[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 16 08:10:25 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bbef29fd by security tracker role at 2021-12-16T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2022-21943
+	RESERVED
+CVE-2022-21942
+	RESERVED
+CVE-2022-21941
+	RESERVED
+CVE-2022-21940
+	RESERVED
+CVE-2022-21939
+	RESERVED
+CVE-2022-21938
+	RESERVED
+CVE-2022-21937
+	RESERVED
+CVE-2022-21936
+	RESERVED
+CVE-2022-21935
+	RESERVED
+CVE-2022-21934
+	RESERVED
+CVE-2021-45104
+	RESERVED
+CVE-2021-45103
+	RESERVED
+CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x befor ...)
+	TODO: check
+CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, ...)
+	TODO: check
+CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistan ...)
+	TODO: check
+CVE-2021-45098 (An issue was discovered in Suricata before 6.0.4. It is possible to by ...)
+	TODO: check
+CVE-2021-45097 (KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in ...)
+	TODO: check
+CVE-2021-45096 (KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external X ...)
+	TODO: check
+CVE-2021-45094
+	RESERVED
+CVE-2021-45093
+	RESERVED
+CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...)
+	TODO: check
+CVE-2021-45091
+	RESERVED
+CVE-2021-45090
+	RESERVED
+CVE-2021-45089
+	RESERVED
+CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before  ...)
+	TODO: check
+CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before  ...)
+	TODO: check
+CVE-2021-45086 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before  ...)
+	TODO: check
+CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before  ...)
+	TODO: check
+CVE-2021-45084
+	RESERVED
+CVE-2021-45083
+	RESERVED
+CVE-2021-45082
+	RESERVED
+CVE-2021-45081
+	RESERVED
+CVE-2021-45080
+	RESERVED
+CVE-2021-45079
+	RESERVED
+CVE-2021-45078 (stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows ...)
+	TODO: check
+CVE-2021-4125
+	RESERVED
 CVE-2021-XXXX [JNDI vunerability]
 	- logback 1:1.2.8-1
 	NOTE: https://jira.qos.ch/browse/LOGBACK-1591
@@ -13,7 +85,7 @@ CVE-2021-4121
 	RESERVED
 CVE-2021-23151
 	RESERVED
-CVE-2021-45100 [ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1]
+CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel through 5. ...)
 	- linux <unfixed> (unimportant)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -22,7 +94,7 @@ CVE-2021-45100 [ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1]
 	NOTE: https://github.com/cifsd-team/ksmbd/pull/551
 	NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2
 	NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1.
-CVE-2021-45095 [phonet: refcount leak in pep_sock_accep]
+CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/
 CVE-2021-45070
@@ -383,10 +455,10 @@ CVE-2021-45020
 	RESERVED
 CVE-2021-45019
 	RESERVED
-CVE-2021-45018
-	RESERVED
-CVE-2021-45017
-	RESERVED
+CVE-2021-45018 (Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0  ...)
+	TODO: check
+CVE-2021-45017 (Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <= ...)
+	TODO: check
 CVE-2021-45016
 	RESERVED
 CVE-2021-45015 (taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\inclu ...)
@@ -2189,8 +2261,8 @@ CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda
 	NOT-FOR-US: Tenda
 CVE-2021-44351
 	RESERVED
-CVE-2021-44350
-	RESERVED
+CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via  ...)
+	TODO: check
 CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
 	NOT-FOR-US: TuziCMS
 CVE-2021-44348 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
@@ -2895,8 +2967,8 @@ CVE-2021-44118
 	RESERVED
 CVE-2021-44117
 	RESERVED
-CVE-2021-44116
-	RESERVED
+CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12 ...)
+	TODO: check
 CVE-2021-44115
 	RESERVED
 CVE-2021-44114
@@ -3145,8 +3217,8 @@ CVE-2021-44027
 	RESERVED
 CVE-2021-44024
 	RESERVED
-CVE-2021-44023
-	RESERVED
+CVE-2021-44023 (A link following denial-of-service (DoS) vulnerability in the Trend Mi ...)
+	TODO: check
 CVE-2021-44022 (A reachable assertion vulnerability in Trend Micro Apex One could allo ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-44021 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
@@ -3773,18 +3845,18 @@ CVE-2021-43838
 	RESERVED
 CVE-2021-43837
 	RESERVED
-CVE-2021-43836
-	RESERVED
-CVE-2021-43835
-	RESERVED
-CVE-2021-43834
-	RESERVED
-CVE-2021-43833
-	RESERVED
+CVE-2021-43836 (Sulu is an open-source PHP content management system based on the Symf ...)
+	TODO: check
+CVE-2021-43835 (Sulu is an open-source PHP content management system based on the Symf ...)
+	TODO: check
+CVE-2021-43834 (eLabFTW is an electronic lab notebook manager for research teams. In v ...)
+	TODO: check
+CVE-2021-43833 (eLabFTW is an electronic lab notebook manager for research teams. In v ...)
+	TODO: check
 CVE-2021-43832
 	RESERVED
-CVE-2021-43831
-	RESERVED
+CVE-2021-43831 (Gradio is an open source framework for building interactive machine le ...)
+	TODO: check
 CVE-2021-43830 (OpenProject is a web-based project management software. OpenProject ve ...)
 	TODO: check
 CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating Security  ...)
@@ -3838,8 +3910,8 @@ CVE-2021-43808 (Laravel is a web application framework. Laravel prior to version
 	NOTE: https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b (v6.20.42)
 CVE-2021-43807 (Opencast is an Open Source Lecture Capture & Video Management for  ...)
 	TODO: check
-CVE-2021-43806
-	RESERVED
+CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceability of  ...)
+	TODO: check
 CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
 	NOT-FOR-US: Solidus
 CVE-2021-43804
@@ -3897,8 +3969,8 @@ CVE-2021-43784 (runc is a CLI tool for spawning and running containers on Linux
 	NOTE: Fixed by: https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae
 CVE-2021-43783 (@backstage/plugin-scaffolder-backend is the backend for the default Ba ...)
 	NOT-FOR-US: @backstage/plugin-scaffolder-backend
-CVE-2021-43782
-	RESERVED
+CVE-2021-43782 (Tuleap is a Libre and Open Source tool for end to end traceability of  ...)
+	TODO: check
 CVE-2021-43781 (Invenio-Drafts-Resources is a submission/deposit module for Invenio, a ...)
 	NOT-FOR-US: Invenio-Drafts-Resources
 CVE-2021-43780 (Redash is a package for data visualization and sharing. In versions 10 ...)
@@ -13005,8 +13077,8 @@ CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing nec
 	NOT-FOR-US: EdgeX
 CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...)
 	NOT-FOR-US: Metabase
-CVE-2021-41276
-	RESERVED
+CVE-2021-41276 (Tuleap is a Libre and Open Source tool for end to end traceability of  ...)
+	TODO: check
 CVE-2021-41275 (spree_auth_devise is an open source library which provides authenticat ...)
 	NOT-FOR-US: spree_auth_devise
 CVE-2021-41274 (solidus_auth_devise provides authentication services for the Solidus w ...)
@@ -27019,8 +27091,8 @@ CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an authentic
 	NOT-FOR-US: Wowza Streaming Engine
 CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming E ...)
 	NOT-FOR-US: Wowza Streaming Engine
-CVE-2021-35490
-	RESERVED
+CVE-2021-35490 (Thruk 2.40-2 allows stored XSS. ...)
+	TODO: check
 CVE-2021-35489 (Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTN ...)
 	NOT-FOR-US: Thruk
 CVE-2021-35488 (Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&titl ...)
@@ -97685,10 +97757,10 @@ CVE-2020-18987
 	RESERVED
 CVE-2020-18986
 	RESERVED
-CVE-2020-18985
-	RESERVED
-CVE-2020-18984
-	RESERVED
+CVE-2020-18985 (An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboratio ...)
+	TODO: check
+CVE-2020-18984 (A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmi ...)
+	TODO: check
 CVE-2020-18983
 	RESERVED
 CVE-2020-18982 (Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAutho ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbef29fdc601933240adcd0223b074a943bb1cdd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbef29fdc601933240adcd0223b074a943bb1cdd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211216/adfcbc7d/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list