[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 22 20:10:28 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1a258d7b by security tracker role at 2021-11-22T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,139 @@
+CVE-2021-44142
+ RESERVED
+CVE-2021-44141
+ RESERVED
+CVE-2021-44140
+ RESERVED
+CVE-2021-44139
+ RESERVED
+CVE-2021-44138
+ RESERVED
+CVE-2021-44137
+ RESERVED
+CVE-2021-44136
+ RESERVED
+CVE-2021-44135
+ RESERVED
+CVE-2021-44134
+ RESERVED
+CVE-2021-44133
+ RESERVED
+CVE-2021-44132
+ RESERVED
+CVE-2021-44131
+ RESERVED
+CVE-2021-44130
+ RESERVED
+CVE-2021-44129
+ RESERVED
+CVE-2021-44128
+ RESERVED
+CVE-2021-44127
+ RESERVED
+CVE-2021-44126
+ RESERVED
+CVE-2021-44125
+ RESERVED
+CVE-2021-44124
+ RESERVED
+CVE-2021-44123
+ RESERVED
+CVE-2021-44122
+ RESERVED
+CVE-2021-44121
+ RESERVED
+CVE-2021-44120
+ RESERVED
+CVE-2021-44119
+ RESERVED
+CVE-2021-44118
+ RESERVED
+CVE-2021-44117
+ RESERVED
+CVE-2021-44116
+ RESERVED
+CVE-2021-44115
+ RESERVED
+CVE-2021-44114
+ RESERVED
+CVE-2021-44113
+ RESERVED
+CVE-2021-44112
+ RESERVED
+CVE-2021-44111
+ RESERVED
+CVE-2021-44110
+ RESERVED
+CVE-2021-44109
+ RESERVED
+CVE-2021-44108
+ RESERVED
+CVE-2021-44107
+ RESERVED
+CVE-2021-44106
+ RESERVED
+CVE-2021-44105
+ RESERVED
+CVE-2021-44104
+ RESERVED
+CVE-2021-44103
+ RESERVED
+CVE-2021-44102
+ RESERVED
+CVE-2021-44101
+ RESERVED
+CVE-2021-44100
+ RESERVED
+CVE-2021-44099
+ RESERVED
+CVE-2021-44098
+ RESERVED
+CVE-2021-44097
+ RESERVED
+CVE-2021-44096
+ RESERVED
+CVE-2021-44095
+ RESERVED
+CVE-2021-44094
+ RESERVED
+CVE-2021-44093
+ RESERVED
+CVE-2021-44092
+ RESERVED
+CVE-2021-44091
+ RESERVED
+CVE-2021-44090
+ RESERVED
+CVE-2021-44089
+ RESERVED
+CVE-2021-44088
+ RESERVED
+CVE-2021-44087
+ RESERVED
+CVE-2021-44086
+ RESERVED
+CVE-2021-44085
+ RESERVED
+CVE-2021-44084
+ RESERVED
+CVE-2021-44083
+ RESERVED
+CVE-2021-44082
+ RESERVED
+CVE-2021-44081
+ RESERVED
+CVE-2021-44080
+ RESERVED
+CVE-2021-4001
+ RESERVED
+CVE-2021-4000
+ RESERVED
+CVE-2021-3999
+ RESERVED
+CVE-2021-3998
+ RESERVED
+CVE-2021-3997
+ RESERVED
CVE-2021-44079 (In the wazuh-slack active response script in Wazuh before 4.2.5, untru ...)
NOT-FOR-US: Wazuh
CVE-2021-3996
@@ -2155,10 +2291,10 @@ CVE-2021-3952
RESERVED
CVE-2021-3951
RESERVED
-CVE-2021-43582
- RESERVED
-CVE-2021-43581
- RESERVED
+CVE-2021-43582 (A Use-After-Free Remote Vulnerability exists when reading a DWG file u ...)
+ TODO: check
+CVE-2021-43581 (An Out-of-Bounds Read vulnerability exists when reading a U3D file usi ...)
+ TODO: check
CVE-2021-43580
RESERVED
CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC before 1. ...)
@@ -2222,8 +2358,7 @@ CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote attacker
NOT-FOR-US: Diffie Hellmann kex protocol issue
CVE-2021-3944
RESERVED
-CVE-2021-3943
- RESERVED
+CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
- moodle <removed>
CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...)
NOT-FOR-US: KNX ETS6
@@ -2255,19 +2390,15 @@ CVE-2021-43562 (An issue was discovered in the pixxio (aka pixx.io integration o
NOT-FOR-US: TYPO3 extension
CVE-2021-43561 (An XSS issue was discovered in the google_for_jobs (aka Google for Job ...)
NOT-FOR-US: TYPO3 extension
-CVE-2021-43560
- RESERVED
+CVE-2021-43560 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
- moodle <removed>
-CVE-2021-43559
- RESERVED
+CVE-2021-43559 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
- moodle <removed>
-CVE-2021-43558
- RESERVED
+CVE-2021-43558 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
- moodle <removed>
CVE-2021-3942
RESERVED
-CVE-2021-43557
- RESERVED
+CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri ...)
NOT-FOR-US: Apache Apisix
CVE-2021-3941
RESERVED
@@ -2360,8 +2491,7 @@ CVE-2021-3937
RESERVED
CVE-2021-3936
RESERVED
-CVE-2021-3935
- RESERVED
+CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-in-th ...)
- pgbouncer <unfixed>
NOTE: https://www.pgbouncer.org/2021/11/pgbouncer-1-16-1
NOTE: https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_1_16_1
@@ -4567,10 +4697,10 @@ CVE-2021-43018
RESERVED
CVE-2021-43017 (Adobe Creative Cloud version 5.5 (and earlier) are affected by an Appl ...)
NOT-FOR-US: Adobe
-CVE-2021-43016
- RESERVED
-CVE-2021-43015
- RESERVED
+CVE-2021-43016 (Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer ...)
+ TODO: check
+CVE-2021-43015 (Adobe InCopy version 16.4 (and earlier) is affected by a memory corrup ...)
+ TODO: check
CVE-2021-43014
RESERVED
CVE-2021-43013 (Adobe Media Encoder version 15.4.1 (and earlier) are affected by a mem ...)
@@ -5210,18 +5340,18 @@ CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a
- linux 5.14.16-1
NOTE: https://seclists.org/oss-sec/2021/q2/46
NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/
-CVE-2021-42738
- RESERVED
-CVE-2021-42737
- RESERVED
+CVE-2021-42738 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ TODO: check
+CVE-2021-42737 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ TODO: check
CVE-2021-42736
RESERVED
CVE-2021-42735
RESERVED
CVE-2021-42734
RESERVED
-CVE-2021-42733
- RESERVED
+CVE-2021-42733 (Adobe Prelude version 10.1 (and earlier) is affected by an improper in ...)
+ TODO: check
CVE-2021-42732
RESERVED
CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Ov ...)
@@ -5232,8 +5362,8 @@ CVE-2021-42729
RESERVED
CVE-2021-42728
RESERVED
-CVE-2021-42727
- RESERVED
+CVE-2021-42727 (Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected b ...)
+ TODO: check
CVE-2021-42726 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...)
NOT-FOR-US: Adobe
CVE-2021-42725 (Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by ...)
@@ -5283,12 +5413,12 @@ CVE-2021-42709
RESERVED
CVE-2021-42708
RESERVED
-CVE-2021-42707
- RESERVED
+CVE-2021-42707 (PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds ...)
+ TODO: check
CVE-2021-42706 (This vulnerability could allow an attacker to disclose information and ...)
NOT-FOR-US: Advantech
-CVE-2021-42705
- RESERVED
+CVE-2021-42705 (PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buf ...)
+ TODO: check
CVE-2021-42704
RESERVED
CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...)
@@ -11054,18 +11184,18 @@ CVE-2021-40777
RESERVED
CVE-2021-40776
RESERVED
-CVE-2021-40775
- RESERVED
-CVE-2021-40774
- RESERVED
-CVE-2021-40773
- RESERVED
-CVE-2021-40772
- RESERVED
-CVE-2021-40771
- RESERVED
-CVE-2021-40770
- RESERVED
+CVE-2021-40775 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ TODO: check
+CVE-2021-40774 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...)
+ TODO: check
+CVE-2021-40773 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...)
+ TODO: check
+CVE-2021-40772 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ TODO: check
+CVE-2021-40771 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ TODO: check
+CVE-2021-40770 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ TODO: check
CVE-2021-40769
RESERVED
CVE-2021-40768
@@ -16642,8 +16772,8 @@ CVE-2021-38450 (The affected controllers do not properly sanitize the input cont
NOT-FOR-US: Trane
CVE-2021-38449 (Some API functions permit by-design writing or copying data into a giv ...)
NOT-FOR-US: AUVESY
-CVE-2021-38448
- RESERVED
+CVE-2021-38448 (The affected controllers do not properly sanitize the input containing ...)
+ TODO: check
CVE-2021-38447
RESERVED
CVE-2021-38446
@@ -16798,16 +16928,16 @@ CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 s
NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04]
CVE-2021-38379 (The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permi ...)
NOT-FOR-US: CFEngine Enterprise
-CVE-2021-38378
- RESERVED
-CVE-2021-38377
- RESERVED
-CVE-2021-38376
- RESERVED
-CVE-2021-38375
- RESERVED
-CVE-2021-38374
- RESERVED
+CVE-2021-38378 (OX App Suite 7.10.5 allows Information Exposure because a caching mech ...)
+ TODO: check
+CVE-2021-38377 (OX App Suite through 7.10.5 allows XSS via JavaScript code in an ancho ...)
+ TODO: check
+CVE-2021-38376 (OX App Suite through 7.10.5 has Incorrect Access Control for retrieval ...)
+ TODO: check
+CVE-2021-38375 (OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG ...)
+ TODO: check
+CVE-2021-38374 (OX App Suite through through 7.10.5 allows XSS via a crafted snippet t ...)
+ TODO: check
CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not hon ...)
- kmail <unfixed>
[bullseye] - kmail <no-dsa> (Minor issue)
@@ -17479,8 +17609,8 @@ CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for n
NOT-FOR-US: Obsidian
CVE-2021-38147
RESERVED
-CVE-2021-38146
- RESERVED
+CVE-2021-38146 (The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_1 ...)
+ TODO: check
CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...)
NOT-FOR-US: Form Tools
CVE-2021-38144 (An issue was discovered in Form Tools through 3.0.20. A low-privileged ...)
@@ -28469,22 +28599,22 @@ CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal
NOT-FOR-US: Dutchcoders transfer.sh
CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. ...)
NOT-FOR-US: Dutchcoders transfer.sh
-CVE-2021-33495
- RESERVED
-CVE-2021-33494
- RESERVED
-CVE-2021-33493
- RESERVED
-CVE-2021-33492
- RESERVED
-CVE-2021-33491
- RESERVED
-CVE-2021-33490
- RESERVED
-CVE-2021-33489
- RESERVED
-CVE-2021-33488
- RESERVED
+CVE-2021-33495 (OX App Suite 7.10.5 allows XSS via an OX Chat system message. ...)
+ TODO: check
+CVE-2021-33494 (OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing ...)
+ TODO: check
+CVE-2021-33493 (The middleware component in OX App Suite through 7.10.5 allows Code In ...)
+ TODO: check
+CVE-2021-33492 (OX App Suite 7.10.5 allows XSS via an OX Chat room name. ...)
+ TODO: check
+CVE-2021-33491 (OX App Suite through 7.10.5 allows Directory Traversal via ../ in an O ...)
+ TODO: check
+CVE-2021-33490 (OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shar ...)
+ TODO: check
+CVE-2021-33489 (OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared ...)
+ TODO: check
+CVE-2021-33488 (chat in OX App Suite 7.10.5 has Improper Input Validation. A user can ...)
+ TODO: check
CVE-2021-33487
RESERVED
CVE-2021-33486 (All versions of the CODESYS V3 Runtime Toolkit for VxWorks from versio ...)
@@ -45889,8 +46019,8 @@ CVE-2021-26616
RESERVED
CVE-2021-26615
RESERVED
-CVE-2021-26614
- RESERVED
+CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...)
+ TODO: check
CVE-2021-26613
RESERVED
CVE-2021-26612
@@ -52967,8 +53097,8 @@ CVE-2021-23734
RESERVED
CVE-2021-23733
RESERVED
-CVE-2021-23732
- RESERVED
+CVE-2021-23732 (This affects all versions of package docker-cli-js. If the command par ...)
+ TODO: check
CVE-2021-23731
RESERVED
CVE-2021-23730
@@ -52995,8 +53125,8 @@ CVE-2021-23720
RESERVED
CVE-2021-23719
RESERVED
-CVE-2021-23718
- RESERVED
+CVE-2021-23718 (The package ssrf-agent before 1.0.5 are vulnerable to Server-side Requ ...)
+ TODO: check
CVE-2021-23717
RESERVED
CVE-2021-23716
@@ -53085,8 +53215,8 @@ CVE-2021-23675
RESERVED
CVE-2021-23674
RESERVED
-CVE-2021-23673
- RESERVED
+CVE-2021-23673 (This affects all versions of package pekeupload. If an attacker induce ...)
+ TODO: check
CVE-2021-23672
RESERVED
CVE-2021-23671
@@ -103279,7 +103409,7 @@ CVE-2020-15076 (Private Tunnel installer for macOS version 3.0.1 and older versi
NOT-FOR-US: Private Tunnel installer for macOS
CVE-2020-15075 (OpenVPN Connect installer for macOS version 3.2.6 and older may corrup ...)
NOT-FOR-US: OpenVPN Connect installer for macOS
-CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 generates new user auth ...)
+CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 and version 2.9.5 gener ...)
NOT-FOR-US: OpenVPN Access Server
CVE-2020-15073 (An issue was discovered in phpList through 3.5.4. An XSS vulnerability ...)
- phplist <itp> (bug #612288)
@@ -123842,8 +123972,8 @@ CVE-2020-7884
RESERVED
CVE-2020-7883
RESERVED
-CVE-2020-7882
- RESERVED
+CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can see th ...)
+ TODO: check
CVE-2020-7881
RESERVED
CVE-2020-7880
@@ -158648,6 +158778,7 @@ CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00
NOTE: https://github.com/milkytracker/MilkyTracker/issues/184
NOTE: https://github.com/milkytracker/MilkyTracker/commit/fd607a3439fcdd0992e5efded3c16fc79c804e34
CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
+ {DLA-2825-1}
- libmodbus 3.1.6-1 (bug #933805)
[buster] - libmodbus <no-dsa> (Minor issue)
[jessie] - libmodbus <no-dsa> (Minor issue)
@@ -158656,6 +158787,7 @@ CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x befo
NOTE: https://github.com/stephane/libmodbus/commit/2b5cb5896120d7564f4c34fdc5aaa4f22a97e45c (3.0.7)
NOTE: https://github.com/stephane/libmodbus/commit/64cd092bcc421a70431fe1fb6b7f1e6f491f7cf8 (3.0.8)
CVE-2019-14462 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
+ {DLA-2825-1}
- libmodbus 3.1.6-1 (bug #933805)
[buster] - libmodbus <no-dsa> (Minor issue)
[jessie] - libmodbus <no-dsa> (Minor issue)
@@ -185511,8 +185643,8 @@ CVE-2019-5642 (Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers
NOT-FOR-US: Rapid7 Metasploit Pro
CVE-2019-5641
RESERVED
-CVE-2019-5640
- RESERVED
+CVE-2019-5640 (Rapid7 Nexpose versions prior to 6.6.114 suffer from an information ex ...)
+ TODO: check
CVE-2019-5639
RESERVED
CVE-2019-5638 (Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient sess ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a258d7b0bc9c3de14301e86137e2db8831b7d2a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a258d7b0bc9c3de14301e86137e2db8831b7d2a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211122/a9357511/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list