[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 30 20:10:28 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
998250bc by security tracker role at 2021-11-30T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2021-44464
+	RESERVED
+CVE-2021-44453
+	RESERVED
+CVE-2021-44451
+	RESERVED
+CVE-2021-44450
+	RESERVED
+CVE-2021-44449
+	RESERVED
+CVE-2021-44448
+	RESERVED
+CVE-2021-44447
+	RESERVED
+CVE-2021-44446
+	RESERVED
+CVE-2021-44445
+	RESERVED
+CVE-2021-44444
+	RESERVED
+CVE-2021-44443
+	RESERVED
+CVE-2021-44442
+	RESERVED
+CVE-2021-44441
+	RESERVED
+CVE-2021-44440
+	RESERVED
+CVE-2021-44439
+	RESERVED
+CVE-2021-44438
+	RESERVED
+CVE-2021-44437
+	RESERVED
+CVE-2021-44436
+	RESERVED
+CVE-2021-44435
+	RESERVED
+CVE-2021-44434
+	RESERVED
+CVE-2021-44433
+	RESERVED
+CVE-2021-44432
+	RESERVED
+CVE-2021-44431
+	RESERVED
+CVE-2021-44430
+	RESERVED
+CVE-2021-43355
+	RESERVED
+CVE-2021-41835
+	RESERVED
+CVE-2021-4035
+	RESERVED
+CVE-2021-33848
+	RESERVED
+CVE-2021-33846
+	RESERVED
+CVE-2021-33843
+	RESERVED
+CVE-2021-31562
+	RESERVED
+CVE-2021-23236
+	RESERVED
+CVE-2021-23233
+	RESERVED
+CVE-2021-23207
+	RESERVED
+CVE-2021-23196
+	RESERVED
+CVE-2021-23195
+	RESERVED
 CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...)
 	NOT-FOR-US: Serva
 CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...)
@@ -520,8 +592,8 @@ CVE-2022-21744
 	RESERVED
 CVE-2022-21743
 	RESERVED
-CVE-2021-44230
-	RESERVED
+CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows ha ...)
+	TODO: check
 CVE-2021-44229
 	RESERVED
 CVE-2021-44228
@@ -1145,8 +1217,8 @@ CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a po
 	- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17)
-CVE-2021-43998
-	RESERVED
+CVE-2021-43998 (HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 temp ...)
+	TODO: check
 CVE-2021-43997 (Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU p ...)
 	NOT-FOR-US: Amazon FreeRTOS
 CVE-2021-43996 (The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Lar ...)
@@ -1834,8 +1906,8 @@ CVE-2021-43773
 	RESERVED
 CVE-2021-43772
 	RESERVED
-CVE-2021-43771
-	RESERVED
+CVE-2021-43771 (Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an  ...)
+	TODO: check
 CVE-2021-3964
 	RESERVED
 CVE-2021-3963 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -3769,8 +3841,8 @@ CVE-2021-43321
 	RESERVED
 CVE-2021-43320
 	RESERVED
-CVE-2021-43319
-	RESERVED
+CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488 is vulne ...)
+	TODO: check
 CVE-2021-43318
 	RESERVED
 CVE-2021-43317
@@ -3835,12 +3907,12 @@ CVE-2021-23214
 	- postgresql-9.6 <removed>
 	NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
 	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=046c2c846b741a12e7fd61d8d86bf324a20e3dfc (REL9_6_24)
-CVE-2021-43296
-	RESERVED
-CVE-2021-43295
-	RESERVED
-CVE-2021-43294
-	RESERVED
+CVE-2021-43296 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an  ...)
+	TODO: check
+CVE-2021-43295 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...)
+	TODO: check
+CVE-2021-43294 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...)
+	TODO: check
 CVE-2021-43293 (Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote au ...)
 	NOT-FOR-US: Sonatype
 CVE-2021-43292
@@ -3859,12 +3931,12 @@ CVE-2021-43286
 	RESERVED
 CVE-2021-43285
 	RESERVED
-CVE-2021-43284
-	RESERVED
-CVE-2021-43283
-	RESERVED
-CVE-2021-43282
-	RESERVED
+CVE-2021-43284 (An issue was discovered on Victure WR1200 devices through 1.0.3. The r ...)
+	TODO: check
+CVE-2021-43283 (An issue was discovered on Victure WR1200 devices through 1.0.3. A com ...)
+	TODO: check
+CVE-2021-43282 (An issue was discovered on Victure WR1200 devices through 1.0.3. The d ...)
+	TODO: check
 CVE-2021-43281 (MyBB before 1.8.29 allows Remote Code Injection by an admin with the " ...)
 	NOT-FOR-US: MyBB
 CVE-2021-43280 (A stack-based buffer overflow vulnerability exists in the DWF file rea ...)
@@ -5036,8 +5108,8 @@ CVE-2021-3919
 	RESERVED
 CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 a ...)
 	NOT-FOR-US: JetBrains Ktor
-CVE-2021-43202
-	RESERVED
+CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is m ...)
+	TODO: check
 CVE-2021-43201 (In JetBrains TeamCity before 2021.1.3, a newly created project could t ...)
 	NOT-FOR-US: JetBrains TeamCity
 CVE-2021-43200 (In JetBrains TeamCity before 2021.1.2, permission checks in the Agent  ...)
@@ -6570,10 +6642,10 @@ CVE-2021-42547
 	RESERVED
 CVE-2021-42546
 	RESERVED
-CVE-2021-42545
-	RESERVED
-CVE-2021-42544
-	RESERVED
+CVE-2021-42545 (An insufficient session expiration vulnerability exists in Business-DN ...)
+	TODO: check
+CVE-2021-42544 (Missing Rate Limiting in Web Applications operating on Business-DNA So ...)
+	TODO: check
 CVE-2021-42543 (The affected application uses specific functions that could be abused  ...)
 	NOT-FOR-US: AzeoTech
 CVE-2021-42542 (The affected product is vulnerable to directory traversal due to misha ...)
@@ -8760,24 +8832,24 @@ CVE-2021-42125
 	RESERVED
 CVE-2021-42124
 	RESERVED
-CVE-2021-42123
-	RESERVED
-CVE-2021-42122
-	RESERVED
-CVE-2021-42121
-	RESERVED
-CVE-2021-42120
-	RESERVED
-CVE-2021-42119
-	RESERVED
-CVE-2021-42118
-	RESERVED
-CVE-2021-42117
-	RESERVED
-CVE-2021-42116
-	RESERVED
-CVE-2021-42115
-	RESERVED
+CVE-2021-42123 (Unrestricted File Upload in Web Applications operating on Business-DNA ...)
+	TODO: check
+CVE-2021-42122 (Insufficient Input Validation in Web Applications operating on Busines ...)
+	TODO: check
+CVE-2021-42121 (Insufficient Input Validation in Web Applications operating on Busines ...)
+	TODO: check
+CVE-2021-42120 (Insufficient Input Validation in Web Applications operating on Busines ...)
+	TODO: check
+CVE-2021-42119 (Persistent Cross Site Scripting in Web Applications operating on Busin ...)
+	TODO: check
+CVE-2021-42118 (Persistent Cross Site Scripting in Web Applications operating on Busin ...)
+	TODO: check
+CVE-2021-42117 (Insufficient Input Validation in Web Applications operating on Busines ...)
+	TODO: check
+CVE-2021-42116 (Incorrect Access Control in Web Applications operating on Business-DNA ...)
+	TODO: check
+CVE-2021-42115 (Missing HTTPOnly flag in Web Applications operating on Business-DNA So ...)
+	TODO: check
 CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability ...)
 	NOT-FOR-US: hardware vulnerability in DRAM devices (Blacksmith)
 	NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf
@@ -8844,8 +8916,8 @@ CVE-2021-41133 (Flatpak is a system for building, distributing, and running sand
 	NOTE: https://github.com/flatpak/flatpak/commit/3fc8c672676ae016f8e7cc90481b2feecbad9861
 CVE-2021-42100
 	RESERVED
-CVE-2021-42099
-	RESERVED
+CVE-2021-42099 (Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file- ...)
+	TODO: check
 CVE-2021-42098 (An incomplete permission check on entries in Devolutions Remote Deskto ...)
 	NOT-FOR-US: Devolutions
 CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...)
@@ -9867,12 +9939,12 @@ CVE-2021-41681
 	RESERVED
 CVE-2021-41680
 	RESERVED
-CVE-2021-41679
-	RESERVED
-CVE-2021-41678
-	RESERVED
-CVE-2021-41677
-	RESERVED
+CVE-2021-41679 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
+	TODO: check
+CVE-2021-41678 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
+	TODO: check
+CVE-2021-41677 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
+	TODO: check
 CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...)
 	NOT-FOR-US: oretnom23 Pharmacy Point of Sale System
 CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...)
@@ -12631,8 +12703,8 @@ CVE-2021-3770 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	NOTE: Fixed by: https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 (v8.2.3402)
 	NOTE: Followup fix for introduced memory leak: https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1ccccb6e08e (v8.2.3403)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1
-CVE-2021-3769
-	RESERVED
+CVE-2021-3769 (# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` t ...)
+	TODO: check
 CVE-2021-40514
 	RESERVED
 CVE-2021-40513
@@ -15468,12 +15540,12 @@ CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypas
 	NOT-FOR-US: OpenBMC
 CVE-2021-39295
 	RESERVED
-CVE-2021-3727
-	RESERVED
-CVE-2021-3726
-	RESERVED
-CVE-2021-3725
-	RESERVED
+CVE-2021-3727 (# Vulnerability in `rand-quote` and `hitokoto` plugins **Description** ...)
+	TODO: check
+CVE-2021-3726 (# Vulnerability in `title` function **Description**: the `title` funct ...)
+	TODO: check
+CVE-2021-3725 (Vulnerability in dirhistory plugin Description: the widgets that go ba ...)
+	TODO: check
 CVE-2021-3724
 	RESERVED
 	NOT-FOR-US: Red Hat Serverless
@@ -16294,10 +16366,10 @@ CVE-2021-39002
 	RESERVED
 CVE-2021-39001
 	RESERVED
-CVE-2021-39000
-	RESERVED
-CVE-2021-38999
-	RESERVED
+CVE-2021-39000 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to ob ...)
+	TODO: check
+CVE-2021-38999 (IBM MQ Appliance could allow a local attacker to obtain sensitive info ...)
+	TODO: check
 CVE-2021-38998
 	RESERVED
 CVE-2021-38997
@@ -16360,8 +16432,8 @@ CVE-2021-38969
 	RESERVED
 CVE-2021-38968
 	RESERVED
-CVE-2021-38967
-	RESERVED
+CVE-2021-38967 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged use ...)
+	TODO: check
 CVE-2021-38966
 	RESERVED
 CVE-2021-38965
@@ -16378,8 +16450,8 @@ CVE-2021-38960
 	RESERVED
 CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...)
 	NOT-FOR-US: IBM
-CVE-2021-38958
-	RESERVED
+CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service ...)
+	TODO: check
 CVE-2021-38957
 	RESERVED
 CVE-2021-38956
@@ -33987,8 +34059,8 @@ CVE-2021-31789
 	RESERVED
 CVE-2021-31788
 	RESERVED
-CVE-2021-31787
-	RESERVED
+CVE-2021-31787 (The Bluetooth Classic implementation on Actions ATS2815 chipsets does  ...)
+	TODO: check
 CVE-2021-31786 (The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2 ...)
 	NOT-FOR-US: Actions ATS
 CVE-2021-31785 (The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 ch ...)
@@ -46901,8 +46973,8 @@ CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution.
 	NOT-FOR-US: IpTime C200 camera
 CVE-2021-26613
 	RESERVED
-CVE-2021-26612
-	RESERVED
+CVE-2021-26612 (An improper input validation leading to arbitrary file creation was di ...)
+	TODO: check
 CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnera ...)
 	NOT-FOR-US: HejHome GKW-IC052 IP Camera
 CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform an integ ...)
@@ -48553,8 +48625,8 @@ CVE-2021-25989
 	RESERVED
 CVE-2021-25988
 	RESERVED
-CVE-2021-25987
-	RESERVED
+CVE-2021-25987 (Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The po ...)
+	TODO: check
 CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cros ...)
 	NOT-FOR-US: Django-wiki
 CVE-2021-25985 (In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improp ...)
@@ -57700,8 +57772,8 @@ CVE-2021-22096 (In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and
 	[buster] - libspring-java <no-dsa> (Minor issue)
 	[stretch] - libspring-java <ignored> (Minor issue, no known patch)
 	NOTE: https://github.com/spring-projects/spring-framework/issues/27647 (patch unidentifiable)
-CVE-2021-22095
-	RESERVED
+CVE-2021-22095 (In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring  ...)
+	TODO: check
 CVE-2021-22094
 	RESERVED
 CVE-2021-22093
@@ -80480,7 +80552,7 @@ CVE-2020-25718 [An RODC can issue (forge) administrator tickets to other servers
 	NOTE: https://www.samba.org/samba/security/CVE-2020-25718.html
 CVE-2020-25717 [A user on the domain can become root on domain members]
 	RESERVED
-	{DSA-5003-1}
+	{DSA-5015-1 DSA-5003-1}
 	- samba 2:4.13.14+dfsg-1
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14556
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
@@ -124907,10 +124979,10 @@ CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can s
 	NOT-FOR-US: anySign
 CVE-2020-7881 (The vulnerability function is enabled when the streamer service relate ...)
 	NOT-FOR-US: AfreecaTV
-CVE-2020-7880
-	RESERVED
-CVE-2020-7879
-	RESERVED
+CVE-2020-7880 (The vulnerabilty was discovered in ActiveX module related to NeoRS rem ...)
+	TODO: check
+CVE-2020-7879 (This issue was discovered when the ipTIME C200 IP Camera was synchroni ...)
+	TODO: check
 CVE-2020-7878
 	RESERVED
 CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote adminis ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/998250bc3546da83312e4f1d515d23805b7b9c36

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/998250bc3546da83312e4f1d515d23805b7b9c36
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211130/24a105d0/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list