[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 3 20:10:28 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
32f77eaa by security tracker role at 2021-11-03T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2021-43336
+ RESERVED
+CVE-2021-43335
+ RESERVED
+CVE-2021-43334
+ RESERVED
+CVE-2021-43333
+ RESERVED
+CVE-2021-43332
+ RESERVED
+CVE-2021-43331
+ RESERVED
+CVE-2021-43330
+ RESERVED
+CVE-2021-43329
+ RESERVED
+CVE-2021-43328
+ RESERVED
+CVE-2021-43327
+ RESERVED
+CVE-2021-43326
+ RESERVED
+CVE-2021-43325
+ RESERVED
+CVE-2021-43324 (LibreNMS through 21.10.2 allows XSS via a widget title. ...)
+ TODO: check
+CVE-2021-43323
+ RESERVED
+CVE-2021-43322
+ RESERVED
+CVE-2021-43321
+ RESERVED
+CVE-2021-43320
+ RESERVED
+CVE-2021-43319
+ RESERVED
+CVE-2021-43318
+ RESERVED
+CVE-2021-43317
+ RESERVED
+CVE-2021-43316
+ RESERVED
+CVE-2021-43315
+ RESERVED
+CVE-2021-43314
+ RESERVED
+CVE-2021-43313
+ RESERVED
+CVE-2021-43312
+ RESERVED
+CVE-2021-43311
+ RESERVED
+CVE-2021-43310
+ RESERVED
+CVE-2021-43309
+ RESERVED
+CVE-2021-43308
+ RESERVED
+CVE-2021-43307
+ RESERVED
+CVE-2021-43306
+ RESERVED
+CVE-2021-43305
+ RESERVED
+CVE-2021-43304
+ RESERVED
+CVE-2021-43303
+ RESERVED
+CVE-2021-43302
+ RESERVED
+CVE-2021-43301
+ RESERVED
+CVE-2021-43300
+ RESERVED
+CVE-2021-43299
+ RESERVED
+CVE-2021-43298
+ RESERVED
+CVE-2021-43297
+ RESERVED
+CVE-2021-3924
+ RESERVED
+CVE-2021-23222
+ RESERVED
+CVE-2021-23214
+ RESERVED
CVE-2021-43296
RESERVED
CVE-2021-43295
@@ -1325,10 +1411,10 @@ CVE-2021-43143
RESERVED
CVE-2021-43142
RESERVED
-CVE-2021-43141
- RESERVED
-CVE-2021-43140
- RESERVED
+CVE-2021-43141 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simp ...)
+ TODO: check
+CVE-2021-43140 (SQL Injection vulnerability exists in Sourcecodester. Simple Subscript ...)
+ TODO: check
CVE-2021-43139
RESERVED
CVE-2021-43138
@@ -1347,8 +1433,8 @@ CVE-2021-43132
RESERVED
CVE-2021-43131
RESERVED
-CVE-2021-43130
- RESERVED
+CVE-2021-43130 (An SQL Injection vulnerability exists in Sourcecodester Customer Relat ...)
+ TODO: check
CVE-2021-43129
RESERVED
CVE-2021-43128
@@ -1447,8 +1533,7 @@ CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF che
NOT-FOR-US: WordPress plugin
CVE-2021-43083
RESERVED
-CVE-2021-43082 [heap-buffer-overflow with stats-over-http plugin]
- RESERVED
+CVE-2021-43082 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
- trafficserver <unfixed>
[bullseye] - trafficserver <not-affected> (Vulnerable code not present, introduced in 9.x)
[buster] - trafficserver <not-affected> (Vulnerable code not present, introduced in 9.x)
@@ -6121,8 +6206,7 @@ CVE-2021-3828 (nltk is vulnerable to Inefficient Regular Expression Complexity .
[stretch] - nltk <no-dsa> (Minor issue)
NOTE: https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6
NOTE: https://github.com/nltk/nltk/pull/2816
-CVE-2021-41585 [ATS stops accepting connections on FreeBSD]
- RESERVED
+CVE-2021-41585 (Improper Input Validation vulnerability in accepting socket connection ...)
- trafficserver <not-affected> (Only affects FreeBSD)
NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
NOTE: https://github.com/apache/trafficserver/pull/8456/
@@ -7043,8 +7127,7 @@ CVE-2021-41176 (Pterodactyl is an open-source game server management panel built
NOT-FOR-US: Pterodactyl
CVE-2021-41175 (Pi-hole's Web interface (based on AdminLTE) provides a central locatio ...)
NOT-FOR-US: Pi-hole
-CVE-2021-41174
- RESERVED
+CVE-2021-41174 (Grafana is an open-source platform for monitoring and observability. I ...)
- grafana <removed>
CVE-2021-41173 (Go Ethereum is the official Golang implementation of the Ethereum prot ...)
- golang-github-go-ethereum <itp> (bug #890541)
@@ -7143,8 +7226,8 @@ CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to v
NOTE: https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f
CVE-2021-41135 (The Cosmos-SDK is a framework for building blockchain applications in ...)
NOT-FOR-US: Cosmos-SDK
-CVE-2021-41134
- RESERVED
+CVE-2021-41134 (nbdime provides tools for diffing and merging of Jupyter Notebooks. In ...)
+ TODO: check
CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...)
NOT-FOR-US: OMERO.web
CVE-2021-41131 (python-tuf is a Python reference implementation of The Update Framewor ...)
@@ -7495,8 +7578,8 @@ CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovere
NOT-FOR-US: Aruba
CVE-2021-3800
RESERVED
-CVE-2021-40985
- RESERVED
+CVE-2021-40985 (Buffer overflow vulnerability in htmldoc before 1.9.12, allows attacke ...)
+ TODO: check
CVE-2021-40984
RESERVED
CVE-2021-40983
@@ -7811,10 +7894,10 @@ CVE-2021-40851
RESERVED
CVE-2021-40850
RESERVED
-CVE-2021-40849
- RESERVED
-CVE-2021-40848
- RESERVED
+CVE-2021-40849 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account a ...)
+ TODO: check
+CVE-2021-40848 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV ...)
+ TODO: check
CVE-2021-40847 (The update process of the Circle Parental Control Service on various N ...)
NOT-FOR-US: Netgear
CVE-2021-40846
@@ -13466,8 +13549,8 @@ CVE-2021-38490 (Altova MobileTogether Server before 7.3 SP1 allows XML exponenti
NOT-FOR-US: Altova MobileTogether Server
CVE-2021-38489
RESERVED
-CVE-2021-38488
- RESERVED
+CVE-2021-38488 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ TODO: check
CVE-2021-38487
RESERVED
CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cl ...)
@@ -13586,32 +13669,32 @@ CVE-2021-38430 (FATEK Automation WinProladder versions 3.30 and prior proper val
NOT-FOR-US: FATEK Automation
CVE-2021-38429
RESERVED
-CVE-2021-38428
- RESERVED
+CVE-2021-38428 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ TODO: check
CVE-2021-38427
RESERVED
CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
NOT-FOR-US: FATEK Automation
CVE-2021-38425
RESERVED
-CVE-2021-38424
- RESERVED
+CVE-2021-38424 (The tag interface of Delta Electronics DIALink versions 1.2.4.0 and pr ...)
+ TODO: check
CVE-2021-38423
RESERVED
-CVE-2021-38422
- RESERVED
+CVE-2021-38422 (Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive ...)
+ TODO: check
CVE-2021-38421
RESERVED
-CVE-2021-38420
- RESERVED
+CVE-2021-38420 (Delta Electronics DIALink versions 1.2.4.0 and prior default permissio ...)
+ TODO: check
CVE-2021-38419
RESERVED
-CVE-2021-38418
- RESERVED
+CVE-2021-38418 (Delta Electronics DIALink versions 1.2.4.0 and prior runs by default o ...)
+ TODO: check
CVE-2021-38417
RESERVED
-CVE-2021-38416
- RESERVED
+CVE-2021-38416 (Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads ...)
+ TODO: check
CVE-2021-38415
RESERVED
CVE-2021-38414
@@ -13620,24 +13703,24 @@ CVE-2021-38413
RESERVED
CVE-2021-38412 (Properly formatted POST requests to multiple resources on the HTTP and ...)
NOT-FOR-US: Digi PortServer TS
-CVE-2021-38411
- RESERVED
+CVE-2021-38411 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ TODO: check
CVE-2021-38410
RESERVED
CVE-2021-38409
RESERVED
CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAccess Ver ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2021-38407
- RESERVED
+CVE-2021-38407 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ TODO: check
CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
NOT-FOR-US: Delta Electronic
CVE-2021-38405
RESERVED
CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
NOT-FOR-US: Delta Electronic
-CVE-2021-38403
- RESERVED
+CVE-2021-38403 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ TODO: check
CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
NOT-FOR-US: Delta Electronic
CVE-2021-38401
@@ -14326,8 +14409,7 @@ CVE-2021-38163 (SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.
NOT-FOR-US: SAP
CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22 ...)
NOT-FOR-US: SAP
-CVE-2021-38161 [Not validating origin TLS certificate]
- RESERVED
+CVE-2021-38161 (Improper Authentication vulnerability in TLS origin verification of Ap ...)
- trafficserver 9.1.0+ds-1
NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
NOTE: Mark first 9.x version as the fixed version as workaround, the issue does
@@ -16708,22 +16790,19 @@ CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel
NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html
CVE-2021-37150
RESERVED
-CVE-2021-37149 [Request Smuggling - multiple attacks]
- RESERVED
+CVE-2021-37149 (Improper Input Validation vulnerability in header parsing of Apache Tr ...)
- trafficserver <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
NOTE: https://github.com/apache/trafficserver/pull/8458/
NOTE: https://github.com/apache/trafficserver/commit/2addc8ca71449ceac0d5b80172460ee09c938f5e (8.1.x)
NOTE: https://github.com/apache/trafficserver/commit/83c89f3d217d473ecb000b68c910c0f183c3a355 (master)
-CVE-2021-37148 [Request Smuggling - transfer encoding validation]
- RESERVED
+CVE-2021-37148 (Improper input validation vulnerability in header parsing of Apache Tr ...)
- trafficserver <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
NOTE: https://github.com/apache/trafficserver/pull/8457/
NOTE: https://github.com/apache/trafficserver/commit/6e5070118a20772a30c3fccee2cf1c44f0a21fc0 (master)
NOTE: https://github.com/apache/trafficserver/commit/e2c9ac217f24dc3e91ff2c9f52b52093e8fb32d5 (8.1.x)
-CVE-2021-37147 [Request Smuggling - LF line ending]
- RESERVED
+CVE-2021-37147 (Improper input validation vulnerability in header parsing of Apache Tr ...)
- trafficserver <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
NOTE: https://github.com/apache/trafficserver/commit/64f25678bfbbd1433cce703e3c43bcc49a53de56 (master)
@@ -17842,10 +17921,10 @@ CVE-2021-36700
RESERVED
CVE-2021-36699
RESERVED
-CVE-2021-36698
- RESERVED
-CVE-2021-36697
- RESERVED
+CVE-2021-36698 (Pandora FMS through 755 allows XSS via a new Event Filter with a craft ...)
+ TODO: check
+CVE-2021-36697 (With an admin account, the .htaccess file in Artica Pandora FMS <=7 ...)
+ TODO: check
CVE-2021-36696 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...)
NOT-FOR-US: Deskpro
CVE-2021-36695 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...)
@@ -18925,8 +19004,8 @@ CVE-2021-36194
RESERVED
CVE-2021-36193
RESERVED
-CVE-2021-36192
- RESERVED
+CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
+ TODO: check
CVE-2021-36191
RESERVED
CVE-2021-36190
@@ -25988,10 +26067,10 @@ CVE-2021-33212 (A Cross-site scripting (XSS) vulnerability in the "View in Brows
NOT-FOR-US: Elements-IT HTTP Commander
CVE-2021-33211 (A Directory Traversal vulnerability in the Unzip feature in Elements-I ...)
NOT-FOR-US: Elements-IT HTTP Commander
-CVE-2021-33210
- RESERVED
-CVE-2021-33209
- RESERVED
+CVE-2021-33210 (An issue was discovered in Fimer Aurora Vision before 2.97.10. An atta ...)
+ TODO: check
+CVE-2021-33209 (An issue was discovered in Fimer Aurora Vision before 2.97.10. The res ...)
+ TODO: check
CVE-2021-33208
RESERVED
CVE-2021-33207
@@ -39935,8 +40014,8 @@ CVE-2021-27838
RESERVED
CVE-2021-27837
RESERVED
-CVE-2021-27836
- RESERVED
+CVE-2021-27836 (An issue was discoverered in in function xls_getWorkSheet in xls.c in ...)
+ TODO: check
CVE-2021-27835
RESERVED
CVE-2021-27834
@@ -42357,8 +42436,8 @@ CVE-2021-26788 (Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affe
NOT-FOR-US: Oryx Embedded CycloneTCP
CVE-2021-26787
RESERVED
-CVE-2021-26786
- RESERVED
+CVE-2021-26786 (An issue was discoverered in in customercentric-selling-poland PlayTub ...)
+ TODO: check
CVE-2021-26785
RESERVED
CVE-2021-26784
@@ -49641,8 +49720,8 @@ CVE-2021-23822
RESERVED
CVE-2021-23821
RESERVED
-CVE-2021-23820
- RESERVED
+CVE-2021-23820 (This affects all versions of package json-pointer. A type confusion vu ...)
+ TODO: check
CVE-2021-23819
RESERVED
CVE-2021-23818
@@ -49667,8 +49746,8 @@ CVE-2021-23809
RESERVED
CVE-2021-23808
RESERVED
-CVE-2021-23807
- RESERVED
+CVE-2021-23807 (This affects the package jsonpointer before 5.0.0. A type confusion vu ...)
+ TODO: check
CVE-2021-23806
RESERVED
CVE-2021-23805
@@ -49713,8 +49792,8 @@ CVE-2021-23786
RESERVED
CVE-2021-23785
RESERVED
-CVE-2021-23784
- RESERVED
+CVE-2021-23784 (This affects the package tempura before 0.4.0. If the input to the esc ...)
+ TODO: check
CVE-2021-23783
RESERVED
CVE-2021-23782
@@ -50033,8 +50112,8 @@ CVE-2021-23626
RESERVED
CVE-2021-23625
RESERVED
-CVE-2021-23624
- RESERVED
+CVE-2021-23624 (This affects the package dotty before 0.1.2. A type confusion vulnerab ...)
+ TODO: check
CVE-2021-23623
RESERVED
CVE-2021-23622
@@ -50263,8 +50342,8 @@ CVE-2021-23511
RESERVED
CVE-2021-23510
RESERVED
-CVE-2021-23509
- RESERVED
+CVE-2021-23509 (This affects the package json-ptr before 3.0.0. A type confusion vulne ...)
+ TODO: check
CVE-2021-23508
RESERVED
CVE-2021-23507
@@ -50337,8 +50416,8 @@ CVE-2021-23474
RESERVED
CVE-2021-23473
RESERVED
-CVE-2021-23472
- RESERVED
+CVE-2021-23472 (This affects all versions of package bootstrap-table. A type confusion ...)
+ TODO: check
CVE-2021-23471
RESERVED
CVE-2021-23470
@@ -67494,8 +67573,8 @@ CVE-2020-28418
RESERVED
CVE-2020-28417
RESERVED
-CVE-2020-28416
- RESERVED
+CVE-2020-28416 (HP has identified a security vulnerability with the I.R.I.S. OCR (Opti ...)
+ TODO: check
CVE-2020-25710 (A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allo ...)
{DSA-4792-1 DLA-2481-1}
- openldap 2.4.56+dfsg-1
@@ -78696,8 +78775,8 @@ CVE-2020-24745
RESERVED
CVE-2020-24744
RESERVED
-CVE-2020-24743
- RESERVED
+CVE-2020-24743 (An issue was found in /showReports.do Zoho ManageEngine Applications M ...)
+ TODO: check
CVE-2020-24742 (An issue has been fixed in Qt versions 5.14.0 where QPluginLoader atte ...)
{DSA-4617-1}
- qtbase-opensource-src 5.12.5+dfsg-8
@@ -80413,8 +80492,8 @@ CVE-2020-24002
RESERVED
CVE-2020-24001
RESERVED
-CVE-2020-24000
- RESERVED
+CVE-2020-24000 (SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to ...)
+ TODO: check
CVE-2020-23999
RESERVED
CVE-2020-23998
@@ -81081,10 +81160,10 @@ CVE-2020-23682
RESERVED
CVE-2020-23681
RESERVED
-CVE-2020-23680
- RESERVED
-CVE-2020-23679
- RESERVED
+CVE-2020-23680 (An issue was discovered in function StartPage in text2pdf.c in pdfcorn ...)
+ TODO: check
+CVE-2020-23679 (Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1 ...)
+ TODO: check
CVE-2020-23678
RESERVED
CVE-2020-23677
@@ -82261,8 +82340,8 @@ CVE-2020-23128 (Chamilo LMS 1.11.10 does not properly manage privileges which co
NOT-FOR-US: Chamilo LMS
CVE-2020-23127 (Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) v ...)
NOT-FOR-US: Chamilo LMS
-CVE-2020-23126
- RESERVED
+CVE-2020-23126 (Chamilo LMS version 1.11.10 contains an XSS vulnerability in the perso ...)
+ TODO: check
CVE-2020-23125
RESERVED
CVE-2020-23124
@@ -82295,8 +82374,8 @@ CVE-2020-23111
RESERVED
CVE-2020-23110
RESERVED
-CVE-2020-23109
- RESERVED
+CVE-2020-23109 (Buffer overflow vulnerability in function convert_colorspace in heif_c ...)
+ TODO: check
CVE-2020-23108
RESERVED
CVE-2020-23107
@@ -86880,8 +86959,8 @@ CVE-2020-20984
RESERVED
CVE-2020-20983
RESERVED
-CVE-2020-20982
- RESERVED
+CVE-2020-20982 (Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allo ...)
+ TODO: check
CVE-2020-20981 (A SQL injection in the /admin/?n=logs&c=index&a=dolist compone ...)
NOT-FOR-US: Metinfo
CVE-2020-20980
@@ -92525,16 +92604,16 @@ CVE-2020-18265 (Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remo
NOT-FOR-US: Simple-Log
CVE-2020-18264 (Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote att ...)
NOT-FOR-US: Simple-Log
-CVE-2020-18263
- RESERVED
-CVE-2020-18262
- RESERVED
-CVE-2020-18261
- RESERVED
+CVE-2020-18263 (PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability i ...)
+ TODO: check
+CVE-2020-18262 (ED01-CMS v1.0 was discovered to contain a SQL injection in the compone ...)
+ TODO: check
+CVE-2020-18261 (An arbitrary file upload vulnerability in the image upload function of ...)
+ TODO: check
CVE-2020-18260
RESERVED
-CVE-2020-18259
- RESERVED
+CVE-2020-18259 (ED01-CMS v1.0 was discovered to contain a reflective cross-site script ...)
+ TODO: check
CVE-2020-18258
RESERVED
CVE-2020-18257
@@ -122771,8 +122850,8 @@ CVE-2020-6933 (An improper input validation vulnerability in the UEM Core of Bla
NOT-FOR-US: BlackBerry
CVE-2020-6932 (An information disclosure and remote code execution vulnerability in t ...)
NOT-FOR-US: BlackBerry QNX Software Development Platform
-CVE-2020-6931
- RESERVED
+CVE-2020-6931 (HP Print and Scan Doctor may potentially be vulnerable to local elevat ...)
+ TODO: check
CVE-2020-6930
RESERVED
CVE-2020-6929
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32f77eaa06a2747b438067632bbca3dd3314b582
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32f77eaa06a2747b438067632bbca3dd3314b582
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211103/7c1b7a05/attachment.htm>
More information about the debian-security-tracker-commits
mailing list