[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 4 08:10:27 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
55d010c7 by security tracker role at 2021-11-04T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2021-43357
+	RESERVED
+CVE-2021-43350
+	RESERVED
+CVE-2021-43349
+	RESERVED
+CVE-2021-43348
+	RESERVED
+CVE-2021-43347
+	RESERVED
+CVE-2021-43346
+	RESERVED
+CVE-2021-43345
+	RESERVED
+CVE-2021-43344
+	RESERVED
+CVE-2021-43343
+	RESERVED
+CVE-2021-43342
+	RESERVED
+CVE-2021-43341
+	RESERVED
+CVE-2021-43340
+	RESERVED
+CVE-2021-43339 (In Ericsson Network Location MPS GMPC21, it is possible to inject comm ...)
+	TODO: check
+CVE-2021-43338 (In Ericsson Network Location MPS GMPC21, it is possible to creates a n ...)
+	TODO: check
+CVE-2021-43337
+	RESERVED
+CVE-2021-42743
+	RESERVED
+CVE-2021-3926
+	RESERVED
+CVE-2021-3925
+	RESERVED
+CVE-2021-33845
+	RESERVED
+CVE-2021-31559
+	RESERVED
+CVE-2021-26253
+	RESERVED
 CVE-2021-43336
 	RESERVED
 CVE-2021-43335
@@ -136,7 +178,7 @@ CVE-2021-43272
 	RESERVED
 CVE-2021-43271
 	RESERVED
-CVE-2021-43270 (Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus) 3.1.0-dev-00148, 3. ...)
+CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3. ...)
 	NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus)
 CVE-2021-43269
 	RESERVED
@@ -1698,8 +1740,8 @@ CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not
 	NOT-FOR-US: WordPress plugin
 CVE-2015-20019 (The Content text slider on post WordPress plugin before 6.9 does not s ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-43032
-	RESERVED
+CVE-2021-43032 (In XenForo through 2.2.7, a threat actor with access to the admin pane ...)
+	TODO: check
 CVE-2021-43031
 	RESERVED
 CVE-2021-43030
@@ -2255,7 +2297,7 @@ CVE-2021-42774
 CVE-2021-42773
 	RESERVED
 CVE-2021-42772
-	RESERVED
+	REJECTED
 CVE-2021-42771 (Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary  ...)
 	{DLA-2790-1}
 	- python-babel 2.8.0+dfsg.1-7 (bug #987824)
@@ -6262,8 +6304,8 @@ CVE-2021-41564 (Tad Honor viewing book list function is vulnerable to authorizat
 	NOT-FOR-US: Tad Honor
 CVE-2021-41563 (Tad Book3 editing book function does not filter special characters. Un ...)
 	NOT-FOR-US: Tad Book3
-CVE-2021-41562
-	RESERVED
+CVE-2021-41562 (A vulnerability in Snow Snow Agent for Windows allows a non-admin user ...)
+	TODO: check
 CVE-2021-41561
 	RESERVED
 CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk software is  ...)
@@ -6427,8 +6469,8 @@ CVE-2021-41494
 	RESERVED
 CVE-2021-41493
 	RESERVED
-CVE-2021-41492
-	RESERVED
+CVE-2021-41492 (Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple  ...)
+	TODO: check
 CVE-2021-41491
 	RESERVED
 CVE-2021-41490
@@ -6782,7 +6824,7 @@ CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in Py
 	NOT-FOR-US: Pydio Cells
 CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 2.2.9 allow ...)
 	NOT-FOR-US: Pydio Cells
-CVE-2021-41322 (Polycom VVX 400/410 version 5.3.1 allows low-privileged users to chang ...)
+CVE-2021-41322 (Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin ...)
 	NOT-FOR-US: Poly VVX 400/410
 CVE-2021-41321
 	RESERVED
@@ -17612,7 +17654,7 @@ CVE-2021-36801 (Akaunting version 2.1.12 and earlier suffers from an authenticat
 	NOT-FOR-US: Akaunting
 CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code injection iss ...)
 	NOT-FOR-US: Akaunting
-CVE-2021-36799 (Hard-coded password and salt for encryption of project files in KNX As ...)
+CVE-2021-36799 (** UNSUPPORTED WHEN ASSIGNED ** KNX ETS5 through 5.7.6 uses the hard-c ...)
 	NOT-FOR-US: KNX ETS5
 CVE-2021-36798 (A Denial-of-Service (DoS) vulnerability was discovered in Team Server  ...)
 	NOT-FOR-US: HelpSystems Cobalt Strike
@@ -21763,8 +21805,8 @@ CVE-2021-3610 [heap-based buffer overflow in ReadTIFFImage() in coders/tiff.c]
 	RESERVED
 	- imagemagick <not-affected> (Specific to Imagemagick 7)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
-CVE-2021-35053
-	RESERVED
+CVE-2021-35053 (Possible system denial of service in case of arbitrary changing Firefo ...)
+	TODO: check
 CVE-2021-35052
 	RESERVED
 CVE-2021-35051
@@ -24655,8 +24697,8 @@ CVE-2021-33802
 	RESERVED
 CVE-2021-33801
 	RESERVED
-CVE-2021-33800
-	RESERVED
+CVE-2021-33800 (In Druid 1.2.3, visiting the path with parameter in a certain function ...)
+	TODO: check
 CVE-2021-33799
 	RESERVED
 CVE-2021-33798
@@ -40282,7 +40324,8 @@ CVE-2021-27725
 	RESERVED
 CVE-2021-27724
 	RESERVED
-CVE-2021-27723 (An issue was discovered in Nsasoft US LLC Product Key Explorer 4.2.7.  ...)
+CVE-2021-27723
+	REJECTED
 	NOT-FOR-US: Nsasoft US LLC Product Key Explorer
 CVE-2021-27722 (An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The progr ...)
 	NOT-FOR-US: Nsasoft US LLC SpotAuditor
@@ -51526,8 +51569,7 @@ CVE-2021-22962
 	RESERVED
 CVE-2021-22961 (A code injection vulnerability exists within the firewall software of  ...)
 	NOT-FOR-US: GlassWire
-CVE-2021-22960 [HTTP Request Smuggling when parsing the body]
-	RESERVED
+CVE-2021-22960 (The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk  ...)
 	- nodejs 12.22.7~dfsg-1
 	[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
 	NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-when-parsing-the-body-medium-cve-2021-22960
@@ -100420,7 +100462,7 @@ CVE-2020-14935 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5,
 	NOT-FOR-US: Contiki-NG
 CVE-2020-14934 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...)
 	NOT-FOR-US: Contiki-NG
-CVE-2020-14933 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachme ...)
+CVE-2020-14933 (** DISPUTED ** compose.php in SquirrelMail 1.4.22 calls unserialize fo ...)
 	- squirrelmail <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1
 CVE-2020-14932 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtoda ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55d010c7bd95e3fd59053c0bbc31993d9861eeeb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55d010c7bd95e3fd59053c0bbc31993d9861eeeb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211104/4b4ed1f4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list