Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
284d8e6d by security tracker role at 2021-12-15T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2021-45070
+ RESERVED
+CVE-2021-45069
+ RESERVED
+CVE-2021-45068
+ RESERVED
+CVE-2021-45067
+ RESERVED
+CVE-2021-45066
+ RESERVED
+CVE-2021-45065
+ RESERVED
+CVE-2021-45064
+ RESERVED
+CVE-2021-45063
+ RESERVED
+CVE-2021-45062
+ RESERVED
+CVE-2021-45061
+ RESERVED
+CVE-2021-45060
+ RESERVED
+CVE-2021-45059
+ RESERVED
+CVE-2021-45058
+ RESERVED
+CVE-2021-45057
+ RESERVED
+CVE-2021-45056
+ RESERVED
+CVE-2021-45055
+ RESERVED
+CVE-2021-45054
+ RESERVED
+CVE-2021-45053
+ RESERVED
+CVE-2021-45052
+ RESERVED
+CVE-2021-45051
+ RESERVED
+CVE-2021-4120
+ RESERVED
CVE-2021-45050
RESERVED
CVE-2021-45049
@@ -254,12 +296,12 @@ CVE-2021-45042
RESERVED
CVE-2021-45041
RESERVED
-CVE-2021-4110
- RESERVED
+CVE-2021-4110 (mruby is vulnerable to NULL Pointer Dereference ...)
+ TODO: check
CVE-2021-4109
RESERVED
-CVE-2021-4108
- RESERVED
+CVE-2021-4108 (snipe-it is vulnerable to Improper Neutralization of Input
During Web ...)
+ TODO: check
CVE-2022-0010
RESERVED
CVE-2021-45040
@@ -446,8 +488,8 @@ CVE-2021-44950
RESERVED
CVE-2021-44949 (glFusion CMS 1.7.9 is affected by an access control
vulnerability via ...)
NOT-FOR-US: glFusion CMS
-CVE-2021-44948
- RESERVED
+CVE-2021-44948 (glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery
(CSRF) ...)
+ TODO: check
CVE-2021-44947
RESERVED
CVE-2021-44946
@@ -458,8 +500,8 @@ CVE-2021-44944
RESERVED
CVE-2021-44943
RESERVED
-CVE-2021-44942
- RESERVED
+CVE-2021-44942 (glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery
(CSRF) ...)
+ TODO: check
CVE-2021-44941
RESERVED
CVE-2021-44940
@@ -3677,14 +3719,14 @@ CVE-2021-43832
RESERVED
CVE-2021-43831
RESERVED
-CVE-2021-43830
- RESERVED
-CVE-2021-43829
- RESERVED
-CVE-2021-43828
- RESERVED
-CVE-2021-43827
- RESERVED
+CVE-2021-43830 (OpenProject is a web-based project management software.
OpenProject ve ...)
+ TODO: check
+CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating
Security ...)
+ TODO: check
+CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating
Security ...)
+ TODO: check
+CVE-2021-43827 (discourse-footnote is a library providing footnotes for posts
in Disco ...)
+ TODO: check
CVE-2021-43826
RESERVED
CVE-2021-43825
@@ -3695,8 +3737,8 @@ CVE-2021-43823 (Sourcegraph is a code search and
navigation engine. Sourcegraph
NOT-FOR-US: Sourcegraph
CVE-2021-43822 (Jackalope Doctrine-DBAL is an implementation of the PHP
Content Reposi ...)
NOT-FOR-US: Jackalope Doctrine-DBAL
-CVE-2021-43821
- RESERVED
+CVE-2021-43821 (Opencast is an Open Source Lecture Capture & Video
Management for ...)
+ TODO: check
CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token
is used i ...)
TODO: check
CVE-2021-43819
@@ -5816,10 +5858,10 @@ CVE-2021-43328
RESERVED
CVE-2021-43327 (An issue was discovered on Renesas RX65 and RX65N devices.
With a VCC ...)
NOT-FOR-US: Renesas
-CVE-2021-43326
- RESERVED
-CVE-2021-43325
- RESERVED
+CVE-2021-43326 (Automox Agent before 32 on Windows incorrectly sets
permissions on a t ...)
+ TODO: check
+CVE-2021-43325 (Automox Agent 33 on Windows incorrectly sets permissions on a
temporar ...)
+ TODO: check
CVE-2021-43324 (LibreNMS through 21.10.2 allows XSS via a widget title. ...)
NOT-FOR-US: LibreNMS
CVE-2021-43323
@@ -7286,8 +7328,8 @@ CVE-2021-43115
RESERVED
CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI
CA publis ...)
- fort-validator 1.5.2-1
-CVE-2021-43113
- RESERVED
+CVE-2021-43113 (iTextPDF in iText before 7.1.17 allows command injection via a
Compare ...)
+ TODO: check
CVE-2021-43112
RESERVED
CVE-2021-43111
@@ -7452,8 +7494,8 @@ CVE-2021-43053
RESERVED
CVE-2021-43052
RESERVED
-CVE-2021-43051
- RESERVED
+CVE-2021-43051 (The Spotfire Server component of TIBCO Software Inc.'s TIBCO
Spotfire ...)
+ TODO: check
CVE-2021-43050
RESERVED
CVE-2021-43049
@@ -7722,8 +7764,8 @@ CVE-2021-42947
RESERVED
CVE-2021-42946
RESERVED
-CVE-2021-42945
- RESERVED
+CVE-2021-42945 (A SQL Injection vulnerability exists in ZZCMS 2021 via the
askbigclass ...)
+ TODO: check
CVE-2021-42944
RESERVED
CVE-2021-42943
@@ -10630,8 +10672,8 @@ CVE-2021-42222
RESERVED
CVE-2021-42221
RESERVED
-CVE-2021-42220
- RESERVED
+CVE-2021-42220 (A Cross Site Scripting (XSS) vulnerability exists in Dolibarr
before 1 ...)
+ TODO: check
CVE-2021-42219
RESERVED
CVE-2021-42218
@@ -11464,10 +11506,10 @@ CVE-2021-41873 (Penguin Aurora TV Box 41502 is a
high-end network HD set-top box
NOT-FOR-US: Penguin Aurora TV Box 41502
CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a
denial of s ...)
NOT-FOR-US: Skyworth Digital Technology Penguin Aurora Box 41502
-CVE-2021-41871
- RESERVED
-CVE-2021-41870
- RESERVED
+CVE-2021-41871 (An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4.
Improper ...)
+ TODO: check
+CVE-2021-41870 (An issue was discovered in the firmware update form in Socomec
REMOTE ...)
+ TODO: check
CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is
vulnerable ...)
NOT-FOR-US: SuiteCRM
CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated
attackers to u ...)
@@ -11535,8 +11577,8 @@ CVE-2021-41846
RESERVED
CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify
Secret Server ...)
NOT-FOR-US: ThycoticCentrify Secret Server
-CVE-2021-41844
- RESERVED
+CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate
and sanit ...)
+ TODO: check
CVE-2021-41843
RESERVED
CVE-2021-41842
@@ -12250,14 +12292,14 @@ CVE-2021-3823 (Improper Limitation of a Pathname to a
Restricted Directory ('Pat
NOT-FOR-US: Bitdefender
CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression
Complexity ...)
NOT-FOR-US: jsoneditor
-CVE-2021-41560
- RESERVED
+CVE-2021-41560 (OpenCATS through 0.9.6 allows remote attackers to execute
arbitrary co ...)
+ TODO: check
CVE-2021-41559
RESERVED
CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL
allows Proce ...)
NOT-FOR-US: set_user extension for Postgres
-CVE-2021-41557
- RESERVED
+CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored
Cross Site ...)
+ TODO: check
CVE-2021-41556
RESERVED
CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central
21.3.3.815 (a ...)
@@ -13981,10 +14023,10 @@ CVE-2021-40829 (Connections initialized by the AWS
IoT Device SDK v2 for Java (v
NOT-FOR-US: AWS IoT Device SDK
CVE-2021-40828 (Connections initialized by the AWS IoT Device SDK v2 for Java
(version ...)
NOT-FOR-US: AWS IoT Device SDK
-CVE-2021-40827
- RESERVED
-CVE-2021-40826
- RESERVED
+CVE-2021-40827 (Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL
is used) ...)
+ TODO: check
+CVE-2021-40826 (Clementine Music Player through 1.3.1 is vulnerable to a User
Mode Wri ...)
+ TODO: check
CVE-2021-40825 (nLight ECLYPSE (nECY) system Controllers running software
prior to 1.1 ...)
NOT-FOR-US: nLight ECLYPSE (nECY) system Controllers
CVE-2021-40824 (A logic error in the room key sharing functionality of Element
Android ...)
@@ -15557,10 +15599,10 @@ CVE-2021-40173 (Zoho ManageEngine Cloud Security Plus
before Build 4117 allows a
NOT-FOR-US: Zoho ManageEngine
CVE-2021-40172 (Zoho ManageEngine Log360 before Build 5219 allows a CSRF
attack on pro ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2021-40171
- RESERVED
-CVE-2021-40170
- RESERVED
+CVE-2021-40171 (The absence of notifications regarding an ongoing RF jamming
attack in ...)
+ TODO: check
+CVE-2021-40170 (An RF replay attack vulnerability in the SecuritasHome home
alarm syst ...)
+ TODO: check
CVE-2021-40169
RESERVED
CVE-2021-40168
@@ -18047,8 +18089,8 @@ CVE-2021-39185 (Http4s is a minimal, idiomatic Scala
interface for HTTP services
NOT-FOR-US: Https4s
CVE-2021-39184 (Electron is a framework for writing cross-platform desktop
application ...)
- electron <itp> (bug #842420)
-CVE-2021-39183
- RESERVED
+CVE-2021-39183 (Owncast is an open source, self-hosted live video streaming
and chat s ...)
+ TODO: check
CVE-2021-39182 (EnroCrypt is a Python module for encryption and hashing. Prior
to vers ...)
NOT-FOR-US: EnroCrypt
CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS).
Prior to ver ...)
@@ -19106,8 +19148,8 @@ CVE-2021-3707 (D-Link router DSL-2750U with firmware
vME1.16 or prior versions i
NOT-FOR-US: D-Link
CVE-2021-38702 (Cyberoam NetGenie C0101B1-20141120-NG11VO devices through
2021-08-14 a ...)
NOT-FOR-US: Cyberoam NetGenie C0101B1-20141120-NG11VO devices
-CVE-2021-38701
- RESERVED
+CVE-2021-38701 (Certain Motorola Solutions Avigilon devices allow XSS in the
administr ...)
+ TODO: check
CVE-2021-38700
RESERVED
CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation,
/admin/dashb ...)
@@ -24591,8 +24633,8 @@ CVE-2021-36452
RESERVED
CVE-2021-36451
RESERVED
-CVE-2021-36450
- RESERVED
+CVE-2021-36450 (Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS
via the co ...)
+ TODO: check
CVE-2021-36449
RESERVED
CVE-2021-36448
@@ -29402,10 +29444,10 @@ CVE-2021-34428 (For Eclipse Jetty versions <=
9.4.40, <= 10.0.2, <= 11.
NOTE:
https://github.com/eclipse/jetty.project/commit/087f486b4461746b4ded45833887b3ccb136ee85
(jetty-9.4.x)
CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can
use query ...)
NOT-FOR-US: Eclipse BIRT
-CVE-2021-34426
- RESERVED
-CVE-2021-34425
- RESERVED
+CVE-2021-34426 (A vulnerability was discovered in the Keybase Client for
Windows befor ...)
+ TODO: check
+CVE-2021-34425 (The Zoom Client for Meetings before version 5.7.3 (for
Android, iOS, L ...)
+ TODO: check
CVE-2021-34424 (A vulnerability was discovered in the Zoom Client for Meetings
(for An ...)
NOT-FOR-US: Zoom
CVE-2021-34423 (A buffer overflow vulnerability was discovered in Zoom Client
for Meet ...)
@@ -29436,7 +29478,7 @@ CVE-2021-34411 (During the installation process forZoom
Rooms for Conference Roo
NOT-FOR-US: Zoom
CVE-2021-34410 (A user-writable application bundle unpacked during the install
for all ...)
NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac
-CVE-2021-34409 (User-writable pre and post-install scripts unpacked during the
Zoom Cl ...)
+CVE-2021-34409 (It was discovered that the installation packages of the Zoom
Client fo ...)
NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac
CVE-2021-34408 (The Zoom Client for Meetings for Windows in all versions
before versio ...)
NOT-FOR-US: Zoom Client for Meetings for Windows
@@ -48713,8 +48755,8 @@ CVE-2021-26789
RESERVED
CVE-2021-26788 (Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is
affected b ...)
NOT-FOR-US: Oryx Embedded CycloneTCP
-CVE-2021-26787
- RESERVED
+CVE-2021-26787 (A cross site scripting (XSS) vulnerability in Genesys
Workforce Manage ...)
+ TODO: check
CVE-2021-26786 (An issue was discoverered in in customercentric-selling-poland
PlayTub ...)
NOT-FOR-US: PlayTube
CVE-2021-26785
@@ -87990,8 +88032,8 @@ CVE-2020-23547
RESERVED
CVE-2020-23546 (IrfanView 4.54 allows attackers to cause a denial of service
or possib ...)
NOT-FOR-US: IrfanView
-CVE-2020-23545
- RESERVED
+CVE-2020-23545 (IrfanView 4.54 allows a user-mode write access violation
starting at F ...)
+ TODO: check
CVE-2020-23544
RESERVED
CVE-2020-23543
@@ -145056,8 +145098,8 @@ CVE-2019-19140
RESERVED
CVE-2019-19139
RESERVED
-CVE-2019-19138
- RESERVED
+CVE-2019-19138 (Ivanti Workspace Control before 10.4.50.0 allows attackers to
degrade ...)
+ TODO: check
CVE-2019-19137
RESERVED
CVE-2019-19136
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/284d8e6d47073d703c1b33aca475f20db643d53c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/284d8e6d47073d703c1b33aca475f20db643d53c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
