[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 30 21:10:25 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
66cba0ef by security tracker role at 2021-09-30T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-41832
+ RESERVED
+CVE-2021-41831
+ RESERVED
+CVE-2021-41830
+ RESERVED
+CVE-2021-3844
+ RESERVED
+CVE-2021-3843
+ RESERVED
+CVE-2021-3842
+ RESERVED
+CVE-2021-3841
+ RESERVED
CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-41828 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...)
@@ -226,8 +240,8 @@ CVE-2021-41731
RESERVED
CVE-2021-41730
RESERVED
-CVE-2021-41729
- RESERVED
+CVE-2021-41729 (BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerab ...)
+ TODO: check
CVE-2021-41728
RESERVED
CVE-2021-41727
@@ -244,8 +258,8 @@ CVE-2021-41722
RESERVED
CVE-2021-41721
RESERVED
-CVE-2021-41720
- RESERVED
+CVE-2021-41720 (A command injection vulnerability in Lodash in 4.17.21 allows attacker ...)
+ TODO: check
CVE-2021-41719
RESERVED
CVE-2021-41718
@@ -450,8 +464,8 @@ CVE-2021-41619
RESERVED
CVE-2021-41618
RESERVED
-CVE-2021-41616
- RESERVED
+CVE-2021-41616 (Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intende ...)
+ TODO: check
CVE-2021-3830 (btcpayserver is vulnerable to Improper Neutralization of Input During ...)
NOT-FOR-US: btcpayserver
CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default c ...)
@@ -1077,12 +1091,12 @@ CVE-2021-41327
RESERVED
CVE-2021-41326 (In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles p ...)
NOT-FOR-US: MISP
-CVE-2021-41325
- RESERVED
+CVE-2021-41325 (Broken access control for user creation in Pydio Cells 2.2.9 allows re ...)
+ TODO: check
CVE-2021-41324
RESERVED
-CVE-2021-41323
- RESERVED
+CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 2.2.9 allow ...)
+ TODO: check
CVE-2021-41322
RESERVED
CVE-2021-41321
@@ -1157,36 +1171,36 @@ CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring B
- shiro <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1
TODO: check
-CVE-2021-41302
- RESERVED
-CVE-2021-41301
- RESERVED
-CVE-2021-41300
- RESERVED
-CVE-2021-41299
- RESERVED
-CVE-2021-41298
- RESERVED
-CVE-2021-41297
- RESERVED
-CVE-2021-41296
- RESERVED
-CVE-2021-41295
- RESERVED
-CVE-2021-41294
- RESERVED
-CVE-2021-41293
- RESERVED
-CVE-2021-41292
- RESERVED
-CVE-2021-41291
- RESERVED
-CVE-2021-41290
- RESERVED
+CVE-2021-41302 (ECOA BAS controller stores sensitive data (backup exports) in clear-te ...)
+ TODO: check
+CVE-2021-41301 (ECOA BAS controller is vulnerable to configuration disclosure when dir ...)
+ TODO: check
+CVE-2021-41300 (ECOA BAS controller’s special page displays user account and pas ...)
+ TODO: check
+CVE-2021-41299 (ECOA BAS controller is vulnerable to hard-coded credentials within its ...)
+ TODO: check
+CVE-2021-41298 (ECOA BAS controller is vulnerable to insecure direct object references ...)
+ TODO: check
+CVE-2021-41297 (ECOA BAS controller is vulnerable to weak access control mechanism all ...)
+ TODO: check
+CVE-2021-41296 (ECOA BAS controller uses weak set of default administrative credential ...)
+ TODO: check
+CVE-2021-41295 (ECOA BAS controller has a Cross-Site Request Forgery vulnerability, th ...)
+ TODO: check
+CVE-2021-41294 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...)
+ TODO: check
+CVE-2021-41293 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...)
+ TODO: check
+CVE-2021-41292 (ECOA BAS controller suffers from an authentication bypass vulnerabilit ...)
+ TODO: check
+CVE-2021-41291 (ECOA BAS controller suffers from a path traversal content disclosure v ...)
+ TODO: check
+CVE-2021-41290 (ECOA BAS controller suffers from an arbitrary file write and path trav ...)
+ TODO: check
CVE-2021-41289
RESERVED
-CVE-2021-41288
- RESERVED
+CVE-2021-41288 (Zoho ManageEngine OpManager version 125466 and below is vulnerable to ...)
+ TODO: check
CVE-2021-41287
RESERVED
CVE-2021-41286
@@ -1549,8 +1563,8 @@ CVE-2021-41111
RESERVED
CVE-2021-41110
RESERVED
-CVE-2021-41109
- RESERVED
+CVE-2021-41109 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
CVE-2021-41108
RESERVED
CVE-2021-41107
@@ -2916,6 +2930,7 @@ CVE-2021-40518
CVE-2021-40517
RESERVED
CVE-2021-40516 (WeeChat before 3.2.1 allows remote attackers to cause a denial of serv ...)
+ {DLA-2770-1}
- weechat 3.2.1-1 (bug #993803)
NOTE: https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b
CVE-2021-40515
@@ -9471,6 +9486,7 @@ CVE-2021-37752
CVE-2021-37751
RESERVED
CVE-2021-37750 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before ...)
+ {DLA-2771-1}
- krb5 1.18.3-7 (bug #992607)
[bullseye] - krb5 <no-dsa> (Minor issue)
[buster] - krb5 <no-dsa> (Minor issue)
@@ -15350,22 +15366,22 @@ CVE-2021-35207 (An issue was discovered in Zimbra Collaboration Suite 8.8 before
NOT-FOR-US: Zimbra
CVE-2021-35206 (Gitpod before 0.6.0 allows unvalidated redirects. ...)
NOT-FOR-US: Gitpod
-CVE-2021-35205
- RESERVED
-CVE-2021-35204
- RESERVED
-CVE-2021-35203
- RESERVED
-CVE-2021-35202
- RESERVED
-CVE-2021-35201
- RESERVED
-CVE-2021-35200
- RESERVED
-CVE-2021-35199
- RESERVED
-CVE-2021-35198
- RESERVED
+CVE-2021-35205 (NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redire ...)
+ TODO: check
+CVE-2021-35204 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Si ...)
+ TODO: check
+CVE-2021-35203 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Rea ...)
+ TODO: check
+CVE-2021-35202 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypa ...)
+ TODO: check
+CVE-2021-35201 (NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity ...)
+ TODO: check
+CVE-2021-35200 (NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to a ...)
+ TODO: check
+CVE-2021-35199 (NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-S ...)
+ TODO: check
+CVE-2021-35198 (NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-S ...)
+ TODO: check
CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and ...)
- mediawiki 1:1.35.3-1
[bullseye] - mediawiki <postponed> (Minor issue, wait until next 1.35.x release)
@@ -28782,8 +28798,8 @@ CVE-2021-29896
RESERVED
CVE-2021-29895
RESERVED
-CVE-2021-29894
- RESERVED
+CVE-2021-29894 (IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0 ...)
+ TODO: check
CVE-2021-29893
RESERVED
CVE-2021-29892
@@ -38394,8 +38410,8 @@ CVE-2021-25965
RESERVED
CVE-2021-25964
RESERVED
-CVE-2021-25963
- RESERVED
+CVE-2021-25963 (In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cr ...)
+ TODO: check
CVE-2021-25962 (“Shuup” application in versions 0.4.2 to 2.10.8 is affecte ...)
NOT-FOR-US: Shuup
CVE-2021-25961 (In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7. ...)
@@ -42900,10 +42916,10 @@ CVE-2021-24019
RESERVED
CVE-2021-24018 (A buffer underwrite vulnerability in the firmware verification routine ...)
NOT-FOR-US: FortiOS
-CVE-2021-24017
- RESERVED
-CVE-2021-24016
- RESERVED
+CVE-2021-24017 (An improper authentication in Fortinet FortiManager version 6.4.3 and ...)
+ TODO: check
+CVE-2021-24016 (An improper neutralization of formula elements in a csv file in Fortin ...)
+ TODO: check
CVE-2021-24015 (An improper neutralization of special elements used in an OS Command v ...)
NOT-FOR-US: Fortinet
CVE-2021-24014 (Multiple instances of improper neutralization of input during web page ...)
@@ -51532,8 +51548,8 @@ CVE-2021-21091 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earli
NOT-FOR-US: Adobe
CVE-2021-21090 (Adobe InCopy version 16.0 (and earlier) is affected by an path travers ...)
NOT-FOR-US: Adobe
-CVE-2021-21089
- RESERVED
+CVE-2021-21089 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ TODO: check
CVE-2021-21088
RESERVED
CVE-2021-21087 (Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 1 ...)
@@ -52608,8 +52624,8 @@ CVE-2021-20580 (IBM Planning Analytics 2.0 could be vulnerable to cross-site req
NOT-FOR-US: IBM
CVE-2021-20579 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
NOT-FOR-US: IBM
-CVE-2021-20578
- RESERVED
+CVE-2021-20578 (IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0 ...)
+ TODO: check
CVE-2021-20577 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2021-20576 (IBM Security Verify Access 20.07 could allow a remote attacker to send ...)
@@ -52656,8 +52672,8 @@ CVE-2021-20556
RESERVED
CVE-2021-20555
RESERVED
-CVE-2021-20554
- RESERVED
+CVE-2021-20554 (IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cros ...)
+ TODO: check
CVE-2021-20553
RESERVED
CVE-2021-20552
@@ -81387,14 +81403,14 @@ CVE-2020-20667
RESERVED
CVE-2020-20666
RESERVED
-CVE-2020-20665
- RESERVED
-CVE-2020-20664
- RESERVED
-CVE-2020-20663
- RESERVED
-CVE-2020-20662
- RESERVED
+CVE-2020-20665 (rudp v0.6 was discovered to contain a memory leak in the component mai ...)
+ TODO: check
+CVE-2020-20664 (libiec_iccp_mod v1.5 contains a segmentation violation in the componen ...)
+ TODO: check
+CVE-2020-20663 (libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component ...)
+ TODO: check
+CVE-2020-20662 (libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component ...)
+ TODO: check
CVE-2020-20661
RESERVED
CVE-2020-20660
@@ -109594,12 +109610,12 @@ CVE-2020-9762
CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The ...)
NOT-FOR-US: UNCTAD ASYCUDA World
CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affe ...)
- {DLA-2157-1}
+ {DLA-2770-1 DLA-2157-1}
- weechat 2.7.1-1
[buster] - weechat <no-dsa> (Minor issue)
NOTE: https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d
CVE-2020-9759 (A Vulnerability of LG Electronic web OS TV Emulator could allow an att ...)
- {DLA-2157-1}
+ {DLA-2770-1 DLA-2157-1}
- weechat 2.7.1-1
[buster] - weechat <no-dsa> (Minor issue)
NOTE: https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e
@@ -111517,7 +111533,7 @@ CVE-2020-8957
CVE-2020-8956 (Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 ...)
NOT-FOR-US: Pulse Secure Pulse Secure Desktop Client
CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...)
- {DLA-2157-1}
+ {DLA-2770-1 DLA-2157-1}
- weechat 2.7.1-1 (bug #951289)
[buster] - weechat <no-dsa> (Minor issue)
NOTE: https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da
@@ -182663,7 +182679,7 @@ CVE-2018-20219 (An issue was discovered on Teracue ENC-400 devices with firmware
CVE-2018-20218 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56 ...)
NOT-FOR-US: Teracue ENC-400 devices
CVE-2018-20217 (A Reachable Assertion issue was discovered in the KDC in MIT Kerberos ...)
- {DLA-1643-1}
+ {DLA-2771-1 DLA-1643-1}
- krb5 1.16.2-1 (low; bug #917387)
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
NOTE: https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
@@ -230065,12 +230081,12 @@ CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0 contains an out bounds
CVE-2018-5731 (An issue was discovered in Heimdal PRO 2.2.190. As part of the scannin ...)
NOT-FOR-US: Heimdal PRO
CVE-2018-5730 (MIT krb5 1.6 or later allows an authenticated kadmin with permission t ...)
- {DLA-1643-1}
+ {DLA-2771-1 DLA-1643-1}
- krb5 1.16.1-1 (bug #891869)
[wheezy] - krb5 <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
CVE-2018-5729 (MIT krb5 1.6 or later allows an authenticated kadmin with permission t ...)
- {DLA-1643-1}
+ {DLA-2771-1 DLA-1643-1}
- krb5 1.16.1-1 (bug #891869)
[wheezy] - krb5 <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66cba0efcd473a2093a7a86359234b56be2703ed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66cba0efcd473a2093a7a86359234b56be2703ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210930/185c3257/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list