[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 28 21:10:45 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9d7c2e4c by security tracker role at 2021-09-28T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-41769
+ RESERVED
+CVE-2021-41768
+ RESERVED
+CVE-2021-41767
+ RESERVED
CVE-2021-3837
RESERVED
CVE-2021-41766
@@ -493,22 +499,22 @@ CVE-2021-41542
RESERVED
CVE-2021-41541
RESERVED
-CVE-2021-41540
- RESERVED
-CVE-2021-41539
- RESERVED
-CVE-2021-41538
- RESERVED
-CVE-2021-41537
- RESERVED
-CVE-2021-41536
- RESERVED
-CVE-2021-41535
- RESERVED
-CVE-2021-41534
- RESERVED
-CVE-2021-41533
- RESERVED
+CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ TODO: check
+CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ TODO: check
+CVE-2021-41538 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ TODO: check
+CVE-2021-41537 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ TODO: check
+CVE-2021-41536 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ TODO: check
+CVE-2021-41535 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ TODO: check
+CVE-2021-41534 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ TODO: check
+CVE-2021-41533 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ TODO: check
CVE-2021-41532
RESERVED
CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if ...)
@@ -951,8 +957,8 @@ CVE-2021-41320
RESERVED
CVE-2021-41319
RESERVED
-CVE-2021-41318
- RESERVED
+CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an application endpo ...)
+ TODO: check
CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce authent ...)
NOT-FOR-US: XSS Hunter Express
CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize user inp ...)
@@ -1419,8 +1425,8 @@ CVE-2021-41106
RESERVED
CVE-2021-41105
RESERVED
-CVE-2021-41104
- RESERVED
+CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with web_serv ...)
+ TODO: check
CVE-2021-41103
RESERVED
CVE-2021-41102
@@ -7918,8 +7924,8 @@ CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute a
NOT-FOR-US: 23andMe Yamale
CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL driver in ...)
NOT-FOR-US: National Instruments NI-PAL driver
-CVE-2021-38303
- RESERVED
+CVE-2021-38303 (A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0 ...)
+ TODO: check
CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. ...)
NOT-FOR-US: Newsletter extension for TYPO3
CVE-2021-38301
@@ -8436,8 +8442,8 @@ CVE-2021-38126
RESERVED
CVE-2021-38125
RESERVED
-CVE-2021-38124
- RESERVED
+CVE-2021-38124 (Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise ...)
+ TODO: check
CVE-2021-38123 (Open Redirect vulnerability in Micro Focus Network Automation, affecti ...)
NOT-FOR-US: Micro Focus
CVE-2021-38122
@@ -10058,7 +10064,7 @@ CVE-2021-37416 (Zoho ManageEngine ADSelfService Plus version 6103 and prior is v
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authe ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2021-37414 (Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows ...)
+CVE-2021-37414 (Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37413
RESERVED
@@ -10359,20 +10365,20 @@ CVE-2021-37275
RESERVED
CVE-2021-37274 (Kingdee KIS Professional Edition has a privilege escalation vulnerabil ...)
NOT-FOR-US: Kingdee KIS Professional Edition
-CVE-2021-37273
- RESERVED
+CVE-2021-37273 (A Denial of Service issue exists in China Telecom Corporation EPON Tia ...)
+ TODO: check
CVE-2021-37272
RESERVED
-CVE-2021-37271
- RESERVED
+CVE-2021-37271 (Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, w ...)
+ TODO: check
CVE-2021-37270 (There is an unauthorized access vulnerability in the CMS Enterprise We ...)
NOT-FOR-US: CMS Enterprise Website Construction System
CVE-2021-37269
RESERVED
CVE-2021-37268
RESERVED
-CVE-2021-37267
- RESERVED
+CVE-2021-37267 (Cross Site Scripting (XSS) vulnerability exists in all versions of Kin ...)
+ TODO: check
CVE-2021-37266
RESERVED
CVE-2021-37265
@@ -10656,8 +10662,8 @@ CVE-2021-37148
RESERVED
CVE-2021-37147
RESERVED
-CVE-2021-37146
- RESERVED
+CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...)
+ TODO: check
CVE-2021-37145 (** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in a ...)
NOT-FOR-US: Poly (formerly Polycom)
CVE-2021-37144 (CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in ...)
@@ -10742,12 +10748,12 @@ CVE-2021-37108
RESERVED
CVE-2021-37107
RESERVED
-CVE-2021-37106
- RESERVED
-CVE-2021-37105
- RESERVED
-CVE-2021-37104
- RESERVED
+CVE-2021-37106 (There is a command injection vulnerability in CMA service module of Fu ...)
+ TODO: check
+CVE-2021-37105 (There is an improper file upload control vulnerability in FusionComput ...)
+ TODO: check
+CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI P40 ver ...)
+ TODO: check
CVE-2021-37103
RESERVED
CVE-2021-37102
@@ -12434,14 +12440,14 @@ CVE-2021-36367 (PuTTY through 0.75 proceeds with establishing an SSH session eve
[buster] - putty <no-dsa> (Minor issue)
[stretch] - putty <no-dsa> (Minor issue)
NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa
-CVE-2021-36366
- RESERVED
-CVE-2021-36365
- RESERVED
-CVE-2021-36364
- RESERVED
-CVE-2021-36363
- RESERVED
+CVE-2021-36366 (Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards ...)
+ TODO: check
+CVE-2021-36365 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairm ...)
+ TODO: check
+CVE-2021-36364 (Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. ...)
+ TODO: check
+CVE-2021-36363 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate ...)
+ TODO: check
CVE-2021-36362
RESERVED
CVE-2021-36361
@@ -12877,8 +12883,8 @@ CVE-2021-36167
RESERVED
CVE-2021-36166
RESERVED
-CVE-2021-36165
- RESERVED
+CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by c ...)
+ TODO: check
CVE-2021-36164
RESERVED
CVE-2021-36163 (In Apache Dubbo, users may choose to use the Hessian protocol. The Hes ...)
@@ -16462,8 +16468,8 @@ CVE-2021-34638 (Authenticated Directory Traversal in WordPress Download Manager
NOT-FOR-US: WordPress Download Manager
CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site Request Fo ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-34636
- RESERVED
+CVE-2021-34636 (The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin i ...)
+ TODO: check
CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34634 (The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Req ...)
@@ -17094,9 +17100,9 @@ CVE-2021-34372 (Trusty (the trusted OS produced by NVIDIA for Jetson devices) dr
NOT-FOR-US: Trusty
CVE-2021-34371 (Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI se ...)
NOT-FOR-US: Neo4j
-CVE-2021-34370 (Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do s ...)
+CVE-2021-34370 (** DISPUTED ** Accela Civic Platform through 20.1 allows ssoAdapter/lo ...)
NOT-FOR-US: Accela Civic Platform
-CVE-2021-34369 (portlets/contact/ref/refContactDetail.do in Accela Civic Platform thro ...)
+CVE-2021-34369 (** DISPUTED ** portlets/contact/ref/refContactDetail.do in Accela Civi ...)
NOT-FOR-US: Accela Civic Platform
CVE-2021-34368
REJECTED
@@ -18123,7 +18129,7 @@ CVE-2021-33906
RESERVED
CVE-2021-33905
RESERVED
-CVE-2021-33904 (In Accela Civic Platform through 21.1, the security/hostSignon.do para ...)
+CVE-2021-33904 (** DISPUTED ** In Accela Civic Platform through 21.1, the security/hos ...)
NOT-FOR-US: Accela Civic Platform
CVE-2021-33903
RESERVED
@@ -18881,10 +18887,10 @@ CVE-2021-33603
RESERVED
CVE-2021-33602
RESERVED
-CVE-2021-33601
- RESERVED
-CVE-2021-33600
- RESERVED
+CVE-2021-33601 (A vulnerability was discovered in the web user interface of F-Secure I ...)
+ TODO: check
+CVE-2021-33600 (A denial-of-service (DoS) vulnerability was discovered in the web user ...)
+ TODO: check
CVE-2021-33599 (A vulnerability affecting F-Secure Antivirus engine was discovered whe ...)
NOT-FOR-US: F-Secure Antivirus
CVE-2021-33598 (A Denial-of-Service (DoS) vulnerability was discovered in all versions ...)
@@ -28027,8 +28033,8 @@ CVE-2021-30088
RESERVED
CVE-2021-30087
RESERVED
-CVE-2021-30086
- RESERVED
+CVE-2021-30086 (Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese ...)
+ TODO: check
CVE-2021-30085
RESERVED
CVE-2021-30084
@@ -29938,26 +29944,26 @@ CVE-2021-29369 (The gnuplot package prior to version 0.1.0 for Node.js allows co
NOT-FOR-US: Node gnuplot
CVE-2021-29368
RESERVED
-CVE-2021-29367
- RESERVED
-CVE-2021-29366
- RESERVED
-CVE-2021-29365
- RESERVED
-CVE-2021-29364
- RESERVED
-CVE-2021-29363
- RESERVED
-CVE-2021-29362
- RESERVED
-CVE-2021-29361
- RESERVED
-CVE-2021-29360
- RESERVED
+CVE-2021-29367 (A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows ...)
+ TODO: check
+CVE-2021-29366 (A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irf ...)
+ TODO: check
+CVE-2021-29365 (Irfanview 4.57 is affected by an infinite loop when processing a craft ...)
+ TODO: check
+CVE-2021-29364 (A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanvi ...)
+ TODO: check
+CVE-2021-29363 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanvie ...)
+ TODO: check
+CVE-2021-29362 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanvie ...)
+ TODO: check
+CVE-2021-29361 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfa ...)
+ TODO: check
+CVE-2021-29360 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfa ...)
+ TODO: check
CVE-2021-29359
RESERVED
-CVE-2021-29358
- RESERVED
+CVE-2021-29358 (A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview ...)
+ TODO: check
CVE-2021-29357 (The ECT Provider component in OutSystems Platform Server 10 before 10. ...)
NOT-FOR-US: OutSystems Platform Server
CVE-2021-29356
@@ -46295,8 +46301,8 @@ CVE-2021-22537
RESERVED
CVE-2021-22536
RESERVED
-CVE-2021-22535
- RESERVED
+CVE-2021-22535 (Unauthorized information security disclosure vulnerability on Micro Fo ...)
+ TODO: check
CVE-2021-22534
RESERVED
CVE-2021-22533
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d7c2e4ca2b742816fa0fa3c14ef303d232a5428
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d7c2e4ca2b742816fa0fa3c14ef303d232a5428
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210928/9081c190/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list