[Git][security-tracker-team/security-tracker][master] automatic update

Fri Oct 8 09:10:30 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fdcc810c by security tracker role at 2021-10-08T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2021-42100
+	RESERVED
+CVE-2021-42099
+	RESERVED
+CVE-2021-42098
+	RESERVED
+CVE-2021-42097
+	RESERVED
+CVE-2021-42096
+	RESERVED
+CVE-2021-42095 (Xshell before 7.0.0.76 allows attackers to cause a crash by triggering ...)
+	TODO: check
+CVE-2021-42094 (An issue was discovered in Zammad before 4.1.1. Command Injection can  ...)
+	TODO: check
+CVE-2021-42093 (An issue was discovered in Zammad before 4.1.1. An admin can execute c ...)
+	TODO: check
+CVE-2021-42092 (An issue was discovered in Zammad before 4.1.1. Stored XSS may occur v ...)
+	TODO: check
+CVE-2021-42091 (An issue was discovered in Zammad before 4.1.1. SSRF can occur via Git ...)
+	TODO: check
+CVE-2021-42090 (An issue was discovered in Zammad before 4.1.1. The Form functionality ...)
+	TODO: check
+CVE-2021-42089 (An issue was discovered in Zammad before 4.1.1. The REST API discloses ...)
+	TODO: check
+CVE-2021-42088 (An issue was discovered in Zammad before 4.1.1. The Chat functionality ...)
+	TODO: check
+CVE-2021-42087 (An issue was discovered in Zammad before 4.1.1. An admin can discover  ...)
+	TODO: check
+CVE-2021-42086 (An issue was discovered in Zammad before 4.1.1. An Agent account can m ...)
+	TODO: check
+CVE-2021-42085 (An issue was discovered in Zammad before 4.1.1. There is stored XSS vi ...)
+	TODO: check
+CVE-2021-42084 (An issue was discovered in Zammad before 4.1.1. An attacker with valid ...)
+	TODO: check
+CVE-2021-3869
+	RESERVED
 CVE-2021-42083
 	RESERVED
 CVE-2021-42082
@@ -2140,8 +2176,8 @@ CVE-2021-41132
 	RESERVED
 CVE-2021-41131
 	RESERVED
-CVE-2021-41130
-	RESERVED
+CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...)
+	TODO: check
 CVE-2021-41129 (Pterodactyl is an open-source game server management panel built with  ...)
 	TODO: check
 CVE-2021-41128 (Hygeia is an application for collecting and processing personal and ca ...)
@@ -2173,8 +2209,8 @@ CVE-2021-41116 (Composer is an open source dependency manager for the PHP langua
 	- composer <not-affected> (Only affects Windows)
 	NOTE: https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf
 	NOTE: https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa
-CVE-2021-41115
-	RESERVED
+CVE-2021-41115 (Zulip is an open source team chat server. In affected versions Zulip a ...)
+	TODO: check
 CVE-2021-41114 (TYPO3 is an open source PHP based web content management system releas ...)
 	NOT-FOR-US: Typo3
 CVE-2021-41113 (TYPO3 is an open source PHP based web content management system releas ...)
@@ -8785,8 +8821,8 @@ CVE-2021-38300 (arch/mips/net/bpf_jit.c in the Linux kernel through 5.14.6 can g
 	NOTE: https://lore.kernel.org/bpf/20210915160437.4080-1-piotras@gmail.com/
 CVE-2021-38299 (Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An ...)
 	NOT-FOR-US: FIDO2/Webauthn Support for PHP
-CVE-2021-38298
-	RESERVED
+CVE-2021-38298 (Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XX ...)
+	TODO: check
 CVE-2021-38297
 	RESERVED
 CVE-2021-38296
@@ -41054,10 +41090,10 @@ CVE-2021-25273 (Stored XSS can execute as administrator in quarantined email det
 	NOT-FOR-US: Sophos
 CVE-2021-25272
 	RESERVED
-CVE-2021-25271
-	RESERVED
-CVE-2021-25270
-	RESERVED
+CVE-2021-25271 (A local attacker could read or write arbitrary files with administrato ...)
+	TODO: check
+CVE-2021-25270 (A local attacker could execute arbitrary code with administrator privi ...)
+	TODO: check
 CVE-2021-25269
 	RESERVED
 CVE-2021-25268
@@ -79569,8 +79605,8 @@ CVE-2020-21867
 	RESERVED
 CVE-2020-21866
 	RESERVED
-CVE-2020-21865
-	RESERVED
+CVE-2020-21865 (ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerabili ...)
+	TODO: check
 CVE-2020-21864
 	RESERVED
 CVE-2020-21863
@@ -79841,16 +79877,16 @@ CVE-2020-21731 (Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http:/
 	NOT-FOR-US: Gazie
 CVE-2020-21730
 	RESERVED
-CVE-2020-21729
-	RESERVED
+CVE-2020-21729 (JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability ...)
+	TODO: check
 CVE-2020-21728
 	RESERVED
 CVE-2020-21727
 	RESERVED
-CVE-2020-21726
-	RESERVED
-CVE-2020-21725
-	RESERVED
+CVE-2020-21726 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Contro ...)
+	TODO: check
+CVE-2020-21725 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Contro ...)
+	TODO: check
 CVE-2020-21724
 	RESERVED
 CVE-2020-21723



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdcc810c0e1792c34e8bd64f8b1926a12467333b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdcc810c0e1792c34e8bd64f8b1926a12467333b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211008/da59779f/attachment.htm>
