Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9d7c2e4c by security tracker role at 2021-09-28T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-41769
+ RESERVED
+CVE-2021-41768
+ RESERVED
+CVE-2021-41767
+ RESERVED
CVE-2021-3837
RESERVED
CVE-2021-41766
@@ -493,22 +499,22 @@ CVE-2021-41542
RESERVED
CVE-2021-41541
RESERVED
-CVE-2021-41540
- RESERVED
-CVE-2021-41539
- RESERVED
-CVE-2021-41538
- RESERVED
-CVE-2021-41537
- RESERVED
-CVE-2021-41536
- RESERVED
-CVE-2021-41535
- RESERVED
-CVE-2021-41534
- RESERVED
-CVE-2021-41533
- RESERVED
+CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
+ TODO: check
+CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
+ TODO: check
+CVE-2021-41538 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
+ TODO: check
+CVE-2021-41537 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
+ TODO: check
+CVE-2021-41536 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
+ TODO: check
+CVE-2021-41535 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
+ TODO: check
+CVE-2021-41534 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
+ TODO: check
+CVE-2021-41533 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
+ TODO: check
CVE-2021-41532
RESERVED
CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR
payload if ...)
@@ -951,8 +957,8 @@ CVE-2021-41320
RESERVED
CVE-2021-41319
RESERVED
-CVE-2021-41318
- RESERVED
+CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an
application endpo ...)
+ TODO: check
CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce
authent ...)
NOT-FOR-US: XSS Hunter Express
CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize
user inp ...)
@@ -1419,8 +1425,8 @@ CVE-2021-41106
RESERVED
CVE-2021-41105
RESERVED
-CVE-2021-41104
- RESERVED
+CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with
web_serv ...)
+ TODO: check
CVE-2021-41103
RESERVED
CVE-2021-41102
@@ -7918,8 +7924,8 @@ CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote
attackers to execute a
NOT-FOR-US: 23andMe Yamale
CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL
driver in ...)
NOT-FOR-US: National Instruments NI-PAL driver
-CVE-2021-38303
- RESERVED
+CVE-2021-38303 (A SQL injection vulnerability exists in Sureline SUREedge
Migrator 7.0 ...)
+ TODO: check
CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL
Injection. ...)
NOT-FOR-US: Newsletter extension for TYPO3
CVE-2021-38301
@@ -8436,8 +8442,8 @@ CVE-2021-38126
RESERVED
CVE-2021-38125
RESERVED
-CVE-2021-38124
- RESERVED
+CVE-2021-38124 (Remote Code Execution vulnerability in Micro Focus ArcSight
Enterprise ...)
+ TODO: check
CVE-2021-38123 (Open Redirect vulnerability in Micro Focus Network Automation,
affecti ...)
NOT-FOR-US: Micro Focus
CVE-2021-38122
@@ -10058,7 +10064,7 @@ CVE-2021-37416 (Zoho ManageEngine ADSelfService Plus
version 6103 and prior is v
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable
to authe ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2021-37414 (Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior
allows ...)
+CVE-2021-37414 (Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone
to get ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37413
RESERVED
@@ -10359,20 +10365,20 @@ CVE-2021-37275
RESERVED
CVE-2021-37274 (Kingdee KIS Professional Edition has a privilege escalation
vulnerabil ...)
NOT-FOR-US: Kingdee KIS Professional Edition
-CVE-2021-37273
- RESERVED
+CVE-2021-37273 (A Denial of Service issue exists in China Telecom Corporation
EPON Tia ...)
+ TODO: check
CVE-2021-37272
RESERVED
-CVE-2021-37271
- RESERVED
+CVE-2021-37271 (Cross Site Scripting (XSS) vulnerability exists in UEditor
v1.4.3.3, w ...)
+ TODO: check
CVE-2021-37270 (There is an unauthorized access vulnerability in the CMS
Enterprise We ...)
NOT-FOR-US: CMS Enterprise Website Construction System
CVE-2021-37269
RESERVED
CVE-2021-37268
RESERVED
-CVE-2021-37267
- RESERVED
+CVE-2021-37267 (Cross Site Scripting (XSS) vulnerability exists in all
versions of Kin ...)
+ TODO: check
CVE-2021-37266
RESERVED
CVE-2021-37265
@@ -10656,8 +10662,8 @@ CVE-2021-37148
RESERVED
CVE-2021-37147
RESERVED
-CVE-2021-37146
- RESERVED
+CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in
ROS Melodi ...)
+ TODO: check
CVE-2021-37145 (** UNSUPPORTED WHEN ASSIGNED ** A command-injection
vulnerability in a ...)
NOT-FOR-US: Poly (formerly Polycom)
CVE-2021-37144 (CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This
occurs in ...)
@@ -10742,12 +10748,12 @@ CVE-2021-37108
RESERVED
CVE-2021-37107
RESERVED
-CVE-2021-37106
- RESERVED
-CVE-2021-37105
- RESERVED
-CVE-2021-37104
- RESERVED
+CVE-2021-37106 (There is a command injection vulnerability in CMA service
module of Fu ...)
+ TODO: check
+CVE-2021-37105 (There is an improper file upload control vulnerability in
FusionComput ...)
+ TODO: check
+CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI
P40 ver ...)
+ TODO: check
CVE-2021-37103
RESERVED
CVE-2021-37102
@@ -12434,14 +12440,14 @@ CVE-2021-36367 (PuTTY through 0.75 proceeds with
establishing an SSH session eve
[buster] - putty <no-dsa> (Minor issue)
[stretch] - putty <no-dsa> (Minor issue)
NOTE:
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa
-CVE-2021-36366
- RESERVED
-CVE-2021-36365
- RESERVED
-CVE-2021-36364
- RESERVED
-CVE-2021-36363
- RESERVED
+CVE-2021-36366 (Nagios XI before 5.8.5 incorrectly allows manage_services.sh
wildcards ...)
+ TODO: check
+CVE-2021-36365 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for
repairm ...)
+ TODO: check
+CVE-2021-36364 (Nagios XI before 5.8.5 incorrectly allows backup_xi.sh
wildcards. ...)
+ TODO: check
+CVE-2021-36363 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for
migrate ...)
+ TODO: check
CVE-2021-36362
RESERVED
CVE-2021-36361
@@ -12877,8 +12883,8 @@ CVE-2021-36167
RESERVED
CVE-2021-36166
RESERVED
-CVE-2021-36165
- RESERVED
+CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is
affected by c ...)
+ TODO: check
CVE-2021-36164
RESERVED
CVE-2021-36163 (In Apache Dubbo, users may choose to use the Hessian protocol.
The Hes ...)
@@ -16462,8 +16468,8 @@ CVE-2021-34638 (Authenticated Directory Traversal in
WordPress Download Manager
NOT-FOR-US: WordPress Download Manager
CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site
Request Fo ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-34636
- RESERVED
+CVE-2021-34636 (The Countdown and CountUp, WooCommerce Sales Timers WordPress
plugin i ...)
+ TODO: check
CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34634 (The Nifty Newsletters WordPress plugin is vulnerable to
Cross-Site Req ...)
@@ -17094,9 +17100,9 @@ CVE-2021-34372 (Trusty (the trusted OS produced by
NVIDIA for Jetson devices) dr
NOT-FOR-US: Trusty
CVE-2021-34371 (Neo4j through 3.4.18 (with the shell server enabled) exposes
an RMI se ...)
NOT-FOR-US: Neo4j
-CVE-2021-34370 (Accela Civic Platform through 20.1 allows
ssoAdapter/logoutAction.do s ...)
+CVE-2021-34370 (** DISPUTED ** Accela Civic Platform through 20.1 allows
ssoAdapter/lo ...)
NOT-FOR-US: Accela Civic Platform
-CVE-2021-34369 (portlets/contact/ref/refContactDetail.do in Accela Civic
Platform thro ...)
+CVE-2021-34369 (** DISPUTED ** portlets/contact/ref/refContactDetail.do in
Accela Civi ...)
NOT-FOR-US: Accela Civic Platform
CVE-2021-34368
REJECTED
@@ -18123,7 +18129,7 @@ CVE-2021-33906
RESERVED
CVE-2021-33905
RESERVED
-CVE-2021-33904 (In Accela Civic Platform through 21.1, the
security/hostSignon.do para ...)
+CVE-2021-33904 (** DISPUTED ** In Accela Civic Platform through 21.1, the
security/hos ...)
NOT-FOR-US: Accela Civic Platform
CVE-2021-33903
RESERVED
@@ -18881,10 +18887,10 @@ CVE-2021-33603
RESERVED
CVE-2021-33602
RESERVED
-CVE-2021-33601
- RESERVED
-CVE-2021-33600
- RESERVED
+CVE-2021-33601 (A vulnerability was discovered in the web user interface of
F-Secure I ...)
+ TODO: check
+CVE-2021-33600 (A denial-of-service (DoS) vulnerability was discovered in the
web user ...)
+ TODO: check
CVE-2021-33599 (A vulnerability affecting F-Secure Antivirus engine was
discovered whe ...)
NOT-FOR-US: F-Secure Antivirus
CVE-2021-33598 (A Denial-of-Service (DoS) vulnerability was discovered in all
versions ...)
@@ -28027,8 +28033,8 @@ CVE-2021-30088
RESERVED
CVE-2021-30087
RESERVED
-CVE-2021-30086
- RESERVED
+CVE-2021-30086 (Cross Site Scripting (XSS) vulnerability exists in KindEditor
(Chinese ...)
+ TODO: check
CVE-2021-30085
RESERVED
CVE-2021-30084
@@ -29938,26 +29944,26 @@ CVE-2021-29369 (The gnuplot package prior to version
0.1.0 for Node.js allows co
NOT-FOR-US: Node gnuplot
CVE-2021-29368
RESERVED
-CVE-2021-29367
- RESERVED
-CVE-2021-29366
- RESERVED
-CVE-2021-29365
- RESERVED
-CVE-2021-29364
- RESERVED
-CVE-2021-29363
- RESERVED
-CVE-2021-29362
- RESERVED
-CVE-2021-29361
- RESERVED
-CVE-2021-29360
- RESERVED
+CVE-2021-29367 (A buffer overflow vulnerability in WPG+0x1dda of Irfanview
4.57 allows ...)
+ TODO: check
+CVE-2021-29366 (A buffer overflow vulnerability in
FORMATS!GetPlugInInfo+0x2de9 of Irf ...)
+ TODO: check
+CVE-2021-29365 (Irfanview 4.57 is affected by an infinite loop when processing
a craft ...)
+ TODO: check
+CVE-2021-29364 (A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of
Irfanvi ...)
+ TODO: check
+CVE-2021-29363 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of
Irfanvie ...)
+ TODO: check
+CVE-2021-29362 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of
Irfanvie ...)
+ TODO: check
+CVE-2021-29361 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340
of Irfa ...)
+ TODO: check
+CVE-2021-29360 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a
of Irfa ...)
+ TODO: check
CVE-2021-29359
RESERVED
-CVE-2021-29358
- RESERVED
+CVE-2021-29358 (A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of
Irfanview ...)
+ TODO: check
CVE-2021-29357 (The ECT Provider component in OutSystems Platform Server 10
before 10. ...)
NOT-FOR-US: OutSystems Platform Server
CVE-2021-29356
@@ -46295,8 +46301,8 @@ CVE-2021-22537
RESERVED
CVE-2021-22536
RESERVED
-CVE-2021-22535
- RESERVED
+CVE-2021-22535 (Unauthorized information security disclosure vulnerability on
Micro Fo ...)
+ TODO: check
CVE-2021-22534
RESERVED
CVE-2021-22533
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d7c2e4ca2b742816fa0fa3c14ef303d232a5428
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d7c2e4ca2b742816fa0fa3c14ef303d232a5428
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
