[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 24 21:10:29 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e0905767 by security tracker role at 2021-09-24T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2021-41607
+ RESERVED
+CVE-2021-41606
+ RESERVED
+CVE-2021-41605
+ RESERVED
+CVE-2021-41604
+ RESERVED
+CVE-2021-41603
+ RESERVED
+CVE-2021-41602
+ RESERVED
+CVE-2021-41601
+ RESERVED
+CVE-2021-41600
+ RESERVED
+CVE-2021-41599
+ RESERVED
+CVE-2021-41598
+ RESERVED
+CVE-2021-41597
+ RESERVED
+CVE-2021-41596
+ RESERVED
+CVE-2021-41595
+ RESERVED
+CVE-2021-41594
+ RESERVED
+CVE-2021-41593
+ RESERVED
+CVE-2021-41592
+ RESERVED
+CVE-2021-41591
+ RESERVED
+CVE-2021-41590
+ RESERVED
+CVE-2021-41589
+ RESERVED
+CVE-2021-41588 (In Gradle Enterprise before 2021.1.3, a crafted request can trigger de ...)
+ TODO: check
+CVE-2021-41587 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...)
+ TODO: check
+CVE-2021-41586 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...)
+ TODO: check
+CVE-2021-3828
+ RESERVED
CVE-2021-41585
RESERVED
CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a ...)
@@ -434,7 +480,7 @@ CVE-2021-41381 (Payara Micro Community 5.2021.6 and below allows Directory Trave
NOT-FOR-US: Payara Micro Community
CVE-2021-3816
RESERVED
-CVE-2021-41380 (RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of ...)
+CVE-2021-41380 (** DISPUTED ** RealVNC Viewer 6.21.406 allows remote VNC servers to ca ...)
NOT-FOR-US: RealVNC
CVE-2021-41379
RESERVED
@@ -2888,10 +2934,10 @@ CVE-2021-40312
RESERVED
CVE-2021-40311
RESERVED
-CVE-2021-40310
- RESERVED
-CVE-2021-40309
- RESERVED
+CVE-2021-40310 (OpenSIS Community Edition version 8.0 is affected by a cross-site scri ...)
+ TODO: check
+CVE-2021-40309 (A SQL injection vulnerability exists in the Take Attendance functional ...)
+ TODO: check
CVE-2021-40308
RESERVED
CVE-2021-40307
@@ -3362,14 +3408,14 @@ CVE-2021-40104
RESERVED
CVE-2021-40103
RESERVED
-CVE-2021-40102
- RESERVED
+CVE-2021-40102 (An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File ...)
+ TODO: check
CVE-2021-40101
RESERVED
-CVE-2021-40100
- RESERVED
-CVE-2021-40099
- RESERVED
+CVE-2021-40100 (An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can ...)
+ TODO: check
+CVE-2021-40099 (An issue was discovered in Concrete CMS through 8.5.5. Fetching the up ...)
+ TODO: check
CVE-2021-40098
RESERVED
CVE-2021-40097
@@ -5349,8 +5395,8 @@ CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a one-byte buffer over-
NOTE: https://sourceforge.net/p/zint/code/ci/9b02cd52214e80f945bff41fc94bc1e17e15810c/
NOTE: https://sourceforge.net/p/zint/tickets/232/
NOTE: Introduced in https://sourceforge.net/p/zint/code/ci/6274140c73aa39c42271644ef8c9b4551ca06fc2/
-CVE-2021-39246
- RESERVED
+CVE-2021-39246 (Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlatio ...)
+ TODO: check
CVE-2021-3716 [NBD_OPT_STRUCTURED_REPLY injection on STARTTLS]
RESERVED
- nbdkit 1.26.5-1
@@ -11172,8 +11218,7 @@ CVE-2021-36751
RESERVED
CVE-2021-36750
RESERVED
-CVE-2021-36749
- RESERVED
+CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for reading dat ...)
- druid <itp> (bug #825797)
NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1
CVE-2021-3650
@@ -14515,7 +14560,7 @@ CVE-2021-35315
CVE-2021-35314
RESERVED
CVE-2021-35313
- RESERVED
+ REJECTED
CVE-2021-35312 (A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. ...)
NOT-FOR-US: Amica Prodigy
CVE-2021-35311
@@ -32494,8 +32539,8 @@ CVE-2021-28132 (LUCY Security Awareness Software through 4.7.x allows unauthenti
NOT-FOR-US: LUCY Security Awareness Software
CVE-2021-28131 (Impala sessions use a 16 byte secret to verify that the session is not ...)
NOT-FOR-US: Apache Impala
-CVE-2021-28130
- RESERVED
+CVE-2021-28130 (Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applicati ...)
+ TODO: check
CVE-2021-28129
RESERVED
CVE-2021-28128 (In Strapi through 3.6.0, the admin panel allows the changing of one's ...)
@@ -45037,10 +45082,10 @@ CVE-2021-22871 (Revive Adserver before 5.1.0 permits any user with a manager acc
NOT-FOR-US: Revive Adserver
CVE-2021-22870
RESERVED
-CVE-2021-22869
- RESERVED
-CVE-2021-22868
- RESERVED
+CVE-2021-22869 (An improper access control vulnerability in GitHub Enterprise Server a ...)
+ TODO: check
+CVE-2021-22868 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
+ TODO: check
CVE-2021-22867 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2021-22866 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...)
@@ -54777,8 +54822,8 @@ CVE-2021-2466
RESERVED
CVE-2021-2465
RESERVED
-CVE-2021-2464
- RESERVED
+CVE-2021-2464 (Vulnerability in Oracle Linux (component: OSwatcher). Supported versio ...)
+ TODO: check
CVE-2021-2463 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...)
NOT-FOR-US: Oracle
CVE-2021-2462 (Vulnerability in the Oracle Commerce Service Center product of Oracle ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0905767636c738c5a9a26e6ec4beba5fe25f87d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0905767636c738c5a9a26e6ec4beba5fe25f87d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210924/20d309b9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list