[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 5 21:10:59 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1483bff4 by security tracker role at 2021-10-05T20:10:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-42010
+ RESERVED
+CVE-2021-42009
+ RESERVED
+CVE-2021-3862
+ RESERVED
+CVE-2021-3861
+ RESERVED
+CVE-2021-3860
+ RESERVED
+CVE-2021-3859
+ RESERVED
CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the Linux ...)
- linux 5.14.6-1
NOTE: https://git.kernel.org/linus/19d1532a187669ce86d5a2696eb7275310070793 (5.14-rc7)
@@ -527,8 +539,7 @@ CVE-2021-41775
RESERVED
CVE-2021-41774
RESERVED
-CVE-2021-41773
- RESERVED
+CVE-2021-41773 (A flaw was found in a change made to path normalization in Apache HTTP ...)
- apache2 2.4.50-1
[bullseye] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
[buster] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
@@ -1024,12 +1035,12 @@ CVE-2021-41557
RESERVED
CVE-2021-41556
RESERVED
-CVE-2021-41555
- RESERVED
-CVE-2021-41554
- RESERVED
-CVE-2021-41553
- RESERVED
+CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...)
+ TODO: check
+CVE-2021-41554 (** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815 (a ver ...)
+ TODO: check
+CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...)
+ TODO: check
CVE-2021-41552
RESERVED
CVE-2021-41551
@@ -1091,8 +1102,7 @@ CVE-2021-3821
CVE-2021-3820 (inflect is vulnerable to Inefficient Regular Expression Complexity ...)
NOT-FOR-US: Nodejs inflect
NOTE: https://github.com/pksunkara/inflect
-CVE-2021-41524
- RESERVED
+CVE-2021-41524 (While fuzzing the 2.4.49 httpd, a new null pointer dereference was det ...)
- apache2 2.4.50-1
[bullseye] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
[buster] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
@@ -1623,8 +1633,8 @@ CVE-2021-41288 (Zoho ManageEngine OpManager version 125466 and below is vulnerab
NOT-FOR-US: Zoho ManageEngine
CVE-2021-41287
RESERVED
-CVE-2021-41286
- RESERVED
+CVE-2021-41286 (Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authent ...)
+ TODO: check
CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity ...)
NOT-FOR-US: NervJS Taro
CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...)
@@ -1969,14 +1979,14 @@ CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for MediaWiki
NOT-FOR-US: DynamicPageList3 MediaWiki Extension
CVE-2021-41117
RESERVED
-CVE-2021-41116
- RESERVED
+CVE-2021-41116 (Composer is an open source dependency manager for the PHP language. In ...)
+ TODO: check
CVE-2021-41115
RESERVED
-CVE-2021-41114
- RESERVED
-CVE-2021-41113
- RESERVED
+CVE-2021-41114 (TYPO3 is an open source PHP based web content management system releas ...)
+ TODO: check
+CVE-2021-41113 (TYPO3 is an open source PHP based web content management system releas ...)
+ TODO: check
CVE-2021-41112
RESERVED
CVE-2021-41111
@@ -4806,64 +4816,64 @@ CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an admin
- gitlab <unfixed>
CVE-2021-39895
RESERVED
-CVE-2021-39894
- RESERVED
-CVE-2021-39893
- RESERVED
+CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vul ...)
+ TODO: check
+CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...)
+ TODO: check
CVE-2021-39892
RESERVED
-CVE-2021-39891
- RESERVED
+CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...)
+ TODO: check
CVE-2021-39890
RESERVED
-CVE-2021-39889
- RESERVED
-CVE-2021-39888
- RESERVED
-CVE-2021-39887
- RESERVED
-CVE-2021-39886
- RESERVED
+CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an insecure di ...)
+ TODO: check
+CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific API endpo ...)
+ TODO: check
+CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab Flavored Mar ...)
+ TODO: check
+CVE-2021-39886 (Permissions rules were not applied while issues were moved between pro ...)
+ TODO: check
CVE-2021-39885 (A Stored XSS in merge request creation page in Gitlab EE version 13.5 ...)
TODO: check
-CVE-2021-39884
- RESERVED
+CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint discloses ...)
+ TODO: check
CVE-2021-39883 (Improper authorization checks in GitLab EE > 13.11 allows subgroup ...)
TODO: check
-CVE-2021-39882
- RESERVED
-CVE-2021-39881
- RESERVED
-CVE-2021-39880
- RESERVED
+CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous users c ...)
+ TODO: check
+CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the application may ...)
+ TODO: check
+CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...)
+ TODO: check
CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since version 7 ...)
- gitlab <unfixed>
-CVE-2021-39878
- RESERVED
+CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jira inte ...)
+ TODO: check
CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...)
- gitlab <unfixed>
CVE-2021-39876
RESERVED
-CVE-2021-39875
- RESERVED
+CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is possible to ...)
+ TODO: check
CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...)
- gitlab <unfixed>
CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content spoofing vulne ...)
- gitlab <unfixed>
-CVE-2021-39872
- RESERVED
+CVE-2021-39872 (In all versions of GitLab CE/EE since version 14.1, an improper access ...)
+ TODO: check
CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an instance that h ...)
- gitlab <unfixed>
-CVE-2021-39870
- RESERVED
-CVE-2021-39869
- RESERVED
+CVE-2021-39870 (In all versions of GitLab CE/EE since version 11.11, an instance that ...)
+ TODO: check
+CVE-2021-39869 (In all versions of GitLab CE/EE since version 8.9, project exports may ...)
+ TODO: check
CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an authenticated l ...)
- gitlab <unfixed>
-CVE-2021-39867
- RESERVED
-CVE-2021-39866
- RESERVED
+CVE-2021-39867 (In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vu ...)
+ TODO: check
+CVE-2021-39866 (A business logic error in the project deletion process in GitLab 13.6 ...)
+ TODO: check
CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
NOT-FOR-US: Adobe
CVE-2021-39864
@@ -6441,8 +6451,7 @@ CVE-2021-39228 (Tremor is an event processing system for unstructured data. A vu
NOT-FOR-US: Tremor event processing (different from Vorbis Tremor)
CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for Apache ...)
NOT-FOR-US: ZRender
-CVE-2021-39226
- RESERVED
+CVE-2021-39226 (Grafana is an open source data visualization platform. In affected ver ...)
- grafana <removed>
CVE-2021-39225
RESERVED
@@ -11109,8 +11118,8 @@ CVE-2021-37225
RESERVED
CVE-2021-37224
RESERVED
-CVE-2021-37223
- RESERVED
+CVE-2021-37223 (Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request ...)
+ TODO: check
CVE-2021-37222 (Parsers in the open source project RCDCAP before 1.0.5 allow remote at ...)
NOT-FOR-US: RCDCAP
CVE-2021-37221
@@ -15132,14 +15141,14 @@ CVE-2021-35508 (NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers
NOT-FOR-US: TeraRecon AQNetClient
CVE-2021-35507
RESERVED
-CVE-2021-35506
- RESERVED
-CVE-2021-35505
- RESERVED
-CVE-2021-35504
- RESERVED
-CVE-2021-35503
- RESERVED
+CVE-2021-35506 (Afian FileRun 2021.03.26 allows XSS when an administrator encounters a ...)
+ TODO: check
+CVE-2021-35505 (Afian FileRun 2021.03.26 allows Remote Code Execution (by administrato ...)
+ TODO: check
+CVE-2021-35504 (Afian FileRun 2021.03.26 allows Remote Code Execution (by administrato ...)
+ TODO: check
+CVE-2021-35503 (Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For ...)
+ TODO: check
CVE-2021-35502 (app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp ...)
NOT-FOR-US: MISP
CVE-2021-3622
@@ -15172,8 +15181,8 @@ CVE-2021-35499
RESERVED
CVE-2021-35498
RESERVED
-CVE-2021-35497
- RESERVED
+CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...)
+ TODO: check
CVE-2021-35496
RESERVED
CVE-2021-35495
@@ -15184,10 +15193,10 @@ CVE-2021-35493 (The WebFOCUS Reporting Server and WebFOCUS Client components of
NOT-FOR-US: WebFOCUS
CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentica ...)
NOT-FOR-US: Rapid7 Velociraptor
-CVE-2021-35492
- RESERVED
-CVE-2021-35491
- RESERVED
+CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, ...)
+ TODO: check
+CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming E ...)
+ TODO: check
CVE-2021-35490
RESERVED
CVE-2021-35489
@@ -47524,22 +47533,22 @@ CVE-2021-22266
RESERVED
CVE-2021-22265
RESERVED
-CVE-2021-22264
- RESERVED
+CVE-2021-22264 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2021-22263
RESERVED
-CVE-2021-22262
- RESERVED
-CVE-2021-22261
- RESERVED
+CVE-2021-22262 (Missing access control in GitLab version 13.10 and above with Jira Clo ...)
+ TODO: check
+CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira integration in ...)
+ TODO: check
CVE-2021-22260
RESERVED
CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE starting wit ...)
TODO: check
-CVE-2021-22258
- RESERVED
-CVE-2021-22257
- RESERVED
+CVE-2021-22258 (The project import/export feature in GitLab 8.9 and greater could be u ...)
+ TODO: check
+CVE-2021-22257 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2021-22256 (Improper authorization in GitLab CE/EE affecting all versions since 12 ...)
- gitlab <unfixed>
CVE-2021-22255 (SSRF in URL file upload in Baserow <1.1.0 allows remote authenticat ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1483bff496ed5cd3be784c1f7e91d779dd7ecddb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1483bff496ed5cd3be784c1f7e91d779dd7ecddb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211005/d047a390/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list