[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 17 21:10:41 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
71880f26 by security tracker role at 2021-09-17T20:10:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2021-41380
+ RESERVED
+CVE-2021-41379
+ RESERVED
+CVE-2021-41378
+ RESERVED
+CVE-2021-41377
+ RESERVED
+CVE-2021-41376
+ RESERVED
+CVE-2021-41375
+ RESERVED
+CVE-2021-41374
+ RESERVED
+CVE-2021-41373
+ RESERVED
+CVE-2021-41372
+ RESERVED
+CVE-2021-41371
+ RESERVED
+CVE-2021-41370
+ RESERVED
+CVE-2021-41369
+ RESERVED
+CVE-2021-41368
+ RESERVED
+CVE-2021-41367
+ RESERVED
+CVE-2021-41366
+ RESERVED
+CVE-2021-41365
+ RESERVED
+CVE-2021-41364
+ RESERVED
+CVE-2021-41363
+ RESERVED
+CVE-2021-41362
+ RESERVED
+CVE-2021-41361
+ RESERVED
+CVE-2021-41360
+ RESERVED
+CVE-2021-41359
+ RESERVED
+CVE-2021-41358
+ RESERVED
+CVE-2021-41357
+ RESERVED
+CVE-2021-41356
+ RESERVED
+CVE-2021-41355
+ RESERVED
+CVE-2021-41354
+ RESERVED
+CVE-2021-41353
+ RESERVED
+CVE-2021-41352
+ RESERVED
+CVE-2021-41351
+ RESERVED
+CVE-2021-41350
+ RESERVED
+CVE-2021-41349
+ RESERVED
+CVE-2021-41348
+ RESERVED
+CVE-2021-41347
+ RESERVED
+CVE-2021-41346
+ RESERVED
+CVE-2021-41345
+ RESERVED
+CVE-2021-41344
+ RESERVED
+CVE-2021-41343
+ RESERVED
+CVE-2021-41342
+ RESERVED
+CVE-2021-41341
+ RESERVED
+CVE-2021-41340
+ RESERVED
+CVE-2021-41339
+ RESERVED
+CVE-2021-41338
+ RESERVED
+CVE-2021-41337
+ RESERVED
+CVE-2021-41336
+ RESERVED
+CVE-2021-41335
+ RESERVED
+CVE-2021-41334
+ RESERVED
+CVE-2021-41333
+ RESERVED
+CVE-2021-41332
+ RESERVED
+CVE-2021-41331
+ RESERVED
+CVE-2021-41330
+ RESERVED
+CVE-2021-41329
+ RESERVED
+CVE-2021-41328
+ RESERVED
+CVE-2021-41327
+ RESERVED
+CVE-2021-41326 (In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles p ...)
+ TODO: check
+CVE-2021-41325
+ RESERVED
+CVE-2021-41324
+ RESERVED
+CVE-2021-41323
+ RESERVED
+CVE-2021-41322
+ RESERVED
+CVE-2021-41321
+ RESERVED
+CVE-2021-41320
+ RESERVED
+CVE-2021-41319
+ RESERVED
+CVE-2021-41318
+ RESERVED
+CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce authent ...)
+ TODO: check
+CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize user inp ...)
+ TODO: check
+CVE-2021-41315 (The Device42 Remote Collector before 17.05.01 does not sanitize user i ...)
+ TODO: check
+CVE-2021-3815
+ RESERVED
+CVE-2021-3814
+ RESERVED
+CVE-2021-3813
+ RESERVED
CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...)
NOT-FOR-US: NETGEAR
CVE-2021-41313
@@ -44,8 +182,7 @@ CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification o
[buster] - node-object-path <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053
NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6
-CVE-2021-41303 [before 1.8.0 with Spring Boot a specially crafted HTTP request may cause an authentication bypass]
- RESERVED
+CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...)
- shiro <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1
TODO: check
@@ -1050,8 +1187,8 @@ CVE-2021-40827
RESERVED
CVE-2021-40826
RESERVED
-CVE-2021-40825
- RESERVED
+CVE-2021-40825 (nLight ECLYPSE (nECY) system Controllers running software prior to 1.1 ...)
+ TODO: check
CVE-2021-40824 (A logic error in the room key sharing functionality of Element Android ...)
NOT-FOR-US: matrix-android-sdk2
CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js-sdk ( ...)
@@ -4387,8 +4524,8 @@ CVE-2021-39329
RESERVED
CVE-2021-39328
RESERVED
-CVE-2021-39327
- RESERVED
+CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...)
+ TODO: check
CVE-2021-39326
RESERVED
CVE-2021-39325
@@ -4738,10 +4875,10 @@ CVE-2021-39230
RESERVED
CVE-2021-39229
RESERVED
-CVE-2021-39228
- RESERVED
-CVE-2021-39227
- RESERVED
+CVE-2021-39228 (Tremor is an event processing system for unstructured data. A vulnerab ...)
+ TODO: check
+CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for Apache ...)
+ TODO: check
CVE-2021-39226
RESERVED
CVE-2021-39225
@@ -6548,8 +6685,8 @@ CVE-2021-38414
RESERVED
CVE-2021-38413
RESERVED
-CVE-2021-38412
- RESERVED
+CVE-2021-38412 (Properly formatted POST requests to multiple resources on the HTTP and ...)
+ TODO: check
CVE-2021-38411
RESERVED
CVE-2021-38410
@@ -6560,16 +6697,16 @@ CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAcce
NOT-FOR-US: Advantech WebAccess
CVE-2021-38407
RESERVED
-CVE-2021-38406
- RESERVED
+CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
+ TODO: check
CVE-2021-38405
RESERVED
-CVE-2021-38404
- RESERVED
+CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
+ TODO: check
CVE-2021-38403
RESERVED
-CVE-2021-38402
- RESERVED
+CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
+ TODO: check
CVE-2021-38401
RESERVED
CVE-2021-38400
@@ -6799,8 +6936,8 @@ CVE-2021-38306 (Network Attached Storage on LG N1T1*** 10124 devices allows an u
NOT-FOR-US: LG
CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute arbitra ...)
NOT-FOR-US: 23andMe Yamale
-CVE-2021-38304
- RESERVED
+CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL driver in ...)
+ TODO: check
CVE-2021-38303
RESERVED
CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. ...)
@@ -22137,14 +22274,14 @@ CVE-2021-31847
RESERVED
CVE-2021-31846
RESERVED
-CVE-2021-31845
- RESERVED
-CVE-2021-31844
- RESERVED
-CVE-2021-31843
- RESERVED
-CVE-2021-31842
- RESERVED
+CVE-2021-31845 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) D ...)
+ TODO: check
+CVE-2021-31844 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) E ...)
+ TODO: check
+CVE-2021-31843 (Improper privileges management vulnerability in McAfee Endpoint Securi ...)
+ TODO: check
+CVE-2021-31842 (XML Entity Expansion injection vulnerability in McAfee Endpoint Securi ...)
+ TODO: check
CVE-2021-31841
RESERVED
CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic link l ...)
@@ -42838,8 +42975,8 @@ CVE-2021-23444
RESERVED
CVE-2021-23443
RESERVED
-CVE-2021-23442
- RESERVED
+CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global proto o ...)
+ TODO: check
CVE-2021-23441
RESERVED
CVE-2021-23440 (This affects the package set-value before 4.0.1. A type confusion vuln ...)
@@ -100461,14 +100598,14 @@ CVE-2020-12085
RESERVED
CVE-2020-12084
RESERVED
-CVE-2020-12083
- RESERVED
-CVE-2020-12082
- RESERVED
+CVE-2020-12083 (An elevated privileges issue related to Spring MVC calls impacts Code ...)
+ TODO: check
+CVE-2020-12082 (A stored cross-site scripting issue impacts certain areas of the Web U ...)
+ TODO: check
CVE-2020-12081 (An information disclosure vulnerability has been identified in FlexNet ...)
NOT-FOR-US: FlexNet Publisher lmadmin.exe
-CVE-2020-12080
- RESERVED
+CVE-2020-12080 (A Denial of Service vulnerability has been identified in FlexNet Publi ...)
+ TODO: check
CVE-2019-20788 (libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCurso ...)
{DLA-2146-1}
- libvncserver 0.9.12+dfsg-9 (bug #954163)
@@ -165372,8 +165509,8 @@ CVE-2019-9062 (PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site R
NOT-FOR-US: PHP Scripts Mall Online Food Ordering Script
CVE-2019-9061 (An issue was discovered in CMS Made Simple 2.2.8. In the module Module ...)
NOT-FOR-US: CMS Made Simple
-CVE-2019-9060
- RESERVED
+CVE-2019-9060 (An issue was discovered in CMS Made Simple 2.2.8. It is possible to ac ...)
+ TODO: check
CVE-2019-9059 (An issue was discovered in CMS Made Simple 2.2.8. It is possible, with ...)
NOT-FOR-US: CMS Made Simple
CVE-2019-9058 (An issue was discovered in CMS Made Simple 2.2.8. In the administrator ...)
@@ -173114,7 +173251,7 @@ CVE-2018-20688
CVE-2018-20687 (An XML external entity (XXE) vulnerability in CommandCenterWebServices ...)
NOT-FOR-US: Raritan CommandCenter Secure Gateway
CVE-2018-20686
- RESERVED
+ REJECTED
CVE-2018-20684 (In WinSCP before 5.14 beta, due to missing validation, the scp impleme ...)
NOT-FOR-US: WinSCP
CVE-2017-1002157 (modulemd 1.3.1 and earlier uses an unsafe function for processing exte ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71880f26eb95e5625bb0073a57fb9784c267eb90
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71880f26eb95e5625bb0073a57fb9784c267eb90
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210917/70fc638c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list