[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 10 21:11:00 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dd5e3cb1 by security tracker role at 2021-09-10T20:10:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2021-40864 (The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFIC ...)
+ TODO: check
+CVE-2021-40863
+ RESERVED
+CVE-2021-40862
+ RESERVED
+CVE-2021-40861
+ RESERVED
+CVE-2021-40860
+ RESERVED
+CVE-2021-40859
+ RESERVED
+CVE-2021-40858
+ RESERVED
+CVE-2021-40857
+ RESERVED
+CVE-2021-40856
+ RESERVED
+CVE-2021-40855
+ RESERVED
+CVE-2021-40854
+ RESERVED
+CVE-2021-40853
+ RESERVED
+CVE-2021-40852
+ RESERVED
+CVE-2021-40851
+ RESERVED
+CVE-2021-40850
+ RESERVED
CVE-2021-40849
RESERVED
CVE-2021-40848
@@ -86,6 +116,7 @@ CVE-2021-3782
RESERVED
CVE-2021-3781 [Include device specifier strings in access validation]
RESERVED
+ {DSA-4972-1}
- ghostscript 9.53.3~dfsg-8 (bug #994011)
[buster] - ghostscript <not-affected> (Vulnerable code introduced later)
[stretch] - ghostscript <not-affected> (Vulnerable code introduced later)
@@ -1067,8 +1098,8 @@ CVE-2021-40375
RESERVED
CVE-2021-40374
RESERVED
-CVE-2021-40373
- RESERVED
+CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP c ...)
+ TODO: check
CVE-2021-40372
RESERVED
CVE-2021-40371
@@ -1123,8 +1154,7 @@ CVE-2021-40349
RESERVED
CVE-2021-40348
RESERVED
-CVE-2021-40347 [Check a user owns the email they are trying to unsubscribe]
- RESERVED
+CVE-2021-40347 (An issue was discovered in views/list.py in GNU Mailman Postorius befo ...)
{DSA-4970-1}
- postorius 1.3.5-1 (bug #993746)
NOTE: https://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474b
@@ -3225,7 +3255,7 @@ CVE-2021-39373 (Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attac
NOT-FOR-US: Samsung
CVE-2021-39372
RESERVED
-CVE-2021-39371 (An XML external entity (XXE) injection in PyWPS before 4.5.0 allows an ...)
+CVE-2021-39371 (An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an ...)
{DLA-2754-1}
- pywps 4.5.0-1
[bullseye] - pywps <no-dsa> (Minor issue)
@@ -5303,7 +5333,7 @@ CVE-2021-38494
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38494
CVE-2021-38493
RESERVED
- {DSA-4969-1}
+ {DSA-4969-1 DLA-2756-1}
- firefox 92.0-1
- firefox-esr 78.14.0esr-1
- thunderbird 1:78.14.0-1
@@ -5615,34 +5645,34 @@ CVE-2021-38362
RESERVED
CVE-2021-38361
RESERVED
-CVE-2021-38360
- RESERVED
-CVE-2021-38359
- RESERVED
-CVE-2021-38358
- RESERVED
-CVE-2021-38357
- RESERVED
+CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to restrictive loca ...)
+ TODO: check
+CVE-2021-38359 (The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions Wor ...)
+ TODO: check
+CVE-2021-38358 (The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site S ...)
+ TODO: check
+CVE-2021-38357 (The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scr ...)
+ TODO: check
CVE-2021-38356
RESERVED
-CVE-2021-38355
- RESERVED
-CVE-2021-38354
- RESERVED
-CVE-2021-38353
- RESERVED
-CVE-2021-38352
- RESERVED
-CVE-2021-38351
- RESERVED
-CVE-2021-38350
- RESERVED
-CVE-2021-38349
- RESERVED
-CVE-2021-38348
- RESERVED
-CVE-2021-38347
- RESERVED
+CVE-2021-38355 (The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ TODO: check
+CVE-2021-38354 (The GNU-Mailman Integration WordPress plugin is vulnerable to Reflecte ...)
+ TODO: check
+CVE-2021-38353 (The Dropdown and scrollable Text WordPress plugin is vulnerable to Ref ...)
+ TODO: check
+CVE-2021-38352 (The Feedify – Web Push Notifications WordPress plugin is vulnera ...)
+ TODO: check
+CVE-2021-38351 (The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Si ...)
+ TODO: check
+CVE-2021-38350 (The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Si ...)
+ TODO: check
+CVE-2021-38349 (The Integration of Moneybird for WooCommerce WordPress plugin is vulne ...)
+ TODO: check
+CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected Cross-S ...)
+ TODO: check
+CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...)
+ TODO: check
CVE-2021-38346
RESERVED
CVE-2021-38345
@@ -5653,38 +5683,38 @@ CVE-2021-38343 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to
NOT-FOR-US: WordPress plugin
CVE-2021-38342 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-38341
- RESERVED
-CVE-2021-38340
- RESERVED
-CVE-2021-38339
- RESERVED
-CVE-2021-38338
- RESERVED
-CVE-2021-38337
- RESERVED
-CVE-2021-38336
- RESERVED
-CVE-2021-38335
- RESERVED
-CVE-2021-38334
- RESERVED
-CVE-2021-38333
- RESERVED
-CVE-2021-38332
- RESERVED
-CVE-2021-38331
- RESERVED
-CVE-2021-38330
- RESERVED
-CVE-2021-38329
- RESERVED
-CVE-2021-38328
- RESERVED
-CVE-2021-38327
- RESERVED
-CVE-2021-38326
- RESERVED
+CVE-2021-38341 (The WooCommerce Payment Gateway Per Category WordPress plugin is vulne ...)
+ TODO: check
+CVE-2021-38340 (The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected ...)
+ TODO: check
+CVE-2021-38339 (The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflect ...)
+ TODO: check
+CVE-2021-38338 (The Border Loading Bar WordPress plugin is vulnerable to Reflected Cro ...)
+ TODO: check
+CVE-2021-38337 (The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross- ...)
+ TODO: check
+CVE-2021-38336 (The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross ...)
+ TODO: check
+CVE-2021-38335 (The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflect ...)
+ TODO: check
+CVE-2021-38334 (The WP Design Maps & Places WordPress plugin is vulnerable to Refl ...)
+ TODO: check
+CVE-2021-38333 (The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Sit ...)
+ TODO: check
+CVE-2021-38332 (The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vuln ...)
+ TODO: check
+CVE-2021-38331 (The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Sc ...)
+ TODO: check
+CVE-2021-38330 (The Yet Another bol.com Plugin WordPress plugin is vulnerable to Refle ...)
+ TODO: check
+CVE-2021-38329 (The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross- ...)
+ TODO: check
+CVE-2021-38328 (The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scr ...)
+ TODO: check
+CVE-2021-38327 (The YouTube Video Inserter WordPress plugin is vulnerable to Reflected ...)
+ TODO: check
+CVE-2021-38326 (The Post Title Counter WordPress plugin is vulnerable to Reflected Cro ...)
+ TODO: check
CVE-2021-38325 (The User Activation Email WordPress plugin is vulnerable to Reflected ...)
NOT-FOR-US: WordPress plugin
CVE-2021-38324 (The SP Rental Manager WordPress plugin is vulnerable to SQL Injection ...)
@@ -7789,10 +7819,10 @@ CVE-2021-37425 (Altova MobileTogether Server before 7.3 SP1 allows XXE attacks,
NOT-FOR-US: Altova MobileTogether Server
CVE-2021-37424
RESERVED
-CVE-2021-37423
- RESERVED
-CVE-2021-37422
- RESERVED
+CVE-2021-37423 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to l ...)
+ TODO: check
+CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to S ...)
+ TODO: check
CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to a ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37420
@@ -7800,15 +7830,15 @@ CVE-2021-37420
CVE-2021-37419
RESERVED
CVE-2021-37418
- RESERVED
+ REJECTED
CVE-2021-37417 (Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAP ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37416 (Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnera ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authe ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2021-37414
- RESERVED
+CVE-2021-37414 (Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows ...)
+ TODO: check
CVE-2021-37413
RESERVED
CVE-2021-37412
@@ -9369,10 +9399,10 @@ CVE-2021-3648
RESERVED
CVE-2021-3647 (URI.js is vulnerable to URL Redirection to Untrusted Site ...)
NOT-FOR-US: URI.js
-CVE-2021-3646
- RESERVED
-CVE-2021-3645
- RESERVED
+CVE-2021-3646 (btcpayserver is vulnerable to Improper Neutralization of Input During ...)
+ TODO: check
+CVE-2021-3645 (merge is vulnerable to Improperly Controlled Modification of Object Pr ...)
+ TODO: check
CVE-2021-3644
RESERVED
- wildfly <itp> (bug #752018)
@@ -11185,8 +11215,8 @@ CVE-2021-35978
RESERVED
CVE-2021-35977
RESERVED
-CVE-2021-35976
- RESERVED
+CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0 ...)
+ TODO: check
CVE-2021-35975
RESERVED
CVE-2021-35974
@@ -18045,8 +18075,8 @@ CVE-2021-33013
RESERVED
CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...)
NOT-FOR-US: Rockwell
-CVE-2021-33011
- RESERVED
+CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series, ...)
+ TODO: check
CVE-2021-33010
RESERVED
CVE-2021-33009
@@ -40042,8 +40072,8 @@ CVE-2021-21261 (Flatpak is a system for building, distributing, and running sand
NOTE: https://www.openwall.com/lists/oss-security/2021/01/21/4
CVE-2021-3146 (The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allow ...)
NOT-FOR-US: Dolby Audio X2 (DAX2) API service
-CVE-2021-3145
- RESERVED
+CVE-2021-3145 (In Ionic Identity Vault before 5, a local root attacker on an Android ...)
+ TODO: check
CVE-2021-3144 (In SaltStack Salt before 3002.5, eauth tokens can be used once after e ...)
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd5e3cb13f28f166b71906dc2dcd5aa8137695b7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd5e3cb13f28f166b71906dc2dcd5aa8137695b7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210910/b053dcec/attachment.htm>
More information about the debian-security-tracker-commits
mailing list