[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 15 20:10:32 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3905dee2 by security tracker role at 2021-11-15T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-21216
+ RESERVED
+CVE-2022-21204
+ RESERVED
+CVE-2022-21200
+ RESERVED
+CVE-2022-21174
+ RESERVED
+CVE-2022-21157
+ RESERVED
+CVE-2022-21153
+ RESERVED
+CVE-2022-21151
+ RESERVED
+CVE-2022-21138
+ RESERVED
+CVE-2022-21136
+ RESERVED
+CVE-2022-21131
+ RESERVED
+CVE-2021-3960
+ RESERVED
+CVE-2021-3959
+ RESERVED
+CVE-2021-3958
+ RESERVED
CVE-2021-43745
RESERVED
CVE-2021-43744
@@ -421,8 +447,8 @@ CVE-2021-3943
RESERVED
CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...)
NOT-FOR-US: KNX ETS6
-CVE-2021-43574
- RESERVED
+CVE-2021-43574 (** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 ...)
+ TODO: check
CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices before 2 ...)
NOT-FOR-US: Realtek
CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (ecdsa-pyth ...)
@@ -618,8 +644,8 @@ CVE-2021-43497
RESERVED
CVE-2021-43496 (Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd7 ...)
NOT-FOR-US: Clustering
-CVE-2021-43495
- RESERVED
+CVE-2021-43495 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...)
+ TODO: check
CVE-2021-43494 (OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc68 ...)
NOT-FOR-US: OpenCV-REST-API
CVE-2021-43493 (ServerManagement master branch as of commit 49491cc6f94980e6be7791d17b ...)
@@ -3120,10 +3146,10 @@ CVE-2021-42841
RESERVED
CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the system se ...)
NOT-FOR-US: SuiteCRM
-CVE-2021-42839
- RESERVED
-CVE-2021-42838
- RESERVED
+CVE-2021-42839 (Grand Vice info Co. webopac7 file upload function fails to filter spec ...)
+ TODO: check
+CVE-2021-42838 (Grand Vice info Co. webopac7 book search field parameter does not prop ...)
+ TODO: check
CVE-2021-42837 (An issue was discovered in Talend Data Catalog before 7.3-20210930. Af ...)
NOT-FOR-US: Talend Data Catalog
CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...)
@@ -3444,14 +3470,14 @@ CVE-2021-42708
RESERVED
CVE-2021-42707
RESERVED
-CVE-2021-42706
- RESERVED
+CVE-2021-42706 (This vulnerability could allow an attacker to disclose information and ...)
+ TODO: check
CVE-2021-42705
RESERVED
CVE-2021-42704
RESERVED
-CVE-2021-42703
- RESERVED
+CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...)
+ TODO: check
CVE-2021-42702
RESERVED
CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...)
@@ -3696,8 +3722,8 @@ CVE-2021-42582
RESERVED
CVE-2021-42581
RESERVED
-CVE-2021-42580
- RESERVED
+CVE-2021-42580 (Sourcecodester Online Learning System 2.0 is vunlerable to sql injecti ...)
+ TODO: check
CVE-2021-42579
RESERVED
CVE-2021-42578
@@ -6446,10 +6472,10 @@ CVE-2021-41953
RESERVED
CVE-2021-41952
RESERVED
-CVE-2021-41951
- RESERVED
-CVE-2021-41950
- RESERVED
+CVE-2021-41951 (ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Si ...)
+ TODO: check
+CVE-2021-41950 (A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 ...)
+ TODO: check
CVE-2021-41949
RESERVED
CVE-2021-41948
@@ -6912,8 +6938,8 @@ CVE-2021-3832 (Integria IMS in its 5.0.92 version is vulnerable to a Remote Code
NOT-FOR-US: Integria IMS
CVE-2021-3831
RESERVED
-CVE-2021-41765
- RESERVED
+CVE-2021-41765 (A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of R ...)
+ TODO: check
CVE-2021-41764 (A cross-site request forgery (CSRF) vulnerability exists in Streama up ...)
NOT-FOR-US: Streama
CVE-2021-41763
@@ -7976,8 +8002,8 @@ CVE-2021-41291 (ECOA BAS controller suffers from a path traversal content disclo
NOT-FOR-US: ECOA BAS controller
CVE-2021-41290 (ECOA BAS controller suffers from an arbitrary file write and path trav ...)
NOT-FOR-US: ECOA BAS controller
-CVE-2021-41289
- RESERVED
+CVE-2021-41289 (ASUS P453UJ contains the Improper Restriction of Operations within the ...)
+ TODO: check
CVE-2021-41288 (Zoho ManageEngine OpManager version 125466 and below is vulnerable to ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-41287
@@ -9379,7 +9405,7 @@ CVE-2021-40692
CVE-2021-40691
RESERVED
CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...)
- {DLA-2767-1}
+ {DSA-5010-1 DLA-2767-1}
- libxml-security-java 2.1.7-1 (bug #994569)
NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc
CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web ...)
@@ -12929,8 +12955,8 @@ CVE-2021-39224 (Nextcloud is an open-source, self-hosted productivity platform.
NOT-FOR-US: Nextcloud OfficeOnline
CVE-2021-39223 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
NOT-FOR-US: Nextcloud Richdocuments
-CVE-2021-39222
- RESERVED
+CVE-2021-39222 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
+ TODO: check
CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
NOT-FOR-US: Nextcloud Contacts
CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...)
@@ -13493,28 +13519,28 @@ CVE-2021-38986
RESERVED
CVE-2021-38985 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
NOT-FOR-US: IBM
-CVE-2021-38984
- RESERVED
-CVE-2021-38983
- RESERVED
-CVE-2021-38982
- RESERVED
-CVE-2021-38981
- RESERVED
+CVE-2021-38984 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker ...)
+ TODO: check
+CVE-2021-38983 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker ...)
+ TODO: check
+CVE-2021-38982 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerabl ...)
+ TODO: check
+CVE-2021-38981 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...)
+ TODO: check
CVE-2021-38980
RESERVED
-CVE-2021-38979
- RESERVED
-CVE-2021-38978
- RESERVED
-CVE-2021-38977
- RESERVED
-CVE-2021-38976
- RESERVED
-CVE-2021-38975
- RESERVED
-CVE-2021-38974
- RESERVED
+CVE-2021-38979 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-w ...)
+ TODO: check
+CVE-2021-38978 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...)
+ TODO: check
+CVE-2021-38977 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set ...)
+ TODO: check
+CVE-2021-38976 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user ...)
+ TODO: check
+CVE-2021-38975 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...)
+ TODO: check
+CVE-2021-38974 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...)
+ TODO: check
CVE-2021-38973 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
NOT-FOR-US: IBM
CVE-2021-38972 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
@@ -23045,10 +23071,10 @@ CVE-2021-34994
RESERVED
CVE-2021-34993
RESERVED
-CVE-2021-34992
- RESERVED
-CVE-2021-34991
- RESERVED
+CVE-2021-34992 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-34991 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
CVE-2021-34990
RESERVED
CVE-2021-34989
@@ -52721,8 +52747,7 @@ CVE-2021-22960 (The parse function in llhttp < 2.1.4 and < 6.0.6. ignores
- nodejs 12.22.7~dfsg-1
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-when-parsing-the-body-medium-cve-2021-22960
-CVE-2021-22959 [HTTP Request Smuggling due to spaced in headers]
- RESERVED
+CVE-2021-22959 (The parser in accepts requests with a space (SP) right after the heade ...)
- nodejs 12.22.7~dfsg-1
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-due-to-spaced-in-headers-medium-cve-2021-22959
@@ -107217,11 +107242,9 @@ CVE-2020-12966
RESERVED
CVE-2020-12965
RESERVED
-CVE-2020-12964
- RESERVED
+CVE-2020-12964 (A potential privilege escalation/denial of service issue exists in the ...)
NOT-FOR-US: Intel / AMD
-CVE-2020-12963
- RESERVED
+CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Graphics D ...)
NOT-FOR-US: Intel / AMD
CVE-2020-12962
RESERVED
@@ -107291,8 +107314,7 @@ CVE-2020-12931
RESERVED
CVE-2020-12930
RESERVED
-CVE-2020-12929
- RESERVED
+CVE-2020-12929 (Improper parameters validation in some trusted applications of the PSP ...)
NOT-FOR-US: AMD
CVE-2020-12928 (A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master ...)
NOT-FOR-US: AMD Ryzen Master
@@ -107310,8 +107332,7 @@ CVE-2020-12922
REJECTED
CVE-2020-12921
REJECTED
-CVE-2020-12920
- RESERVED
+CVE-2020-12920 (A potential denial of service issue exists in the AMD Display driver E ...)
NOT-FOR-US: AMD
CVE-2020-12919
REJECTED
@@ -107350,34 +107371,27 @@ CVE-2020-12906
CVE-2020-12905
RESERVED
NOT-FOR-US: Intel / AMD
-CVE-2020-12904
- RESERVED
+CVE-2020-12904 (Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3 ...)
NOT-FOR-US: Intel / AMD
CVE-2020-12903
RESERVED
NOT-FOR-US: Intel / AMD
-CVE-2020-12902
- RESERVED
+CVE-2020-12902 (Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Wi ...)
NOT-FOR-US: Intel / AMD
CVE-2020-12901
RESERVED
NOT-FOR-US: Intel / AMD
-CVE-2020-12900
- RESERVED
+CVE-2020-12900 (An arbitrary write vulnerability in the AMD Radeon Graphics Driver for ...)
NOT-FOR-US: Intel / AMD
-CVE-2020-12899
- RESERVED
+CVE-2020-12899 (Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR ...)
NOT-FOR-US: Intel / AMD
-CVE-2020-12898
- RESERVED
+CVE-2020-12898 (Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead t ...)
NOT-FOR-US: Intel / AMD
-CVE-2020-12897
- RESERVED
+CVE-2020-12897 (Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 m ...)
NOT-FOR-US: Intel / AMD
CVE-2020-12896
REJECTED
-CVE-2020-12895
- RESERVED
+CVE-2020-12895 (Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x1 ...)
NOT-FOR-US: Intel / AMD
CVE-2020-12894
RESERVED
@@ -107385,8 +107399,7 @@ CVE-2020-12894
CVE-2020-12893
RESERVED
NOT-FOR-US: Intel / AMD
-CVE-2020-12892
- RESERVED
+CVE-2020-12892 (An untrusted search path in AMD Radeon settings Installer may lead to ...)
NOT-FOR-US: Intel / AMD
CVE-2020-12891
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3905dee2b63bd863b6f69d0fda8003adf0bd3ad3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3905dee2b63bd863b6f69d0fda8003adf0bd3ad3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211115/2ac129bd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list