[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Dec 26 20:10:33 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38a07dfa by security tracker role at 2021-12-26T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-4174
+	RESERVED
+CVE-2021-4173
+	RESERVED
+CVE-2021-4172
+	RESERVED
+CVE-2021-4171
+	RESERVED
 CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
 	NOT-FOR-US: Netgear
 CVE-2021-45678 (NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code. ...)
@@ -374,12 +382,12 @@ CVE-2021-45493 (Certain NETGEAR devices are affected by disclosure of administra
 	NOT-FOR-US: Netgear
 CVE-2021-4170
 	RESERVED
-CVE-2021-4169
-	RESERVED
+CVE-2021-4169 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+	TODO: check
 CVE-2021-45492
 	RESERVED
-CVE-2021-4168
-	RESERVED
+CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+	TODO: check
 CVE-2021-45491
 	RESERVED
 CVE-2021-45490
@@ -3649,8 +3657,8 @@ CVE-2021-44600 (The password parameter on Simple Online Mens Salon Management Sy
 	NOT-FOR-US: Simple Online Mens Salon Management System (MSMS)
 CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0 system a ...)
 	NOT-FOR-US: Online Enrollment Management System
-CVE-2021-44598
-	RESERVED
+CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site Scripting ...)
+	TODO: check
 CVE-2021-44597
 	RESERVED
 CVE-2021-44596
@@ -18486,13 +18494,13 @@ CVE-2021-39931 (An issue has been discovered in GitLab CE/EE affecting all versi
 CVE-2021-39930 (Missing authorization in GitLab EE versions between 12.4 and 14.3.6, b ...)
 	- gitlab <unfixed>
 CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4 ...)
-	{DSA-5019-1}
+	{DSA-5019-1 DLA-2849-1}
 	- wireshark 3.6.0-1
 	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17651
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-07.html
 CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 ...)
-	{DSA-5019-1}
+	{DSA-5019-1 DLA-2849-1}
 	- wireshark 3.6.0-1
 	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704
@@ -18507,31 +18515,31 @@ CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17649
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-08.html
 CVE-2021-39925 (Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3 ...)
-	{DSA-5019-1}
+	{DSA-5019-1 DLA-2849-1}
 	- wireshark 3.6.0-1
 	[buster] - wireshark 2.6.20-0+deb10u2
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17635
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-09.html
 CVE-2021-39924 (Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9  ...)
-	{DSA-5019-1}
+	{DSA-5019-1 DLA-2849-1}
 	- wireshark 3.6.0-1
 	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17677
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-10.html
 CVE-2021-39923 (Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 ...)
-	{DSA-5019-1}
+	{DSA-5019-1 DLA-2849-1}
 	- wireshark 3.6.0-1
 	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17684
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-11.html
 CVE-2021-39922 (Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 an ...)
-	{DSA-5019-1}
+	{DSA-5019-1 DLA-2849-1}
 	- wireshark 3.6.0-1
 	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17636
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-12.html
 CVE-2021-39921 (NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3 ...)
-	{DSA-5019-1}
+	{DSA-5019-1 DLA-2849-1}
 	- wireshark 3.6.0-1
 	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17703
@@ -61989,7 +61997,7 @@ CVE-2021-22236 (Due to improper handling of OAuth client IDs, new subscriptions
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
 CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 ...)
-	{DSA-5019-1}
+	{DSA-5019-1 DLA-2849-1}
 	[experimental] - wireshark 3.4.7-1~exp1
 	- wireshark 3.4.7-1
 	[buster] - wireshark <no-dsa> (Minor issue)
@@ -62061,7 +62069,7 @@ CVE-2021-22209 (An issue has been discovered in GitLab CE/EE affecting all versi
 CVE-2021-22208 (An issue has been discovered in GitLab affecting versions starting wit ...)
 	- gitlab <unfixed>
 CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to ...)
-	{DSA-5019-1}
+	{DSA-5019-1 DLA-2849-1}
 	[experimental] - wireshark 3.4.6-1~exp1
 	- wireshark 3.4.7-1 (bug #987853)
 	[buster] - wireshark <no-dsa> (Minor issue)
@@ -160799,7 +160807,7 @@ CVE-2019-15533 (XENFCoreSharp before 2019-07-16 allows SQL injection in web/veri
 CVE-2019-15532 (CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBrut ...)
 	NOT-FOR-US: CyberChef
 CVE-2019-15531 (GNU Libextractor through 1.9 has a heap-based buffer over-read in the  ...)
-	{DLA-1904-1}
+	{DLA-2851-1 DLA-1904-1}
 	- libextractor 1:1.9-2 (bug #935553)
 	[buster] - libextractor <no-dsa> (Minor issue)
 	NOTE: https://bugs.gnunet.org/view.php?id=5846
@@ -161852,7 +161860,7 @@ CVE-2019-15166 (lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4
 	- tcpdump 4.9.3-1 (bug #941698)
 	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
 CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB ...)
-	{DLA-1967-1}
+	{DLA-2850-1 DLA-1967-1}
 	- libpcap 1.9.1-1 (low; bug #941697)
 	[buster] - libpcap <ignored> (Minor issue)
 	NOTE: https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a07dfa4f740fbcef3aca71ec25e270b87f6310

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a07dfa4f740fbcef3aca71ec25e270b87f6310
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211226/89512eb9/attachment.htm>


More information about the debian-security-tracker-commits mailing list