[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 21 21:10:34 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4ae95029 by security tracker role at 2021-09-21T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,37 @@
-CVE-2021-41532
+CVE-2021-41547
+ RESERVED
+CVE-2021-41546
+ RESERVED
+CVE-2021-41545
+ RESERVED
+CVE-2021-41544
+ RESERVED
+CVE-2021-41543
+ RESERVED
+CVE-2021-41542
+ RESERVED
+CVE-2021-41541
+ RESERVED
+CVE-2021-41540
+ RESERVED
+CVE-2021-41539
+ RESERVED
+CVE-2021-41538
+ RESERVED
+CVE-2021-41537
+ RESERVED
+CVE-2021-41536
+ RESERVED
+CVE-2021-41535
+ RESERVED
+CVE-2021-41534
+ RESERVED
+CVE-2021-41533
RESERVED
-CVE-2021-41531
+CVE-2021-41532
RESERVED
+CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if ...)
+ TODO: check
CVE-2021-41530
RESERVED
CVE-2021-41529
@@ -12,8 +42,8 @@ CVE-2021-41527
RESERVED
CVE-2021-41526
RESERVED
-CVE-2021-41525
- RESERVED
+CVE-2021-41525 (An issue related to modification of otherwise restricted files through ...)
+ TODO: check
CVE-2021-3821
RESERVED
CVE-2021-3820
@@ -945,8 +975,8 @@ CVE-2021-41086
RESERVED
CVE-2021-41085
RESERVED
-CVE-2021-41084
- RESERVED
+CVE-2021-41084 (http4s is an open source scala interface for HTTP. In affected version ...)
+ TODO: check
CVE-2021-41083 (Dada Mail is a web-based e-mail list management system. In affected ve ...)
NOT-FOR-US: Dada Mail
CVE-2021-41082 (Discourse is a platform for community discussion. In affected versions ...)
@@ -1397,8 +1427,8 @@ CVE-2021-40870 (An issue was discovered in Aviatrix Controller 6.x before 6.5-18
NOT-FOR-US: Aviatrix Controller
CVE-2021-40869
RESERVED
-CVE-2021-40868
- RESERVED
+CVE-2021-40868 (In Cloudron 6.2, the returnTo parameter on the login page is vulnerabl ...)
+ TODO: check
CVE-2021-40867 (Certain NETGEAR smart switches are affected by an authentication hijac ...)
NOT-FOR-US: Netgear
CVE-2021-40866 (Certain NETGEAR smart switches are affected by a remote admin password ...)
@@ -1464,8 +1494,8 @@ CVE-2021-40849
RESERVED
CVE-2021-40848
RESERVED
-CVE-2021-40847
- RESERVED
+CVE-2021-40847 (The update process of the Circle Parental Control Service on various N ...)
+ TODO: check
CVE-2021-40846
RESERVED
CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, ca ...)
@@ -5252,8 +5282,8 @@ CVE-2021-3713 (An out-of-bounds write flaw was found in the UAS (USB Attached SC
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1994640
-CVE-2021-39230
- RESERVED
+CVE-2021-39230 (Butter is a system usability utility. Due to a kernel error the JPNS k ...)
+ TODO: check
CVE-2021-39229 (Apprise is an open source library which allows you to send a notificat ...)
TODO: check
CVE-2021-39228 (Tremor is an event processing system for unstructured data. A vulnerab ...)
@@ -8714,8 +8744,8 @@ CVE-2021-37743 (app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows St
NOT-FOR-US: MISP
CVE-2021-37742 (app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.14 ...)
NOT-FOR-US: MISP
-CVE-2021-37741
- RESERVED
+CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vul ...)
+ TODO: check
CVE-2021-37740
RESERVED
CVE-2021-37739
@@ -9404,18 +9434,18 @@ CVE-2021-37426
RESERVED
CVE-2021-37425 (Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such a ...)
NOT-FOR-US: Altova MobileTogether Server
-CVE-2021-37424
- RESERVED
+CVE-2021-37424 (ManageEngine ADSelfService Plus before 6112 is vulnerable to domain us ...)
+ TODO: check
CVE-2021-37423 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to l ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to S ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to a ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2021-37420
- RESERVED
-CVE-2021-37419
- RESERVED
+CVE-2021-37420 (ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoo ...)
+ TODO: check
+CVE-2021-37419 (ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. ...)
+ TODO: check
CVE-2021-37418
REJECTED
CVE-2021-37417 (Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAP ...)
@@ -21553,7 +21583,7 @@ CVE-2021-32273 (An issue was discovered in faad2 through 2.10.0. A stack-buffer-
- faad2 2.10.0-1
NOTE: https://github.com/knik0/faad2/issues/56
NOTE: https://github.com/knik0/faad2/commit/1073aeef823cafd844704389e9a497c257768e2f (2_10_0)
-CVE-2021-32272 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...)
+CVE-2021-32272 (An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow ...)
- faad2 2.10.0-1
NOTE: https://github.com/knik0/faad2/issues/57
NOTE: https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24 (2_10_0)
@@ -22510,8 +22540,7 @@ CVE-2021-31919 (An issue was discovered in the rkyv crate before 0.6.0 for Rust.
NOT-FOR-US: Rust crate rkyv
CVE-2021-31918 (A flaw was found in tripleo-ansible version as shipped in Red Hat Open ...)
NOT-FOR-US: tripleo-ansible
-CVE-2021-31917
- RESERVED
+CVE-2021-31917 (A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1. ...)
NOT-FOR-US: Infinispan
CVE-2021-31916 (An out-of-bounds (OOB) memory write flaw was found in list_devices in ...)
{DLA-2690-1 DLA-2689-1}
@@ -28079,8 +28108,8 @@ CVE-2021-29833
RESERVED
CVE-2021-29832
RESERVED
-CVE-2021-29831
- RESERVED
+CVE-2021-29831 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ TODO: check
CVE-2021-29830
RESERVED
CVE-2021-29829
@@ -28151,8 +28180,8 @@ CVE-2021-29797
RESERVED
CVE-2021-29796
RESERVED
-CVE-2021-29795
- RESERVED
+CVE-2021-29795 (IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a lo ...)
+ TODO: check
CVE-2021-29794 (IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH s ...)
NOT-FOR-US: IBM
CVE-2021-29793
@@ -30215,8 +30244,8 @@ CVE-2021-28962
RESERVED
CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDN ...)
NOT-FOR-US: DDNS package for OpenWrt
-CVE-2021-28960
- RESERVED
+CVE-2021-28960 (ManageEngine Desktop Central before build 10.0.683 allows Unauthentica ...)
+ TODO: check
CVE-2021-28959 (Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to una ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-28958 (Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to una ...)
@@ -36541,8 +36570,8 @@ CVE-2021-26335
RESERVED
CVE-2021-26334
RESERVED
-CVE-2021-26333
- RESERVED
+CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...)
+ TODO: check
CVE-2021-26332
RESERVED
CVE-2021-26331
@@ -43469,10 +43498,10 @@ CVE-2021-23446
RESERVED
CVE-2021-23445
RESERVED
-CVE-2021-23444
- RESERVED
-CVE-2021-23443
- RESERVED
+CVE-2021-23444 (This affects the package jointjs before 3.4.2. A type confusion vulner ...)
+ TODO: check
+CVE-2021-23443 (This affects the package edge.js before 5.3.2. A type confusion vulner ...)
+ TODO: check
CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global proto o ...)
NOT-FOR-US: Node @cookiex/deep
CVE-2021-23441 (All versions of package com.jsoniter:jsoniter are vulnerable to Deseri ...)
@@ -51276,8 +51305,8 @@ CVE-2021-20831
RESERVED
CVE-2021-20830
RESERVED
-CVE-2021-20829
- RESERVED
+CVE-2021-20829 (Cross-site scripting vulnerability due to the inadequate tag sanitizat ...)
+ TODO: check
CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch Change Plug-i ...)
NOT-FOR-US: EC-CUBE plugin
CVE-2021-20827
@@ -53565,8 +53594,8 @@ CVE-2021-20039
RESERVED
CVE-2021-20038
RESERVED
-CVE-2021-20037
- RESERVED
+CVE-2021-20037 (SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incor ...)
+ TODO: check
CVE-2021-20036
RESERVED
CVE-2021-20035
@@ -61093,8 +61122,8 @@ CVE-2021-0871
RESERVED
CVE-2021-0870
RESERVED
-CVE-2021-0869
- RESERVED
+CVE-2021-0869 (In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out ...)
+ TODO: check
CVE-2021-0868
RESERVED
CVE-2021-0867
@@ -82739,14 +82768,14 @@ CVE-2020-19556
RESERVED
CVE-2020-19555
RESERVED
-CVE-2020-19554
- RESERVED
-CVE-2020-19553
- RESERVED
+CVE-2020-19554 (Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPMana ...)
+ TODO: check
+CVE-2020-19553 (Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and ...)
+ TODO: check
CVE-2020-19552
RESERVED
-CVE-2020-19551
- RESERVED
+CVE-2020-19551 (Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 i ...)
+ TODO: check
CVE-2020-19550
RESERVED
CVE-2020-19549
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ae95029b979be9c462ea9f124a3e0ab7f175e83
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ae95029b979be9c462ea9f124a3e0ab7f175e83
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210921/fb4813a7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list