[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 13 21:10:26 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4e0cdba3 by security tracker role at 2021-10-13T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2021-42340
+ RESERVED
+CVE-2021-3884
+ RESERVED
+CVE-2021-3883
+ RESERVED
+CVE-2020-36484
+ RESERVED
+CVE-2020-36483
+ RESERVED
+CVE-2020-36482
+ RESERVED
+CVE-2020-36481
+ RESERVED
+CVE-2020-36480
+ RESERVED
+CVE-2020-36479
+ RESERVED
CVE-2021-42339
RESERVED
CVE-2021-42338
@@ -447,10 +465,10 @@ CVE-2021-42226
RESERVED
CVE-2021-42225
RESERVED
-CVE-2021-42224
- RESERVED
-CVE-2021-42223
- RESERVED
+CVE-2021-42224 (SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via ...)
+ TODO: check
+CVE-2021-42223 (Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking M ...)
+ TODO: check
CVE-2021-42222
RESERVED
CVE-2021-42221
@@ -2907,12 +2925,12 @@ CVE-2021-41141
RESERVED
CVE-2021-41140
RESERVED
-CVE-2021-41139
- RESERVED
-CVE-2021-41138
- RESERVED
-CVE-2021-41137
- RESERVED
+CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
+ TODO: check
+CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...)
+ TODO: check
+CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage. All users ...)
+ TODO: check
CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...)
- puma <unfixed>
NOTE: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
@@ -3586,10 +3604,10 @@ CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.
NOT-FOR-US: Zenitel
CVE-2021-40844
RESERVED
-CVE-2021-40843
- RESERVED
-CVE-2021-40842
- RESERVED
+CVE-2021-40843 (Proofpoint Insider Threat Management Server contains an unsafe deseria ...)
+ TODO: check
+CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL injection v ...)
+ TODO: check
CVE-2021-40841
RESERVED
CVE-2021-40840
@@ -3858,8 +3876,8 @@ CVE-2021-40734
RESERVED
CVE-2021-40733
RESERVED
-CVE-2021-40732
- RESERVED
+CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...)
+ TODO: check
CVE-2021-40731
RESERVED
CVE-2021-40730
@@ -7136,8 +7154,8 @@ CVE-2021-39306
RESERVED
CVE-2021-39305
RESERVED
-CVE-2021-39304
- RESERVED
+CVE-2021-39304 (Proofpoint Enterprise Protection before 8.12.0-2108090000 allows secur ...)
+ TODO: check
CVE-2021-3730 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: firefly-iii
CVE-2021-3729 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -16272,8 +16290,8 @@ CVE-2021-35500
RESERVED
CVE-2021-35499
RESERVED
-CVE-2021-35498
- RESERVED
+CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...)
+ TODO: check
CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...)
NOT-FOR-US: TIBCO
CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperRe ...)
@@ -17809,8 +17827,8 @@ CVE-2020-36388 (In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3
NOTE: https://civicrm.org/advisory/civi-sa-2020-03
CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary PHP cod ...)
NOT-FOR-US: Elemin
-CVE-2021-34814
- RESERVED
+CVE-2021-34814 (Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control ...)
+ TODO: check
CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...)
[experimental] - olm 3.2.3~dfsg-1
- olm <unfixed> (bug #989997)
@@ -20640,8 +20658,8 @@ CVE-2021-33611
RESERVED
CVE-2021-33610
RESERVED
-CVE-2021-33609
- RESERVED
+CVE-2021-33609 (Missing check in DataCommunicator class in com.vaadin:vaadin-server ve ...)
+ TODO: check
CVE-2021-33608
RESERVED
CVE-2021-33607
@@ -39046,8 +39064,8 @@ CVE-2021-26320
RESERVED
CVE-2021-26319
RESERVED
-CVE-2021-26318
- RESERVED
+CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...)
+ TODO: check
CVE-2021-26317
RESERVED
CVE-2021-26316
@@ -46589,8 +46607,8 @@ CVE-2021-3059
RESERVED
CVE-2021-3058
RESERVED
-CVE-2021-3057
- RESERVED
+CVE-2021-3057 (A stack-based buffer overflow vulnerability exists in the Palo Alto Ne ...)
+ TODO: check
CVE-2021-3056
RESERVED
CVE-2021-3055 (An improper restriction of XML external entity (XXE) reference vulnera ...)
@@ -49228,14 +49246,14 @@ CVE-2021-22038
RESERVED
CVE-2021-22037
RESERVED
-CVE-2021-22036
- RESERVED
-CVE-2021-22035
- RESERVED
+CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redi ...)
+ TODO: check
+CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Se ...)
+ TODO: check
CVE-2021-22034
RESERVED
-CVE-2021-22033
- RESERVED
+CVE-2021-22033 (Releases prior to VMware vRealize Operations 8.6 contain a Server Side ...)
+ TODO: check
CVE-2021-22032
RESERVED
CVE-2021-22031
@@ -53782,14 +53800,14 @@ CVE-2021-20836
RESERVED
CVE-2021-20835
RESERVED
-CVE-2021-20834
- RESERVED
-CVE-2021-20833
- RESERVED
-CVE-2021-20832
- RESERVED
-CVE-2021-20831
- RESERVED
+CVE-2021-20834 (Improper authorization in handler for custom URL scheme vulnerability ...)
+ TODO: check
+CVE-2021-20833 (The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not ...)
+ TODO: check
+CVE-2021-20832 (InBody App for iOS versions prior to 2.3.30 and InBody App for Android ...)
+ TODO: check
+CVE-2021-20831 (Cross-site request forgery (CSRF) vulnerability in OG Tags versions pr ...)
+ TODO: check
CVE-2021-20830
RESERVED
CVE-2021-20829 (Cross-site scripting vulnerability due to the inadequate tag sanitizat ...)
@@ -53836,32 +53854,32 @@ CVE-2021-20809 (Cross-site scripting vulnerability in Create screens of Entry, P
- movabletype-opensource <removed>
CVE-2021-20808 (Cross-site scripting vulnerability in Search screen of Movable Type (M ...)
- movabletype-opensource <removed>
-CVE-2021-20807
- RESERVED
-CVE-2021-20806
- RESERVED
-CVE-2021-20805
- RESERVED
-CVE-2021-20804
- RESERVED
-CVE-2021-20803
- RESERVED
-CVE-2021-20802
- RESERVED
-CVE-2021-20801
- RESERVED
-CVE-2021-20800
- RESERVED
-CVE-2021-20799
- RESERVED
-CVE-2021-20798
- RESERVED
-CVE-2021-20797
- RESERVED
-CVE-2021-20796
- RESERVED
-CVE-2021-20795
- RESERVED
+CVE-2021-20807 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ TODO: check
+CVE-2021-20806 (Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 al ...)
+ TODO: check
+CVE-2021-20805 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ TODO: check
+CVE-2021-20804 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...)
+ TODO: check
+CVE-2021-20803 (Operation restriction bypass in the management screen of Cybozu Remote ...)
+ TODO: check
+CVE-2021-20802 (HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to ...)
+ TODO: check
+CVE-2021-20801 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...)
+ TODO: check
+CVE-2021-20800 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ TODO: check
+CVE-2021-20799 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ TODO: check
+CVE-2021-20798 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ TODO: check
+CVE-2021-20797 (Cross-site script inclusion vulnerability in the management screen of ...)
+ TODO: check
+CVE-2021-20796 (Directory traversal vulnerability in the management screen of Cybozu R ...)
+ TODO: check
+CVE-2021-20795 (Cross-site request forgery (CSRF) vulnerability in the management scre ...)
+ TODO: check
CVE-2021-20794
RESERVED
CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony Audio USB ...)
@@ -55649,24 +55667,24 @@ CVE-2021-20133
RESERVED
CVE-2021-20132
RESERVED
-CVE-2021-20131
- RESERVED
-CVE-2021-20130
- RESERVED
-CVE-2021-20129
- RESERVED
-CVE-2021-20128
- RESERVED
-CVE-2021-20127
- RESERVED
-CVE-2021-20126
- RESERVED
-CVE-2021-20125
- RESERVED
-CVE-2021-20124
- RESERVED
-CVE-2021-20123
- RESERVED
+CVE-2021-20131 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...)
+ TODO: check
+CVE-2021-20130 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...)
+ TODO: check
+CVE-2021-20129 (An information disclosure vulnerability exists in Draytek VigorConnect ...)
+ TODO: check
+CVE-2021-20128 (The Profile Name field in the floor plan (Network Menu) page in Drayte ...)
+ TODO: check
+CVE-2021-20127 (An arbitrary file deletion vulnerability exists in the file delete fun ...)
+ TODO: check
+CVE-2021-20126 (Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protect ...)
+ TODO: check
+CVE-2021-20125 (An arbitrary file upload and directory traversal vulnerability exists ...)
+ TODO: check
+CVE-2021-20124 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...)
+ TODO: check
+CVE-2021-20123 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...)
+ TODO: check
CVE-2021-20122 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...)
NOT-FOR-US: Telus Wi-Fi Hub
CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e0cdba33ce4f0131fa2d7e097c09ec80ae92380
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e0cdba33ce4f0131fa2d7e097c09ec80ae92380
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211013/a7d4c01b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list