[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 22 21:10:27 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
beb2ab04 by security tracker role at 2021-10-22T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2021-42847
+ RESERVED
+CVE-2021-42846
+ RESERVED
+CVE-2021-42845
+ RESERVED
+CVE-2021-42844
+ RESERVED
+CVE-2021-42843
+ RESERVED
+CVE-2021-42842
+ RESERVED
+CVE-2021-42841
+ RESERVED
+CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the system se ...)
+ TODO: check
+CVE-2021-42839
+ RESERVED
+CVE-2021-42838
+ RESERVED
+CVE-2021-42837
+ RESERVED
+CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...)
+ TODO: check
+CVE-2021-42835
+ RESERVED
+CVE-2021-42834
+ RESERVED
+CVE-2021-42833
+ RESERVED
+CVE-2021-42832
+ RESERVED
+CVE-2021-42831
+ RESERVED
+CVE-2021-42830
+ RESERVED
+CVE-2021-42829
+ RESERVED
+CVE-2021-42828
+ RESERVED
+CVE-2021-42827
+ RESERVED
+CVE-2021-42826
+ RESERVED
+CVE-2021-42825
+ RESERVED
+CVE-2021-42824
+ RESERVED
+CVE-2021-42823
+ RESERVED
+CVE-2021-42822
+ RESERVED
+CVE-2021-42821
+ RESERVED
+CVE-2021-42820
+ RESERVED
+CVE-2021-42819
+ RESERVED
+CVE-2021-42818
+ RESERVED
+CVE-2021-42817
+ RESERVED
+CVE-2021-42816
+ RESERVED
+CVE-2021-42815
+ RESERVED
+CVE-2021-42814
+ RESERVED
+CVE-2021-42813
+ RESERVED
+CVE-2021-3896
+ RESERVED
CVE-2021-42812
RESERVED
CVE-2021-42811
@@ -558,8 +630,8 @@ CVE-2021-42558
RESERVED
CVE-2021-42557
RESERVED
-CVE-2021-42556
- RESERVED
+CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...)
+ TODO: check
CVE-2021-42555
RESERVED
CVE-2021-42554
@@ -602,24 +674,24 @@ CVE-2021-42544
RESERVED
CVE-2021-42543
RESERVED
-CVE-2021-42542
- RESERVED
+CVE-2021-42542 (The affected product is vulnerable to directory traversal due to misha ...)
+ TODO: check
CVE-2021-42541
RESERVED
-CVE-2021-42540
- RESERVED
-CVE-2021-42539
- RESERVED
-CVE-2021-42538
- RESERVED
+CVE-2021-42540 (The affected product is vulnerable to a unsanitized extract folder for ...)
+ TODO: check
+CVE-2021-42539 (The affected product is vulnerable to a missing permission validation ...)
+ TODO: check
+CVE-2021-42538 (The affected product is vulnerable to a parameter injection via passph ...)
+ TODO: check
CVE-2021-42537
RESERVED
-CVE-2021-42536
- RESERVED
+CVE-2021-42536 (The affected product is vulnerable to a disclosure of peer username an ...)
+ TODO: check
CVE-2021-42535
RESERVED
-CVE-2021-42534
- RESERVED
+CVE-2021-42534 (The affected product’s web application does not properly neutral ...)
+ TODO: check
CVE-2021-42533
RESERVED
CVE-2021-42532
@@ -2620,8 +2692,8 @@ CVE-2021-42171
RESERVED
CVE-2021-42170
RESERVED
-CVE-2021-42169
- RESERVED
+CVE-2021-42169 (The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite ...)
+ TODO: check
CVE-2021-42168
RESERVED
CVE-2021-42167
@@ -2808,12 +2880,14 @@ CVE-2021-42099
CVE-2021-42098 (An incomplete permission check on entries in Devolutions Remote Deskto ...)
NOT-FOR-US: Devolutions
CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...)
+ {DSA-4991-1}
- mailman <removed>
NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873
NOTE: https://bugs.launchpad.net/mailman/+bug/1947640
NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/
NOTE: https://www.openwall.com/lists/oss-security/2021/10/21/4
CVE-2021-42096 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A cer ...)
+ {DSA-4991-1}
- mailman <removed>
NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873
NOTE: https://bugs.launchpad.net/mailman/+bug/1947639
@@ -3666,14 +3740,14 @@ CVE-2021-41749
RESERVED
CVE-2021-41748
RESERVED
-CVE-2021-41747
- RESERVED
+CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...)
+ TODO: check
CVE-2021-41746
RESERVED
-CVE-2021-41745
- RESERVED
-CVE-2021-41744
- RESERVED
+CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can us ...)
+ TODO: check
+CVE-2021-41744 (All versions of yongyou PLM are affected by a command injection issue. ...)
+ TODO: check
CVE-2021-41743
RESERVED
CVE-2021-41742
@@ -4930,8 +5004,8 @@ CVE-2021-41173
RESERVED
CVE-2021-41172
RESERVED
-CVE-2021-41171
- RESERVED
+CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for research ...)
+ TODO: check
CVE-2021-41170
RESERVED
CVE-2021-41169 (Sulu is an open-source PHP content management system based on the Symf ...)
@@ -11300,80 +11374,80 @@ CVE-2021-38487
RESERVED
CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cl ...)
NOT-FOR-US: InHand Networks IR615 Router
-CVE-2021-38485
- RESERVED
+CVE-2021-38485 (The affected product is vulnerable to improper input validation in the ...)
+ TODO: check
CVE-2021-38484 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38483
RESERVED
CVE-2021-38482 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 we ...)
NOT-FOR-US: InHand Networks IR615 Router
-CVE-2021-38481
- RESERVED
+CVE-2021-38481 (The scheduler service running on a specific TCP port enables the user ...)
+ TODO: check
CVE-2021-38480 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
NOT-FOR-US: InHand Networks IR615 Router
-CVE-2021-38479
- RESERVED
+CVE-2021-38479 (Many API function codes receive raw pointers remotely from the user an ...)
+ TODO: check
CVE-2021-38478 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
NOT-FOR-US: InHand Networks IR615 Router
-CVE-2021-38477
- RESERVED
+CVE-2021-38477 (There are multiple API function codes that permit reading and writing ...)
+ TODO: check
CVE-2021-38476 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 au ...)
NOT-FOR-US: InHand Networks IR615 Router
-CVE-2021-38475
- RESERVED
+CVE-2021-38475 (The database connection to the server is performed by calling a specif ...)
+ TODO: check
CVE-2021-38474 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...)
NOT-FOR-US: InHand Networks IR615 Router
-CVE-2021-38473
- RESERVED
+CVE-2021-38473 (The affected product’s code base doesn’t properly control ...)
+ TODO: check
CVE-2021-38472 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ma ...)
NOT-FOR-US: InHand Networks IR615 Router
-CVE-2021-38471
- RESERVED
+CVE-2021-38471 (There are multiple API function codes that permit data writing to any ...)
+ TODO: check
CVE-2021-38470 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
NOT-FOR-US: InHand Networks IR615 Router
-CVE-2021-38469
- RESERVED
+CVE-2021-38469 (Many of the services used by the affected product do not specify full ...)
+ TODO: check
CVE-2021-38468 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
NOT-FOR-US: InHand Networks IR615 Router
-CVE-2021-38467
- RESERVED
+CVE-2021-38467 (A specific function code receives a raw pointer supplied by the user a ...)
+ TODO: check
CVE-2021-38466 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
NOT-FOR-US: InHand Networks IR615 Router
-CVE-2021-38465
- RESERVED
+CVE-2021-38465 (The webinstaller is a Golang web server executable that enables the ge ...)
+ TODO: check
CVE-2021-38464 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...)
NOT-FOR-US: InHand Networks IR615 Router
-CVE-2021-38463
- RESERVED
+CVE-2021-38463 (The affected product does not properly control the allocation of resou ...)
+ TODO: check
CVE-2021-38462 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
NOT-FOR-US: InHand Networks IR615 Router
-CVE-2021-38461
- RESERVED
+CVE-2021-38461 (The affected product uses a hard-coded blowfish key for encryption/dec ...)
+ TODO: check
CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
NOT-FOR-US: Moxa
-CVE-2021-38459
- RESERVED
+CVE-2021-38459 (The data of a network capture of the initial handshake phase can be us ...)
+ TODO: check
CVE-2021-38458 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
NOT-FOR-US: Moxa
-CVE-2021-38457
- RESERVED
+CVE-2021-38457 (The server permits communication without any authentication procedure, ...)
+ TODO: check
CVE-2021-38456 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
NOT-FOR-US: Moxa
-CVE-2021-38455
- RESERVED
+CVE-2021-38455 (The affected product’s OS Service does not verify any given para ...)
+ TODO: check
CVE-2021-38454 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
NOT-FOR-US: Moxa
-CVE-2021-38453
- RESERVED
+CVE-2021-38453 (Some API functions allow interaction with the registry, which includes ...)
+ TODO: check
CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
NOT-FOR-US: Moxa
-CVE-2021-38451
- RESERVED
+CVE-2021-38451 (The affected product’s proprietary protocol CSC allows for calli ...)
+ TODO: check
CVE-2021-38450
RESERVED
-CVE-2021-38449
- RESERVED
+CVE-2021-38449 (Some API functions permit by-design writing or copying data into a giv ...)
+ TODO: check
CVE-2021-38448
RESERVED
CVE-2021-38447
@@ -16347,8 +16421,8 @@ CVE-2021-36359 (OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticate
NOT-FOR-US: OrbiTeam BSCW Classic
CVE-2021-36358
RESERVED
-CVE-2021-36357
- RESERVED
+CVE-2021-36357 (An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() ...)
+ TODO: check
CVE-2021-36356 (KRAMER VIAware through August 2021 allows remote attackers to execute ...)
NOT-FOR-US: KRAMER VIAware
CVE-2021-36355
@@ -19059,8 +19133,8 @@ CVE-2021-35232
RESERVED
CVE-2021-35231
RESERVED
-CVE-2021-35230
- RESERVED
+CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...)
+ TODO: check
CVE-2021-35229
RESERVED
CVE-2021-35228 (This vulnerability occurred due to missing input sanitization for one ...)
@@ -27390,10 +27464,10 @@ CVE-2021-31837 (Memory corruption vulnerability in the driver file component in
NOT-FOR-US: McAfee
CVE-2021-31836 (Improper privilege management vulnerability in maconfig for McAfee Age ...)
NOT-FOR-US: McAfee
-CVE-2021-31835
- RESERVED
-CVE-2021-31834
- RESERVED
+CVE-2021-31835 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...)
+ TODO: check
+CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrat ...)
+ TODO: check
CVE-2021-31833
RESERVED
CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator extension fo ...)
@@ -27883,8 +27957,8 @@ CVE-2021-31684 (A vulnerability was discovered in the indexOf function of JSONPa
NOTE: Security impact disputed by upstream
CVE-2021-31683
RESERVED
-CVE-2021-31682
- RESERVED
+CVE-2021-31682 (The login portal for the Automated Logic WebCTRL/WebCTRL OEM web appli ...)
+ TODO: check
CVE-2021-31681
RESERVED
CVE-2021-31680
@@ -31275,8 +31349,8 @@ CVE-2021-30361
RESERVED
CVE-2021-30360
RESERVED
-CVE-2021-30359
- RESERVED
+CVE-2021-30359 (The Harmony Browse and the SandBlast Agent for Browsers installers mus ...)
+ TODO: check
CVE-2021-30358 (Mobile Access Portal Native Applications who's path is defined by the ...)
NOT-FOR-US: Mobile Access Portal Native Applications
CVE-2021-30357 (SSL Network Extender Client for Linux before build 800008302 reveals p ...)
@@ -32698,8 +32772,8 @@ CVE-2021-29837 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1
NOT-FOR-US: IBM
CVE-2021-29836 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 ...)
NOT-FOR-US: IBM
-CVE-2021-29835
- RESERVED
+CVE-2021-29835 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnera ...)
+ TODO: check
CVE-2021-29834 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0. ...)
NOT-FOR-US: IBM
CVE-2021-29833 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
@@ -48129,7 +48203,7 @@ CVE-2021-23451
RESERVED
CVE-2021-23450
RESERVED
-CVE-2021-23449 (This affects the package vm2 before 3.9.4. Prototype Pollution attack ...)
+CVE-2021-23449 (This affects the package vm2 before 3.9.4 via a Prototype Pollution at ...)
TODO: check
CVE-2021-23448 (All versions of package config-handler are vulnerable to Prototype Pol ...)
TODO: check
@@ -48146,9 +48220,10 @@ CVE-2021-23443 (This affects the package edge.js before 5.3.2. A type confusion
NOT-FOR-US: Node edge.js
CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global proto o ...)
NOT-FOR-US: Node @cookiex/deep
-CVE-2021-23441 (All versions of package com.jsoniter:jsoniter are vulnerable to Deseri ...)
+CVE-2021-23441
+ REJECTED
NOT-FOR-US: com.jsoniter:jsoniter
-CVE-2021-23440 (This affects the package set-value before 4.0.1. A type confusion vuln ...)
+CVE-2021-23440 (This affects the package set-value before <2.0.1, >=3.0.0 <4. ...)
- node-set-value 3.0.1-3 (bug #994448)
[bullseye] - node-set-value 3.0.1-2+deb11u1
[buster] - node-set-value <no-dsa> (Minor issue)
@@ -65829,8 +65904,7 @@ CVE-2021-0872
RESERVED
CVE-2021-0871
RESERVED
-CVE-2021-0870
- RESERVED
+CVE-2021-0870 (In RW_SetActivatedTagType of rw_main.cc, there is possible memory corr ...)
NOT-FOR-US: Android
CVE-2021-0869 (In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out ...)
NOT-FOR-US: Android
@@ -66154,24 +66228,19 @@ CVE-2021-0710
RESERVED
CVE-2021-0709
RESERVED
-CVE-2021-0708
- RESERVED
+CVE-2021-0708 (In runDumpHeap of ActivityManagerShellCommand.java, there is a possibl ...)
NOT-FOR-US: Android
CVE-2021-0707
RESERVED
-CVE-2021-0706
- RESERVED
+CVE-2021-0706 (In startListening of PluginManagerImpl.java, there is a possible way t ...)
NOT-FOR-US: Android
-CVE-2021-0705
- RESERVED
+CVE-2021-0705 (In sanitizeSbn of NotificationManagerService.java, there is a possible ...)
NOT-FOR-US: Android
CVE-2021-0704
RESERVED
-CVE-2021-0703
- RESERVED
+CVE-2021-0703 (In SecondStageMain of init.cpp, there is a possible use after free due ...)
NOT-FOR-US: Android
-CVE-2021-0702
- RESERVED
+CVE-2021-0702 (In RevertActiveSessions of apexd.cpp, there is a possible way to share ...)
NOT-FOR-US: Android
CVE-2021-0701
RESERVED
@@ -66272,11 +66341,9 @@ CVE-2021-0654 (In isRealSnapshot of TaskThumbnailView.java, there is possible da
NOT-FOR-US: Android
CVE-2021-0653
RESERVED
-CVE-2021-0652
- RESERVED
+CVE-2021-0652 (In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a p ...)
NOT-FOR-US: Android
-CVE-2021-0651
- RESERVED
+CVE-2021-0651 (In loadLabel of PackageItemInfo.java, there is a possible way to DoS a ...)
NOT-FOR-US: Android
CVE-2021-0650
RESERVED
@@ -66292,8 +66359,7 @@ CVE-2021-0645 (In shouldBlockFromTree of ExternalStorageProvider.java, there is
NOT-FOR-US: Android
CVE-2021-0644 (In conditionallyRemoveIdentifiers of SubscriptionController.java, ther ...)
NOT-FOR-US: Android
-CVE-2021-0643
- RESERVED
+CVE-2021-0643 (In getAllSubInfoList of SubscriptionController.java, there is a possib ...)
NOT-FOR-US: Android
CVE-2021-0642 (In onResume of VoicemailSettingsFragment.java, there is a possible way ...)
NOT-FOR-US: Android
@@ -66620,8 +66686,7 @@ CVE-2021-0485 (In getMinimalSize of PipBoundsAlgorithm.java, there is a possible
NOT-FOR-US: Android
CVE-2021-0484 (In readVector of IMediaPlayer.cpp, there is a possible read of uniniti ...)
NOT-FOR-US: Android media framework
-CVE-2021-0483
- RESERVED
+CVE-2021-0483 (In multiple methods of AAudioService, there is a possible use-after-fr ...)
NOT-FOR-US: Android media framework
CVE-2021-0482 (In BinderDiedCallback of MediaCodec.cpp, there is a possible memory co ...)
NOT-FOR-US: Android media framework
@@ -97896,7 +97961,7 @@ CVE-2020-15013
CVE-2020-15012 (A Directory Traversal issue was discovered in Sonatype Nexus Repositor ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via the C ...)
- {DLA-2276-1 DLA-2265-1}
+ {DSA-4991-1 DLA-2276-1 DLA-2265-1}
- mailman <removed>
NOTE: https://bugs.launchpad.net/mailman/+bug/1877379
NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1848
@@ -105910,7 +105975,7 @@ CVE-2020-12110 (Certain TP-Link devices have a Hardcoded Encryption Key. This af
CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC200 2. ...)
NOT-FOR-US: TP-Link
CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...)
- {DLA-2276-1 DLA-2204-1}
+ {DSA-4991-1 DLA-2276-1 DLA-2204-1}
- mailman <removed>
NOTE: https://bugs.launchpad.net/mailman/+bug/1873722
NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1844
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/beb2ab04d6ef3be0c69446e9e2c552433dfd9369
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/beb2ab04d6ef3be0c69446e9e2c552433dfd9369
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211022/9fc71306/attachment.htm>
More information about the debian-security-tracker-commits
mailing list