[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 22 21:10:24 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
51db1a79 by security tracker role at 2021-09-22T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2021-41568
+ RESERVED
+CVE-2021-41567
+ RESERVED
+CVE-2021-41566
+ RESERVED
+CVE-2021-41565
+ RESERVED
+CVE-2021-41564
+ RESERVED
+CVE-2021-41563
+ RESERVED
+CVE-2021-41562
+ RESERVED
+CVE-2021-41561
+ RESERVED
+CVE-2021-3825
+ RESERVED
+CVE-2021-3824
+ RESERVED
+CVE-2021-3823
+ RESERVED
+CVE-2021-3822
+ RESERVED
CVE-2021-41560
RESERVED
CVE-2021-41559
@@ -1012,6 +1036,7 @@ CVE-2021-41081
CVE-2021-41080
RESERVED
CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10. ...)
+ {DLA-2764-1}
- tomcat9 <unfixed>
- tomcat8 <removed>
NOTE: https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E
@@ -1165,8 +1190,8 @@ CVE-2021-41013
RESERVED
CVE-2021-41012
RESERVED
-CVE-2021-41011
- RESERVED
+CVE-2021-41011 (LINE client for iOS before 11.15.0 might expose authentication informa ...)
+ TODO: check
CVE-2021-41010
RESERVED
CVE-2021-41009
@@ -1439,8 +1464,8 @@ CVE-2021-40877
RESERVED
CVE-2021-40876
RESERVED
-CVE-2021-40875
- RESERVED
+CVE-2021-40875 (Improper Access Control in Gurock TestRail versions < 7.2.0.3014 re ...)
+ TODO: check
CVE-2021-40874
RESERVED
CVE-2021-40873
@@ -1896,8 +1921,8 @@ CVE-2021-40686
RESERVED
CVE-2021-40685
RESERVED
-CVE-2021-40684
- RESERVED
+CVE-2021-40684 (Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R ...)
+ TODO: check
CVE-2021-XXXX [jwe cbc tag computation error]
- rhonabwy 0.9.13-4 (bug #993866)
[bullseye] - rhonabwy <no-dsa> (Minor issue; can be fixed via point release)
@@ -4799,8 +4824,8 @@ CVE-2021-39406
RESERVED
CVE-2021-39405
RESERVED
-CVE-2021-39404
- RESERVED
+CVE-2021-39404 (MaianAffiliate v1.0 allows an authenticated administrative user to sav ...)
+ TODO: check
CVE-2021-39403
RESERVED
CVE-2021-39402 (MaianAffiliate v.1.0 is suffers from code injection by adding a new pr ...)
@@ -4969,8 +4994,8 @@ CVE-2021-39341
RESERVED
CVE-2021-39340
RESERVED
-CVE-2021-39339
- RESERVED
+CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy and Serv ...)
+ TODO: check
CVE-2021-39338
RESERVED
CVE-2021-39337
@@ -7868,8 +7893,7 @@ CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux ker
NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46
CVE-2021-38154 (Certain Canon devices manufactured in 2012 through 2020 (such as image ...)
NOT-FOR-US: Canon
-CVE-2021-38153
- RESERVED
+CVE-2021-38153 (Some components in Apache Kafka use `Arrays.equals` to validate a pass ...)
- kafka <itp> (bug #786460)
CVE-2021-38152 (index.php/appointment/insert_patient_add_appointment in Chikitsa Patie ...)
NOT-FOR-US: Chikitsa Patient Management System
@@ -8417,12 +8441,12 @@ CVE-2021-37929
RESERVED
CVE-2021-37928
RESERVED
-CVE-2021-37927
- RESERVED
+CVE-2021-37927 (Zoho ManageEngine ADManager Plus version 7110 and prior allows account ...)
+ TODO: check
CVE-2021-37926
RESERVED
-CVE-2021-37925
- RESERVED
+CVE-2021-37925 (Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Aut ...)
+ TODO: check
CVE-2021-37924
RESERVED
CVE-2021-37923
@@ -8551,8 +8575,8 @@ CVE-2021-37862
RESERVED
CVE-2021-37861
RESERVED
-CVE-2021-37860
- RESERVED
+CVE-2021-37860 (Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard c ...)
+ TODO: check
CVE-2021-37859 (Fixed a bypass for a reflected cross-site scripting vulnerability affe ...)
NOT-FOR-US: Mattermost
CVE-2021-37858
@@ -12139,8 +12163,8 @@ CVE-2021-36262
RESERVED
CVE-2021-36261
RESERVED
-CVE-2021-36260
- RESERVED
+CVE-2021-36260 (A command injection vulnerability in the web server of some Hikvision ...)
+ TODO: check
CVE-2021-36259
RESERVED
CVE-2021-36258
@@ -15919,10 +15943,10 @@ CVE-2021-34650 (The eID Easy WordPress plugin is vulnerable to Reflected Cross-S
NOT-FOR-US: WordPress plugin
CVE-2021-34649 (The Simple Behance Portfolio WordPress plugin is vulnerable to Reflect ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-34648
- RESERVED
-CVE-2021-34647
- RESERVED
+CVE-2021-34648 (The Ninja Forms WordPress plugin is vulnerable to arbitrary email send ...)
+ TODO: check
+CVE-2021-34647 (The Ninja Forms WordPress plugin is vulnerable to sensitive informatio ...)
+ TODO: check
CVE-2021-34646 (Versions up to, and including, 5.4.3, of the Booster for WooCommerce W ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34645 (The Shopping Cart & eCommerce Store WordPress plugin is vulnerable ...)
@@ -16772,8 +16796,7 @@ CVE-2021-3585
CVE-2021-3584
RESERVED
- foreman <itp> (bug #663101)
-CVE-2021-3583 [Template Injection through yaml multi-line strings with ansible facts used in template]
- RESERVED
+CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is vulnerable t ...)
- ansible <unfixed>
[bullseye] - ansible <no-dsa> (Minor issue)
[buster] - ansible <no-dsa> (Minor issue)
@@ -22861,8 +22884,8 @@ CVE-2021-31849
RESERVED
CVE-2021-31848
RESERVED
-CVE-2021-31847
- RESERVED
+CVE-2021-31847 (Improper access control vulnerability in the repair process for McAfee ...)
+ TODO: check
CVE-2021-31846
RESERVED
CVE-2021-31845 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) D ...)
@@ -22873,8 +22896,8 @@ CVE-2021-31843 (Improper privileges management vulnerability in McAfee Endpoint
NOT-FOR-US: McAfee
CVE-2021-31842 (XML Entity Expansion injection vulnerability in McAfee Endpoint Securi ...)
NOT-FOR-US: McAfee
-CVE-2021-31841
- RESERVED
+CVE-2021-31841 (A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5 ...)
+ TODO: check
CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic link l ...)
NOT-FOR-US: McAfee
CVE-2021-31839 (Improper privilege management vulnerability in McAfee Agent for Window ...)
@@ -22883,8 +22906,8 @@ CVE-2021-31838 (A command injection vulnerability in MVISION EDR (MVEDR) prior t
NOT-FOR-US: MVISION EDR (MVEDR)
CVE-2021-31837 (Memory corruption vulnerability in the driver file component in McAfee ...)
NOT-FOR-US: McAfee
-CVE-2021-31836
- RESERVED
+CVE-2021-31836 (Improper privilege management vulnerability in maconfig for McAfee Age ...)
+ TODO: check
CVE-2021-31835
RESERVED
CVE-2021-31834
@@ -43610,7 +43633,7 @@ CVE-2021-23439 (This affects the package file-upload-with-preview before 4.2.0.
NOT-FOR-US: Node file-upload-with-preview
CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion vulnerab ...)
NOT-FOR-US: Node mpath
-CVE-2021-23437 (The package pillow from 0 and before 8.3.2 are vulnerable to Regular E ...)
+CVE-2021-23437 (The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Ex ...)
- pillow <unfixed>
[stretch] - pillow <postponed> (Minor issue, can be fixed in the next DLA)
NOTE: https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
@@ -46928,10 +46951,10 @@ CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an authent
NOT-FOR-US: VMware
CVE-2021-21993
RESERVED
-CVE-2021-21992
- RESERVED
-CVE-2021-21991
- RESERVED
+CVE-2021-21992 (The vCenter Server contains a denial-of-service vulnerability due to i ...)
+ TODO: check
+CVE-2021-21991 (The vCenter Server contains a local privilege escalation vulnerability ...)
+ TODO: check
CVE-2021-21990 (VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior t ...)
NOT-FOR-US: VMware
CVE-2021-21989 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...)
@@ -80109,6 +80132,7 @@ CVE-2020-20904
CVE-2020-20903
RESERVED
CVE-2020-20902 (A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter ...)
+ {DSA-4722-1}
- ffmpeg 7:4.2.2-1
NOTE: https://trac.ffmpeg.org/ticket/8176
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd (4.3)
@@ -105002,6 +105026,7 @@ CVE-2020-11084 (In iPear, the manual execution of the eval() function can lead t
CVE-2020-11083 (In October from version 1.0.319 and before version 1.0.466, a user wit ...)
NOT-FOR-US: October CMS
CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would allow an ...)
+ {DLA-2763-1}
- ruby-kaminari 1.0.1-6 (bug #961847)
[jessie] - ruby-kaminari <no-dsa> (No reverse dependency)
NOTE: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433
@@ -173477,8 +173502,8 @@ CVE-2019-6290 (An infinite recursion issue was discovered in eval.c in Netwide A
NOTE: Crash in CLI tool, no security impact
CVE-2019-6289 (uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows ...)
NOT-FOR-US: DedeCMS
-CVE-2019-6288
- RESERVED
+CVE-2019-6288 (Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Comman ...)
+ TODO: check
CVE-2019-6287 (In Rancher 2.0.0 through 2.1.5, project members have continued access ...)
NOT-FOR-US: Rancher
CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51db1a7953f444b8280ea026b28cbbf477a0de1b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51db1a7953f444b8280ea026b28cbbf477a0de1b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210922/d65111d6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list