Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9bfb4dc8 by security tracker role at 2021-10-18T20:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,275 @@ +CVE-2021-42697 + RESERVED +CVE-2021-42696 + RESERVED +CVE-2021-42695 + RESERVED +CVE-2021-42694 + RESERVED +CVE-2021-42693 + RESERVED +CVE-2021-42692 + RESERVED +CVE-2021-42691 + RESERVED +CVE-2021-42690 + RESERVED +CVE-2021-42689 + RESERVED +CVE-2021-42688 + RESERVED +CVE-2021-42687 + RESERVED +CVE-2021-42686 + RESERVED +CVE-2021-42685 + RESERVED +CVE-2021-42684 + RESERVED +CVE-2021-42683 + RESERVED +CVE-2021-42682 + RESERVED +CVE-2021-42681 + RESERVED +CVE-2021-42680 + RESERVED +CVE-2021-42679 + RESERVED +CVE-2021-42678 + RESERVED +CVE-2021-42677 + RESERVED +CVE-2021-42676 + RESERVED +CVE-2021-42675 + RESERVED +CVE-2021-42674 + RESERVED +CVE-2021-42673 + RESERVED +CVE-2021-42672 + RESERVED +CVE-2021-42671 + RESERVED +CVE-2021-42670 + RESERVED +CVE-2021-42669 + RESERVED +CVE-2021-42668 + RESERVED +CVE-2021-42667 + RESERVED +CVE-2021-42666 + RESERVED +CVE-2021-42665 + RESERVED +CVE-2021-42664 + RESERVED +CVE-2021-42663 + RESERVED +CVE-2021-42662 + RESERVED +CVE-2021-42661 + RESERVED +CVE-2021-42660 + RESERVED +CVE-2021-42659 + RESERVED +CVE-2021-42658 + RESERVED +CVE-2021-42657 + RESERVED +CVE-2021-42656 + RESERVED +CVE-2021-42655 + RESERVED +CVE-2021-42654 + RESERVED +CVE-2021-42653 + RESERVED +CVE-2021-42652 + RESERVED +CVE-2021-42651 + RESERVED +CVE-2021-42650 + RESERVED +CVE-2021-42649 + RESERVED +CVE-2021-42648 + RESERVED +CVE-2021-42647 + RESERVED +CVE-2021-42646 + RESERVED +CVE-2021-42645 + RESERVED +CVE-2021-42644 + RESERVED +CVE-2021-42643 + RESERVED +CVE-2021-42642 + RESERVED +CVE-2021-42641 + RESERVED +CVE-2021-42640 + RESERVED +CVE-2021-42639 + RESERVED +CVE-2021-42638 + RESERVED +CVE-2021-42637 + RESERVED +CVE-2021-42636 + RESERVED +CVE-2021-42635 + RESERVED +CVE-2021-42634 + RESERVED +CVE-2021-42633 + RESERVED +CVE-2021-42632 + RESERVED +CVE-2021-42631 + RESERVED +CVE-2021-42630 + RESERVED +CVE-2021-42629 + RESERVED +CVE-2021-42628 + RESERVED +CVE-2021-42627 + RESERVED +CVE-2021-42626 + RESERVED +CVE-2021-42625 + RESERVED +CVE-2021-42624 + RESERVED +CVE-2021-42623 + RESERVED +CVE-2021-42622 + RESERVED +CVE-2021-42621 + RESERVED +CVE-2021-42620 + RESERVED +CVE-2021-42619 + RESERVED +CVE-2021-42618 + RESERVED +CVE-2021-42617 + RESERVED +CVE-2021-42616 + RESERVED +CVE-2021-42615 + RESERVED +CVE-2021-42614 + RESERVED +CVE-2021-42613 + RESERVED +CVE-2021-42612 + RESERVED +CVE-2021-42611 + RESERVED +CVE-2021-42610 + RESERVED +CVE-2021-42609 + RESERVED +CVE-2021-42608 + RESERVED +CVE-2021-42607 + RESERVED +CVE-2021-42606 + RESERVED +CVE-2021-42605 + RESERVED +CVE-2021-42604 + RESERVED +CVE-2021-42603 + RESERVED +CVE-2021-42602 + RESERVED +CVE-2021-42601 + RESERVED +CVE-2021-42600 + RESERVED +CVE-2021-42599 + RESERVED +CVE-2021-42598 + RESERVED +CVE-2021-42597 + RESERVED +CVE-2021-42596 + RESERVED +CVE-2021-42595 + RESERVED +CVE-2021-42594 + RESERVED +CVE-2021-42593 + RESERVED +CVE-2021-42592 + RESERVED +CVE-2021-42591 + RESERVED +CVE-2021-42590 + RESERVED +CVE-2021-42589 + RESERVED +CVE-2021-42588 + RESERVED +CVE-2021-42587 + RESERVED +CVE-2021-42586 + RESERVED +CVE-2021-42585 + RESERVED +CVE-2021-42584 + RESERVED +CVE-2021-42583 + RESERVED +CVE-2021-42582 + RESERVED +CVE-2021-42581 + RESERVED +CVE-2021-42580 + RESERVED +CVE-2021-42579 + RESERVED +CVE-2021-42578 + RESERVED +CVE-2021-42577 + RESERVED +CVE-2021-42576 (The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Py ...) + TODO: check +CVE-2021-42575 (The OWASP Java HTML Sanitizer before 20211018.1 does not properly enfo ...) + TODO: check +CVE-2021-42574 + RESERVED +CVE-2021-42573 + RESERVED +CVE-2021-42572 + RESERVED +CVE-2021-42571 + RESERVED +CVE-2021-42570 + RESERVED +CVE-2021-42569 + RESERVED +CVE-2021-42568 + RESERVED +CVE-2021-42567 + RESERVED +CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter. ...) + TODO: check +CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...) + TODO: check +CVE-2021-42564 + RESERVED +CVE-2021-42563 + RESERVED +CVE-2021-3893 + RESERVED CVE-2021-42562 RESERVED CVE-2021-42561 @@ -1735,6 +2007,7 @@ CVE-2021-42328 CVE-2021-42327 RESERVED CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of ...) + {DLA-2787-1} - redmine <unfixed> NOTE: https://www.redmine.org/news/133 NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10 @@ -2251,8 +2524,8 @@ CVE-2021-42100 RESERVED CVE-2021-42099 RESERVED -CVE-2021-42098 - RESERVED +CVE-2021-42098 (An incomplete permission check on entries in Devolutions Remote Deskto ...) + TODO: check CVE-2021-42097 RESERVED CVE-2021-42096 @@ -2345,8 +2618,8 @@ CVE-2021-42057 RESERVED CVE-2021-42056 RESERVED -CVE-2021-42055 - RESERVED +CVE-2021-42055 (ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insec ...) + TODO: check CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule ...) NOT-FOR-US: ACCEL-PPP CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via compone ...) @@ -2518,12 +2791,12 @@ CVE-2021-41993 RESERVED CVE-2021-41992 RESERVED -CVE-2021-41991 [Integer Overflow When Replacing Certificates in Cache] - RESERVED +CVE-2021-41991 (The in-memory certificate cache in strongSwan before 5.9.4 has a remot ...) + {DSA-4989-1} - strongswan <unfixed> NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html -CVE-2021-41990 [Integer Overflow in gmp Plugin] - RESERVED +CVE-2021-41990 (The gmp plugin in strongSwan before 5.9.4 has a remote integer overflo ...) + {DSA-4989-1} - strongswan <unfixed> NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html CVE-2021-41989 @@ -2566,8 +2839,7 @@ CVE-2021-41973 RESERVED CVE-2021-41972 RESERVED -CVE-2021-41971 - RESERVED +CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...) NOT-FOR-US: Apache Superset CVE-2021-3856 RESERVED @@ -3387,8 +3659,7 @@ CVE-2021-41613 RESERVED CVE-2021-41612 RESERVED -CVE-2021-41611 [SQUID-2021:6 Improper Certificate Validation of TLS server certificates] - RESERVED +CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When ...) - squid 5.2-1 [bullseye] - squid <not-affected> (Vulnerable code introduced later) [buster] - squid <not-affected> (Vulnerable code introduced later) @@ -6345,7 +6616,7 @@ CVE-2021-40331 CVE-2021-3756 RESERVED CVE-2021-3755 - RESERVED + REJECTED CVE-2021-3754 RESERVED CVE-2021-3753 @@ -10496,8 +10767,7 @@ CVE-2021-3701 NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/60b059f00409224acae1e417153a241c8591ad89 CVE-2021-3700 RESERVED -CVE-2021-38562 - RESERVED +CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4. ...) - request-tracker5 <unfixed> (bug #995167) - request-tracker4 4.4.4+dfsg-3 (bug #995175) [bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u1 @@ -10818,40 +11088,40 @@ CVE-2021-38444 RESERVED CVE-2021-38443 RESERVED -CVE-2021-38442 - RESERVED +CVE-2021-38442 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) + TODO: check CVE-2021-38441 RESERVED -CVE-2021-38440 - RESERVED +CVE-2021-38440 (FATEK Automation WinProladder versions 3.30 and prior is vulnerable to ...) + TODO: check CVE-2021-38439 RESERVED -CVE-2021-38438 - RESERVED +CVE-2021-38438 (A use after free vulnerability in FATEK Automation WinProladder versio ...) + TODO: check CVE-2021-38437 RESERVED -CVE-2021-38436 - RESERVED +CVE-2021-38436 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) + TODO: check CVE-2021-38435 RESERVED -CVE-2021-38434 - RESERVED +CVE-2021-38434 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) + TODO: check CVE-2021-38433 RESERVED CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior lacks pr ...) NOT-FOR-US: FATEK Automation Communication Server CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in versions 9.0. ...) NOT-FOR-US: Advantech -CVE-2021-38430 - RESERVED +CVE-2021-38430 (FATEK Automation WinProladder versions 3.30 and prior proper validatio ...) + TODO: check CVE-2021-38429 RESERVED CVE-2021-38428 RESERVED CVE-2021-38427 RESERVED -CVE-2021-38426 - RESERVED +CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) + TODO: check CVE-2021-38425 RESERVED CVE-2021-38424 @@ -10924,8 +11194,8 @@ CVE-2021-38391 (A Blind SQL injection vulnerability exists in the /DataHandler/A NOT-FOR-US: Delta Electronics CVE-2021-38390 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...) NOT-FOR-US: Delta Electronics -CVE-2021-38389 - RESERVED +CVE-2021-38389 (Advantech WebAccess versions 9.02 and prior are vulnerable to a stack- ...) + TODO: check CVE-2021-38388 (Central Dogma allows privilege escalation with mirroring to the intern ...) NOT-FOR-US: Central Dogma CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before disconnect ...) @@ -15410,8 +15680,8 @@ CVE-2021-36515 RESERVED CVE-2021-36514 RESERVED -CVE-2021-36513 - RESERVED +CVE-2021-36513 (An issue was discovered in function sofia_handle_sip_i_notify in sofia ...) + TODO: check CVE-2021-36512 RESERVED CVE-2021-36511 @@ -23665,8 +23935,8 @@ CVE-2021-33025 RESERVED CVE-2021-33024 RESERVED -CVE-2021-33023 - RESERVED +CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-b ...) + TODO: check CVE-2021-33022 RESERVED CVE-2021-33021 @@ -24728,8 +24998,7 @@ CVE-2021-32610 (In Archive_Tar before 1.4.14, symlinks can refer to targets outs NOTE: https://www.drupal.org/sa-core-2021-004 NOTE: https://pear.php.net/package/Archive_Tar/download/1.4.14/ NOTE: https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4 (1.4.14) -CVE-2021-32609 - RESERVED +CVE-2021-32609 (Apache Superset up to and including 1.1 does not sanitize titles corre ...) NOT-FOR-US: Apache Superset CVE-2021-32608 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...) NOT-FOR-US: Smartstore @@ -32040,8 +32309,8 @@ CVE-2021-29880 (IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains o NOT-FOR-US: IBM CVE-2021-29879 RESERVED -CVE-2021-29878 - RESERVED +CVE-2021-29878 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnera ...) + TODO: check CVE-2021-29877 RESERVED CVE-2021-29876 @@ -44639,8 +44908,8 @@ CVE-2021-24762 RESERVED CVE-2021-24761 RESERVED -CVE-2021-24760 - RESERVED +CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not ...) + TODO: check CVE-2021-24759 RESERVED CVE-2021-24758 @@ -44651,12 +44920,12 @@ CVE-2021-24756 RESERVED CVE-2021-24755 RESERVED -CVE-2021-24754 - RESERVED +CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does not valida ...) + TODO: check CVE-2021-24753 RESERVED -CVE-2021-24752 - RESERVED +CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform capability ...) + TODO: check CVE-2021-24751 RESERVED CVE-2021-24750 @@ -44673,30 +44942,30 @@ CVE-2021-24745 RESERVED CVE-2021-24744 RESERVED -CVE-2021-24743 - RESERVED +CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...) + TODO: check CVE-2021-24742 RESERVED CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not escape multip ...) NOT-FOR-US: WordPress plugin -CVE-2021-24740 - RESERVED +CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape some of it ...) + TODO: check CVE-2021-24739 RESERVED CVE-2021-24738 RESERVED CVE-2021-24737 (The Comments – wpDiscuz WordPress plugin through 7.3.0 does not ...) NOT-FOR-US: WordPress plugin -CVE-2021-24736 - RESERVED -CVE-2021-24735 - RESERVED -CVE-2021-24734 - RESERVED +CVE-2021-24736 (The Easy Download Manager and File Sharing Plugin with frontend file u ...) + TODO: check +CVE-2021-24735 (The Compact WP Audio Player WordPress plugin before 1.9.7 does not imp ...) + TODO: check +CVE-2021-24734 (The Compact WP Audio Player WordPress plugin before 1.9.7 does not esc ...) + TODO: check CVE-2021-24733 RESERVED -CVE-2021-24732 - RESERVED +CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plu ...) + TODO: check CVE-2021-24731 RESERVED CVE-2021-24730 @@ -44755,8 +45024,8 @@ CVE-2021-24704 RESERVED CVE-2021-24703 RESERVED -CVE-2021-24702 - RESERVED +CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not properly sanit ...) + TODO: check CVE-2021-24701 RESERVED CVE-2021-24700 @@ -44791,8 +45060,8 @@ CVE-2021-24686 RESERVED CVE-2021-24685 RESERVED -CVE-2021-24684 - RESERVED +CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 a ...) + TODO: check CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have any CSR ...) NOT-FOR-US: WordPress plugin CVE-2021-24682 @@ -44805,18 +45074,18 @@ CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress NOT-FOR-US: WordPress plugin CVE-2021-24678 (The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape ...) NOT-FOR-US: WordPress plugin -CVE-2021-24677 - RESERVED +CVE-2021-24677 (The Find My Blocks WordPress plugin before 3.4.0 does not have authori ...) + TODO: check CVE-2021-24676 (The Better Find and Replace WordPress plugin before 1.2.9 does not esc ...) NOT-FOR-US: WordPress plugin -CVE-2021-24675 - RESERVED +CVE-2021-24675 (The One User Avatar WordPress plugin before 2.3.7 does not check for C ...) + TODO: check CVE-2021-24674 RESERVED CVE-2021-24673 (The Appointment Hour Booking WordPress plugin before 1.3.16 does not e ...) NOT-FOR-US: WordPress plugin -CVE-2021-24672 - RESERVED +CVE-2021-24672 (The One User Avatar WordPress plugin before 2.3.7 does not escape the ...) + TODO: check CVE-2021-24671 (The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape some short ...) @@ -44875,8 +45144,8 @@ CVE-2021-24644 RESERVED CVE-2021-24643 (The WP Map Block WordPress plugin before 1.2.3 does not escape some at ...) NOT-FOR-US: WordPress plugin -CVE-2021-24642 - RESERVED +CVE-2021-24642 (The Scroll Baner WordPress plugin through 1.0 does not have CSRF check ...) + TODO: check CVE-2021-24641 RESERVED CVE-2021-24640 (The WordPress Slider Block Gutenslider plugin before 5.2.0 does not es ...) @@ -44915,8 +45184,8 @@ CVE-2021-24624 RESERVED CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress ...) NOT-FOR-US: WordPress plugin -CVE-2021-24622 - RESERVED +CVE-2021-24622 (The Customer Service Software & Support Ticket System WordPress pl ...) + TODO: check CVE-2021-24621 (The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise it ...) NOT-FOR-US: WordPress plugin CVE-2021-24620 (The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products thr ...) @@ -44925,18 +45194,18 @@ CVE-2021-24619 (The Per page add to head WordPress plugin through 1.4.4 does not NOT-FOR-US: WordPress plugin CVE-2021-24618 (The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise ...) NOT-FOR-US: WordPress plugin -CVE-2021-24617 - RESERVED +CVE-2021-24617 (The GamePress WordPress plugin through 1.1.0 does not escape the op_ed ...) + TODO: check CVE-2021-24616 RESERVED -CVE-2021-24615 - RESERVED +CVE-2021-24615 (The Wechat Reward WordPress plugin through 1.7 does not sanitise or es ...) + TODO: check CVE-2021-24614 (The Book appointment online WordPress plugin before 1.39 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2021-24613 (The Post Views Counter WordPress plugin before 1.3.5 does not sanitise ...) NOT-FOR-US: WordPress plugin -CVE-2021-24612 - RESERVED +CVE-2021-24612 (The Sociable WordPress plugin through 4.3.4.1 does not sanitise or esc ...) + TODO: check CVE-2021-24611 (The Keyword Meta WordPress plugin through 3.0 does not sanitise of esc ...) NOT-FOR-US: WordPress plugin CVE-2021-24610 (The TranslatePress WordPress plugin before 2.0.9 does not implement a ...) @@ -44969,8 +45238,8 @@ CVE-2021-24597 (The You Shang WordPress plugin through 1.0.1 does not escape its NOT-FOR-US: WordPress plugin CVE-2021-24596 (The youForms for WordPress plugin through 1.0.5 does not sanitise esca ...) NOT-FOR-US: WordPress plugin -CVE-2021-24595 - RESERVED +CVE-2021-24595 (The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSR ...) + TODO: check CVE-2021-24594 RESERVED CVE-2021-24593 (The Business Hours Indicator WordPress plugin before 2.3.5 does not sa ...) @@ -45127,8 +45396,8 @@ CVE-2021-24518 (The WPFront Notification Bar WordPress plugin before 2.0.0.07176 NOT-FOR-US: WordPress plugin CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...) NOT-FOR-US: WordPress plugin -CVE-2021-24516 - RESERVED +CVE-2021-24516 (The PlanSo Forms WordPress plugin through 2.6.3 does not escape the ti ...) + TODO: check CVE-2021-24515 RESERVED CVE-2021-24514 @@ -45327,16 +45596,16 @@ CVE-2021-24418 (The Smooth Scroll Page Up/Down Buttons WordPress plugin through NOT-FOR-US: Wordpress plugin CVE-2021-24417 RESERVED -CVE-2021-24416 - RESERVED -CVE-2021-24415 - RESERVED +CVE-2021-24416 (The StreamCast – Radio Player for WordPress plugin before 2.1.1 ...) + TODO: check +CVE-2021-24415 (The Polo Video Gallery – Best wordpress video gallery plugin Wor ...) + TODO: check CVE-2021-24414 RESERVED -CVE-2021-24413 - RESERVED -CVE-2021-24412 - RESERVED +CVE-2021-24413 (The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or ...) + TODO: check +CVE-2021-24412 (The Html5 Audio Player – Audio Player for WordPress plugin befor ...) + TODO: check CVE-2021-24411 (The Social Tape WordPress plugin through 1.0 does not have CSRF checks ...) NOT-FOR-US: WordPress plugin CVE-2021-24410 (The తెలుగు బైబ&# ...) @@ -47554,8 +47823,8 @@ CVE-2021-23451 RESERVED CVE-2021-23450 RESERVED -CVE-2021-23449 - RESERVED +CVE-2021-23449 (This affects the package vm2 before 3.9.4. Prototype Pollution attack ...) + TODO: check CVE-2021-23448 (All versions of package config-handler are vulnerable to Prototype Pol ...) TODO: check CVE-2021-23447 (This affects the package teddy before 0.5.9. A type confusion vulnerab ...) @@ -48606,8 +48875,8 @@ CVE-2021-22963 (A redirect vulnerability in the fastify-static module version &l TODO: check CVE-2021-22962 RESERVED -CVE-2021-22961 - RESERVED +CVE-2021-22961 (A code injection vulnerability exists within the firewall software of ...) + TODO: check CVE-2021-22960 [HTTP Request Smuggling when parsing the body] RESERVED - nodejs 12.22.7~dfsg-1 @@ -48665,8 +48934,7 @@ CVE-2021-22944 (A vulnerability found in UniFi Protect application V1.18.1 and e NOT-FOR-US: UniFi Protect application CVE-2021-22943 (A vulnerability found in UniFi Protect application V1.18.1 and earlier ...) NOT-FOR-US: UniFi Protect application -CVE-2021-22942 [ossible Open Redirect in Host Authorization Middleware] - RESERVED +CVE-2021-22942 (A possible open redirect vulnerability in the Host Authorization middl ...) [experimental] - rails 2:6.1.4.1+dfsg-1 - rails <unfixed> (bug #992586) [buster] - rails <not-affected> (Vulnerable code not present) @@ -51502,10 +51770,10 @@ CVE-2021-21799 (Cross-site scripting vulnerabilities exist in the telnet_form.ph NOT-FOR-US: Advantech R-SeeNet CVE-2021-21798 (An exploitable return of stack variable address vulnerability exists i ...) NOT-FOR-US: Nitro Pro PDF -CVE-2021-21797 - RESERVED -CVE-2021-21796 - RESERVED +CVE-2021-21797 (An exploitable double-free vulnerability exists in the JavaScript impl ...) + TODO: check +CVE-2021-21796 (An exploitable use-after-free vulnerability exists in the JavaScript i ...) + TODO: check CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD read_icc_ ...) NOT-FOR-US: Accusoft ImageGear CVE-2021-21794 (An out-of-bounds write vulnerability exists in the TIF bits_per_sample ...) @@ -116510,8 +116778,8 @@ CVE-2020-8293 (A missing input validation in Nextcloud Server before 20.0.2, 19. - nextcloud-server <itp> (bug #941708) CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scr ...) NOT-FOR-US: Rocket.Chat -CVE-2020-8291 - RESERVED +CVE-2020-8291 (A link preview rendering issue in Rocket.Chat versions before 3.9 coul ...) + TODO: check CVE-2020-8290 (Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer ...) NOT-FOR-US: Backblaze CVE-2020-8289 (Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before ...) @@ -439542,8 +439810,7 @@ CVE-2010-2498 (The psh_glyph_find_strong_points function in pshinter/pshalgo.c i CVE-2010-2497 (Integer underflow in glyph handling in FreeType before 2.4.0 allows re ...) {DSA-2070-1} - freetype 2.4.0-1 -CVE-2010-2496 [cluster-glue: passes the stonith parameters via the commandline which could result in password leaks] - RESERVED +CVE-2010-2496 (stonith-ng in pacemaker and cluster-glue passed passwords as commandli ...) - cluster-glue 1.0.6-1 - pacemaker 1.1.13-1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=620781 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bfb4dc88ddafd27b60475a9ce96ad44c77b54ea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bfb4dc88ddafd27b60475a9ce96ad44c77b54ea You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits