Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1a258d7b by security tracker role at 2021-11-22T20:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,139 @@ +CVE-2021-44142 + RESERVED +CVE-2021-44141 + RESERVED +CVE-2021-44140 + RESERVED +CVE-2021-44139 + RESERVED +CVE-2021-44138 + RESERVED +CVE-2021-44137 + RESERVED +CVE-2021-44136 + RESERVED +CVE-2021-44135 + RESERVED +CVE-2021-44134 + RESERVED +CVE-2021-44133 + RESERVED +CVE-2021-44132 + RESERVED +CVE-2021-44131 + RESERVED +CVE-2021-44130 + RESERVED +CVE-2021-44129 + RESERVED +CVE-2021-44128 + RESERVED +CVE-2021-44127 + RESERVED +CVE-2021-44126 + RESERVED +CVE-2021-44125 + RESERVED +CVE-2021-44124 + RESERVED +CVE-2021-44123 + RESERVED +CVE-2021-44122 + RESERVED +CVE-2021-44121 + RESERVED +CVE-2021-44120 + RESERVED +CVE-2021-44119 + RESERVED +CVE-2021-44118 + RESERVED +CVE-2021-44117 + RESERVED +CVE-2021-44116 + RESERVED +CVE-2021-44115 + RESERVED +CVE-2021-44114 + RESERVED +CVE-2021-44113 + RESERVED +CVE-2021-44112 + RESERVED +CVE-2021-44111 + RESERVED +CVE-2021-44110 + RESERVED +CVE-2021-44109 + RESERVED +CVE-2021-44108 + RESERVED +CVE-2021-44107 + RESERVED +CVE-2021-44106 + RESERVED +CVE-2021-44105 + RESERVED +CVE-2021-44104 + RESERVED +CVE-2021-44103 + RESERVED +CVE-2021-44102 + RESERVED +CVE-2021-44101 + RESERVED +CVE-2021-44100 + RESERVED +CVE-2021-44099 + RESERVED +CVE-2021-44098 + RESERVED +CVE-2021-44097 + RESERVED +CVE-2021-44096 + RESERVED +CVE-2021-44095 + RESERVED +CVE-2021-44094 + RESERVED +CVE-2021-44093 + RESERVED +CVE-2021-44092 + RESERVED +CVE-2021-44091 + RESERVED +CVE-2021-44090 + RESERVED +CVE-2021-44089 + RESERVED +CVE-2021-44088 + RESERVED +CVE-2021-44087 + RESERVED +CVE-2021-44086 + RESERVED +CVE-2021-44085 + RESERVED +CVE-2021-44084 + RESERVED +CVE-2021-44083 + RESERVED +CVE-2021-44082 + RESERVED +CVE-2021-44081 + RESERVED +CVE-2021-44080 + RESERVED +CVE-2021-4001 + RESERVED +CVE-2021-4000 + RESERVED +CVE-2021-3999 + RESERVED +CVE-2021-3998 + RESERVED +CVE-2021-3997 + RESERVED CVE-2021-44079 (In the wazuh-slack active response script in Wazuh before 4.2.5, untru ...) NOT-FOR-US: Wazuh CVE-2021-3996 @@ -2155,10 +2291,10 @@ CVE-2021-3952 RESERVED CVE-2021-3951 RESERVED -CVE-2021-43582 - RESERVED -CVE-2021-43581 - RESERVED +CVE-2021-43582 (A Use-After-Free Remote Vulnerability exists when reading a DWG file u ...) + TODO: check +CVE-2021-43581 (An Out-of-Bounds Read vulnerability exists when reading a U3D file usi ...) + TODO: check CVE-2021-43580 RESERVED CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC before 1. ...) @@ -2222,8 +2358,7 @@ CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote attacker NOT-FOR-US: Diffie Hellmann kex protocol issue CVE-2021-3944 RESERVED -CVE-2021-3943 - RESERVED +CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) - moodle <removed> CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...) NOT-FOR-US: KNX ETS6 @@ -2255,19 +2390,15 @@ CVE-2021-43562 (An issue was discovered in the pixxio (aka pixx.io integration o NOT-FOR-US: TYPO3 extension CVE-2021-43561 (An XSS issue was discovered in the google_for_jobs (aka Google for Job ...) NOT-FOR-US: TYPO3 extension -CVE-2021-43560 - RESERVED +CVE-2021-43560 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) - moodle <removed> -CVE-2021-43559 - RESERVED +CVE-2021-43559 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) - moodle <removed> -CVE-2021-43558 - RESERVED +CVE-2021-43558 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) - moodle <removed> CVE-2021-3942 RESERVED -CVE-2021-43557 - RESERVED +CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri ...) NOT-FOR-US: Apache Apisix CVE-2021-3941 RESERVED @@ -2360,8 +2491,7 @@ CVE-2021-3937 RESERVED CVE-2021-3936 RESERVED -CVE-2021-3935 - RESERVED +CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-in-th ...) - pgbouncer <unfixed> NOTE: https://www.pgbouncer.org/2021/11/pgbouncer-1-16-1 NOTE: https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_1_16_1 @@ -4567,10 +4697,10 @@ CVE-2021-43018 RESERVED CVE-2021-43017 (Adobe Creative Cloud version 5.5 (and earlier) are affected by an Appl ...) NOT-FOR-US: Adobe -CVE-2021-43016 - RESERVED -CVE-2021-43015 - RESERVED +CVE-2021-43016 (Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer ...) + TODO: check +CVE-2021-43015 (Adobe InCopy version 16.4 (and earlier) is affected by a memory corrup ...) + TODO: check CVE-2021-43014 RESERVED CVE-2021-43013 (Adobe Media Encoder version 15.4.1 (and earlier) are affected by a mem ...) @@ -5210,18 +5340,18 @@ CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a - linux 5.14.16-1 NOTE: https://seclists.org/oss-sec/2021/q2/46 NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ -CVE-2021-42738 - RESERVED -CVE-2021-42737 - RESERVED +CVE-2021-42738 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + TODO: check +CVE-2021-42737 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + TODO: check CVE-2021-42736 RESERVED CVE-2021-42735 RESERVED CVE-2021-42734 RESERVED -CVE-2021-42733 - RESERVED +CVE-2021-42733 (Adobe Prelude version 10.1 (and earlier) is affected by an improper in ...) + TODO: check CVE-2021-42732 RESERVED CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Ov ...) @@ -5232,8 +5362,8 @@ CVE-2021-42729 RESERVED CVE-2021-42728 RESERVED -CVE-2021-42727 - RESERVED +CVE-2021-42727 (Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected b ...) + TODO: check CVE-2021-42726 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...) NOT-FOR-US: Adobe CVE-2021-42725 (Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by ...) @@ -5283,12 +5413,12 @@ CVE-2021-42709 RESERVED CVE-2021-42708 RESERVED -CVE-2021-42707 - RESERVED +CVE-2021-42707 (PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds ...) + TODO: check CVE-2021-42706 (This vulnerability could allow an attacker to disclose information and ...) NOT-FOR-US: Advantech -CVE-2021-42705 - RESERVED +CVE-2021-42705 (PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buf ...) + TODO: check CVE-2021-42704 RESERVED CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...) @@ -11054,18 +11184,18 @@ CVE-2021-40777 RESERVED CVE-2021-40776 RESERVED -CVE-2021-40775 - RESERVED -CVE-2021-40774 - RESERVED -CVE-2021-40773 - RESERVED -CVE-2021-40772 - RESERVED -CVE-2021-40771 - RESERVED -CVE-2021-40770 - RESERVED +CVE-2021-40775 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + TODO: check +CVE-2021-40774 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...) + TODO: check +CVE-2021-40773 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...) + TODO: check +CVE-2021-40772 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + TODO: check +CVE-2021-40771 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + TODO: check +CVE-2021-40770 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + TODO: check CVE-2021-40769 RESERVED CVE-2021-40768 @@ -16642,8 +16772,8 @@ CVE-2021-38450 (The affected controllers do not properly sanitize the input cont NOT-FOR-US: Trane CVE-2021-38449 (Some API functions permit by-design writing or copying data into a giv ...) NOT-FOR-US: AUVESY -CVE-2021-38448 - RESERVED +CVE-2021-38448 (The affected controllers do not properly sanitize the input containing ...) + TODO: check CVE-2021-38447 RESERVED CVE-2021-38446 @@ -16798,16 +16928,16 @@ CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 s NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04] CVE-2021-38379 (The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permi ...) NOT-FOR-US: CFEngine Enterprise -CVE-2021-38378 - RESERVED -CVE-2021-38377 - RESERVED -CVE-2021-38376 - RESERVED -CVE-2021-38375 - RESERVED -CVE-2021-38374 - RESERVED +CVE-2021-38378 (OX App Suite 7.10.5 allows Information Exposure because a caching mech ...) + TODO: check +CVE-2021-38377 (OX App Suite through 7.10.5 allows XSS via JavaScript code in an ancho ...) + TODO: check +CVE-2021-38376 (OX App Suite through 7.10.5 has Incorrect Access Control for retrieval ...) + TODO: check +CVE-2021-38375 (OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG ...) + TODO: check +CVE-2021-38374 (OX App Suite through through 7.10.5 allows XSS via a crafted snippet t ...) + TODO: check CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not hon ...) - kmail <unfixed> [bullseye] - kmail <no-dsa> (Minor issue) @@ -17479,8 +17609,8 @@ CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for n NOT-FOR-US: Obsidian CVE-2021-38147 RESERVED -CVE-2021-38146 - RESERVED +CVE-2021-38146 (The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_1 ...) + TODO: check CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...) NOT-FOR-US: Form Tools CVE-2021-38144 (An issue was discovered in Form Tools through 3.0.20. A low-privileged ...) @@ -28469,22 +28599,22 @@ CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal NOT-FOR-US: Dutchcoders transfer.sh CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. ...) NOT-FOR-US: Dutchcoders transfer.sh -CVE-2021-33495 - RESERVED -CVE-2021-33494 - RESERVED -CVE-2021-33493 - RESERVED -CVE-2021-33492 - RESERVED -CVE-2021-33491 - RESERVED -CVE-2021-33490 - RESERVED -CVE-2021-33489 - RESERVED -CVE-2021-33488 - RESERVED +CVE-2021-33495 (OX App Suite 7.10.5 allows XSS via an OX Chat system message. ...) + TODO: check +CVE-2021-33494 (OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing ...) + TODO: check +CVE-2021-33493 (The middleware component in OX App Suite through 7.10.5 allows Code In ...) + TODO: check +CVE-2021-33492 (OX App Suite 7.10.5 allows XSS via an OX Chat room name. ...) + TODO: check +CVE-2021-33491 (OX App Suite through 7.10.5 allows Directory Traversal via ../ in an O ...) + TODO: check +CVE-2021-33490 (OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shar ...) + TODO: check +CVE-2021-33489 (OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared ...) + TODO: check +CVE-2021-33488 (chat in OX App Suite 7.10.5 has Improper Input Validation. A user can ...) + TODO: check CVE-2021-33487 RESERVED CVE-2021-33486 (All versions of the CODESYS V3 Runtime Toolkit for VxWorks from versio ...) @@ -45889,8 +46019,8 @@ CVE-2021-26616 RESERVED CVE-2021-26615 RESERVED -CVE-2021-26614 - RESERVED +CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...) + TODO: check CVE-2021-26613 RESERVED CVE-2021-26612 @@ -52967,8 +53097,8 @@ CVE-2021-23734 RESERVED CVE-2021-23733 RESERVED -CVE-2021-23732 - RESERVED +CVE-2021-23732 (This affects all versions of package docker-cli-js. If the command par ...) + TODO: check CVE-2021-23731 RESERVED CVE-2021-23730 @@ -52995,8 +53125,8 @@ CVE-2021-23720 RESERVED CVE-2021-23719 RESERVED -CVE-2021-23718 - RESERVED +CVE-2021-23718 (The package ssrf-agent before 1.0.5 are vulnerable to Server-side Requ ...) + TODO: check CVE-2021-23717 RESERVED CVE-2021-23716 @@ -53085,8 +53215,8 @@ CVE-2021-23675 RESERVED CVE-2021-23674 RESERVED -CVE-2021-23673 - RESERVED +CVE-2021-23673 (This affects all versions of package pekeupload. If an attacker induce ...) + TODO: check CVE-2021-23672 RESERVED CVE-2021-23671 @@ -103279,7 +103409,7 @@ CVE-2020-15076 (Private Tunnel installer for macOS version 3.0.1 and older versi NOT-FOR-US: Private Tunnel installer for macOS CVE-2020-15075 (OpenVPN Connect installer for macOS version 3.2.6 and older may corrup ...) NOT-FOR-US: OpenVPN Connect installer for macOS -CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 generates new user auth ...) +CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 and version 2.9.5 gener ...) NOT-FOR-US: OpenVPN Access Server CVE-2020-15073 (An issue was discovered in phpList through 3.5.4. An XSS vulnerability ...) - phplist <itp> (bug #612288) @@ -123842,8 +123972,8 @@ CVE-2020-7884 RESERVED CVE-2020-7883 RESERVED -CVE-2020-7882 - RESERVED +CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can see th ...) + TODO: check CVE-2020-7881 RESERVED CVE-2020-7880 @@ -158648,6 +158778,7 @@ CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 NOTE: https://github.com/milkytracker/MilkyTracker/issues/184 NOTE: https://github.com/milkytracker/MilkyTracker/commit/fd607a3439fcdd0992e5efded3c16fc79c804e34 CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...) + {DLA-2825-1} - libmodbus 3.1.6-1 (bug #933805) [buster] - libmodbus <no-dsa> (Minor issue) [jessie] - libmodbus <no-dsa> (Minor issue) @@ -158656,6 +158787,7 @@ CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x befo NOTE: https://github.com/stephane/libmodbus/commit/2b5cb5896120d7564f4c34fdc5aaa4f22a97e45c (3.0.7) NOTE: https://github.com/stephane/libmodbus/commit/64cd092bcc421a70431fe1fb6b7f1e6f491f7cf8 (3.0.8) CVE-2019-14462 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...) + {DLA-2825-1} - libmodbus 3.1.6-1 (bug #933805) [buster] - libmodbus <no-dsa> (Minor issue) [jessie] - libmodbus <no-dsa> (Minor issue) @@ -185511,8 +185643,8 @@ CVE-2019-5642 (Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers NOT-FOR-US: Rapid7 Metasploit Pro CVE-2019-5641 RESERVED -CVE-2019-5640 - RESERVED +CVE-2019-5640 (Rapid7 Nexpose versions prior to 6.6.114 suffer from an information ex ...) + TODO: check CVE-2019-5639 RESERVED CVE-2019-5638 (Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient sess ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a258d7b0bc9c3de14301e86137e2db8831b7d2a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a258d7b0bc9c3de14301e86137e2db8831b7d2a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits