[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 27 21:10:29 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ddeaf6bc by security tracker role at 2021-10-27T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-43045
+ RESERVED
+CVE-2021-3913
+ RESERVED
CVE-2021-43044
RESERVED
CVE-2021-43043
@@ -414,8 +418,8 @@ CVE-2021-3902
RESERVED
CVE-2021-3901
RESERVED
-CVE-2021-3900
- RESERVED
+CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-42852
RESERVED
CVE-2021-42851
@@ -3861,8 +3865,8 @@ CVE-2021-41874
RESERVED
CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...)
NOT-FOR-US: Penguin Aurora TV Box 41502
-CVE-2021-41872
- RESERVED
+CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...)
+ TODO: check
CVE-2021-41871
RESERVED
CVE-2021-41870
@@ -4447,8 +4451,8 @@ CVE-2021-41621
RESERVED
CVE-2021-41620
RESERVED
-CVE-2021-41619
- RESERVED
+CVE-2021-41619 (An issue was discovered in Gradle Enterprise before 2021.1.2. There is ...)
+ TODO: check
CVE-2021-41618
RESERVED
CVE-2021-41616 (Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intende ...)
@@ -4518,10 +4522,10 @@ CVE-2021-41592 (Blockstream c-lightning through 0.10.1 allows loss of funds beca
NOT-FOR-US: Blockstream c-lightning
CVE-2021-41591 (ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC ex ...)
NOT-FOR-US: ACINQ Eclair
-CVE-2021-41590
- RESERVED
-CVE-2021-41589
- RESERVED
+CVE-2021-41590 (In Gradle Enterprise through 2021.3, probing of the server-side networ ...)
+ TODO: check
+CVE-2021-41589 (In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node be ...)
+ TODO: check
CVE-2021-41588 (In Gradle Enterprise before 2021.1.3, a crafted request can trigger de ...)
NOT-FOR-US: Gradle Enterprise
CVE-2021-41587 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...)
@@ -7978,8 +7982,8 @@ CVE-2021-40127
RESERVED
CVE-2021-40126
RESERVED
-CVE-2021-40125
- RESERVED
+CVE-2021-40125 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...)
+ TODO: check
CVE-2021-40124
RESERVED
CVE-2021-40123 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -7992,16 +7996,16 @@ CVE-2021-40120
RESERVED
CVE-2021-40119
RESERVED
-CVE-2021-40118
- RESERVED
-CVE-2021-40117
- RESERVED
-CVE-2021-40116
- RESERVED
+CVE-2021-40118 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...)
+ TODO: check
+CVE-2021-40117 (A vulnerability in SSL/TLS message handler for Cisco Adaptive Security ...)
+ TODO: check
+CVE-2021-40116 (Multiple Cisco products are affected by a vulnerability in Snort rules ...)
+ TODO: check
CVE-2021-40115
RESERVED
-CVE-2021-40114
- RESERVED
+CVE-2021-40114 (Multiple Cisco products are affected by a vulnerability in the way the ...)
+ TODO: check
CVE-2021-40113
RESERVED
CVE-2021-40112
@@ -12074,8 +12078,8 @@ CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 s
[stretch] - liblivemedia <no-dsa> (Minor issue)
NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021954.html
NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04]
-CVE-2021-38379
- RESERVED
+CVE-2021-38379 (The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permi ...)
+ TODO: check
CVE-2021-38378
RESERVED
CVE-2021-38377
@@ -13576,18 +13580,18 @@ CVE-2021-37810
RESERVED
CVE-2021-37809
RESERVED
-CVE-2021-37808
- RESERVED
-CVE-2021-37807
- RESERVED
-CVE-2021-37806
- RESERVED
-CVE-2021-37805
- RESERVED
+CVE-2021-37808 (SQL Injection vulnerabilities exist in https://phpgurukul.com News Por ...)
+ TODO: check
+CVE-2021-37807 (An SQL Injection vulneraility exists in https://phpgurukul.com Online ...)
+ TODO: check
+CVE-2021-37806 (An SQL Injection vulnerability exists in https://phpgurukul.com Vehicl ...)
+ TODO: check
+CVE-2021-37805 (A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodes ...)
+ TODO: check
CVE-2021-37804
RESERVED
-CVE-2021-37803
- RESERVED
+CVE-2021-37803 (An SQL Injection vulnerability exists in Sourcecodester Online Covid V ...)
+ TODO: check
CVE-2021-37802
RESERVED
CVE-2021-37801
@@ -14891,8 +14895,8 @@ CVE-2021-37223 (Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side R
NOT-FOR-US: Nagios XI
CVE-2021-37222 (Parsers in the open source project RCDCAP before 1.0.5 allow remote at ...)
NOT-FOR-US: RCDCAP
-CVE-2021-37221
- RESERVED
+CVE-2021-37221 (A file upload vulnerability exists in Sourcecodester Customer Relation ...)
+ TODO: check
CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the cached col ...)
- mupdf 1.17.0+ds1-2 (bug #991402)
[buster] - mupdf <no-dsa> (Minor issue; can be fixed via point release)
@@ -16028,8 +16032,8 @@ CVE-2021-36758 (1Password Connect server before 1.2 is missing validation checks
NOT-FOR-US: 1Password
CVE-2021-36757
RESERVED
-CVE-2021-36756
- RESERVED
+CVE-2021-36756 (CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate ...)
+ TODO: check
CVE-2021-36755 (Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via ...)
NOT-FOR-US: Nightscout Web Monitor
CVE-2021-36754 (PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to cra ...)
@@ -20588,34 +20592,34 @@ CVE-2021-34796
RESERVED
CVE-2021-34795
RESERVED
-CVE-2021-34794
- RESERVED
-CVE-2021-34793
- RESERVED
-CVE-2021-34792
- RESERVED
-CVE-2021-34791
- RESERVED
-CVE-2021-34790
- RESERVED
+CVE-2021-34794 (A vulnerability in the Simple Network Management Protocol version 3 (S ...)
+ TODO: check
+CVE-2021-34793 (A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appli ...)
+ TODO: check
+CVE-2021-34792 (A vulnerability in the memory management of Cisco Adaptive Security Ap ...)
+ TODO: check
+CVE-2021-34791 (Multiple vulnerabilities in the Application Level Gateway (ALG) for th ...)
+ TODO: check
+CVE-2021-34790 (Multiple vulnerabilities in the Application Level Gateway (ALG) for th ...)
+ TODO: check
CVE-2021-34789 (A vulnerability in the web-based management interface of Cisco Tetrati ...)
NOT-FOR-US: Cisco
CVE-2021-34788 (A vulnerability in the shared library loading mechanism of Cisco AnyCo ...)
NOT-FOR-US: Cisco
-CVE-2021-34787
- RESERVED
+CVE-2021-34787 (A vulnerability in the identity-based firewall (IDFW) rule processing ...)
+ TODO: check
CVE-2021-34786 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...)
NOT-FOR-US: Cisco
CVE-2021-34785 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...)
NOT-FOR-US: Cisco
CVE-2021-34784
RESERVED
-CVE-2021-34783
- RESERVED
+CVE-2021-34783 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...)
+ TODO: check
CVE-2021-34782 (A vulnerability in the API endpoints for Cisco DNA Center could allow ...)
NOT-FOR-US: Cisco
-CVE-2021-34781
- RESERVED
+CVE-2021-34781 (A vulnerability in the processing of SSH connections for multi-instanc ...)
+ TODO: check
CVE-2021-34780 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
NOT-FOR-US: Cisco
CVE-2021-34779 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
@@ -20648,14 +20652,14 @@ CVE-2021-34766 (A vulnerability in the web UI of Cisco Smart Software Manager On
NOT-FOR-US: Cisco
CVE-2021-34765 (A vulnerability in the web UI for Cisco Nexus Insights could allow an ...)
NOT-FOR-US: Cisco
-CVE-2021-34764
- RESERVED
-CVE-2021-34763
- RESERVED
-CVE-2021-34762
- RESERVED
-CVE-2021-34761
- RESERVED
+CVE-2021-34764 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-34763 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-34762 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ TODO: check
+CVE-2021-34761 (A vulnerability in Cisco Firepower Threat Defense (FTD) Software could ...)
+ TODO: check
CVE-2021-34760 (A vulnerability in the web-based management interface of Cisco TelePre ...)
NOT-FOR-US: Cisco
CVE-2021-34759 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -20664,12 +20668,12 @@ CVE-2021-34758 (A vulnerability in the memory management of Cisco TelePresence C
NOT-FOR-US: Cisco
CVE-2021-34757 (Multiple vulnerabilities in Cisco Business 220 Series Smart Switches f ...)
NOT-FOR-US: Cisco
-CVE-2021-34756
- RESERVED
-CVE-2021-34755
- RESERVED
-CVE-2021-34754
- RESERVED
+CVE-2021-34756 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense ...)
+ TODO: check
+CVE-2021-34755 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense ...)
+ TODO: check
+CVE-2021-34754 (Multiple vulnerabilities in the payload inspection for Ethernet Indust ...)
+ TODO: check
CVE-2021-34753
RESERVED
CVE-2021-34752
@@ -21073,8 +21077,8 @@ CVE-2021-34582
RESERVED
CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerability in ...)
NOT-FOR-US: WAGO
-CVE-2021-34580
- RESERVED
+CVE-2021-34580 (In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can ...)
+ TODO: check
CVE-2021-34579
RESERVED
CVE-2021-34578 (This vulnerability allows an attacker who has access to the WBM to rea ...)
@@ -33213,8 +33217,8 @@ CVE-2021-29870
RESERVED
CVE-2021-29869
RESERVED
-CVE-2021-29868
- RESERVED
+CVE-2021-29868 (IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain s ...)
+ TODO: check
CVE-2021-29867
RESERVED
CVE-2021-29866
@@ -33261,8 +33265,8 @@ CVE-2021-29846
RESERVED
CVE-2021-29845
RESERVED
-CVE-2021-29844
- RESERVED
+CVE-2021-29844 (IBM Jazz Team Server products is vulnerable to server-side request for ...)
+ TODO: check
CVE-2021-29843
RESERVED
CVE-2021-29842 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0 ...)
@@ -33377,8 +33381,8 @@ CVE-2021-29788
RESERVED
CVE-2021-29787
RESERVED
-CVE-2021-29786
- RESERVED
+CVE-2021-29786 (IBM Jazz Team Server products stores user credentials in clear text wh ...)
+ TODO: check
CVE-2021-29785
RESERVED
CVE-2021-29784 (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker t ...)
@@ -33401,8 +33405,8 @@ CVE-2021-29776
RESERVED
CVE-2021-29775 (IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak fo ...)
NOT-FOR-US: IBM
-CVE-2021-29774
- RESERVED
+CVE-2021-29774 (IBM Jazz Team Server products could allow an authenticated user to obt ...)
+ TODO: check
CVE-2021-29773 (IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated ...)
NOT-FOR-US: IBM
CVE-2021-29772 (IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potenti ...)
@@ -33523,8 +33527,8 @@ CVE-2021-29715 (IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote u
NOT-FOR-US: IBM
CVE-2021-29714 (IBM Content Navigator 3.0.CD could allow a malicious user to cause a d ...)
NOT-FOR-US: IBM
-CVE-2021-29713
- RESERVED
+CVE-2021-29713 (IBM Jazz Team Server products are vulnerable to cross-site scripting. ...)
+ TODO: check
CVE-2021-29712 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
NOT-FOR-US: IBM
CVE-2021-29711 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3. ...)
@@ -33603,8 +33607,8 @@ CVE-2021-29675
RESERVED
CVE-2021-29674
RESERVED
-CVE-2021-29673
- RESERVED
+CVE-2021-29673 (IBM Jazz Team Server products are vulnerable to cross-site scripting. ...)
+ TODO: check
CVE-2021-29672 (IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2021-29671 (IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the ...)
@@ -51853,8 +51857,8 @@ CVE-2021-22103
RESERVED
CVE-2021-22102
RESERVED
-CVE-2021-22101
- RESERVED
+CVE-2021-22101 (Cloud Controller versions prior to 1.118.0 are vulnerable to unauthent ...)
+ TODO: check
CVE-2021-22100
RESERVED
CVE-2021-22099
@@ -52889,7 +52893,7 @@ CVE-2021-21704 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x
NOTE: PHP Bug: https://bugs.php.net/76450
NOTE: PHP Bug: https://bugs.php.net/76452
CVE-2021-21703 (In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 a ...)
- {DSA-4993-1 DSA-4992-1}
+ {DSA-4993-1 DSA-4992-1 DLA-2794-1}
- php8.0 <unfixed>
- php7.4 <unfixed> (bug #997003)
- php7.3 <removed>
@@ -57165,8 +57169,8 @@ CVE-2021-20528 (IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting
NOT-FOR-US: IBM
CVE-2021-20527 (IBM Resilient SOAR V38.0 could allow a privileged user to create creat ...)
NOT-FOR-US: IBM
-CVE-2021-20526
- RESERVED
+CVE-2021-20526 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
+ TODO: check
CVE-2021-20525
RESERVED
CVE-2021-20524 (IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site s ...)
@@ -76576,8 +76580,8 @@ CVE-2020-24934
RESERVED
CVE-2020-24933
RESERVED
-CVE-2020-24932
- RESERVED
+CVE-2020-24932 (An SQL Injection vulnerability exists in Sourcecodester Complaint Mana ...)
+ TODO: check
CVE-2020-24931
RESERVED
CVE-2020-24930 (Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open ...)
@@ -84647,8 +84651,8 @@ CVE-2020-21252
RESERVED
CVE-2020-21251
RESERVED
-CVE-2020-21250
- RESERVED
+CVE-2020-21250 (CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vuln ...)
+ TODO: check
CVE-2020-21249
RESERVED
CVE-2020-21248
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddeaf6bc7ca1a3ae3af98dc327b25395cb680ad9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddeaf6bc7ca1a3ae3af98dc327b25395cb680ad9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211027/ee931ef3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list