Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
51db1a79 by security tracker role at 2021-09-22T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2021-41568
+ RESERVED
+CVE-2021-41567
+ RESERVED
+CVE-2021-41566
+ RESERVED
+CVE-2021-41565
+ RESERVED
+CVE-2021-41564
+ RESERVED
+CVE-2021-41563
+ RESERVED
+CVE-2021-41562
+ RESERVED
+CVE-2021-41561
+ RESERVED
+CVE-2021-3825
+ RESERVED
+CVE-2021-3824
+ RESERVED
+CVE-2021-3823
+ RESERVED
+CVE-2021-3822
+ RESERVED
CVE-2021-41560
RESERVED
CVE-2021-41559
@@ -1012,6 +1036,7 @@ CVE-2021-41081
CVE-2021-41080
RESERVED
CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and
10.0.0-M1 to 10. ...)
+ {DLA-2764-1}
- tomcat9 <unfixed>
- tomcat8 <removed>
NOTE:
https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E
@@ -1165,8 +1190,8 @@ CVE-2021-41013
RESERVED
CVE-2021-41012
RESERVED
-CVE-2021-41011
- RESERVED
+CVE-2021-41011 (LINE client for iOS before 11.15.0 might expose authentication
informa ...)
+ TODO: check
CVE-2021-41010
RESERVED
CVE-2021-41009
@@ -1439,8 +1464,8 @@ CVE-2021-40877
RESERVED
CVE-2021-40876
RESERVED
-CVE-2021-40875
- RESERVED
+CVE-2021-40875 (Improper Access Control in Gurock TestRail versions <
7.2.0.3014 re ...)
+ TODO: check
CVE-2021-40874
RESERVED
CVE-2021-40873
@@ -1896,8 +1921,8 @@ CVE-2021-40686
RESERVED
CVE-2021-40685
RESERVED
-CVE-2021-40684
- RESERVED
+CVE-2021-40684 (Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09,
7.2.1-R ...)
+ TODO: check
CVE-2021-XXXX [jwe cbc tag computation error]
- rhonabwy 0.9.13-4 (bug #993866)
[bullseye] - rhonabwy <no-dsa> (Minor issue; can be fixed via point
release)
@@ -4799,8 +4824,8 @@ CVE-2021-39406
RESERVED
CVE-2021-39405
RESERVED
-CVE-2021-39404
- RESERVED
+CVE-2021-39404 (MaianAffiliate v1.0 allows an authenticated administrative
user to sav ...)
+ TODO: check
CVE-2021-39403
RESERVED
CVE-2021-39402 (MaianAffiliate v.1.0 is suffers from code injection by adding
a new pr ...)
@@ -4969,8 +4994,8 @@ CVE-2021-39341
RESERVED
CVE-2021-39340
RESERVED
-CVE-2021-39339
- RESERVED
+CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy
and Serv ...)
+ TODO: check
CVE-2021-39338
RESERVED
CVE-2021-39337
@@ -7868,8 +7893,7 @@ CVE-2021-38160 (** DISPUTED ** In
drivers/char/virtio_console.c in the Linux ker
NOTE:
https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46
CVE-2021-38154 (Certain Canon devices manufactured in 2012 through 2020 (such
as image ...)
NOT-FOR-US: Canon
-CVE-2021-38153
- RESERVED
+CVE-2021-38153 (Some components in Apache Kafka use `Arrays.equals` to
validate a pass ...)
- kafka <itp> (bug #786460)
CVE-2021-38152 (index.php/appointment/insert_patient_add_appointment in
Chikitsa Patie ...)
NOT-FOR-US: Chikitsa Patient Management System
@@ -8417,12 +8441,12 @@ CVE-2021-37929
RESERVED
CVE-2021-37928
RESERVED
-CVE-2021-37927
- RESERVED
+CVE-2021-37927 (Zoho ManageEngine ADManager Plus version 7110 and prior allows
account ...)
+ TODO: check
CVE-2021-37926
RESERVED
-CVE-2021-37925
- RESERVED
+CVE-2021-37925 (Zoho ManageEngine ADManager Plus version 7110 and prior has a
Post-Aut ...)
+ TODO: check
CVE-2021-37924
RESERVED
CVE-2021-37923
@@ -8551,8 +8575,8 @@ CVE-2021-37862
RESERVED
CVE-2021-37861
RESERVED
-CVE-2021-37860
- RESERVED
+CVE-2021-37860 (Mattermost 5.38 and earlier fails to sufficiently sanitize
clipboard c ...)
+ TODO: check
CVE-2021-37859 (Fixed a bypass for a reflected cross-site scripting
vulnerability affe ...)
NOT-FOR-US: Mattermost
CVE-2021-37858
@@ -12139,8 +12163,8 @@ CVE-2021-36262
RESERVED
CVE-2021-36261
RESERVED
-CVE-2021-36260
- RESERVED
+CVE-2021-36260 (A command injection vulnerability in the web server of some
Hikvision ...)
+ TODO: check
CVE-2021-36259
RESERVED
CVE-2021-36258
@@ -15919,10 +15943,10 @@ CVE-2021-34650 (The eID Easy WordPress plugin is
vulnerable to Reflected Cross-S
NOT-FOR-US: WordPress plugin
CVE-2021-34649 (The Simple Behance Portfolio WordPress plugin is vulnerable to
Reflect ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-34648
- RESERVED
-CVE-2021-34647
- RESERVED
+CVE-2021-34648 (The Ninja Forms WordPress plugin is vulnerable to arbitrary
email send ...)
+ TODO: check
+CVE-2021-34647 (The Ninja Forms WordPress plugin is vulnerable to sensitive
informatio ...)
+ TODO: check
CVE-2021-34646 (Versions up to, and including, 5.4.3, of the Booster for
WooCommerce W ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34645 (The Shopping Cart & eCommerce Store WordPress plugin is
vulnerable ...)
@@ -16772,8 +16796,7 @@ CVE-2021-3585
CVE-2021-3584
RESERVED
- foreman <itp> (bug #663101)
-CVE-2021-3583 [Template Injection through yaml multi-line strings with ansible
facts used in template]
- RESERVED
+CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is
vulnerable t ...)
- ansible <unfixed>
[bullseye] - ansible <no-dsa> (Minor issue)
[buster] - ansible <no-dsa> (Minor issue)
@@ -22861,8 +22884,8 @@ CVE-2021-31849
RESERVED
CVE-2021-31848
RESERVED
-CVE-2021-31847
- RESERVED
+CVE-2021-31847 (Improper access control vulnerability in the repair process
for McAfee ...)
+ TODO: check
CVE-2021-31846
RESERVED
CVE-2021-31845 (A buffer overflow vulnerability in McAfee Data Loss Prevention
(DLP) D ...)
@@ -22873,8 +22896,8 @@ CVE-2021-31843 (Improper privileges management
vulnerability in McAfee Endpoint
NOT-FOR-US: McAfee
CVE-2021-31842 (XML Entity Expansion injection vulnerability in McAfee
Endpoint Securi ...)
NOT-FOR-US: McAfee
-CVE-2021-31841
- RESERVED
+CVE-2021-31841 (A DLL sideloading vulnerability in McAfee Agent for Windows
prior to 5 ...)
+ TODO: check
CVE-2021-31840 (A vulnerability in the preloading mechanism of specific
dynamic link l ...)
NOT-FOR-US: McAfee
CVE-2021-31839 (Improper privilege management vulnerability in McAfee Agent
for Window ...)
@@ -22883,8 +22906,8 @@ CVE-2021-31838 (A command injection vulnerability in
MVISION EDR (MVEDR) prior t
NOT-FOR-US: MVISION EDR (MVEDR)
CVE-2021-31837 (Memory corruption vulnerability in the driver file component
in McAfee ...)
NOT-FOR-US: McAfee
-CVE-2021-31836
- RESERVED
+CVE-2021-31836 (Improper privilege management vulnerability in maconfig for
McAfee Age ...)
+ TODO: check
CVE-2021-31835
RESERVED
CVE-2021-31834
@@ -43610,7 +43633,7 @@ CVE-2021-23439 (This affects the package
file-upload-with-preview before 4.2.0.
NOT-FOR-US: Node file-upload-with-preview
CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion
vulnerab ...)
NOT-FOR-US: Node mpath
-CVE-2021-23437 (The package pillow from 0 and before 8.3.2 are vulnerable to
Regular E ...)
+CVE-2021-23437 (The package pillow 5.2.0 and before 8.3.2 are vulnerable to
Regular Ex ...)
- pillow <unfixed>
[stretch] - pillow <postponed> (Minor issue, can be fixed in the next
DLA)
NOTE:
https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
@@ -46928,10 +46951,10 @@ CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as
used in ESXi has an authent
NOT-FOR-US: VMware
CVE-2021-21993
RESERVED
-CVE-2021-21992
- RESERVED
-CVE-2021-21991
- RESERVED
+CVE-2021-21992 (The vCenter Server contains a denial-of-service vulnerability
due to i ...)
+ TODO: check
+CVE-2021-21991 (The vCenter Server contains a local privilege escalation
vulnerability ...)
+ TODO: check
CVE-2021-21990 (VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101
prior t ...)
NOT-FOR-US: VMware
CVE-2021-21989 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client
for Windo ...)
@@ -80109,6 +80132,7 @@ CVE-2020-20904
CVE-2020-20903
RESERVED
CVE-2020-20902 (A CWE-125: Out-of-bounds read vulnerability exists in
long_term_filter ...)
+ {DSA-4722-1}
- ffmpeg 7:4.2.2-1
NOTE: https://trac.ffmpeg.org/ticket/8176
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd
(4.3)
@@ -105002,6 +105026,7 @@ CVE-2020-11084 (In iPear, the manual execution of the
eval() function can lead t
CVE-2020-11083 (In October from version 1.0.319 and before version 1.0.466, a
user wit ...)
NOT-FOR-US: October CMS
CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would
allow an ...)
+ {DLA-2763-1}
- ruby-kaminari 1.0.1-6 (bug #961847)
[jessie] - ruby-kaminari <no-dsa> (No reverse dependency)
NOTE:
https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433
@@ -173477,8 +173502,8 @@ CVE-2019-6290 (An infinite recursion issue was
discovered in eval.c in Netwide A
NOTE: Crash in CLI tool, no security impact
CVE-2019-6289 (uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2
allows ...)
NOT-FOR-US: DedeCMS
-CVE-2019-6288
- RESERVED
+CVE-2019-6288 (Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated
Comman ...)
+ TODO: check
CVE-2019-6287 (In Rancher 2.0.0 through 2.1.5, project members have continued
access ...)
NOT-FOR-US: Rancher
CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in
Sass::Prelex ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51db1a7953f444b8280ea026b28cbbf477a0de1b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51db1a7953f444b8280ea026b28cbbf477a0de1b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
