[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 19 20:10:36 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a7cb0e27 by security tracker role at 2021-11-19T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2022-21742
+ RESERVED
+CVE-2021-44040
+ RESERVED
+CVE-2021-44039
+ RESERVED
+CVE-2021-44038 (An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod op ...)
+ TODO: check
+CVE-2021-44037 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 allo ...)
+ TODO: check
+CVE-2021-44036 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 has ...)
+ TODO: check
+CVE-2021-44035
+ RESERVED
+CVE-2021-3982
+ RESERVED
+CVE-2021-3981
+ RESERVED
+CVE-2021-3980
+ RESERVED
+CVE-2021-3979
+ RESERVED
CVE-2021-44034
RESERVED
CVE-2021-44033 (In Ionic Identity Vault before 5.0.5, the protection mechanism for inv ...)
@@ -70,8 +92,8 @@ CVE-2021-44000
RESERVED
CVE-2021-43999
RESERVED
-CVE-2021-3976
- RESERVED
+CVE-2021-3976 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-3975 [segmentation fault during VM shutdown can lead to vdsm hung]
RESERVED
- libvirt 7.6.0-1
@@ -168,10 +190,10 @@ CVE-2021-43961
RESERVED
CVE-2021-43960
RESERVED
-CVE-2021-3974
- RESERVED
-CVE-2021-3973
- RESERVED
+CVE-2021-3974 (vim is vulnerable to Use After Free ...)
+ TODO: check
+CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ TODO: check
CVE-2021-3972
RESERVED
CVE-2021-3971
@@ -180,8 +202,8 @@ CVE-2021-3970
RESERVED
CVE-2021-3969
RESERVED
-CVE-2021-3968
- RESERVED
+CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ TODO: check
CVE-2022-21741
RESERVED
CVE-2022-21740
@@ -768,10 +790,9 @@ CVE-2021-43771
RESERVED
CVE-2021-3964
RESERVED
-CVE-2021-3963
- RESERVED
-CVE-2021-3962 [heap-use-after-free in at dcm.c RelinquishDCMMemory]
- RESERVED
+CVE-2021-3963 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
+CVE-2021-3962 (A flaw was found in ImageMagick 7.1.0-14 where it did not properly san ...)
- imagemagick <undetermined>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4446
NOTE: https://github.com/ImageMagick/ImageMagick/commit/82775af03bbb10a0a1d0e15c0156c75673b4525e
@@ -1626,8 +1647,8 @@ CVE-2021-43747
RESERVED
CVE-2021-43746
RESERVED
-CVE-2021-3961
- RESERVED
+CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ TODO: check
CVE-2022-21216
RESERVED
CVE-2022-21204
@@ -1918,8 +1939,8 @@ CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 ha
CVE-2021-43617 (Laravel Framework through 8.70.2 does not sufficiently block the uploa ...)
- php-laravel-framework <unfixed>
NOTE: https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b
-CVE-2021-3957
- RESERVED
+CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...)
- npm <unfixed>
NOTE: https://github.com/npm/cli/issues/2701
@@ -2021,8 +2042,8 @@ CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC bef
NOTE: https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b (v1.9.13)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/453
NOTE: Crash in CLI tool, no security impact
-CVE-2021-3950
- RESERVED
+CVE-2021-3950 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
+ TODO: check
CVE-2022-21220
RESERVED
CVE-2022-21207
@@ -2049,12 +2070,12 @@ CVE-2021-43577 (Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not
NOT-FOR-US: Jenkins plugin
CVE-2021-43576 (Jenkins pom2config Plugin 1.2 and earlier does not configure its XML p ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-42744
- RESERVED
-CVE-2021-26262
- RESERVED
-CVE-2021-26248
- RESERVED
+CVE-2021-42744 (Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive informatio ...)
+ TODO: check
+CVE-2021-26262 (Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorre ...)
+ TODO: check
+CVE-2021-26248 (Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outs ...)
+ TODO: check
CVE-2021-3949
RESERVED
CVE-2021-3948
@@ -2134,8 +2155,8 @@ CVE-2021-3940
RESERVED
CVE-2021-43556
RESERVED
-CVE-2021-43555
- RESERVED
+CVE-2021-43555 (mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validat ...)
+ TODO: check
CVE-2021-43554
RESERVED
CVE-2021-43553 (PI Vision could disclose information to a user with insufficient privi ...)
@@ -2468,10 +2489,10 @@ CVE-2021-43410
RESERVED
CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: twill
-CVE-2021-43409
- RESERVED
-CVE-2021-43408
- RESERVED
+CVE-2021-43409 (The "WPO365 | LOGIN" WordPress plugin (up to and including version 15. ...)
+ TODO: check
+CVE-2021-43408 (The Duplicate Post WordPress plugin up to and including version 1.1.9 ...)
+ TODO: check
CVE-2021-43407
RESERVED
CVE-2021-43406 (An issue was discovered in FusionPBX before 4.5.30. The fax_post_size ...)
@@ -3948,8 +3969,8 @@ CVE-2021-43204
RESERVED
CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: firefly-iii
-CVE-2021-3920
- RESERVED
+CVE-2021-3920 (grav-plugin-admin is vulnerable to Improper Neutralization of Input Du ...)
+ TODO: check
CVE-2021-3919
RESERVED
CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 a ...)
@@ -6911,8 +6932,8 @@ CVE-2021-42365
RESERVED
CVE-2021-42364
RESERVED
-CVE-2021-42363
- RESERVED
+CVE-2021-42363 (The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to ...)
+ TODO: check
CVE-2021-42362 (The WordPress Popular Posts WordPress plugin is vulnerable to arbitrar ...)
NOT-FOR-US: WordPress plugin
CVE-2021-42361 (The Contact Form Email WordPress plugin is vulnerable to Stored Cross- ...)
@@ -6996,8 +7017,8 @@ CVE-2020-36479
RESERVED
CVE-2021-42339
RESERVED
-CVE-2021-42338
- RESERVED
+CVE-2021-42338 (4MOSAn GCB Doctor’s login page has improper validation of Cookie ...)
+ TODO: check
CVE-2021-42337 (The permission control of AIFU cashier management salary query functio ...)
NOT-FOR-US: AIFU cashier management salary
CVE-2021-42336 (The learning history page of the Easytest is vulnerable by permission ...)
@@ -7386,8 +7407,8 @@ CVE-2021-3878 (corenlp is vulnerable to Improper Restriction of XML External Ent
NOT-FOR-US: CoreNLP
CVE-2021-42255
RESERVED
-CVE-2021-42254
- RESERVED
+CVE-2021-42254 (BeyondTrust Privilege Management prior to version 21.6 creates a Tempo ...)
+ TODO: check
CVE-2021-42253
RESERVED
CVE-2021-42252 (An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/ ...)
@@ -9020,8 +9041,8 @@ CVE-2021-41571
RESERVED
CVE-2021-41570
RESERVED
-CVE-2021-41569
- RESERVED
+CVE-2021-41569 (SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. Th ...)
+ TODO: check
CVE-2021-3826
RESERVED
CVE-2021-41568 (Tad Web is vulnerable to authorization bypass, thus remote attackers c ...)
@@ -9104,8 +9125,7 @@ CVE-2021-41534 (A vulnerability has been identified in NX 1980 Series (All versi
NOT-FOR-US: Siemens
CVE-2021-41533 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
NOT-FOR-US: Siemens
-CVE-2021-41532
- RESERVED
+CVE-2021-41532 (In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to O ...)
NOT-FOR-US: Apache Ozone
CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if ...)
- routinator <itp> (bug #929024)
@@ -9327,10 +9347,10 @@ CVE-2021-41438
RESERVED
CVE-2021-41437
RESERVED
-CVE-2021-41436
- RESERVED
-CVE-2021-41435
- RESERVED
+CVE-2021-41436 (An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX ...)
+ TODO: check
+CVE-2021-41435 (A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapt ...)
+ TODO: check
CVE-2021-41434
RESERVED
CVE-2021-41433
@@ -11795,8 +11815,7 @@ CVE-2021-40393
RESERVED
CVE-2021-40392
RESERVED
-CVE-2021-40391 [Gerbv drill format T-code tool number out-of-bounds write vulnerability]
- RESERVED
+CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format T-code ...)
- gerbv 2.7.1-1
[bullseye] - gerbv <no-dsa> (Minor issue)
[buster] - gerbv <no-dsa> (Minor issue)
@@ -12895,8 +12914,7 @@ CVE-2021-39931
RESERVED
CVE-2021-39930
RESERVED
-CVE-2021-39929
- RESERVED
+CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4 ...)
- wireshark <unfixed>
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17651
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-07.html
@@ -12906,30 +12924,25 @@ CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-13.html
CVE-2021-39927
RESERVED
-CVE-2021-39926
- RESERVED
+CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 ...)
- wireshark <unfixed>
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17649
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-08.html
-CVE-2021-39925
- RESERVED
+CVE-2021-39925 (Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3 ...)
- wireshark <unfixed>
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17635
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-09.html
-CVE-2021-39924
- RESERVED
+CVE-2021-39924 (Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 ...)
- wireshark <unfixed>
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17677
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-10.html
-CVE-2021-39923
- RESERVED
-CVE-2021-39922
- RESERVED
+CVE-2021-39923 (NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3 ...)
+ TODO: check
+CVE-2021-39922 (Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 an ...)
- wireshark <unfixed>
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17636
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-12.html
-CVE-2021-39921
- RESERVED
+CVE-2021-39921 (NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3 ...)
- wireshark <unfixed>
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17703
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-14.html
@@ -14219,8 +14232,8 @@ CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to Stored
NOT-FOR-US: WordPress plugin
CVE-2021-39354 (The Easy Digital Downloads WordPress plugin is vulnerable to Reflected ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39353
- RESERVED
+CVE-2021-39353 (The Easy Registration Forms WordPress plugin is vulnerable to Cross-Si ...)
+ TODO: check
CVE-2021-39352 (The Catch Themes Demo Import WordPress plugin is vulnerable to arbitra ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated SQL i ...)
@@ -14607,23 +14620,17 @@ CVE-2021-39238 (Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterpri
NOT-FOR-US: HP
CVE-2021-39237 (Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide ...)
NOT-FOR-US: HP
-CVE-2021-39236
- RESERVED
+CVE-2021-39236 (In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 ...)
NOT-FOR-US: Apache Ozone
-CVE-2021-39235
- RESERVED
+CVE-2021-39235 (In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access ...)
NOT-FOR-US: Apache Ozone
-CVE-2021-39234
- RESERVED
+CVE-2021-39234 (In Apache Ozone versions prior to 1.2.0, Authenticated users knowing t ...)
NOT-FOR-US: Apache Ozone
-CVE-2021-39233
- RESERVED
+CVE-2021-39233 (In Apache Ozone versions prior to 1.2.0, Container related Datanode re ...)
NOT-FOR-US: Apache Ozone
-CVE-2021-39232
- RESERVED
+CVE-2021-39232 (In Apache Ozone versions prior to 1.2.0, certain admin related SCM com ...)
NOT-FOR-US: Apache Ozone
-CVE-2021-39231
- RESERVED
+CVE-2021-39231 (In Apache Ozone versions prior to 1.2.0, Various internal server-to-se ...)
NOT-FOR-US: Apache Ozone
CVE-2021-3713 (An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) d ...)
{DSA-4980-1 DLA-2753-1}
@@ -18697,8 +18704,8 @@ CVE-2021-37594 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_conte
NOTE: https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9
CVE-2021-37593 (PEEL Shopping version 9.4.0 allows remote SQL injection. A public user ...)
NOT-FOR-US: PEEL Shopping
-CVE-2021-37592
- RESERVED
+CVE-2021-37592 (Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a cl ...)
+ TODO: check
CVE-2021-37591
RESERVED
CVE-2021-37590
@@ -20275,8 +20282,8 @@ CVE-2021-36886
RESERVED
CVE-2021-36885
RESERVED
-CVE-2021-36884
- RESERVED
+CVE-2021-36884 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability disc ...)
+ TODO: check
CVE-2021-36883
RESERVED
CVE-2021-36882
@@ -21469,8 +21476,7 @@ CVE-2021-36373 (When reading a specially crafted TAR archive an Apache Ant build
- ant 1.10.11-1 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/5
NOTE: Crash in CLI tool, no security impact
-CVE-2021-36372
- RESERVED
+CVE-2021-36372 (In Apache Ozone versions prior to 1.2.0, Initially generated block tok ...)
NOT-FOR-US: Apache Ozone
CVE-2021-36371 (Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allo ...)
NOT-FOR-US: Emissary-Ingress (formerly Ambassador API Gateway)
@@ -22464,8 +22470,8 @@ CVE-2021-36005 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and ea
NOT-FOR-US: Adobe
CVE-2021-36004 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...)
NOT-FOR-US: Adobe
-CVE-2021-36003
- RESERVED
+CVE-2021-36003 (Adobe Audition version 14.2 (and earlier) is affected by an out-of-bou ...)
+ TODO: check
CVE-2021-36002 (Adobe Captivate version 11.5.5 (and earlier) is affected by an Creatio ...)
NOT-FOR-US: Adobe
CVE-2021-36001 (Adobe Character Animator version 4.2 (and earlier) is affected by an o ...)
@@ -27374,8 +27380,8 @@ CVE-2021-33852
RESERVED
CVE-2021-33851
RESERVED
-CVE-2021-33850
- RESERVED
+CVE-2021-33850 (There is a Cross-Site Scripting vulnerability in Microsoft Clarity ver ...)
+ TODO: check
CVE-2021-33849 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScri ...)
NOT-FOR-US: Zoho
CVE-2021-3581 (Buffer Access with Incorrect Length Value in zephyr. Zephyr versions & ...)
@@ -39208,20 +39214,20 @@ CVE-2021-29331
RESERVED
CVE-2021-29330
RESERVED
-CVE-2021-29329
- RESERVED
-CVE-2021-29328
- RESERVED
-CVE-2021-29327
- RESERVED
-CVE-2021-29326
- RESERVED
-CVE-2021-29325
- RESERVED
-CVE-2021-29324
- RESERVED
-CVE-2021-29323
- RESERVED
+CVE-2021-29329 (OpenSource Moddable v10.5.0 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2021-29328 (OpenSource Moddable v10.5.0 was discovered to contain buffer over-read ...)
+ TODO: check
+CVE-2021-29327 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...)
+ TODO: check
+CVE-2021-29326 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...)
+ TODO: check
+CVE-2021-29325 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...)
+ TODO: check
+CVE-2021-29324 (OpenSource Moddable v10.5.0 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2021-29323 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...)
+ TODO: check
CVE-2021-29322
RESERVED
CVE-2021-29321
@@ -53329,7 +53335,7 @@ CVE-2021-23474
RESERVED
CVE-2021-23473
RESERVED
-CVE-2021-23472 (This affects all versions of package bootstrap-table. A type confusion ...)
+CVE-2021-23472 (This affects versions before 1.19.1 of package bootstrap-table. A type ...)
NOT-FOR-US: bootstrap-table
NOTE: URL in CVE has moved. https://github.com/wenzhixin/bootstrap-table/pull/5941
CVE-2021-23471
@@ -54411,18 +54417,18 @@ CVE-2021-22972
RESERVED
CVE-2021-22971
RESERVED
-CVE-2021-22970
- RESERVED
-CVE-2021-22969
- RESERVED
-CVE-2021-22968
- RESERVED
-CVE-2021-22967
- RESERVED
-CVE-2021-22966
- RESERVED
-CVE-2021-22965
- RESERVED
+CVE-2021-22970 (Concrete CMS (formerly concrete5) versions 8.5.6 and below and version ...)
+ TODO: check
+CVE-2021-22969 (Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF miti ...)
+ TODO: check
+CVE-2021-22968 (A bypass of adding remote files in Concrete CMS (previously concrete5) ...)
+ TODO: check
+CVE-2021-22967 (In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthe ...)
+ TODO: check
+CVE-2021-22966 (Privilege escalation from Editor to Admin using Groups in Concrete CMS ...)
+ TODO: check
+CVE-2021-22965 (A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an ...)
+ TODO: check
CVE-2021-22964 (A redirect vulnerability in the `fastify-static` module version >= ...)
NOT-FOR-US: fastify-static
CVE-2021-22963 (A redirect vulnerability in the fastify-static module version < 4.2 ...)
@@ -54453,8 +54459,8 @@ CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacke
NOT-FOR-US: Concrete CMS
CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and earlier pe ...)
NOT-FOR-US: UniFI Talk
-CVE-2021-22951
- RESERVED
+CVE-2021-22951 (Unauthorized individuals could view password protected files using vie ...)
+ TODO: check
CVE-2021-22950 (Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachme ...)
NOT-FOR-US: Concrete CMS
CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to d ...)
@@ -56615,8 +56621,8 @@ CVE-2021-22055
RESERVED
CVE-2021-22054
RESERVED
-CVE-2021-22053
- RESERVED
+CVE-2021-22053 (Applications using both `spring-cloud-netflix-hystrix-dashboard` and ` ...)
+ TODO: check
CVE-2021-22052
RESERVED
CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...)
@@ -56661,12 +56667,12 @@ CVE-2021-22032
RESERVED
CVE-2021-22031
RESERVED
-CVE-2021-22030
- RESERVED
+CVE-2021-22030 (In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain ...)
+ TODO: check
CVE-2021-22029 (VMware Workspace ONE UEM REST API contains a denial of service vulnera ...)
NOT-FOR-US: VMware
-CVE-2021-22028
- RESERVED
+CVE-2021-22028 (In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplu ...)
+ TODO: check
CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...)
NOT-FOR-US: VMware
CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...)
@@ -56731,6 +56737,7 @@ CVE-2021-21998 (VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, an
CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of ...)
NOT-FOR-US: VMware
CVE-2021-21996 (An issue was discovered in SaltStack Salt before 3003.3. A user who ha ...)
+ {DSA-5011-1}
- salt 3002.7+dfsg1-1 (bug #994016)
NOTE: https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
NOTE: Fixed by https://github.com/saltstack/salt/commit/0b75ba190fda9c04cc026ad1aa4a6d572f40349b
@@ -56941,12 +56948,12 @@ CVE-2021-21902
RESERVED
CVE-2021-21901
RESERVED
-CVE-2021-21900
- RESERVED
-CVE-2021-21899
- RESERVED
-CVE-2021-21898
- RESERVED
+CVE-2021-21900 (A code execution vulnerability exists in the dxfRW::processLType() fun ...)
+ TODO: check
+CVE-2021-21899 (A code execution vulnerability exists in the dwgCompressor::copyCompBy ...)
+ TODO: check
+CVE-2021-21898 (A code execution vulnerability exists in the dwgCompressor::decompress ...)
+ TODO: check
CVE-2021-21897 (A code execution vulnerability exists in the DL_Dxf::handleLWPolylineD ...)
- dxflib 3.26.4-1
[bullseye] - dxflib <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7cb0e27fb20261bb20c9b995d9216f328a911a8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7cb0e27fb20261bb20c9b995d9216f328a911a8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211119/ac27c1ce/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list