[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 7 21:10:59 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
32b9bf0e by security tracker role at 2021-10-07T20:10:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2021-42083
+ RESERVED
+CVE-2021-42082
+ RESERVED
+CVE-2021-42081
+ RESERVED
+CVE-2021-42080
+ RESERVED
+CVE-2021-42079
+ RESERVED
+CVE-2021-42078
+ RESERVED
+CVE-2021-42077
+ RESERVED
+CVE-2021-42076
+ RESERVED
+CVE-2021-42075
+ RESERVED
+CVE-2021-42074
+ RESERVED
+CVE-2021-42073
+ RESERVED
+CVE-2021-42072
+ RESERVED
+CVE-2021-42071 (In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can ach ...)
+ TODO: check
+CVE-2021-42070
+ RESERVED
+CVE-2021-42069
+ RESERVED
+CVE-2021-42068
+ RESERVED
+CVE-2021-42067
+ RESERVED
+CVE-2021-42066
+ RESERVED
+CVE-2021-42065
+ RESERVED
+CVE-2021-42064
+ RESERVED
+CVE-2021-42063
+ RESERVED
+CVE-2021-42062
+ RESERVED
+CVE-2021-42061
+ RESERVED
+CVE-2021-3868
+ RESERVED
+CVE-2021-3867
+ RESERVED
+CVE-2021-3866
+ RESERVED
CVE-2021-42060
RESERVED
CVE-2021-42059
@@ -114,8 +166,7 @@ CVE-2021-42015
RESERVED
CVE-2021-42014
RESERVED
-CVE-2021-42013
- RESERVED
+CVE-2021-42013 (It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4 ...)
- apache2 <unfixed>
[bullseye] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49/2.4.50)
[buster] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49/2.4.50)
@@ -451,8 +502,8 @@ CVE-2021-3853
RESERVED
CVE-2021-3852
RESERVED
-CVE-2021-41865
- RESERVED
+CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...)
+ TODO: check
CVE-2021-41864 (prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kern ...)
- linux <unfixed>
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a
@@ -628,8 +679,8 @@ CVE-2021-41796
RESERVED
CVE-2021-41795 (The Safari app extension bundled with 1Password for Mac 7.7.0 through ...)
NOT-FOR-US: 1Password
-CVE-2021-41794
- RESERVED
+CVE-2021-41794 (ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a ...)
+ TODO: check
CVE-2021-41793
RESERVED
CVE-2021-41792
@@ -706,12 +757,12 @@ CVE-2021-3836
RESERVED
CVE-2021-3835
RESERVED
-CVE-2021-3834
- RESERVED
-CVE-2021-3833
- RESERVED
-CVE-2021-3832
- RESERVED
+CVE-2021-3834 (Integria IMS in its 5.0.92 version does not filter correctly some fiel ...)
+ TODO: check
+CVE-2021-3833 (Integria IMS login check uses a loose comparator ("==") to compare the ...)
+ TODO: check
+CVE-2021-3832 (Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Exec ...)
+ TODO: check
CVE-2021-3831
RESERVED
CVE-2021-41765
@@ -2426,8 +2477,8 @@ CVE-2021-40980
RESERVED
CVE-2021-40979
RESERVED
-CVE-2021-40978
- RESERVED
+CVE-2021-40978 (The mkdocs 1.2.2 built-in dev-server allows directory traversal using ...)
+ TODO: check
CVE-2021-40977
RESERVED
CVE-2021-40976
@@ -3022,10 +3073,10 @@ CVE-2021-40728
RESERVED
CVE-2021-40727
RESERVED
-CVE-2021-40726
- RESERVED
-CVE-2021-40725
- RESERVED
+CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ TODO: check
CVE-2021-40724
RESERVED
CVE-2021-40723
@@ -3700,8 +3751,8 @@ CVE-2021-3763
CVE-2021-3762
RESERVED
NOT-FOR-US: Quay/clair
-CVE-2021-40439
- RESERVED
+CVE-2021-40439 (Apache OpenOffice has a dependency on expat software. Versions prior t ...)
+ TODO: check
CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the request ...)
{DLA-2776-1}
- apache2 2.4.49-1
@@ -9727,34 +9778,34 @@ CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functio
NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a
CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
NOT-FOR-US: showdoc
-CVE-2021-37931
- RESERVED
-CVE-2021-37930
- RESERVED
-CVE-2021-37929
- RESERVED
-CVE-2021-37928
- RESERVED
+CVE-2021-37931 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ TODO: check
+CVE-2021-37930 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ TODO: check
+CVE-2021-37929 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ TODO: check
+CVE-2021-37928 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ TODO: check
CVE-2021-37927 (Zoho ManageEngine ADManager Plus version 7110 and prior allows account ...)
NOT-FOR-US: Zoho ManageEngine ADManager Plus
-CVE-2021-37926
- RESERVED
+CVE-2021-37926 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ TODO: check
CVE-2021-37925 (Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Aut ...)
NOT-FOR-US: Zoho ManageEngine ADManager Plus
-CVE-2021-37924
- RESERVED
-CVE-2021-37923
- RESERVED
-CVE-2021-37922
- RESERVED
-CVE-2021-37921
- RESERVED
-CVE-2021-37920
- RESERVED
-CVE-2021-37919
- RESERVED
-CVE-2021-37918
- RESERVED
+CVE-2021-37924 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ TODO: check
+CVE-2021-37923 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ TODO: check
+CVE-2021-37922 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...)
+ TODO: check
+CVE-2021-37921 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ TODO: check
+CVE-2021-37920 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ TODO: check
+CVE-2021-37919 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ TODO: check
+CVE-2021-37918 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ TODO: check
CVE-2021-37917
RESERVED
CVE-2021-37916 (Joplin before 2.0.9 allows XSS via button and form in the note body. ...)
@@ -10094,8 +10145,8 @@ CVE-2021-37764
RESERVED
CVE-2021-37763
RESERVED
-CVE-2021-37762
- RESERVED
+CVE-2021-37762 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ TODO: check
CVE-2021-37761 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37760 (A Session ID leak in the audit log in Graylog before 4.1.2 allows atta ...)
@@ -13748,8 +13799,8 @@ CVE-2021-3634 (A flaw has been found in libssh in versions prior to 0.9.6. The S
NOTE: https://www.libssh.org/security/advisories/CVE-2021-3634.txt
NOTE: https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=d3060bc84ed4e160082e819b4d404f76df7c8063 (libssh-0.9.6)
-CVE-2021-36150
- RESERVED
+CVE-2021-36150 (SilverStripe Framework through 4.8.1 allows XSS. ...)
+ TODO: check
CVE-2021-36149
RESERVED
CVE-2021-36148 (An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervis ...)
@@ -16299,8 +16350,8 @@ CVE-2021-35069
RESERVED
CVE-2021-35068
RESERVED
-CVE-2021-35067
- RESERVED
+CVE-2021-35067 (Meross MSG100 devices before 3.2.3 allow an attacker to replay the sam ...)
+ TODO: check
CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux kernel's joy ...)
- linux 5.10.46-3
NOTE: Introduced by: https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/
@@ -18960,8 +19011,8 @@ CVE-2021-33905
RESERVED
CVE-2021-33904 (** DISPUTED ** In Accela Civic Platform through 21.1, the security/hos ...)
NOT-FOR-US: Accela Civic Platform
-CVE-2021-33903
- RESERVED
+CVE-2021-33903 (In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, ...)
+ TODO: check
CVE-2021-33902
RESERVED
CVE-2021-33901
@@ -23267,8 +23318,8 @@ CVE-2021-32174
RESERVED
CVE-2021-32173
RESERVED
-CVE-2021-32172
- RESERVED
+CVE-2021-32172 (Maian Cart v3.8 contains a preauthorization remote code execution (RCE ...)
+ TODO: check
CVE-2021-32171
RESERVED
CVE-2021-32170
@@ -29865,8 +29916,8 @@ CVE-2021-29702 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11
NOT-FOR-US: IBM
CVE-2021-29701
RESERVED
-CVE-2021-29700
- RESERVED
+CVE-2021-29700 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...)
+ TODO: check
CVE-2021-29699 (IBM Security Verify Access Docker 10.0.0 could allow a remote priviled ...)
NOT-FOR-US: IBM
CVE-2021-29698
@@ -32501,8 +32552,8 @@ CVE-2021-28662 (An issue was discovered in Squid 4.x before 4.15 and 5.x before
- squid 4.13-10 (bug #988891)
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8.patch
-CVE-2021-28661
- RESERVED
+CVE-2021-28661 (Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x thr ...)
+ TODO: check
CVE-2021-3449 (An OpenSSL TLS server may crash if sent a maliciously crafted renegoti ...)
{DSA-4875-1}
- openssl 1.1.1k-1
@@ -33797,8 +33848,8 @@ CVE-2021-28131 (Impala sessions use a 16 byte secret to verify that the session
NOT-FOR-US: Apache Impala
CVE-2021-28130 (Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applicati ...)
NOT-FOR-US: Dr.Web Firewall
-CVE-2021-28129
- RESERVED
+CVE-2021-28129 (While working on Apache OpenOffice 4.1.8 a developer discovered that t ...)
+ TODO: check
CVE-2021-28128 (In Strapi through 3.6.0, the admin panel allows the changing of one's ...)
NOT-FOR-US: Strapi
CVE-2021-28127 (An issue was discovered in Stormshield SNS through 4.2.1. A brute-forc ...)
@@ -44996,8 +45047,8 @@ CVE-2021-23449
RESERVED
CVE-2021-23448
RESERVED
-CVE-2021-23447
- RESERVED
+CVE-2021-23447 (This affects the package teddy before 0.5.9. A type confusion vulnerab ...)
+ TODO: check
CVE-2021-23446 (The package handsontable before 10.0.0; the package handsontable from ...)
NOT-FOR-US: Node handsontable
CVE-2021-23445 (This affects the package datatables.net before 1.11.3. If an array is ...)
@@ -46048,8 +46099,8 @@ CVE-2021-22960
RESERVED
CVE-2021-22959
RESERVED
-CVE-2021-22958
- RESERVED
+CVE-2021-22958 (A Server-Side Request Forgery vulnerability was found in concrete5 < ...)
+ TODO: check
CVE-2021-22957
RESERVED
CVE-2021-22956
@@ -46127,8 +46178,7 @@ CVE-2021-22932 (An issue has been identified in the CTX269106 mitigation tool fo
CVE-2021-22931 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Co ...)
- nodejs <not-affected> (Debian builds nodejs against src:c-ares)
NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931
-CVE-2021-22930 [Use after free on close http2 on stream canceling]
- RESERVED
+CVE-2021-22930 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use aft ...)
- nodejs 12.22.4~dfsg-1
[bullseye] - nodejs 12.22.5~dfsg-2~11u1
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
@@ -53264,14 +53314,14 @@ CVE-2021-20607
RESERVED
CVE-2021-20606
RESERVED
-CVE-2021-20605
- RESERVED
-CVE-2021-20604
- RESERVED
-CVE-2021-20603
- RESERVED
-CVE-2021-20602
- RESERVED
+CVE-2021-20605 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
+ TODO: check
+CVE-2021-20604 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
+ TODO: check
+CVE-2021-20603 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
+ TODO: check
+CVE-2021-20602 (Improper Handling of Exceptional Conditions vulnerability in GOT2000 s ...)
+ TODO: check
CVE-2021-20601
RESERVED
CVE-2021-20600
@@ -53306,8 +53356,8 @@ CVE-2021-20586 (Resource management errors vulnerability in a robot controller o
NOT-FOR-US: Mitsubishi
CVE-2021-20585 (IBM Security Verify Access 20.07 could disclose sensitive information ...)
NOT-FOR-US: IBM
-CVE-2021-20584
- RESERVED
+CVE-2021-20584 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote ...)
+ TODO: check
CVE-2021-20583 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) coul ...)
NOT-FOR-US: IBM
CVE-2021-20582 (IBM Security Secret Server up to 11.0 stores sensitive information in ...)
@@ -53332,8 +53382,8 @@ CVE-2021-20573 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerabl
NOT-FOR-US: IBM
CVE-2021-20572 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...)
NOT-FOR-US: IBM
-CVE-2021-20571
- RESERVED
+CVE-2021-20571 (IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to s ...)
+ TODO: check
CVE-2021-20570
RESERVED
CVE-2021-20569 (IBM Security Secret Server up to 11.0 could allow an attacker to enume ...)
@@ -53352,8 +53402,8 @@ CVE-2021-20563 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a
NOT-FOR-US: IBM
CVE-2021-20562 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 ...)
NOT-FOR-US: IBM
-CVE-2021-20561
- RESERVED
+CVE-2021-20561 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...)
+ TODO: check
CVE-2021-20560 (IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 ...)
NOT-FOR-US: IBM
CVE-2021-20559 (IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scrip ...)
@@ -53370,8 +53420,8 @@ CVE-2021-20554 (IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable t
NOT-FOR-US: IBM
CVE-2021-20553
RESERVED
-CVE-2021-20552
- RESERVED
+CVE-2021-20552 (IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote ...)
+ TODO: check
CVE-2021-20551
RESERVED
CVE-2021-20550 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...)
@@ -53496,8 +53546,8 @@ CVE-2021-20491 (IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-ba
NOT-FOR-US: IBM
CVE-2021-20490 (IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local us ...)
NOT-FOR-US: IBM
-CVE-2021-20489
- RESERVED
+CVE-2021-20489 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...)
+ TODO: check
CVE-2021-20488 (IBM Security Identity Manager 6.0.2 could allow an authenticated malic ...)
NOT-FOR-US: IBM
CVE-2021-20487 (IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inje ...)
@@ -53512,8 +53562,8 @@ CVE-2021-20483 (IBM Security Identity Manager 6.0.2 is vulnerable to server-side
NOT-FOR-US: IBM
CVE-2021-20482 (IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2021-20481
- RESERVED
+CVE-2021-20481 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...)
+ TODO: check
CVE-2021-20480 (IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to se ...)
NOT-FOR-US: IBM
CVE-2021-20479
@@ -53528,8 +53578,8 @@ CVE-2021-20475
RESERVED
CVE-2021-20474 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perfor ...)
NOT-FOR-US: IBM
-CVE-2021-20473
- RESERVED
+CVE-2021-20473 (IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does ...)
+ TODO: check
CVE-2021-20472
RESERVED
CVE-2021-20471
@@ -53722,16 +53772,16 @@ CVE-2021-20378 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not
NOT-FOR-US: IBM
CVE-2021-20377 (IBM Security Guardium 11.3 could allow a remote attacker to obtain sen ...)
NOT-FOR-US: IBM
-CVE-2021-20376
- RESERVED
-CVE-2021-20375
- RESERVED
+CVE-2021-20376 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authe ...)
+ TODO: check
+CVE-2021-20375 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authe ...)
+ TODO: check
CVE-2021-20374 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...)
NOT-FOR-US: IBM
CVE-2021-20373
RESERVED
-CVE-2021-20372
- RESERVED
+CVE-2021-20372 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote ...)
+ TODO: check
CVE-2021-20371 (IBM Jazz Foundation and IBM Engineering products could allow a remote ...)
NOT-FOR-US: IBM
CVE-2021-20370
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32b9bf0eddf407a4c2922151595f8bd46c763591
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32b9bf0eddf407a4c2922151595f8bd46c763591
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211007/161ccd58/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list