[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 15 21:10:28 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
057701e8 by security tracker role at 2021-10-15T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2022-0005
+ RESERVED
+CVE-2022-0004
+ RESERVED
+CVE-2022-0003
+ RESERVED
+CVE-2022-0002
+ RESERVED
+CVE-2022-0001
+ RESERVED
+CVE-2021-42553
+ RESERVED
+CVE-2021-42552
+ RESERVED
+CVE-2021-42551
+ RESERVED
+CVE-2021-42550
+ RESERVED
+CVE-2021-42549
+ RESERVED
+CVE-2021-42548
+ RESERVED
+CVE-2021-42547
+ RESERVED
+CVE-2021-42546
+ RESERVED
+CVE-2021-42545
+ RESERVED
+CVE-2021-42544
+ RESERVED
+CVE-2021-42543
+ RESERVED
+CVE-2021-42542
+ RESERVED
+CVE-2021-42541
+ RESERVED
+CVE-2021-42540
+ RESERVED
+CVE-2021-42539
+ RESERVED
+CVE-2021-42538
+ RESERVED
+CVE-2021-42537
+ RESERVED
+CVE-2021-42536
+ RESERVED
+CVE-2021-42535
+ RESERVED
+CVE-2021-42534
+ RESERVED
+CVE-2021-42533
+ RESERVED
+CVE-2021-42532
+ RESERVED
+CVE-2021-42531
+ RESERVED
+CVE-2021-42530
+ RESERVED
+CVE-2021-42529
+ RESERVED
+CVE-2021-42528
+ RESERVED
+CVE-2021-42527
+ RESERVED
+CVE-2021-42526
+ RESERVED
+CVE-2021-42525
+ RESERVED
+CVE-2021-42524
+ RESERVED
+CVE-2021-3891
+ RESERVED
+CVE-2021-3890
+ RESERVED
+CVE-2021-3889
+ RESERVED
+CVE-2021-3888
+ RESERVED
+CVE-2021-3887
+ RESERVED
CVE-2022-20611
RESERVED
CVE-2022-20610
@@ -1405,22 +1485,22 @@ CVE-2021-42338
RESERVED
CVE-2021-42337
RESERVED
-CVE-2021-42336
- RESERVED
-CVE-2021-42335
- RESERVED
-CVE-2021-42334
- RESERVED
-CVE-2021-42333
- RESERVED
-CVE-2021-42332
- RESERVED
-CVE-2021-42331
- RESERVED
-CVE-2021-42330
- RESERVED
-CVE-2021-42329
- RESERVED
+CVE-2021-42336 (The learning history page of the Easytest is vulnerable by permission ...)
+ TODO: check
+CVE-2021-42335 (Easytest bulletin board management function of online learning platfor ...)
+ TODO: check
+CVE-2021-42334 (The Easytest contains SQL injection vulnerabilities. After obtaining a ...)
+ TODO: check
+CVE-2021-42333 (The Easytest contains SQL injection vulnerabilities. After obtaining u ...)
+ TODO: check
+CVE-2021-42332 (The “List View” function of ShinHer StudyOnline System is ...)
+ TODO: check
+CVE-2021-42331 (The “Study Edit” function of ShinHer StudyOnline System do ...)
+ TODO: check
+CVE-2021-42330 (The “Teacher Edit” function of ShinHer StudyOnline System ...)
+ TODO: check
+CVE-2021-42329 (The “List_Add” function of message board of ShinHer StudyO ...)
+ TODO: check
CVE-2022-20111
RESERVED
CVE-2022-20110
@@ -1760,8 +1840,8 @@ CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session auth
- ledgersmb <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d/
NOTE: https://ledgersmb.org/content/security-advisory-cve-2021-3882-non-secure-session-cookie
-CVE-2021-3881
- RESERVED
+CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read ...)
+ TODO: check
CVE-2021-3880
RESERVED
CVE-2021-3879
@@ -1781,8 +1861,8 @@ CVE-2021-42257 (check_smart before 6.9.1 allows unintended drive access by an un
NOT-FOR-US: check_smart Icinga plugin
CVE-2021-42256
RESERVED
-CVE-2021-3878
- RESERVED
+CVE-2021-3878 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
+ TODO: check
CVE-2021-42255
RESERVED
CVE-2021-42254
@@ -1842,7 +1922,7 @@ CVE-2021-42230
RESERVED
CVE-2021-42229
RESERVED
-CVE-2021-42228 (Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot 4 ...)
+CVE-2021-42228 (A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor ...)
NOT-FOR-US: KindEditor
CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...)
NOT-FOR-US: KindEditor
@@ -2036,8 +2116,8 @@ CVE-2021-42134 (The Unicorn framework before 0.36.1 for Django allows XSS via a
NOT-FOR-US: Django Unicorn, different from src:unicorn
CVE-2021-3876
RESERVED
-CVE-2021-3875
- RESERVED
+CVE-2021-3875 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ TODO: check
CVE-2021-42133
RESERVED
CVE-2021-42132
@@ -2086,8 +2166,8 @@ CVE-2021-42111
RESERVED
CVE-2021-42110
RESERVED
-CVE-2021-3874
- RESERVED
+CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
+ TODO: check
CVE-2021-3873
RESERVED
CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...)
@@ -3910,8 +3990,8 @@ CVE-2021-41322 (Polycom VVX 400/410 version 5.3.1 allows low-privileged users to
NOT-FOR-US: Poly VVX 400/410
CVE-2021-41321
RESERVED
-CVE-2021-41320
- RESERVED
+CVE-2021-41320 (A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4 ...)
+ TODO: check
CVE-2021-41319
RESERVED
CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an application endpo ...)
@@ -4296,10 +4376,10 @@ CVE-2021-41150
RESERVED
CVE-2021-41149
RESERVED
-CVE-2021-41148
- RESERVED
-CVE-2021-41147
- RESERVED
+CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
+ TODO: check
+CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
+ TODO: check
CVE-2021-41146
RESERVED
CVE-2021-41145
@@ -4481,6 +4561,7 @@ CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/09/18/2
CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...)
+ {DSA-4987-1}
- squashfs-tools 1:4.5-3 (bug #994262)
NOTE: Prerequisites:
NOTE: https://github.com/plougher/squashfs-tools/commit/80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36
@@ -4635,34 +4716,34 @@ CVE-2021-41001
RESERVED
CVE-2021-41000
RESERVED
-CVE-2021-40999
- RESERVED
-CVE-2021-40998
- RESERVED
-CVE-2021-40997
- RESERVED
-CVE-2021-40996
- RESERVED
-CVE-2021-40995
- RESERVED
-CVE-2021-40994
- RESERVED
-CVE-2021-40993
- RESERVED
-CVE-2021-40992
- RESERVED
-CVE-2021-40991
- RESERVED
-CVE-2021-40990
- RESERVED
-CVE-2021-40989
- RESERVED
-CVE-2021-40988
- RESERVED
-CVE-2021-40987
- RESERVED
-CVE-2021-40986
- RESERVED
+CVE-2021-40999 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-40998 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-40997 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ TODO: check
+CVE-2021-40996 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ TODO: check
+CVE-2021-40995 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-40994 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-40993 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ TODO: check
+CVE-2021-40992 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ TODO: check
+CVE-2021-40991 (A remote disclosure of sensitive information vulnerability was discove ...)
+ TODO: check
+CVE-2021-40990 (A remote disclosure of sensitive information vulnerability was discove ...)
+ TODO: check
+CVE-2021-40989 (A local escalation of privilege vulnerability was discovered in Aruba ...)
+ TODO: check
+CVE-2021-40988 (A remote directory traversal vulnerability was discovered in Aruba Cle ...)
+ TODO: check
+CVE-2021-40987 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
CVE-2021-3800
RESERVED
CVE-2021-40985
@@ -5269,30 +5350,30 @@ CVE-2021-40733
RESERVED
CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...)
NOT-FOR-US: Adobe
-CVE-2021-40731
- RESERVED
-CVE-2021-40730
- RESERVED
-CVE-2021-40729
- RESERVED
-CVE-2021-40728
- RESERVED
+CVE-2021-40731 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ TODO: check
+CVE-2021-40730 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ TODO: check
+CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ TODO: check
+CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ TODO: check
CVE-2021-40727
RESERVED
CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
NOT-FOR-US: Adobe
CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
NOT-FOR-US: Adobe
-CVE-2021-40724
- RESERVED
+CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are affected ...)
+ TODO: check
CVE-2021-40723
RESERVED
CVE-2021-40722
RESERVED
-CVE-2021-40721
- RESERVED
-CVE-2021-40720
- RESERVED
+CVE-2021-40721 (Adobe Connect version 11.2.2 (and earlier) is affected by a reflected ...)
+ TODO: check
+CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...)
+ TODO: check
CVE-2021-40719
RESERVED
CVE-2021-40718
@@ -7283,8 +7364,8 @@ CVE-2021-39866 (A business logic error in the project deletion process in GitLab
- gitlab <unfixed>
CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
NOT-FOR-US: Adobe
-CVE-2021-39864
- RESERVED
+CVE-2021-39864 (Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) an ...)
+ TODO: check
CVE-2021-39863 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
NOT-FOR-US: Adobe
CVE-2021-39862 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
@@ -8455,18 +8536,18 @@ CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated
NOT-FOR-US: WordPress plugin
CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39349
- RESERVED
+CVE-2021-39349 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...)
+ TODO: check
CVE-2021-39348
RESERVED
CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39346
RESERVED
-CVE-2021-39345
- RESERVED
-CVE-2021-39344
- RESERVED
+CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...)
+ TODO: check
+CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...)
+ TODO: check
CVE-2021-39343
RESERVED
CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...)
@@ -8477,20 +8558,20 @@ CVE-2021-39340
RESERVED
CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy and Serv ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39338
- RESERVED
-CVE-2021-39337
- RESERVED
-CVE-2021-39336
- RESERVED
-CVE-2021-39335
- RESERVED
-CVE-2021-39334
- RESERVED
+CVE-2021-39338 (The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2021-39337 (The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2021-39336 (The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2021-39335 (The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2021-39334 (The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Si ...)
+ TODO: check
CVE-2021-39333
RESERVED
-CVE-2021-39332
- RESERVED
+CVE-2021-39332 (The Business Manager WordPress plugin is vulnerable to Stored Cross-Si ...)
+ TODO: check
CVE-2021-39331
RESERVED
CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...)
@@ -10709,10 +10790,10 @@ CVE-2021-38434
RESERVED
CVE-2021-38433
RESERVED
-CVE-2021-38432
- RESERVED
-CVE-2021-38431
- RESERVED
+CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior lacks pr ...)
+ TODO: check
+CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in versions 9.0. ...)
+ TODO: check
CVE-2021-38430
RESERVED
CVE-2021-38429
@@ -12460,14 +12541,14 @@ CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication R
NOT-FOR-US: ManageEngine
CVE-2021-37740
RESERVED
-CVE-2021-37739
- RESERVED
-CVE-2021-37738
- RESERVED
-CVE-2021-37737
- RESERVED
-CVE-2021-37736
- RESERVED
+CVE-2021-37739 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-37738 (A remote disclosure of sensitive information vulnerability was discove ...)
+ TODO: check
+CVE-2021-37737 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ TODO: check
+CVE-2021-37736 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ TODO: check
CVE-2021-37735 (A remote denial of service vulnerability was discovered in Aruba Insta ...)
NOT-FOR-US: Aruba
CVE-2021-37734 (A remote unauthorized read access to files vulnerability was discovere ...)
@@ -32166,8 +32247,8 @@ CVE-2021-29747 (IBM InfoSphere Information Server 11.7 could allow a remote atta
NOT-FOR-US: IBM
CVE-2021-29746
RESERVED
-CVE-2021-29745
- RESERVED
+CVE-2021-29745 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge esc ...)
+ TODO: check
CVE-2021-29744 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...)
NOT-FOR-US: IBM
CVE-2021-29743 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...)
@@ -32298,8 +32379,8 @@ CVE-2021-29681 (IBM InfoSphere Information Server 11.7 could allow an attacker t
NOT-FOR-US: IBM
CVE-2021-29680
RESERVED
-CVE-2021-29679
- RESERVED
+CVE-2021-29679 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated us ...)
+ TODO: check
CVE-2021-29678
RESERVED
CVE-2021-29677 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...)
@@ -36514,8 +36595,8 @@ CVE-2021-28023
RESERVED
CVE-2021-28022
RESERVED
-CVE-2021-28021
- RESERVED
+CVE-2021-28021 (Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...)
+ TODO: check
CVE-2021-28020
RESERVED
CVE-2021-28019
@@ -37571,8 +37652,8 @@ CVE-2021-27563
RESERVED
CVE-2021-27562 (In Arm Trusted Firmware M through 1.2, the NS world may trigger a syst ...)
NOT-FOR-US: Arm Trusted Firmware M
-CVE-2021-27561
- RESERVED
+CVE-2021-27561 (Yealink Device Management (DM) 3.6.0.20 allows command injection as ro ...)
+ TODO: check
CVE-2021-27560
RESERVED
CVE-2021-27559 (The Contact page in Monica 2.19.1 allows stored XSS via the Nickname f ...)
@@ -125354,8 +125435,8 @@ CVE-2020-4953 (IBM Planning Analytics 2.0 could allow a remote authenticated att
NOT-FOR-US: IBM
CVE-2020-4952 (IBM Security Guardium 11.2 could allow an authenticated user to gain r ...)
NOT-FOR-US: IBM
-CVE-2020-4951
- RESERVED
+CVE-2020-4951 (IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser ...)
+ TODO: check
CVE-2020-4950
RESERVED
CVE-2020-4949 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
@@ -204364,10 +204445,10 @@ CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils befo
[stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9
-CVE-2018-16061
- RESERVED
-CVE-2018-16060
- RESERVED
+CVE-2018-16061 (Mitsubishi Electric SmartRTU devices allow XSS via the username parame ...)
+ TODO: check
+CVE-2018-16060 (Mitsubishi Electric SmartRTU devices allow remote attackers to obtain ...)
+ TODO: check
CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Director ...)
NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices
CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...)
@@ -284011,7 +284092,7 @@ CVE-2017-5993 (Memory leak in the vrend_renderer_init_blit_ctx function in vrend
- virglrenderer 0.6.0-1 (bug #858255)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=6eb13f7a2dcf391ec9e19b4c2a79e68305f63c22 (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422438
-CVE-2017-5991 (An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5 ...)
+CVE-2017-5991 (An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9 ...)
{DSA-3797-1}
- mupdf 1.9a+ds1-4 (low)
[wheezy] - mupdf <not-affected> (vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/057701e8d4f4bf0e2de7e8a6a9b4cf8287fe18e3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/057701e8d4f4bf0e2de7e8a6a9b4cf8287fe18e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211015/cf0b467f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list