[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 4 20:10:30 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8d13312b by security tracker role at 2021-11-04T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2021-43391
+ RESERVED
+CVE-2021-43390
+ RESERVED
+CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15. There is a ...)
+ TODO: check
+CVE-2021-43388
+ RESERVED
+CVE-2021-43387
+ RESERVED
+CVE-2021-43386
+ RESERVED
+CVE-2021-43385
+ RESERVED
+CVE-2021-43384
+ RESERVED
+CVE-2021-43383
+ RESERVED
+CVE-2021-43382
+ RESERVED
+CVE-2021-43381
+ RESERVED
+CVE-2021-43380
+ RESERVED
+CVE-2021-43379
+ RESERVED
+CVE-2021-43378
+ RESERVED
+CVE-2021-43377
+ RESERVED
+CVE-2021-43376
+ RESERVED
+CVE-2021-43375
+ RESERVED
+CVE-2021-43374
+ RESERVED
+CVE-2021-43373
+ RESERVED
+CVE-2021-43372
+ RESERVED
+CVE-2021-43371
+ RESERVED
+CVE-2021-43370
+ RESERVED
+CVE-2021-43369
+ RESERVED
+CVE-2021-43368
+ RESERVED
+CVE-2021-43367
+ RESERVED
+CVE-2021-43366
+ RESERVED
+CVE-2021-43365
+ RESERVED
+CVE-2021-43364
+ RESERVED
+CVE-2021-43363
+ RESERVED
+CVE-2021-43362
+ RESERVED
+CVE-2021-43361
+ RESERVED
+CVE-2021-43360
+ RESERVED
+CVE-2021-43359
+ RESERVED
+CVE-2021-43358
+ RESERVED
+CVE-2021-3928
+ RESERVED
+CVE-2021-3927
+ RESERVED
CVE-2021-43357
RESERVED
CVE-2021-43350
@@ -132,8 +204,8 @@ CVE-2021-43295
RESERVED
CVE-2021-43294
RESERVED
-CVE-2021-43293
- RESERVED
+CVE-2021-43293 (Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote au ...)
+ TODO: check
CVE-2021-43292
RESERVED
CVE-2021-43291
@@ -156,8 +228,8 @@ CVE-2021-43283
RESERVED
CVE-2021-43282
RESERVED
-CVE-2021-43281
- RESERVED
+CVE-2021-43281 (MyBB before 1.8.29 allows Remote Code Injection by an admin with the " ...)
+ TODO: check
CVE-2021-43280
RESERVED
CVE-2021-43279
@@ -2638,8 +2710,8 @@ CVE-2021-42626
RESERVED
CVE-2021-42625
RESERVED
-CVE-2021-42624
- RESERVED
+CVE-2021-42624 (A local buffer overflow vulnerability exists in the latest version of ...)
+ TODO: check
CVE-2021-42623
RESERVED
CVE-2021-42622
@@ -7017,8 +7089,8 @@ CVE-2021-41249
RESERVED
CVE-2021-41248
RESERVED
-CVE-2021-41247
- RESERVED
+CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter notebooks. ...)
+ TODO: check
CVE-2021-41246
RESERVED
CVE-2021-41245
@@ -9646,6 +9718,7 @@ CVE-2021-3738
RESERVED
CVE-2021-3737 [client can enter an infinite loop on a 100 Continue response from the server]
RESERVED
+ {DLA-2808-1}
[experimental] - python3.9 3.9.6-1
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -9711,40 +9784,40 @@ CVE-2021-40130
RESERVED
CVE-2021-40129
RESERVED
-CVE-2021-40128
- RESERVED
-CVE-2021-40127
- RESERVED
-CVE-2021-40126
- RESERVED
+CVE-2021-40128 (A vulnerability in the account activation feature of Cisco Webex Meeti ...)
+ TODO: check
+CVE-2021-40127 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ TODO: check
+CVE-2021-40126 (A vulnerability in the web-based dashboard of Cisco Umbrella could all ...)
+ TODO: check
CVE-2021-40125 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...)
NOT-FOR-US: Cisco
-CVE-2021-40124
- RESERVED
+CVE-2021-40124 (A vulnerability in the Network Access Manager (NAM) module of Cisco An ...)
+ TODO: check
CVE-2021-40123 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2021-40122 (A vulnerability in an API of the Call Bridge feature of Cisco Meeting ...)
NOT-FOR-US: Cisco
CVE-2021-40121 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2021-40120
- RESERVED
-CVE-2021-40119
- RESERVED
+CVE-2021-40120 (A vulnerability in the web-based management interface of certain Cisco ...)
+ TODO: check
+CVE-2021-40119 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...)
+ TODO: check
CVE-2021-40118 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...)
NOT-FOR-US: Cisco
CVE-2021-40117 (A vulnerability in SSL/TLS message handler for Cisco Adaptive Security ...)
NOT-FOR-US: Cisco
CVE-2021-40116 (Multiple Cisco products are affected by a vulnerability in Snort rules ...)
NOT-FOR-US: Cisco
-CVE-2021-40115
- RESERVED
+CVE-2021-40115 (A vulnerability in Cisco Webex Video Mesh could allow an unauthenticat ...)
+ TODO: check
CVE-2021-40114 (Multiple Cisco products are affected by a vulnerability in the way the ...)
NOT-FOR-US: Cisco
-CVE-2021-40113
- RESERVED
-CVE-2021-40112
- RESERVED
+CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface of the ...)
+ TODO: check
+CVE-2021-40112 (Multiple vulnerabilities in the web-based management interface of the ...)
+ TODO: check
CVE-2021-40111
RESERVED
CVE-2021-40110
@@ -10763,6 +10836,7 @@ CVE-2021-39616
RESERVED
CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs]
RESERVED
+ {DLA-2808-1}
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
- python3.7 <removed>
@@ -11475,7 +11549,8 @@ CVE-2021-39332 (The Business Manager WordPress plugin is vulnerable to Stored Cr
NOT-FOR-US: WordPress plugin
CVE-2021-39331
RESERVED
-CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...)
+CVE-2021-39330
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
@@ -22385,8 +22460,8 @@ CVE-2021-34797
RESERVED
CVE-2021-34796
RESERVED
-CVE-2021-34795
- RESERVED
+CVE-2021-34795 (Multiple vulnerabilities in the web-based management interface of the ...)
+ TODO: check
CVE-2021-34794 (A vulnerability in the Simple Network Management Protocol version 3 (S ...)
NOT-FOR-US: Cisco
CVE-2021-34793 (A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appli ...)
@@ -22407,8 +22482,8 @@ CVE-2021-34786 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Applicati
NOT-FOR-US: Cisco
CVE-2021-34785 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...)
NOT-FOR-US: Cisco
-CVE-2021-34784
- RESERVED
+CVE-2021-34784 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
CVE-2021-34783 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...)
NOT-FOR-US: Cisco
CVE-2021-34782 (A vulnerability in the API endpoints for Cisco DNA Center could allow ...)
@@ -22427,10 +22502,10 @@ CVE-2021-34776 (Multiple vulnerabilities exist in the Link Layer Discovery Proto
NOT-FOR-US: Cisco
CVE-2021-34775 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
NOT-FOR-US: Cisco
-CVE-2021-34774
- RESERVED
-CVE-2021-34773
- RESERVED
+CVE-2021-34774 (A vulnerability in the web-based management interface of Cisco Common ...)
+ TODO: check
+CVE-2021-34773 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
CVE-2021-34772 (A vulnerability in the web-based management interface of Cisco Orbital ...)
NOT-FOR-US: Cisco
CVE-2021-34771 (A vulnerability in the Cisco IOS XR Software CLI could allow an authen ...)
@@ -22493,12 +22568,12 @@ CVE-2021-34743 (A vulnerability in the application integration feature of Cisco
NOT-FOR-US: Cisco
CVE-2021-34742 (A vulnerability in the web-based management interface of Cisco Vision ...)
NOT-FOR-US: Cisco
-CVE-2021-34741
- RESERVED
+CVE-2021-34741 (A vulnerability in the email scanning algorithm of Cisco AsyncOS softw ...)
+ TODO: check
CVE-2021-34740 (A vulnerability in the WLAN Control Protocol (WCP) implementation for ...)
NOT-FOR-US: Cisco
-CVE-2021-34739
- RESERVED
+CVE-2021-34739 (A vulnerability in the web-based management interface of multiple Cisc ...)
+ TODO: check
CVE-2021-34738 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-34737 (A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco ...)
@@ -22513,8 +22588,8 @@ CVE-2021-34733 (A vulnerability in the CLI of Cisco Prime Infrastructure and Cis
NOT-FOR-US: Cisco
CVE-2021-34732 (A vulnerability in the web-based management interface of Cisco Prime C ...)
NOT-FOR-US: Cisco
-CVE-2021-34731
- RESERVED
+CVE-2021-34731 (A vulnerability in the web-based management interface of Cisco Prime A ...)
+ TODO: check
CVE-2021-34730 (A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco ...)
NOT-FOR-US: Cisco
CVE-2021-34729 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco I ...)
@@ -22573,8 +22648,8 @@ CVE-2021-34703 (A vulnerability in the Link Layer Discovery Protocol (LLDP) mess
NOT-FOR-US: Cisco
CVE-2021-34702 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
-CVE-2021-34701
- RESERVED
+CVE-2021-34701 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
CVE-2021-34700 (A vulnerability in the CLI interface of Cisco SD-WAN vManage Software ...)
NOT-FOR-US: Cisco
CVE-2021-34699 (A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS ...)
@@ -22838,14 +22913,14 @@ CVE-2021-34599
RESERVED
CVE-2021-34598
RESERVED
-CVE-2021-34597
- RESERVED
+CVE-2021-34597 (Improper Input Validation vulnerability in PC Worx Automation Suite of ...)
+ TODO: check
CVE-2021-34596 (A crafted request may cause a read access to an uninitialized pointer ...)
NOT-FOR-US: CODESYS
CVE-2021-34595 (A crafted request with invalid offsets may cause an out-of-bounds read ...)
NOT-FOR-US: CODESYS
-CVE-2021-34594
- RESERVED
+CVE-2021-34594 (TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before ...)
+ TODO: check
CVE-2021-34593 (In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versio ...)
NOT-FOR-US: CODESYS
CVE-2021-34592
@@ -54720,47 +54795,33 @@ CVE-2021-21700
RESERVED
CVE-2021-21699
RESERVED
-CVE-2021-21698
- RESERVED
+CVE-2021-21698 (Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the nam ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21697
- RESERVED
+CVE-2021-21697 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to ...)
- jenkins <removed>
-CVE-2021-21696
- RESERVED
+CVE-2021-21696 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agen ...)
- jenkins <removed>
-CVE-2021-21695
- RESERVED
+CVE-2021-21695 (FilePath#listFiles lists files outside directories that agents are all ...)
- jenkins <removed>
-CVE-2021-21694
- RESERVED
+CVE-2021-21694 (FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isD ...)
- jenkins <removed>
-CVE-2021-21693
- RESERVED
+CVE-2021-21693 (When creating temporary files, agent-to-controller access to create th ...)
- jenkins <removed>
-CVE-2021-21692
- RESERVED
+CVE-2021-21692 (FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and ...)
- jenkins <removed>
-CVE-2021-21691
- RESERVED
+CVE-2021-21691 (Creating symbolic links is possible without the 'symlink' agent-to-con ...)
- jenkins <removed>
-CVE-2021-21690
- RESERVED
+CVE-2021-21690 (Agent processes are able to completely bypass file path filtering by w ...)
- jenkins <removed>
-CVE-2021-21689
- RESERVED
+CVE-2021-21689 (FilePath#unzip and FilePath#untar were not subject to any agent-to-con ...)
- jenkins <removed>
-CVE-2021-21688
- RESERVED
+CVE-2021-21688 (The agent-to-controller security check FilePath#reading(FileVisitor) i ...)
- jenkins <removed>
-CVE-2021-21687
- RESERVED
+CVE-2021-21687 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agen ...)
- jenkins <removed>
-CVE-2021-21686
- RESERVED
+CVE-2021-21686 (File path filters in the agent-to-controller security subsystem of Jen ...)
- jenkins <removed>
-CVE-2021-21685
- RESERVED
+CVE-2021-21685 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agen ...)
- jenkins <removed>
CVE-2021-21684 (Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 che ...)
NOT-FOR-US: Jenkins plugin
@@ -66150,8 +66211,8 @@ CVE-2021-1502 (A vulnerability in Cisco Webex Network Recording Player for Windo
NOT-FOR-US: Cisco
CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive Securit ...)
NOT-FOR-US: Cisco
-CVE-2021-1500
- RESERVED
+CVE-2021-1500 (A vulnerability in the web-based management interface of Cisco Webex V ...)
+ TODO: check
CVE-2021-1499 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
NOT-FOR-US: Cisco
CVE-2021-1498 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -77377,12 +77438,12 @@ CVE-2020-25370
RESERVED
CVE-2020-25369
RESERVED
-CVE-2020-25368
- RESERVED
-CVE-2020-25367
- RESERVED
-CVE-2020-25366
- RESERVED
+CVE-2020-25368 (A command injection vulnerability was discovered in the HNAP1 protocol ...)
+ TODO: check
+CVE-2020-25367 (A command injection vulnerability was discovered in the HNAP1 protocol ...)
+ TODO: check
+CVE-2020-25366 (An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-8 ...)
+ TODO: check
CVE-2020-25365
RESERVED
CVE-2020-25364
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d13312b49e3c0f53554f425a027ee455b8246eb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d13312b49e3c0f53554f425a027ee455b8246eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211104/22b133ca/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list