[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 10 Sep 2021 01:10:39 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
25a483c1 by security tracker role at 2021-09-10T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2021-40849
+       RESERVED
+CVE-2021-40848
+       RESERVED
+CVE-2021-40847
+       RESERVED
+CVE-2021-40846
+       RESERVED
+CVE-2021-40845
+       RESERVED
+CVE-2021-40844
+       RESERVED
+CVE-2021-40843
+       RESERVED
+CVE-2021-40842
+       RESERVED
+CVE-2021-40841
+       RESERVED
+CVE-2021-40840
+       RESERVED
+CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an 
infinite loop i ...)
+       TODO: check
+CVE-2021-40838
+       RESERVED
 CVE-2021-40837
        RESERVED
 CVE-2021-40836
@@ -3710,20 +3734,20 @@ CVE-2021-39208
        RESERVED
 CVE-2021-39207
        RESERVED
-CVE-2021-39206
-       RESERVED
+CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, 
which P ...)
+       TODO: check
 CVE-2021-39205
        RESERVED
-CVE-2021-39204
-       RESERVED
-CVE-2021-39203
-       RESERVED
-CVE-2021-39202
-       RESERVED
-CVE-2021-39201
-       RESERVED
-CVE-2021-39200
-       RESERVED
+CVE-2021-39204 (Pomerium is an open source identity-aware access proxy. Envoy, 
which P ...)
+       TODO: check
+CVE-2021-39203 (WordPress is a free and open-source content management system 
written  ...)
+       TODO: check
+CVE-2021-39202 (WordPress is a free and open-source content management system 
written  ...)
+       TODO: check
+CVE-2021-39201 (WordPress is a free and open-source content management system 
written  ...)
+       TODO: check
+CVE-2021-39200 (WordPress is a free and open-source content management system 
written  ...)
+       TODO: check
 CVE-2021-39199 (remark-html is an open source nodejs library which compiles 
Markdown t ...)
        NOT-FOR-US: Node remark-html
 CVE-2021-39198
@@ -3809,8 +3833,8 @@ CVE-2021-39163 (Matrix is an ecosystem for open federated 
Instant Messaging and
        - matrix-synapse 1.41.1-1
        NOTE: 
https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2
        NOTE: 
https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3
 (v1.41.1)
-CVE-2021-39162
-       RESERVED
+CVE-2021-39162 (Pomerium is an open source identity-aware access proxy. Envoy, 
which P ...)
+       TODO: check
 CVE-2021-39161 (Discourse is an open source platform for community discussion. 
In affe ...)
        NOT-FOR-US: Discourse
 CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git 
repository one ...)
@@ -14840,14 +14864,14 @@ CVE-2021-34348
        RESERVED
 CVE-2021-34347
        RESERVED
-CVE-2021-34346
-       RESERVED
-CVE-2021-34345
-       RESERVED
-CVE-2021-34344
-       RESERVED
-CVE-2021-34343
-       RESERVED
+CVE-2021-34346 (A stack buffer overflow vulnerability has been reported to 
affect QNAP ...)
+       TODO: check
+CVE-2021-34345 (A stack buffer overflow vulnerability has been reported to 
affect QNAP ...)
+       TODO: check
+CVE-2021-34344 (A stack buffer overflow vulnerability has been reported to 
affect QNAP ...)
+       TODO: check
+CVE-2021-34343 (A stack buffer overflow vulnerability has been reported to 
affect QNAP ...)
+       TODO: check
 CVE-2022-20001
        RESERVED
 CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not 
perfor ...)
@@ -18730,8 +18754,8 @@ CVE-2021-32726 (Nextcloud Server is a Nextcloud package 
that handles data storag
        - nextcloud-server <itp> (bug #941708)
 CVE-2021-32725 (Nextcloud Server is a Nextcloud package that handles data 
storage. In  ...)
        - nextcloud-server <itp> (bug #941708)
-CVE-2021-32724
-       RESERVED
+CVE-2021-32724 (check-spelling is a github action which provides CI spell 
checking. In ...)
+       TODO: check
 CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before 
1.24.0 a ...)
        NOT-FOR-US: Prism
 CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. Versions prior to 
48be7adb705 ...)
@@ -28778,14 +28802,14 @@ CVE-2021-28818 (The Rendezvous Routing Daemon (rvrd), 
Rendezvous Secure Routing
        NOT-FOR-US: TIBCO
 CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s 
TIBCO Rend ...)
        NOT-FOR-US: TIBCO
-CVE-2021-28816
-       RESERVED
+CVE-2021-28816 (A stack buffer overflow vulnerability has been reported to 
affect QNAP ...)
+       TODO: check
 CVE-2021-28815 (Insecure storage of sensitive information has been reported to 
affect  ...)
        NOT-FOR-US: QNAP
 CVE-2021-28814 (An improper access control vulnerability has been reported to 
affect Q ...)
        NOT-FOR-US: QNAP
-CVE-2021-28813
-       RESERVED
+CVE-2021-28813 (A vulnerability involving insecure storage of sensitive 
information ha ...)
+       TODO: check
 CVE-2021-28812 (A command injection vulnerability has been reported to affect 
certain  ...)
        NOT-FOR-US: QNAP
 CVE-2021-28811 (If exploited, this command injection vulnerability could allow 
remote  ...)
@@ -70703,7 +70727,7 @@ CVE-2020-24383 (An issue was discovered in FNET through 
4.6.4. The code for proc
        NOT-FOR-US: FNET
 CVE-2020-24382
        RESERVED
-CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform (aka openeclass) 
through 3.9 ...)
+CVE-2020-24381 (GUnet Open eClass Platform (aka openeclass) before 3.11 might 
allow re ...)
        NOT-FOR-US: GUnet Open eClass Platform
 CVE-2020-24380
        RESERVED
@@ -81338,38 +81362,38 @@ CVE-2020-19297
        RESERVED
 CVE-2020-19296
        RESERVED
-CVE-2020-19295
-       RESERVED
-CVE-2020-19294
-       RESERVED
-CVE-2020-19293
-       RESERVED
-CVE-2020-19292
-       RESERVED
-CVE-2020-19291
-       RESERVED
-CVE-2020-19290
-       RESERVED
-CVE-2020-19289
-       RESERVED
-CVE-2020-19288
-       RESERVED
-CVE-2020-19287
-       RESERVED
-CVE-2020-19286
-       RESERVED
-CVE-2020-19285
-       RESERVED
-CVE-2020-19284
-       RESERVED
-CVE-2020-19283
-       RESERVED
-CVE-2020-19282
-       RESERVED
-CVE-2020-19281
-       RESERVED
-CVE-2020-19280
-       RESERVED
+CVE-2020-19295 (A reflected cross-site scripting (XSS) vulnerability in the 
/weibo/top ...)
+       TODO: check
+CVE-2020-19294 (A stored cross-site scripting (XSS) vulnerability in the 
/article/comm ...)
+       TODO: check
+CVE-2020-19293 (A stored cross-site scripting (XSS) vulnerability in the 
/article/add  ...)
+       TODO: check
+CVE-2020-19292 (A stored cross-site scripting (XSS) vulnerability in the 
/question/ask ...)
+       TODO: check
+CVE-2020-19291 (A stored cross-site scripting (XSS) vulnerability in the 
/weibo/publis ...)
+       TODO: check
+CVE-2020-19290 (A stored cross-site scripting (XSS) vulnerability in the 
/weibo/commen ...)
+       TODO: check
+CVE-2020-19289 (A stored cross-site scripting (XSS) vulnerability in the 
/member/pictu ...)
+       TODO: check
+CVE-2020-19288 (A stored cross-site scripting (XSS) vulnerability in the 
/localhost/u  ...)
+       TODO: check
+CVE-2020-19287 (A stored cross-site scripting (XSS) vulnerability in the 
/group/post c ...)
+       TODO: check
+CVE-2020-19286 (A stored cross-site scripting (XSS) vulnerability in the 
/question/det ...)
+       TODO: check
+CVE-2020-19285 (A stored cross-site scripting (XSS) vulnerability in the 
/group/apply  ...)
+       TODO: check
+CVE-2020-19284 (A stored cross-site scripting (XSS) vulnerability in the 
/group/commen ...)
+       TODO: check
+CVE-2020-19283 (A reflected cross-site scripting (XSS) vulnerability in the 
/newVersio ...)
+       TODO: check
+CVE-2020-19282 (A reflected cross-site scripting (XSS) vulnerability in Jeesns 
1.4.2 a ...)
+       TODO: check
+CVE-2020-19281 (A stored cross-site scripting (XSS) vulnerability in the 
/manage/login ...)
+       TODO: check
+CVE-2020-19280 (Jeesns 1.4.2 contains a cross-site request forgery (CSRF) 
which allows ...)
+       TODO: check
 CVE-2020-19279
        RESERVED
 CVE-2020-19278
@@ -183738,8 +183762,8 @@ CVE-2018-19959
        RESERVED
 CVE-2018-19958
        RESERVED
-CVE-2018-19957
-       RESERVED
+CVE-2018-19957 (A vulnerability involving insufficient HTTP security headers 
has been  ...)
+       TODO: check
 CVE-2018-19956 (The cross-site scripting vulnerability has been reported to 
affect ear ...)
        NOT-FOR-US: QNAP
 CVE-2018-19955 (The cross-site scripting vulnerability has been reported to 
affect ear ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25a483c176cd90cee3767f655fee23fbddcf3296

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25a483c176cd90cee3767f655fee23fbddcf3296
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to