[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 22 20:10:30 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a532d8bb by security tracker role at 2021-12-22T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 1 ...)
+ TODO: check
+CVE-2021-45460
+ RESERVED
+CVE-2021-4157
+ RESERVED
+CVE-2021-4156
+ RESERVED
+CVE-2021-4155
+ RESERVED
+CVE-2020-36510
+ RESERVED
CVE-2022-22261
RESERVED
CVE-2022-22260
@@ -526,10 +538,10 @@ CVE-2021-45421
RESERVED
CVE-2021-45420
RESERVED
-CVE-2021-45419
- RESERVED
-CVE-2021-45418
- RESERVED
+CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Validation. ...)
+ TODO: check
+CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via ...)
+ TODO: check
CVE-2021-45417
RESERVED
CVE-2021-45416
@@ -848,30 +860,30 @@ CVE-2021-45269
RESERVED
CVE-2021-45268
RESERVED
-CVE-2021-45267
- RESERVED
-CVE-2021-45266
- RESERVED
+CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
+ TODO: check
+CVE-2021-45266 (A null pointer dereference vulnerability exists in gpac 1.1.0 via the ...)
+ TODO: check
CVE-2021-45265
RESERVED
CVE-2021-45264
RESERVED
-CVE-2021-45263
- RESERVED
-CVE-2021-45262
- RESERVED
-CVE-2021-45261
- RESERVED
-CVE-2021-45260
- RESERVED
-CVE-2021-45259
- RESERVED
-CVE-2021-45258
- RESERVED
-CVE-2021-45257
- RESERVED
-CVE-2021-45256
- RESERVED
+CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...)
+ TODO: check
+CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...)
+ TODO: check
+CVE-2021-45261 (An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anoth ...)
+ TODO: check
+CVE-2021-45260 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the l ...)
+ TODO: check
+CVE-2021-45259 (An Invalid pointer reference vulnerability exists in gpac 1.1.0 via th ...)
+ TODO: check
+CVE-2021-45258 (A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_de ...)
+ TODO: check
+CVE-2021-45257 (An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_t ...)
+ TODO: check
+CVE-2021-45256 (A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via a ...)
+ TODO: check
CVE-2021-45255 (The email parameter from ajax.php of Video Sharing Website 1.0 appears ...)
NOT-FOR-US: Video Sharing Website
CVE-2021-45254
@@ -1647,10 +1659,10 @@ CVE-2021-45044
RESERVED
CVE-2021-44768
RESERVED
-CVE-2021-44544
- RESERVED
-CVE-2021-44471
- RESERVED
+CVE-2021-44544 (DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-sit ...)
+ TODO: check
+CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...)
+ TODO: check
CVE-2021-4119 (bookstack is vulnerable to Improper Access Control ...)
NOT-FOR-US: bookstack
CVE-2021-4118
@@ -1662,18 +1674,18 @@ CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input Du
CVE-2021-4115
RESERVED
CVE-2021-4114
- RESERVED
+ REJECTED
CVE-2021-4113
- RESERVED
+ REJECTED
CVE-2021-4112
RESERVED
NOT-FOR-US: Ansible Tower
CVE-2021-4111 (yetiforcecrm is vulnerable to Business Logic Errors ...)
NOT-FOR-US: yetiforcecrm
-CVE-2021-31558
- RESERVED
-CVE-2021-23228
- RESERVED
+CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...)
+ TODO: check
+CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross- ...)
+ TODO: check
CVE-2022-21933
RESERVED
CVE-2022-21932
@@ -2759,8 +2771,7 @@ CVE-2021-44735
RESERVED
CVE-2021-44734
RESERVED
-CVE-2021-44733 [use-after-free in the TEE subsystem]
- RESERVED
+CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030747
@@ -2963,8 +2974,8 @@ CVE-2021-44661
RESERVED
CVE-2021-44660
RESERVED
-CVE-2021-44659
- RESERVED
+CVE-2021-44659 (Adding a new pipeline in GoCD server version 21.3.0 has a functionalit ...)
+ TODO: check
CVE-2021-44658
RESERVED
CVE-2021-44657 (In StackStorm versions prior to 3.6.0, the jinja interpreter was not r ...)
@@ -5459,8 +5470,8 @@ CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceabili
NOT-FOR-US: Tuleap
CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
NOT-FOR-US: Solidus
-CVE-2021-43804
- RESERVED
+CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12.0.5 o ...)
NOT-FOR-US: next.js
CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...)
@@ -6659,14 +6670,14 @@ CVE-2021-43633
RESERVED
CVE-2021-43632
RESERVED
-CVE-2021-43631
- RESERVED
-CVE-2021-43630
- RESERVED
-CVE-2021-43629
- RESERVED
-CVE-2021-43628
- RESERVED
+CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ TODO: check
+CVE-2021-43630 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ TODO: check
+CVE-2021-43629 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ TODO: check
+CVE-2021-43628 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ TODO: check
CVE-2021-43627
RESERVED
CVE-2021-43626
@@ -8943,14 +8954,14 @@ CVE-2021-43160
RESERVED
CVE-2021-43159
RESERVED
-CVE-2021-43158
- RESERVED
-CVE-2021-43157
- RESERVED
-CVE-2021-43156
- RESERVED
-CVE-2021-43155
- RESERVED
+CVE-2021-43158 (In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability ...)
+ TODO: check
+CVE-2021-43157 (Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL inj ...)
+ TODO: check
+CVE-2021-43156 (In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in adm ...)
+ TODO: check
+CVE-2021-43155 (Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injecti ...)
+ TODO: check
CVE-2021-43154
RESERVED
CVE-2021-43153
@@ -15728,8 +15739,8 @@ CVE-2021-40838
RESERVED
CVE-2021-40837
RESERVED
-CVE-2021-40836
- RESERVED
+CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
+ TODO: check
CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...)
NOT-FOR-US: Safe Browser for iOS
CVE-2021-40834 (A user interface overlay vulnerability was discovered in F-secure SAFE ...)
@@ -16258,8 +16269,8 @@ CVE-2021-40614
RESERVED
CVE-2021-40613
RESERVED
-CVE-2021-40612
- RESERVED
+CVE-2021-40612 (An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without au ...)
+ TODO: check
CVE-2021-40611
RESERVED
CVE-2021-40610
@@ -16752,10 +16763,10 @@ CVE-2021-40420
RESERVED
CVE-2021-40419
RESERVED
-CVE-2021-40418
- RESERVED
-CVE-2021-40417
- RESERVED
+CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
+ TODO: check
+CVE-2021-40417 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
+ TODO: check
CVE-2021-40416
RESERVED
CVE-2021-40415
@@ -16800,10 +16811,10 @@ CVE-2021-40396
RESERVED
CVE-2021-40395
RESERVED
-CVE-2021-40394
- RESERVED
-CVE-2021-40393
- RESERVED
+CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
+ TODO: check
+CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
+ TODO: check
CVE-2021-40392
RESERVED
CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format T-code ...)
@@ -19367,8 +19378,8 @@ CVE-2021-39308 (The WooCommerce myghpay Payment Gateway WordPess plugin is vulne
NOT-FOR-US: WordPess plugin
CVE-2021-39307 (PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlin ...)
NOT-FOR-US: PDFTron WebViewer UI
-CVE-2021-39306
- RESERVED
+CVE-2021-39306 (A stack buffer overflow was discovered on Realtek RTL8195AM device bef ...)
+ TODO: check
CVE-2021-39305
RESERVED
CVE-2021-39304 (Proofpoint Enterprise Protection before 8.12.0-2108090000 allows secur ...)
@@ -20200,8 +20211,8 @@ CVE-2021-39015
RESERVED
CVE-2021-39014
RESERVED
-CVE-2021-39013
- RESERVED
+CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could ...)
+ TODO: check
CVE-2021-39012
RESERVED
CVE-2021-39011
@@ -23443,8 +23454,8 @@ CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to
NOT-FOR-US: Shopware
CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
NOT-FOR-US: Shopware
-CVE-2021-37706
- RESERVED
+CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...)
NOT-FOR-US: OneFuzz
CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...)
@@ -25328,10 +25339,10 @@ CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading t
NOT-FOR-US: WordPress plugin
CVE-2021-36887 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36886
- RESERVED
-CVE-2021-36885
- RESERVED
+CVE-2021-36886 (Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact ...)
+ TODO: check
+CVE-2021-36885 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...)
+ TODO: check
CVE-2021-36884 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability disc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36883
@@ -25705,8 +25716,8 @@ CVE-2021-36752
RESERVED
CVE-2021-36751
RESERVED
-CVE-2021-36750
- RESERVED
+CVE-2021-36750 (ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used i ...)
+ TODO: check
CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for reading dat ...)
- druid <itp> (bug #825797)
NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1
@@ -28373,7 +28384,7 @@ CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
- mysql-5.7 <removed>
NOTE: Fixed in MariaDB: 10.5.13, 10.3.32
CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -28411,7 +28422,7 @@ CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition
CVE-2021-35587
RESERVED
CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -28430,7 +28441,7 @@ CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Orac
CVE-2021-35579
RESERVED
CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -28455,18 +28466,18 @@ CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Orac
CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
NOT-FOR-US: Oracle
CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5000-1 DLA-2814-1}
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -28475,14 +28486,14 @@ CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle
CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
NOT-FOR-US: Oracle
CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -28491,7 +28502,7 @@ CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Ser
CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
NOT-FOR-US: Oracle
CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -28506,7 +28517,7 @@ CVE-2021-35552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...)
NOT-FOR-US: Oracle
CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
- {DSA-5000-1 DLA-2814-1}
+ {DSA-5000-2 DSA-5000-1 DLA-2814-1}
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
@@ -34439,7 +34450,7 @@ CVE-2021-33056 (Belledonne Belle-sip before 4.5.20, as used in Linphone and othe
CVE-2021-33055 (Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticat ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-33054 (SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not valida ...)
- {DLA-2707-1}
+ {DSA-5029-1 DLA-2707-1}
- sogo 5.1.1-1 (bug #989479)
NOTE: https://www.sogo.nu/news/2021/saml-vulnerability.html
NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
@@ -62060,10 +62071,10 @@ CVE-2021-21955 (An authentication bypass vulnerability exists in the get_aes_key
NOT-FOR-US: Anker Eufy Homebase
CVE-2021-21954 (A command execution vulnerability exists in the wifi_country_code_upda ...)
NOT-FOR-US: Anker Eufy Homebase
-CVE-2021-21953
- RESERVED
-CVE-2021-21952
- RESERVED
+CVE-2021-21953 (An authentication bypass vulnerability exists in the process_msg() fun ...)
+ TODO: check
+CVE-2021-21952 (An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RS ...)
+ TODO: check
CVE-2021-21951 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
NOT-FOR-US: Anker Eufy Homebase
CVE-2021-21950 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
@@ -62092,80 +62103,80 @@ CVE-2021-21939
RESERVED
CVE-2021-21938
RESERVED
-CVE-2021-21937
- RESERVED
-CVE-2021-21936
- RESERVED
-CVE-2021-21935
- RESERVED
-CVE-2021-21934
- RESERVED
-CVE-2021-21933
- RESERVED
-CVE-2021-21932
- RESERVED
-CVE-2021-21931
- RESERVED
-CVE-2021-21930
- RESERVED
-CVE-2021-21929
- RESERVED
-CVE-2021-21928
- RESERVED
-CVE-2021-21927
- RESERVED
-CVE-2021-21926
- RESERVED
-CVE-2021-21925
- RESERVED
-CVE-2021-21924
- RESERVED
-CVE-2021-21923
- RESERVED
-CVE-2021-21922
- RESERVED
-CVE-2021-21921
- RESERVED
-CVE-2021-21920
- RESERVED
-CVE-2021-21919
- RESERVED
-CVE-2021-21918
- RESERVED
-CVE-2021-21917
- RESERVED
-CVE-2021-21916
- RESERVED
-CVE-2021-21915
- RESERVED
+CVE-2021-21937 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21936 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21935 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21934 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21933 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21932 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21931 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21930 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21929 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21928 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21927 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21926 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21925 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21924 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21923 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21922 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21921 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21920 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21919 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21918 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ TODO: check
+CVE-2021-21917 (An exploitable SQL injection vulnerability exist in the ‘group_l ...)
+ TODO: check
+CVE-2021-21916 (An exploitable SQL injection vulnerability exist in the ‘group_l ...)
+ TODO: check
+CVE-2021-21915 (An exploitable SQL injection vulnerability exist in the ‘group_l ...)
+ TODO: check
CVE-2021-21914
RESERVED
CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi Smart Mesh ...)
NOT-FOR-US: D-LINK
-CVE-2021-21912
- RESERVED
-CVE-2021-21911
- RESERVED
-CVE-2021-21910
- RESERVED
-CVE-2021-21909
- RESERVED
-CVE-2021-21908
- RESERVED
-CVE-2021-21907
- RESERVED
-CVE-2021-21906
- RESERVED
-CVE-2021-21905
- RESERVED
-CVE-2021-21904
- RESERVED
-CVE-2021-21903
- RESERVED
-CVE-2021-21902
- RESERVED
-CVE-2021-21901
- RESERVED
+CVE-2021-21912 (A privilege escalation vulnerability exists in the Windows version of ...)
+ TODO: check
+CVE-2021-21911 (A privilege escalation vulnerability exists in the Windows version of ...)
+ TODO: check
+CVE-2021-21910 (A privilege escalation vulnerability exists in the Windows version of ...)
+ TODO: check
+CVE-2021-21909 (Specially-crafted command line arguments can lead to arbitrary file de ...)
+ TODO: check
+CVE-2021-21908 (Specially-crafted command line arguments can lead to arbitrary file de ...)
+ TODO: check
+CVE-2021-21907 (A directory traversal vulnerability exists in the CMA CLI getenv comma ...)
+ TODO: check
+CVE-2021-21906 (Stack-based buffer overflow vulnerability exists in how the CMA readfi ...)
+ TODO: check
+CVE-2021-21905 (Stack-based buffer overflow vulnerability exists in how the CMA readfi ...)
+ TODO: check
+CVE-2021-21904 (A directory traversal vulnerability exists in the CMA CLI setenv comma ...)
+ TODO: check
+CVE-2021-21903 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...)
+ TODO: check
+CVE-2021-21902 (An authentication bypass vulnerability exists in the CMA run_server_68 ...)
+ TODO: check
+CVE-2021-21901 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...)
+ TODO: check
CVE-2021-21900 (A code execution vulnerability exists in the dxfRW::processLType() fun ...)
{DLA-2838-1}
- librecad <unfixed>
@@ -62192,56 +62203,56 @@ CVE-2021-21897 (A code execution vulnerability exists in the DL_Dxf::handleLWPol
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1346
NOTE: https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8
TODO: check, horizon-eda, cloudcompare, kicad embedds it, but needs to check if actually used and issue affects those
-CVE-2021-21896
- RESERVED
-CVE-2021-21895
- RESERVED
-CVE-2021-21894
- RESERVED
+CVE-2021-21896 (A directory traversal vulnerability exists in the Web Manager FsBrowse ...)
+ TODO: check
+CVE-2021-21895 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...)
+ TODO: check
+CVE-2021-21894 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...)
+ TODO: check
CVE-2021-21893 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
-CVE-2021-21892
- RESERVED
-CVE-2021-21891
- RESERVED
-CVE-2021-21890
- RESERVED
-CVE-2021-21889
- RESERVED
-CVE-2021-21888
- RESERVED
-CVE-2021-21887
- RESERVED
-CVE-2021-21886
- RESERVED
-CVE-2021-21885
- RESERVED
-CVE-2021-21884
- RESERVED
-CVE-2021-21883
- RESERVED
-CVE-2021-21882
- RESERVED
-CVE-2021-21881
- RESERVED
-CVE-2021-21880
- RESERVED
-CVE-2021-21879
- RESERVED
-CVE-2021-21878
- RESERVED
-CVE-2021-21877
- RESERVED
-CVE-2021-21876
- RESERVED
-CVE-2021-21875
- RESERVED
-CVE-2021-21874
- RESERVED
-CVE-2021-21873
- RESERVED
-CVE-2021-21872
- RESERVED
+CVE-2021-21892 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ TODO: check
+CVE-2021-21891 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ TODO: check
+CVE-2021-21890 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ TODO: check
+CVE-2021-21889 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ TODO: check
+CVE-2021-21888 (An OS command injection vulnerability exists in the Web Manager SslGen ...)
+ TODO: check
+CVE-2021-21887 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ TODO: check
+CVE-2021-21886 (A directory traversal vulnerability exists in the Web Manager FSBrowse ...)
+ TODO: check
+CVE-2021-21885 (A directory traversal vulnerability exists in the Web Manager FsMove f ...)
+ TODO: check
+CVE-2021-21884 (An OS command injection vulnerability exists in the Web Manager SslGen ...)
+ TODO: check
+CVE-2021-21883 (An OS command injection vulnerability exists in the Web Manager Diagno ...)
+ TODO: check
+CVE-2021-21882 (An OS command injection vulnerability exists in the Web Manager FsUnmo ...)
+ TODO: check
+CVE-2021-21881 (An OS command injection vulnerability exists in the Web Manager Wirele ...)
+ TODO: check
+CVE-2021-21880 (A directory traversal vulnerability exists in the Web Manager FsCopyFi ...)
+ TODO: check
+CVE-2021-21879 (A directory traversal vulnerability exists in the Web Manager File Upl ...)
+ TODO: check
+CVE-2021-21878 (A local file inclusion vulnerability exists in the Web Manager Applica ...)
+ TODO: check
+CVE-2021-21877 (Specially-crafted HTTP requests can lead to arbitrary command executio ...)
+ TODO: check
+CVE-2021-21876 (Specially-crafted HTTP requests can lead to arbitrary command executio ...)
+ TODO: check
+CVE-2021-21875 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+ TODO: check
+CVE-2021-21874 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+ TODO: check
+CVE-2021-21873 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+ TODO: check
+CVE-2021-21872 (An OS command injection vulnerability exists in the Web Manager Diagno ...)
+ TODO: check
CVE-2021-21871 (A memory corruption vulnerability exists in the DMG File Format Handle ...)
NOT-FOR-US: PowerISO
CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
@@ -548237,7 +548248,7 @@ CVE-2000-0486 (Buffer overflow in Cisco TACACS+ tac_plus server allows remote at
NOT-FOR-US: Cisco
CVE-2000-0485 (Microsoft SQL Server allows local users to obtain database passwords v ...)
NOT-FOR-US: Microsoft
-CVE-2000-0484 (Buffer overflow in Small HTTP Server allows remote attackers to cause ...)
+CVE-2000-0484 (Small HTTP Server ver 3.06 contains a memory corruption bug causing a ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0483 (The DocumentTemplate package in Zope 2.2 and earlier allows a remote a ...)
NOT-FOR-US: Data pre-dating the Security Tracker
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a532d8bb0849cd4d27845c099fbc949606e28183
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a532d8bb0849cd4d27845c099fbc949606e28183
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211222/90e48474/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list