[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 26 Oct 2021 13:10:29 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a0f49502 by security tracker role at 2021-10-26T20:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-3906
+       RESERVED
+CVE-2018-25019
+       RESERVED
+CVE-2015-20067
+       RESERVED
+CVE-2015-20019
+       RESERVED
 CVE-2021-43032
        RESERVED
 CVE-2021-43031
@@ -2489,8 +2497,8 @@ CVE-2021-42345
        RESERVED
 CVE-2021-42344
        RESERVED
-CVE-2021-42343
-       RESERVED
+CVE-2021-42343 (An issue was discovered in Dask (aka python-dask) through 
2021.09.1. S ...)
+       TODO: check
 CVE-2021-42342 (An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. 
In the fi ...)
        NOT-FOR-US: Embedthis GoAhead
 CVE-2021-42341 (checkpath in OpenRC before 0.44.7 uses the direct output of 
strlen() t ...)
@@ -3813,8 +3821,8 @@ CVE-2021-41875
        RESERVED
 CVE-2021-41874
        RESERVED
-CVE-2021-41873
-       RESERVED
+CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top 
box produ ...)
+       TODO: check
 CVE-2021-41872
        RESERVED
 CVE-2021-41871
@@ -5371,20 +5379,20 @@ CVE-2021-41190
        RESERVED
 CVE-2021-41189
        RESERVED
-CVE-2021-41188
-       RESERVED
+CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 
5.7.6 c ...)
+       TODO: check
 CVE-2021-41187
        RESERVED
 CVE-2021-41186
        RESERVED
-CVE-2021-41185
-       RESERVED
-CVE-2021-41184
-       RESERVED
-CVE-2021-41183
-       RESERVED
-CVE-2021-41182
-       RESERVED
+CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. 
An exploi ...)
+       TODO: check
+CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior 
to vers ...)
+       TODO: check
+CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior 
to vers ...)
+       TODO: check
+CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior 
to vers ...)
+       TODO: check
 CVE-2021-41181
        RESERVED
 CVE-2021-41180
@@ -5397,14 +5405,14 @@ CVE-2021-41177 (Nextcloud is an open-source, 
self-hosted productivity platform.
        TODO: check
 CVE-2021-41176 (Pterodactyl is an open-source game server management panel 
built with  ...)
        NOT-FOR-US: Pterodactyl
-CVE-2021-41175
-       RESERVED
+CVE-2021-41175 (Pi-hole's Web interface (based on AdminLTE) provides a central 
locatio ...)
+       TODO: check
 CVE-2021-41174
        RESERVED
-CVE-2021-41173
-       RESERVED
-CVE-2021-41172
-       RESERVED
+CVE-2021-41173 (Go Ethereum is the official Golang implementation of the 
Ethereum prot ...)
+       TODO: check
+CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. The Redis Manage 
plugin for  ...)
+       TODO: check
 CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for 
research ...)
        NOT-FOR-US: eLabFTW
 CVE-2021-41170
@@ -5441,12 +5449,10 @@ CVE-2021-41159 (FreeRDP is a free implementation of the 
Remote Desktop Protocol
        - freerdp <removed>
        [stretch] - freerdp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq
-CVE-2021-41158
-       RESERVED
+CVE-2021-41158 (FreeSWITCH is a Software Defined Telecom Stack enabling the 
digital tr ...)
        - freeswitch <itp> (bug #389591)
        NOTE: 
https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4
-CVE-2021-41157
-       RESERVED
+CVE-2021-41157 (FreeSWITCH is a Software Defined Telecom Stack enabling the 
digital tr ...)
        - freeswitch <itp> (bug #389591)
        NOTE: 
https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj
 CVE-2021-41156 (anuko/timetracker is an, open source time tracking system. In 
affected ...)
@@ -5638,8 +5644,8 @@ CVE-2021-3802
        - udisks2 2.9.4-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649
        NOTE: 
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
-CVE-2021-41078
-       RESERVED
+CVE-2021-41078 (Nameko through 2.13.0 can be tricked into performing arbitrary 
code ex ...)
+       TODO: check
 CVE-2021-3801 (prism is vulnerable to Inefficient Regular Expression 
Complexity ...)
        - node-prismjs 1.25.0+dfsg-1
        [bullseye] - node-prismjs 1.23.0+dfsg-1+deb11u1
@@ -7364,12 +7370,12 @@ CVE-2021-40346 (An integer overflow exists in HAProxy 
2.0 through 2.5 in htx_add
        [stretch] - haproxy <not-affected> (Vulnerable code not present)
        NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41114.html
        NOTE: 
https://git.haproxy.org/?p=haproxy.git;a=commit;h=3b69886f7dcc3cfb3d166309018e6cfec9ce2c95
-CVE-2021-40345
-       RESERVED
-CVE-2021-40344
-       RESERVED
-CVE-2021-40343
-       RESERVED
+CVE-2021-40345 (An issue was discovered in Nagios XI 5.8.5. In the Manage 
Dashlets sec ...)
+       TODO: check
+CVE-2021-40344 (An issue was discovered in Nagios XI 5.8.5. In the Custom 
Includes sec ...)
+       TODO: check
+CVE-2021-40343 (An issue was discovered in Nagios XI 5.8.5. Insecure file 
permissions  ...)
+       TODO: check
 CVE-2021-40342
        RESERVED
 CVE-2021-40341
@@ -14520,10 +14526,10 @@ CVE-2021-37374
        RESERVED
 CVE-2021-37373
        RESERVED
-CVE-2021-37372
-       RESERVED
-CVE-2021-37371
-       RESERVED
+CVE-2021-37372 (Online Student Admission System 1.0 is affected by an insecure 
file up ...)
+       TODO: check
+CVE-2021-37371 (Online Student Admission System 1.0 is affected by an 
unauthenticated  ...)
+       TODO: check
 CVE-2021-37370
        RESERVED
 CVE-2021-37369
@@ -14536,10 +14542,10 @@ CVE-2021-37366 (CTparental before 4.45.03 is 
vulnerable to cross-site request fo
        NOT-FOR-US: CTparental
 CVE-2021-37365 (CTparental before 4.45.03 is vulnerable to cross-site 
scripting (XSS)  ...)
        NOT-FOR-US: CTparental
-CVE-2021-37364
-       RESERVED
-CVE-2021-37363
-       RESERVED
+CVE-2021-37364 (OpenClinic GA 5.194.18 is affected by Insecure Permissions. By 
default ...)
+       TODO: check
+CVE-2021-37363 (An Insecure Permissions issue exists in Gestionale Open 
11.00.00. A lo ...)
+       TODO: check
 CVE-2021-37362
        RESERVED
 CVE-2021-37361
@@ -18938,8 +18944,8 @@ CVE-2021-3620
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767
 CVE-2021-35500
        RESERVED
-CVE-2021-35499
-       RESERVED
+CVE-2021-35499 (The Web Reporting component of TIBCO Software Inc.'s TIBCO 
Nimbus cont ...)
+       TODO: check
 CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s 
TIBCO EBX, ...)
        NOT-FOR-US: TIBCO
 CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing 
tibftlserve ...)
@@ -20986,14 +20992,14 @@ CVE-2021-34598
        RESERVED
 CVE-2021-34597
        RESERVED
-CVE-2021-34596
-       RESERVED
-CVE-2021-34595
-       RESERVED
+CVE-2021-34596 (A crafted request may cause a read access to an uninitialized 
pointer  ...)
+       TODO: check
+CVE-2021-34595 (A crafted request with invalid offsets may cause an 
out-of-bounds read ...)
+       TODO: check
 CVE-2021-34594
        RESERVED
-CVE-2021-34593
-       RESERVED
+CVE-2021-34593 (In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior 
to versio ...)
+       TODO: check
 CVE-2021-34592
        RESERVED
 CVE-2021-34591
@@ -21006,14 +21012,14 @@ CVE-2021-34588
        RESERVED
 CVE-2021-34587
        RESERVED
-CVE-2021-34586
-       RESERVED
-CVE-2021-34585
-       RESERVED
-CVE-2021-34584
-       RESERVED
-CVE-2021-34583
-       RESERVED
+CVE-2021-34586 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web 
server req ...)
+       TODO: check
+CVE-2021-34585 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web 
server req ...)
+       TODO: check
+CVE-2021-34584 (Crafted web server requests can be utilised to read partial 
stack or h ...)
+       TODO: check
+CVE-2021-34583 (Crafted web server requests may cause a heap-based buffer 
overflow and ...)
+       TODO: check
 CVE-2021-34582
        RESERVED
 CVE-2021-34581 (Missing Release of Resource after Effective Lifetime 
vulnerability in  ...)
@@ -41024,12 +41030,12 @@ CVE-2021-26611
        RESERVED
 CVE-2021-26610
        RESERVED
-CVE-2021-26609
-       RESERVED
+CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A 
SQL-Inject ...)
+       TODO: check
 CVE-2021-26608 (An arbitrary file download and execution vulnerability was 
found in th ...)
        NOT-FOR-US: handysoft
-CVE-2021-26607
-       RESERVED
+CVE-2021-26607 (An Improper input validation in execDefaultBrowser method of 
NEXACRO17 ...)
+       TODO: check
 CVE-2021-26606 (A vulnerability in PKI Security Solution of Dream Security 
could allow ...)
        NOT-FOR-US: Dream Security
 CVE-2021-26605 (An improper input validation vulnerability in the service of 
ezPDFRead ...)
@@ -124349,8 +124355,8 @@ CVE-2020-5671
        RESERVED
 CVE-2020-5670
        RESERVED
-CVE-2020-5669
-       RESERVED
+CVE-2020-5669 (Cross-site scripting vulnerability in Movable Type Movable Type 
Premiu ...)
+       TODO: check
 CVE-2020-5668 (Uncontrolled resource consumption vulnerability in MELSEC iQ-R 
Series  ...)
        NOT-FOR-US: Mitsubishi Electric
 CVE-2020-5667 (Studyplus App for Android v6.3.7 and earlier and Studyplus App 
for iOS ...)
@@ -422276,8 +422282,8 @@ CVE-2011-4121 (The OpenSSL extension of Ruby (Git 
trunk) versions after 2011-09-
        - ruby1.9.1 <not-affected> (Only affected trunk versions)
 CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication 
when 'use_ ...)
        - yubico-pam 2.10-1
-CVE-2011-4119
-       RESERVED
+CVE-2011-4119 (caml-light &lt;= 0.75 uses mktemp() insecurely, and also does 
unsafe t ...)
+       TODO: check
 CVE-2011-4117 (The Batch::BatchRun module 1.03 for Perl does not properly 
handle temp ...)
        NOT-FOR-US: perl Batch::BatchRun CPAN module
 CVE-2011-4116 (_is_safe in the File::Temp module for Perl does not properly 
handle sy ...)
@@ -428088,8 +428094,8 @@ CVE-2011-2197 (The cross-site scripting (XSS) 
prevention feature in Ruby on Rail
        - rails <not-affected> (Affected plugin not installed, see bug #634990)
 CVE-2011-2196 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, 
as dis ...)
        NOT-FOR-US: JBoss Seam
-CVE-2011-2195
-       RESERVED
+CVE-2011-2195 (A flaw was found in WebSVN 2.3.2. Without prior authentication, 
if the ...)
+       TODO: check
 CVE-2011-2193 (Multiple buffer overflows in Terascale Open-Source Resource and 
Queue  ...)
        {DSA-2329-1}
        - torque 2.4.15+dfsg-1 (bug #635342)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0f49502c5a6bf6788f6aff21a0ec0b877a7566e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0f49502c5a6bf6788f6aff21a0ec0b877a7566e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to