[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 1 21:10:40 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e32d43d9 by security tracker role at 2021-10-01T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2021-41850
+ RESERVED
+CVE-2021-41849
+ RESERVED
+CVE-2021-41848
+ RESERVED
+CVE-2021-41847
+ RESERVED
+CVE-2021-41846
+ RESERVED
+CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret Server ...)
+ TODO: check
+CVE-2021-41844
+ RESERVED
+CVE-2021-41843
+ RESERVED
+CVE-2021-41842
+ RESERVED
+CVE-2021-41841
+ RESERVED
+CVE-2021-41840
+ RESERVED
+CVE-2021-41839
+ RESERVED
+CVE-2021-41838
+ RESERVED
+CVE-2021-41837
+ RESERVED
+CVE-2021-41833
+ RESERVED
+CVE-2021-3848
+ RESERVED
+CVE-2021-3847
+ RESERVED
+CVE-2021-3846
+ RESERVED
+CVE-2021-23139
+ RESERVED
CVE-2021-3845
RESERVED
CVE-2021-41832
@@ -72,21 +110,25 @@ CVE-2021-41802
RESERVED
CVE-2021-41801
RESERVED
+ {DSA-4979-1}
- mediawiki 1:1.35.4-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
NOTE: https://phabricator.wikimedia.org/T279090
CVE-2021-41800
RESERVED
+ {DSA-4979-1}
- mediawiki 1:1.35.4-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
NOTE: https://phabricator.wikimedia.org/T284419
CVE-2021-41799
RESERVED
+ {DSA-4979-1}
- mediawiki 1:1.35.4-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
NOTE: https://phabricator.wikimedia.org/T290379
CVE-2021-41798
RESERVED
+ {DSA-4979-1}
- mediawiki 1:1.35.4-1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
NOTE: https://phabricator.wikimedia.org/T285515
@@ -412,12 +454,12 @@ CVE-2021-41651
RESERVED
CVE-2021-41650
RESERVED
-CVE-2021-41649
- RESERVED
-CVE-2021-41648
- RESERVED
-CVE-2021-41647
- RESERVED
+CVE-2021-41649 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...)
+ TODO: check
+CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...)
+ TODO: check
+CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL injection vul ...)
+ TODO: check
CVE-2021-41646
RESERVED
CVE-2021-41645
@@ -611,8 +653,8 @@ CVE-2021-41562
RESERVED
CVE-2021-41561
RESERVED
-CVE-2021-3825
- RESERVED
+CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk software is ...)
+ TODO: check
CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...)
NOT-FOR-US: OpenVPN Access Server
CVE-2021-3823
@@ -816,30 +858,30 @@ CVE-2021-41469
RESERVED
CVE-2021-41468
RESERVED
-CVE-2021-41467
- RESERVED
+CVE-2021-41467 (Cross-site scripting (XSS) vulnerability in application/controllers/dr ...)
+ TODO: check
CVE-2021-41466
RESERVED
-CVE-2021-41465
- RESERVED
-CVE-2021-41464
- RESERVED
-CVE-2021-41463
- RESERVED
-CVE-2021-41462
- RESERVED
-CVE-2021-41461
- RESERVED
+CVE-2021-41465 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+ TODO: check
+CVE-2021-41464 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+ TODO: check
+CVE-2021-41463 (Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/a ...)
+ TODO: check
+CVE-2021-41462 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+ TODO: check
+CVE-2021-41461 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+ TODO: check
CVE-2021-41460
RESERVED
-CVE-2021-41459
- RESERVED
+CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
+ TODO: check
CVE-2021-41458
RESERVED
-CVE-2021-41457
- RESERVED
-CVE-2021-41456
- RESERVED
+CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nh ...)
+ TODO: check
+CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
+ TODO: check
CVE-2021-41455
RESERVED
CVE-2021-41454
@@ -1573,8 +1615,8 @@ CVE-2021-41112
RESERVED
CVE-2021-41111
RESERVED
-CVE-2021-41110
- RESERVED
+CVE-2021-41110 (cwlviewer is a web application to view and share Common Workflow Langu ...)
+ TODO: check
CVE-2021-41109 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Parse Server
CVE-2021-41108
@@ -1871,22 +1913,22 @@ CVE-2021-40977
RESERVED
CVE-2021-40976
RESERVED
-CVE-2021-40975
- RESERVED
+CVE-2021-40975 (Cross-site scripting (XSS) vulnerability in application/modules/admin/ ...)
+ TODO: check
CVE-2021-40974
RESERVED
-CVE-2021-40973
- RESERVED
-CVE-2021-40972
- RESERVED
-CVE-2021-40971
- RESERVED
-CVE-2021-40970
- RESERVED
-CVE-2021-40969
- RESERVED
-CVE-2021-40968
- RESERVED
+CVE-2021-40973 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ TODO: check
+CVE-2021-40972 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ TODO: check
+CVE-2021-40971 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ TODO: check
+CVE-2021-40970 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ TODO: check
+CVE-2021-40969 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ TODO: check
+CVE-2021-40968 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ TODO: check
CVE-2021-40967
RESERVED
CVE-2021-40966 (A Stored XSS exists in TinyFileManager All version up to and including ...)
@@ -1901,8 +1943,8 @@ CVE-2021-40962
RESERVED
CVE-2021-40961
RESERVED
-CVE-2021-40960
- RESERVED
+CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal vulnerabil ...)
+ TODO: check
CVE-2021-40959
RESERVED
CVE-2021-40958
@@ -1965,22 +2007,22 @@ CVE-2021-40930
RESERVED
CVE-2021-40929
RESERVED
-CVE-2021-40928
- RESERVED
-CVE-2021-40927
- RESERVED
-CVE-2021-40926
- RESERVED
-CVE-2021-40925
- RESERVED
-CVE-2021-40924
- RESERVED
-CVE-2021-40923
- RESERVED
-CVE-2021-40922
- RESERVED
-CVE-2021-40921
- RESERVED
+CVE-2021-40928 (Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta d ...)
+ TODO: check
+CVE-2021-40927 (Cross-site scripting (XSS) vulnerability in callback.php in Spotify-fo ...)
+ TODO: check
+CVE-2021-40926 (Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in g ...)
+ TODO: check
+CVE-2021-40925 (Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php ...)
+ TODO: check
+CVE-2021-40924 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...)
+ TODO: check
+CVE-2021-40923 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...)
+ TODO: check
+CVE-2021-40922 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...)
+ TODO: check
+CVE-2021-40921 (Cross-site scripting (XSS) vulnerability in _contactform.inc.php in De ...)
+ TODO: check
CVE-2021-40920
RESERVED
CVE-2021-40919
@@ -8679,24 +8721,24 @@ CVE-2021-38106
RESERVED
CVE-2021-38105
RESERVED
-CVE-2021-38104
- RESERVED
-CVE-2021-38103
- RESERVED
+CVE-2021-38104 (IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+ TODO: check
+CVE-2021-38103 (IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+ TODO: check
CVE-2021-38102
RESERVED
CVE-2021-38101
RESERVED
CVE-2021-38100
RESERVED
-CVE-2021-38099
- RESERVED
+CVE-2021-38099 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...)
+ TODO: check
CVE-2021-38098
RESERVED
-CVE-2021-38097
- RESERVED
-CVE-2021-38096
- RESERVED
+CVE-2021-38097 (Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnera ...)
+ TODO: check
+CVE-2021-38096 (Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds ...)
+ TODO: check
CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote unauthenticated at ...)
NOT-FOR-US: Planview Spigit
CVE-2021-38094 (Integer Overflow vulnerability in function filter_sobel in libavfilter ...)
@@ -15169,8 +15211,8 @@ CVE-2021-35299 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows atta
- zammad <itp> (bug #841355)
CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...)
- zammad <itp> (bug #841355)
-CVE-2021-35297
- RESERVED
+CVE-2021-35297 (Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remo ...)
+ TODO: check
CVE-2021-35296
RESERVED
CVE-2021-35295
@@ -15393,6 +15435,7 @@ CVE-2021-35199 (NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored C
CVE-2021-35198 (NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-S ...)
NOT-FOR-US: NETSCOUT
CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and ...)
+ {DSA-4979-1}
- mediawiki 1:1.35.3-1
[bullseye] - mediawiki <postponed> (Minor issue, wait until next 1.35.x release)
[buster] - mediawiki <postponed> (Minor issue, wait until next 1.31.x release)
@@ -30728,12 +30771,12 @@ CVE-2021-29112
RESERVED
CVE-2021-29111
RESERVED
-CVE-2021-29110
- RESERVED
-CVE-2021-29109
- RESERVED
-CVE-2021-29108
- RESERVED
+CVE-2021-29110 (Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may ...)
+ TODO: check
+CVE-2021-29109 (A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 a ...)
+ TODO: check
+CVE-2021-29108 (There is an privilege escalation vulnerability in organization-specifi ...)
+ TODO: check
CVE-2021-29107 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...)
NOT-FOR-US: ArcGIS Server Manager
CVE-2021-29106 (A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Se ...)
@@ -43368,8 +43411,8 @@ CVE-2021-23895 (Deserialization of untrusted data vulnerability in McAfee Databa
NOT-FOR-US: McAfee
CVE-2021-23894 (Deserialization of untrusted data vulnerability in McAfee Database Sec ...)
NOT-FOR-US: McAfee
-CVE-2021-23893
- RESERVED
+CVE-2021-23893 (Privilege Escalation vulnerability in a Windows system driver of McAfe ...)
+ TODO: check
CVE-2021-23892 (By exploiting a time of check to time of use (TOCTOU) race condition d ...)
NOT-FOR-US: McAfee
CVE-2021-23891 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
@@ -80661,12 +80704,12 @@ CVE-2020-21016
RESERVED
CVE-2020-21015
RESERVED
-CVE-2020-21014
- RESERVED
-CVE-2020-21013
- RESERVED
-CVE-2020-21012
- RESERVED
+CVE-2020-21014 (emlog v6.0.0 contains an arbitrary file deletion vulnerability in admi ...)
+ TODO: check
+CVE-2020-21013 (emlog v6.0.0 contains a SQL injection via /admin/comment.php. ...)
+ TODO: check
+CVE-2020-21012 (Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to ...)
+ TODO: check
CVE-2020-21011
RESERVED
CVE-2020-21010
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e32d43d9662c84bb50cef20298ae890b60cb5c80
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e32d43d9662c84bb50cef20298ae890b60cb5c80
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211001/e2711742/attachment.htm>
More information about the debian-security-tracker-commits
mailing list