[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 2 08:10:23 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b580986a by security tracker role at 2021-11-02T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2021-43203
+ RESERVED
+CVE-2021-43202
+ RESERVED
+CVE-2021-43201
+ RESERVED
+CVE-2021-43200
+ RESERVED
+CVE-2021-43199
+ RESERVED
+CVE-2021-43198
+ RESERVED
+CVE-2021-43197
+ RESERVED
+CVE-2021-43196
+ RESERVED
+CVE-2021-43195
+ RESERVED
+CVE-2021-43194
+ RESERVED
+CVE-2021-43193
+ RESERVED
+CVE-2021-43192
+ RESERVED
+CVE-2021-43191
+ RESERVED
+CVE-2021-43190
+ RESERVED
+CVE-2021-43189
+ RESERVED
+CVE-2021-43188
+ RESERVED
+CVE-2021-43187
+ RESERVED
+CVE-2021-43186
+ RESERVED
+CVE-2021-43185
+ RESERVED
+CVE-2021-43184
+ RESERVED
+CVE-2021-43183
+ RESERVED
+CVE-2021-43182
+ RESERVED
+CVE-2021-43181
+ RESERVED
+CVE-2021-43180
+ RESERVED
+CVE-2021-43179
+ RESERVED
+CVE-2021-43178
+ RESERVED
+CVE-2021-43177
+ RESERVED
+CVE-2021-43176
+ RESERVED
+CVE-2021-43175
+ RESERVED
+CVE-2021-3918
+ RESERVED
CVE-2021-43174
RESERVED
CVE-2021-43173
@@ -262,8 +322,8 @@ CVE-2021-43060
RESERVED
CVE-2021-43059
RESERVED
-CVE-2021-43058
- RESERVED
+CVE-2021-43058 (An open redirect vulnerability exists in Replicated Classic versions p ...)
+ TODO: check
CVE-2021-3914
RESERVED
CVE-2021-43057 (An issue was discovered in the Linux kernel before 5.14.8. A use-after ...)
@@ -5451,8 +5511,8 @@ CVE-2021-41312
RESERVED
CVE-2021-41311
RESERVED
-CVE-2021-41310
- RESERVED
+CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ TODO: check
CVE-2021-41309
RESERVED
CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
@@ -5733,8 +5793,8 @@ CVE-2021-41189 (DSpace is an open source turnkey repository application. In vers
NOT-FOR-US: DSpace
CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...)
NOT-FOR-US: Shopware
-CVE-2021-41187
- RESERVED
+CVE-2021-41187 (DHIS 2 is an information system for data capture, management, validati ...)
+ TODO: check
CVE-2021-41186 (Fluentd collects events from various data sources and writes them to f ...)
- fluentd <itp> (bug #926692)
CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...)
@@ -7371,8 +7431,8 @@ CVE-2021-40505
RESERVED
CVE-2021-3766 (objection.js is vulnerable to Improperly Controlled Modification of Ob ...)
NOT-FOR-US: Node objection.js
-CVE-2021-3765
- RESERVED
+CVE-2021-3765 (validator.js is vulnerable to Inefficient Regular Expression Complexit ...)
+ TODO: check
CVE-2021-40504
RESERVED
CVE-2021-40503
@@ -10021,8 +10081,8 @@ CVE-2021-39348 (The LearnPress WordPress plugin is vulnerable to Stored Cross-Si
NOT-FOR-US: WordPress plugin
CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39346
- RESERVED
+CVE-2021-39346 (The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Si ...)
+ TODO: check
CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...)
@@ -10031,10 +10091,10 @@ CVE-2021-39343 (The MPL-Publisher WordPress plugin is vulnerable to Stored Cross
NOT-FOR-US: WordPress plugin
CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39341
- RESERVED
-CVE-2021-39340
- RESERVED
+CVE-2021-39341 (The OptinMonster WordPress plugin is vulnerable to sensitive informati ...)
+ TODO: check
+CVE-2021-39340 (The Notification WordPress plugin is vulnerable to Stored Cross-Site S ...)
+ TODO: check
CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy and Serv ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39338 (The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-S ...)
@@ -10047,8 +10107,8 @@ CVE-2021-39335 (The WpGenius Job Listing WordPress plugin is vulnerable to Store
NOT-FOR-US: WordPress plugin
CVE-2021-39334 (The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Si ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39333
- RESERVED
+CVE-2021-39333 (The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress containe ...)
+ TODO: check
CVE-2021-39332 (The Business Manager WordPress plugin is vulnerable to Stored Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39331
@@ -12467,8 +12527,8 @@ CVE-2021-38358 (The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-
NOT-FOR-US: WordPress plugin
CVE-2021-38357 (The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-38356
- RESERVED
+CVE-2021-38356 (The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress pl ...)
+ TODO: check
CVE-2021-38355 (The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2021-38354 (The GNU-Mailman Integration WordPress plugin is vulnerable to Reflecte ...)
@@ -23749,8 +23809,8 @@ CVE-2021-33595 (A address bar spoofing vulnerability was discovered in Safe Brow
NOT-FOR-US: Safe Browser for iOS
CVE-2021-33594 (An address bar spoofing vulnerability was discovered in Safe Browser f ...)
NOT-FOR-US: Safe Browser for Android
-CVE-2021-33593
- RESERVED
+CVE-2021-33593 (Whale browser for iOS before 1.14.0 has an inconsistent user interface ...)
+ TODO: check
CVE-2021-33592 (NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arb ...)
NOT-FOR-US: NAVER Toolbar
CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15 ...)
@@ -28272,10 +28332,10 @@ CVE-2021-31851
RESERVED
CVE-2021-31850
RESERVED
-CVE-2021-31849
- RESERVED
-CVE-2021-31848
- RESERVED
+CVE-2021-31849 (SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO e ...)
+ TODO: check
+CVE-2021-31848 (Cross site scripting (XSS) vulnerability in McAfee Data Loss Preventio ...)
+ TODO: check
CVE-2021-31847 (Improper access control vulnerability in the repair process for McAfee ...)
NOT-FOR-US: McAfee
CVE-2021-31846
@@ -43119,8 +43179,8 @@ CVE-2021-25975
RESERVED
CVE-2021-25974
RESERVED
-CVE-2021-25973
- RESERVED
+CVE-2021-25973 (In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Cont ...)
+ TODO: check
CVE-2021-25972 (In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-S ...)
NOT-FOR-US: Camaleon CMS
CVE-2021-25971 (In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught ...)
@@ -45165,7 +45225,7 @@ CVE-2021-25221
CVE-2021-25220
RESERVED
CVE-2021-25219 (In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3- ...)
- {DSA-4994-1}
+ {DSA-4994-1 DLA-2807-1}
- bind9 1:9.17.19-1
NOTE: https://kb.isc.org/docs/cve-2021-25219
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8fe18c0566c41228a568157287f5a44f96d37662 (v9_16_22)
@@ -58763,8 +58823,8 @@ CVE-2021-20138
RESERVED
CVE-2021-20137
RESERVED
-CVE-2021-20136
- RESERVED
+CVE-2021-20136 (ManageEngine Log360 Builds < 5235 are affected by an improper acces ...)
+ TODO: check
CVE-2021-20135
RESERVED
CVE-2021-20134
@@ -209464,13 +209524,14 @@ CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated ceph
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1637327
NOTE: https://github.com/ceph/ceph/commit/a2acedd2a7e12d58af6db35edbd8a9d29c557578
CVE-2018-14661 (It was found that usage of snprintf function in feature/locks translat ...)
- {DLA-1565-1}
+ {DLA-2806-1 DLA-1565-1}
- glusterfs 5.1-1 (bug #912997)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880
NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=74dbf0a9aac4b960832029ec122685b5b5009127
CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 ...)
+ {DLA-2806-1}
- glusterfs 5.1-1 (bug #912997)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
@@ -209478,7 +209539,7 @@ CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and
NOTE: https://review.gluster.org/#/c/glusterfs/+/21531/
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=c2c70552188ee1b15bb748b4f2272062505c7696
CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...)
- {DLA-1565-1}
+ {DLA-2806-1 DLA-1565-1}
- glusterfs 5.1-1 (bug #912997)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929
@@ -209496,6 +209557,7 @@ CVE-2018-14656 (A missing address check in the callers of the show_opcodes() in
CVE-2018-14655 (A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. Wh ...)
NOT-FOR-US: Keycloak
CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to abuse o ...)
+ {DLA-2806-1}
- glusterfs 5.1-1 (bug #912997)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
@@ -209504,7 +209566,7 @@ CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to a
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=5f4ae8a80543332a2e92dfa5c7f833ae7b93a664 (release-4.1)
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=dc775c4ae052d1e9d0f61ace3be999f73f0ffa23 (release-5)
CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable ...)
- {DLA-1565-1}
+ {DLA-2806-1 DLA-1565-1}
- glusterfs 5.1-1 (bug #912997)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431
@@ -209513,7 +209575,7 @@ CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulne
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=d3ec5f5a089edb68206b5d4a469358867340d4f7
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2712fbd38477e736f157c9dbfbbae9c253b6c13
CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable ...)
- {DLA-1565-1}
+ {DLA-2806-1 DLA-1565-1}
- glusterfs 5.0-1 (bug #912997)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974
@@ -219747,31 +219809,31 @@ CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its C
- cobbler <removed>
NOTE: https://www.openwall.com/lists/oss-security/2018/08/09/9
CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ser ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in glusterfs ser ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in glusterfs se ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in glusterfs ser ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported by glus ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
@@ -219793,7 +219855,7 @@ CVE-2018-10924 (It was discovered that fsync(2) system call in glusterfs client
NOTE: Introduced by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=51dfc9c789b8405f595a337eade938aedcb449c4
NOTE: https://review.gluster.org/20723
CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can create fi ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659
NOTE: https://github.com/gluster/glusterfs/commit/4bafcc97e812acc854dfc436ade35df0308d5a3e
@@ -219833,19 +219895,19 @@ CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL clien
NOTE: Fixed in 9.3.24, 9.4.19, 9.5.14, 9.6.10, 10.5
NOTE: https://www.postgresql.org/about/news/1878/
CVE-2018-10914 (It was found that an attacker could issue a xattr request via glusterf ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617
NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10913 (An information disclosure vulnerability was discovered in glusterfs se ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618
NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop i ...)
NOT-FOR-US: Keycloak
CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterfs does ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657
NOTE: https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d
@@ -219860,11 +219922,11 @@ CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state be
NOTE: gnome-bluetooth: https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89
NOTE: workaround in gnome-bluetooth landed in 3.28.2, BlueZ fixed in 5.51
CVE-2018-10909
- RESERVED
+ REJECTED
CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img on untr ...)
- vdsm <itp> (bug #668538)
CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack bas ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642
NOTE: https://github.com/gluster/glusterfs/commit/35f86ce46240c4f9c216bbc29164ce441cfca1e7
@@ -219877,7 +219939,7 @@ CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount i
CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper secur ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2018-10904 (It was found that glusterfs server does not properly sanitize file pat ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298
NOTE: https://github.com/gluster/glusterfs/commit/9716ce88b3a1faf135a6badc02d94249898059dd
@@ -220181,6 +220243,7 @@ CVE-2018-10843 (source-to-image component of Openshift Container Platform before
CVE-2018-10842
REJECTED
CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server node ...)
+ {DLA-2806-1}
- glusterfs 4.1.2-1 (bug #901968)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://review.gluster.org/#/c/20328/
@@ -234807,7 +234870,7 @@ CVE-2018-5741 (To provide fine-grained controls over the ability to use Dynamic
NOTE: No code fix provided; Incorrect documentation of krb5-subdomain and ms-subdomain update policies.
NOTE: Will be adressed in 9.11.5, 9.12.3
CVE-2018-5740 ("deny-answer-aliases" is a little-used feature intended to help recurs ...)
- {DLA-1485-1}
+ {DLA-2807-1 DLA-1485-1}
- bind9 1:9.11.4.P1+dfsg-1 (bug #905743)
NOTE: https://kb.isc.org/article/AA-01639/74/CVE-2018-5740
NOTE: https://gitlab.isc.org/isc-projects/bind9/merge_requests/607/commits
@@ -248228,6 +248291,7 @@ CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not pr
[stretch] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2018/05/07/2
CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot schedule ...)
+ {DLA-2806-1}
- glusterfs 4.0.2-1 (bug #896128)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
[wheezy] - glusterfs <not-affected> (vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b580986a1f9bb2260ac02305a666285a40d9313d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b580986a1f9bb2260ac02305a666285a40d9313d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211102/d36f1d18/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list