Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 39bdee60 by security tracker role at 2021-10-12T20:10:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,343 @@ +CVE-2022-20111 + RESERVED +CVE-2022-20110 + RESERVED +CVE-2022-20109 + RESERVED +CVE-2022-20108 + RESERVED +CVE-2022-20107 + RESERVED +CVE-2022-20106 + RESERVED +CVE-2022-20105 + RESERVED +CVE-2022-20104 + RESERVED +CVE-2022-20103 + RESERVED +CVE-2022-20102 + RESERVED +CVE-2022-20101 + RESERVED +CVE-2022-20100 + RESERVED +CVE-2022-20099 + RESERVED +CVE-2022-20098 + RESERVED +CVE-2022-20097 + RESERVED +CVE-2022-20096 + RESERVED +CVE-2022-20095 + RESERVED +CVE-2022-20094 + RESERVED +CVE-2022-20093 + RESERVED +CVE-2022-20092 + RESERVED +CVE-2022-20091 + RESERVED +CVE-2022-20090 + RESERVED +CVE-2022-20089 + RESERVED +CVE-2022-20088 + RESERVED +CVE-2022-20087 + RESERVED +CVE-2022-20086 + RESERVED +CVE-2022-20085 + RESERVED +CVE-2022-20084 + RESERVED +CVE-2022-20083 + RESERVED +CVE-2022-20082 + RESERVED +CVE-2022-20081 + RESERVED +CVE-2022-20080 + RESERVED +CVE-2022-20079 + RESERVED +CVE-2022-20078 + RESERVED +CVE-2022-20077 + RESERVED +CVE-2022-20076 + RESERVED +CVE-2022-20075 + RESERVED +CVE-2022-20074 + RESERVED +CVE-2022-20073 + RESERVED +CVE-2022-20072 + RESERVED +CVE-2022-20071 + RESERVED +CVE-2022-20070 + RESERVED +CVE-2022-20069 + RESERVED +CVE-2022-20068 + RESERVED +CVE-2022-20067 + RESERVED +CVE-2022-20066 + RESERVED +CVE-2022-20065 + RESERVED +CVE-2022-20064 + RESERVED +CVE-2022-20063 + RESERVED +CVE-2022-20062 + RESERVED +CVE-2022-20061 + RESERVED +CVE-2022-20060 + RESERVED +CVE-2022-20059 + RESERVED +CVE-2022-20058 + RESERVED +CVE-2022-20057 + RESERVED +CVE-2022-20056 + RESERVED +CVE-2022-20055 + RESERVED +CVE-2022-20054 + RESERVED +CVE-2022-20053 + RESERVED +CVE-2022-20052 + RESERVED +CVE-2022-20051 + RESERVED +CVE-2022-20050 + RESERVED +CVE-2022-20049 + RESERVED +CVE-2022-20048 + RESERVED +CVE-2022-20047 + RESERVED +CVE-2022-20046 + RESERVED +CVE-2022-20045 + RESERVED +CVE-2022-20044 + RESERVED +CVE-2022-20043 + RESERVED +CVE-2022-20042 + RESERVED +CVE-2022-20041 + RESERVED +CVE-2022-20040 + RESERVED +CVE-2022-20039 + RESERVED +CVE-2022-20038 + RESERVED +CVE-2022-20037 + RESERVED +CVE-2022-20036 + RESERVED +CVE-2022-20035 + RESERVED +CVE-2022-20034 + RESERVED +CVE-2022-20033 + RESERVED +CVE-2022-20032 + RESERVED +CVE-2022-20031 + RESERVED +CVE-2022-20030 + RESERVED +CVE-2022-20029 + RESERVED +CVE-2022-20028 + RESERVED +CVE-2022-20027 + RESERVED +CVE-2022-20026 + RESERVED +CVE-2022-20025 + RESERVED +CVE-2022-20024 + RESERVED +CVE-2022-20023 + RESERVED +CVE-2022-20022 + RESERVED +CVE-2022-20021 + RESERVED +CVE-2022-20020 + RESERVED +CVE-2022-20019 + RESERVED +CVE-2022-20018 + RESERVED +CVE-2022-20017 + RESERVED +CVE-2022-20016 + RESERVED +CVE-2022-20015 + RESERVED +CVE-2022-20014 + RESERVED +CVE-2022-20013 + RESERVED +CVE-2022-20012 + RESERVED +CVE-2021-42328 + RESERVED +CVE-2021-42327 + RESERVED +CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of ...) + TODO: check +CVE-2021-42325 (Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbM ...) + TODO: check +CVE-2021-42324 + RESERVED +CVE-2021-42323 + RESERVED +CVE-2021-42322 + RESERVED +CVE-2021-42321 + RESERVED +CVE-2021-42320 + RESERVED +CVE-2021-42319 + RESERVED +CVE-2021-42318 + RESERVED +CVE-2021-42317 + RESERVED +CVE-2021-42316 + RESERVED +CVE-2021-42315 + RESERVED +CVE-2021-42314 + RESERVED +CVE-2021-42313 + RESERVED +CVE-2021-42312 + RESERVED +CVE-2021-42311 + RESERVED +CVE-2021-42310 + RESERVED +CVE-2021-42309 + RESERVED +CVE-2021-42308 + RESERVED +CVE-2021-42307 + RESERVED +CVE-2021-42306 + RESERVED +CVE-2021-42305 + RESERVED +CVE-2021-42304 + RESERVED +CVE-2021-42303 + RESERVED +CVE-2021-42302 + RESERVED +CVE-2021-42301 + RESERVED +CVE-2021-42300 + RESERVED +CVE-2021-42299 + RESERVED +CVE-2021-42298 + RESERVED +CVE-2021-42297 + RESERVED +CVE-2021-42296 + RESERVED +CVE-2021-42295 + RESERVED +CVE-2021-42294 + RESERVED +CVE-2021-42293 + RESERVED +CVE-2021-42292 + RESERVED +CVE-2021-42291 + RESERVED +CVE-2021-42290 + RESERVED +CVE-2021-42289 + RESERVED +CVE-2021-42288 + RESERVED +CVE-2021-42287 + RESERVED +CVE-2021-42286 + RESERVED +CVE-2021-42285 + RESERVED +CVE-2021-42284 + RESERVED +CVE-2021-42283 + RESERVED +CVE-2021-42282 + RESERVED +CVE-2021-42281 + RESERVED +CVE-2021-42280 + RESERVED +CVE-2021-42279 + RESERVED +CVE-2021-42278 + RESERVED +CVE-2021-42277 + RESERVED +CVE-2021-42276 + RESERVED +CVE-2021-42275 + RESERVED +CVE-2021-42274 + RESERVED +CVE-2021-42273 + RESERVED +CVE-2021-42272 + RESERVED +CVE-2021-42271 + RESERVED +CVE-2021-42270 + RESERVED +CVE-2021-42269 + RESERVED +CVE-2021-42268 + RESERVED +CVE-2021-42267 + RESERVED +CVE-2021-42266 + RESERVED +CVE-2021-42265 + RESERVED +CVE-2021-42264 + RESERVED +CVE-2021-42263 + RESERVED +CVE-2021-3882 + RESERVED +CVE-2021-3881 + RESERVED +CVE-2021-3880 + RESERVED +CVE-2021-3879 + RESERVED CVE-2021-42262 RESERVED CVE-2021-42261 @@ -584,8 +924,7 @@ CVE-2021-3863 RESERVED CVE-2021-42010 RESERVED -CVE-2021-42009 - RESERVED +CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...) NOT-FOR-US: Apache Traffic Control CVE-2021-3862 RESERVED @@ -1081,9 +1420,9 @@ CVE-2021-41798 (MediaWiki before 1.36.2 allows XSS. Month related MediaWiki mess NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitec...@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ NOTE: https://phabricator.wikimedia.org/T285515 CVE-2021-41797 - RESERVED + REJECTED CVE-2021-41796 - RESERVED + REJECTED CVE-2021-41795 (The Safari app extension bundled with 1Password for Mac 7.7.0 through ...) NOT-FOR-US: 1Password CVE-2021-41794 (ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a ...) @@ -1650,8 +1989,8 @@ CVE-2021-41548 RESERVED CVE-2021-41547 RESERVED -CVE-2021-41546 - RESERVED +CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + TODO: check CVE-2021-41545 RESERVED CVE-2021-41544 @@ -2542,8 +2881,8 @@ CVE-2021-41138 RESERVED CVE-2021-41137 RESERVED -CVE-2021-41136 - RESERVED +CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...) + TODO: check CVE-2021-41135 RESERVED CVE-2021-41134 @@ -2710,9 +3049,9 @@ CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Di NOTE: Followup fix: https://github.com/plougher/squashfs-tools/commit/19fcc9365dcdb2c22d232d42d11012940df64b7c NOTE: https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405 CVE-2021-41071 - RESERVED + REJECTED CVE-2021-41070 - RESERVED + REJECTED CVE-2021-41069 RESERVED CVE-2021-41068 @@ -3742,8 +4081,8 @@ CVE-2021-40620 RESERVED CVE-2021-40619 RESERVED -CVE-2021-40618 - RESERVED +CVE-2021-40618 (An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1 ...) + TODO: check CVE-2021-40617 (An SQL Injection vulnerability exists in openSIS Community Edition ver ...) NOT-FOR-US: openSIS CVE-2021-40616 @@ -4050,18 +4389,18 @@ CVE-2021-40502 RESERVED CVE-2021-40501 RESERVED -CVE-2021-40500 - RESERVED -CVE-2021-40499 - RESERVED -CVE-2021-40498 - RESERVED -CVE-2021-40497 - RESERVED -CVE-2021-40496 - RESERVED -CVE-2021-40495 - RESERVED +CVE-2021-40500 (SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - ...) + TODO: check +CVE-2021-40499 (Client-side printing services SAP Cloud Print Manager and SAPSprint fo ...) + TODO: check +CVE-2021-40498 (A vulnerability has been identified in SAP SuccessFactors Mobile Appli ...) + TODO: check +CVE-2021-40497 (SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, a ...) + TODO: check +CVE-2021-40496 (SAP Internet Communication framework (ICM) - versions 700, 701, 702, 7 ...) + TODO: check +CVE-2021-40495 (There are multiple Denial-of Service vulnerabilities in SAP NetWeaver ...) + TODO: check CVE-2021-40494 (A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI throu ...) NOT-FOR-US: AdaptiveScale LXDUI CVE-2021-40493 @@ -4558,8 +4897,8 @@ CVE-2021-40294 RESERVED CVE-2021-40293 RESERVED -CVE-2021-40292 - RESERVED +CVE-2021-40292 (A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2 ...) + TODO: check CVE-2021-40291 RESERVED CVE-2021-40290 @@ -7192,8 +7531,8 @@ CVE-2021-39186 (GlobalNewFiles is a MediaWiki extension maintained by Miraheze. NOT-FOR-US: Miraheze CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP services. In h ...) NOT-FOR-US: Https4s -CVE-2021-39184 - RESERVED +CVE-2021-39184 (Electron is a framework for writing cross-platform desktop application ...) + TODO: check CVE-2021-39183 RESERVED CVE-2021-39182 @@ -7785,8 +8124,8 @@ CVE-2021-38917 RESERVED CVE-2021-38916 RESERVED -CVE-2021-38915 - RESERVED +CVE-2021-38915 (IBM Data Risk Manager 2.0.6 stores user credentials in plain clear tex ...) + TODO: check CVE-2021-38914 RESERVED CVE-2021-38913 @@ -7891,8 +8230,8 @@ CVE-2021-38864 (IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain NOT-FOR-US: IBM CVE-2021-38863 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...) NOT-FOR-US: IBM -CVE-2021-38862 - RESERVED +CVE-2021-38862 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptogra ...) + TODO: check CVE-2021-38861 RESERVED CVE-2021-38860 @@ -8868,24 +9207,24 @@ CVE-2021-38462 RESERVED CVE-2021-38461 RESERVED -CVE-2021-38460 - RESERVED +CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network Management s ...) + TODO: check CVE-2021-38459 RESERVED -CVE-2021-38458 - RESERVED +CVE-2021-38458 (A path traversal vulnerability in the Moxa MXview Network Management s ...) + TODO: check CVE-2021-38457 RESERVED -CVE-2021-38456 - RESERVED +CVE-2021-38456 (A path traversal vulnerability in the Moxa MXview Network Management s ...) + TODO: check CVE-2021-38455 RESERVED -CVE-2021-38454 - RESERVED +CVE-2021-38454 (A path traversal vulnerability in the Moxa MXview Network Management s ...) + TODO: check CVE-2021-38453 RESERVED -CVE-2021-38452 - RESERVED +CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network Management s ...) + TODO: check CVE-2021-38451 RESERVED CVE-2021-38450 @@ -9535,18 +9874,18 @@ CVE-2021-38185 (GNU cpio through 2.13 allows attackers to execute arbitrary code NOTE: Regression #2 fixed by: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=236684f6deb3178043fe72a8e2faca538fa2aae1 CVE-2021-38184 RESERVED -CVE-2021-38183 - RESERVED +CVE-2021-38183 (SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently enc ...) + TODO: check CVE-2021-38182 RESERVED -CVE-2021-38181 - RESERVED -CVE-2021-38180 - RESERVED -CVE-2021-38179 - RESERVED -CVE-2021-38178 - RESERVED +CVE-2021-38181 (SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, ...) + TODO: check +CVE-2021-38180 (SAP Business One - version 10.0, allows an attacker to inject formulas ...) + TODO: check +CVE-2021-38179 (Debug function of Admin UI of SAP Business One Integration is enabled ...) + TODO: check +CVE-2021-38178 (The software logistics system of SAP NetWeaver AS ABAP and ABAP Platfo ...) + TODO: check CVE-2021-38177 (SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null poin ...) NOT-FOR-US: SAP CVE-2021-38176 (Due to improper input sanitization, an authenticated user with certain ...) @@ -10681,26 +11020,26 @@ CVE-2021-37737 RESERVED CVE-2021-37736 RESERVED -CVE-2021-37735 - RESERVED -CVE-2021-37734 - RESERVED +CVE-2021-37735 (A remote denial of service vulnerability was discovered in Aruba Insta ...) + TODO: check +CVE-2021-37734 (A remote unauthorized read access to files vulnerability was discovere ...) + TODO: check CVE-2021-37733 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...) NOT-FOR-US: Aruba -CVE-2021-37732 - RESERVED +CVE-2021-37732 (A remote arbitrary command execution vulnerability was discovered in H ...) + TODO: check CVE-2021-37731 (A local path traversal vulnerability was discovered in Aruba SD-WAN So ...) NOT-FOR-US: Aruba -CVE-2021-37730 - RESERVED +CVE-2021-37730 (A remote arbitrary command execution vulnerability was discovered in H ...) + TODO: check CVE-2021-37729 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...) NOT-FOR-US: Aruba CVE-2021-37728 (A remote path traversal vulnerability was discovered in Aruba Operatin ...) NOT-FOR-US: Aruba -CVE-2021-37727 - RESERVED -CVE-2021-37726 - RESERVED +CVE-2021-37727 (A remote arbitrary command execution vulnerability was discovered in H ...) + TODO: check +CVE-2021-37726 (A remote buffer overflow vulnerability was discovered in HPE Aruba Ins ...) + TODO: check CVE-2021-37725 (A remote cross-site request forgery (csrf) vulnerability was discovere ...) NOT-FOR-US: Aruba CVE-2021-37724 (A remote arbitrary command execution vulnerability was discovered in A ...) @@ -10723,8 +11062,8 @@ CVE-2021-37716 (A remote buffer overflow vulnerability was discovered in Aruba S NOT-FOR-US: Aruba CVE-2021-37715 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...) NOT-FOR-US: Aruba -CVE-2021-3671 - RESERVED +CVE-2021-3671 (A null pointer de-reference was found in the way samba kerberos server ...) + TODO: check CVE-2021-3670 RESERVED CVE-2021-37714 (jsoup is a Java library for working with HTML. Those using jsoup versi ...) @@ -11871,8 +12210,8 @@ CVE-2021-37201 (A vulnerability has been identified in SINEC NMS (All versions & NOT-FOR-US: Siemens CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens -CVE-2021-37199 - RESERVED +CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All versions), ...) + TODO: check CVE-2021-37198 RESERVED CVE-2021-37197 @@ -15882,12 +16221,12 @@ CVE-2021-35498 RESERVED CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...) TODO: check -CVE-2021-35496 - RESERVED -CVE-2021-35495 - RESERVED -CVE-2021-35494 - RESERVED +CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperRe ...) + TODO: check +CVE-2021-35495 (The Scheduler Connection component of TIBCO Software Inc.'s TIBCO Jasp ...) + TODO: check +CVE-2021-35494 (The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Se ...) + TODO: check CVE-2021-35493 (The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO ...) NOT-FOR-US: WebFOCUS CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentica ...) @@ -16526,8 +16865,8 @@ CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution NOT-FOR-US: Solarwinds CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...) NOT-FOR-US: Solarwinds -CVE-2021-35214 - RESERVED +CVE-2021-35214 (The vulnerability can be described as a failure to invalidate user ses ...) + TODO: check CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability was disc ...) NOT-FOR-US: SolarWinds CVE-2021-35212 (An SQL injection Privilege Escalation Vulnerability was discovered in ...) @@ -19979,36 +20318,36 @@ CVE-2021-33738 (A vulnerability has been identified in JT2Go (All versions < NOT-FOR-US: JT2Go CVE-2021-33737 (A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS ...) NOT-FOR-US: Siemens -CVE-2021-33736 - RESERVED -CVE-2021-33735 - RESERVED -CVE-2021-33734 - RESERVED -CVE-2021-33733 - RESERVED -CVE-2021-33732 - RESERVED -CVE-2021-33731 - RESERVED -CVE-2021-33730 - RESERVED -CVE-2021-33729 - RESERVED -CVE-2021-33728 - RESERVED -CVE-2021-33727 - RESERVED -CVE-2021-33726 - RESERVED -CVE-2021-33725 - RESERVED -CVE-2021-33724 - RESERVED -CVE-2021-33723 - RESERVED -CVE-2021-33722 - RESERVED +CVE-2021-33736 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check +CVE-2021-33735 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check +CVE-2021-33734 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check +CVE-2021-33733 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check +CVE-2021-33732 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check +CVE-2021-33731 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check +CVE-2021-33730 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check +CVE-2021-33729 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check +CVE-2021-33728 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check +CVE-2021-33727 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check +CVE-2021-33726 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check +CVE-2021-33725 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check +CVE-2021-33724 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check +CVE-2021-33723 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check +CVE-2021-33722 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check CVE-2021-33721 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33720 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) @@ -22347,6 +22686,7 @@ CVE-2021-32767 (TYPO3 is an open source PHP based web content management system. CVE-2021-32766 (Nextcloud Text is an open source plaintext editing application which s ...) NOT-FOR-US: Nextcloud Text CVE-2021-32765 (Hiredis is a minimalistic C client library for the Redis database. In ...) + {DLA-2783-1} - hiredis 0.14.1-2 NOTE: https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 NOTE: https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e (v1.0.1) @@ -30603,10 +30943,10 @@ CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations in NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939159 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1 NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0) -CVE-2021-29645 - RESERVED -CVE-2021-29644 - RESERVED +CVE-2021-29645 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendM ...) + TODO: check +CVE-2021-29644 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remo ...) + TODO: check CVE-2021-29643 (PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsa ...) NOT-FOR-US: PRTG Network Monitor CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to change the U ...) @@ -36088,8 +36428,8 @@ CVE-2021-27397 (A vulnerability has been identified in Tecnomatix Plant Simulati NOT-FOR-US: Tecnomatix Plant Simulation CVE-2021-27396 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Tecnomatix Plant Simulation -CVE-2021-27395 - RESERVED +CVE-2021-27395 (A vulnerability has been identified in SIMATIC Process Historian 2013 ...) + TODO: check CVE-2021-27394 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Mendix Applications (Siemens) CVE-2021-27393 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...) @@ -36981,8 +37321,8 @@ CVE-2021-27005 RESERVED CVE-2021-27004 RESERVED -CVE-2021-27003 - RESERVED +CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 a ...) + TODO: check CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...) NOT-FOR-US: NetApp Cloud Manager CVE-2021-27001 @@ -40647,8 +40987,7 @@ CVE-2021-25635 NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/3 NOTE: Fixed by: https://github.com/LibreOffice/core/commit/edeb164c1d8ab64116afee4e2140403a362a1358 (7-0) NOTE: Fixed by: https://github.com/LibreOffice/core/commit/a5fe0bea138c5b32268a5cd0093908909d8bc013 (7-1) -CVE-2021-25634 - RESERVED +CVE-2021-25634 (LibreOffice supports digital signatures of ODF documents and macros wi ...) - libreoffice 1:7.2.0-2 NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634 NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/2 @@ -49031,10 +49370,10 @@ CVE-2021-21943 RESERVED CVE-2021-21942 RESERVED -CVE-2021-21941 - RESERVED -CVE-2021-21940 - RESERVED +CVE-2021-21941 (A use-after-free vulnerability exists in the pushMuxer CreatePushThrea ...) + TODO: check +CVE-2021-21940 (A heap-based buffer overflow vulnerability exists in the pushMuxer pro ...) + TODO: check CVE-2021-21939 RESERVED CVE-2021-21938 @@ -53650,7 +53989,7 @@ CVE-2021-20701 RESERVED CVE-2021-20700 RESERVED -CVE-2021-20699 (Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and ...) +CVE-2021-20699 (Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and ...) NOT-FOR-US: SHARP CVE-2021-20698 (Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and ...) NOT-FOR-US: SHARP @@ -64832,8 +65171,8 @@ CVE-2020-28147 RESERVED CVE-2020-28146 (Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and ...) NOT-FOR-US: Eyoucms -CVE-2020-28145 - RESERVED +CVE-2020-28145 (Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0 ...) + TODO: check CVE-2020-28144 (Certain Moxa Inc products are affected by an improper restriction of o ...) NOT-FOR-US: Moxa CVE-2020-28143 @@ -79999,6 +80338,7 @@ CVE-2020-21915 CVE-2020-21914 RESERVED CVE-2020-21913 (International Components for Unicode (ICU-20850) v66.1 was discovered ...) + {DLA-2784-1} - icu 67.1-2 NOTE: https://github.com/unicode-org/icu/pull/886 NOTE: https://unicode-org.atlassian.net/browse/ICU-20850 @@ -174753,7 +175093,7 @@ CVE-2019-6571 (A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xy NOT-FOR-US: Siemens CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens -CVE-2019-6569 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) +CVE-2019-6569 (The monitor barrier of the affected products insufficiently blocks dat ...) NOT-FOR-US: Scalance CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC ET 200SP O ...) NOT-FOR-US: Siemens View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39bdee60660930f06a84ae4ab9d5fa58d50448ce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39bdee60660930f06a84ae4ab9d5fa58d50448ce You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits