automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-10-26 20:10:12 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-10-26 20:10:12 +0000
commit: e43e4b5946d382745102cea26faaa4fc5c1a9afe (patch)
tree: b6322c0d1894298219272b7d5d0217b59c650afb /data/CVE
parent: b80af4d7b5f79533eed83a44ff30ec580c490964 (diff)
5 files changed, 72 insertions, 66 deletions
diff --git a/data/CVE/list.2011 b/data/CVE/list.2011
index 1bfaf2bb46..38424f1264 100644
--- a/data/CVE/list.2011
+++ b/data/CVE/list.2011
@@ -2799,8 +2799,8 @@ CVE-2011-4121 (The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-
 	- ruby1.9.1 <not-affected> (Only affected trunk versions)
 CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication when 'use_ ...)
 	- yubico-pam 2.10-1
-CVE-2011-4119
-	RESERVED
+CVE-2011-4119 (caml-light &lt;= 0.75 uses mktemp() insecurely, and also does unsafe t ...)
+	TODO: check
 CVE-2011-4117 (The Batch::BatchRun module 1.03 for Perl does not properly handle temp ...)
 	NOT-FOR-US: perl Batch::BatchRun CPAN module
 CVE-2011-4116 (_is_safe in the File::Temp module for Perl does not properly handle sy ...)
@@ -8192,8 +8192,8 @@ CVE-2011-2197 (The cross-site scripting (XSS) prevention feature in Ruby on Rail
 	- rails <not-affected> (Affected plugin not installed, see bug #634990)
 CVE-2011-2196 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as dis ...)
 	NOT-FOR-US: JBoss Seam
-CVE-2011-2195
-	RESERVED
+CVE-2011-2195 (A flaw was found in WebSVN 2.3.2. Without prior authentication, if the ...)
+	TODO: check
 CVE-2011-2193 (Multiple buffer overflows in Terascale Open-Source Resource and Queue  ...)
 	{DSA-2329-1}
 	- torque 2.4.15+dfsg-1 (bug #635342)
diff --git a/data/CVE/list.2015 b/data/CVE/list.2015
index 5238107b12..4cdb0dfd69 100644
--- a/data/CVE/list.2015
+++ b/data/CVE/list.2015
@@ -1,3 +1,7 @@
+CVE-2015-20067
+	RESERVED
+CVE-2015-20019
+	RESERVED
 CVE-2015-20002
 	RESERVED
 CVE-2015-20001 (In the standard library in Rust before 1.2.0, BinaryHeap is not panic- ...)
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index 957ca842e5..efc8291a03 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -1,3 +1,5 @@
+CVE-2018-25019
+	RESERVED
 CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...)
 	- unrar-nonfree <unfixed> (bug #990541)
 	[bullseye] - unrar-nonfree <no-dsa> (Non-free not supported)
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 5a7a38416f..ac214fac40 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -60080,8 +60080,8 @@ CVE-2020-5671
 	RESERVED
 CVE-2020-5670
 	RESERVED
-CVE-2020-5669
-	RESERVED
+CVE-2020-5669 (Cross-site scripting vulnerability in Movable Type Movable Type Premiu ...)
+	TODO: check
 CVE-2020-5668 (Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series  ...)
 	NOT-FOR-US: Mitsubishi Electric
 CVE-2020-5667 (Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS ...)
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 14e1e8d0e8..893ab9363d 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,5 @@
+CVE-2021-3906
+	RESERVED
 CVE-2021-43032
 	RESERVED
 CVE-2021-43031
@@ -1441,8 +1443,8 @@ CVE-2021-42345
 	RESERVED
 CVE-2021-42344
 	RESERVED
-CVE-2021-42343
-	RESERVED
+CVE-2021-42343 (An issue was discovered in Dask (aka python-dask) through 2021.09.1. S ...)
+	TODO: check
 CVE-2021-42342 (An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the fi ...)
 	NOT-FOR-US: Embedthis GoAhead
 CVE-2021-42341 (checkpath in OpenRC before 0.44.7 uses the direct output of strlen() t ...)
@@ -2533,8 +2535,8 @@ CVE-2021-41875
 	RESERVED
 CVE-2021-41874
 	RESERVED
-CVE-2021-41873
-	RESERVED
+CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...)
+	TODO: check
 CVE-2021-41872
 	RESERVED
 CVE-2021-41871
@@ -4085,20 +4087,20 @@ CVE-2021-41190
 	RESERVED
 CVE-2021-41189
 	RESERVED
-CVE-2021-41188
-	RESERVED
+CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...)
+	TODO: check
 CVE-2021-41187
 	RESERVED
 CVE-2021-41186
 	RESERVED
-CVE-2021-41185
-	RESERVED
-CVE-2021-41184
-	RESERVED
-CVE-2021-41183
-	RESERVED
-CVE-2021-41182
-	RESERVED
+CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...)
+	TODO: check
+CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+	TODO: check
+CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+	TODO: check
+CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+	TODO: check
 CVE-2021-41181
 	RESERVED
 CVE-2021-41180
@@ -4111,14 +4113,14 @@ CVE-2021-41177 (Nextcloud is an open-source, self-hosted productivity platform.
 	TODO: check
 CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with  ...)
 	NOT-FOR-US: Pterodactyl
-CVE-2021-41175
-	RESERVED
+CVE-2021-41175 (Pi-hole's Web interface (based on AdminLTE) provides a central locatio ...)
+	TODO: check
 CVE-2021-41174
 	RESERVED
-CVE-2021-41173
-	RESERVED
-CVE-2021-41172
-	RESERVED
+CVE-2021-41173 (Go Ethereum is the official Golang implementation of the Ethereum prot ...)
+	TODO: check
+CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for  ...)
+	TODO: check
 CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for research ...)
 	NOT-FOR-US: eLabFTW
 CVE-2021-41170
@@ -4155,12 +4157,10 @@ CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop Protocol
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq
-CVE-2021-41158
-	RESERVED
+CVE-2021-41158 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
 	- freeswitch <itp> (bug #389591)
 	NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4
-CVE-2021-41157
-	RESERVED
+CVE-2021-41157 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
 	- freeswitch <itp> (bug #389591)
 	NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj
 CVE-2021-41156 (anuko/timetracker is an, open source time tracking system. In affected ...)
@@ -4352,8 +4352,8 @@ CVE-2021-3802
 	- udisks2 2.9.4-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649
 	NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
-CVE-2021-41078
-	RESERVED
+CVE-2021-41078 (Nameko through 2.13.0 can be tricked into performing arbitrary code ex ...)
+	TODO: check
 CVE-2021-3801 (prism is vulnerable to Inefficient Regular Expression Complexity ...)
 	- node-prismjs 1.25.0+dfsg-1
 	[bullseye] - node-prismjs 1.23.0+dfsg-1+deb11u1
@@ -6078,12 +6078,12 @@ CVE-2021-40346 (An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add
 	[stretch] - haproxy <not-affected> (Vulnerable code not present)
 	NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41114.html
 	NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=3b69886f7dcc3cfb3d166309018e6cfec9ce2c95
-CVE-2021-40345
-	RESERVED
-CVE-2021-40344
-	RESERVED
-CVE-2021-40343
-	RESERVED
+CVE-2021-40345 (An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets sec ...)
+	TODO: check
+CVE-2021-40344 (An issue was discovered in Nagios XI 5.8.5. In the Custom Includes sec ...)
+	TODO: check
+CVE-2021-40343 (An issue was discovered in Nagios XI 5.8.5. Insecure file permissions  ...)
+	TODO: check
 CVE-2021-40342
 	RESERVED
 CVE-2021-40341
@@ -13133,10 +13133,10 @@ CVE-2021-37374
 	RESERVED
 CVE-2021-37373
 	RESERVED
-CVE-2021-37372
-	RESERVED
-CVE-2021-37371
-	RESERVED
+CVE-2021-37372 (Online Student Admission System 1.0 is affected by an insecure file up ...)
+	TODO: check
+CVE-2021-37371 (Online Student Admission System 1.0 is affected by an unauthenticated  ...)
+	TODO: check
 CVE-2021-37370
 	RESERVED
 CVE-2021-37369
@@ -13149,10 +13149,10 @@ CVE-2021-37366 (CTparental before 4.45.03 is vulnerable to cross-site request fo
 	NOT-FOR-US: CTparental
 CVE-2021-37365 (CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS)  ...)
 	NOT-FOR-US: CTparental
-CVE-2021-37364
-	RESERVED
-CVE-2021-37363
-	RESERVED
+CVE-2021-37364 (OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default ...)
+	TODO: check
+CVE-2021-37363 (An Insecure Permissions issue exists in Gestionale Open 11.00.00. A lo ...)
+	TODO: check
 CVE-2021-37362
 	RESERVED
 CVE-2021-37361
@@ -17387,8 +17387,8 @@ CVE-2021-3620
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767
 CVE-2021-35500
 	RESERVED
-CVE-2021-35499
-	RESERVED
+CVE-2021-35499 (The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus cont ...)
+	TODO: check
 CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...)
 	NOT-FOR-US: TIBCO
 CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...)
@@ -19410,14 +19410,14 @@ CVE-2021-34598
 	RESERVED
 CVE-2021-34597
 	RESERVED
-CVE-2021-34596
-	RESERVED
-CVE-2021-34595
-	RESERVED
+CVE-2021-34596 (A crafted request may cause a read access to an uninitialized pointer  ...)
+	TODO: check
+CVE-2021-34595 (A crafted request with invalid offsets may cause an out-of-bounds read ...)
+	TODO: check
 CVE-2021-34594
 	RESERVED
-CVE-2021-34593
-	RESERVED
+CVE-2021-34593 (In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versio ...)
+	TODO: check
 CVE-2021-34592
 	RESERVED
 CVE-2021-34591
@@ -19430,14 +19430,14 @@ CVE-2021-34588
 	RESERVED
 CVE-2021-34587
 	RESERVED
-CVE-2021-34586
-	RESERVED
-CVE-2021-34585
-	RESERVED
-CVE-2021-34584
-	RESERVED
-CVE-2021-34583
-	RESERVED
+CVE-2021-34586 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...)
+	TODO: check
+CVE-2021-34585 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...)
+	TODO: check
+CVE-2021-34584 (Crafted web server requests can be utilised to read partial stack or h ...)
+	TODO: check
+CVE-2021-34583 (Crafted web server requests may cause a heap-based buffer overflow and ...)
+	TODO: check
 CVE-2021-34582
 	RESERVED
 CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerability in  ...)
@@ -38842,12 +38842,12 @@ CVE-2021-26611
 	RESERVED
 CVE-2021-26610
 	RESERVED
-CVE-2021-26609
-	RESERVED
+CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A SQL-Inject ...)
+	TODO: check
 CVE-2021-26608 (An arbitrary file download and execution vulnerability was found in th ...)
 	NOT-FOR-US: handysoft
-CVE-2021-26607
-	RESERVED
+CVE-2021-26607 (An Improper input validation in execDefaultBrowser method of NEXACRO17 ...)
+	TODO: check
 CVE-2021-26606 (A vulnerability in PKI Security Solution of Dream Security could allow ...)
 	NOT-FOR-US: Dream Security
 CVE-2021-26605 (An improper input validation vulnerability in the service of ezPDFRead ...)
author	security tracker role <sectracker@soriano.debian.org>	2021-10-26 20:10:12 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-10-26 20:10:12 +0000
commit	e43e4b5946d382745102cea26faaa4fc5c1a9afe (patch)
tree	b6322c0d1894298219272b7d5d0217b59c650afb /data/CVE
parent	b80af4d7b5f79533eed83a44ff30ec580c490964 (diff)