[Git][security-tracker-team/security-tracker][master] automatic update

Tue Nov 23 08:10:24 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b245c83 by security tracker role at 2021-11-23T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,46 @@
-CVE-2021-44143 [malicious or compromised IMAP server could use a crafted mail message that lacks headers to provoke a heap overflow]
+CVE-2022-0009
+	RESERVED
+CVE-2022-0008
+	RESERVED
+CVE-2022-0007
+	RESERVED
+CVE-2022-0006
+	RESERVED
+CVE-2021-44157
+	RESERVED
+CVE-2021-44156
+	RESERVED
+CVE-2021-44155
+	RESERVED
+CVE-2021-44154
+	RESERVED
+CVE-2021-44153
+	RESERVED
+CVE-2021-44152
+	RESERVED
+CVE-2021-44151
+	RESERVED
+CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...)
+	TODO: check
+CVE-2021-44149
+	RESERVED
+CVE-2021-44148
+	RESERVED
+CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...)
+	TODO: check
+CVE-2021-44146
+	RESERVED
+CVE-2021-44145
+	RESERVED
+CVE-2021-44144 (Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with  ...)
+	TODO: check
+CVE-2021-4004
+	RESERVED
+CVE-2021-4003
+	RESERVED
+CVE-2021-4002
+	RESERVED
+CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unc ...)
 	- isync <unfixed> (bug #999804)
 CVE-2021-44142
 	RESERVED
@@ -2749,9 +2791,9 @@ CVE-2021-43410
 	RESERVED
 CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: twill
-CVE-2021-43409 (The "WPO365 | LOGIN" WordPress plugin (up to and including version 15. ...)
+CVE-2021-43409 (The “WPO365 | LOGIN” WordPress plugin (up to and including ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-43408 (The Duplicate Post WordPress plugin up to and including version 1.1.9  ...)
+CVE-2021-43408 (The "Duplicate Post" WordPress plugin up to and including version 1.1. ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-43407
 	RESERVED
@@ -11027,14 +11069,14 @@ CVE-2021-40833
 	RESERVED
 CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
 	NOT-FOR-US: F-Secure
-CVE-2021-40831
-	RESERVED
-CVE-2021-40830
-	RESERVED
-CVE-2021-40829
-	RESERVED
-CVE-2021-40828
-	RESERVED
+CVE-2021-40831 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a  ...)
+	TODO: check
+CVE-2021-40830 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a  ...)
+	TODO: check
+CVE-2021-40829 (Connections initialized by the AWS IoT Device SDK v2 for Java (version ...)
+	TODO: check
+CVE-2021-40828 (Connections initialized by the AWS IoT Device SDK v2 for Java (version ...)
+	TODO: check
 CVE-2021-40827
 	RESERVED
 CVE-2021-40826
@@ -19530,7 +19572,7 @@ CVE-2021-37336
 	RESERVED
 CVE-2021-37335
 	RESERVED
-CVE-2021-37334 (A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could l ...)
+CVE-2021-37334 (Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vu ...)
 	NOT-FOR-US: Umbraco Forms
 CVE-2021-37333 (Laravel Booking System Booking Core 2.0 is vulnerable to Session Manag ...)
 	NOT-FOR-US: Laravel Booking System Booking Core
@@ -32420,8 +32462,8 @@ CVE-2021-32006
 	RESERVED
 CVE-2021-32005
 	RESERVED
-CVE-2021-32004
-	RESERVED
+CVE-2021-32004 (This issue affects: Secomea GateManager All versions prior to 9.6. Imp ...)
+	TODO: check
 CVE-2021-32003 (Unprotected Transport of Credentials vulnerability in SiteManager prov ...)
 	NOT-FOR-US: Secomea SiteManager
 CVE-2021-32002 (Improper Access Control vulnerability in web service of Secomea SiteMa ...)
@@ -86479,8 +86521,8 @@ CVE-2020-22721 (A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET
 	NOT-FOR-US: PNotes - Andrey Gruber PNotes.NET
 CVE-2020-22720
 	REJECTED
-CVE-2020-22719
-	RESERVED
+CVE-2020-22719 (Shimo Document v2.0.1 contains a cross-site scripting (XSS) vulnerabil ...)
+	TODO: check
 CVE-2020-22718
 	RESERVED
 CVE-2020-22717



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b245c835a0a0917b0583784f7400e88d3956fce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b245c835a0a0917b0583784f7400e88d3956fce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211123/ba7bdafb/attachment.htm>
