[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 21 Oct 2021 13:10:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
30ee6828 by security tracker role at 2021-10-21T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2021-42793
+       RESERVED
+CVE-2021-42792
+       RESERVED
+CVE-2021-42791
+       RESERVED
+CVE-2021-42790
+       RESERVED
+CVE-2021-42789
+       RESERVED
+CVE-2021-42788
+       RESERVED
+CVE-2021-42787
+       RESERVED
+CVE-2021-42786
+       RESERVED
+CVE-2021-42785
+       RESERVED
+CVE-2021-42784
+       RESERVED
+CVE-2021-42783
+       RESERVED
+CVE-2021-42782
+       RESERVED
+CVE-2021-42781
+       RESERVED
+CVE-2021-42780
+       RESERVED
+CVE-2021-42779
+       RESERVED
+CVE-2021-42778
+       RESERVED
 CVE-2021-42777
        RESERVED
 CVE-2021-42776
@@ -103,8 +135,8 @@ CVE-2021-42742
        RESERVED
 CVE-2021-42741
        RESERVED
-CVE-2021-42740
-       RESERVED
+CVE-2021-42740 (The shell-quote package before 1.7.3 for Node.js allows 
command inject ...)
+       TODO: check
 CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has 
a buffe ...)
        - linux <unfixed>
        NOTE: https://seclists.org/oss-sec/2021/q2/46
@@ -155,10 +187,10 @@ CVE-2021-3894
        RESERVED
 CVE-2021-42717
        RESERVED
-CVE-2021-42716
-       RESERVED
-CVE-2021-42715
-       RESERVED
+CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM 
loader incorr ...)
+       TODO: check
+CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27. 
The HDR  ...)
+       TODO: check
 CVE-2021-42714
        RESERVED
 CVE-2021-42713
@@ -2199,8 +2231,7 @@ CVE-2022-20012
        RESERVED
 CVE-2021-42328
        RESERVED
-CVE-2021-42327 [drm/amdgpu: fix out of bounds write]
-       RESERVED
+CVE-2021-42327 (dp_link_settings_write in 
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu ...)
        - linux <unfixed>
        NOTE: 
https://lists.freedesktop.org/archives/amd-gfx/2021-October/070170.html
 CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the 
names of  ...)
@@ -2677,22 +2708,22 @@ CVE-2021-3873
        RESERVED
 CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow 
privilege escala ...)
        NOT-FOR-US: VITEC Exterity IPTV products
-CVE-2021-42108
-       RESERVED
-CVE-2021-42107
-       RESERVED
-CVE-2021-42106
-       RESERVED
-CVE-2021-42105
-       RESERVED
-CVE-2021-42104
-       RESERVED
-CVE-2021-42103
-       RESERVED
-CVE-2021-42102
-       RESERVED
-CVE-2021-42101
-       RESERVED
+CVE-2021-42108 (Unnecessary privilege vulnerabilities in the Web Console of 
Trend Micr ...)
+       TODO: check
+CVE-2021-42107 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, 
Apex On ...)
+       TODO: check
+CVE-2021-42106 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, 
Apex On ...)
+       TODO: check
+CVE-2021-42105 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, 
Apex On ...)
+       TODO: check
+CVE-2021-42104 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, 
Apex On ...)
+       TODO: check
+CVE-2021-42103 (An uncontrolled search path element vulnerabilities in Trend 
Micro Ape ...)
+       TODO: check
+CVE-2021-42102 (An uncontrolled search path element vulnerabilities in Trend 
Micro Ape ...)
+       TODO: check
+CVE-2021-42101 (An uncontrolled search path element vulnerabilities in Trend 
Micro Ape ...)
+       TODO: check
 CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...)
        - vim <unfixed>
        [stretch] - vim <no-dsa> (Minor issue)
@@ -2943,10 +2974,10 @@ CVE-2021-42013 (It was found that the fix for 
CVE-2021-41773 in Apache HTTP Serv
        NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1
 CVE-2021-3864
        RESERVED
-CVE-2021-42012
-       RESERVED
-CVE-2021-42011
-       RESERVED
+CVE-2021-42012 (A stack-based buffer overflow vulnerability in Trend Micro 
Apex One, A ...)
+       TODO: check
+CVE-2021-42011 (An incorrect permission assignment vulnerability in Trend 
Micro Apex O ...)
+       TODO: check
 CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input 
During Web  ...)
        NOT-FOR-US: snipe-it
 CVE-2021-42010
@@ -3360,8 +3391,8 @@ CVE-2021-3847 [low-privileged user privileges escalation]
        NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3
 CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with 
Dangerou ...)
        NOT-FOR-US: firefly-iii
-CVE-2021-23139
-       RESERVED
+CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and 
Worry-Free Bu ...)
+       TODO: check
 CVE-2021-3845
        RESERVED
 CVE-2021-41832 (It is possible for an attacker to manipulate documents to 
appear to be ...)
@@ -3467,12 +3498,12 @@ CVE-2021-41794 (ogs_fqdn_parse in Open5GS 1.0.0 through 
2.3.3 inappropriately tr
        NOT-FOR-US: Open5GS
 CVE-2021-41793
        RESERVED
-CVE-2021-41792
-       RESERVED
-CVE-2021-41791
-       RESERVED
-CVE-2021-41790
-       RESERVED
+CVE-2021-41792 (An issue was discovered in Hyland 
org.alfresco:alfresco-content-servic ...)
+       TODO: check
+CVE-2021-41791 (An issue was discovered in Hyland org.alfresco:share through 
7.0.0.2 a ...)
+       TODO: check
+CVE-2021-41790 (An issue was discovered in Hyland 
org.alfresco:alfresco-content-servic ...)
+       TODO: check
 CVE-2021-41789
        RESERVED
 CVE-2021-41788
@@ -4872,10 +4903,10 @@ CVE-2021-41162
        RESERVED
 CVE-2021-41161
        RESERVED
-CVE-2021-41160
-       RESERVED
-CVE-2021-41159
-       RESERVED
+CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop 
Protocol (RDP), ...)
+       TODO: check
+CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop 
Protocol (RDP), ...)
+       TODO: check
 CVE-2021-41158
        RESERVED
 CVE-2021-41157
@@ -4900,8 +4931,8 @@ CVE-2021-41148 (Tuleap Open ALM is a libre and open 
source tool for end to end t
        NOT-FOR-US: Tuleap
 CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end 
traceab ...)
        NOT-FOR-US: Tuleap
-CVE-2021-41146
-       RESERVED
+CVE-2021-41146 (qutebrowser is an open source keyboard-focused browser with a 
minimal  ...)
+       TODO: check
 CVE-2021-41145
        RESERVED
 CVE-2021-41144
@@ -15231,7 +15262,7 @@ CVE-2021-36801 (Akaunting version 2.1.12 and earlier 
suffers from an authenticat
        NOT-FOR-US: Akaunting
 CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code 
injection iss ...)
        NOT-FOR-US: Akaunting
-CVE-2021-36799 (KNX ETS5 uses the hard-coded password ETS5Password, with a 
salt value  ...)
+CVE-2021-36799 (Hard-coded password and salt for encryption of project files 
in KNX As ...)
        NOT-FOR-US: KNX ETS5
 CVE-2021-36798 (A Denial-of-Service (DoS) vulnerability was discovered in Team 
Server  ...)
        NOT-FOR-US: HelpSystems Cobalt Strike
@@ -18304,8 +18335,8 @@ CVE-2021-35513 (Mermaid before 8.11.0 allows XSS when 
the antiscript feature is
        - node-mermaid 8.7.0+ds+~cs27.17.17-3 (bug #990449)
        NOTE: https://github.com/mermaid-js/mermaid/issues/2122
        NOTE: https://github.com/mermaid-js/mermaid/pull/2123
-CVE-2021-35512
-       RESERVED
+CVE-2021-35512 (An SSRF issue was discovered in Zoho ManageEngine Applications 
Manager ...)
+       TODO: check
 CVE-2021-35511
        RESERVED
 CVE-2021-35510
@@ -18975,14 +19006,14 @@ CVE-2021-35230
        RESERVED
 CVE-2021-35229
        RESERVED
-CVE-2021-35228
-       RESERVED
-CVE-2021-35227
-       RESERVED
+CVE-2021-35228 (This vulnerability occurred due to missing input sanitization 
for one  ...)
+       TODO: check
+CVE-2021-35227 (The HTTP interface was enabled for RabbitMQ Plugin in ARM 
2020.2.6 and ...)
+       TODO: check
 CVE-2021-35226
        RESERVED
-CVE-2021-35225
-       RESERVED
+CVE-2021-35225 (Each authenticated Orion Platform user in a MSP (Managed 
Service Provi ...)
+       TODO: check
 CVE-2021-35224
        RESERVED
 CVE-2021-35223 (The Serv-U File Server allows for events such as user login 
failures t ...)
@@ -32514,8 +32545,8 @@ CVE-2021-29885
        RESERVED
 CVE-2021-29884
        RESERVED
-CVE-2021-29883
-       RESERVED
+CVE-2021-29883 (IBM Standards Processing Engine (IBM Transformation Extender 
Advanced  ...)
+       TODO: check
 CVE-2021-29882
        RESERVED
 CVE-2021-29881
@@ -32534,8 +32565,8 @@ CVE-2021-29875
        RESERVED
 CVE-2021-29874
        RESERVED
-CVE-2021-29873
-       RESERVED
+CVE-2021-29873 (IBM Flash System 900 could allow an authenticated attacker to 
obtain s ...)
+       TODO: check
 CVE-2021-29872
        RESERVED
 CVE-2021-29871
@@ -34710,8 +34741,8 @@ CVE-2021-3457 (An improper authorization handling flaw 
was found in Foreman. The
 CVE-2021-3456
        RESERVED
        - foreman <itp> (bug #663101)
-CVE-2021-28975
-       RESERVED
+CVE-2021-28975 (WP Mailster 1.6.18.0 allows XSS when a victim opens a mail 
server's de ...)
+       TODO: check
 CVE-2021-28974
        RESERVED
 CVE-2021-28973 (The XML Import functionality of the Administration console in 
Perforce ...)
@@ -35924,8 +35955,8 @@ CVE-2021-28498 (In Arista's MOS (Metamako Operating 
System) software which is su
        NOT-FOR-US: Arista
 CVE-2021-28497 (In Arista's MOS (Metamako Operating System) software which is 
supporte ...)
        NOT-FOR-US: Arista
-CVE-2021-28496
-       RESERVED
+CVE-2021-28496 (On systems running Arista EOS and CloudEOS with the affected 
release v ...)
+       TODO: check
 CVE-2021-28495 (In Arista's MOS (Metamako Operating System) software which is 
supporte ...)
        NOT-FOR-US: Arista
 CVE-2021-28494 (In Arista's MOS (Metamako Operating System) software which is 
supporte ...)
@@ -57767,8 +57798,8 @@ CVE-2021-20122 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) 
with firmware version 3.00
        NOT-FOR-US: Telus Wi-Fi Hub
 CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 
3.00.20 is ...)
        NOT-FOR-US: Telus Wi-Fi Hub
-CVE-2021-20120
-       RESERVED
+CVE-2021-20120 (The administration web interface for the Arris Surfboard 
SB8200 lacks  ...)
+       TODO: check
 CVE-2021-20119
        RESERVED
 CVE-2021-20118 (Nessus Agent 8.3.0 and earlier was found to contain a local 
privilege  ...)
@@ -70118,8 +70149,8 @@ CVE-2020-27306
        RESERVED
 CVE-2020-27305
        RESERVED
-CVE-2020-27304
-       RESERVED
+CVE-2020-27304 (The CivetWeb web library does not validate uploaded filepaths 
when run ...)
+       TODO: check
 CVE-2020-27303
        RESERVED
 CVE-2020-27302 (A stack buffer overflow in Realtek RTL8710 (and other 
Ameba-based devi ...)
@@ -100054,8 +100085,8 @@ CVE-2020-14265
        RESERVED
 CVE-2020-14264
        RESERVED
-CVE-2020-14263
-       RESERVED
+CVE-2020-14263 ("HCL Traveler Companion is vulnerable to an iOS weak 
cryptographic pro ...)
+       TODO: check
 CVE-2020-14262
        RESERVED
 CVE-2020-14261



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30ee682812ea3081bd8d72bd26ab8c3452fb6543

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30ee682812ea3081bd8d72bd26ab8c3452fb6543
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to