[Git][security-tracker-team/security-tracker][master] automatic update

Fri Oct 29 21:10:24 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
898e84b3 by security tracker role at 2021-10-29T20:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3968,8 +3968,8 @@ CVE-2021-41876
 	RESERVED
 CVE-2021-41875
 	RESERVED
-CVE-2021-41874
-	RESERVED
+CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of Portain ...)
+	TODO: check
 CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...)
 	NOT-FOR-US: Penguin Aurora TV Box 41502
 CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...)
@@ -4296,12 +4296,12 @@ CVE-2021-41750
 	RESERVED
 CVE-2021-41749
 	RESERVED
-CVE-2021-41748
-	RESERVED
+CVE-2021-41748 (An Incorrect Access Control issue exists in all versions of Portainer. ...)
+	TODO: check
 CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...)
 	NOT-FOR-US: Csdn APP
-CVE-2021-41746
-	RESERVED
+CVE-2021-41746 (SQL Injection vulnerability exists in all versions of Yonyou TurboCRM. ...)
+	TODO: check
 CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can us ...)
 	NOT-FOR-US: ShowDoc
 CVE-2021-41744 (All versions of yongyou PLM are affected by a command injection issue. ...)
@@ -4444,12 +4444,12 @@ CVE-2021-41678
 	RESERVED
 CVE-2021-41677
 	RESERVED
-CVE-2021-41676
-	RESERVED
-CVE-2021-41675
-	RESERVED
-CVE-2021-41674
-	RESERVED
+CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...)
+	TODO: check
+CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...)
+	TODO: check
+CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosyo Syst ...)
+	TODO: check
 CVE-2021-41673
 	RESERVED
 CVE-2021-41672
@@ -4504,14 +4504,14 @@ CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC onlin
 	NOT-FOR-US: PuneethReddyHC online-shopping-system
 CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL injection vul ...)
 	NOT-FOR-US: Kaushik Jadhav Online Food Ordering Web App
-CVE-2021-41646
-	RESERVED
-CVE-2021-41645
-	RESERVED
-CVE-2021-41644
-	RESERVED
-CVE-2021-41643
-	RESERVED
+CVE-2021-41646 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Onl ...)
+	TODO: check
+CVE-2021-41645 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Bud ...)
+	TODO: check
+CVE-2021-41644 (Remote Code Exection (RCE) vulnerability exists in Sourcecodester Onli ...)
+	TODO: check
+CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Chu ...)
+	TODO: check
 CVE-2021-41642
 	RESERVED
 CVE-2021-41641
@@ -5526,14 +5526,14 @@ CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasin
 	NOT-FOR-US: Roblox-Purchasing-Hub
 CVE-2021-41190
 	RESERVED
-CVE-2021-41189
-	RESERVED
+CVE-2021-41189 (DSpace is an open source turnkey repository application. In version 7. ...)
+	TODO: check
 CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...)
 	NOT-FOR-US: Shopware
 CVE-2021-41187
 	RESERVED
-CVE-2021-41186
-	RESERVED
+CVE-2021-41186 (Fluentd collects events from various data sources and writes them to f ...)
+	TODO: check
 CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...)
 	NOT-FOR-US: Mycodo
 CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
@@ -7570,8 +7570,8 @@ CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of Obje
 	NOTE: https://github.com/immerjs/immer
 CVE-2021-40331
 	RESERVED
-CVE-2021-3756
-	RESERVED
+CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow ...)
+	TODO: check
 CVE-2021-3755
 	REJECTED
 CVE-2021-3754
@@ -10340,8 +10340,8 @@ CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior
 	NOT-FOR-US: OpenOlat
 CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A path trave ...)
 	NOT-FOR-US: OpenOLAT
-CVE-2021-39179
-	RESERVED
+CVE-2021-39179 (DHIS 2 is an information system for data capture, management, validati ...)
+	TODO: check
 CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 and 1 ...)
 	NOT-FOR-US: next.js
 CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...)
@@ -14630,8 +14630,8 @@ CVE-2021-37404
 	RESERVED
 CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive Authent ...)
 	NOT-FOR-US: firefly-iii
-CVE-2021-3662
-	RESERVED
+CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to  ...)
+	TODO: check
 CVE-2021-3661
 	RESERVED
 CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
@@ -19725,8 +19725,8 @@ CVE-2021-35239 (A security researcher found a user with Orion map manage rights
 	NOT-FOR-US: SolarWinds
 CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through URL POST ...)
 	NOT-FOR-US: Solarwinds
-CVE-2021-35237
-	RESERVED
+CVE-2021-35237 (A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left ...)
+	TODO: check
 CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7 ...)
 	NOT-FOR-US: SolarWinds
 CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog Server  ...)
@@ -28018,8 +28018,8 @@ CVE-2021-31863 (Insufficient input validation in the Git repository integration
 	- redmine <unfixed> (bug #990792)
 	NOTE: https://www.redmine.org/news/131
 	NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20962
-CVE-2021-31862
-	RESERVED
+CVE-2021-31862 (SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter withou ...)
+	TODO: check
 CVE-2021-31861
 	RESERVED
 CVE-2021-31860
@@ -28681,14 +28681,14 @@ CVE-2021-31629
 	RESERVED
 CVE-2021-31628
 	RESERVED
-CVE-2021-31627
-	RESERVED
+CVE-2021-31627 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6 ...)
+	TODO: check
 CVE-2021-31626
 	RESERVED
 CVE-2021-31625
 	RESERVED
-CVE-2021-31624
-	RESERVED
+CVE-2021-31624 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6 ...)
+	TODO: check
 CVE-2021-31623
 	RESERVED
 CVE-2021-31622
@@ -37314,8 +37314,8 @@ CVE-2021-28218
 	RESERVED
 CVE-2021-28217
 	RESERVED
-CVE-2021-3441
-	RESERVED
+CVE-2021-3441 (A potential security vulnerability has been identified for the HP Offi ...)
+	TODO: check
 CVE-2021-3440
 	RESERVED
 CVE-2021-3439
@@ -52110,10 +52110,10 @@ CVE-2021-22040
 	RESERVED
 CVE-2021-22039
 	RESERVED
-CVE-2021-22038
-	RESERVED
-CVE-2021-22037
-	RESERVED
+CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary  ...)
+	TODO: check
+CVE-2021-22037 (Under certain circumstances, when manipulating the Windows registry, I ...)
+	TODO: check
 CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redi ...)
 	NOT-FOR-US: VMware
 CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Se ...)
@@ -82851,8 +82851,8 @@ CVE-2020-22081
 	RESERVED
 CVE-2020-22080
 	RESERVED
-CVE-2020-22079
-	RESERVED
+CVE-2020-22079 (Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0 ...)
+	TODO: check
 CVE-2020-22078
 	RESERVED
 CVE-2020-22077



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/898e84b3194695cfed286c6a67beb0fb69042c0f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/898e84b3194695cfed286c6a67beb0fb69042c0f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211029/d7e64a3c/attachment-0001.htm>
