Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
258bbb99 by Moritz Muehlenhoff at 2021-10-06T11:46:00+02:00
new gitlab issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -334,7 +334,7 @@ CVE-2021-41863
CVE-2021-41862 (AviatorScript through 5.2.7 allows code execution via an
expression th ...)
NOT-FOR-US: AviatorScript
CVE-2021-41861 (The Telegram application 7.5.0 through 7.8.0 for Android does
not prop ...)
- TODO: check
+ NOT-FOR-US: Telegram for Android
CVE-2021-41860
RESERVED
CVE-2021-41859
@@ -1970,15 +1970,15 @@ CVE-2021-41126
CVE-2021-41125
RESERVED
CVE-2021-41124 (Scrapy-splash is a library which provides Scrapy and
JavaScript integr ...)
- TODO: check
+ NOT-FOR-US: Scrapy-splash
CVE-2021-41123 (Survey Solutions is a survey management and data collection
system. In ...)
NOT-FOR-US: Survey Solutions
CVE-2021-41122 (Vyper is a Pythonic Smart Contract Language for the EVM. In
affected v ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2021-41121
RESERVED
CVE-2021-41120 (sylius/paypal-plugin is a paypal plugin for the Sylius
development pla ...)
- TODO: check
+ NOT-FOR-US: sylius/paypal-plugin
CVE-2021-41119
RESERVED
CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for
MediaWiki, list ...)
@@ -1992,9 +1992,9 @@ CVE-2021-41116 (Composer is an open source dependency
manager for the PHP langua
CVE-2021-41115
RESERVED
CVE-2021-41114 (TYPO3 is an open source PHP based web content management
system releas ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2021-41113 (TYPO3 is an open source PHP based web content management
system releas ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2021-41112
RESERVED
CVE-2021-41111
@@ -2037,9 +2037,9 @@ CVE-2021-41096 (Rucky is a USB HID Rubber Ducky Launch
Pad for Android. Versions
CVE-2021-41095 (Discourse is an open source discussion platform. There is a
cross-site ...)
NOT-FOR-US: Discourse
CVE-2021-41094 (Wire is an open source secure messenger. Users of Wire by Bund
may byp ...)
- TODO: check
+ NOT-FOR-US: Wire by Bund
CVE-2021-41093 (Wire is an open source secure messenger. In affected versions
if the a ...)
- TODO: check
+ NOT-FOR-US: Wire iOS
CVE-2021-41092 (Docker CLI is the command line interface for the docker
container runt ...)
TODO: check
CVE-2021-41091 (Moby is an open-source project created by Docker to enable
software co ...)
@@ -4825,33 +4825,33 @@ CVE-2021-39896 (In all versions of GitLab CE/EE since
version 8.0, when an admin
CVE-2021-39895
RESERVED
CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS
rebinding vul ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab
starting with v ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39892
RESERVED
CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access
tokens creat ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39890
RESERVED
CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an
insecure di ...)
- TODO: check
+ - gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific
API endpo ...)
- TODO: check
+ - gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab
Flavored Mar ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39886 (Permissions rules were not applied while issues were moved
between pro ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39885 (A Stored XSS in merge request creation page in Gitlab EE
version 13.5 ...)
- TODO: check
+ - gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint
discloses ...)
- TODO: check
+ - gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39883 (Improper authorization checks in GitLab EE > 13.11 allows
subgroup ...)
- TODO: check
+ - gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous
users c ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the
application may ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server
Ruby gem ...)
TODO: check
CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since
version 7 ...)
@@ -4863,25 +4863,25 @@ CVE-2021-39877 (A vulnerability was discovered in
GitLab starting with version 1
CVE-2021-39876
RESERVED
CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is
possible to ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the
requirement to ...)
- gitlab <unfixed>
CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content
spoofing vulne ...)
- gitlab <unfixed>
CVE-2021-39872 (In all versions of GitLab CE/EE since version 14.1, an
improper access ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an
instance that h ...)
- gitlab <unfixed>
CVE-2021-39870 (In all versions of GitLab CE/EE since version 11.11, an
instance that ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39869 (In all versions of GitLab CE/EE since version 8.9, project
exports may ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an
authenticated l ...)
- gitlab <unfixed>
CVE-2021-39867 (In all versions of GitLab CE/EE since version 8.15, a DNS
rebinding vu ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39866 (A business logic error in the project deletion process in
GitLab 13.6 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020
Release ...)
NOT-FOR-US: Adobe
CVE-2021-39864
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/258bbb9931bbeaa6df140b22199bc871da793463
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/258bbb9931bbeaa6df140b22199bc871da793463
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
