[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 12 21:10:32 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
39bdee60 by security tracker role at 2021-10-12T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,343 @@
+CVE-2022-20111
+ RESERVED
+CVE-2022-20110
+ RESERVED
+CVE-2022-20109
+ RESERVED
+CVE-2022-20108
+ RESERVED
+CVE-2022-20107
+ RESERVED
+CVE-2022-20106
+ RESERVED
+CVE-2022-20105
+ RESERVED
+CVE-2022-20104
+ RESERVED
+CVE-2022-20103
+ RESERVED
+CVE-2022-20102
+ RESERVED
+CVE-2022-20101
+ RESERVED
+CVE-2022-20100
+ RESERVED
+CVE-2022-20099
+ RESERVED
+CVE-2022-20098
+ RESERVED
+CVE-2022-20097
+ RESERVED
+CVE-2022-20096
+ RESERVED
+CVE-2022-20095
+ RESERVED
+CVE-2022-20094
+ RESERVED
+CVE-2022-20093
+ RESERVED
+CVE-2022-20092
+ RESERVED
+CVE-2022-20091
+ RESERVED
+CVE-2022-20090
+ RESERVED
+CVE-2022-20089
+ RESERVED
+CVE-2022-20088
+ RESERVED
+CVE-2022-20087
+ RESERVED
+CVE-2022-20086
+ RESERVED
+CVE-2022-20085
+ RESERVED
+CVE-2022-20084
+ RESERVED
+CVE-2022-20083
+ RESERVED
+CVE-2022-20082
+ RESERVED
+CVE-2022-20081
+ RESERVED
+CVE-2022-20080
+ RESERVED
+CVE-2022-20079
+ RESERVED
+CVE-2022-20078
+ RESERVED
+CVE-2022-20077
+ RESERVED
+CVE-2022-20076
+ RESERVED
+CVE-2022-20075
+ RESERVED
+CVE-2022-20074
+ RESERVED
+CVE-2022-20073
+ RESERVED
+CVE-2022-20072
+ RESERVED
+CVE-2022-20071
+ RESERVED
+CVE-2022-20070
+ RESERVED
+CVE-2022-20069
+ RESERVED
+CVE-2022-20068
+ RESERVED
+CVE-2022-20067
+ RESERVED
+CVE-2022-20066
+ RESERVED
+CVE-2022-20065
+ RESERVED
+CVE-2022-20064
+ RESERVED
+CVE-2022-20063
+ RESERVED
+CVE-2022-20062
+ RESERVED
+CVE-2022-20061
+ RESERVED
+CVE-2022-20060
+ RESERVED
+CVE-2022-20059
+ RESERVED
+CVE-2022-20058
+ RESERVED
+CVE-2022-20057
+ RESERVED
+CVE-2022-20056
+ RESERVED
+CVE-2022-20055
+ RESERVED
+CVE-2022-20054
+ RESERVED
+CVE-2022-20053
+ RESERVED
+CVE-2022-20052
+ RESERVED
+CVE-2022-20051
+ RESERVED
+CVE-2022-20050
+ RESERVED
+CVE-2022-20049
+ RESERVED
+CVE-2022-20048
+ RESERVED
+CVE-2022-20047
+ RESERVED
+CVE-2022-20046
+ RESERVED
+CVE-2022-20045
+ RESERVED
+CVE-2022-20044
+ RESERVED
+CVE-2022-20043
+ RESERVED
+CVE-2022-20042
+ RESERVED
+CVE-2022-20041
+ RESERVED
+CVE-2022-20040
+ RESERVED
+CVE-2022-20039
+ RESERVED
+CVE-2022-20038
+ RESERVED
+CVE-2022-20037
+ RESERVED
+CVE-2022-20036
+ RESERVED
+CVE-2022-20035
+ RESERVED
+CVE-2022-20034
+ RESERVED
+CVE-2022-20033
+ RESERVED
+CVE-2022-20032
+ RESERVED
+CVE-2022-20031
+ RESERVED
+CVE-2022-20030
+ RESERVED
+CVE-2022-20029
+ RESERVED
+CVE-2022-20028
+ RESERVED
+CVE-2022-20027
+ RESERVED
+CVE-2022-20026
+ RESERVED
+CVE-2022-20025
+ RESERVED
+CVE-2022-20024
+ RESERVED
+CVE-2022-20023
+ RESERVED
+CVE-2022-20022
+ RESERVED
+CVE-2022-20021
+ RESERVED
+CVE-2022-20020
+ RESERVED
+CVE-2022-20019
+ RESERVED
+CVE-2022-20018
+ RESERVED
+CVE-2022-20017
+ RESERVED
+CVE-2022-20016
+ RESERVED
+CVE-2022-20015
+ RESERVED
+CVE-2022-20014
+ RESERVED
+CVE-2022-20013
+ RESERVED
+CVE-2022-20012
+ RESERVED
+CVE-2021-42328
+ RESERVED
+CVE-2021-42327
+ RESERVED
+CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of ...)
+ TODO: check
+CVE-2021-42325 (Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbM ...)
+ TODO: check
+CVE-2021-42324
+ RESERVED
+CVE-2021-42323
+ RESERVED
+CVE-2021-42322
+ RESERVED
+CVE-2021-42321
+ RESERVED
+CVE-2021-42320
+ RESERVED
+CVE-2021-42319
+ RESERVED
+CVE-2021-42318
+ RESERVED
+CVE-2021-42317
+ RESERVED
+CVE-2021-42316
+ RESERVED
+CVE-2021-42315
+ RESERVED
+CVE-2021-42314
+ RESERVED
+CVE-2021-42313
+ RESERVED
+CVE-2021-42312
+ RESERVED
+CVE-2021-42311
+ RESERVED
+CVE-2021-42310
+ RESERVED
+CVE-2021-42309
+ RESERVED
+CVE-2021-42308
+ RESERVED
+CVE-2021-42307
+ RESERVED
+CVE-2021-42306
+ RESERVED
+CVE-2021-42305
+ RESERVED
+CVE-2021-42304
+ RESERVED
+CVE-2021-42303
+ RESERVED
+CVE-2021-42302
+ RESERVED
+CVE-2021-42301
+ RESERVED
+CVE-2021-42300
+ RESERVED
+CVE-2021-42299
+ RESERVED
+CVE-2021-42298
+ RESERVED
+CVE-2021-42297
+ RESERVED
+CVE-2021-42296
+ RESERVED
+CVE-2021-42295
+ RESERVED
+CVE-2021-42294
+ RESERVED
+CVE-2021-42293
+ RESERVED
+CVE-2021-42292
+ RESERVED
+CVE-2021-42291
+ RESERVED
+CVE-2021-42290
+ RESERVED
+CVE-2021-42289
+ RESERVED
+CVE-2021-42288
+ RESERVED
+CVE-2021-42287
+ RESERVED
+CVE-2021-42286
+ RESERVED
+CVE-2021-42285
+ RESERVED
+CVE-2021-42284
+ RESERVED
+CVE-2021-42283
+ RESERVED
+CVE-2021-42282
+ RESERVED
+CVE-2021-42281
+ RESERVED
+CVE-2021-42280
+ RESERVED
+CVE-2021-42279
+ RESERVED
+CVE-2021-42278
+ RESERVED
+CVE-2021-42277
+ RESERVED
+CVE-2021-42276
+ RESERVED
+CVE-2021-42275
+ RESERVED
+CVE-2021-42274
+ RESERVED
+CVE-2021-42273
+ RESERVED
+CVE-2021-42272
+ RESERVED
+CVE-2021-42271
+ RESERVED
+CVE-2021-42270
+ RESERVED
+CVE-2021-42269
+ RESERVED
+CVE-2021-42268
+ RESERVED
+CVE-2021-42267
+ RESERVED
+CVE-2021-42266
+ RESERVED
+CVE-2021-42265
+ RESERVED
+CVE-2021-42264
+ RESERVED
+CVE-2021-42263
+ RESERVED
+CVE-2021-3882
+ RESERVED
+CVE-2021-3881
+ RESERVED
+CVE-2021-3880
+ RESERVED
+CVE-2021-3879
+ RESERVED
CVE-2021-42262
RESERVED
CVE-2021-42261
@@ -584,8 +924,7 @@ CVE-2021-3863
RESERVED
CVE-2021-42010
RESERVED
-CVE-2021-42009
- RESERVED
+CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...)
NOT-FOR-US: Apache Traffic Control
CVE-2021-3862
RESERVED
@@ -1081,9 +1420,9 @@ CVE-2021-41798 (MediaWiki before 1.36.2 allows XSS. Month related MediaWiki mess
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
NOTE: https://phabricator.wikimedia.org/T285515
CVE-2021-41797
- RESERVED
+ REJECTED
CVE-2021-41796
- RESERVED
+ REJECTED
CVE-2021-41795 (The Safari app extension bundled with 1Password for Mac 7.7.0 through ...)
NOT-FOR-US: 1Password
CVE-2021-41794 (ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a ...)
@@ -1650,8 +1989,8 @@ CVE-2021-41548
RESERVED
CVE-2021-41547
RESERVED
-CVE-2021-41546
- RESERVED
+CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
+ TODO: check
CVE-2021-41545
RESERVED
CVE-2021-41544
@@ -2542,8 +2881,8 @@ CVE-2021-41138
RESERVED
CVE-2021-41137
RESERVED
-CVE-2021-41136
- RESERVED
+CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...)
+ TODO: check
CVE-2021-41135
RESERVED
CVE-2021-41134
@@ -2710,9 +3049,9 @@ CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Di
NOTE: Followup fix: https://github.com/plougher/squashfs-tools/commit/19fcc9365dcdb2c22d232d42d11012940df64b7c
NOTE: https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405
CVE-2021-41071
- RESERVED
+ REJECTED
CVE-2021-41070
- RESERVED
+ REJECTED
CVE-2021-41069
RESERVED
CVE-2021-41068
@@ -3742,8 +4081,8 @@ CVE-2021-40620
RESERVED
CVE-2021-40619
RESERVED
-CVE-2021-40618
- RESERVED
+CVE-2021-40618 (An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1 ...)
+ TODO: check
CVE-2021-40617 (An SQL Injection vulnerability exists in openSIS Community Edition ver ...)
NOT-FOR-US: openSIS
CVE-2021-40616
@@ -4050,18 +4389,18 @@ CVE-2021-40502
RESERVED
CVE-2021-40501
RESERVED
-CVE-2021-40500
- RESERVED
-CVE-2021-40499
- RESERVED
-CVE-2021-40498
- RESERVED
-CVE-2021-40497
- RESERVED
-CVE-2021-40496
- RESERVED
-CVE-2021-40495
- RESERVED
+CVE-2021-40500 (SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - ...)
+ TODO: check
+CVE-2021-40499 (Client-side printing services SAP Cloud Print Manager and SAPSprint fo ...)
+ TODO: check
+CVE-2021-40498 (A vulnerability has been identified in SAP SuccessFactors Mobile Appli ...)
+ TODO: check
+CVE-2021-40497 (SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, a ...)
+ TODO: check
+CVE-2021-40496 (SAP Internet Communication framework (ICM) - versions 700, 701, 702, 7 ...)
+ TODO: check
+CVE-2021-40495 (There are multiple Denial-of Service vulnerabilities in SAP NetWeaver ...)
+ TODO: check
CVE-2021-40494 (A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI throu ...)
NOT-FOR-US: AdaptiveScale LXDUI
CVE-2021-40493
@@ -4558,8 +4897,8 @@ CVE-2021-40294
RESERVED
CVE-2021-40293
RESERVED
-CVE-2021-40292
- RESERVED
+CVE-2021-40292 (A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2 ...)
+ TODO: check
CVE-2021-40291
RESERVED
CVE-2021-40290
@@ -7192,8 +7531,8 @@ CVE-2021-39186 (GlobalNewFiles is a MediaWiki extension maintained by Miraheze.
NOT-FOR-US: Miraheze
CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP services. In h ...)
NOT-FOR-US: Https4s
-CVE-2021-39184
- RESERVED
+CVE-2021-39184 (Electron is a framework for writing cross-platform desktop application ...)
+ TODO: check
CVE-2021-39183
RESERVED
CVE-2021-39182
@@ -7785,8 +8124,8 @@ CVE-2021-38917
RESERVED
CVE-2021-38916
RESERVED
-CVE-2021-38915
- RESERVED
+CVE-2021-38915 (IBM Data Risk Manager 2.0.6 stores user credentials in plain clear tex ...)
+ TODO: check
CVE-2021-38914
RESERVED
CVE-2021-38913
@@ -7891,8 +8230,8 @@ CVE-2021-38864 (IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain
NOT-FOR-US: IBM
CVE-2021-38863 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...)
NOT-FOR-US: IBM
-CVE-2021-38862
- RESERVED
+CVE-2021-38862 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptogra ...)
+ TODO: check
CVE-2021-38861
RESERVED
CVE-2021-38860
@@ -8868,24 +9207,24 @@ CVE-2021-38462
RESERVED
CVE-2021-38461
RESERVED
-CVE-2021-38460
- RESERVED
+CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
+ TODO: check
CVE-2021-38459
RESERVED
-CVE-2021-38458
- RESERVED
+CVE-2021-38458 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
+ TODO: check
CVE-2021-38457
RESERVED
-CVE-2021-38456
- RESERVED
+CVE-2021-38456 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
+ TODO: check
CVE-2021-38455
RESERVED
-CVE-2021-38454
- RESERVED
+CVE-2021-38454 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
+ TODO: check
CVE-2021-38453
RESERVED
-CVE-2021-38452
- RESERVED
+CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
+ TODO: check
CVE-2021-38451
RESERVED
CVE-2021-38450
@@ -9535,18 +9874,18 @@ CVE-2021-38185 (GNU cpio through 2.13 allows attackers to execute arbitrary code
NOTE: Regression #2 fixed by: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=236684f6deb3178043fe72a8e2faca538fa2aae1
CVE-2021-38184
RESERVED
-CVE-2021-38183
- RESERVED
+CVE-2021-38183 (SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently enc ...)
+ TODO: check
CVE-2021-38182
RESERVED
-CVE-2021-38181
- RESERVED
-CVE-2021-38180
- RESERVED
-CVE-2021-38179
- RESERVED
-CVE-2021-38178
- RESERVED
+CVE-2021-38181 (SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, ...)
+ TODO: check
+CVE-2021-38180 (SAP Business One - version 10.0, allows an attacker to inject formulas ...)
+ TODO: check
+CVE-2021-38179 (Debug function of Admin UI of SAP Business One Integration is enabled ...)
+ TODO: check
+CVE-2021-38178 (The software logistics system of SAP NetWeaver AS ABAP and ABAP Platfo ...)
+ TODO: check
CVE-2021-38177 (SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null poin ...)
NOT-FOR-US: SAP
CVE-2021-38176 (Due to improper input sanitization, an authenticated user with certain ...)
@@ -10681,26 +11020,26 @@ CVE-2021-37737
RESERVED
CVE-2021-37736
RESERVED
-CVE-2021-37735
- RESERVED
-CVE-2021-37734
- RESERVED
+CVE-2021-37735 (A remote denial of service vulnerability was discovered in Aruba Insta ...)
+ TODO: check
+CVE-2021-37734 (A remote unauthorized read access to files vulnerability was discovere ...)
+ TODO: check
CVE-2021-37733 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...)
NOT-FOR-US: Aruba
-CVE-2021-37732
- RESERVED
+CVE-2021-37732 (A remote arbitrary command execution vulnerability was discovered in H ...)
+ TODO: check
CVE-2021-37731 (A local path traversal vulnerability was discovered in Aruba SD-WAN So ...)
NOT-FOR-US: Aruba
-CVE-2021-37730
- RESERVED
+CVE-2021-37730 (A remote arbitrary command execution vulnerability was discovered in H ...)
+ TODO: check
CVE-2021-37729 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...)
NOT-FOR-US: Aruba
CVE-2021-37728 (A remote path traversal vulnerability was discovered in Aruba Operatin ...)
NOT-FOR-US: Aruba
-CVE-2021-37727
- RESERVED
-CVE-2021-37726
- RESERVED
+CVE-2021-37727 (A remote arbitrary command execution vulnerability was discovered in H ...)
+ TODO: check
+CVE-2021-37726 (A remote buffer overflow vulnerability was discovered in HPE Aruba Ins ...)
+ TODO: check
CVE-2021-37725 (A remote cross-site request forgery (csrf) vulnerability was discovere ...)
NOT-FOR-US: Aruba
CVE-2021-37724 (A remote arbitrary command execution vulnerability was discovered in A ...)
@@ -10723,8 +11062,8 @@ CVE-2021-37716 (A remote buffer overflow vulnerability was discovered in Aruba S
NOT-FOR-US: Aruba
CVE-2021-37715 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
NOT-FOR-US: Aruba
-CVE-2021-3671
- RESERVED
+CVE-2021-3671 (A null pointer de-reference was found in the way samba kerberos server ...)
+ TODO: check
CVE-2021-3670
RESERVED
CVE-2021-37714 (jsoup is a Java library for working with HTML. Those using jsoup versi ...)
@@ -11871,8 +12210,8 @@ CVE-2021-37201 (A vulnerability has been identified in SINEC NMS (All versions &
NOT-FOR-US: Siemens
CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
NOT-FOR-US: Siemens
-CVE-2021-37199
- RESERVED
+CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All versions), ...)
+ TODO: check
CVE-2021-37198
RESERVED
CVE-2021-37197
@@ -15882,12 +16221,12 @@ CVE-2021-35498
RESERVED
CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...)
TODO: check
-CVE-2021-35496
- RESERVED
-CVE-2021-35495
- RESERVED
-CVE-2021-35494
- RESERVED
+CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperRe ...)
+ TODO: check
+CVE-2021-35495 (The Scheduler Connection component of TIBCO Software Inc.'s TIBCO Jasp ...)
+ TODO: check
+CVE-2021-35494 (The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Se ...)
+ TODO: check
CVE-2021-35493 (The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO ...)
NOT-FOR-US: WebFOCUS
CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentica ...)
@@ -16526,8 +16865,8 @@ CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution
NOT-FOR-US: Solarwinds
CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...)
NOT-FOR-US: Solarwinds
-CVE-2021-35214
- RESERVED
+CVE-2021-35214 (The vulnerability can be described as a failure to invalidate user ses ...)
+ TODO: check
CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability was disc ...)
NOT-FOR-US: SolarWinds
CVE-2021-35212 (An SQL injection Privilege Escalation Vulnerability was discovered in ...)
@@ -19979,36 +20318,36 @@ CVE-2021-33738 (A vulnerability has been identified in JT2Go (All versions <
NOT-FOR-US: JT2Go
CVE-2021-33737 (A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS ...)
NOT-FOR-US: Siemens
-CVE-2021-33736
- RESERVED
-CVE-2021-33735
- RESERVED
-CVE-2021-33734
- RESERVED
-CVE-2021-33733
- RESERVED
-CVE-2021-33732
- RESERVED
-CVE-2021-33731
- RESERVED
-CVE-2021-33730
- RESERVED
-CVE-2021-33729
- RESERVED
-CVE-2021-33728
- RESERVED
-CVE-2021-33727
- RESERVED
-CVE-2021-33726
- RESERVED
-CVE-2021-33725
- RESERVED
-CVE-2021-33724
- RESERVED
-CVE-2021-33723
- RESERVED
-CVE-2021-33722
- RESERVED
+CVE-2021-33736 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
+CVE-2021-33735 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
+CVE-2021-33734 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
+CVE-2021-33733 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
+CVE-2021-33732 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
+CVE-2021-33731 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
+CVE-2021-33730 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
+CVE-2021-33729 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
+CVE-2021-33728 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
+CVE-2021-33727 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
+CVE-2021-33726 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
+CVE-2021-33725 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
+CVE-2021-33724 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
+CVE-2021-33723 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
+CVE-2021-33722 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
CVE-2021-33721 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
NOT-FOR-US: Siemens
CVE-2021-33720 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...)
@@ -22347,6 +22686,7 @@ CVE-2021-32767 (TYPO3 is an open source PHP based web content management system.
CVE-2021-32766 (Nextcloud Text is an open source plaintext editing application which s ...)
NOT-FOR-US: Nextcloud Text
CVE-2021-32765 (Hiredis is a minimalistic C client library for the Redis database. In ...)
+ {DLA-2783-1}
- hiredis 0.14.1-2
NOTE: https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2
NOTE: https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e (v1.0.1)
@@ -30603,10 +30943,10 @@ CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations in
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939159
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1
NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0)
-CVE-2021-29645
- RESERVED
-CVE-2021-29644
- RESERVED
+CVE-2021-29645 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendM ...)
+ TODO: check
+CVE-2021-29644 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remo ...)
+ TODO: check
CVE-2021-29643 (PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsa ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to change the U ...)
@@ -36088,8 +36428,8 @@ CVE-2021-27397 (A vulnerability has been identified in Tecnomatix Plant Simulati
NOT-FOR-US: Tecnomatix Plant Simulation
CVE-2021-27396 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
NOT-FOR-US: Tecnomatix Plant Simulation
-CVE-2021-27395
- RESERVED
+CVE-2021-27395 (A vulnerability has been identified in SIMATIC Process Historian 2013 ...)
+ TODO: check
CVE-2021-27394 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Mendix Applications (Siemens)
CVE-2021-27393 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
@@ -36981,8 +37321,8 @@ CVE-2021-27005
RESERVED
CVE-2021-27004
RESERVED
-CVE-2021-27003
- RESERVED
+CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 a ...)
+ TODO: check
CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...)
NOT-FOR-US: NetApp Cloud Manager
CVE-2021-27001
@@ -40647,8 +40987,7 @@ CVE-2021-25635
NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/3
NOTE: Fixed by: https://github.com/LibreOffice/core/commit/edeb164c1d8ab64116afee4e2140403a362a1358 (7-0)
NOTE: Fixed by: https://github.com/LibreOffice/core/commit/a5fe0bea138c5b32268a5cd0093908909d8bc013 (7-1)
-CVE-2021-25634
- RESERVED
+CVE-2021-25634 (LibreOffice supports digital signatures of ODF documents and macros wi ...)
- libreoffice 1:7.2.0-2
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634
NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/2
@@ -49031,10 +49370,10 @@ CVE-2021-21943
RESERVED
CVE-2021-21942
RESERVED
-CVE-2021-21941
- RESERVED
-CVE-2021-21940
- RESERVED
+CVE-2021-21941 (A use-after-free vulnerability exists in the pushMuxer CreatePushThrea ...)
+ TODO: check
+CVE-2021-21940 (A heap-based buffer overflow vulnerability exists in the pushMuxer pro ...)
+ TODO: check
CVE-2021-21939
RESERVED
CVE-2021-21938
@@ -53650,7 +53989,7 @@ CVE-2021-20701
RESERVED
CVE-2021-20700
RESERVED
-CVE-2021-20699 (Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
+CVE-2021-20699 (Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
NOT-FOR-US: SHARP
CVE-2021-20698 (Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
NOT-FOR-US: SHARP
@@ -64832,8 +65171,8 @@ CVE-2020-28147
RESERVED
CVE-2020-28146 (Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and ...)
NOT-FOR-US: Eyoucms
-CVE-2020-28145
- RESERVED
+CVE-2020-28145 (Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0 ...)
+ TODO: check
CVE-2020-28144 (Certain Moxa Inc products are affected by an improper restriction of o ...)
NOT-FOR-US: Moxa
CVE-2020-28143
@@ -79999,6 +80338,7 @@ CVE-2020-21915
CVE-2020-21914
RESERVED
CVE-2020-21913 (International Components for Unicode (ICU-20850) v66.1 was discovered ...)
+ {DLA-2784-1}
- icu 67.1-2
NOTE: https://github.com/unicode-org/icu/pull/886
NOTE: https://unicode-org.atlassian.net/browse/ICU-20850
@@ -174753,7 +175093,7 @@ CVE-2019-6571 (A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xy
NOT-FOR-US: Siemens
CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
NOT-FOR-US: Siemens
-CVE-2019-6569 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+CVE-2019-6569 (The monitor barrier of the affected products insufficiently blocks dat ...)
NOT-FOR-US: Scalance
CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC ET 200SP O ...)
NOT-FOR-US: Siemens
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39bdee60660930f06a84ae4ab9d5fa58d50448ce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39bdee60660930f06a84ae4ab9d5fa58d50448ce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211012/3784dc1e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list