[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 1 21:10:40 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e32d43d9 by security tracker role at 2021-10-01T20:10:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2021-41850
+	RESERVED
+CVE-2021-41849
+	RESERVED
+CVE-2021-41848
+	RESERVED
+CVE-2021-41847
+	RESERVED
+CVE-2021-41846
+	RESERVED
+CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret Server ...)
+	TODO: check
+CVE-2021-41844
+	RESERVED
+CVE-2021-41843
+	RESERVED
+CVE-2021-41842
+	RESERVED
+CVE-2021-41841
+	RESERVED
+CVE-2021-41840
+	RESERVED
+CVE-2021-41839
+	RESERVED
+CVE-2021-41838
+	RESERVED
+CVE-2021-41837
+	RESERVED
+CVE-2021-41833
+	RESERVED
+CVE-2021-3848
+	RESERVED
+CVE-2021-3847
+	RESERVED
+CVE-2021-3846
+	RESERVED
+CVE-2021-23139
+	RESERVED
 CVE-2021-3845
 	RESERVED
 CVE-2021-41832
@@ -72,21 +110,25 @@ CVE-2021-41802
 	RESERVED
 CVE-2021-41801
 	RESERVED
+	{DSA-4979-1}
 	- mediawiki 1:1.35.4-1
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
 	NOTE: https://phabricator.wikimedia.org/T279090
 CVE-2021-41800
 	RESERVED
+	{DSA-4979-1}
 	- mediawiki 1:1.35.4-1
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
 	NOTE: https://phabricator.wikimedia.org/T284419
 CVE-2021-41799
 	RESERVED
+	{DSA-4979-1}
 	- mediawiki 1:1.35.4-1
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
 	NOTE: https://phabricator.wikimedia.org/T290379
 CVE-2021-41798
 	RESERVED
+	{DSA-4979-1}
 	- mediawiki 1:1.35.4-1
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
 	NOTE: https://phabricator.wikimedia.org/T285515
@@ -412,12 +454,12 @@ CVE-2021-41651
 	RESERVED
 CVE-2021-41650
 	RESERVED
-CVE-2021-41649
-	RESERVED
-CVE-2021-41648
-	RESERVED
-CVE-2021-41647
-	RESERVED
+CVE-2021-41649 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...)
+	TODO: check
+CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...)
+	TODO: check
+CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL injection vul ...)
+	TODO: check
 CVE-2021-41646
 	RESERVED
 CVE-2021-41645
@@ -611,8 +653,8 @@ CVE-2021-41562
 	RESERVED
 CVE-2021-41561
 	RESERVED
-CVE-2021-3825
-	RESERVED
+CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk software is  ...)
+	TODO: check
 CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...)
 	NOT-FOR-US: OpenVPN Access Server
 CVE-2021-3823
@@ -816,30 +858,30 @@ CVE-2021-41469
 	RESERVED
 CVE-2021-41468
 	RESERVED
-CVE-2021-41467
-	RESERVED
+CVE-2021-41467 (Cross-site scripting (XSS) vulnerability in application/controllers/dr ...)
+	TODO: check
 CVE-2021-41466
 	RESERVED
-CVE-2021-41465
-	RESERVED
-CVE-2021-41464
-	RESERVED
-CVE-2021-41463
-	RESERVED
-CVE-2021-41462
-	RESERVED
-CVE-2021-41461
-	RESERVED
+CVE-2021-41465 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+	TODO: check
+CVE-2021-41464 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+	TODO: check
+CVE-2021-41463 (Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/a ...)
+	TODO: check
+CVE-2021-41462 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+	TODO: check
+CVE-2021-41461 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+	TODO: check
 CVE-2021-41460
 	RESERVED
-CVE-2021-41459
-	RESERVED
+CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
+	TODO: check
 CVE-2021-41458
 	RESERVED
-CVE-2021-41457
-	RESERVED
-CVE-2021-41456
-	RESERVED
+CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nh ...)
+	TODO: check
+CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
+	TODO: check
 CVE-2021-41455
 	RESERVED
 CVE-2021-41454
@@ -1573,8 +1615,8 @@ CVE-2021-41112
 	RESERVED
 CVE-2021-41111
 	RESERVED
-CVE-2021-41110
-	RESERVED
+CVE-2021-41110 (cwlviewer is a web application to view and share Common Workflow Langu ...)
+	TODO: check
 CVE-2021-41109 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2021-41108
@@ -1871,22 +1913,22 @@ CVE-2021-40977
 	RESERVED
 CVE-2021-40976
 	RESERVED
-CVE-2021-40975
-	RESERVED
+CVE-2021-40975 (Cross-site scripting (XSS) vulnerability in application/modules/admin/ ...)
+	TODO: check
 CVE-2021-40974
 	RESERVED
-CVE-2021-40973
-	RESERVED
-CVE-2021-40972
-	RESERVED
-CVE-2021-40971
-	RESERVED
-CVE-2021-40970
-	RESERVED
-CVE-2021-40969
-	RESERVED
-CVE-2021-40968
-	RESERVED
+CVE-2021-40973 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+	TODO: check
+CVE-2021-40972 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+	TODO: check
+CVE-2021-40971 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+	TODO: check
+CVE-2021-40970 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+	TODO: check
+CVE-2021-40969 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+	TODO: check
+CVE-2021-40968 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+	TODO: check
 CVE-2021-40967
 	RESERVED
 CVE-2021-40966 (A Stored XSS exists in TinyFileManager All version up to and including ...)
@@ -1901,8 +1943,8 @@ CVE-2021-40962
 	RESERVED
 CVE-2021-40961
 	RESERVED
-CVE-2021-40960
-	RESERVED
+CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal vulnerabil ...)
+	TODO: check
 CVE-2021-40959
 	RESERVED
 CVE-2021-40958
@@ -1965,22 +2007,22 @@ CVE-2021-40930
 	RESERVED
 CVE-2021-40929
 	RESERVED
-CVE-2021-40928
-	RESERVED
-CVE-2021-40927
-	RESERVED
-CVE-2021-40926
-	RESERVED
-CVE-2021-40925
-	RESERVED
-CVE-2021-40924
-	RESERVED
-CVE-2021-40923
-	RESERVED
-CVE-2021-40922
-	RESERVED
-CVE-2021-40921
-	RESERVED
+CVE-2021-40928 (Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta d ...)
+	TODO: check
+CVE-2021-40927 (Cross-site scripting (XSS) vulnerability in callback.php in Spotify-fo ...)
+	TODO: check
+CVE-2021-40926 (Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in g ...)
+	TODO: check
+CVE-2021-40925 (Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php ...)
+	TODO: check
+CVE-2021-40924 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs  ...)
+	TODO: check
+CVE-2021-40923 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs  ...)
+	TODO: check
+CVE-2021-40922 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs  ...)
+	TODO: check
+CVE-2021-40921 (Cross-site scripting (XSS) vulnerability in _contactform.inc.php in De ...)
+	TODO: check
 CVE-2021-40920
 	RESERVED
 CVE-2021-40919
@@ -8679,24 +8721,24 @@ CVE-2021-38106
 	RESERVED
 CVE-2021-38105
 	RESERVED
-CVE-2021-38104
-	RESERVED
-CVE-2021-38103
-	RESERVED
+CVE-2021-38104 (IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+	TODO: check
+CVE-2021-38103 (IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+	TODO: check
 CVE-2021-38102
 	RESERVED
 CVE-2021-38101
 	RESERVED
 CVE-2021-38100
 	RESERVED
-CVE-2021-38099
-	RESERVED
+CVE-2021-38099 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...)
+	TODO: check
 CVE-2021-38098
 	RESERVED
-CVE-2021-38097
-	RESERVED
-CVE-2021-38096
-	RESERVED
+CVE-2021-38097 (Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnera ...)
+	TODO: check
+CVE-2021-38096 (Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds ...)
+	TODO: check
 CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote unauthenticated at ...)
 	NOT-FOR-US: Planview Spigit
 CVE-2021-38094 (Integer Overflow vulnerability in function filter_sobel in libavfilter ...)
@@ -15169,8 +15211,8 @@ CVE-2021-35299 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows atta
 	- zammad <itp> (bug #841355)
 CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...)
 	- zammad <itp> (bug #841355)
-CVE-2021-35297
-	RESERVED
+CVE-2021-35297 (Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remo ...)
+	TODO: check
 CVE-2021-35296
 	RESERVED
 CVE-2021-35295
@@ -15393,6 +15435,7 @@ CVE-2021-35199 (NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored C
 CVE-2021-35198 (NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-S ...)
 	NOT-FOR-US: NETSCOUT
 CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and  ...)
+	{DSA-4979-1}
 	- mediawiki 1:1.35.3-1
 	[bullseye] - mediawiki <postponed> (Minor issue, wait until next 1.35.x release)
 	[buster] - mediawiki <postponed> (Minor issue, wait until next 1.31.x release)
@@ -30728,12 +30771,12 @@ CVE-2021-29112
 	RESERVED
 CVE-2021-29111
 	RESERVED
-CVE-2021-29110
-	RESERVED
-CVE-2021-29109
-	RESERVED
-CVE-2021-29108
-	RESERVED
+CVE-2021-29110 (Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may  ...)
+	TODO: check
+CVE-2021-29109 (A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 a ...)
+	TODO: check
+CVE-2021-29108 (There is an privilege escalation vulnerability in organization-specifi ...)
+	TODO: check
 CVE-2021-29107 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...)
 	NOT-FOR-US: ArcGIS Server Manager
 CVE-2021-29106 (A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Se ...)
@@ -43368,8 +43411,8 @@ CVE-2021-23895 (Deserialization of untrusted data vulnerability in McAfee Databa
 	NOT-FOR-US: McAfee
 CVE-2021-23894 (Deserialization of untrusted data vulnerability in McAfee Database Sec ...)
 	NOT-FOR-US: McAfee
-CVE-2021-23893
-	RESERVED
+CVE-2021-23893 (Privilege Escalation vulnerability in a Windows system driver of McAfe ...)
+	TODO: check
 CVE-2021-23892 (By exploiting a time of check to time of use (TOCTOU) race condition d ...)
 	NOT-FOR-US: McAfee
 CVE-2021-23891 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
@@ -80661,12 +80704,12 @@ CVE-2020-21016
 	RESERVED
 CVE-2020-21015
 	RESERVED
-CVE-2020-21014
-	RESERVED
-CVE-2020-21013
-	RESERVED
-CVE-2020-21012
-	RESERVED
+CVE-2020-21014 (emlog v6.0.0 contains an arbitrary file deletion vulnerability in admi ...)
+	TODO: check
+CVE-2020-21013 (emlog v6.0.0 contains a SQL injection via /admin/comment.php. ...)
+	TODO: check
+CVE-2020-21012 (Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to  ...)
+	TODO: check
 CVE-2020-21011
 	RESERVED
 CVE-2020-21010



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e32d43d9662c84bb50cef20298ae890b60cb5c80

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e32d43d9662c84bb50cef20298ae890b60cb5c80
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211001/e2711742/attachment.htm>


More information about the debian-security-tracker-commits mailing list