED
-CVE-2021-44440
- RESERVED
-CVE-2021-44439
- RESERVED
-CVE-2021-44438
- RESERVED
-CVE-2021-44437
- RESERVED
-CVE-2021-44436
- RESERVED
-CVE-2021-44435
- RESERVED
-CVE-2021-44434
- RESERVED
-CVE-2021-44433
- RESERVED
-CVE-2021-44432
- RESERVED
-CVE-2021-44431
- RESERVED
-CVE-2021-44430
- RESERVED
+CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44449 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44448 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44447 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44446 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44445 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44444 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44443 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44442 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44441 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44440 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44439 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44438 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44437 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44436 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44435 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44434 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44433 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44432 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
CVE-2021-43355
RESERVED
CVE-2021-41835
@@ -2275,16 +2314,16 @@ CVE-2021-4026 (bookstack is vulnerable to Improper Access Control ...)
NOT-FOR-US: bookstack
CVE-2021-4025
RESERVED
-CVE-2021-44235
- RESERVED
+CVE-2021-44235 (Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700 ...)
+ TODO: check
CVE-2021-44234
RESERVED
-CVE-2021-44233
- RESERVED
-CVE-2021-44232
- RESERVED
-CVE-2021-44231
- RESERVED
+CVE-2021-44233 (SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, doe ...)
+ TODO: check
+CVE-2021-44232 (SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insu ...)
+ TODO: check
+CVE-2021-44231 (Internally used text extraction reports allow an attacker to inject co ...)
+ TODO: check
CVE-2022-21792
RESERVED
CVE-2022-21791
@@ -2582,8 +2621,8 @@ CVE-2021-44167
RESERVED
CVE-2021-44166
RESERVED
-CVE-2021-44165
- RESERVED
+CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
+ TODO: check
CVE-2021-44164
RESERVED
CVE-2021-44163
@@ -2622,8 +2661,8 @@ CVE-2021-4008 [SProcRenderCompositeGlyphs out-of-bounds access]
- xwayland 2:21.1.4-1
NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60
-CVE-2021-4007
- RESERVED
+CVE-2021-4007 (Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local ...)
+ TODO: check
CVE-2021-4006
RESERVED
CVE-2021-4005 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -2913,12 +2952,12 @@ CVE-2021-44045 (An out-of-bounds write vulnerability exists when reading a DGN f
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-44044 (An out-of-bounds write vulnerability exists when reading a JPG file us ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
-CVE-2021-44043
- RESERVED
-CVE-2021-44042
- RESERVED
-CVE-2021-44041
- RESERVED
+CVE-2021-44043 (An issue was discovered in UiPath App Studio 21.4.4. There is a persis ...)
+ TODO: check
+CVE-2021-44042 (An issue was discovered in UiPath Assistant 21.4.4. User-controlled da ...)
+ TODO: check
+CVE-2021-44041 (UiPath Assistant 21.4.4 will load and execute attacker controlled data ...)
+ TODO: check
CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...)
NOT-FOR-US: kimai2
CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...)
@@ -2997,40 +3036,40 @@ CVE-2021-3977
RESERVED
CVE-2021-44018
RESERVED
-CVE-2021-44017
- RESERVED
+CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
CVE-2021-44016
RESERVED
-CVE-2021-44015
- RESERVED
-CVE-2021-44014
- RESERVED
-CVE-2021-44013
- RESERVED
-CVE-2021-44012
- RESERVED
-CVE-2021-44011
- RESERVED
-CVE-2021-44010
- RESERVED
-CVE-2021-44009
- RESERVED
-CVE-2021-44008
- RESERVED
-CVE-2021-44007
- RESERVED
-CVE-2021-44006
- RESERVED
-CVE-2021-44005
- RESERVED
-CVE-2021-44004
- RESERVED
-CVE-2021-44003
- RESERVED
-CVE-2021-44002
- RESERVED
-CVE-2021-44001
- RESERVED
+CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
+CVE-2021-44014 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
+CVE-2021-44013 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
+CVE-2021-44012 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
+CVE-2021-44011 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
+CVE-2021-44010 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
+CVE-2021-44009 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
+CVE-2021-44008 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
+CVE-2021-44007 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
+CVE-2021-44006 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
+CVE-2021-44005 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
+CVE-2021-44004 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
+CVE-2021-44003 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
+CVE-2021-44002 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
+CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
CVE-2021-44000
RESERVED
CVE-2021-43999
@@ -3641,8 +3680,8 @@ CVE-2021-43822 (Jackalope Doctrine-DBAL is an implementation of the PHP Content
TODO: check
CVE-2021-43821
RESERVED
-CVE-2021-43820
- RESERVED
+CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is used i ...)
+ TODO: check
CVE-2021-43819
RESERVED
CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python language. ...)
@@ -3672,8 +3711,8 @@ CVE-2021-43808 (Laravel is a web application framework. Laravel prior to version
- php-laravel-framework <unfixed> (bug #1001333)
NOTE: https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
NOTE: https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b (v6.20.42)
-CVE-2021-43807
- RESERVED
+CVE-2021-43807 (Opencast is an Open Source Lecture Capture & Video Management for ...)
+ TODO: check
CVE-2021-43806
RESERVED
CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
@@ -5615,8 +5654,8 @@ CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15. Ther
- linux 5.14.16-1
NOTE: https://www.openwall.com/lists/oss-security/2021/10/19/1
NOTE: https://git.kernel.org/linus/1f3e2e97c003f80c4b087092b225c8787ff91e4d
-CVE-2021-43388
- RESERVED
+CVE-2021-43388 (Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store ...)
+ TODO: check
CVE-2021-43387
RESERVED
CVE-2021-43386
@@ -10010,8 +10049,8 @@ CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 a
NOT-FOR-US: Imagicle Application Suite
CVE-2021-42368
RESERVED
-CVE-2021-42367
- RESERVED
+CVE-2021-42367 (The Variation Swatches for WooCommerce WordPress plugin is vulnerable ...)
+ TODO: check
CVE-2021-42366
RESERVED
CVE-2021-42365 (The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site ...)
@@ -10933,26 +10972,26 @@ CVE-2021-42072 (An issue was discovered in Barrier before 2.4.0. The barriers co
NOT-FOR-US: Barrier
CVE-2021-42071 (In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can ach ...)
NOT-FOR-US: Visual Tools DVR VX16
-CVE-2021-42070
- RESERVED
-CVE-2021-42069
- RESERVED
-CVE-2021-42068
- RESERVED
+CVE-2021-42070 (When a user opens manipulated Jupiter Tessellation (.jt) file received ...)
+ TODO: check
+CVE-2021-42069 (When a user opens manipulated Tagged Image File Format (.tif) file rec ...)
+ TODO: check
+CVE-2021-42068 (When a user opens a manipulated GIF (.gif) file received from untruste ...)
+ TODO: check
CVE-2021-42067
RESERVED
-CVE-2021-42066
- RESERVED
+CVE-2021-42066 (SAP Business One - version 10.0, allows an admin user to view DB passw ...)
+ TODO: check
CVE-2021-42065
RESERVED
-CVE-2021-42064
- RESERVED
-CVE-2021-42063
- RESERVED
+CVE-2021-42064 (If configured to use an Oracle database and if a query is created usin ...)
+ TODO: check
+CVE-2021-42063 (A security vulnerability has been discovered in the SAP Knowledge Ware ...)
+ TODO: check
CVE-2021-42062 (SAP ERP HCM Portugal does not perform necessary authorization checks f ...)
NOT-FOR-US: SAP
-CVE-2021-42061
- RESERVED
+CVE-2021-42061 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence) ...)
+ TODO: check
CVE-2021-3868
RESERVED
CVE-2021-3867
@@ -10977,10 +11016,10 @@ CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via c
NOT-FOR-US: Django Unicorn, different from src:unicorn
CVE-2021-42052
RESERVED
-CVE-2021-42051
- RESERVED
-CVE-2021-42050
- RESERVED
+CVE-2021-42051 (An issue was discovered in AbanteCart before 1.3.2. Any low-privileged ...)
+ TODO: check
+CVE-2021-42050 (An issue was discovered in AbanteCart before 1.3.2. It allows DOM Base ...)
+ TODO: check
CVE-2021-42049 (An issue was discovered in the Translate extension in MediaWiki throug ...)
NOT-FOR-US: Translate MediaWiki extension
CVE-2021-42048 (An issue was discovered in the Growth extension in MediaWiki through 1 ...)
@@ -11047,18 +11086,18 @@ CVE-2021-42029
RESERVED
CVE-2021-42028
RESERVED
-CVE-2021-42027
- RESERVED
+CVE-2021-42027 (A vulnerability has been identified in SINUMERIK Edge (All versions &l ...)
+ TODO: check
CVE-2021-42026 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Siemens
CVE-2021-42025 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Siemens
-CVE-2021-42024
- RESERVED
-CVE-2021-42023
- RESERVED
-CVE-2021-42022
- RESERVED
+CVE-2021-42024 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...)
+ TODO: check
+CVE-2021-42023 (A vulnerability has been identified in ModelSim Simulation (All versio ...)
+ TODO: check
+CVE-2021-42022 (A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Packa ...)
+ TODO: check
CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA Server ( ...)
NOT-FOR-US: Siemens
CVE-2021-42020
@@ -11730,8 +11769,8 @@ CVE-2021-3837
RESERVED
CVE-2021-41766
RESERVED
-CVE-2021-3836
- RESERVED
+CVE-2021-3836 (dbeaver is vulnerable to Improper Restriction of XML External Entity R ...)
+ TODO: check
CVE-2021-3835
RESERVED
CVE-2021-3834 (Integria IMS in its 5.0.92 version does not filter correctly some fiel ...)
@@ -11740,8 +11779,8 @@ CVE-2021-3833 (Integria IMS login check uses a loose comparator ("==") to compar
NOT-FOR-US: Integria IMS
CVE-2021-3832 (Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Exec ...)
NOT-FOR-US: Integria IMS
-CVE-2021-3831
- RESERVED
+CVE-2021-3831 (gnuboard5 is vulnerable to Improper Neutralization of Input During Web ...)
+ TODO: check
CVE-2021-41765 (A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of R ...)
NOT-FOR-US: ResourceSpace
CVE-2021-41764 (A cross-site request forgery (CSRF) vulnerability exists in Streama up ...)
@@ -12219,8 +12258,8 @@ CVE-2021-41549
RESERVED
CVE-2021-41548
RESERVED
-CVE-2021-41547
- RESERVED
+CVE-2021-41547 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...)
+ TODO: check
CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
NOT-FOR-US: Siemens
CVE-2021-41545
@@ -13383,12 +13422,12 @@ CVE-2021-41069
RESERVED
CVE-2021-41068
RESERVED
-CVE-2021-41067
- RESERVED
-CVE-2021-41066
- RESERVED
-CVE-2021-41065
- RESERVED
+CVE-2021-41067 (An issue was discovered in Listary through 6. Improper implementation ...)
+ TODO: check
+CVE-2021-41066 (An issue was discovered in Listary through 6. When Listary is configur ...)
+ TODO: check
+CVE-2021-41065 (An issue was discovered in Listary through 6. An attacker can create a ...)
+ TODO: check
CVE-2021-41064
RESERVED
CVE-2021-41063 (SQL injection vulnerability was discovered in Aanderaa GeoView Webserv ...)
@@ -13779,10 +13818,10 @@ CVE-2021-40885
RESERVED
CVE-2021-40884 (Projectsend version r1295 is affected by sensitive information disclos ...)
NOT-FOR-US: Projectsend
-CVE-2021-40883
- RESERVED
-CVE-2021-40882
- RESERVED
+CVE-2021-40883 (A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via ...)
+ TODO: check
+CVE-2021-40882 (A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via ...)
+ TODO: check
CVE-2021-40881 (An issue in the BAT file parameters of PublicCMS v4.0 allows attackers ...)
NOT-FOR-US: PublicCMS
CVE-2021-40880
@@ -17527,30 +17566,30 @@ CVE-2021-39321 (Version 3.3.23 of the Sassy Social Share WordPress plugin is vul
NOT-FOR-US: WordPress plugin
CVE-2021-39320 (The underConstruction plugin <= 1.18 for WordPress echoes out the r ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39319
- RESERVED
-CVE-2021-39318
- RESERVED
+CVE-2021-39319 (The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerabl ...)
+ TODO: check
+CVE-2021-39318 (The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-S ...)
+ TODO: check
CVE-2021-39317 (Versions up to, and including, 1.0.6, of the Access Demo Importer Word ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39316 (The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39315
- RESERVED
-CVE-2021-39314
- RESERVED
-CVE-2021-39313
- RESERVED
-CVE-2021-39312
- RESERVED
-CVE-2021-39311
- RESERVED
-CVE-2021-39310
- RESERVED
-CVE-2021-39309
- RESERVED
-CVE-2021-39308
- RESERVED
+CVE-2021-39315 (The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross ...)
+ TODO: check
+CVE-2021-39314 (The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected ...)
+ TODO: check
+CVE-2021-39313 (The Simple Image Gallery WordPress plugin is vulnerable to Reflected C ...)
+ TODO: check
+CVE-2021-39312 (The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary file ...)
+ TODO: check
+CVE-2021-39311 (The link-list-manager WordPress plugin is vulnerable to Reflected Cros ...)
+ TODO: check
+CVE-2021-39310 (The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Sit ...)
+ TODO: check
+CVE-2021-39309 (The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerabl ...)
+ TODO: check
+CVE-2021-39308 (The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable ...)
+ TODO: check
CVE-2021-39307 (PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlin ...)
NOT-FOR-US: PDFTron WebViewer UI
CVE-2021-39306
@@ -18511,8 +18550,8 @@ CVE-2021-38952
RESERVED
CVE-2021-38951 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
NOT-FOR-US: IBM
-CVE-2021-38950
- RESERVED
+CVE-2021-38950 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...)
+ TODO: check
CVE-2021-38949 (IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials ...)
NOT-FOR-US: IBM
CVE-2021-38948 (IBM InfoSphere Information Server 11.7 is vulnerable to an XML Externa ...)
@@ -19935,8 +19974,8 @@ CVE-2021-38363
RESERVED
CVE-2021-38362
RESERVED
-CVE-2021-38361
- RESERVED
+CVE-2021-38361 (The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cro ...)
+ TODO: check
CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to restrictive loca ...)
NOT-FOR-US: WordPress plugin
CVE-2021-38359 (The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions Wor ...)
@@ -20369,8 +20408,8 @@ CVE-2021-38184
RESERVED
CVE-2021-38183 (SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently enc ...)
NOT-FOR-US: SAP
-CVE-2021-38182
- RESERVED
+CVE-2021-38182 (Due to insufficient input validation of Kyma, authenticated users can ...)
+ TODO: check
CVE-2021-38181 (SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, ...)
NOT-FOR-US: SAP
CVE-2021-38180 (SAP Business One - version 10.0, allows an attacker to inject formulas ...)
@@ -23973,8 +24012,8 @@ CVE-2021-36723
RESERVED
CVE-2021-36722
RESERVED
-CVE-2021-36721
- RESERVED
+CVE-2021-36721 (Sysaid API User Enumeration - Attacker sending requests to specific ap ...)
+ TODO: check
CVE-2021-36720 (PineApp - Mail Secure - Attacker sending a request to :/blocking.php?u ...)
NOT-FOR-US: PineApp - Mail Secure
CVE-2021-36719 (PineApp - Mail Secure - The attacker must be logged in as a user to th ...)
@@ -49258,8 +49297,8 @@ CVE-2021-3378 (FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sendi
NOT-FOR-US: FortiLogger
CVE-2021-3377 (The npm package ansi_up converts ANSI escape codes into HTML. In ansi_ ...)
- node-ansi-up 5.0.0+dfsg-1 (bug #984667)
-CVE-2021-3376
- RESERVED
+CVE-2021-3376 (An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allow ...)
+ TODO: check
CVE-2021-3375 (ActivePresenter 6.1.6 is affected by a memory corruption vulnerability ...)
NOT-FOR-US: ActivePresenter
CVE-2021-3374 (Directory traversal in RStudio Shiny Server before 1.5.16 allows attac ...)
@@ -173511,7 +173550,7 @@ CVE-2019-10936 (A vulnerability has been identified in Development/Evaluation Ki
NOT-FOR-US: Siemens
CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
-CVE-2019-10934 (A vulnerability has been identified in TIA Portal V14 (All versions &l ...)
+CVE-2019-10934 (A vulnerability has been identified in TIA Portal V14 (All versions), ...)
NOT-FOR-US: Siemens
CVE-2019-10933 (A vulnerability has been identified in Spectrum Power 3 (Corporate Use ...)
NOT-FOR-US: Siemens
@@ -229718,8 +229757,8 @@ CVE-2018-10230 (Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.
NOT-FOR-US: Zend Server
CVE-2018-10229 (A hardware vulnerability in GPU memory modules allows attackers to acc ...)
NOT-FOR-US: GPU memory hardware issue
-CVE-2018-10228
- RESERVED
+CVE-2018-10228 (Cross-site scripting (XSS) vulnerability in /application/controller/ad ...)
+ TODO: check
CVE-2018-10227 (MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. ...)
NOT-FOR-US: MiniCMS
CVE-2018-10226
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60c9847a59924bd6314b0913f5e09d24c3a865ee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60c9847a59924bd6314b0913f5e09d24c3a865ee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211214/12338749/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list