[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 16 08:10:25 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bbef29fd by security tracker role at 2021-12-16T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2022-21943
+ RESERVED
+CVE-2022-21942
+ RESERVED
+CVE-2022-21941
+ RESERVED
+CVE-2022-21940
+ RESERVED
+CVE-2022-21939
+ RESERVED
+CVE-2022-21938
+ RESERVED
+CVE-2022-21937
+ RESERVED
+CVE-2022-21936
+ RESERVED
+CVE-2022-21935
+ RESERVED
+CVE-2022-21934
+ RESERVED
+CVE-2021-45104
+ RESERVED
+CVE-2021-45103
+ RESERVED
+CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x befor ...)
+ TODO: check
+CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, ...)
+ TODO: check
+CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistan ...)
+ TODO: check
+CVE-2021-45098 (An issue was discovered in Suricata before 6.0.4. It is possible to by ...)
+ TODO: check
+CVE-2021-45097 (KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in ...)
+ TODO: check
+CVE-2021-45096 (KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external X ...)
+ TODO: check
+CVE-2021-45094
+ RESERVED
+CVE-2021-45093
+ RESERVED
+CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...)
+ TODO: check
+CVE-2021-45091
+ RESERVED
+CVE-2021-45090
+ RESERVED
+CVE-2021-45089
+ RESERVED
+CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ TODO: check
+CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ TODO: check
+CVE-2021-45086 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ TODO: check
+CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ TODO: check
+CVE-2021-45084
+ RESERVED
+CVE-2021-45083
+ RESERVED
+CVE-2021-45082
+ RESERVED
+CVE-2021-45081
+ RESERVED
+CVE-2021-45080
+ RESERVED
+CVE-2021-45079
+ RESERVED
+CVE-2021-45078 (stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows ...)
+ TODO: check
+CVE-2021-4125
+ RESERVED
CVE-2021-XXXX [JNDI vunerability]
- logback 1:1.2.8-1
NOTE: https://jira.qos.ch/browse/LOGBACK-1591
@@ -13,7 +85,7 @@ CVE-2021-4121
RESERVED
CVE-2021-23151
RESERVED
-CVE-2021-45100 [ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1]
+CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel through 5. ...)
- linux <unfixed> (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -22,7 +94,7 @@ CVE-2021-45100 [ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1]
NOTE: https://github.com/cifsd-team/ksmbd/pull/551
NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2
NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1.
-CVE-2021-45095 [phonet: refcount leak in pep_sock_accep]
+CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/
CVE-2021-45070
@@ -383,10 +455,10 @@ CVE-2021-45020
RESERVED
CVE-2021-45019
RESERVED
-CVE-2021-45018
- RESERVED
-CVE-2021-45017
- RESERVED
+CVE-2021-45018 (Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 ...)
+ TODO: check
+CVE-2021-45017 (Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <= ...)
+ TODO: check
CVE-2021-45016
RESERVED
CVE-2021-45015 (taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\inclu ...)
@@ -2189,8 +2261,8 @@ CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda
NOT-FOR-US: Tenda
CVE-2021-44351
RESERVED
-CVE-2021-44350
- RESERVED
+CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via ...)
+ TODO: check
CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
NOT-FOR-US: TuziCMS
CVE-2021-44348 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
@@ -2895,8 +2967,8 @@ CVE-2021-44118
RESERVED
CVE-2021-44117
RESERVED
-CVE-2021-44116
- RESERVED
+CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12 ...)
+ TODO: check
CVE-2021-44115
RESERVED
CVE-2021-44114
@@ -3145,8 +3217,8 @@ CVE-2021-44027
RESERVED
CVE-2021-44024
RESERVED
-CVE-2021-44023
- RESERVED
+CVE-2021-44023 (A link following denial-of-service (DoS) vulnerability in the Trend Mi ...)
+ TODO: check
CVE-2021-44022 (A reachable assertion vulnerability in Trend Micro Apex One could allo ...)
NOT-FOR-US: Trend Micro
CVE-2021-44021 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
@@ -3773,18 +3845,18 @@ CVE-2021-43838
RESERVED
CVE-2021-43837
RESERVED
-CVE-2021-43836
- RESERVED
-CVE-2021-43835
- RESERVED
-CVE-2021-43834
- RESERVED
-CVE-2021-43833
- RESERVED
+CVE-2021-43836 (Sulu is an open-source PHP content management system based on the Symf ...)
+ TODO: check
+CVE-2021-43835 (Sulu is an open-source PHP content management system based on the Symf ...)
+ TODO: check
+CVE-2021-43834 (eLabFTW is an electronic lab notebook manager for research teams. In v ...)
+ TODO: check
+CVE-2021-43833 (eLabFTW is an electronic lab notebook manager for research teams. In v ...)
+ TODO: check
CVE-2021-43832
RESERVED
-CVE-2021-43831
- RESERVED
+CVE-2021-43831 (Gradio is an open source framework for building interactive machine le ...)
+ TODO: check
CVE-2021-43830 (OpenProject is a web-based project management software. OpenProject ve ...)
TODO: check
CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating Security ...)
@@ -3838,8 +3910,8 @@ CVE-2021-43808 (Laravel is a web application framework. Laravel prior to version
NOTE: https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b (v6.20.42)
CVE-2021-43807 (Opencast is an Open Source Lecture Capture & Video Management for ...)
TODO: check
-CVE-2021-43806
- RESERVED
+CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceability of ...)
+ TODO: check
CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
NOT-FOR-US: Solidus
CVE-2021-43804
@@ -3897,8 +3969,8 @@ CVE-2021-43784 (runc is a CLI tool for spawning and running containers on Linux
NOTE: Fixed by: https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae
CVE-2021-43783 (@backstage/plugin-scaffolder-backend is the backend for the default Ba ...)
NOT-FOR-US: @backstage/plugin-scaffolder-backend
-CVE-2021-43782
- RESERVED
+CVE-2021-43782 (Tuleap is a Libre and Open Source tool for end to end traceability of ...)
+ TODO: check
CVE-2021-43781 (Invenio-Drafts-Resources is a submission/deposit module for Invenio, a ...)
NOT-FOR-US: Invenio-Drafts-Resources
CVE-2021-43780 (Redash is a package for data visualization and sharing. In versions 10 ...)
@@ -13005,8 +13077,8 @@ CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing nec
NOT-FOR-US: EdgeX
CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...)
NOT-FOR-US: Metabase
-CVE-2021-41276
- RESERVED
+CVE-2021-41276 (Tuleap is a Libre and Open Source tool for end to end traceability of ...)
+ TODO: check
CVE-2021-41275 (spree_auth_devise is an open source library which provides authenticat ...)
NOT-FOR-US: spree_auth_devise
CVE-2021-41274 (solidus_auth_devise provides authentication services for the Solidus w ...)
@@ -27019,8 +27091,8 @@ CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an authentic
NOT-FOR-US: Wowza Streaming Engine
CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming E ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2021-35490
- RESERVED
+CVE-2021-35490 (Thruk 2.40-2 allows stored XSS. ...)
+ TODO: check
CVE-2021-35489 (Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTN ...)
NOT-FOR-US: Thruk
CVE-2021-35488 (Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&titl ...)
@@ -97685,10 +97757,10 @@ CVE-2020-18987
RESERVED
CVE-2020-18986
RESERVED
-CVE-2020-18985
- RESERVED
-CVE-2020-18984
- RESERVED
+CVE-2020-18985 (An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboratio ...)
+ TODO: check
+CVE-2020-18984 (A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmi ...)
+ TODO: check
CVE-2020-18983
RESERVED
CVE-2020-18982 (Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAutho ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbef29fdc601933240adcd0223b074a943bb1cdd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbef29fdc601933240adcd0223b074a943bb1cdd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211216/adfcbc7d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list