[Git][security-tracker-team/security-tracker][master] automatic update

Fri Nov 19 08:10:23 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8b0f2900 by security tracker role at 2021-11-19T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2021-44034
+	RESERVED
+CVE-2021-44033 (In Ionic Identity Vault before 5.0.5, the protection mechanism for inv ...)
+	TODO: check
+CVE-2021-44032
+	RESERVED
+CVE-2021-44031
+	RESERVED
+CVE-2021-44030
+	RESERVED
+CVE-2021-44029
+	RESERVED
+CVE-2021-44028
+	RESERVED
+CVE-2021-44027
+	RESERVED
+CVE-2021-44024
+	RESERVED
+CVE-2021-44023
+	RESERVED
+CVE-2021-44022
+	RESERVED
+CVE-2021-44021
+	RESERVED
+CVE-2021-44020
+	RESERVED
+CVE-2021-44019
+	RESERVED
+CVE-2021-3978
+	RESERVED
+CVE-2021-3977
+	RESERVED
 CVE-2021-44018
 	RESERVED
 CVE-2021-44017
@@ -42,12 +74,12 @@ CVE-2021-3976
 	RESERVED
 CVE-2021-3975
 	RESERVED
-CVE-2021-44025 [XSS issue in handling attachment filename extension in mimetype mismatch warning]
+CVE-2021-44025 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in han ...)
 	- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
 	NOTE: https://github.com/roundcube/roundcubemail/issues/8193
 	NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17)
-CVE-2021-44026 [SQL injection via some session variables]
+CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potentia ...)
 	- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17)
@@ -9638,8 +9670,8 @@ CVE-2021-41280
 	RESERVED
 CVE-2021-41279
 	RESERVED
-CVE-2021-41278
-	RESERVED
+CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing necessary ...)
+	TODO: check
 CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...)
 	NOT-FOR-US: Metabase
 CVE-2021-41276
@@ -12419,12 +12451,12 @@ CVE-2021-40133
 	RESERVED
 CVE-2021-40132
 	RESERVED
-CVE-2021-40131
-	RESERVED
-CVE-2021-40130
-	RESERVED
-CVE-2021-40129
-	RESERVED
+CVE-2021-40131 (A vulnerability in the web-based management interface of Cisco Common  ...)
+	TODO: check
+CVE-2021-40130 (A vulnerability in the web application of Cisco Common Services Platfo ...)
+	TODO: check
+CVE-2021-40129 (A vulnerability in the configuration dashboard of Cisco Common Service ...)
+	TODO: check
 CVE-2021-40128 (A vulnerability in the account activation feature of Cisco Webex Meeti ...)
 	NOT-FOR-US: Cisco
 CVE-2021-40127 (A vulnerability in the web-based management interface of Cisco Small B ...)
@@ -19214,8 +19246,8 @@ CVE-2021-37324
 	RESERVED
 CVE-2021-37323
 	RESERVED
-CVE-2021-37322
-	RESERVED
+CVE-2021-37322 (GCC c++filt v2.26 was discovered to contain a use-after-free vulnerabi ...)
+	TODO: check
 CVE-2021-37321
 	RESERVED
 CVE-2021-37320
@@ -181078,9 +181110,11 @@ CVE-2019-7250 (An issue was discovered in the Cross Reference Add-on 36 for Goog
 CVE-2019-7249 (In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susc ...)
 	NOT-FOR-US: Keybase on MacOS
 CVE-2019-7283 (An issue was discovered in rcp in NetKit through 0.17. For an rcp oper ...)
+	{DLA-2822-1}
 	- netkit-rsh 0.17-20 (bug #920486)
 	[jessie] - netkit-rsh <no-dsa> (Minor issue)
 CVE-2019-7282 (In NetKit through 0.17, rcp.c in the rcp client allows remote rsh serv ...)
+	{DLA-2822-1}
 	- netkit-rsh 0.17-20 (bug #920486)
 	[jessie] - netkit-rsh <no-dsa> (Minor issue)
 CVE-2019-7248



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b0f2900c90b91a75ddfb65a7156e2ba66d43798

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b0f2900c90b91a75ddfb65a7156e2ba66d43798
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211119/6a5aab9a/attachment.htm>
