[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 27 09:10:19 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
046c7072 by security tracker role at 2021-10-27T08:10:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2021-43044
+ RESERVED
+CVE-2021-43043
+ RESERVED
+CVE-2021-43042
+ RESERVED
+CVE-2021-43041
+ RESERVED
+CVE-2021-43040
+ RESERVED
+CVE-2021-43039
+ RESERVED
+CVE-2021-43038
+ RESERVED
+CVE-2021-43037
+ RESERVED
+CVE-2021-43036
+ RESERVED
+CVE-2021-43035
+ RESERVED
+CVE-2021-43034
+ RESERVED
+CVE-2021-43033
+ RESERVED
+CVE-2021-3912
+ RESERVED
+CVE-2021-3911
+ RESERVED
+CVE-2021-3910
+ RESERVED
+CVE-2021-3909
+ RESERVED
+CVE-2021-3908
+ RESERVED
+CVE-2021-3907
+ RESERVED
CVE-2021-3906
RESERVED
CVE-2018-25019
@@ -3837,8 +3873,8 @@ CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated attacker
CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...)
- onionshare <undetermined>
TODO: check details, exact fixing commits unclear
-CVE-2021-41866
- RESERVED
+CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...)
+ TODO: check
CVE-2021-3853
RESERVED
CVE-2021-3852
@@ -11875,8 +11911,8 @@ CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network Manage
NOT-FOR-US: Moxa
CVE-2021-38451 (The affected product’s proprietary protocol CSC allows for calli ...)
NOT-FOR-US: AUVESY
-CVE-2021-38450
- RESERVED
+CVE-2021-38450 (The affected controllers do not properly sanitize the input containing ...)
+ TODO: check
CVE-2021-38449 (Some API functions permit by-design writing or copying data into a giv ...)
NOT-FOR-US: AUVESY
CVE-2021-38448
@@ -15091,26 +15127,26 @@ CVE-2021-37133
RESERVED
CVE-2021-37132
RESERVED
-CVE-2021-37131
- RESERVED
-CVE-2021-37130
- RESERVED
-CVE-2021-37129
- RESERVED
+CVE-2021-37131 (There is a CSV injection vulnerability in ManageOne, iManager NetEco a ...)
+ TODO: check
+CVE-2021-37130 (There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The ...)
+ TODO: check
+CVE-2021-37129 (There is an out of bounds write vulnerability in some Huawei products. ...)
+ TODO: check
CVE-2021-37128
RESERVED
-CVE-2021-37127
- RESERVED
+CVE-2021-37127 (There is a signature management vulnerability in some huawei products. ...)
+ TODO: check
CVE-2021-37126
RESERVED
CVE-2021-37125
RESERVED
-CVE-2021-37124
- RESERVED
+CVE-2021-37124 (There is a path traversal vulnerability in Huawei PC product. Because ...)
+ TODO: check
CVE-2021-37123 (There is an improper authentication vulnerability in Hero-CT060 before ...)
NOT-FOR-US: Hero-CT060
-CVE-2021-37122
- RESERVED
+CVE-2021-37122 (There is a use-after-free (UAF) vulnerability in Huawei products. An a ...)
+ TODO: check
CVE-2021-37121
RESERVED
CVE-2021-37120
@@ -19559,14 +19595,14 @@ CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through UR
NOT-FOR-US: Solarwinds
CVE-2021-35237
RESERVED
-CVE-2021-35236
- RESERVED
-CVE-2021-35235
- RESERVED
+CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7 ...)
+ TODO: check
+CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog Server ...)
+ TODO: check
CVE-2021-35234
RESERVED
-CVE-2021-35233
- RESERVED
+CVE-2021-35233 (The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server ...)
+ TODO: check
CVE-2021-35232
RESERVED
CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...)
@@ -24944,8 +24980,8 @@ CVE-2021-32953
RESERVED
CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure ...)
NOT-FOR-US: Open Design Alliance
-CVE-2021-32951
- RESERVED
+CVE-2021-32951 (WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper aut ...)
+ TODO: check
CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF files in ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32949
@@ -30335,7 +30371,8 @@ CVE-2021-30853
REJECTED
CVE-2021-30852
REJECTED
-CVE-2021-30851 (A memory corruption vulnerability was addressed with improved locking.)
+CVE-2021-30851
+ REJECTED
- webkit2gtk 2.34.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.34.1-1
@@ -30343,11 +30380,13 @@ CVE-2021-30851 (A memory corruption vulnerability was addressed with improved lo
CVE-2021-30850 (An access issue was addressed with improved access restrictions. This ...)
NOT-FOR-US: Apple
CVE-2021-30849 (Multiple memory corruption issues were addressed with improved memory ...)
+ {DSA-4976-1 DSA-4975-1}
- webkit2gtk 2.32.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.4-1
NOTE: https://webkitgtk.org/security/WSA-2021-0006.html
CVE-2021-30848 (A memory corruption issue was addressed with improved memory handling. ...)
+ {DSA-4976-1 DSA-4975-1}
- webkit2gtk 2.32.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.4-1
@@ -41048,8 +41087,8 @@ CVE-2021-26612
RESERVED
CVE-2021-26611
RESERVED
-CVE-2021-26610
- RESERVED
+CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform an integ ...)
+ TODO: check
CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A SQL-Inject ...)
NOT-FOR-US: WordPress plugin
CVE-2021-26608 (An arbitrary file download and execution vulnerability was found in th ...)
@@ -47751,8 +47790,8 @@ CVE-2021-23879 (Unquoted service path vulnerability in McAfee Endpoint Product R
NOT-FOR-US: McAfee
CVE-2021-23878 (Clear text storage of sensitive Information in memory vulnerability in ...)
NOT-FOR-US: McAfee
-CVE-2021-23877
- RESERVED
+CVE-2021-23877 (Privilege escalation vulnerability in the Windows trial installer of M ...)
+ TODO: check
CVE-2021-23876 (Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to ...)
NOT-FOR-US: McAfee
CVE-2021-23875
@@ -81064,8 +81103,8 @@ CVE-2020-22866
RESERVED
CVE-2020-22865
RESERVED
-CVE-2020-22864
- RESERVED
+CVE-2020-22864 (A cross site scripting (XSS) vulnerability in the Insert Video functio ...)
+ TODO: check
CVE-2020-22863
RESERVED
CVE-2020-22862
@@ -118863,8 +118902,8 @@ CVE-2020-7869 (An improper input validation vulnerability of ZOOK software (remo
NOT-FOR-US: ZOOK software
CVE-2020-7868 (A remote code execution vulnerability exists in helpUS(remote administ ...)
NOT-FOR-US: helpUS(remote administration tool)
-CVE-2020-7867
- RESERVED
+CVE-2020-7867 (An improper input validation vulnerability in Helpu solution could all ...)
+ TODO: check
CVE-2020-7866 (When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, ...)
NOT-FOR-US: XPLATFORM
CVE-2020-7865 (A vulnerability(improper input validation) in the ExECM CoreB2B soluti ...)
@@ -185307,8 +185346,8 @@ CVE-2019-3558 (Python Facebook Thrift servers would not error upon receiving mes
NOT-FOR-US: Thrift servers
CVE-2019-3557 (The implementations of streams for bz2 and php://output improperly imp ...)
- hhvm <removed>
-CVE-2019-3556
- RESERVED
+CVE-2019-3556 (HHVM supports the use of an "admin" server which accepts administrativ ...)
+ TODO: check
CVE-2019-3555
RESERVED
CVE-2019-3554 (Wangle's AcceptRoutingHandler incorrectly casts a socket when acceptin ...)
@@ -279900,7 +279939,7 @@ CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurat
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667
NOTE: https://github.com/eclipse/jetty.project/commit/a285deea
CVE-2017-7655 (In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vu ...)
- {DLA-1972-1}
+ {DLA-2793-1 DLA-1972-1}
- mosquitto 1.5.4-1 (low)
[stretch] - mosquitto <no-dsa> (Minor issue)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775
@@ -421010,8 +421049,8 @@ CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x befor
- openssl 1.0.0f-1
CVE-2011-4575 (Cross-site scripting (XSS) vulnerability in the JMX console in JBoss E ...)
NOT-FOR-US: JMX Console
-CVE-2011-4574
- RESERVED
+CVE-2011-4574 (PolarSSL versions prior to v1.1 use the HAVEGE random number generatio ...)
+ TODO: check
CVE-2011-4573 (Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly ...)
NOT-FOR-US: JBoss Operations Network
CVE-2011-4572 (Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF ...)
@@ -422289,12 +422328,12 @@ CVE-2011-4127 (The Linux kernel before 3.2.2 does not properly restrict SG_IO io
{DSA-2443-1 DSA-2389-1}
- libguestfs 1:1.14.8-1
- linux-2.6 <removed>
-CVE-2011-4126
- RESERVED
-CVE-2011-4125
- RESERVED
-CVE-2011-4124
- RESERVED
+CVE-2011-4126 (Race condition issues were found in Calibre at devices/linux_mount_hel ...)
+ TODO: check
+CVE-2011-4125 (A untrusted search path issue was found in Calibre at devices/linux_mo ...)
+ TODO: check
+CVE-2011-4124 (Input validation issues were found in Calibre at devices/linux_mount_h ...)
+ TODO: check
CVE-2011-4123
REJECTED
CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in OpenPAM be ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/046c7072fe1e244f0b05999c099e19063bbc2e3c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/046c7072fe1e244f0b05999c099e19063bbc2e3c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211027/4388f595/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list