[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 21 21:10:32 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
30ee6828 by security tracker role at 2021-10-21T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2021-42793
+ RESERVED
+CVE-2021-42792
+ RESERVED
+CVE-2021-42791
+ RESERVED
+CVE-2021-42790
+ RESERVED
+CVE-2021-42789
+ RESERVED
+CVE-2021-42788
+ RESERVED
+CVE-2021-42787
+ RESERVED
+CVE-2021-42786
+ RESERVED
+CVE-2021-42785
+ RESERVED
+CVE-2021-42784
+ RESERVED
+CVE-2021-42783
+ RESERVED
+CVE-2021-42782
+ RESERVED
+CVE-2021-42781
+ RESERVED
+CVE-2021-42780
+ RESERVED
+CVE-2021-42779
+ RESERVED
+CVE-2021-42778
+ RESERVED
CVE-2021-42777
RESERVED
CVE-2021-42776
@@ -103,8 +135,8 @@ CVE-2021-42742
RESERVED
CVE-2021-42741
RESERVED
-CVE-2021-42740
- RESERVED
+CVE-2021-42740 (The shell-quote package before 1.7.3 for Node.js allows command inject ...)
+ TODO: check
CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a buffe ...)
- linux <unfixed>
NOTE: https://seclists.org/oss-sec/2021/q2/46
@@ -155,10 +187,10 @@ CVE-2021-3894
RESERVED
CVE-2021-42717
RESERVED
-CVE-2021-42716
- RESERVED
-CVE-2021-42715
- RESERVED
+CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ...)
+ TODO: check
+CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR ...)
+ TODO: check
CVE-2021-42714
RESERVED
CVE-2021-42713
@@ -2199,8 +2231,7 @@ CVE-2022-20012
RESERVED
CVE-2021-42328
RESERVED
-CVE-2021-42327 [drm/amdgpu: fix out of bounds write]
- RESERVED
+CVE-2021-42327 (dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu ...)
- linux <unfixed>
NOTE: https://lists.freedesktop.org/archives/amd-gfx/2021-October/070170.html
CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of ...)
@@ -2677,22 +2708,22 @@ CVE-2021-3873
RESERVED
CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...)
NOT-FOR-US: VITEC Exterity IPTV products
-CVE-2021-42108
- RESERVED
-CVE-2021-42107
- RESERVED
-CVE-2021-42106
- RESERVED
-CVE-2021-42105
- RESERVED
-CVE-2021-42104
- RESERVED
-CVE-2021-42103
- RESERVED
-CVE-2021-42102
- RESERVED
-CVE-2021-42101
- RESERVED
+CVE-2021-42108 (Unnecessary privilege vulnerabilities in the Web Console of Trend Micr ...)
+ TODO: check
+CVE-2021-42107 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...)
+ TODO: check
+CVE-2021-42106 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...)
+ TODO: check
+CVE-2021-42105 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...)
+ TODO: check
+CVE-2021-42104 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...)
+ TODO: check
+CVE-2021-42103 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...)
+ TODO: check
+CVE-2021-42102 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...)
+ TODO: check
+CVE-2021-42101 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...)
+ TODO: check
CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim <unfixed>
[stretch] - vim <no-dsa> (Minor issue)
@@ -2943,10 +2974,10 @@ CVE-2021-42013 (It was found that the fix for CVE-2021-41773 in Apache HTTP Serv
NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1
CVE-2021-3864
RESERVED
-CVE-2021-42012
- RESERVED
-CVE-2021-42011
- RESERVED
+CVE-2021-42012 (A stack-based buffer overflow vulnerability in Trend Micro Apex One, A ...)
+ TODO: check
+CVE-2021-42011 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...)
+ TODO: check
CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
NOT-FOR-US: snipe-it
CVE-2021-42010
@@ -3360,8 +3391,8 @@ CVE-2021-3847 [low-privileged user privileges escalation]
NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3
CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dangerou ...)
NOT-FOR-US: firefly-iii
-CVE-2021-23139
- RESERVED
+CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and Worry-Free Bu ...)
+ TODO: check
CVE-2021-3845
RESERVED
CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...)
@@ -3467,12 +3498,12 @@ CVE-2021-41794 (ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately tr
NOT-FOR-US: Open5GS
CVE-2021-41793
RESERVED
-CVE-2021-41792
- RESERVED
-CVE-2021-41791
- RESERVED
-CVE-2021-41790
- RESERVED
+CVE-2021-41792 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...)
+ TODO: check
+CVE-2021-41791 (An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 a ...)
+ TODO: check
+CVE-2021-41790 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...)
+ TODO: check
CVE-2021-41789
RESERVED
CVE-2021-41788
@@ -4872,10 +4903,10 @@ CVE-2021-41162
RESERVED
CVE-2021-41161
RESERVED
-CVE-2021-41160
- RESERVED
-CVE-2021-41159
- RESERVED
+CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
+ TODO: check
+CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
+ TODO: check
CVE-2021-41158
RESERVED
CVE-2021-41157
@@ -4900,8 +4931,8 @@ CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end t
NOT-FOR-US: Tuleap
CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
NOT-FOR-US: Tuleap
-CVE-2021-41146
- RESERVED
+CVE-2021-41146 (qutebrowser is an open source keyboard-focused browser with a minimal ...)
+ TODO: check
CVE-2021-41145
RESERVED
CVE-2021-41144
@@ -15231,7 +15262,7 @@ CVE-2021-36801 (Akaunting version 2.1.12 and earlier suffers from an authenticat
NOT-FOR-US: Akaunting
CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code injection iss ...)
NOT-FOR-US: Akaunting
-CVE-2021-36799 (KNX ETS5 uses the hard-coded password ETS5Password, with a salt value ...)
+CVE-2021-36799 (Hard-coded password and salt for encryption of project files in KNX As ...)
NOT-FOR-US: KNX ETS5
CVE-2021-36798 (A Denial-of-Service (DoS) vulnerability was discovered in Team Server ...)
NOT-FOR-US: HelpSystems Cobalt Strike
@@ -18304,8 +18335,8 @@ CVE-2021-35513 (Mermaid before 8.11.0 allows XSS when the antiscript feature is
- node-mermaid 8.7.0+ds+~cs27.17.17-3 (bug #990449)
NOTE: https://github.com/mermaid-js/mermaid/issues/2122
NOTE: https://github.com/mermaid-js/mermaid/pull/2123
-CVE-2021-35512
- RESERVED
+CVE-2021-35512 (An SSRF issue was discovered in Zoho ManageEngine Applications Manager ...)
+ TODO: check
CVE-2021-35511
RESERVED
CVE-2021-35510
@@ -18975,14 +19006,14 @@ CVE-2021-35230
RESERVED
CVE-2021-35229
RESERVED
-CVE-2021-35228
- RESERVED
-CVE-2021-35227
- RESERVED
+CVE-2021-35228 (This vulnerability occurred due to missing input sanitization for one ...)
+ TODO: check
+CVE-2021-35227 (The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and ...)
+ TODO: check
CVE-2021-35226
RESERVED
-CVE-2021-35225
- RESERVED
+CVE-2021-35225 (Each authenticated Orion Platform user in a MSP (Managed Service Provi ...)
+ TODO: check
CVE-2021-35224
RESERVED
CVE-2021-35223 (The Serv-U File Server allows for events such as user login failures t ...)
@@ -32514,8 +32545,8 @@ CVE-2021-29885
RESERVED
CVE-2021-29884
RESERVED
-CVE-2021-29883
- RESERVED
+CVE-2021-29883 (IBM Standards Processing Engine (IBM Transformation Extender Advanced ...)
+ TODO: check
CVE-2021-29882
RESERVED
CVE-2021-29881
@@ -32534,8 +32565,8 @@ CVE-2021-29875
RESERVED
CVE-2021-29874
RESERVED
-CVE-2021-29873
- RESERVED
+CVE-2021-29873 (IBM Flash System 900 could allow an authenticated attacker to obtain s ...)
+ TODO: check
CVE-2021-29872
RESERVED
CVE-2021-29871
@@ -34710,8 +34741,8 @@ CVE-2021-3457 (An improper authorization handling flaw was found in Foreman. The
CVE-2021-3456
RESERVED
- foreman <itp> (bug #663101)
-CVE-2021-28975
- RESERVED
+CVE-2021-28975 (WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's de ...)
+ TODO: check
CVE-2021-28974
RESERVED
CVE-2021-28973 (The XML Import functionality of the Administration console in Perforce ...)
@@ -35924,8 +35955,8 @@ CVE-2021-28498 (In Arista's MOS (Metamako Operating System) software which is su
NOT-FOR-US: Arista
CVE-2021-28497 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
NOT-FOR-US: Arista
-CVE-2021-28496
- RESERVED
+CVE-2021-28496 (On systems running Arista EOS and CloudEOS with the affected release v ...)
+ TODO: check
CVE-2021-28495 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
NOT-FOR-US: Arista
CVE-2021-28494 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
@@ -57767,8 +57798,8 @@ CVE-2021-20122 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00
NOT-FOR-US: Telus Wi-Fi Hub
CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...)
NOT-FOR-US: Telus Wi-Fi Hub
-CVE-2021-20120
- RESERVED
+CVE-2021-20120 (The administration web interface for the Arris Surfboard SB8200 lacks ...)
+ TODO: check
CVE-2021-20119
RESERVED
CVE-2021-20118 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege ...)
@@ -70118,8 +70149,8 @@ CVE-2020-27306
RESERVED
CVE-2020-27305
RESERVED
-CVE-2020-27304
- RESERVED
+CVE-2020-27304 (The CivetWeb web library does not validate uploaded filepaths when run ...)
+ TODO: check
CVE-2020-27303
RESERVED
CVE-2020-27302 (A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devi ...)
@@ -100054,8 +100085,8 @@ CVE-2020-14265
RESERVED
CVE-2020-14264
RESERVED
-CVE-2020-14263
- RESERVED
+CVE-2020-14263 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...)
+ TODO: check
CVE-2020-14262
RESERVED
CVE-2020-14261
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30ee682812ea3081bd8d72bd26ab8c3452fb6543
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30ee682812ea3081bd8d72bd26ab8c3452fb6543
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211021/4ee0d918/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list