[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Dec 26 20:10:33 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
38a07dfa by security tracker role at 2021-12-26T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-4174
+ RESERVED
+CVE-2021-4173
+ RESERVED
+CVE-2021-4172
+ RESERVED
+CVE-2021-4171
+ RESERVED
CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
NOT-FOR-US: Netgear
CVE-2021-45678 (NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code. ...)
@@ -374,12 +382,12 @@ CVE-2021-45493 (Certain NETGEAR devices are affected by disclosure of administra
NOT-FOR-US: Netgear
CVE-2021-4170
RESERVED
-CVE-2021-4169
- RESERVED
+CVE-2021-4169 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ TODO: check
CVE-2021-45492
RESERVED
-CVE-2021-4168
- RESERVED
+CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-45491
RESERVED
CVE-2021-45490
@@ -3649,8 +3657,8 @@ CVE-2021-44600 (The password parameter on Simple Online Mens Salon Management Sy
NOT-FOR-US: Simple Online Mens Salon Management System (MSMS)
CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0 system a ...)
NOT-FOR-US: Online Enrollment Management System
-CVE-2021-44598
- RESERVED
+CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site Scripting ...)
+ TODO: check
CVE-2021-44597
RESERVED
CVE-2021-44596
@@ -18486,13 +18494,13 @@ CVE-2021-39931 (An issue has been discovered in GitLab CE/EE affecting all versi
CVE-2021-39930 (Missing authorization in GitLab EE versions between 12.4 and 14.3.6, b ...)
- gitlab <unfixed>
CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4 ...)
- {DSA-5019-1}
+ {DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17651
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-07.html
CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 ...)
- {DSA-5019-1}
+ {DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704
@@ -18507,31 +18515,31 @@ CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17649
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-08.html
CVE-2021-39925 (Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3 ...)
- {DSA-5019-1}
+ {DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
[buster] - wireshark 2.6.20-0+deb10u2
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17635
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-09.html
CVE-2021-39924 (Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 ...)
- {DSA-5019-1}
+ {DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17677
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-10.html
CVE-2021-39923 (Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 ...)
- {DSA-5019-1}
+ {DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17684
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-11.html
CVE-2021-39922 (Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 an ...)
- {DSA-5019-1}
+ {DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17636
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-12.html
CVE-2021-39921 (NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3 ...)
- {DSA-5019-1}
+ {DSA-5019-1 DLA-2849-1}
- wireshark 3.6.0-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17703
@@ -61989,7 +61997,7 @@ CVE-2021-22236 (Due to improper handling of OAuth client IDs, new subscriptions
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 ...)
- {DSA-5019-1}
+ {DSA-5019-1 DLA-2849-1}
[experimental] - wireshark 3.4.7-1~exp1
- wireshark 3.4.7-1
[buster] - wireshark <no-dsa> (Minor issue)
@@ -62061,7 +62069,7 @@ CVE-2021-22209 (An issue has been discovered in GitLab CE/EE affecting all versi
CVE-2021-22208 (An issue has been discovered in GitLab affecting versions starting wit ...)
- gitlab <unfixed>
CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to ...)
- {DSA-5019-1}
+ {DSA-5019-1 DLA-2849-1}
[experimental] - wireshark 3.4.6-1~exp1
- wireshark 3.4.7-1 (bug #987853)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -160799,7 +160807,7 @@ CVE-2019-15533 (XENFCoreSharp before 2019-07-16 allows SQL injection in web/veri
CVE-2019-15532 (CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBrut ...)
NOT-FOR-US: CyberChef
CVE-2019-15531 (GNU Libextractor through 1.9 has a heap-based buffer over-read in the ...)
- {DLA-1904-1}
+ {DLA-2851-1 DLA-1904-1}
- libextractor 1:1.9-2 (bug #935553)
[buster] - libextractor <no-dsa> (Minor issue)
NOTE: https://bugs.gnunet.org/view.php?id=5846
@@ -161852,7 +161860,7 @@ CVE-2019-15166 (lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB ...)
- {DLA-1967-1}
+ {DLA-2850-1 DLA-1967-1}
- libpcap 1.9.1-1 (low; bug #941697)
[buster] - libpcap <ignored> (Minor issue)
NOTE: https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a07dfa4f740fbcef3aca71ec25e270b87f6310
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a07dfa4f740fbcef3aca71ec25e270b87f6310
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211226/89512eb9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list