[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 20 08:10:22 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6a4b37e7 by security tracker role at 2021-12-20T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,479 @@
+CVE-2022-22053
+ RESERVED
+CVE-2022-22052
+ RESERVED
+CVE-2022-22051
+ RESERVED
+CVE-2022-22050
+ RESERVED
+CVE-2022-22049
+ RESERVED
+CVE-2022-22048
+ RESERVED
+CVE-2022-22047
+ RESERVED
+CVE-2022-22046
+ RESERVED
+CVE-2022-22045
+ RESERVED
+CVE-2022-22044
+ RESERVED
+CVE-2022-22043
+ RESERVED
+CVE-2022-22042
+ RESERVED
+CVE-2022-22041
+ RESERVED
+CVE-2022-22040
+ RESERVED
+CVE-2022-22039
+ RESERVED
+CVE-2022-22038
+ RESERVED
+CVE-2022-22037
+ RESERVED
+CVE-2022-22036
+ RESERVED
+CVE-2022-22035
+ RESERVED
+CVE-2022-22034
+ RESERVED
+CVE-2022-22033
+ RESERVED
+CVE-2022-22032
+ RESERVED
+CVE-2022-22031
+ RESERVED
+CVE-2022-22030
+ RESERVED
+CVE-2022-22029
+ RESERVED
+CVE-2022-22028
+ RESERVED
+CVE-2022-22027
+ RESERVED
+CVE-2022-22026
+ RESERVED
+CVE-2022-22025
+ RESERVED
+CVE-2022-22024
+ RESERVED
+CVE-2022-22023
+ RESERVED
+CVE-2022-22022
+ RESERVED
+CVE-2022-22021
+ RESERVED
+CVE-2022-22020
+ RESERVED
+CVE-2022-22019
+ RESERVED
+CVE-2022-22018
+ RESERVED
+CVE-2022-22017
+ RESERVED
+CVE-2022-22016
+ RESERVED
+CVE-2022-22015
+ RESERVED
+CVE-2022-22014
+ RESERVED
+CVE-2022-22013
+ RESERVED
+CVE-2022-22012
+ RESERVED
+CVE-2022-22011
+ RESERVED
+CVE-2022-22010
+ RESERVED
+CVE-2022-22009
+ RESERVED
+CVE-2022-22008
+ RESERVED
+CVE-2022-22007
+ RESERVED
+CVE-2022-22006
+ RESERVED
+CVE-2022-22005
+ RESERVED
+CVE-2022-22004
+ RESERVED
+CVE-2022-22003
+ RESERVED
+CVE-2022-22002
+ RESERVED
+CVE-2022-22001
+ RESERVED
+CVE-2022-22000
+ RESERVED
+CVE-2022-21999
+ RESERVED
+CVE-2022-21998
+ RESERVED
+CVE-2022-21997
+ RESERVED
+CVE-2022-21996
+ RESERVED
+CVE-2022-21995
+ RESERVED
+CVE-2022-21994
+ RESERVED
+CVE-2022-21993
+ RESERVED
+CVE-2022-21992
+ RESERVED
+CVE-2022-21991
+ RESERVED
+CVE-2022-21990
+ RESERVED
+CVE-2022-21989
+ RESERVED
+CVE-2022-21988
+ RESERVED
+CVE-2022-21987
+ RESERVED
+CVE-2022-21986
+ RESERVED
+CVE-2022-21985
+ RESERVED
+CVE-2022-21984
+ RESERVED
+CVE-2022-21983
+ RESERVED
+CVE-2022-21982
+ RESERVED
+CVE-2022-21981
+ RESERVED
+CVE-2022-21980
+ RESERVED
+CVE-2022-21979
+ RESERVED
+CVE-2022-21978
+ RESERVED
+CVE-2022-21977
+ RESERVED
+CVE-2022-21976
+ RESERVED
+CVE-2022-21975
+ RESERVED
+CVE-2022-21974
+ RESERVED
+CVE-2022-21973
+ RESERVED
+CVE-2022-21972
+ RESERVED
+CVE-2022-21971
+ RESERVED
+CVE-2022-21970
+ RESERVED
+CVE-2022-21969
+ RESERVED
+CVE-2022-21968
+ RESERVED
+CVE-2022-21967
+ RESERVED
+CVE-2022-21966
+ RESERVED
+CVE-2022-21965
+ RESERVED
+CVE-2022-21964
+ RESERVED
+CVE-2022-21963
+ RESERVED
+CVE-2022-21962
+ RESERVED
+CVE-2022-21961
+ RESERVED
+CVE-2022-21960
+ RESERVED
+CVE-2022-21959
+ RESERVED
+CVE-2022-21958
+ RESERVED
+CVE-2022-21957
+ RESERVED
+CVE-2022-21956
+ RESERVED
+CVE-2022-21955
+ RESERVED
+CVE-2022-21954
+ RESERVED
+CVE-2021-45233
+ RESERVED
+CVE-2021-45232
+ RESERVED
+CVE-2021-45231
+ RESERVED
+CVE-2021-45230
+ RESERVED
+CVE-2021-45229
+ RESERVED
+CVE-2021-45228
+ RESERVED
+CVE-2021-45227
+ RESERVED
+CVE-2021-45226
+ RESERVED
+CVE-2021-45225
+ RESERVED
+CVE-2021-45224
+ RESERVED
+CVE-2021-45223
+ RESERVED
+CVE-2021-45222
+ RESERVED
+CVE-2021-45221
+ RESERVED
+CVE-2021-45220
+ RESERVED
+CVE-2021-45219
+ RESERVED
+CVE-2021-45218
+ RESERVED
+CVE-2021-45217
+ RESERVED
+CVE-2021-45216
+ RESERVED
+CVE-2021-45215
+ RESERVED
+CVE-2021-45214
+ RESERVED
+CVE-2021-45213
+ RESERVED
+CVE-2021-45212
+ RESERVED
+CVE-2021-45211
+ RESERVED
+CVE-2021-45210
+ RESERVED
+CVE-2021-45209
+ RESERVED
+CVE-2021-45208
+ RESERVED
+CVE-2021-45207
+ RESERVED
+CVE-2021-45206
+ RESERVED
+CVE-2021-45205
+ RESERVED
+CVE-2021-45204
+ RESERVED
+CVE-2021-45203
+ RESERVED
+CVE-2021-45202
+ RESERVED
+CVE-2021-45201
+ RESERVED
+CVE-2021-45200
+ RESERVED
+CVE-2021-45199
+ RESERVED
+CVE-2021-45198
+ RESERVED
+CVE-2021-45197
+ RESERVED
+CVE-2021-45196
+ RESERVED
+CVE-2021-45195
+ RESERVED
+CVE-2021-45194
+ RESERVED
+CVE-2021-45193
+ RESERVED
+CVE-2021-45192
+ RESERVED
+CVE-2021-45191
+ RESERVED
+CVE-2021-45190
+ RESERVED
+CVE-2021-45189
+ RESERVED
+CVE-2021-45188
+ RESERVED
+CVE-2021-45187
+ RESERVED
+CVE-2021-45186
+ RESERVED
+CVE-2021-45185
+ RESERVED
+CVE-2021-45184
+ RESERVED
+CVE-2021-45183
+ RESERVED
+CVE-2021-45182
+ RESERVED
+CVE-2021-45181
+ RESERVED
+CVE-2021-45180
+ RESERVED
+CVE-2021-45179
+ RESERVED
+CVE-2021-45178
+ RESERVED
+CVE-2021-45177
+ RESERVED
+CVE-2021-45176
+ RESERVED
+CVE-2021-45175
+ RESERVED
+CVE-2021-45174
+ RESERVED
+CVE-2021-45173
+ RESERVED
+CVE-2021-45172
+ RESERVED
+CVE-2021-45171
+ RESERVED
+CVE-2021-45170
+ RESERVED
+CVE-2021-45169
+ RESERVED
+CVE-2021-45168
+ RESERVED
+CVE-2021-45167
+ RESERVED
+CVE-2021-45166
+ RESERVED
+CVE-2021-45165
+ RESERVED
+CVE-2021-45164
+ RESERVED
+CVE-2021-45163
+ RESERVED
+CVE-2021-45162
+ RESERVED
+CVE-2021-45161
+ RESERVED
+CVE-2021-45160
+ RESERVED
+CVE-2021-45159
+ RESERVED
+CVE-2021-45158
+ RESERVED
+CVE-2021-45157
+ RESERVED
+CVE-2021-45156
+ RESERVED
+CVE-2021-45155
+ RESERVED
+CVE-2021-45154
+ RESERVED
+CVE-2021-45153
+ RESERVED
+CVE-2021-45152
+ RESERVED
+CVE-2021-45151
+ RESERVED
+CVE-2021-45150
+ RESERVED
+CVE-2021-45149
+ RESERVED
+CVE-2021-45148
+ RESERVED
+CVE-2021-45147
+ RESERVED
+CVE-2021-45146
+ RESERVED
+CVE-2021-45145
+ RESERVED
+CVE-2021-45144
+ RESERVED
+CVE-2021-45143
+ RESERVED
+CVE-2021-45142
+ RESERVED
+CVE-2021-45141
+ RESERVED
+CVE-2021-45140
+ RESERVED
+CVE-2021-45139
+ RESERVED
+CVE-2021-45138
+ RESERVED
+CVE-2021-45137
+ RESERVED
+CVE-2021-45136
+ RESERVED
+CVE-2021-45135
+ RESERVED
+CVE-2021-45134
+ RESERVED
+CVE-2021-45133
+ RESERVED
+CVE-2021-45132
+ RESERVED
+CVE-2021-45131
+ RESERVED
+CVE-2021-45130
+ RESERVED
+CVE-2021-45129
+ RESERVED
+CVE-2021-45128
+ RESERVED
+CVE-2021-45127
+ RESERVED
+CVE-2021-45126
+ RESERVED
+CVE-2021-45125
+ RESERVED
+CVE-2021-45124
+ RESERVED
+CVE-2021-45123
+ RESERVED
+CVE-2021-45122
+ RESERVED
+CVE-2021-45121
+ RESERVED
+CVE-2021-45120
+ RESERVED
+CVE-2021-45119
+ RESERVED
+CVE-2021-45118
+ RESERVED
+CVE-2021-45117
+ RESERVED
+CVE-2021-45116
+ RESERVED
+CVE-2021-45115
+ RESERVED
+CVE-2021-45106
+ RESERVED
+CVE-2021-44463
+ RESERVED
+CVE-2021-44462
+ RESERVED
+CVE-2021-4137
+ RESERVED
+CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ TODO: check
+CVE-2021-4135
+ RESERVED
+CVE-2021-4134
+ RESERVED
+CVE-2021-4133
+ RESERVED
+CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ TODO: check
+CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
+CVE-2021-4130 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
+CVE-2021-4129
+ RESERVED
+CVE-2021-4128
+ RESERVED
+CVE-2021-4127
+ RESERVED
+CVE-2021-4126
+ RESERVED
+CVE-2021-26264
+ RESERVED
+CVE-2021-23173
+ RESERVED
+CVE-2021-23157
+ RESERVED
+CVE-2021-23138
+ RESERVED
CVE-2021-XXXX [several SQL injection, remote code execution, XSS issues]
- spip 3.2.12-1
NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
@@ -26,8 +502,7 @@ CVE-2022-21945
RESERVED
CVE-2022-21944
RESERVED
-CVE-2021-45105 [Certain strings can cause infinite recursion]
- RESERVED
+CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) di ...)
{DSA-5024-1}
- apache-log4j2 2.17.0-1 (bug #1001891)
NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
@@ -135,8 +610,7 @@ CVE-2021-45078 (stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37
CVE-2021-4125
RESERVED
NOT-FOR-US: OpenShift metering hive containers
-CVE-2021-42550 [JNDI vunerability]
- RESERVED
+CVE-2021-42550 (In logback version 1.2.7 and prior versions, an attacker with the requ ...)
- logback 1:1.2.8-1
[bullseye] - logback <no-dsa> (Minor issue)
[buster] - logback <no-dsa> (Minor issue)
@@ -465,10 +939,10 @@ CVE-2022-21833
RESERVED
CVE-2021-45043 (HD-Network Real-time Monitoring System 2.0 allows ../ directory traver ...)
NOT-FOR-US: HD-Network Real-time Monitoring System
-CVE-2021-45042
- RESERVED
-CVE-2021-45041
- RESERVED
+CVE-2021-45042 (In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8 ...)
+ TODO: check
+CVE-2021-45041 (SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL i ...)
+ TODO: check
CVE-2021-4110 (mruby is vulnerable to NULL Pointer Dereference ...)
- mruby <unfixed> (bug #1001768)
[stretch] - mruby <postponed> (revisit when/if fix is complete)
@@ -484,8 +958,7 @@ CVE-2021-45040
RESERVED
CVE-2021-45039
RESERVED
-CVE-2021-45038 [Unauthorized users can access private wiki contents using rollback action]
- RESERVED
+CVE-2021-45038 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
{DSA-5021-1}
- mediawiki 1:1.35.5-1
[buster] - mediawiki <not-affected> (Vulnerable code not present)
@@ -857,8 +1330,7 @@ CVE-2021-44858 [Unauthorized users can view contents of private wikis using vari
[buster] - mediawiki 1:1.31.16-1+deb10u2
NOTE: https://phabricator.wikimedia.org/T297322
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
-CVE-2021-44857 [Unauthorized users can use action=mcrundo to replace the content of arbitrary pages]
- RESERVED
+CVE-2021-44857 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
{DSA-5021-1}
- mediawiki 1:1.35.5-1
[buster] - mediawiki <not-affected> (Vulnerable code not present)
@@ -2411,12 +2883,12 @@ CVE-2021-44319
RESERVED
CVE-2021-44318
RESERVED
-CVE-2021-44317
- RESERVED
+CVE-2021-44317 (In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us ...)
+ TODO: check
CVE-2021-44316
RESERVED
-CVE-2021-44315
- RESERVED
+CVE-2021-44315 (In Bus Pass Management System v1.0, Directory Listing/Browsing is enab ...)
+ TODO: check
CVE-2021-44314
RESERVED
CVE-2021-44313
@@ -2908,41 +3380,37 @@ CVE-2021-44166
RESERVED
CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
NOT-FOR-US: Siemens
-CVE-2021-44164
- RESERVED
-CVE-2021-44163
- RESERVED
-CVE-2021-44162
- RESERVED
+CVE-2021-44164 (Chain Sea ai chatbot system’s file upload function has insuffici ...)
+ TODO: check
+CVE-2021-44163 (Chain Sea ai chatbot backend has improper filtering of special charact ...)
+ TODO: check
+CVE-2021-44162 (Chain Sea ai chatbot system’s specific file download function ha ...)
+ TODO: check
CVE-2021-44161
RESERVED
CVE-2021-44160
RESERVED
-CVE-2021-44159
- RESERVED
+CVE-2021-44159 (4MOSAn GCB Doctor’s file upload function has improper user privi ...)
+ TODO: check
CVE-2021-44158
RESERVED
-CVE-2021-4011 [SProcXFixesCreatePointerBarrier out-of-bounds access]
- RESERVED
+CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
- xorg-server 2:1.20.13-3
- xwayland 2:21.1.4-1
NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/e56f61c79fc3cee26d83cda0f84ae56d5979f768
-CVE-2021-4010 [SProcScreenSaverSuspend out-of-bounds access]
- RESERVED
+CVE-2021-4010 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
- xorg-server 2:1.20.13-3
[stretch] - xorg-server <not-affected> (Vulnerable code introduced later)
- xwayland 2:21.1.4-1
NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21
-CVE-2021-4009 [SProcXFixesCreatePointerBarrier out-of-bounds access]
- RESERVED
+CVE-2021-4009 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
- xorg-server 2:1.20.13-3
- xwayland 2:21.1.4-1
NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/b5196750099ae6ae582e1f46bd0a6dad29550e02
-CVE-2021-4008 [SProcRenderCompositeGlyphs out-of-bounds access]
- RESERVED
+CVE-2021-4008 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
- xorg-server 2:1.20.13-3
- xwayland 2:21.1.4-1
NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
@@ -2985,8 +3453,7 @@ CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server
NOT-FOR-US: Claris
CVE-2021-44146
RESERVED
-CVE-2021-44145
- RESERVED
+CVE-2021-44145 (In the TransformXML processor of Apache NiFi before 1.15.1 an authenti ...)
NOT-FOR-US: Apache NiFi
CVE-2021-44144 (Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with ...)
NOT-FOR-US: Croatia Control Asterix
@@ -3273,8 +3740,8 @@ CVE-2021-44037 (Team Password Manager (aka TeamPasswordManager) before 10.135.23
NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
CVE-2021-44036 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 has ...)
NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
-CVE-2021-44035
- RESERVED
+CVE-2021-44035 (Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads ...)
+ TODO: check
CVE-2021-3982 [Distributions using CAP_SYS_NICE in gnome-shell may be exposed to privilege escalation]
RESERVED
- gnome-shell <not-affected> (Debian packaging does not set cap_sys_nice+ep on gnome-shell binary)
@@ -3935,14 +4402,14 @@ CVE-2021-43842
RESERVED
CVE-2021-43841
RESERVED
-CVE-2021-43840
- RESERVED
+CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In ...)
+ TODO: check
CVE-2021-43839
RESERVED
-CVE-2021-43838
- RESERVED
-CVE-2021-43837
- RESERVED
+CVE-2021-43838 (jsx-slack is a library for building JSON objects for Slack Block Kit s ...)
+ TODO: check
+CVE-2021-43837 (vault-cli is a configurable command-line interface tool (and python li ...)
+ TODO: check
CVE-2021-43836 (Sulu is an open-source PHP content management system based on the Symf ...)
NOT-FOR-US: Sulu
CVE-2021-43835 (Sulu is an open-source PHP content management system based on the Symf ...)
@@ -3996,8 +4463,8 @@ CVE-2021-43814 (Rizin is a UNIX-like reverse engineering framework and command-l
TODO: check
CVE-2021-43813 (Grafana is an open-source platform for monitoring and observability. G ...)
- grafana <removed>
-CVE-2021-43812
- RESERVED
+CVE-2021-43812 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
+ TODO: check
CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neural Ma ...)
NOT-FOR-US: Sockeye
CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...)
@@ -5119,8 +5586,8 @@ CVE-2021-43680
RESERVED
CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...)
NOT-FOR-US: ecshop
-CVE-2021-43678
- RESERVED
+CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vul ...)
+ TODO: check
CVE-2021-43677
RESERVED
CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...)
@@ -5940,7 +6407,7 @@ CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-
NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8 (5.62)
CVE-2021-43399 (The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-s ...)
TODO: check
-CVE-2021-43398 (Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in ...)
+CVE-2021-43398 (** DISPUTED ** Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a ti ...)
- libcrypto++ <unfixed> (unimportant; bug #1000227)
NOTE: https://github.com/weidai11/cryptopp/issues/1080
NOTE: As per upstream believed to be the expected behaviour:
@@ -7652,8 +8119,8 @@ CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to a
NOT-FOR-US: bookstack
CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-43083
- RESERVED
+CVE-2021-43083 (Apache PLC4X - PLC4C (Only the C language implementation was effected) ...)
+ TODO: check
CVE-2021-43082 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
- trafficserver 9.1.1+ds-1
[bullseye] - trafficserver <not-affected> (Vulnerable code not present, introduced in 9.x)
@@ -8098,8 +8565,8 @@ CVE-2021-42914
RESERVED
CVE-2021-42913
RESERVED
-CVE-2021-42912
- RESERVED
+CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command inj ...)
+ TODO: check
CVE-2021-42911
RESERVED
CVE-2021-42910
@@ -8841,8 +9308,8 @@ CVE-2021-42586
RESERVED
CVE-2021-42585
RESERVED
-CVE-2021-42584
- RESERVED
+CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before ...)
+ TODO: check
CVE-2021-42583
RESERVED
CVE-2021-42582
@@ -11591,8 +12058,8 @@ CVE-2021-41964
RESERVED
CVE-2021-41963
RESERVED
-CVE-2021-41962
- RESERVED
+CVE-2021-41962 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehi ...)
+ TODO: check
CVE-2021-41961
RESERVED
CVE-2021-41960
@@ -11847,8 +12314,8 @@ CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret
NOT-FOR-US: ThycoticCentrify Secret Server
CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate and sanit ...)
NOT-FOR-US: Crocoblock JetEngine
-CVE-2021-41843
- RESERVED
+CVE-2021-41843 (An authenticated SQL injection issue in the calendar search function o ...)
+ TODO: check
CVE-2021-41842
RESERVED
CVE-2021-41841
@@ -12698,18 +13165,18 @@ CVE-2021-41502
RESERVED
CVE-2021-41501
RESERVED
-CVE-2021-41500
- RESERVED
-CVE-2021-41499
- RESERVED
-CVE-2021-41498
- RESERVED
-CVE-2021-41497
- RESERVED
-CVE-2021-41496
- RESERVED
-CVE-2021-41495
- RESERVED
+CVE-2021-41500 (Incomplete string comparison vulnerability exits in cvxopt.org cvxop & ...)
+ TODO: check
+CVE-2021-41499 (Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < ...)
+ TODO: check
+CVE-2021-41498 (Buffer overflow in ajaxsoundstudio.com Pyo < and 1.03 in the Ser ...)
+ TODO: check
+CVE-2021-41497 (Null pointer reference in CMS_Conservative_increment_obj in RaRe-Techn ...)
+ TODO: check
+CVE-2021-41496 (Buffer overflow in the array_from_pyobj function of fortranobject.c in ...)
+ TODO: check
+CVE-2021-41495 (Null Pointer Dereference vulnerability exists in numpy.sort in NumPy & ...)
+ TODO: check
CVE-2021-41494
RESERVED
CVE-2021-41493
@@ -12808,8 +13275,8 @@ CVE-2021-41453
RESERVED
CVE-2021-41452
RESERVED
-CVE-2021-41451
- RESERVED
+CVE-2021-41451 (An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before ...)
+ TODO: check
CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 al ...)
NOT-FOR-US: TP-Link
CVE-2021-41449 (A path traversal attack in web interfaces of Netgear RAX35, RAX38, and ...)
@@ -13243,12 +13710,12 @@ CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract developme
NOT-FOR-US: OpenZeppelin Contracts
CVE-2021-41263 (rails_multisite provides multi-db support for Rails applications. In a ...)
NOT-FOR-US: rails_multisite
-CVE-2021-41262
- RESERVED
-CVE-2021-41261
- RESERVED
-CVE-2021-41260
- RESERVED
+CVE-2021-41262 (Galette is a membership management web application built for non profi ...)
+ TODO: check
+CVE-2021-41261 (Galette is a membership management web application built for non profi ...)
+ TODO: check
+CVE-2021-41260 (Galette is a membership management web application built for non profi ...)
+ TODO: check
CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency, expr ...)
- nim <unfixed>
[bullseye] - nim <no-dsa> (Minor issue)
@@ -13839,8 +14306,8 @@ CVE-2021-41030 (An authentication bypass by capture-replay vulnerability [CWE-29
NOT-FOR-US: FortiGuard
CVE-2021-41029 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
-CVE-2021-41028
- RESERVED
+CVE-2021-41028 (A combination of a use of hard-coded cryptographic key vulnerability [ ...)
+ TODO: check
CVE-2021-41027 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6 ...)
NOT-FOR-US: FortiGuard
CVE-2021-41026
@@ -14239,14 +14706,14 @@ CVE-2021-40855
RESERVED
CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...)
NOT-FOR-US: AnyDesk
-CVE-2021-40853
- RESERVED
-CVE-2021-40852
- RESERVED
-CVE-2021-40851
- RESERVED
-CVE-2021-40850
- RESERVED
+CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...)
+ TODO: check
+CVE-2021-40852 (TCMAN GIM is affected by an open redirect vulnerability. This vulnerab ...)
+ TODO: check
+CVE-2021-40851 (TCMAN GIM is vulnerable to a lack of authorization in all available we ...)
+ TODO: check
+CVE-2021-40850 (TCMAN GIM is vulnerable to a SQL injection vulnerability inside severa ...)
+ TODO: check
CVE-2021-40849 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account a ...)
- mahara <removed>
CVE-2021-40848 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV ...)
@@ -19010,8 +19477,8 @@ CVE-2021-38885
RESERVED
CVE-2021-38884
RESERVED
-CVE-2021-38883
- RESERVED
+CVE-2021-38883 (IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Bus ...)
+ TODO: check
CVE-2021-38882 (IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admi ...)
NOT-FOR-US: IBM
CVE-2021-38881
@@ -20568,8 +21035,8 @@ CVE-2021-38246
RESERVED
CVE-2021-38245
RESERVED
-CVE-2021-38244
- RESERVED
+CVE-2021-38244 (A regular expression denial of service (ReDoS) vulnerability exits in ...)
+ TODO: check
CVE-2021-38243
RESERVED
CVE-2021-38242
@@ -21604,10 +22071,10 @@ CVE-2021-37865
RESERVED
CVE-2021-37864
RESERVED
-CVE-2021-37863
- RESERVED
-CVE-2021-37862
- RESERVED
+CVE-2021-37863 (Mattermost 6.0 and earlier fails to sufficiently validate parameters d ...)
+ TODO: check
+CVE-2021-37862 (Mattermost 6.0 and earlier fails to sufficiently validate the email ad ...)
+ TODO: check
CVE-2021-37861 (Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's pas ...)
- mattermost-server <itp> (bug #823556)
CVE-2021-37860 (Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard c ...)
@@ -22991,8 +23458,8 @@ CVE-2021-37264
RESERVED
CVE-2021-37263
RESERVED
-CVE-2021-37262
- RESERVED
+CVE-2021-37262 (JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Den ...)
+ TODO: check
CVE-2021-37261
RESERVED
CVE-2021-37260
@@ -24124,10 +24591,10 @@ CVE-2021-36782
RESERVED
CVE-2021-36781
RESERVED
-CVE-2021-36780
- RESERVED
-CVE-2021-36779
- RESERVED
+CVE-2021-36780 (A Improper Access Control vulnerability in longhorn of SUSE Longhorn a ...)
+ TODO: check
+CVE-2021-36779 (A Improper Access Control vulnerability inf SUSE Longhorn allows any w ...)
+ TODO: check
CVE-2021-36778
RESERVED
CVE-2021-36777
@@ -30333,8 +30800,8 @@ CVE-2021-34143 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C
NOT-FOR-US: Zhuhai Jieli
CVE-2021-34142
RESERVED
-CVE-2021-34141
- RESERVED
+CVE-2021-34141 (Incomplete string comparison in the numpy.core component in NumPy1.9.x ...)
+ TODO: check
CVE-2021-34140
RESERVED
CVE-2021-34139
@@ -32067,8 +32534,8 @@ CVE-2021-33432
RESERVED
CVE-2021-33431
RESERVED
-CVE-2021-33430
- RESERVED
+CVE-2021-33430 (A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_N ...)
+ TODO: check
CVE-2021-33429
RESERVED
CVE-2021-33428
@@ -34443,12 +34910,12 @@ CVE-2021-32501
RESERVED
CVE-2021-32500
RESERVED
-CVE-2021-32499
- RESERVED
-CVE-2021-32498
- RESERVED
-CVE-2021-32497
- RESERVED
+CVE-2021-32499 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...)
+ TODO: check
+CVE-2021-32498 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...)
+ TODO: check
+CVE-2021-32497 (SICK SOPAS ET before version 4.8.0 allows attackers to wrap any execut ...)
+ TODO: check
CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inad ...)
NOT-FOR-US: SICK Visionary-S CX
CVE-2021-32495
@@ -49002,8 +49469,8 @@ CVE-2021-26802
RESERVED
CVE-2021-26801
RESERVED
-CVE-2021-26800
- RESERVED
+CVE-2021-26800 (Cross Site Request Forgery (CSRF) vulnerability in Change-password.php ...)
+ TODO: check
CVE-2021-26799 (Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka ...)
NOT-FOR-US: Omeka
CVE-2021-26798
@@ -52852,8 +53319,8 @@ CVE-2021-25314 (A Creation of Temporary File With Insecure Permissions vulnerabi
NOT-FOR-US: hawk2 as packaged by SuSE
CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...)
NOT-FOR-US: Rancher
-CVE-2021-3179
- RESERVED
+CVE-2021-3179 (GGLocker iOS application, contains an insecure data storage of the pas ...)
+ TODO: check
CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, w ...)
{DLA-2586-1}
- linux 5.10.12-1 (unimportant)
@@ -56362,8 +56829,8 @@ CVE-2021-23816
RESERVED
CVE-2021-23815
RESERVED
-CVE-2021-23814
- RESERVED
+CVE-2021-23814 (This affects the package unisharp/laravel-filemanager from 0.0.0. The ...)
+ TODO: check
CVE-2021-23813
RESERVED
CVE-2021-23812
@@ -56384,8 +56851,8 @@ CVE-2021-23805
RESERVED
CVE-2021-23804
RESERVED
-CVE-2021-23803
- RESERVED
+CVE-2021-23803 (This affects the package latte/latte before 2.10.6. There is a way to ...)
+ TODO: check
CVE-2021-23802
RESERVED
CVE-2021-23801
@@ -56396,8 +56863,8 @@ CVE-2021-23799
RESERVED
CVE-2021-23798
RESERVED
-CVE-2021-23797
- RESERVED
+CVE-2021-23797 (All versions of package http-server-node are vulnerable to Directory T ...)
+ TODO: check
CVE-2021-23796
RESERVED
CVE-2021-23795
@@ -57091,8 +57558,8 @@ CVE-2021-23452 (This affects all versions of package x-assign. The global proto
NOT-FOR-US: x-assign JS
CVE-2021-23451
RESERVED
-CVE-2021-23450
- RESERVED
+CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...)
+ TODO: check
CVE-2021-23449 (This affects the package vm2 before 3.9.4 via a Prototype Pollution at ...)
NOT-FOR-US: vm2 JS
NOTE: https://github.com/patriksimek/vm2
@@ -60336,8 +60803,8 @@ CVE-2021-22056
RESERVED
CVE-2021-22055
RESERVED
-CVE-2021-22054
- RESERVED
+CVE-2021-22054 (VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 pr ...)
+ TODO: check
CVE-2021-22053 (Applications using both `spring-cloud-netflix-hystrix-dashboard` and ` ...)
NOT-FOR-US: spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf
CVE-2021-22052
@@ -65266,13 +65733,13 @@ CVE-2021-20705 (Improper input validation vulnerability in the WebManager CLUSTE
NOT-FOR-US: Nec
CVE-2021-20704 (Buffer overflow vulnerability in the compatible API with previous vers ...)
NOT-FOR-US: Nec
-CVE-2021-20703 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1 ...)
+CVE-2021-20703 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4 ...)
NOT-FOR-US: Nec
-CVE-2021-20702 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1 ...)
+CVE-2021-20702 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4 ...)
NOT-FOR-US: Nec
-CVE-2021-20701 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for W ...)
+CVE-2021-20701 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for W ...)
NOT-FOR-US: Nec
-CVE-2021-20700 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for W ...)
+CVE-2021-20700 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for W ...)
NOT-FOR-US: Nec
CVE-2021-20699 (Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
NOT-FOR-US: SHARP
@@ -65456,12 +65923,12 @@ CVE-2021-20610 (Improper Handling of Length Parameter Inconsistency vulnerabilit
NOT-FOR-US: Mitsubishi
CVE-2021-20609 (Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series ...)
NOT-FOR-US: Mitsubishi
-CVE-2021-20608
- RESERVED
-CVE-2021-20607
- RESERVED
-CVE-2021-20606
- RESERVED
+CVE-2021-20608 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
+ TODO: check
+CVE-2021-20607 (Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versi ...)
+ TODO: check
+CVE-2021-20606 (Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 vers ...)
+ TODO: check
CVE-2021-20605 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20604 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
@@ -67987,22 +68454,22 @@ CVE-2020-35218
RESERVED
CVE-2020-35217 (Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSR ...)
NOT-FOR-US: Vert.x-Web framework
-CVE-2020-35216
- RESERVED
-CVE-2020-35215
- RESERVED
-CVE-2020-35214
- RESERVED
-CVE-2020-35213
- RESERVED
+CVE-2020-35216 (An issue in Atomix v3.1.5 allows attackers to cause a denial of servic ...)
+ TODO: check
+CVE-2020-35215 (An issue in Atomix v3.1.5 allows attackers to access sensitive informa ...)
+ TODO: check
+CVE-2020-35214 (An issue in Atomix v3.1.5 allows a malicious Atomix node to remove sta ...)
+ TODO: check
+CVE-2020-35213 (An issue in Atomix v3.1.5 allows attackers to cause a denial of servic ...)
+ TODO: check
CVE-2020-35212
RESERVED
-CVE-2020-35211
- RESERVED
-CVE-2020-35210
- RESERVED
-CVE-2020-35209
- RESERVED
+CVE-2020-35211 (An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become t ...)
+ TODO: check
+CVE-2020-35210 (A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of ...)
+ TODO: check
+CVE-2020-35209 (An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a t ...)
+ TODO: check
CVE-2020-35208 (** DISPUTED ** An issue was discovered in the LogMein LastPass Passwor ...)
NOT-FOR-US: LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app for iOS
CVE-2020-35207 (** DISPUTED ** An issue was discovered in the LogMein LastPass Passwor ...)
@@ -74828,28 +75295,28 @@ CVE-2021-0905
RESERVED
CVE-2021-0904 (In SRAMROM, there is a possible permission bypass due to an insecure p ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0903
- RESERVED
-CVE-2021-0902
- RESERVED
-CVE-2021-0901
- RESERVED
-CVE-2021-0900
- RESERVED
-CVE-2021-0899
- RESERVED
-CVE-2021-0898
- RESERVED
-CVE-2021-0897
- RESERVED
-CVE-2021-0896
- RESERVED
-CVE-2021-0895
- RESERVED
-CVE-2021-0894
- RESERVED
-CVE-2021-0893
- RESERVED
+CVE-2021-0903 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ TODO: check
+CVE-2021-0902 (In apusys, there is a possible out of bounds read due to an incorrect ...)
+ TODO: check
+CVE-2021-0901 (In apusys, there is a possible memory corruption due to a missing boun ...)
+ TODO: check
+CVE-2021-0900 (In apusys, there is a possible out of bounds read due to an incorrect ...)
+ TODO: check
+CVE-2021-0899 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ TODO: check
+CVE-2021-0898 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ TODO: check
+CVE-2021-0897 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ TODO: check
+CVE-2021-0896 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ TODO: check
+CVE-2021-0895 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ TODO: check
+CVE-2021-0894 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ TODO: check
+CVE-2021-0893 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ TODO: check
CVE-2021-0892
RESERVED
CVE-2021-0891
@@ -75277,20 +75744,20 @@ CVE-2021-0681 (In system properties, there is a possible information disclosure
NOT-FOR-US: MediaTek components for Android
CVE-2021-0680 (In system properties, there is a possible information disclosure due t ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0679
- RESERVED
-CVE-2021-0678
- RESERVED
-CVE-2021-0677
- RESERVED
-CVE-2021-0676
- RESERVED
+CVE-2021-0679 (In apusys, there is a possible memory corruption due to a missing boun ...)
+ TODO: check
+CVE-2021-0678 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ TODO: check
+CVE-2021-0677 (In ccu driver, there is a possible out of bounds read due to an intege ...)
+ TODO: check
+CVE-2021-0676 (In geniezone driver, there is a possible out of bounds read due to an ...)
+ TODO: check
CVE-2021-0675 (In alac decoder, there is a possible out of bounds write due to an inc ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0674
- RESERVED
-CVE-2021-0673
- RESERVED
+CVE-2021-0674 (In alac decoder, there is a possible out of bounds read due to an inco ...)
+ TODO: check
+CVE-2021-0673 (In Audio Aurisys HAL, there is a possible permission bypass due to a m ...)
+ TODO: check
CVE-2021-0672 (In Browser app, there is a possible information disclosure due to a mi ...)
NOT-FOR-US: MediaTek components for Android
CVE-2021-0671 (In apusys, there is a possible memory corruption due to a missing boun ...)
@@ -99803,16 +100270,16 @@ CVE-2020-18083
RESERVED
CVE-2020-18082
RESERVED
-CVE-2020-18081
- RESERVED
+CVE-2020-18081 (The checkuser function of SEMCMS 3.8 was discovered to contain a vulne ...)
+ TODO: check
CVE-2020-18080
RESERVED
CVE-2020-18079
RESERVED
-CVE-2020-18078
- RESERVED
-CVE-2020-18077
- RESERVED
+CVE-2020-18078 (A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attack ...)
+ TODO: check
+CVE-2020-18077 (A buffer overflow vulnerability in the Virtual Path Mapping component ...)
+ TODO: check
CVE-2020-18076
RESERVED
CVE-2020-18075
@@ -124595,8 +125062,8 @@ CVE-2020-8970
RESERVED
CVE-2020-8969
RESERVED
-CVE-2020-8968
- RESERVED
+CVE-2020-8968 (Parallels Remote Application Server (RAS) allows a local attacker to r ...)
+ TODO: check
CVE-2020-8967 (There is an improper Neutralization of Special Elements used in an SQL ...)
NOT-FOR-US: GESIO
CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...)
@@ -206861,7 +207328,7 @@ CVE-2018-19131 (Squid before 4.4 has XSS via a crafted X.509 certificate during
NOTE: Squid in Debian builds without TLS support
CVE-2018-18806 (School Equipment Monitoring System 1.0 allows SQL injection via the lo ...)
NOT-FOR-US: School Equipment Monitoring System
-CVE-2018-18805 (PointOfSales 1.0 allows SQL injection via the login screen, related to ...)
+CVE-2018-18805 (Point Of Sales 1.0 allows SQL injection via the login screen, related ...)
NOT-FOR-US: PointOfSales
CVE-2018-18804 (Bakeshop Inventory System 1.0 has SQL injection via the login screen, ...)
NOT-FOR-US: Bakeshop Inventory System
@@ -211553,7 +212020,7 @@ CVE-2018-17038
RESERVED
CVE-2018-17037 (user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escala ...)
NOT-FOR-US: UCMS
-CVE-2018-17036 (An issue was discovered in UCMS 1.4.6. It allows PHP code injection du ...)
+CVE-2018-17036 (An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code inje ...)
NOT-FOR-US: UCMS
CVE-2018-17035 (UCMS 1.4.6 has SQL injection during installation via the install/index ...)
NOT-FOR-US: UCMS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a4b37e7f3a2e4476da2d4b6650bc779daf5b59f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a4b37e7f3a2e4476da2d4b6650bc779daf5b59f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211220/e5af2812/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list