Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8d13312b by security tracker role at 2021-11-04T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2021-43391
+ RESERVED
+CVE-2021-43390
+ RESERVED
+CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15.
There is a ...)
+ TODO: check
+CVE-2021-43388
+ RESERVED
+CVE-2021-43387
+ RESERVED
+CVE-2021-43386
+ RESERVED
+CVE-2021-43385
+ RESERVED
+CVE-2021-43384
+ RESERVED
+CVE-2021-43383
+ RESERVED
+CVE-2021-43382
+ RESERVED
+CVE-2021-43381
+ RESERVED
+CVE-2021-43380
+ RESERVED
+CVE-2021-43379
+ RESERVED
+CVE-2021-43378
+ RESERVED
+CVE-2021-43377
+ RESERVED
+CVE-2021-43376
+ RESERVED
+CVE-2021-43375
+ RESERVED
+CVE-2021-43374
+ RESERVED
+CVE-2021-43373
+ RESERVED
+CVE-2021-43372
+ RESERVED
+CVE-2021-43371
+ RESERVED
+CVE-2021-43370
+ RESERVED
+CVE-2021-43369
+ RESERVED
+CVE-2021-43368
+ RESERVED
+CVE-2021-43367
+ RESERVED
+CVE-2021-43366
+ RESERVED
+CVE-2021-43365
+ RESERVED
+CVE-2021-43364
+ RESERVED
+CVE-2021-43363
+ RESERVED
+CVE-2021-43362
+ RESERVED
+CVE-2021-43361
+ RESERVED
+CVE-2021-43360
+ RESERVED
+CVE-2021-43359
+ RESERVED
+CVE-2021-43358
+ RESERVED
+CVE-2021-3928
+ RESERVED
+CVE-2021-3927
+ RESERVED
CVE-2021-43357
RESERVED
CVE-2021-43350
@@ -132,8 +204,8 @@ CVE-2021-43295
RESERVED
CVE-2021-43294
RESERVED
-CVE-2021-43293
- RESERVED
+CVE-2021-43293 (Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a
remote au ...)
+ TODO: check
CVE-2021-43292
RESERVED
CVE-2021-43291
@@ -156,8 +228,8 @@ CVE-2021-43283
RESERVED
CVE-2021-43282
RESERVED
-CVE-2021-43281
- RESERVED
+CVE-2021-43281 (MyBB before 1.8.29 allows Remote Code Injection by an admin
with the " ...)
+ TODO: check
CVE-2021-43280
RESERVED
CVE-2021-43279
@@ -2638,8 +2710,8 @@ CVE-2021-42626
RESERVED
CVE-2021-42625
RESERVED
-CVE-2021-42624
- RESERVED
+CVE-2021-42624 (A local buffer overflow vulnerability exists in the latest
version of ...)
+ TODO: check
CVE-2021-42623
RESERVED
CVE-2021-42622
@@ -7017,8 +7089,8 @@ CVE-2021-41249
RESERVED
CVE-2021-41248
RESERVED
-CVE-2021-41247
- RESERVED
+CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter
notebooks. ...)
+ TODO: check
CVE-2021-41246
RESERVED
CVE-2021-41245
@@ -9646,6 +9718,7 @@ CVE-2021-3738
RESERVED
CVE-2021-3737 [client can enter an infinite loop on a 100 Continue response
from the server]
RESERVED
+ {DLA-2808-1}
[experimental] - python3.9 3.9.6-1
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -9711,40 +9784,40 @@ CVE-2021-40130
RESERVED
CVE-2021-40129
RESERVED
-CVE-2021-40128
- RESERVED
-CVE-2021-40127
- RESERVED
-CVE-2021-40126
- RESERVED
+CVE-2021-40128 (A vulnerability in the account activation feature of Cisco
Webex Meeti ...)
+ TODO: check
+CVE-2021-40127 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2021-40126 (A vulnerability in the web-based dashboard of Cisco Umbrella
could all ...)
+ TODO: check
CVE-2021-40125 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2)
impleme ...)
NOT-FOR-US: Cisco
-CVE-2021-40124
- RESERVED
+CVE-2021-40124 (A vulnerability in the Network Access Manager (NAM) module of
Cisco An ...)
+ TODO: check
CVE-2021-40123 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
CVE-2021-40122 (A vulnerability in an API of the Call Bridge feature of Cisco
Meeting ...)
NOT-FOR-US: Cisco
CVE-2021-40121 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2021-40120
- RESERVED
-CVE-2021-40119
- RESERVED
+CVE-2021-40120 (A vulnerability in the web-based management interface of
certain Cisco ...)
+ TODO: check
+CVE-2021-40119 (A vulnerability in the key-based SSH authentication mechanism
of Cisco ...)
+ TODO: check
CVE-2021-40118 (Multiple vulnerabilities in the web services interface of
Cisco Adapti ...)
NOT-FOR-US: Cisco
CVE-2021-40117 (A vulnerability in SSL/TLS message handler for Cisco Adaptive
Security ...)
NOT-FOR-US: Cisco
CVE-2021-40116 (Multiple Cisco products are affected by a vulnerability in
Snort rules ...)
NOT-FOR-US: Cisco
-CVE-2021-40115
- RESERVED
+CVE-2021-40115 (A vulnerability in Cisco Webex Video Mesh could allow an
unauthenticat ...)
+ TODO: check
CVE-2021-40114 (Multiple Cisco products are affected by a vulnerability in the
way the ...)
NOT-FOR-US: Cisco
-CVE-2021-40113
- RESERVED
-CVE-2021-40112
- RESERVED
+CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface
of the ...)
+ TODO: check
+CVE-2021-40112 (Multiple vulnerabilities in the web-based management interface
of the ...)
+ TODO: check
CVE-2021-40111
RESERVED
CVE-2021-40110
@@ -10763,6 +10836,7 @@ CVE-2021-39616
RESERVED
CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs]
RESERVED
+ {DLA-2808-1}
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
- python3.7 <removed>
@@ -11475,7 +11549,8 @@ CVE-2021-39332 (The Business Manager WordPress plugin
is vulnerable to Stored Cr
NOT-FOR-US: WordPress plugin
CVE-2021-39331
RESERVED
-CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to
Stored C ...)
+CVE-2021-39330
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored
Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
@@ -22385,8 +22460,8 @@ CVE-2021-34797
RESERVED
CVE-2021-34796
RESERVED
-CVE-2021-34795
- RESERVED
+CVE-2021-34795 (Multiple vulnerabilities in the web-based management interface
of the ...)
+ TODO: check
CVE-2021-34794 (A vulnerability in the Simple Network Management Protocol
version 3 (S ...)
NOT-FOR-US: Cisco
CVE-2021-34793 (A vulnerability in the TCP Normalizer of Cisco Adaptive
Security Appli ...)
@@ -22407,8 +22482,8 @@ CVE-2021-34786 (Multiple vulnerabilities in Cisco
BroadWorks CommPilot Applicati
NOT-FOR-US: Cisco
CVE-2021-34785 (Multiple vulnerabilities in Cisco BroadWorks CommPilot
Application Sof ...)
NOT-FOR-US: Cisco
-CVE-2021-34784
- RESERVED
+CVE-2021-34784 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
+ TODO: check
CVE-2021-34783 (A vulnerability in the software-based SSL/TLS message handler
of Cisco ...)
NOT-FOR-US: Cisco
CVE-2021-34782 (A vulnerability in the API endpoints for Cisco DNA Center
could allow ...)
@@ -22427,10 +22502,10 @@ CVE-2021-34776 (Multiple vulnerabilities exist in the
Link Layer Discovery Proto
NOT-FOR-US: Cisco
CVE-2021-34775 (Multiple vulnerabilities exist in the Link Layer Discovery
Protocol (L ...)
NOT-FOR-US: Cisco
-CVE-2021-34774
- RESERVED
-CVE-2021-34773
- RESERVED
+CVE-2021-34774 (A vulnerability in the web-based management interface of Cisco
Common ...)
+ TODO: check
+CVE-2021-34773 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
CVE-2021-34772 (A vulnerability in the web-based management interface of Cisco
Orbital ...)
NOT-FOR-US: Cisco
CVE-2021-34771 (A vulnerability in the Cisco IOS XR Software CLI could allow
an authen ...)
@@ -22493,12 +22568,12 @@ CVE-2021-34743 (A vulnerability in the application
integration feature of Cisco
NOT-FOR-US: Cisco
CVE-2021-34742 (A vulnerability in the web-based management interface of Cisco
Vision ...)
NOT-FOR-US: Cisco
-CVE-2021-34741
- RESERVED
+CVE-2021-34741 (A vulnerability in the email scanning algorithm of Cisco
AsyncOS softw ...)
+ TODO: check
CVE-2021-34740 (A vulnerability in the WLAN Control Protocol (WCP)
implementation for ...)
NOT-FOR-US: Cisco
-CVE-2021-34739
- RESERVED
+CVE-2021-34739 (A vulnerability in the web-based management interface of
multiple Cisc ...)
+ TODO: check
CVE-2021-34738 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-34737 (A vulnerability in the DHCP version 4 (DHCPv4) server feature
of Cisco ...)
@@ -22513,8 +22588,8 @@ CVE-2021-34733 (A vulnerability in the CLI of Cisco
Prime Infrastructure and Cis
NOT-FOR-US: Cisco
CVE-2021-34732 (A vulnerability in the web-based management interface of Cisco
Prime C ...)
NOT-FOR-US: Cisco
-CVE-2021-34731
- RESERVED
+CVE-2021-34731 (A vulnerability in the web-based management interface of Cisco
Prime A ...)
+ TODO: check
CVE-2021-34730 (A vulnerability in the Universal Plug-and-Play (UPnP) service
of Cisco ...)
NOT-FOR-US: Cisco
CVE-2021-34729 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and
Cisco I ...)
@@ -22573,8 +22648,8 @@ CVE-2021-34703 (A vulnerability in the Link Layer
Discovery Protocol (LLDP) mess
NOT-FOR-US: Cisco
CVE-2021-34702 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
-CVE-2021-34701
- RESERVED
+CVE-2021-34701 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
CVE-2021-34700 (A vulnerability in the CLI interface of Cisco SD-WAN vManage
Software ...)
NOT-FOR-US: Cisco
CVE-2021-34699 (A vulnerability in the TrustSec CLI parser of Cisco IOS and
Cisco IOS ...)
@@ -22838,14 +22913,14 @@ CVE-2021-34599
RESERVED
CVE-2021-34598
RESERVED
-CVE-2021-34597
- RESERVED
+CVE-2021-34597 (Improper Input Validation vulnerability in PC Worx Automation
Suite of ...)
+ TODO: check
CVE-2021-34596 (A crafted request may cause a read access to an uninitialized
pointer ...)
NOT-FOR-US: CODESYS
CVE-2021-34595 (A crafted request with invalid offsets may cause an
out-of-bounds read ...)
NOT-FOR-US: CODESYS
-CVE-2021-34594
- RESERVED
+CVE-2021-34594 (TwinCAT OPC UA Server in TF6100 and TS6100 in product versions
before ...)
+ TODO: check
CVE-2021-34593 (In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior
to versio ...)
NOT-FOR-US: CODESYS
CVE-2021-34592
@@ -54720,47 +54795,33 @@ CVE-2021-21700
RESERVED
CVE-2021-21699
RESERVED
-CVE-2021-21698
- RESERVED
+CVE-2021-21698 (Jenkins Subversion Plugin 2.15.0 and earlier does not restrict
the nam ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21697
- RESERVED
+CVE-2021-21697 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any
agent to ...)
- jenkins <removed>
-CVE-2021-21696
- RESERVED
+CVE-2021-21696 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not
limit agen ...)
- jenkins <removed>
-CVE-2021-21695
- RESERVED
+CVE-2021-21695 (FilePath#listFiles lists files outside directories that agents
are all ...)
- jenkins <removed>
-CVE-2021-21694
- RESERVED
+CVE-2021-21694 (FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize,
FilePath#isD ...)
- jenkins <removed>
-CVE-2021-21693
- RESERVED
+CVE-2021-21693 (When creating temporary files, agent-to-controller access to
create th ...)
- jenkins <removed>
-CVE-2021-21692
- RESERVED
+CVE-2021-21692 (FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins
2.318 and ...)
- jenkins <removed>
-CVE-2021-21691
- RESERVED
+CVE-2021-21691 (Creating symbolic links is possible without the 'symlink'
agent-to-con ...)
- jenkins <removed>
-CVE-2021-21690
- RESERVED
+CVE-2021-21690 (Agent processes are able to completely bypass file path
filtering by w ...)
- jenkins <removed>
-CVE-2021-21689
- RESERVED
+CVE-2021-21689 (FilePath#unzip and FilePath#untar were not subject to any
agent-to-con ...)
- jenkins <removed>
-CVE-2021-21688
- RESERVED
+CVE-2021-21688 (The agent-to-controller security check
FilePath#reading(FileVisitor) i ...)
- jenkins <removed>
-CVE-2021-21687
- RESERVED
+CVE-2021-21687 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not
check agen ...)
- jenkins <removed>
-CVE-2021-21686
- RESERVED
+CVE-2021-21686 (File path filters in the agent-to-controller security
subsystem of Jen ...)
- jenkins <removed>
-CVE-2021-21685
- RESERVED
+CVE-2021-21685 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not
check agen ...)
- jenkins <removed>
CVE-2021-21684 (Jenkins Git Plugin 4.8.2 and earlier does not escape the Git
SHA-1 che ...)
NOT-FOR-US: Jenkins plugin
@@ -66150,8 +66211,8 @@ CVE-2021-1502 (A vulnerability in Cisco Webex Network
Recording Player for Windo
NOT-FOR-US: Cisco
CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive
Securit ...)
NOT-FOR-US: Cisco
-CVE-2021-1500
- RESERVED
+CVE-2021-1500 (A vulnerability in the web-based management interface of Cisco
Webex V ...)
+ TODO: check
CVE-2021-1499 (A vulnerability in the web-based management interface of Cisco
HyperFl ...)
NOT-FOR-US: Cisco
CVE-2021-1498 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
@@ -77377,12 +77438,12 @@ CVE-2020-25370
RESERVED
CVE-2020-25369
RESERVED
-CVE-2020-25368
- RESERVED
-CVE-2020-25367
- RESERVED
-CVE-2020-25366
- RESERVED
+CVE-2020-25368 (A command injection vulnerability was discovered in the HNAP1
protocol ...)
+ TODO: check
+CVE-2020-25367 (A command injection vulnerability was discovered in the HNAP1
protocol ...)
+ TODO: check
+CVE-2020-25366 (An issue in the component /cgi-bin/upload_firmware.cgi of
D-Link DIR-8 ...)
+ TODO: check
CVE-2020-25365
RESERVED
CVE-2020-25364
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d13312b49e3c0f53554f425a027ee455b8246eb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d13312b49e3c0f53554f425a027ee455b8246eb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
