Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18fd3772 by security tracker role at 2021-10-21T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,32 @@
+CVE-2021-42777
+ RESERVED
+CVE-2021-42776
+ RESERVED
+CVE-2021-42775
+ RESERVED
+CVE-2021-42774
+ RESERVED
+CVE-2021-42773
+ RESERVED
+CVE-2021-42772
+ RESERVED
+CVE-2021-42771 (Babel.Locale in Babel before 2.9.1 allows attackers to load
arbitrary ...)
+ {DLA-2790-1}
+ TODO: check
+CVE-2021-42770
+ RESERVED
+CVE-2021-42769
+ RESERVED
+CVE-2021-42768
+ RESERVED
+CVE-2021-42767
+ RESERVED
+CVE-2021-42766 (The Proof-of-Stake (PoS) Ethereum consensus protocol through
2021-10-1 ...)
+ TODO: check
+CVE-2021-42765 (The Proof-of-Stake (PoS) Ethereum consensus protocol through
2021-10-1 ...)
+ TODO: check
+CVE-2021-42764 (The Proof-of-Stake (PoS) Ethereum consensus protocol through
2021-10-1 ...)
+ TODO: check
CVE-2021-42763
RESERVED
CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before
2.34.1 allow ...)
@@ -2229,8 +2258,8 @@ CVE-2021-42301
RESERVED
CVE-2021-42300
RESERVED
-CVE-2021-42299
- RESERVED
+CVE-2021-42299 (Microsoft Surface Pro 3 Security Feature Bypass Vulnerability
...)
+ TODO: check
CVE-2021-42298
RESERVED
CVE-2021-42297
@@ -2692,10 +2721,10 @@ CVE-2021-42099
RESERVED
CVE-2021-42098 (An incomplete permission check on entries in Devolutions
Remote Deskto ...)
NOT-FOR-US: Devolutions
-CVE-2021-42097
- RESERVED
-CVE-2021-42096
- RESERVED
+CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege
Escalation. A csr ...)
+ TODO: check
+CVE-2021-42096 (GNU Mailman before 2.1.35 may allow remote Privilege
Escalation. A cer ...)
+ TODO: check
CVE-2021-42095 (Xshell before 7.0.0.76 allows attackers to cause a crash by
triggering ...)
NOT-FOR-US: NetSarang Xshell
CVE-2021-42094 (An issue was discovered in Zammad before 4.1.1. Command
Injection can ...)
@@ -4823,8 +4852,8 @@ CVE-2021-41165
RESERVED
CVE-2021-41164
RESERVED
-CVE-2021-41163
- RESERVED
+CVE-2021-41163 (Discourse is an open source platform for community discussion.
In affe ...)
+ TODO: check
CVE-2021-41162
RESERVED
CVE-2021-41161
@@ -5038,7 +5067,7 @@ CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the
Linux kernel 5.10 through 5
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/09/18/2
CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows
Director ...)
- {DSA-4987-1}
+ {DSA-4987-1 DLA-2789-1}
- squashfs-tools 1:4.5-3 (bug #994262)
NOTE: Prerequisites:
NOTE:
https://github.com/plougher/squashfs-tools/commit/80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36
@@ -7304,12 +7333,12 @@ CVE-2021-40125
RESERVED
CVE-2021-40124
RESERVED
-CVE-2021-40123
- RESERVED
-CVE-2021-40122
- RESERVED
-CVE-2021-40121
- RESERVED
+CVE-2021-40123 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2021-40122 (A vulnerability in an API of the Call Bridge feature of Cisco
Meeting ...)
+ TODO: check
+CVE-2021-40121 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
+ TODO: check
CVE-2021-40120
RESERVED
CVE-2021-40119
@@ -9708,10 +9737,10 @@ CVE-2021-39129
RESERVED
CVE-2021-39128 (Affected versions of Atlassian Jira Server or Data Center
using the Ji ...)
NOT-FOR-US: Atlassian
-CVE-2021-39127
- RESERVED
-CVE-2021-39126
- RESERVED
+CVE-2021-39127 (Affected versions of Atlassian Jira Server and Data Center
allow anony ...)
+ TODO: check
+CVE-2021-39126 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
+ TODO: check
CVE-2021-39125 (Affected versions of Atlassian Jira Server and Data Center
allow anony ...)
NOT-FOR-US: Atlassian
CVE-2021-39124 (The Cross-Site Request Forgery (CSRF) failure retry feature of
Atlassi ...)
@@ -19910,8 +19939,8 @@ CVE-2021-34791
RESERVED
CVE-2021-34790
RESERVED
-CVE-2021-34789
- RESERVED
+CVE-2021-34789 (A vulnerability in the web-based management interface of Cisco
Tetrati ...)
+ TODO: check
CVE-2021-34788 (A vulnerability in the shared library loading mechanism of
Cisco AnyCo ...)
NOT-FOR-US: Cisco
CVE-2021-34787
@@ -19968,8 +19997,8 @@ CVE-2021-34762
RESERVED
CVE-2021-34761
RESERVED
-CVE-2021-34760
- RESERVED
+CVE-2021-34760 (A vulnerability in the web-based management interface of Cisco
TelePre ...)
+ TODO: check
CVE-2021-34759 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
CVE-2021-34758 (A vulnerability in the memory management of Cisco TelePresence
Collabo ...)
@@ -20002,8 +20031,8 @@ CVE-2021-34745 (A vulnerability in the AppDynamics .NET
Agent for Windows could
NOT-FOR-US: .NET Agent for Windows
CVE-2021-34744 (Multiple vulnerabilities in Cisco Business 220 Series Smart
Switches f ...)
NOT-FOR-US: Cisco
-CVE-2021-34743
- RESERVED
+CVE-2021-34743 (A vulnerability in the application integration feature of
Cisco Webex ...)
+ TODO: check
CVE-2021-34742 (A vulnerability in the web-based management interface of Cisco
Vision ...)
NOT-FOR-US: Cisco
CVE-2021-34741
@@ -20012,12 +20041,12 @@ CVE-2021-34740 (A vulnerability in the WLAN Control
Protocol (WCP) implementatio
NOT-FOR-US: Cisco
CVE-2021-34739
RESERVED
-CVE-2021-34738
- RESERVED
+CVE-2021-34738 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
+ TODO: check
CVE-2021-34737 (A vulnerability in the DHCP version 4 (DHCPv4) server feature
of Cisco ...)
NOT-FOR-US: Cisco
-CVE-2021-34736
- RESERVED
+CVE-2021-34736 (A vulnerability in the web-based management interface of Cisco
Integra ...)
+ TODO: check
CVE-2021-34735 (Multiple vulnerabilities in the Cisco ATA 190 Series Analog
Telephone ...)
NOT-FOR-US: Cisco
CVE-2021-34734 (A vulnerability in the Link Layer Discovery Protocol (LLDP)
implementa ...)
@@ -57766,6 +57795,7 @@ CVE-2021-20096 (Cross-site request forgery in
OpenOversight 0.6.4 allows a remot
NOT-FOR-US: OpenOversight
CVE-2021-20095
REJECTED
+ {DLA-2790-1}
CVE-2021-20094 (A denial of service vulnerability exists in Wibu-Systems
CodeMeter ver ...)
NOT-FOR-US: Wibu-Systems CodeMeter
CVE-2021-20093 (A buffer over-read vulnerability exists in Wibu-Systems
CodeMeter vers ...)
@@ -63543,8 +63573,8 @@ CVE-2021-1531 (A vulnerability in the web UI of Cisco
Modeling Labs could allow
NOT-FOR-US: Cisco
CVE-2021-1530 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
NOT-FOR-US: Cisco
-CVE-2021-1529
- RESERVED
+CVE-2021-1529 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software
could allow ...)
+ TODO: check
CVE-2021-1528 (A vulnerability in the CLI of Cisco SD-WAN Software could allow
an aut ...)
NOT-FOR-US: Cisco
CVE-2021-1527 (A vulnerability in Cisco Webex Player for Windows and MacOS
could allo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18fd37722ef1ad689d6163bcf3a45d8e88c4f727
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18fd37722ef1ad689d6163bcf3a45d8e88c4f727
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
