[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 15 08:10:23 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
75382631 by security tracker role at 2021-11-15T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,258 @@
-CVE-2021-43618 [integer overflow and resultant buffer overflow via crafted input]
+CVE-2021-43745
+	RESERVED
+CVE-2021-43744
+	RESERVED
+CVE-2021-43743
+	RESERVED
+CVE-2021-43742
+	RESERVED
+CVE-2021-43741
+	RESERVED
+CVE-2021-43740
+	RESERVED
+CVE-2021-43739
+	RESERVED
+CVE-2021-43738
+	RESERVED
+CVE-2021-43737
+	RESERVED
+CVE-2021-43736
+	RESERVED
+CVE-2021-43735
+	RESERVED
+CVE-2021-43734
+	RESERVED
+CVE-2021-43733
+	RESERVED
+CVE-2021-43732
+	RESERVED
+CVE-2021-43731
+	RESERVED
+CVE-2021-43730
+	RESERVED
+CVE-2021-43729
+	RESERVED
+CVE-2021-43728
+	RESERVED
+CVE-2021-43727
+	RESERVED
+CVE-2021-43726
+	RESERVED
+CVE-2021-43725
+	RESERVED
+CVE-2021-43724
+	RESERVED
+CVE-2021-43723
+	RESERVED
+CVE-2021-43722
+	RESERVED
+CVE-2021-43721
+	RESERVED
+CVE-2021-43720
+	RESERVED
+CVE-2021-43719
+	RESERVED
+CVE-2021-43718
+	RESERVED
+CVE-2021-43717
+	RESERVED
+CVE-2021-43716
+	RESERVED
+CVE-2021-43715
+	RESERVED
+CVE-2021-43714
+	RESERVED
+CVE-2021-43713
+	RESERVED
+CVE-2021-43712
+	RESERVED
+CVE-2021-43711
+	RESERVED
+CVE-2021-43710
+	RESERVED
+CVE-2021-43709
+	RESERVED
+CVE-2021-43708
+	RESERVED
+CVE-2021-43707
+	RESERVED
+CVE-2021-43706
+	RESERVED
+CVE-2021-43705
+	RESERVED
+CVE-2021-43704
+	RESERVED
+CVE-2021-43703
+	RESERVED
+CVE-2021-43702
+	RESERVED
+CVE-2021-43701
+	RESERVED
+CVE-2021-43700
+	RESERVED
+CVE-2021-43699
+	RESERVED
+CVE-2021-43698
+	RESERVED
+CVE-2021-43697
+	RESERVED
+CVE-2021-43696
+	RESERVED
+CVE-2021-43695
+	RESERVED
+CVE-2021-43694
+	RESERVED
+CVE-2021-43693
+	RESERVED
+CVE-2021-43692
+	RESERVED
+CVE-2021-43691
+	RESERVED
+CVE-2021-43690
+	RESERVED
+CVE-2021-43689
+	RESERVED
+CVE-2021-43688
+	RESERVED
+CVE-2021-43687
+	RESERVED
+CVE-2021-43686
+	RESERVED
+CVE-2021-43685
+	RESERVED
+CVE-2021-43684
+	RESERVED
+CVE-2021-43683
+	RESERVED
+CVE-2021-43682
+	RESERVED
+CVE-2021-43681
+	RESERVED
+CVE-2021-43680
+	RESERVED
+CVE-2021-43679
+	RESERVED
+CVE-2021-43678
+	RESERVED
+CVE-2021-43677
+	RESERVED
+CVE-2021-43676
+	RESERVED
+CVE-2021-43675
+	RESERVED
+CVE-2021-43674
+	RESERVED
+CVE-2021-43673
+	RESERVED
+CVE-2021-43672
+	RESERVED
+CVE-2021-43671
+	RESERVED
+CVE-2021-43670
+	RESERVED
+CVE-2021-43669
+	RESERVED
+CVE-2021-43668
+	RESERVED
+CVE-2021-43667
+	RESERVED
+CVE-2021-43666
+	RESERVED
+CVE-2021-43665
+	RESERVED
+CVE-2021-43664
+	RESERVED
+CVE-2021-43663
+	RESERVED
+CVE-2021-43662
+	RESERVED
+CVE-2021-43661
+	RESERVED
+CVE-2021-43660
+	RESERVED
+CVE-2021-43659
+	RESERVED
+CVE-2021-43658
+	RESERVED
+CVE-2021-43657
+	RESERVED
+CVE-2021-43656
+	RESERVED
+CVE-2021-43655
+	RESERVED
+CVE-2021-43654
+	RESERVED
+CVE-2021-43653
+	RESERVED
+CVE-2021-43652
+	RESERVED
+CVE-2021-43651
+	RESERVED
+CVE-2021-43650
+	RESERVED
+CVE-2021-43649
+	RESERVED
+CVE-2021-43648
+	RESERVED
+CVE-2021-43647
+	RESERVED
+CVE-2021-43646
+	RESERVED
+CVE-2021-43645
+	RESERVED
+CVE-2021-43644
+	RESERVED
+CVE-2021-43643
+	RESERVED
+CVE-2021-43642
+	RESERVED
+CVE-2021-43641
+	RESERVED
+CVE-2021-43640
+	RESERVED
+CVE-2021-43639
+	RESERVED
+CVE-2021-43638
+	RESERVED
+CVE-2021-43637
+	RESERVED
+CVE-2021-43636
+	RESERVED
+CVE-2021-43635
+	RESERVED
+CVE-2021-43634
+	RESERVED
+CVE-2021-43633
+	RESERVED
+CVE-2021-43632
+	RESERVED
+CVE-2021-43631
+	RESERVED
+CVE-2021-43630
+	RESERVED
+CVE-2021-43629
+	RESERVED
+CVE-2021-43628
+	RESERVED
+CVE-2021-43627
+	RESERVED
+CVE-2021-43626
+	RESERVED
+CVE-2021-43625
+	RESERVED
+CVE-2021-43624
+	RESERVED
+CVE-2021-43623
+	RESERVED
+CVE-2021-43622
+	RESERVED
+CVE-2021-43621
+	RESERVED
+CVE-2021-43620 (An issue was discovered in the fruity crate through 0.2.0 for Rust. Se ...)
+	TODO: check
+CVE-2021-43619
+	RESERVED
+CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m ...)
 	- gmp <unfixed> (bug #994405)
 	NOTE: https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
 	NOTE: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
@@ -587,10 +841,10 @@ CVE-2021-43396 (** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28524
 	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ff012870b2c02a62598c04daa1e54632e020fd7d
 	NOTE: Introduced by the fix for CVE-2021-3326 / BZ#27256: https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888
-CVE-2021-43391
-	RESERVED
-CVE-2021-43390
-	RESERVED
+CVE-2021-43391 (An Out-of-Bounds Read vulnerability exists when reading a DXF file usi ...)
+	TODO: check
+CVE-2021-43390 (An Out-of-Bounds Write vulnerability exists when reading a DGN file us ...)
+	TODO: check
 CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15. There is a ...)
 	- linux 5.14.16-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/10/19/1
@@ -707,8 +961,8 @@ CVE-2021-31559
 	RESERVED
 CVE-2021-26253
 	RESERVED
-CVE-2021-43336
-	RESERVED
+CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF file us ...)
+	TODO: check
 CVE-2021-43335
 	RESERVED
 CVE-2021-43334
@@ -843,24 +1097,24 @@ CVE-2021-43282
 	RESERVED
 CVE-2021-43281 (MyBB before 1.8.29 allows Remote Code Injection by an admin with the " ...)
 	NOT-FOR-US: MyBB
-CVE-2021-43280
-	RESERVED
-CVE-2021-43279
-	RESERVED
-CVE-2021-43278
-	RESERVED
-CVE-2021-43277
-	RESERVED
-CVE-2021-43276
-	RESERVED
-CVE-2021-43275
-	RESERVED
-CVE-2021-43274
-	RESERVED
-CVE-2021-43273
-	RESERVED
-CVE-2021-43272
-	RESERVED
+CVE-2021-43280 (A stack-based buffer overflow vulnerability exists in the DWF file rea ...)
+	TODO: check
+CVE-2021-43279 (An out-of-bounds write vulnerability exists in the U3D file reading pr ...)
+	TODO: check
+CVE-2021-43278 (An Out-of-bounds Read vulnerability exists in the OBJ file reading pro ...)
+	TODO: check
+CVE-2021-43277 (An out-of-bounds read vulnerability exists in the U3D file reading pro ...)
+	TODO: check
+CVE-2021-43276 (An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA ...)
+	TODO: check
+CVE-2021-43275 (A Use After Free vulnerability exists in the DGN file reading procedur ...)
+	TODO: check
+CVE-2021-43274 (A Use After Free Vulnerability exists in the Open Design Alliance Draw ...)
+	TODO: check
+CVE-2021-43273 (An Out-of-bounds Read vulnerability exists in the DGN file reading pro ...)
+	TODO: check
+CVE-2021-43272 (An improper handling of exceptional conditions vulnerability exists in ...)
+	TODO: check
 CVE-2021-43271
 	RESERVED
 CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3. ...)
@@ -8277,8 +8531,8 @@ CVE-2021-41059
 	RESERVED
 CVE-2021-41058
 	RESERVED
-CVE-2021-41057
-	RESERVED
+CVE-2021-41057 (In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles s ...)
+	TODO: check
 CVE-2021-41056
 	RESERVED
 CVE-2021-41055 (Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a  ...)
@@ -43345,8 +43599,8 @@ CVE-2021-26797 (An access control vulnerability in Hame SD1 Wi-Fi firmware <=
 	NOT-FOR-US: Hame SD1 Wi-Fi firmware
 CVE-2021-26796
 	RESERVED
-CVE-2021-26795
-	RESERVED
+CVE-2021-26795 (A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX s ...)
+	TODO: check
 CVE-2021-26794 (Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows  ...)
 	NOT-FOR-US: FrogCMS SentCMS
 CVE-2021-26793
@@ -98139,8 +98393,8 @@ CVE-2020-16154
 	RESERVED
 CVE-2020-16153
 	RESERVED
-CVE-2020-16152
-	RESERVED
+CVE-2020-16152 (The NetConfig UI administrative interface in Extreme Networks ExtremeW ...)
+	TODO: check
 CVE-2020-16151
 	RESERVED
 CVE-2020-16150 (A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/s ...)
@@ -102919,8 +103173,8 @@ CVE-2020-14426 (Certain NETGEAR devices are affected by disclosure of administra
 	NOT-FOR-US: NETGEAR
 CVE-2020-14425 (Foxit Reader before 10.0 allows Remote Command Execution via the app.o ...)
 	NOT-FOR-US: Foxit Reader
-CVE-2020-14424
-	RESERVED
+CVE-2020-14424 (Cacti before 1.2.18 allows remote attackers to trigger XSS via templat ...)
+	TODO: check
 CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret in Core/ ...)
 	NOT-FOR-US: Convos
 CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/753826311544ed53396ee527e333d9387073d9ae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/753826311544ed53396ee527e333d9387073d9ae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211115/00eb8200/attachment.htm>

More information about the debian-security-tracker-commits mailing list