[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 14 21:10:35 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
00b1346f by security tracker role at 2021-10-14T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2021-42392
+ RESERVED
+CVE-2021-42391
+ RESERVED
+CVE-2021-42390
+ RESERVED
+CVE-2021-42389
+ RESERVED
+CVE-2021-42388
+ RESERVED
+CVE-2021-42387
+ RESERVED
+CVE-2021-42386
+ RESERVED
+CVE-2021-42385
+ RESERVED
+CVE-2021-42384
+ RESERVED
+CVE-2021-42383
+ RESERVED
+CVE-2021-42382
+ RESERVED
+CVE-2021-42381
+ RESERVED
+CVE-2021-42380
+ RESERVED
+CVE-2021-42379
+ RESERVED
+CVE-2021-42378
+ RESERVED
+CVE-2021-42377
+ RESERVED
+CVE-2021-42376
+ RESERVED
+CVE-2021-42375
+ RESERVED
+CVE-2021-42374
+ RESERVED
+CVE-2021-42373
+ RESERVED
+CVE-2021-42372
+ RESERVED
+CVE-2021-42371
+ RESERVED
+CVE-2021-42370
+ RESERVED
+CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows ...)
+ TODO: check
+CVE-2021-42368
+ RESERVED
+CVE-2021-42367
+ RESERVED
+CVE-2021-42366
+ RESERVED
+CVE-2021-42365
+ RESERVED
+CVE-2021-42364
+ RESERVED
+CVE-2021-42363
+ RESERVED
+CVE-2021-42362
+ RESERVED
+CVE-2021-42361
+ RESERVED
+CVE-2021-42360
+ RESERVED
+CVE-2021-42359
+ RESERVED
+CVE-2021-42358
+ RESERVED
+CVE-2021-42357
+ RESERVED
+CVE-2021-42356
+ RESERVED
+CVE-2021-42355
+ RESERVED
+CVE-2021-42354
+ RESERVED
+CVE-2021-42353
+ RESERVED
+CVE-2021-42352
+ RESERVED
+CVE-2021-42351
+ RESERVED
+CVE-2021-42350
+ RESERVED
+CVE-2021-42349
+ RESERVED
+CVE-2021-42348
+ RESERVED
+CVE-2021-42347
+ RESERVED
+CVE-2020-36485
+ RESERVED
CVE-2021-42346
RESERVED
CVE-2021-42345
@@ -392,8 +486,8 @@ CVE-2021-42264
RESERVED
CVE-2021-42263
RESERVED
-CVE-2021-3882
- RESERVED
+CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session authoriza ...)
+ TODO: check
CVE-2021-3881
RESERVED
CVE-2021-3880
@@ -476,10 +570,10 @@ CVE-2021-42230
RESERVED
CVE-2021-42229
RESERVED
-CVE-2021-42228
- RESERVED
-CVE-2021-42227
- RESERVED
+CVE-2021-42228 (Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot 4 ...)
+ TODO: check
+CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...)
+ TODO: check
CVE-2021-42226
RESERVED
CVE-2021-42225
@@ -2537,7 +2631,7 @@ CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in Py
NOT-FOR-US: Pydio Cells
CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 2.2.9 allow ...)
NOT-FOR-US: Pydio Cells
-CVE-2021-41322 (Poly VVX 400/410 through 5.3.1 allows low-privileged users to change t ...)
+CVE-2021-41322 (Polycom VVX 400/410 version 5.3.1 allows low-privileged users to chang ...)
NOT-FOR-US: Poly VVX 400/410
CVE-2021-41321
RESERVED
@@ -2939,8 +3033,8 @@ CVE-2021-41144
RESERVED
CVE-2021-41143
RESERVED
-CVE-2021-41142
- RESERVED
+CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
+ TODO: check
CVE-2021-41141
RESERVED
CVE-2021-41140
@@ -2959,8 +3053,8 @@ CVE-2021-41135
RESERVED
CVE-2021-41134
RESERVED
-CVE-2021-41132
- RESERVED
+CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...)
+ TODO: check
CVE-2021-41131
RESERVED
CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...)
@@ -7124,8 +7218,8 @@ CVE-2021-39332
RESERVED
CVE-2021-39331
RESERVED
-CVE-2021-39330
- RESERVED
+CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...)
+ TODO: check
CVE-2021-39329
RESERVED
CVE-2021-39328
@@ -7561,6 +7655,7 @@ CVE-2021-39202 (WordPress is a free and open-source content management system wr
- wordpress <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297
CVE-2021-39201 (WordPress is a free and open-source content management system written ...)
+ {DSA-4985-1}
- wordpress 5.8.1+dfsg1-1 (bug #994059)
[stretch] - wordpress <not-affected> (Vulnerable code added later)
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v
@@ -9554,12 +9649,12 @@ CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected C
NOT-FOR-US: WordPress plugin
CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-38346
- RESERVED
-CVE-2021-38345
- RESERVED
-CVE-2021-38344
- RESERVED
+CVE-2021-38346 (The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authe ...)
+ TODO: check
+CVE-2021-38345 (The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incor ...)
+ TODO: check
+CVE-2021-38344 (The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerabl ...)
+ TODO: check
CVE-2021-38343 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Op ...)
NOT-FOR-US: WordPress plugin
CVE-2021-38342 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross ...)
@@ -10638,8 +10733,8 @@ CVE-2021-37935
RESERVED
CVE-2021-37934
RESERVED
-CVE-2021-37933
- RESERVED
+CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow Enterpri ...)
+ TODO: check
CVE-2021-37932
RESERVED
CVE-2021-3681
@@ -14160,12 +14255,12 @@ CVE-2021-36391
RESERVED
CVE-2021-36390
RESERVED
-CVE-2021-36389
- RESERVED
-CVE-2021-36388
- RESERVED
-CVE-2021-36387
- RESERVED
+CVE-2021-36389 (In Yellowfin before 9.6.1 it is possible to enumerate and download upl ...)
+ TODO: check
+CVE-2021-36388 (In Yellowfin before 9.6.1 it is possible to enumerate and download use ...)
+ TODO: check
+CVE-2021-36387 (In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulne ...)
+ TODO: check
CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits i ...)
- fetchmail 6.4.16-4 (unimportant)
NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt
@@ -16964,7 +17059,7 @@ CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution
NOT-FOR-US: Solarwinds
CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...)
NOT-FOR-US: Solarwinds
-CVE-2021-35214 (The vulnerability can be described as a failure to invalidate user ses ...)
+CVE-2021-35214 (The vulnerability in SolarWinds Pingdom can be described as a failure ...)
NOT-FOR-US: Solarwinds
CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability was disc ...)
NOT-FOR-US: SolarWinds
@@ -21804,12 +21899,12 @@ CVE-2021-33181 (Server-Side Request Forgery (SSRF) vulnerability in webapi compo
NOT-FOR-US: Synology
CVE-2021-33180 (Improper neutralization of special elements used in an SQL command ('S ...)
NOT-FOR-US: Synology
-CVE-2021-33179
- RESERVED
-CVE-2021-33178
- RESERVED
-CVE-2021-33177
- RESERVED
+CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...)
+ TODO: check
+CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...)
+ TODO: check
+CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...)
+ TODO: check
CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denia ...)
NOT-FOR-US: VerneMQ MQTT Broker
CVE-2021-33175 (EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of ser ...)
@@ -23334,12 +23429,12 @@ CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node.
NOT-FOR-US: Node express-cart
CVE-2021-32572 (Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET ...)
NOT-FOR-US: Speco Web Viewer
-CVE-2021-32571
- RESERVED
+CVE-2021-32571 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...)
+ TODO: check
CVE-2021-32570
RESERVED
-CVE-2021-32569
- RESERVED
+CVE-2021-32569 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...)
+ TODO: check
CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data ...)
NOT-FOR-US: mrdoc
CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...)
@@ -47043,10 +47138,10 @@ CVE-2021-22966
RESERVED
CVE-2021-22965
RESERVED
-CVE-2021-22964
- RESERVED
-CVE-2021-22963
- RESERVED
+CVE-2021-22964 (A redirect vulnerability in the `fastify-static` module version >= ...)
+ TODO: check
+CVE-2021-22963 (A redirect vulnerability in the fastify-static module version < 4.2 ...)
+ TODO: check
CVE-2021-22962
RESERVED
CVE-2021-22961
@@ -54297,8 +54392,8 @@ CVE-2021-20601
RESERVED
CVE-2021-20600 (Uncontrolled resource consumption in MELSEC iQ-R series C Controller M ...)
NOT-FOR-US: Mitsubishi
-CVE-2021-20599
- RESERVED
+CVE-2021-20599 (Authorization bypass through user-controlled key vulnerability in MELS ...)
+ TODO: check
CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20597 (Insufficiently Protected Credentials vulnerability in Mitsubishi Elect ...)
@@ -78690,8 +78785,8 @@ CVE-2020-22726
RESERVED
CVE-2020-22725
RESERVED
-CVE-2020-22724
- RESERVED
+CVE-2020-22724 (A remote command execution vulnerability exists in add_server_service ...)
+ TODO: check
CVE-2020-22723 (A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhiche ...)
NOT-FOR-US: Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop
CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege ...)
@@ -84584,28 +84679,28 @@ CVE-2020-19966
RESERVED
CVE-2020-19965
RESERVED
-CVE-2020-19964
- RESERVED
+CVE-2020-19964 (A Cross Site Request Forgery (CSRF) vulnerability was discovered in PH ...)
+ TODO: check
CVE-2020-19963
RESERVED
-CVE-2020-19962
- RESERVED
-CVE-2020-19961
- RESERVED
-CVE-2020-19960
- RESERVED
-CVE-2020-19959
- RESERVED
+CVE-2020-19962 (A stored cross-site scripting (XSS) vulnerability in the getClientIp f ...)
+ TODO: check
+CVE-2020-19961 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
+ TODO: check
+CVE-2020-19960 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
+ TODO: check
+CVE-2020-19959 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
+ TODO: check
CVE-2020-19958
RESERVED
-CVE-2020-19957
- RESERVED
+CVE-2020-19957 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
+ TODO: check
CVE-2020-19956
RESERVED
CVE-2020-19955
RESERVED
-CVE-2020-19954
- RESERVED
+CVE-2020-19954 (An XML External Entity (XXE) vulnerability was discovered in /api/noti ...)
+ TODO: check
CVE-2020-19953
RESERVED
CVE-2020-19952
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00b1346f1cf268d69dfe89e15695f9c708bb1dad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00b1346f1cf268d69dfe89e15695f9c708bb1dad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211014/4679c46a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list