From bc96bb8d72a17687611a33628b2e3b211b407263 Mon Sep 17 00:00:00 2001
From: security tracker role <sectracker@soriano.debian.org>
Date: Thu, 2 Dec 2021 20:10:13 +0000
Subject: automatic update

---
 data/CVE/2015.list |  8 ++---
 data/CVE/2021.list | 99 ++++++++++++++++++++++++++++++++----------------------
 2 files changed, 63 insertions(+), 44 deletions(-)

diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 3677b75de5..2d038fb128 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -1,7 +1,7 @@
-CVE-2015-20106
-	RESERVED
-CVE-2015-20105
-	RESERVED
+CVE-2015-20106 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not esc ...)
+	TODO: check
+CVE-2015-20105 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not hav ...)
+	TODO: check
 CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not have p ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index f502bc2d23..e7649d972f 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,9 +1,27 @@
+CVE-2021-44521
+	RESERVED
+CVE-2021-4046
+	RESERVED
+CVE-2021-4045
+	RESERVED
+CVE-2021-4044
+	RESERVED
+CVE-2021-4043
+	RESERVED
+CVE-2021-4042
+	RESERVED
+CVE-2021-4041
+	RESERVED
+CVE-2021-4040
+	RESERVED
+CVE-2021-4039
+	RESERVED
 CVE-2021-44520
 	RESERVED
 CVE-2021-44519
 	RESERVED
-CVE-2021-44518
-	RESERVED
+CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...)
+	TODO: check
 CVE-2021-44517
 	RESERVED
 CVE-2021-44516
@@ -489,11 +507,11 @@ CVE-2021-44281
 	RESERVED
 CVE-2021-44280 (attendance management system 1.0 is affected by a SQL injection vulner ...)
 	NOT-FOR-US: attendance management system
-CVE-2021-44279 (Librenms 21.11.0 is affected by is affected by a Cross Site Scripting  ...)
+CVE-2021-44279 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
 	NOT-FOR-US: LibreNMS
 CVE-2021-44278
 	RESERVED
-CVE-2021-44277 (Librenms 21.11.0 is affected by is affected by a Cross Site Scripting  ...)
+CVE-2021-44277 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
 	NOT-FOR-US: LibreNMS
 CVE-2021-44276
 	RESERVED
@@ -1079,8 +1097,8 @@ CVE-2021-44052
 	RESERVED
 CVE-2021-44051
 	RESERVED
-CVE-2021-44050
-	RESERVED
+CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...)
+	TODO: check
 CVE-2021-44049
 	RESERVED
 CVE-2021-44048
@@ -1661,8 +1679,8 @@ CVE-2021-43797
 	RESERVED
 CVE-2021-43796
 	RESERVED
-CVE-2021-43795
-	RESERVED
+CVE-2021-43795 (Armeria is an open source microservice framework. In affected versions ...)
+	TODO: check
 CVE-2021-43794 (Discourse is an open source discussion platform. In affected versions  ...)
 	NOT-FOR-US: Discourse
 CVE-2021-43793 (Discourse is an open source discussion platform. In affected versions  ...)
@@ -1895,28 +1913,28 @@ CVE-2021-43691 (tripexpress v1.1 is affected by a path manipulation vulnerabilit
 	NOT-FOR-US: tripexpress
 CVE-2021-43690 (YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
 	NOT-FOR-US: YurunProxy
-CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by is affected by a Cros ...)
+CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by a Cross Site Scriptin ...)
 	TODO: check
 CVE-2021-43688
 	RESERVED
 CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulne ...)
 	NOT-FOR-US: Chamilo-lms
-CVE-2021-43686
-	RESERVED
+CVE-2021-43686 (nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerabilit ...)
+	TODO: check
 CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...)
 	TODO: check
 CVE-2021-43684
 	RESERVED
-CVE-2021-43683
-	RESERVED
-CVE-2021-43682
-	RESERVED
-CVE-2021-43681
-	RESERVED
+CVE-2021-43683 (pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerabili ...)
+	TODO: check
+CVE-2021-43682 (thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site  ...)
+	TODO: check
+CVE-2021-43681 (SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulne ...)
+	TODO: check
 CVE-2021-43680
 	RESERVED
-CVE-2021-43679
-	RESERVED
+CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...)
+	TODO: check
 CVE-2021-43678
 	RESERVED
 CVE-2021-43677
@@ -2039,6 +2057,7 @@ CVE-2021-43620 (An issue was discovered in the fruity crate through 0.2.0 for Ru
 CVE-2021-43619
 	RESERVED
 CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m ...)
+	{DLA-2837-1}
 	- gmp 2:6.2.1+dfsg-3 (bug #994405)
 	[bullseye] - gmp <no-dsa> (Minor issue)
 	[buster] - gmp <no-dsa> (Minor issue)
@@ -2184,8 +2203,8 @@ CVE-2021-3946
 	RESERVED
 CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
 	NOT-FOR-US: django-helpdesk
-CVE-2021-3944
-	RESERVED
+CVE-2021-3944 (bookstack is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+	TODO: check
 CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
 	- moodle <removed>
 CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...)
@@ -2298,7 +2317,7 @@ CVE-2021-43528
 	RESERVED
 CVE-2021-43527 [Heap overflow in NSS when verifying DSA/RSA-PSS DER-encoded signatures]
 	RESERVED
-	{DSA-5016-1}
+	{DSA-5016-1 DLA-2836-1}
 	- nss 2:3.73-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/4
 	NOTE: https://hg.mozilla.org/projects/nss/rev/6b3dc97a8767d9dc5c4c181597d1341d0899aa58 (NSS_3_73_BRANCH)
@@ -9806,10 +9825,10 @@ CVE-2021-40336
 	RESERVED
 CVE-2021-40335
 	RESERVED
-CVE-2021-40334
-	RESERVED
-CVE-2021-40333
-	RESERVED
+CVE-2021-40334 (Missing Handler vulnerability in the proprietary management protocol ( ...)
+	TODO: check
+CVE-2021-40333 (Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM ...)
+	TODO: check
 CVE-2021-40332
 	RESERVED
 CVE-2021-3759 [unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks]
@@ -50676,20 +50695,20 @@ CVE-2021-23266
 	RESERVED
 CVE-2021-23265
 	RESERVED
-CVE-2021-23264
-	RESERVED
-CVE-2021-23263
-	RESERVED
-CVE-2021-23262
-	RESERVED
-CVE-2021-23261
-	RESERVED
-CVE-2021-23260
-	RESERVED
-CVE-2021-23259
-	RESERVED
-CVE-2021-23258
-	RESERVED
+CVE-2021-23264 (Installations, where crafter-search is not protected, allow unauthenti ...)
+	TODO: check
+CVE-2021-23263 (Unauthenticated remote attackers can read textual content via FreeMark ...)
+	TODO: check
+CVE-2021-23262 (Authenticated administrators may modify the main YAML configuration fi ...)
+	TODO: check
+CVE-2021-23261 (Authenticated administrators may override the system configuration fil ...)
+	TODO: check
+CVE-2021-23260 (Authenticated users with Site roles may inject XSS scripts via file na ...)
+	TODO: check
+CVE-2021-23259 (Authenticated users with Administrator or Developer roles may execute  ...)
+	TODO: check
+CVE-2021-23258 (Authenticated users with Administrator or Developer roles may execute  ...)
+	TODO: check
 CVE-2021-23257
 	RESERVED
 CVE-2021-23256
-- 
cgit v1.2.3