[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 26 20:10:28 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e8a32918 by security tracker role at 2021-11-26T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,111 @@
+CVE-2022-21792
+	RESERVED
+CVE-2022-21791
+	RESERVED
+CVE-2022-21790
+	RESERVED
+CVE-2022-21789
+	RESERVED
+CVE-2022-21788
+	RESERVED
+CVE-2022-21787
+	RESERVED
+CVE-2022-21786
+	RESERVED
+CVE-2022-21785
+	RESERVED
+CVE-2022-21784
+	RESERVED
+CVE-2022-21783
+	RESERVED
+CVE-2022-21782
+	RESERVED
+CVE-2022-21781
+	RESERVED
+CVE-2022-21780
+	RESERVED
+CVE-2022-21779
+	RESERVED
+CVE-2022-21778
+	RESERVED
+CVE-2022-21777
+	RESERVED
+CVE-2022-21776
+	RESERVED
+CVE-2022-21775
+	RESERVED
+CVE-2022-21774
+	RESERVED
+CVE-2022-21773
+	RESERVED
+CVE-2022-21772
+	RESERVED
+CVE-2022-21771
+	RESERVED
+CVE-2022-21770
+	RESERVED
+CVE-2022-21769
+	RESERVED
+CVE-2022-21768
+	RESERVED
+CVE-2022-21767
+	RESERVED
+CVE-2022-21766
+	RESERVED
+CVE-2022-21765
+	RESERVED
+CVE-2022-21764
+	RESERVED
+CVE-2022-21763
+	RESERVED
+CVE-2022-21762
+	RESERVED
+CVE-2022-21761
+	RESERVED
+CVE-2022-21760
+	RESERVED
+CVE-2022-21759
+	RESERVED
+CVE-2022-21758
+	RESERVED
+CVE-2022-21757
+	RESERVED
+CVE-2022-21756
+	RESERVED
+CVE-2022-21755
+	RESERVED
+CVE-2022-21754
+	RESERVED
+CVE-2022-21753
+	RESERVED
+CVE-2022-21752
+	RESERVED
+CVE-2022-21751
+	RESERVED
+CVE-2022-21750
+	RESERVED
+CVE-2022-21749
+	RESERVED
+CVE-2022-21748
+	RESERVED
+CVE-2022-21747
+	RESERVED
+CVE-2022-21746
+	RESERVED
+CVE-2022-21745
+	RESERVED
+CVE-2022-21744
+	RESERVED
+CVE-2022-21743
+	RESERVED
+CVE-2021-44230
+	RESERVED
+CVE-2021-44229
+	RESERVED
+CVE-2021-44228
+	RESERVED
+CVE-2021-4024
+	RESERVED
 CVE-2021-44227
 	RESERVED
 CVE-2021-44226
@@ -1255,8 +1363,8 @@ CVE-2021-43787
 	RESERVED
 CVE-2021-43786
 	RESERVED
-CVE-2021-43785
-	RESERVED
+CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker componen ...)
+	TODO: check
 CVE-2021-43784
 	RESERVED
 CVE-2021-43783
@@ -1273,8 +1381,8 @@ CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes. GLP
 	NOT-FOR-US: GLPI plugin
 CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...)
 	NOT-FOR-US: Redash
-CVE-2021-43776
-	RESERVED
+CVE-2021-43776 (Backstage is an open platform for building developer portals. In affec ...)
+	TODO: check
 CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment trackin ...)
 	NOT-FOR-US: Aim
 CVE-2021-3967
@@ -10224,8 +10332,8 @@ CVE-2021-41281 (Synapse is a package for Matrix homeservers written in Python 3/
 	NOTE: https://github.com/matrix-org/synapse/commit/91f2bd0907f1d05af67166846988e49644eb650c
 CVE-2021-41280 (Sharetribe Go is a source available marketplace software. In affected  ...)
 	NOT-FOR-US: Sharetribe Go
-CVE-2021-41279
-	RESERVED
+CVE-2021-41279 (BaserCMS is an open source content management system with a focus on J ...)
+	TODO: check
 CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing necessary ...)
 	NOT-FOR-US: EdgeX
 CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...)
@@ -10314,8 +10422,8 @@ CVE-2021-41245
 	RESERVED
 CVE-2021-41244 (Grafana is an open-source platform for monitoring and observability. I ...)
 	- grafana <removed>
-CVE-2021-41243
-	RESERVED
+CVE-2021-41243 (There is a Potential Zip Slip Vulnerability and OS Command Injection V ...)
+	TODO: check
 CVE-2021-41242
 	RESERVED
 CVE-2021-41241
@@ -11287,8 +11395,8 @@ CVE-2021-40835
 	RESERVED
 CVE-2021-40834
 	RESERVED
-CVE-2021-40833
-	RESERVED
+CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
+	TODO: check
 CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
 	NOT-FOR-US: F-Secure
 CVE-2021-40831 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a  ...)
@@ -11971,7 +12079,7 @@ CVE-2021-40533
 CVE-2021-40532 (Telegram Web K Alpha before 0.7.2 mishandles the characters in a docum ...)
 	NOT-FOR-US: tweb
 	NOTE: https://github.com/morethanwords/tweb
-CVE-2021-40531 (Sketch before 75 mishandles external library feeds. ...)
+CVE-2021-40531 (An issue discovered in sketch before version 75,that allows for librar ...)
 	NOT-FOR-US: Sketch collaborative design (Mac or Web app)
 	NOTE: sketch.com, not the sketch package in Debian.
 CVE-2021-40530 (The ElGamal implementation in Crypto++ through 8.5 allows plaintext re ...)
@@ -16401,10 +16509,10 @@ CVE-2021-38688
 	RESERVED
 CVE-2021-38687
 	RESERVED
-CVE-2021-38686
-	RESERVED
-CVE-2021-38685
-	RESERVED
+CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...)
+	TODO: check
+CVE-2021-38685 (A command injection vulnerability has been reported to affect QNAP dev ...)
+	TODO: check
 CVE-2021-38684 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
 	NOT-FOR-US: QNAP
 CVE-2021-38683
@@ -20758,8 +20866,8 @@ CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Appl
 	NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices
 CVE-2021-36920
 	RESERVED
-CVE-2021-36919
-	RESERVED
+CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabil ...)
+	TODO: check
 CVE-2021-36918
 	RESERVED
 CVE-2021-36917 (WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated  ...)
@@ -20910,8 +21018,8 @@ CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnera
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36844
 	RESERVED
-CVE-2021-36843
-	RESERVED
+CVE-2021-36843 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability discover ...)
+	TODO: check
 CVE-2021-36842
 	RESERVED
 CVE-2021-36841 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH  ...)
@@ -20982,8 +21090,8 @@ CVE-2021-36809
 	RESERVED
 CVE-2021-36808 (A local attacker could bypass the app password using a race condition  ...)
 	NOT-FOR-US: Sophos
-CVE-2021-36807
-	RESERVED
+CVE-2021-36807 (An authenticated user could potentially execute code via an SQLi vulne ...)
+	TODO: check
 CVE-2021-36806
 	RESERVED
 CVE-2020-36431 (Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm. ...)
@@ -24038,8 +24146,8 @@ CVE-2021-35535 (Insecure Boot Image vulnerability in Hitachi Energy Relion Relio
 	NOT-FOR-US: Hitachi
 CVE-2021-35534 (Insufficient security control vulnerability in internal database acces ...)
 	NOT-FOR-US: Hitachi
-CVE-2021-35533
-	RESERVED
+CVE-2021-35533 (Improper Input Validation vulnerability in the APDU parser in the Bidi ...)
+	TODO: check
 CVE-2021-35532
 	RESERVED
 CVE-2021-35531
@@ -46317,16 +46425,16 @@ CVE-2021-26617
 	RESERVED
 CVE-2021-26616
 	RESERVED
-CVE-2021-26615
-	RESERVED
+CVE-2021-26615 (ARK library allows attackers to execute remote code via the parameter( ...)
+	TODO: check
 CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...)
 	NOT-FOR-US: IpTime C200 camera
 CVE-2021-26613
 	RESERVED
 CVE-2021-26612
 	RESERVED
-CVE-2021-26611
-	RESERVED
+CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnera ...)
+	TODO: check
 CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform an integ ...)
 	NOT-FOR-US: godomall5
 CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A SQL-Inject ...)
@@ -48011,7 +48119,7 @@ CVE-2021-25971 (In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Un
 	NOT-FOR-US: Camaleon CMS
 CVE-2021-25970 (Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session ...)
 	NOT-FOR-US: Camaleon CMS
-CVE-2021-25969 (In “Camaleon CMS” application, versions 0.0.1 to 2.6.0 are ...)
+CVE-2021-25969 (In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to ...)
 	NOT-FOR-US: Camaleon CMS
 CVE-2021-25968 (In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a  ...)
 	NOT-FOR-US: OpenCMS
@@ -49956,8 +50064,8 @@ CVE-2021-25271 (A local attacker could read or write arbitrary files with admini
 	NOT-FOR-US: HitmanPro
 CVE-2021-25270 (A local attacker could execute arbitrary code with administrator privi ...)
 	NOT-FOR-US: HitmanPro
-CVE-2021-25269
-	RESERVED
+CVE-2021-25269 (A local administrator could prevent the HMPA service from starting des ...)
+	TODO: check
 CVE-2021-25268
 	RESERVED
 CVE-2021-25267
@@ -124300,8 +124408,8 @@ CVE-2020-7883
 	RESERVED
 CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can see th ...)
 	NOT-FOR-US: anySign
-CVE-2020-7881
-	RESERVED
+CVE-2020-7881 (The vulnerability function is enabled when the streamer service relate ...)
+	TODO: check
 CVE-2020-7880
 	RESERVED
 CVE-2020-7879
@@ -347888,7 +347996,8 @@ CVE-2015-5203 (Double free vulnerability in the jasper_image_stop_load function
 	[wheezy] - jasper <no-dsa> (Minor issue)
 	[squeeze] - jasper <no-dsa> (Minor issue)
 	NOTE: Analysis/More information/Fixing commits: https://bugzilla.redhat.com/show_bug.cgi?id=1254242#c11
-CVE-2015-5202 (Red Hat Satellite 6 allows remote authenticated users with privileged  ...)
+CVE-2015-5202
+	REJECTED
 	NOT-FOR-US: Satellite6
 CVE-2015-5201 (VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka  ...)
 	NOT-FOR-US: Red Hat vdms



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8a329187add26f2b13d1082e4a9ef3541e28e78

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8a329187add26f2b13d1082e4a9ef3541e28e78
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211126/b115057b/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list