[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 13 21:10:42 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
94e0abe5 by security tracker role at 2021-09-13T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,245 @@
+CVE-2021-40985
+ RESERVED
+CVE-2021-40984
+ RESERVED
+CVE-2021-40983
+ RESERVED
+CVE-2021-40982
+ RESERVED
+CVE-2021-40981
+ RESERVED
+CVE-2021-40980
+ RESERVED
+CVE-2021-40979
+ RESERVED
+CVE-2021-40978
+ RESERVED
+CVE-2021-40977
+ RESERVED
+CVE-2021-40976
+ RESERVED
+CVE-2021-40975
+ RESERVED
+CVE-2021-40974
+ RESERVED
+CVE-2021-40973
+ RESERVED
+CVE-2021-40972
+ RESERVED
+CVE-2021-40971
+ RESERVED
+CVE-2021-40970
+ RESERVED
+CVE-2021-40969
+ RESERVED
+CVE-2021-40968
+ RESERVED
+CVE-2021-40967
+ RESERVED
+CVE-2021-40966
+ RESERVED
+CVE-2021-40965
+ RESERVED
+CVE-2021-40964
+ RESERVED
+CVE-2021-40963
+ RESERVED
+CVE-2021-40962
+ RESERVED
+CVE-2021-40961
+ RESERVED
+CVE-2021-40960
+ RESERVED
+CVE-2021-40959
+ RESERVED
+CVE-2021-40958
+ RESERVED
+CVE-2021-40957
+ RESERVED
+CVE-2021-40956
+ RESERVED
+CVE-2021-40955
+ RESERVED
+CVE-2021-40954
+ RESERVED
+CVE-2021-40953
+ RESERVED
+CVE-2021-40952
+ RESERVED
+CVE-2021-40951
+ RESERVED
+CVE-2021-40950
+ RESERVED
+CVE-2021-40949
+ RESERVED
+CVE-2021-40948
+ RESERVED
+CVE-2021-40947
+ RESERVED
+CVE-2021-40946
+ RESERVED
+CVE-2021-40945
+ RESERVED
+CVE-2021-40944
+ RESERVED
+CVE-2021-40943
+ RESERVED
+CVE-2021-40942
+ RESERVED
+CVE-2021-40941
+ RESERVED
+CVE-2021-40940
+ RESERVED
+CVE-2021-40939
+ RESERVED
+CVE-2021-40938
+ RESERVED
+CVE-2021-40937
+ RESERVED
+CVE-2021-40936
+ RESERVED
+CVE-2021-40935
+ RESERVED
+CVE-2021-40934
+ RESERVED
+CVE-2021-40933
+ RESERVED
+CVE-2021-40932
+ RESERVED
+CVE-2021-40931
+ RESERVED
+CVE-2021-40930
+ RESERVED
+CVE-2021-40929
+ RESERVED
+CVE-2021-40928
+ RESERVED
+CVE-2021-40927
+ RESERVED
+CVE-2021-40926
+ RESERVED
+CVE-2021-40925
+ RESERVED
+CVE-2021-40924
+ RESERVED
+CVE-2021-40923
+ RESERVED
+CVE-2021-40922
+ RESERVED
+CVE-2021-40921
+ RESERVED
+CVE-2021-40920
+ RESERVED
+CVE-2021-40919
+ RESERVED
+CVE-2021-40918
+ RESERVED
+CVE-2021-40917
+ RESERVED
+CVE-2021-40916
+ RESERVED
+CVE-2021-40915
+ RESERVED
+CVE-2021-40914
+ RESERVED
+CVE-2021-40913
+ RESERVED
+CVE-2021-40912
+ RESERVED
+CVE-2021-40911
+ RESERVED
+CVE-2021-40910
+ RESERVED
+CVE-2021-40909
+ RESERVED
+CVE-2021-40908
+ RESERVED
+CVE-2021-40907
+ RESERVED
+CVE-2021-40906
+ RESERVED
+CVE-2021-40905
+ RESERVED
+CVE-2021-40904
+ RESERVED
+CVE-2021-40903
+ RESERVED
+CVE-2021-40902
+ RESERVED
+CVE-2021-40901
+ RESERVED
+CVE-2021-40900
+ RESERVED
+CVE-2021-40899
+ RESERVED
+CVE-2021-40898
+ RESERVED
+CVE-2021-40897
+ RESERVED
+CVE-2021-40896
+ RESERVED
+CVE-2021-40895
+ RESERVED
+CVE-2021-40894
+ RESERVED
+CVE-2021-40893
+ RESERVED
+CVE-2021-40892
+ RESERVED
+CVE-2021-40891
+ RESERVED
+CVE-2021-40890
+ RESERVED
+CVE-2021-40889
+ RESERVED
+CVE-2021-40888
+ RESERVED
+CVE-2021-40887
+ RESERVED
+CVE-2021-40886
+ RESERVED
+CVE-2021-40885
+ RESERVED
+CVE-2021-40884
+ RESERVED
+CVE-2021-40883
+ RESERVED
+CVE-2021-40882
+ RESERVED
+CVE-2021-40881
+ RESERVED
+CVE-2021-40880
+ RESERVED
+CVE-2021-40879
+ RESERVED
+CVE-2021-40878
+ RESERVED
+CVE-2021-40877
+ RESERVED
+CVE-2021-40876
+ RESERVED
+CVE-2021-40875
+ RESERVED
+CVE-2021-40874
+ RESERVED
+CVE-2021-40873
+ RESERVED
+CVE-2021-40872
+ RESERVED
+CVE-2021-40871
+ RESERVED
+CVE-2021-40870 (An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.192 ...)
+ TODO: check
+CVE-2021-40869
+ RESERVED
+CVE-2021-40868
+ RESERVED
+CVE-2021-40867 (Certain NETGEAR smart switches are affected by an authentication hijac ...)
+ TODO: check
+CVE-2021-40866 (Certain NETGEAR smart switches are affected by a remote admin password ...)
+ TODO: check
+CVE-2021-3799
+ RESERVED
CVE-2021-XXXX [buffer overflow in atftpd]
- atftp <unfixed>
NOTE: https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
@@ -97,11 +339,9 @@ CVE-2021-40826
RESERVED
CVE-2021-40825
RESERVED
-CVE-2021-40824
- RESERVED
+CVE-2021-40824 (A logic error in the room key sharing functionality of Element Android ...)
NOT-FOR-US: matrix-android-sdk2
-CVE-2021-40823
- RESERVED
+CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js-sdk ( ...)
- element-web <itp> (bug #866502)
- node-matrix-js-sdk <unfixed> (bug #994213)
NOTE: https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing/
@@ -1509,8 +1749,8 @@ CVE-2021-40216
RESERVED
CVE-2021-40215
RESERVED
-CVE-2021-40214
- RESERVED
+CVE-2021-40214 (Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wal ...)
+ TODO: check
CVE-2021-40213
RESERVED
CVE-2021-40212
@@ -3798,8 +4038,8 @@ CVE-2021-39214
RESERVED
CVE-2021-39213
RESERVED
-CVE-2021-39212
- RESERVED
+CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run binary distri ...)
+ TODO: check
CVE-2021-39211
RESERVED
CVE-2021-39210
@@ -4626,8 +4866,8 @@ CVE-2021-38835
RESERVED
CVE-2021-38834
RESERVED
-CVE-2021-38833
- RESERVED
+CVE-2021-38833 (SQL injection vulnerability in PHPGurukul Apartment Visitors Managemen ...)
+ TODO: check
CVE-2021-38832
RESERVED
CVE-2021-38831
@@ -5377,7 +5617,7 @@ CVE-2021-38494
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38494
CVE-2021-38493
RESERVED
- {DSA-4973-1 DSA-4969-1 DLA-2756-1}
+ {DSA-4973-1 DSA-4969-1 DLA-2757-1 DLA-2756-1}
- firefox 92.0-1
- firefox-esr 78.14.0esr-1
- thunderbird 1:78.14.0-1
@@ -7629,8 +7869,8 @@ CVE-2021-37540 (In JetBrains Hub before 2021.1.13262, a potentially insufficient
NOT-FOR-US: JetBrains
CVE-2021-37539
RESERVED
-CVE-2021-3666
- RESERVED
+CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled Modification of ...)
+ TODO: check
CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...)
- linux <unfixed>
[stretch] - linux <ignored> (powerpc architectures not included in LTS)
@@ -16837,30 +17077,30 @@ CVE-2021-33556
RESERVED
CVE-2021-33555 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename paramet ...)
NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
-CVE-2021-33554
- RESERVED
-CVE-2021-33553
- RESERVED
-CVE-2021-33552
- RESERVED
-CVE-2021-33551
- RESERVED
-CVE-2021-33550
- RESERVED
-CVE-2021-33549
- RESERVED
-CVE-2021-33548
- RESERVED
-CVE-2021-33547
- RESERVED
-CVE-2021-33546
- RESERVED
-CVE-2021-33545
- RESERVED
-CVE-2021-33544
- RESERVED
-CVE-2021-33543
- RESERVED
+CVE-2021-33554 (Multiple camera devices by UDP Technology, Geutebrück and other v ...)
+ TODO: check
+CVE-2021-33553 (Multiple camera devices by UDP Technology, Geutebrück and other v ...)
+ TODO: check
+CVE-2021-33552 (Multiple camera devices by UDP Technology, Geutebrück and other v ...)
+ TODO: check
+CVE-2021-33551 (Multiple camera devices by UDP Technology, Geutebrück and other v ...)
+ TODO: check
+CVE-2021-33550 (Multiple camera devices by UDP Technology, Geutebrück and other v ...)
+ TODO: check
+CVE-2021-33549 (Multiple camera devices by UDP Technology, Geutebrück and other v ...)
+ TODO: check
+CVE-2021-33548 (Multiple camera devices by UDP Technology, Geutebrück and other v ...)
+ TODO: check
+CVE-2021-33547 (Multiple camera devices by UDP Technology, Geutebrück and other v ...)
+ TODO: check
+CVE-2021-33546 (Multiple camera devices by UDP Technology, Geutebrück and other v ...)
+ TODO: check
+CVE-2021-33545 (Multiple camera devices by UDP Technology, Geutebrück and other v ...)
+ TODO: check
+CVE-2021-33544 (Multiple camera devices by UDP Technology, Geutebrück and other v ...)
+ TODO: check
+CVE-2021-33543 (Multiple camera devices by UDP Technology, Geutebrück and other v ...)
+ TODO: check
CVE-2021-33542 (Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 ...)
NOT-FOR-US: Phoenix
CVE-2021-33541 (Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all vers ...)
@@ -17259,16 +17499,16 @@ CVE-2021-33368
RESERVED
CVE-2021-33367
RESERVED
-CVE-2021-33366
- RESERVED
+CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC ...)
+ TODO: check
CVE-2021-33365
RESERVED
-CVE-2021-33364
- RESERVED
+CVE-2021-33364 (Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 ...)
+ TODO: check
CVE-2021-33363
RESERVED
-CVE-2021-33362
- RESERVED
+CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function in MP4B ...)
+ TODO: check
CVE-2021-33361
RESERVED
CVE-2021-33360
@@ -20208,18 +20448,18 @@ CVE-2021-32139
RESERVED
CVE-2021-32138
RESERVED
-CVE-2021-32137
- RESERVED
-CVE-2021-32136
- RESERVED
-CVE-2021-32135
- RESERVED
-CVE-2021-32134
- RESERVED
+CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4Box in ...)
+ TODO: check
+CVE-2021-32136 (Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0. ...)
+ TODO: check
+CVE-2021-32135 (The trak_box_size function in GPAC 1.0.1 allows attackers to cause a d ...)
+ TODO: check
+CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause ...)
+ TODO: check
CVE-2021-32133
RESERVED
-CVE-2021-32132
- RESERVED
+CVE-2021-32132 (The abst_box_size function in GPAC 1.0.1 allows attackers to cause a d ...)
+ TODO: check
CVE-2021-32131
RESERVED
CVE-2021-32130
@@ -21793,7 +22033,7 @@ CVE-2021-31592
RESERVED
CVE-2021-31591
RESERVED
-CVE-2021-31590 (PwnDoc through 2021-04-22 has incorrect JSON Webtoken handling, leadin ...)
+CVE-2021-31590 (PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtok ...)
NOT-FOR-US: PwnDoc
CVE-2021-31589
RESERVED
@@ -26848,8 +27088,8 @@ CVE-2021-29645
RESERVED
CVE-2021-29644
RESERVED
-CVE-2021-29643
- RESERVED
+CVE-2021-29643 (PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsa ...)
+ TODO: check
CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to change the U ...)
NOT-FOR-US: GistPad
CVE-2021-29641 (Directus 8 before 8.8.2 allows remote authenticated users to execute a ...)
@@ -38888,16 +39128,16 @@ CVE-2021-24730
RESERVED
CVE-2021-24729
RESERVED
-CVE-2021-24728
- RESERVED
-CVE-2021-24727
- RESERVED
-CVE-2021-24726
- RESERVED
-CVE-2021-24725
- RESERVED
-CVE-2021-24724
- RESERVED
+CVE-2021-24728 (The Membership & Content Restriction – Paid Member Subscript ...)
+ TODO: check
+CVE-2021-24727 (The StopBadBots WordPress plugin before 6.60 did not validate or escap ...)
+ TODO: check
+CVE-2021-24726 (The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not e ...)
+ TODO: check
+CVE-2021-24725 (The Comment Link Remove and Other Comment Tools WordPress plugin befor ...)
+ TODO: check
+CVE-2021-24724 (The Timetable and Event Schedule by MotoPress WordPress plugin before ...)
+ TODO: check
CVE-2021-24723
RESERVED
CVE-2021-24722
@@ -39098,16 +39338,16 @@ CVE-2021-24625
RESERVED
CVE-2021-24624
RESERVED
-CVE-2021-24623
- RESERVED
+CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress ...)
+ TODO: check
CVE-2021-24622
RESERVED
-CVE-2021-24621
- RESERVED
-CVE-2021-24620
- RESERVED
-CVE-2021-24619
- RESERVED
+CVE-2021-24621 (The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise it ...)
+ TODO: check
+CVE-2021-24620 (The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products thr ...)
+ TODO: check
+CVE-2021-24619 (The Per page add to head WordPress plugin through 1.4.4 does not prope ...)
+ TODO: check
CVE-2021-24618
RESERVED
CVE-2021-24617
@@ -39116,8 +39356,8 @@ CVE-2021-24616
RESERVED
CVE-2021-24615
RESERVED
-CVE-2021-24614
- RESERVED
+CVE-2021-24614 (The Book appointment online WordPress plugin before 1.39 does not sani ...)
+ TODO: check
CVE-2021-24613
RESERVED
CVE-2021-24612
@@ -39134,8 +39374,8 @@ CVE-2021-24607
RESERVED
CVE-2021-24606
RESERVED
-CVE-2021-24605
- RESERVED
+CVE-2021-24605 (The create_post_page AJAX action of the Custom Post View Generator Wor ...)
+ TODO: check
CVE-2021-24604
RESERVED
CVE-2021-24603 (The Site Reviews WordPress plugin before 5.13.1 does not sanitise some ...)
@@ -39172,8 +39412,8 @@ CVE-2021-24588 (The SMS Alert Order Notifications WordPress plugin before 3.4.7
NOT-FOR-US: WordPress plugin
CVE-2021-24587
RESERVED
-CVE-2021-24586
- RESERVED
+CVE-2021-24586 (The Per page add to head WordPress plugin before 1.4.4 is lacking any ...)
+ TODO: check
CVE-2021-24585
RESERVED
CVE-2021-24584
@@ -39224,8 +39464,8 @@ CVE-2021-24562 (The LMS by LifterLMS – Online Course, Membership & Lea
NOT-FOR-US: WordPress plugin
CVE-2021-24561 (The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_gr ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24560
- RESERVED
+CVE-2021-24560 (The Software License Manager WordPress plugin before 4.4.8 does not sa ...)
+ TODO: check
CVE-2021-24559
RESERVED
CVE-2021-24558 (The pspin_duplicate_post_save_as_new_post function of the Project Stat ...)
@@ -39298,8 +39538,8 @@ CVE-2021-24525
RESERVED
CVE-2021-24524 (The GiveWP – Donation Plugin and Fundraising Platform WordPress ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24523
- RESERVED
+CVE-2021-24523 (The Daily Prayer Time WordPress plugin before 2021.08.10 does not sani ...)
+ TODO: check
CVE-2021-24522 (The User Registration, User Profile, Login & Membership – Pr ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24521 (The Side Menu Lite – add sticky fixed buttons WordPress plugin b ...)
@@ -39324,12 +39564,12 @@ CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4 ha
NOT-FOR-US: WordPress plugin
CVE-2021-24511
RESERVED
-CVE-2021-24510
- RESERVED
+CVE-2021-24510 (The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or ...)
+ TODO: check
CVE-2021-24509 (The Page View Count WordPress plugin before 2.4.9 does not escape the ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24508
- RESERVED
+CVE-2021-24508 (The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does ...)
+ TODO: check
CVE-2021-24507 (The Astra Pro Addon WordPress plugin before 3.5.2 did not properly san ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24506 (The Slider Hero with Animation, Video Background & Intro Maker Wor ...)
@@ -39358,14 +39598,14 @@ CVE-2021-24495 (The Marmoset Viewer WordPress plugin before 1.9.3 does not prope
NOT-FOR-US: Wordpress plugin
CVE-2021-24494 (The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape s ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24493
- RESERVED
+CVE-2021-24493 (The shopp_upload_file AJAX action of the Shopp WordPress plugin throug ...)
+ TODO: check
CVE-2021-24492 (The hndtst_action_instance_callback AJAX call of the Handsome Testimon ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24491
- RESERVED
-CVE-2021-24490
- RESERVED
+CVE-2021-24491 (The Fileviewer WordPress plugin through 2.2 does not have CSRF checks ...)
+ TODO: check
+CVE-2021-24490 (The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not ...)
+ TODO: check
CVE-2021-24489
RESERVED
CVE-2021-24488 (The slider import search feature and tab parameter of the Post Grid Wo ...)
@@ -39482,8 +39722,8 @@ CVE-2021-24433
RESERVED
CVE-2021-24432
RESERVED
-CVE-2021-24431
- RESERVED
+CVE-2021-24431 (The Language Bar Flags WordPress plugin through 1.0.8 does not have an ...)
+ TODO: check
CVE-2021-24430 (The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24429 (The Salon booking system WordPress plugin before 6.3.1 does not proper ...)
@@ -43915,16 +44155,16 @@ CVE-2021-22530
RESERVED
CVE-2021-22529
RESERVED
-CVE-2021-22528
- RESERVED
-CVE-2021-22527
- RESERVED
-CVE-2021-22526
- RESERVED
+CVE-2021-22528 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Man ...)
+ TODO: check
+CVE-2021-22527 (Information leakage vulnerability in NetIQ Access Manager prior to 5.0 ...)
+ TODO: check
+CVE-2021-22526 (Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 ...)
+ TODO: check
CVE-2021-22525 (This release addresses a potential information leakage vulnerability i ...)
NOT-FOR-US: Microfocus
-CVE-2021-22524
- RESERVED
+CVE-2021-22524 (Injection attack caused the denial of service vulnerability in NetIQ A ...)
+ TODO: check
CVE-2021-22523 (XML External Entity vulnerability in Micro Focus Verastream Host Integ ...)
NOT-FOR-US: Micro Focus
CVE-2021-22522 (Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream ...)
@@ -61388,10 +61628,10 @@ CVE-2020-27972
RESERVED
CVE-2020-27971
RESERVED
-CVE-2020-27970
- RESERVED
-CVE-2020-27969
- RESERVED
+CVE-2020-27970 (Yandex Browser before 20.10.0 allows remote attackers to spoof the add ...)
+ TODO: check
+CVE-2020-27969 (Yandex Browser for Android 20.8.4 allows remote attackers to perform S ...)
+ TODO: check
CVE-2020-27968
RESERVED
CVE-2020-27967
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94e0abe58fda157cb0a87a0db34bdca1eb52dd5a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94e0abe58fda157cb0a87a0db34bdca1eb52dd5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210913/93e7c5eb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list