[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 8 21:10:49 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1fb06411 by security tracker role at 2021-10-08T20:10:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,28 @@
-CVE-2021-41133 [Sandbox bypass via recent VFS-manipulating syscalls]
+CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...)
+ TODO: check
+CVE-2021-42108
+ RESERVED
+CVE-2021-42107
+ RESERVED
+CVE-2021-42106
+ RESERVED
+CVE-2021-42105
+ RESERVED
+CVE-2021-42104
+ RESERVED
+CVE-2021-42103
+ RESERVED
+CVE-2021-42102
+ RESERVED
+CVE-2021-42101
+ RESERVED
+CVE-2021-3872
+ RESERVED
+CVE-2021-3871
+ RESERVED
+CVE-2021-3870
+ RESERVED
+CVE-2021-41133 (Flatpak is a system for building, distributing, and running sandboxed ...)
- flatpak <unfixed> (bug #995935)
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
CVE-2021-42100
@@ -299,12 +323,12 @@ CVE-2021-41978
RESERVED
CVE-2021-41977
RESERVED
-CVE-2021-41976
- RESERVED
-CVE-2021-41975
- RESERVED
-CVE-2021-41974
- RESERVED
+CVE-2021-41976 (Tad Uploader edit book list function is vulnerable to authorization by ...)
+ TODO: check
+CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, thus remo ...)
+ TODO: check
+CVE-2021-41974 (Tad Book3 editing book page does not perform identity verification. Re ...)
+ TODO: check
CVE-2021-3858
RESERVED
CVE-2021-3857
@@ -372,8 +396,8 @@ CVE-2021-41949
RESERVED
CVE-2021-41948
RESERVED
-CVE-2021-41947
- RESERVED
+CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visu ...)
+ TODO: check
CVE-2021-41946
RESERVED
CVE-2021-41945
@@ -426,16 +450,16 @@ CVE-2021-41922
RESERVED
CVE-2021-41921
RESERVED
-CVE-2021-41920
- RESERVED
-CVE-2021-41919
- RESERVED
-CVE-2021-41918
- RESERVED
-CVE-2021-41917
- RESERVED
-CVE-2021-41916
- RESERVED
+CVE-2021-41920 (webTareas version 2.4 and earlier allows an unauthenticated user to pe ...)
+ TODO: check
+CVE-2021-41919 (webTareas version 2.4 and earlier allows an authenticated user to arbi ...)
+ TODO: check
+CVE-2021-41918 (webTareas version 2.4 and earlier allows an authenticated user to inje ...)
+ TODO: check
+CVE-2021-41917 (webTareas version 2.4 and earlier allows an authenticated user to stor ...)
+ TODO: check
+CVE-2021-41916 (A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version ...)
+ TODO: check
CVE-2021-41915
RESERVED
CVE-2021-41914
@@ -641,8 +665,8 @@ CVE-2021-41827 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hard
NOT-FOR-US: Zoho ManageEngine
CVE-2021-41826 (PlaceOS Authentication Service before 1.29.10.0 allows app/controllers ...)
NOT-FOR-US: PlaceOS Authentication Service
-CVE-2021-41825
- RESERVED
+CVE-2021-41825 (Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection ...)
+ TODO: check
CVE-2021-41824 (Craft CMS before 3.7.14 allows CSV injection. ...)
NOT-FOR-US: Craft CMS
CVE-2021-41823
@@ -687,8 +711,8 @@ CVE-2021-41804
RESERVED
CVE-2021-41803
RESERVED
-CVE-2021-41802
- RESERVED
+CVE-2021-41802 (HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a ...)
+ TODO: check
CVE-2021-41801
RESERVED
{DSA-4979-1}
@@ -1231,18 +1255,18 @@ CVE-2021-41569
RESERVED
CVE-2021-3826
RESERVED
-CVE-2021-41568
- RESERVED
-CVE-2021-41567
- RESERVED
-CVE-2021-41566
- RESERVED
-CVE-2021-41565
- RESERVED
-CVE-2021-41564
- RESERVED
-CVE-2021-41563
- RESERVED
+CVE-2021-41568 (Tad Web is vulnerable to authorization bypass, thus remote attackers c ...)
+ TODO: check
+CVE-2021-41567 (The new add subject parameter of Tad Uploader view book list function ...)
+ TODO: check
+CVE-2021-41566 (The file extension of the TadTools file upload function fails to filte ...)
+ TODO: check
+CVE-2021-41565 (TadTools special page parameter does not properly restrict the input o ...)
+ TODO: check
+CVE-2021-41564 (Tad Honor viewing book list function is vulnerable to authorization by ...)
+ TODO: check
+CVE-2021-41563 (Tad Book3 editing book function does not filter special characters. Un ...)
+ TODO: check
CVE-2021-41562
RESERVED
CVE-2021-41561
@@ -2521,7 +2545,7 @@ CVE-2021-40980
RESERVED
CVE-2021-40979
RESERVED
-CVE-2021-40978 (The mkdocs 1.2.2 built-in dev-server allows directory traversal using ...)
+CVE-2021-40978 (** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory t ...)
TODO: check
CVE-2021-40977
RESERVED
@@ -2861,8 +2885,8 @@ CVE-2021-40834
RESERVED
CVE-2021-40833
RESERVED
-CVE-2021-40832
- RESERVED
+CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
+ TODO: check
CVE-2021-40831
RESERVED
CVE-2021-40830
@@ -12483,8 +12507,8 @@ CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succ
NOTE: https://github.com/389ds/389-ds-base/issues/4817
NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master)
NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x)
-CVE-2021-36767
- RESERVED
+CVE-2021-36767 (In Digi RealPort through 4.8.488.0, authentication relies on a challen ...)
+ TODO: check
CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable co ...)
NOT-FOR-US: Concrete5
CVE-2021-36765 (In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests ma ...)
@@ -14376,12 +14400,12 @@ CVE-2021-35981 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.00
NOT-FOR-US: Adobe
CVE-2021-35980
RESERVED
-CVE-2021-35979
- RESERVED
+CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0. The 'encry ...)
+ TODO: check
CVE-2021-35978
RESERVED
-CVE-2021-35977
- RESERVED
+CVE-2021-35977 (An issue was discovered in Digi RealPort for Windows through 4.8.488.0 ...)
+ TODO: check
CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0 ...)
NOT-FOR-US: Plesk Obsidian
CVE-2021-35975
@@ -19817,8 +19841,8 @@ CVE-2021-33605 (Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-fl
NOT-FOR-US: com.vaadin:vaadin-checkbox-flow
CVE-2021-33604 (URL encoding error in development mode handler in com.vaadin:flow-serv ...)
NOT-FOR-US: com.vaadin:flow-server
-CVE-2021-33603
- RESERVED
+CVE-2021-33603 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
+ TODO: check
CVE-2021-33602 (A vulnerability affecting the F-Secure Antivirus engine was discovered ...)
NOT-FOR-US: F-Secure
CVE-2021-33601 (A vulnerability was discovered in the web user interface of F-Secure I ...)
@@ -23819,8 +23843,7 @@ CVE-2021-32055 (Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 t
NOTE: imap_qresync not enabled by default and considered an experimental feature
CVE-2021-32030 (The administrator application on ASUS GT-AC2900 devices before 3.0.0.4 ...)
NOT-FOR-US: ASUS
-CVE-2021-32029
- RESERVED
+CVE-2021-32029 (A flaw was found in postgresql. Using an UPDATE ... RETURNING command ...)
{DSA-4915-1}
- postgresql-13 13.3-1
- postgresql-11 <removed>
@@ -29558,8 +29581,8 @@ CVE-2021-29908 (The IBM TS7700 Management Interface is vulnerable to unauthentic
NOT-FOR-US: IBM
CVE-2021-29907 (IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated use ...)
NOT-FOR-US: IBM
-CVE-2021-29906
- RESERVED
+CVE-2021-29906 (IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 ...)
+ TODO: check
CVE-2021-29905 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
NOT-FOR-US: IBM
CVE-2021-29904 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
@@ -38439,8 +38462,8 @@ CVE-2021-3314 (** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18
NOT-FOR-US: Oracle
CVE-2021-3313 (Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) ...)
NOT-FOR-US: Plone
-CVE-2021-3312
- RESERVED
+CVE-2021-3312 (An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11 ...)
+ TODO: check
CVE-2021-3311 (An issue was discovered in October through build 471. It reactivates a ...)
NOT-FOR-US: October CMS
CVE-2021-3310 (Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbol ...)
@@ -53378,8 +53401,8 @@ CVE-2021-20602 (Improper Handling of Exceptional Conditions vulnerability in GOT
NOT-FOR-US: Mitsubishi
CVE-2021-20601
RESERVED
-CVE-2021-20600
- RESERVED
+CVE-2021-20600 (Uncontrolled resource consumption in MELSEC iQ-R series C Controller M ...)
+ TODO: check
CVE-2021-20599
RESERVED
CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...)
@@ -77971,8 +77994,8 @@ CVE-2020-22619
RESERVED
CVE-2020-22618
RESERVED
-CVE-2020-22617
- RESERVED
+CVE-2020-22617 (Ardour v5.12 contains a use-after-free vulnerability in the component ...)
+ TODO: check
CVE-2020-22616
RESERVED
CVE-2020-22615
@@ -123582,8 +123605,8 @@ CVE-2020-4656
RESERVED
CVE-2020-4655 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
NOT-FOR-US: IBM
-CVE-2020-4654
- RESERVED
+CVE-2020-4654 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authe ...)
+ TODO: check
CVE-2020-4653 (IBM Planning Analytics 2.0 could allow a remote attacker to conduct ph ...)
NOT-FOR-US: IBM
CVE-2020-4652
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fb06411247aed89176d0dc3aa993b0f0007f9e5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fb06411247aed89176d0dc3aa993b0f0007f9e5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211008/971ccd37/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list