[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 12 20:10:26 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
42f5886f by security tracker role at 2021-11-12T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-43582
+ RESERVED
+CVE-2021-43581
+ RESERVED
+CVE-2021-43580
+ RESERVED
+CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC before 1. ...)
+ TODO: check
+CVE-2021-3950
+ RESERVED
CVE-2022-21220
RESERVED
CVE-2022-21207
@@ -18,14 +28,11 @@ CVE-2022-21125
RESERVED
CVE-2022-21123
RESERVED
-CVE-2021-43578
- RESERVED
+CVE-2021-43578 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-43577
- RESERVED
+CVE-2021-43577 (Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not confi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-43576
- RESERVED
+CVE-2021-43576 (Jenkins pom2config Plugin 1.2 and earlier does not configure its XML p ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-42744
RESERVED
@@ -189,8 +196,8 @@ CVE-2021-3936
RESERVED
CVE-2021-3935
RESERVED
-CVE-2021-3934
- RESERVED
+CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Elements u ...)
+ TODO: check
CVE-2021-3933
RESERVED
- openexr <unfixed>
@@ -254,16 +261,16 @@ CVE-2021-43498
RESERVED
CVE-2021-43497
RESERVED
-CVE-2021-43496
- RESERVED
+CVE-2021-43496 (Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd7 ...)
+ TODO: check
CVE-2021-43495
RESERVED
-CVE-2021-43494
- RESERVED
-CVE-2021-43493
- RESERVED
-CVE-2021-43492
- RESERVED
+CVE-2021-43494 (OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc68 ...)
+ TODO: check
+CVE-2021-43493 (ServerManagement master branch as of commit 49491cc6f94980e6be7791d17b ...)
+ TODO: check
+CVE-2021-43492 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...)
+ TODO: check
CVE-2021-43491
RESERVED
CVE-2021-43490
@@ -688,7 +695,7 @@ CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Rest
NOT-FOR-US: Grav CMS
CVE-2021-23222
RESERVED
- {DSA-5007-1 DSA-5006-1}
+ {DSA-5007-1 DSA-5006-1 DLA-2817-1}
- postgresql-14 14.1-1
- postgresql-13 <unfixed>
- postgresql-11 <removed>
@@ -696,7 +703,7 @@ CVE-2021-23222
NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
CVE-2021-23214
RESERVED
- {DSA-5007-1 DSA-5006-1}
+ {DSA-5007-1 DSA-5006-1 DLA-2817-1}
- postgresql-14 14.1-1
- postgresql-13 <unfixed>
- postgresql-11 <removed>
@@ -4915,6 +4922,7 @@ CVE-2021-3886
CVE-2021-3885
RESERVED
CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...)
+ {DSA-5009-1}
- tomcat9 9.0.54-1
[buster] - tomcat9 <not-affected> (Vulnerable code introduced later)
- tomcat8 <removed>
@@ -6018,8 +6026,8 @@ CVE-2021-3857
RESERVED
CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
NOT-FOR-US: Apache MINA
-CVE-2021-41972
- RESERVED
+CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...)
+ TODO: check
CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...)
NOT-FOR-US: Apache Superset
CVE-2021-3856
@@ -7659,8 +7667,8 @@ CVE-2021-41266
RESERVED
CVE-2021-41265
RESERVED
-CVE-2021-41264
- RESERVED
+CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract development. In ...)
+ TODO: check
CVE-2021-41263
RESERVED
CVE-2021-41262
@@ -7669,8 +7677,8 @@ CVE-2021-41261
RESERVED
CVE-2021-41260
RESERVED
-CVE-2021-41259
- RESERVED
+CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency, expr ...)
+ TODO: check
CVE-2021-41258
RESERVED
CVE-2021-41257
@@ -7679,8 +7687,8 @@ CVE-2021-41256
RESERVED
CVE-2021-41255
RESERVED
-CVE-2021-41254
- RESERVED
+CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running ...)
+ TODO: check
CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v ...)
- zydis <unfixed> (bug #999431)
NOTE: https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g
@@ -13108,8 +13116,8 @@ CVE-2021-38987
RESERVED
CVE-2021-38986
RESERVED
-CVE-2021-38985
- RESERVED
+CVE-2021-38985 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+ TODO: check
CVE-2021-38984
RESERVED
CVE-2021-38983
@@ -13132,10 +13140,10 @@ CVE-2021-38975
RESERVED
CVE-2021-38974
RESERVED
-CVE-2021-38973
- RESERVED
-CVE-2021-38972
- RESERVED
+CVE-2021-38973 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+ TODO: check
+CVE-2021-38972 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+ TODO: check
CVE-2021-38971
RESERVED
CVE-2021-38970
@@ -55479,14 +55487,11 @@ CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x
- php7.0 <removed>
NOTE: Fixed in PHP 8.0.2, 7.4.15, 7.3.27
NOTE: PHP Bug: https://bugs.php.net/80672
-CVE-2021-21701
- RESERVED
+CVE-2021-21701 (Jenkins Performance Plugin 3.20 and earlier does not configure its XML ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21700
- RESERVED
+CVE-2021-21700 (Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of s ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21699
- RESERVED
+CVE-2021-21699 (Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the pa ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21698 (Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the nam ...)
NOT-FOR-US: Jenkins plugin
@@ -130973,8 +130978,8 @@ CVE-2020-4148
RESERVED
CVE-2020-4147
RESERVED
-CVE-2020-4146
- RESERVED
+CVE-2020-4146 (IBM Security SiteProtector System 3.1.1 could allow a remote attacker ...)
+ TODO: check
CVE-2020-4145
RESERVED
CVE-2020-4144
@@ -130985,8 +130990,8 @@ CVE-2020-4142
RESERVED
CVE-2020-4141
RESERVED
-CVE-2020-4140
- RESERVED
+CVE-2020-4140 (IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site sc ...)
+ TODO: check
CVE-2020-4139
RESERVED
CVE-2020-4138
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42f5886f6ec71dd9e568391cfcfcc2a8d0ea679f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42f5886f6ec71dd9e568391cfcfcc2a8d0ea679f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211112/abb25bc4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list