[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 5 20:10:29 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7b787ebe by security tracker role at 2021-11-05T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2021-43409
+ RESERVED
+CVE-2021-43408
+ RESERVED
+CVE-2021-43407
+ RESERVED
+CVE-2021-43406 (An issue was discovered in FusionPBX before 4.5.30. The fax_post_size ...)
+ TODO: check
+CVE-2021-43405 (An issue was discovered in FusionPBX before 4.5.30. The fax_extension ...)
+ TODO: check
+CVE-2021-43404 (An issue was discovered in FusionPBX before 4.5.30. The FAX file name ...)
+ TODO: check
+CVE-2021-43403 (An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php ...)
+ TODO: check
+CVE-2021-43402
+ RESERVED
+CVE-2021-43401
+ RESERVED
+CVE-2021-3931
+ RESERVED
+CVE-2021-3930
+ RESERVED
+CVE-2021-3929
+ RESERVED
CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ...)
- bluez <unfixed> (bug #998626)
NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8
@@ -93,10 +117,10 @@ CVE-2021-43359
RESERVED
CVE-2021-43358
RESERVED
-CVE-2021-3928
- RESERVED
-CVE-2021-3927
- RESERVED
+CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...)
+ TODO: check
+CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ TODO: check
CVE-2021-43357
RESERVED
CVE-2021-43350
@@ -219,8 +243,8 @@ CVE-2021-43298
RESERVED
CVE-2021-43297
RESERVED
-CVE-2021-3924
- RESERVED
+CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Restricte ...)
+ TODO: check
CVE-2021-23222
RESERVED
CVE-2021-23214
@@ -1668,8 +1692,8 @@ CVE-2021-43085
RESERVED
CVE-2021-43084
RESERVED
-CVE-2021-3916
- RESERVED
+CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
+ TODO: check
CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...)
NOT-FOR-US: WordPress plugin
CVE-2021-43083
@@ -2256,8 +2280,8 @@ CVE-2021-42839
RESERVED
CVE-2021-42838
RESERVED
-CVE-2021-42837
- RESERVED
+CVE-2021-42837 (An issue was discovered in Talend Data Catalog before 7.3-20210930. Af ...)
+ TODO: check
CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...)
- golang-github-tidwall-gjson <unfixed>
NOTE: https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
@@ -2580,14 +2604,14 @@ CVE-2021-42703
RESERVED
CVE-2021-42702
RESERVED
-CVE-2021-42701
- RESERVED
+CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...)
+ TODO: check
CVE-2021-42700
RESERVED
-CVE-2021-42699
- RESERVED
-CVE-2021-42698
- RESERVED
+CVE-2021-42699 (The affected product is vulnerable to cookie information being transmi ...)
+ TODO: check
+CVE-2021-42698 (Project files are stored memory objects in the form of binary serializ ...)
+ TODO: check
CVE-2021-42697 (Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhausti ...)
NOT-FOR-US: Akka HTTP
CVE-2021-42696
@@ -2640,26 +2664,26 @@ CVE-2021-42673
RESERVED
CVE-2021-42672
RESERVED
-CVE-2021-42671
- RESERVED
-CVE-2021-42670
- RESERVED
-CVE-2021-42669
- RESERVED
-CVE-2021-42668
- RESERVED
-CVE-2021-42667
- RESERVED
-CVE-2021-42666
- RESERVED
-CVE-2021-42665
- RESERVED
-CVE-2021-42664
- RESERVED
-CVE-2021-42663
- RESERVED
-CVE-2021-42662
- RESERVED
+CVE-2021-42671 (An incorrect access control vulnerability exists in Sourcecodester Eng ...)
+ TODO: check
+CVE-2021-42670 (A SQL injection vulnerability exists in Sourcecodester Engineers Onlin ...)
+ TODO: check
+CVE-2021-42669 (A file upload vulnerability exists in Sourcecodester Engineers Online ...)
+ TODO: check
+CVE-2021-42668 (A SQL Injection vulnerability exists in Sourcecodester Engineers Onlin ...)
+ TODO: check
+CVE-2021-42667 (A SQL Injection vulnerability exists in Sourcecodester Online Event Bo ...)
+ TODO: check
+CVE-2021-42666 (A SQL Injection vulnerability exists in Sourcecodester Engineers Onlin ...)
+ TODO: check
+CVE-2021-42665 (An SQL Injection vulnerability exists in Sourcecodester Engineers Onli ...)
+ TODO: check
+CVE-2021-42664 (A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecod ...)
+ TODO: check
+CVE-2021-42663 (An HTML injection vulnerability exists in Sourcecodester Online Event ...)
+ TODO: check
+CVE-2021-42662 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+ TODO: check
CVE-2021-42661
RESERVED
CVE-2021-42660
@@ -2920,8 +2944,8 @@ CVE-2021-42545
RESERVED
CVE-2021-42544
RESERVED
-CVE-2021-42543
- RESERVED
+CVE-2021-42543 (The affected application uses specific functions that could be abused ...)
+ TODO: check
CVE-2021-42542 (The affected product is vulnerable to directory traversal due to misha ...)
NOT-FOR-US: Emerson
CVE-2021-42541
@@ -4340,7 +4364,7 @@ CVE-2021-42345
RESERVED
CVE-2021-42344
RESERVED
-CVE-2021-42343 (An issue was discovered in Dask (aka python-dask) through 2021.09.1. S ...)
+CVE-2021-42343 (An issue was discovered in the Dask distributed package before 2021.10 ...)
- dask <unfixed>
TODO: check details if fixed upstream in 2021.10.0
CVE-2021-42342 (An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the fi ...)
@@ -4809,8 +4833,8 @@ CVE-2021-42239
RESERVED
CVE-2021-42238
RESERVED
-CVE-2021-42237
- RESERVED
+CVE-2021-42237 (Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnera ...)
+ TODO: check
CVE-2021-42236
RESERVED
CVE-2021-42235
@@ -7442,6 +7466,7 @@ CVE-2021-41101 (wire-server is an open-source back end for Wire, a secure collab
CVE-2021-41100 (Wire-server is the backing server for the open source wire secure mess ...)
NOT-FOR-US: wire-server
CVE-2021-41099 (Redis is an open source, in-memory database that persists on disk. An ...)
+ {DSA-5001-1 DLA-2810-1}
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph
CVE-2021-41098 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...)
@@ -7509,6 +7534,7 @@ CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complex
NOT-FOR-US: nth-check
CVE-2021-3802
RESERVED
+ {DLA-2809-1}
- udisks2 2.9.4-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649
NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
@@ -11356,18 +11382,18 @@ CVE-2021-39418
RESERVED
CVE-2021-39417
RESERVED
-CVE-2021-39416
- RESERVED
+CVE-2021-39416 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote C ...)
+ TODO: check
CVE-2021-39415
RESERVED
CVE-2021-39414
RESERVED
-CVE-2021-39413
- RESERVED
-CVE-2021-39412
- RESERVED
-CVE-2021-39411
- RESERVED
+CVE-2021-39413 (Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel ...)
+ TODO: check
+CVE-2021-39412 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGuruk ...)
+ TODO: check
+CVE-2021-39411 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGuruku ...)
+ TODO: check
CVE-2021-39410
RESERVED
CVE-2021-39409
@@ -21199,8 +21225,7 @@ CVE-2021-35370
RESERVED
CVE-2021-35369
RESERVED
-CVE-2021-35368 [CRS Request Body Bypass]
- RESERVED
+CVE-2021-35368 (OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1 ...)
- modsecurity-crs 3.3.2-1 (bug #992000)
[bullseye] - modsecurity-crs 3.3.0-1+deb11u1
[buster] - modsecurity-crs 3.1.0-1+deb10u2
@@ -27387,6 +27412,7 @@ CVE-2021-32764 (Discourse is an open-source discussion platform. In Discourse ve
CVE-2021-32763 (OpenProject is open-source, web-based project management software. In ...)
NOT-FOR-US: OpenProject
CVE-2021-32762 (Redis is an open source, in-memory database that persists on disk. The ...)
+ {DSA-5001-1 DLA-2810-1}
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr
CVE-2021-32761 (Redis is an in-memory database that persists on disk. A vulnerability ...)
@@ -27594,6 +27620,7 @@ CVE-2021-32689 (Nextcloud Talk is a fully on-premises audio/video and chat commu
CVE-2021-32688 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...)
- nextcloud-server <itp> (bug #941708)
CVE-2021-32687 (Redis is an open source, in-memory database that persists on disk. An ...)
+ {DSA-5001-1 DLA-2810-1}
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q
CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -27631,6 +27658,7 @@ CVE-2021-32677 (FastAPI is a web framework for building APIs with Python 3.6+ ba
CVE-2021-32676 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...)
NOT-FOR-US: Nextcloud Talk
CVE-2021-32675 (Redis is an open source, in-memory database that persists on disk. Whe ...)
+ {DSA-5001-1 DLA-2810-1}
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p
CVE-2021-32674 (Zope is an open-source web application server. This advisory extends t ...)
@@ -27638,6 +27666,7 @@ CVE-2021-32674 (Zope is an open-source web application server. This advisory ext
CVE-2021-32673 (reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot ...)
NOT-FOR-US: reg-keygen-git-hash-plugin
CVE-2021-32672 (Redis is an open source, in-memory database that persists on disk. Whe ...)
+ {DSA-5001-1 DLA-2810-1}
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm
CVE-2021-32671 (Flarum is a forum software for building communities. Flarum's translat ...)
@@ -27735,14 +27764,17 @@ CVE-2021-32630 (Admidio is a free, open source user management system for websit
CVE-2021-32629 (Cranelift is an open-source code generator maintained by Bytecode Alli ...)
NOT-FOR-US: Cranelift
CVE-2021-32628 (Redis is an open source, in-memory database that persists on disk. An ...)
+ {DSA-5001-1}
- redis 5:6.0.16-1
[stretch] - redis <no-dsa> (Minor issue; invasive patch)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr
CVE-2021-32627 (Redis is an open source, in-memory database that persists on disk. In ...)
+ {DSA-5001-1}
- redis 5:6.0.16-1
[stretch] - redis <no-dsa> (Minor issue; invasive patch)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v
CVE-2021-32626 (Redis is an open source, in-memory database that persists on disk. In ...)
+ {DSA-5001-1 DLA-2810-1}
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c
CVE-2021-32625 (Redis is an open source (BSD licensed), in-memory data structure store ...)
@@ -35350,8 +35382,8 @@ CVE-2021-29755
RESERVED
CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
NOT-FOR-US: IBM
-CVE-2021-29753
- RESERVED
+CVE-2021-29753 (IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Proc ...)
+ TODO: check
CVE-2021-29752 (IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability ...)
NOT-FOR-US: IBM
CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
@@ -42442,8 +42474,8 @@ CVE-2021-26846
RESERVED
CVE-2021-26845 (Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS al ...)
NOT-FOR-US: Hitachi
-CVE-2021-26844
- RESERVED
+CVE-2021-26844 (A cross-site scripting (XSS) vulnerability in Power Admin PA Server Mo ...)
+ TODO: check
CVE-2021-26843 (An issue was discovered in sthttpd through 2.27.1. On systems where th ...)
- thttpd <removed>
CVE-2020-36243 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injecti ...)
@@ -81592,12 +81624,12 @@ CVE-2020-23569
RESERVED
CVE-2020-23568
RESERVED
-CVE-2020-23567
- RESERVED
-CVE-2020-23566
- RESERVED
-CVE-2020-23565
- RESERVED
+CVE-2020-23567 (Irfanview v4.53 allows attackers to to cause a denial of service (DoS) ...)
+ TODO: check
+CVE-2020-23566 (Irfanview v4.53 was discovered to contain an infinity loop via JPEG200 ...)
+ TODO: check
+CVE-2020-23565 (Irfanview v4.53 allows attackers to execute arbitrary code via a craft ...)
+ TODO: check
CVE-2020-23564
RESERVED
CVE-2020-23563
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b787ebe8da7911eeaf8e4c79463250ed0153c16
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b787ebe8da7911eeaf8e4c79463250ed0153c16
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211105/3de6180b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list