[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 22 20:10:30 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a532d8bb by security tracker role at 2021-12-22T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 1 ...)
+	TODO: check
+CVE-2021-45460
+	RESERVED
+CVE-2021-4157
+	RESERVED
+CVE-2021-4156
+	RESERVED
+CVE-2021-4155
+	RESERVED
+CVE-2020-36510
+	RESERVED
 CVE-2022-22261
 	RESERVED
 CVE-2022-22260
@@ -526,10 +538,10 @@ CVE-2021-45421
 	RESERVED
 CVE-2021-45420
 	RESERVED
-CVE-2021-45419
-	RESERVED
-CVE-2021-45418
-	RESERVED
+CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Validation. ...)
+	TODO: check
+CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via  ...)
+	TODO: check
 CVE-2021-45417
 	RESERVED
 CVE-2021-45416
@@ -848,30 +860,30 @@ CVE-2021-45269
 	RESERVED
 CVE-2021-45268
 	RESERVED
-CVE-2021-45267
-	RESERVED
-CVE-2021-45266
-	RESERVED
+CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
+	TODO: check
+CVE-2021-45266 (A null pointer dereference vulnerability exists in gpac 1.1.0 via the  ...)
+	TODO: check
 CVE-2021-45265
 	RESERVED
 CVE-2021-45264
 	RESERVED
-CVE-2021-45263
-	RESERVED
-CVE-2021-45262
-	RESERVED
-CVE-2021-45261
-	RESERVED
-CVE-2021-45260
-	RESERVED
-CVE-2021-45259
-	RESERVED
-CVE-2021-45258
-	RESERVED
-CVE-2021-45257
-	RESERVED
-CVE-2021-45256
-	RESERVED
+CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...)
+	TODO: check
+CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...)
+	TODO: check
+CVE-2021-45261 (An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anoth ...)
+	TODO: check
+CVE-2021-45260 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the l ...)
+	TODO: check
+CVE-2021-45259 (An Invalid pointer reference vulnerability exists in gpac 1.1.0 via th ...)
+	TODO: check
+CVE-2021-45258 (A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_de ...)
+	TODO: check
+CVE-2021-45257 (An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_t ...)
+	TODO: check
+CVE-2021-45256 (A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via a ...)
+	TODO: check
 CVE-2021-45255 (The email parameter from ajax.php of Video Sharing Website 1.0 appears ...)
 	NOT-FOR-US: Video Sharing Website
 CVE-2021-45254
@@ -1647,10 +1659,10 @@ CVE-2021-45044
 	RESERVED
 CVE-2021-44768
 	RESERVED
-CVE-2021-44544
-	RESERVED
-CVE-2021-44471
-	RESERVED
+CVE-2021-44544 (DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-sit ...)
+	TODO: check
+CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site  ...)
+	TODO: check
 CVE-2021-4119 (bookstack is vulnerable to Improper Access Control ...)
 	NOT-FOR-US: bookstack
 CVE-2021-4118
@@ -1662,18 +1674,18 @@ CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input Du
 CVE-2021-4115
 	RESERVED
 CVE-2021-4114
-	RESERVED
+	REJECTED
 CVE-2021-4113
-	RESERVED
+	REJECTED
 CVE-2021-4112
 	RESERVED
 	NOT-FOR-US: Ansible Tower
 CVE-2021-4111 (yetiforcecrm is vulnerable to Business Logic Errors ...)
 	NOT-FOR-US: yetiforcecrm
-CVE-2021-31558
-	RESERVED
-CVE-2021-23228
-	RESERVED
+CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site  ...)
+	TODO: check
+CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross- ...)
+	TODO: check
 CVE-2022-21933
 	RESERVED
 CVE-2022-21932
@@ -2759,8 +2771,7 @@ CVE-2021-44735
 	RESERVED
 CVE-2021-44734
 	RESERVED
-CVE-2021-44733 [use-after-free in the TEE subsystem]
-	RESERVED
+CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem  ...)
 	- linux <unfixed>
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030747
@@ -2963,8 +2974,8 @@ CVE-2021-44661
 	RESERVED
 CVE-2021-44660
 	RESERVED
-CVE-2021-44659
-	RESERVED
+CVE-2021-44659 (Adding a new pipeline in GoCD server version 21.3.0 has a functionalit ...)
+	TODO: check
 CVE-2021-44658
 	RESERVED
 CVE-2021-44657 (In StackStorm versions prior to 3.6.0, the jinja interpreter was not r ...)
@@ -5459,8 +5470,8 @@ CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceabili
 	NOT-FOR-US: Tuleap
 CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
 	NOT-FOR-US: Solidus
-CVE-2021-43804
-	RESERVED
+CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...)
+	TODO: check
 CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12.0.5 o ...)
 	NOT-FOR-US: next.js
 CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...)
@@ -6659,14 +6670,14 @@ CVE-2021-43633
 	RESERVED
 CVE-2021-43632
 	RESERVED
-CVE-2021-43631
-	RESERVED
-CVE-2021-43630
-	RESERVED
-CVE-2021-43629
-	RESERVED
-CVE-2021-43628
-	RESERVED
+CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+	TODO: check
+CVE-2021-43630 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+	TODO: check
+CVE-2021-43629 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+	TODO: check
+CVE-2021-43628 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+	TODO: check
 CVE-2021-43627
 	RESERVED
 CVE-2021-43626
@@ -8943,14 +8954,14 @@ CVE-2021-43160
 	RESERVED
 CVE-2021-43159
 	RESERVED
-CVE-2021-43158
-	RESERVED
-CVE-2021-43157
-	RESERVED
-CVE-2021-43156
-	RESERVED
-CVE-2021-43155
-	RESERVED
+CVE-2021-43158 (In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability  ...)
+	TODO: check
+CVE-2021-43157 (Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL inj ...)
+	TODO: check
+CVE-2021-43156 (In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in adm ...)
+	TODO: check
+CVE-2021-43155 (Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injecti ...)
+	TODO: check
 CVE-2021-43154
 	RESERVED
 CVE-2021-43153
@@ -15728,8 +15739,8 @@ CVE-2021-40838
 	RESERVED
 CVE-2021-40837
 	RESERVED
-CVE-2021-40836
-	RESERVED
+CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
+	TODO: check
 CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...)
 	NOT-FOR-US: Safe Browser for iOS
 CVE-2021-40834 (A user interface overlay vulnerability was discovered in F-secure SAFE ...)
@@ -16258,8 +16269,8 @@ CVE-2021-40614
 	RESERVED
 CVE-2021-40613
 	RESERVED
-CVE-2021-40612
-	RESERVED
+CVE-2021-40612 (An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without au ...)
+	TODO: check
 CVE-2021-40611
 	RESERVED
 CVE-2021-40610
@@ -16752,10 +16763,10 @@ CVE-2021-40420
 	RESERVED
 CVE-2021-40419
 	RESERVED
-CVE-2021-40418
-	RESERVED
-CVE-2021-40417
-	RESERVED
+CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
+	TODO: check
+CVE-2021-40417 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
+	TODO: check
 CVE-2021-40416
 	RESERVED
 CVE-2021-40415
@@ -16800,10 +16811,10 @@ CVE-2021-40396
 	RESERVED
 CVE-2021-40395
 	RESERVED
-CVE-2021-40394
-	RESERVED
-CVE-2021-40393
-	RESERVED
+CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
+	TODO: check
+CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
+	TODO: check
 CVE-2021-40392
 	RESERVED
 CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format T-code ...)
@@ -19367,8 +19378,8 @@ CVE-2021-39308 (The WooCommerce myghpay Payment Gateway WordPess plugin is vulne
 	NOT-FOR-US: WordPess plugin
 CVE-2021-39307 (PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlin ...)
 	NOT-FOR-US: PDFTron WebViewer UI
-CVE-2021-39306
-	RESERVED
+CVE-2021-39306 (A stack buffer overflow was discovered on Realtek RTL8195AM device bef ...)
+	TODO: check
 CVE-2021-39305
 	RESERVED
 CVE-2021-39304 (Proofpoint Enterprise Protection before 8.12.0-2108090000 allows secur ...)
@@ -20200,8 +20211,8 @@ CVE-2021-39015
 	RESERVED
 CVE-2021-39014
 	RESERVED
-CVE-2021-39013
-	RESERVED
+CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could  ...)
+	TODO: check
 CVE-2021-39012
 	RESERVED
 CVE-2021-39011
@@ -23443,8 +23454,8 @@ CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to
 	NOT-FOR-US: Shopware
 CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
 	NOT-FOR-US: Shopware
-CVE-2021-37706
-	RESERVED
+CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...)
+	TODO: check
 CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...)
 	NOT-FOR-US: OneFuzz
 CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...)
@@ -25328,10 +25339,10 @@ CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading t
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36887 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-36886
-	RESERVED
-CVE-2021-36885
-	RESERVED
+CVE-2021-36886 (Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact  ...)
+	TODO: check
+CVE-2021-36885 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...)
+	TODO: check
 CVE-2021-36884 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability disc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36883
@@ -25705,8 +25716,8 @@ CVE-2021-36752
 	RESERVED
 CVE-2021-36751
 	RESERVED
-CVE-2021-36750
-	RESERVED
+CVE-2021-36750 (ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used i ...)
+	TODO: check
 CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for reading dat ...)
 	- druid <itp> (bug #825797)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1
@@ -28373,7 +28384,7 @@ CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 	- mysql-5.7 <removed>
 	NOTE: Fixed in MariaDB: 10.5.13, 10.3.32
 CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5012-1 DSA-5000-1 DLA-2814-1}
+	{DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
@@ -28411,7 +28422,7 @@ CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition
 CVE-2021-35587
 	RESERVED
 CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5012-1 DSA-5000-1 DLA-2814-1}
+	{DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
@@ -28430,7 +28441,7 @@ CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Orac
 CVE-2021-35579
 	RESERVED
 CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5012-1 DSA-5000-1 DLA-2814-1}
+	{DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
@@ -28455,18 +28466,18 @@ CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Orac
 CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5012-1 DSA-5000-1 DLA-2814-1}
+	{DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
 CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5000-1 DLA-2814-1}
+	{DSA-5000-2 DSA-5000-1 DLA-2814-1}
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
 CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5012-1 DSA-5000-1 DLA-2814-1}
+	{DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
@@ -28475,14 +28486,14 @@ CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle
 CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5012-1 DSA-5000-1 DLA-2814-1}
+	{DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
 CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...)
 	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5012-1 DSA-5000-1 DLA-2814-1}
+	{DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
@@ -28491,7 +28502,7 @@ CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Ser
 CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5012-1 DSA-5000-1 DLA-2814-1}
+	{DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
@@ -28506,7 +28517,7 @@ CVE-2021-35552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
 CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
-	{DSA-5000-1 DLA-2814-1}
+	{DSA-5000-2 DSA-5000-1 DLA-2814-1}
 	- openjdk-11 11.0.13+8-1
 	- openjdk-8 8u312-b07-1
 CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
@@ -34439,7 +34450,7 @@ CVE-2021-33056 (Belledonne Belle-sip before 4.5.20, as used in Linphone and othe
 CVE-2021-33055 (Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticat ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-33054 (SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not valida ...)
-	{DLA-2707-1}
+	{DSA-5029-1 DLA-2707-1}
 	- sogo 5.1.1-1 (bug #989479)
 	NOTE: https://www.sogo.nu/news/2021/saml-vulnerability.html
 	NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
@@ -62060,10 +62071,10 @@ CVE-2021-21955 (An authentication bypass vulnerability exists in the get_aes_key
 	NOT-FOR-US: Anker Eufy Homebase
 CVE-2021-21954 (A command execution vulnerability exists in the wifi_country_code_upda ...)
 	NOT-FOR-US: Anker Eufy Homebase
-CVE-2021-21953
-	RESERVED
-CVE-2021-21952
-	RESERVED
+CVE-2021-21953 (An authentication bypass vulnerability exists in the process_msg() fun ...)
+	TODO: check
+CVE-2021-21952 (An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RS ...)
+	TODO: check
 CVE-2021-21951 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
 	NOT-FOR-US: Anker Eufy Homebase
 CVE-2021-21950 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
@@ -62092,80 +62103,80 @@ CVE-2021-21939
 	RESERVED
 CVE-2021-21938
 	RESERVED
-CVE-2021-21937
-	RESERVED
-CVE-2021-21936
-	RESERVED
-CVE-2021-21935
-	RESERVED
-CVE-2021-21934
-	RESERVED
-CVE-2021-21933
-	RESERVED
-CVE-2021-21932
-	RESERVED
-CVE-2021-21931
-	RESERVED
-CVE-2021-21930
-	RESERVED
-CVE-2021-21929
-	RESERVED
-CVE-2021-21928
-	RESERVED
-CVE-2021-21927
-	RESERVED
-CVE-2021-21926
-	RESERVED
-CVE-2021-21925
-	RESERVED
-CVE-2021-21924
-	RESERVED
-CVE-2021-21923
-	RESERVED
-CVE-2021-21922
-	RESERVED
-CVE-2021-21921
-	RESERVED
-CVE-2021-21920
-	RESERVED
-CVE-2021-21919
-	RESERVED
-CVE-2021-21918
-	RESERVED
-CVE-2021-21917
-	RESERVED
-CVE-2021-21916
-	RESERVED
-CVE-2021-21915
-	RESERVED
+CVE-2021-21937 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21936 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21935 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21934 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21933 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21932 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21931 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21930 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21929 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21928 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21927 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21926 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21925 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21924 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21923 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21922 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21921 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21920 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21919 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21918 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+	TODO: check
+CVE-2021-21917 (An exploitable SQL injection vulnerability exist in the ‘group_l ...)
+	TODO: check
+CVE-2021-21916 (An exploitable SQL injection vulnerability exist in the ‘group_l ...)
+	TODO: check
+CVE-2021-21915 (An exploitable SQL injection vulnerability exist in the ‘group_l ...)
+	TODO: check
 CVE-2021-21914
 	RESERVED
 CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi Smart Mesh  ...)
 	NOT-FOR-US: D-LINK
-CVE-2021-21912
-	RESERVED
-CVE-2021-21911
-	RESERVED
-CVE-2021-21910
-	RESERVED
-CVE-2021-21909
-	RESERVED
-CVE-2021-21908
-	RESERVED
-CVE-2021-21907
-	RESERVED
-CVE-2021-21906
-	RESERVED
-CVE-2021-21905
-	RESERVED
-CVE-2021-21904
-	RESERVED
-CVE-2021-21903
-	RESERVED
-CVE-2021-21902
-	RESERVED
-CVE-2021-21901
-	RESERVED
+CVE-2021-21912 (A privilege escalation vulnerability exists in the Windows version of  ...)
+	TODO: check
+CVE-2021-21911 (A privilege escalation vulnerability exists in the Windows version of  ...)
+	TODO: check
+CVE-2021-21910 (A privilege escalation vulnerability exists in the Windows version of  ...)
+	TODO: check
+CVE-2021-21909 (Specially-crafted command line arguments can lead to arbitrary file de ...)
+	TODO: check
+CVE-2021-21908 (Specially-crafted command line arguments can lead to arbitrary file de ...)
+	TODO: check
+CVE-2021-21907 (A directory traversal vulnerability exists in the CMA CLI getenv comma ...)
+	TODO: check
+CVE-2021-21906 (Stack-based buffer overflow vulnerability exists in how the CMA readfi ...)
+	TODO: check
+CVE-2021-21905 (Stack-based buffer overflow vulnerability exists in how the CMA readfi ...)
+	TODO: check
+CVE-2021-21904 (A directory traversal vulnerability exists in the CMA CLI setenv comma ...)
+	TODO: check
+CVE-2021-21903 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...)
+	TODO: check
+CVE-2021-21902 (An authentication bypass vulnerability exists in the CMA run_server_68 ...)
+	TODO: check
+CVE-2021-21901 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...)
+	TODO: check
 CVE-2021-21900 (A code execution vulnerability exists in the dxfRW::processLType() fun ...)
 	{DLA-2838-1}
 	- librecad <unfixed>
@@ -62192,56 +62203,56 @@ CVE-2021-21897 (A code execution vulnerability exists in the DL_Dxf::handleLWPol
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1346
 	NOTE: https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8
 	TODO: check, horizon-eda, cloudcompare, kicad embedds it, but needs to check if actually used and issue affects those
-CVE-2021-21896
-	RESERVED
-CVE-2021-21895
-	RESERVED
-CVE-2021-21894
-	RESERVED
+CVE-2021-21896 (A directory traversal vulnerability exists in the Web Manager FsBrowse ...)
+	TODO: check
+CVE-2021-21895 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...)
+	TODO: check
+CVE-2021-21894 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...)
+	TODO: check
 CVE-2021-21893 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
 	NOT-FOR-US: Foxit
-CVE-2021-21892
-	RESERVED
-CVE-2021-21891
-	RESERVED
-CVE-2021-21890
-	RESERVED
-CVE-2021-21889
-	RESERVED
-CVE-2021-21888
-	RESERVED
-CVE-2021-21887
-	RESERVED
-CVE-2021-21886
-	RESERVED
-CVE-2021-21885
-	RESERVED
-CVE-2021-21884
-	RESERVED
-CVE-2021-21883
-	RESERVED
-CVE-2021-21882
-	RESERVED
-CVE-2021-21881
-	RESERVED
-CVE-2021-21880
-	RESERVED
-CVE-2021-21879
-	RESERVED
-CVE-2021-21878
-	RESERVED
-CVE-2021-21877
-	RESERVED
-CVE-2021-21876
-	RESERVED
-CVE-2021-21875
-	RESERVED
-CVE-2021-21874
-	RESERVED
-CVE-2021-21873
-	RESERVED
-CVE-2021-21872
-	RESERVED
+CVE-2021-21892 (A stack-based buffer overflow vulnerability exists in the Web Manager  ...)
+	TODO: check
+CVE-2021-21891 (A stack-based buffer overflow vulnerability exists in the Web Manager  ...)
+	TODO: check
+CVE-2021-21890 (A stack-based buffer overflow vulnerability exists in the Web Manager  ...)
+	TODO: check
+CVE-2021-21889 (A stack-based buffer overflow vulnerability exists in the Web Manager  ...)
+	TODO: check
+CVE-2021-21888 (An OS command injection vulnerability exists in the Web Manager SslGen ...)
+	TODO: check
+CVE-2021-21887 (A stack-based buffer overflow vulnerability exists in the Web Manager  ...)
+	TODO: check
+CVE-2021-21886 (A directory traversal vulnerability exists in the Web Manager FSBrowse ...)
+	TODO: check
+CVE-2021-21885 (A directory traversal vulnerability exists in the Web Manager FsMove f ...)
+	TODO: check
+CVE-2021-21884 (An OS command injection vulnerability exists in the Web Manager SslGen ...)
+	TODO: check
+CVE-2021-21883 (An OS command injection vulnerability exists in the Web Manager Diagno ...)
+	TODO: check
+CVE-2021-21882 (An OS command injection vulnerability exists in the Web Manager FsUnmo ...)
+	TODO: check
+CVE-2021-21881 (An OS command injection vulnerability exists in the Web Manager Wirele ...)
+	TODO: check
+CVE-2021-21880 (A directory traversal vulnerability exists in the Web Manager FsCopyFi ...)
+	TODO: check
+CVE-2021-21879 (A directory traversal vulnerability exists in the Web Manager File Upl ...)
+	TODO: check
+CVE-2021-21878 (A local file inclusion vulnerability exists in the Web Manager Applica ...)
+	TODO: check
+CVE-2021-21877 (Specially-crafted HTTP requests can lead to arbitrary command executio ...)
+	TODO: check
+CVE-2021-21876 (Specially-crafted HTTP requests can lead to arbitrary command executio ...)
+	TODO: check
+CVE-2021-21875 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+	TODO: check
+CVE-2021-21874 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+	TODO: check
+CVE-2021-21873 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+	TODO: check
+CVE-2021-21872 (An OS command injection vulnerability exists in the Web Manager Diagno ...)
+	TODO: check
 CVE-2021-21871 (A memory corruption vulnerability exists in the DMG File Format Handle ...)
 	NOT-FOR-US: PowerISO
 CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
@@ -548237,7 +548248,7 @@ CVE-2000-0486 (Buffer overflow in Cisco TACACS+ tac_plus server allows remote at
 	NOT-FOR-US: Cisco
 CVE-2000-0485 (Microsoft SQL Server allows local users to obtain database passwords v ...)
 	NOT-FOR-US: Microsoft
-CVE-2000-0484 (Buffer overflow in Small HTTP Server allows remote attackers to cause  ...)
+CVE-2000-0484 (Small HTTP Server ver 3.06 contains a memory corruption bug causing a  ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2000-0483 (The DocumentTemplate package in Zope 2.2 and earlier allows a remote a ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a532d8bb0849cd4d27845c099fbc949606e28183

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a532d8bb0849cd4d27845c099fbc949606e28183
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211222/90e48474/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list