[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 22 20:10:28 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a258d7b by security tracker role at 2021-11-22T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,139 @@
+CVE-2021-44142
+	RESERVED
+CVE-2021-44141
+	RESERVED
+CVE-2021-44140
+	RESERVED
+CVE-2021-44139
+	RESERVED
+CVE-2021-44138
+	RESERVED
+CVE-2021-44137
+	RESERVED
+CVE-2021-44136
+	RESERVED
+CVE-2021-44135
+	RESERVED
+CVE-2021-44134
+	RESERVED
+CVE-2021-44133
+	RESERVED
+CVE-2021-44132
+	RESERVED
+CVE-2021-44131
+	RESERVED
+CVE-2021-44130
+	RESERVED
+CVE-2021-44129
+	RESERVED
+CVE-2021-44128
+	RESERVED
+CVE-2021-44127
+	RESERVED
+CVE-2021-44126
+	RESERVED
+CVE-2021-44125
+	RESERVED
+CVE-2021-44124
+	RESERVED
+CVE-2021-44123
+	RESERVED
+CVE-2021-44122
+	RESERVED
+CVE-2021-44121
+	RESERVED
+CVE-2021-44120
+	RESERVED
+CVE-2021-44119
+	RESERVED
+CVE-2021-44118
+	RESERVED
+CVE-2021-44117
+	RESERVED
+CVE-2021-44116
+	RESERVED
+CVE-2021-44115
+	RESERVED
+CVE-2021-44114
+	RESERVED
+CVE-2021-44113
+	RESERVED
+CVE-2021-44112
+	RESERVED
+CVE-2021-44111
+	RESERVED
+CVE-2021-44110
+	RESERVED
+CVE-2021-44109
+	RESERVED
+CVE-2021-44108
+	RESERVED
+CVE-2021-44107
+	RESERVED
+CVE-2021-44106
+	RESERVED
+CVE-2021-44105
+	RESERVED
+CVE-2021-44104
+	RESERVED
+CVE-2021-44103
+	RESERVED
+CVE-2021-44102
+	RESERVED
+CVE-2021-44101
+	RESERVED
+CVE-2021-44100
+	RESERVED
+CVE-2021-44099
+	RESERVED
+CVE-2021-44098
+	RESERVED
+CVE-2021-44097
+	RESERVED
+CVE-2021-44096
+	RESERVED
+CVE-2021-44095
+	RESERVED
+CVE-2021-44094
+	RESERVED
+CVE-2021-44093
+	RESERVED
+CVE-2021-44092
+	RESERVED
+CVE-2021-44091
+	RESERVED
+CVE-2021-44090
+	RESERVED
+CVE-2021-44089
+	RESERVED
+CVE-2021-44088
+	RESERVED
+CVE-2021-44087
+	RESERVED
+CVE-2021-44086
+	RESERVED
+CVE-2021-44085
+	RESERVED
+CVE-2021-44084
+	RESERVED
+CVE-2021-44083
+	RESERVED
+CVE-2021-44082
+	RESERVED
+CVE-2021-44081
+	RESERVED
+CVE-2021-44080
+	RESERVED
+CVE-2021-4001
+	RESERVED
+CVE-2021-4000
+	RESERVED
+CVE-2021-3999
+	RESERVED
+CVE-2021-3998
+	RESERVED
+CVE-2021-3997
+	RESERVED
 CVE-2021-44079 (In the wazuh-slack active response script in Wazuh before 4.2.5, untru ...)
 	NOT-FOR-US: Wazuh
 CVE-2021-3996
@@ -2155,10 +2291,10 @@ CVE-2021-3952
 	RESERVED
 CVE-2021-3951
 	RESERVED
-CVE-2021-43582
-	RESERVED
-CVE-2021-43581
-	RESERVED
+CVE-2021-43582 (A Use-After-Free Remote Vulnerability exists when reading a DWG file u ...)
+	TODO: check
+CVE-2021-43581 (An Out-of-Bounds Read vulnerability exists when reading a U3D file usi ...)
+	TODO: check
 CVE-2021-43580
 	RESERVED
 CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC before 1. ...)
@@ -2222,8 +2358,7 @@ CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote attacker
 	NOT-FOR-US: Diffie Hellmann kex protocol issue
 CVE-2021-3944
 	RESERVED
-CVE-2021-3943
-	RESERVED
+CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
 	- moodle <removed>
 CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...)
 	NOT-FOR-US: KNX ETS6
@@ -2255,19 +2390,15 @@ CVE-2021-43562 (An issue was discovered in the pixxio (aka pixx.io integration o
 	NOT-FOR-US: TYPO3 extension
 CVE-2021-43561 (An XSS issue was discovered in the google_for_jobs (aka Google for Job ...)
 	NOT-FOR-US: TYPO3 extension
-CVE-2021-43560
-	RESERVED
+CVE-2021-43560 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
 	- moodle <removed>
-CVE-2021-43559
-	RESERVED
+CVE-2021-43559 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
 	- moodle <removed>
-CVE-2021-43558
-	RESERVED
+CVE-2021-43558 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
 	- moodle <removed>
 CVE-2021-3942
 	RESERVED
-CVE-2021-43557
-	RESERVED
+CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri  ...)
 	NOT-FOR-US: Apache Apisix
 CVE-2021-3941
 	RESERVED
@@ -2360,8 +2491,7 @@ CVE-2021-3937
 	RESERVED
 CVE-2021-3936
 	RESERVED
-CVE-2021-3935
-	RESERVED
+CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-in-th ...)
 	- pgbouncer <unfixed>
 	NOTE: https://www.pgbouncer.org/2021/11/pgbouncer-1-16-1
 	NOTE: https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_1_16_1
@@ -4567,10 +4697,10 @@ CVE-2021-43018
 	RESERVED
 CVE-2021-43017 (Adobe Creative Cloud version 5.5 (and earlier) are affected by an Appl ...)
 	NOT-FOR-US: Adobe
-CVE-2021-43016
-	RESERVED
-CVE-2021-43015
-	RESERVED
+CVE-2021-43016 (Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer  ...)
+	TODO: check
+CVE-2021-43015 (Adobe InCopy version 16.4 (and earlier) is affected by a memory corrup ...)
+	TODO: check
 CVE-2021-43014
 	RESERVED
 CVE-2021-43013 (Adobe Media Encoder version 15.4.1 (and earlier) are affected by a mem ...)
@@ -5210,18 +5340,18 @@ CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a
 	- linux 5.14.16-1
 	NOTE: https://seclists.org/oss-sec/2021/q2/46
 	NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/
-CVE-2021-42738
-	RESERVED
-CVE-2021-42737
-	RESERVED
+CVE-2021-42738 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+	TODO: check
+CVE-2021-42737 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+	TODO: check
 CVE-2021-42736
 	RESERVED
 CVE-2021-42735
 	RESERVED
 CVE-2021-42734
 	RESERVED
-CVE-2021-42733
-	RESERVED
+CVE-2021-42733 (Adobe Prelude version 10.1 (and earlier) is affected by an improper in ...)
+	TODO: check
 CVE-2021-42732
 	RESERVED
 CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Ov ...)
@@ -5232,8 +5362,8 @@ CVE-2021-42729
 	RESERVED
 CVE-2021-42728
 	RESERVED
-CVE-2021-42727
-	RESERVED
+CVE-2021-42727 (Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected b ...)
+	TODO: check
 CVE-2021-42726 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...)
 	NOT-FOR-US: Adobe
 CVE-2021-42725 (Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by ...)
@@ -5283,12 +5413,12 @@ CVE-2021-42709
 	RESERVED
 CVE-2021-42708
 	RESERVED
-CVE-2021-42707
-	RESERVED
+CVE-2021-42707 (PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds  ...)
+	TODO: check
 CVE-2021-42706 (This vulnerability could allow an attacker to disclose information and ...)
 	NOT-FOR-US: Advantech
-CVE-2021-42705
-	RESERVED
+CVE-2021-42705 (PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buf ...)
+	TODO: check
 CVE-2021-42704
 	RESERVED
 CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...)
@@ -11054,18 +11184,18 @@ CVE-2021-40777
 	RESERVED
 CVE-2021-40776
 	RESERVED
-CVE-2021-40775
-	RESERVED
-CVE-2021-40774
-	RESERVED
-CVE-2021-40773
-	RESERVED
-CVE-2021-40772
-	RESERVED
-CVE-2021-40771
-	RESERVED
-CVE-2021-40770
-	RESERVED
+CVE-2021-40775 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+	TODO: check
+CVE-2021-40774 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...)
+	TODO: check
+CVE-2021-40773 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...)
+	TODO: check
+CVE-2021-40772 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+	TODO: check
+CVE-2021-40771 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+	TODO: check
+CVE-2021-40770 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+	TODO: check
 CVE-2021-40769
 	RESERVED
 CVE-2021-40768
@@ -16642,8 +16772,8 @@ CVE-2021-38450 (The affected controllers do not properly sanitize the input cont
 	NOT-FOR-US: Trane
 CVE-2021-38449 (Some API functions permit by-design writing or copying data into a giv ...)
 	NOT-FOR-US: AUVESY
-CVE-2021-38448
-	RESERVED
+CVE-2021-38448 (The affected controllers do not properly sanitize the input containing ...)
+	TODO: check
 CVE-2021-38447
 	RESERVED
 CVE-2021-38446
@@ -16798,16 +16928,16 @@ CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 s
 	NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04]
 CVE-2021-38379 (The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permi ...)
 	NOT-FOR-US: CFEngine Enterprise
-CVE-2021-38378
-	RESERVED
-CVE-2021-38377
-	RESERVED
-CVE-2021-38376
-	RESERVED
-CVE-2021-38375
-	RESERVED
-CVE-2021-38374
-	RESERVED
+CVE-2021-38378 (OX App Suite 7.10.5 allows Information Exposure because a caching mech ...)
+	TODO: check
+CVE-2021-38377 (OX App Suite through 7.10.5 allows XSS via JavaScript code in an ancho ...)
+	TODO: check
+CVE-2021-38376 (OX App Suite through 7.10.5 has Incorrect Access Control for retrieval ...)
+	TODO: check
+CVE-2021-38375 (OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG ...)
+	TODO: check
+CVE-2021-38374 (OX App Suite through through 7.10.5 allows XSS via a crafted snippet t ...)
+	TODO: check
 CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not hon ...)
 	- kmail <unfixed>
 	[bullseye] - kmail <no-dsa> (Minor issue)
@@ -17479,8 +17609,8 @@ CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for n
 	NOT-FOR-US: Obsidian
 CVE-2021-38147
 	RESERVED
-CVE-2021-38146
-	RESERVED
+CVE-2021-38146 (The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_1 ...)
+	TODO: check
 CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...)
 	NOT-FOR-US: Form Tools
 CVE-2021-38144 (An issue was discovered in Form Tools through 3.0.20. A low-privileged ...)
@@ -28469,22 +28599,22 @@ CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal
 	NOT-FOR-US: Dutchcoders transfer.sh
 CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. ...)
 	NOT-FOR-US: Dutchcoders transfer.sh
-CVE-2021-33495
-	RESERVED
-CVE-2021-33494
-	RESERVED
-CVE-2021-33493
-	RESERVED
-CVE-2021-33492
-	RESERVED
-CVE-2021-33491
-	RESERVED
-CVE-2021-33490
-	RESERVED
-CVE-2021-33489
-	RESERVED
-CVE-2021-33488
-	RESERVED
+CVE-2021-33495 (OX App Suite 7.10.5 allows XSS via an OX Chat system message. ...)
+	TODO: check
+CVE-2021-33494 (OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing ...)
+	TODO: check
+CVE-2021-33493 (The middleware component in OX App Suite through 7.10.5 allows Code In ...)
+	TODO: check
+CVE-2021-33492 (OX App Suite 7.10.5 allows XSS via an OX Chat room name. ...)
+	TODO: check
+CVE-2021-33491 (OX App Suite through 7.10.5 allows Directory Traversal via ../ in an O ...)
+	TODO: check
+CVE-2021-33490 (OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shar ...)
+	TODO: check
+CVE-2021-33489 (OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared ...)
+	TODO: check
+CVE-2021-33488 (chat in OX App Suite 7.10.5 has Improper Input Validation. A user can  ...)
+	TODO: check
 CVE-2021-33487
 	RESERVED
 CVE-2021-33486 (All versions of the CODESYS V3 Runtime Toolkit for VxWorks from versio ...)
@@ -45889,8 +46019,8 @@ CVE-2021-26616
 	RESERVED
 CVE-2021-26615
 	RESERVED
-CVE-2021-26614
-	RESERVED
+CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...)
+	TODO: check
 CVE-2021-26613
 	RESERVED
 CVE-2021-26612
@@ -52967,8 +53097,8 @@ CVE-2021-23734
 	RESERVED
 CVE-2021-23733
 	RESERVED
-CVE-2021-23732
-	RESERVED
+CVE-2021-23732 (This affects all versions of package docker-cli-js. If the command par ...)
+	TODO: check
 CVE-2021-23731
 	RESERVED
 CVE-2021-23730
@@ -52995,8 +53125,8 @@ CVE-2021-23720
 	RESERVED
 CVE-2021-23719
 	RESERVED
-CVE-2021-23718
-	RESERVED
+CVE-2021-23718 (The package ssrf-agent before 1.0.5 are vulnerable to Server-side Requ ...)
+	TODO: check
 CVE-2021-23717
 	RESERVED
 CVE-2021-23716
@@ -53085,8 +53215,8 @@ CVE-2021-23675
 	RESERVED
 CVE-2021-23674
 	RESERVED
-CVE-2021-23673
-	RESERVED
+CVE-2021-23673 (This affects all versions of package pekeupload. If an attacker induce ...)
+	TODO: check
 CVE-2021-23672
 	RESERVED
 CVE-2021-23671
@@ -103279,7 +103409,7 @@ CVE-2020-15076 (Private Tunnel installer for macOS version 3.0.1 and older versi
 	NOT-FOR-US: Private Tunnel installer for macOS
 CVE-2020-15075 (OpenVPN Connect installer for macOS version 3.2.6 and older may corrup ...)
 	NOT-FOR-US: OpenVPN Connect installer for macOS
-CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 generates new user auth ...)
+CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 and version 2.9.5 gener ...)
 	NOT-FOR-US: OpenVPN Access Server
 CVE-2020-15073 (An issue was discovered in phpList through 3.5.4. An XSS vulnerability ...)
 	- phplist <itp> (bug #612288)
@@ -123842,8 +123972,8 @@ CVE-2020-7884
 	RESERVED
 CVE-2020-7883
 	RESERVED
-CVE-2020-7882
-	RESERVED
+CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can see th ...)
+	TODO: check
 CVE-2020-7881
 	RESERVED
 CVE-2020-7880
@@ -158648,6 +158778,7 @@ CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00
 	NOTE: https://github.com/milkytracker/MilkyTracker/issues/184
 	NOTE: https://github.com/milkytracker/MilkyTracker/commit/fd607a3439fcdd0992e5efded3c16fc79c804e34
 CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
+	{DLA-2825-1}
 	- libmodbus 3.1.6-1 (bug #933805)
 	[buster] - libmodbus <no-dsa> (Minor issue)
 	[jessie] - libmodbus <no-dsa> (Minor issue)
@@ -158656,6 +158787,7 @@ CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x befo
 	NOTE: https://github.com/stephane/libmodbus/commit/2b5cb5896120d7564f4c34fdc5aaa4f22a97e45c (3.0.7)
 	NOTE: https://github.com/stephane/libmodbus/commit/64cd092bcc421a70431fe1fb6b7f1e6f491f7cf8 (3.0.8)
 CVE-2019-14462 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
+	{DLA-2825-1}
 	- libmodbus 3.1.6-1 (bug #933805)
 	[buster] - libmodbus <no-dsa> (Minor issue)
 	[jessie] - libmodbus <no-dsa> (Minor issue)
@@ -185511,8 +185643,8 @@ CVE-2019-5642 (Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers
 	NOT-FOR-US: Rapid7 Metasploit Pro
 CVE-2019-5641
 	RESERVED
-CVE-2019-5640
-	RESERVED
+CVE-2019-5640 (Rapid7 Nexpose versions prior to 6.6.114 suffer from an information ex ...)
+	TODO: check
 CVE-2019-5639
 	RESERVED
 CVE-2019-5638 (Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient sess ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a258d7b0bc9c3de14301e86137e2db8831b7d2a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a258d7b0bc9c3de14301e86137e2db8831b7d2a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211122/a9357511/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list