Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
124229f4 by security tracker role at 2021-11-05T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,20 @@
-CVE-2021-43396 [Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL
character on state reset]
+CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A
use-after- ...)
+ TODO: check
+CVE-2021-43399
+ RESERVED
+CVE-2021-43398 (Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing
leakage in ...)
+ TODO: check
+CVE-2021-43397
+ RESERVED
+CVE-2021-43395
+ RESERVED
+CVE-2021-43394
+ RESERVED
+CVE-2021-43393
+ RESERVED
+CVE-2021-43392
+ RESERVED
+CVE-2021-43396 (In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc)
2.34, re ...)
- glibc <unfixed> (bug #998622)
[buster] - glibc <not-affected> (Vulnerable code not present)
[stretch] - glibc <not-affected> (Vulnerable code not present)
@@ -2293,7 +2309,7 @@ CVE-2021-42814
CVE-2021-42813
RESERVED
CVE-2021-3896
- RESERVED
+ REJECTED
CVE-2021-42812
RESERVED
CVE-2021-42811
@@ -5215,8 +5231,8 @@ CVE-2021-42059
RESERVED
CVE-2021-42058
RESERVED
-CVE-2021-42057
- RESERVED
+CVE-2021-42057 (Obsidian Dataview through 0.4.12-hotfix1 allows eval
injection. The ev ...)
+ TODO: check
CVE-2021-42056
RESERVED
CVE-2021-42055 (ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203
has Insec ...)
@@ -7091,10 +7107,10 @@ CVE-2021-41251
RESERVED
CVE-2021-41250
RESERVED
-CVE-2021-41249
- RESERVED
-CVE-2021-41248
- RESERVED
+CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for development of graphQL
focused ...)
+ TODO: check
+CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo,
GraphQL IDE ...)
+ TODO: check
CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter
notebooks. ...)
NOT-FOR-US: JupyterHub
CVE-2021-41246
@@ -10240,46 +10256,46 @@ CVE-2021-39916
RESERVED
CVE-2021-39915
RESERVED
-CVE-2021-39914
- RESERVED
-CVE-2021-39913
- RESERVED
-CVE-2021-39912
- RESERVED
-CVE-2021-39911
- RESERVED
+CVE-2021-39914 (A regular expression denial of service issue in GitLab
versions 8.13 t ...)
+ TODO: check
+CVE-2021-39913 (Accidental logging of system root password in the migration
log in all ...)
+ TODO: check
+CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE
starting ...)
+ TODO: check
+CVE-2021-39911 (An improper access control flaw in GitLab CE/EE since version
13.9 exp ...)
+ TODO: check
CVE-2021-39910
RESERVED
-CVE-2021-39909
- RESERVED
+CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS
feature ...)
+ TODO: check
CVE-2021-39908
RESERVED
-CVE-2021-39907
- RESERVED
-CVE-2021-39906
- RESERVED
-CVE-2021-39905
- RESERVED
-CVE-2021-39904
- RESERVED
-CVE-2021-39903
- RESERVED
-CVE-2021-39902
- RESERVED
-CVE-2021-39901
- RESERVED
+CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE
starting ...)
+ TODO: check
+CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version
13.5 and ab ...)
+ TODO: check
+CVE-2021-39905 (An information disclosure vulnerability in the GitLab CE/EE
API since ...)
+ TODO: check
+CVE-2021-39904 (An Improper Access Control vulnerability in the GraphQL API in
GitLab ...)
+ TODO: check
+CVE-2021-39903 (In all versions of GitLab CE/EE since version 13.0, a
privileged user, ...)
+ TODO: check
+CVE-2021-39902 (Incorrect Authorization in GitLab CE/EE 13.4 or above allows a
user wi ...)
+ TODO: check
+CVE-2021-39901 (In all versions of GitLab CE/EE since version 11.10, an admin
of a gro ...)
+ TODO: check
CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with
10.8 all ...)
- gitlab <unfixed>
CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical
access to a ...)
- gitlab <unfixed>
-CVE-2021-39898
- RESERVED
-CVE-2021-39897
- RESERVED
+CVE-2021-39898 (In all versions of GitLab CE/EE since version 10.6, a project
export l ...)
+ TODO: check
+CVE-2021-39897 (Improper access control in GitLab CE/EE version 10.5 and above
allowed ...)
+ TODO: check
CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an
admin uses ...)
- gitlab <unfixed>
-CVE-2021-39895
- RESERVED
+CVE-2021-39895 (In all versions of GitLab CE/EE since version 8.0, an attacker
can set ...)
+ TODO: check
CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS
rebinding vul ...)
- gitlab <unfixed>
CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab
starting with v ...)
@@ -45959,26 +45975,26 @@ CVE-2021-25511
RESERVED
CVE-2021-25510
RESERVED
-CVE-2021-25509
- RESERVED
-CVE-2021-25508
- RESERVED
-CVE-2021-25507
- RESERVED
-CVE-2021-25506
- RESERVED
-CVE-2021-25505
- RESERVED
-CVE-2021-25504
- RESERVED
-CVE-2021-25503
- RESERVED
-CVE-2021-25502
- RESERVED
-CVE-2021-25501
- RESERVED
-CVE-2021-25500
- RESERVED
+CVE-2021-25509 (A missing input validation in Samsung Flow Windows application
prior t ...)
+ TODO: check
+CVE-2021-25508 (Improper privilege management vulnerability in API Key used in
SmartTh ...)
+ TODO: check
+CVE-2021-25507 (Improper authorization vulnerability in Samsung Flow mobile
applicatio ...)
+ TODO: check
+CVE-2021-25506 (Non-existent provider in Samsung Health prior to 6.19.1.0001
allows at ...)
+ TODO: check
+CVE-2021-25505 (Improper authentication in Samsung Pass prior to 3.0.02.4
allows to us ...)
+ TODO: check
+CVE-2021-25504 (Intent redirection vulnerability in Group Sharing prior to
10.8.03.2 a ...)
+ TODO: check
+CVE-2021-25503 (Improper input validation vulnerability in HDCP prior to SMR
Nov-2021 ...)
+ TODO: check
+CVE-2021-25502 (A vulnerability of storing sensitive information insecurely in
Propert ...)
+ TODO: check
+CVE-2021-25501 (An improper access control vulnerability in SCloudBnRReceiver
in SecTe ...)
+ TODO: check
+CVE-2021-25500 (A missing input validation in HDCP LDFW prior to SMR Nov-2021
Release ...)
+ TODO: check
CVE-2021-25499 (Intent redirection vulnerability in
SamsungAccountSDKSigninActivity of ...)
NOT-FOR-US: Samsung
CVE-2021-25498 (A possible buffer overflow vulnerability in maetd_eco_cb_mode
of libSP ...)
@@ -53346,8 +53362,8 @@ CVE-2021-22262 (Missing access control in GitLab
version 13.10 and above with Ji
- gitlab <unfixed>
CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira
integration in ...)
- gitlab <unfixed>
-CVE-2021-22260
- RESERVED
+CVE-2021-22260 (A stored Cross-Site Scripting vulnerability in the DataDog
integration ...)
+ TODO: check
CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE
starting wit ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22258 (The project import/export feature in GitLab 8.9 and greater
could be u ...)
@@ -86783,8 +86799,8 @@ CVE-2020-21141
RESERVED
CVE-2020-21140
RESERVED
-CVE-2020-21139
- RESERVED
+CVE-2020-21139 (EC Cloud E-Commerce System v1.3 was discovered to contain a
Cross-Site ...)
+ TODO: check
CVE-2020-21138
RESERVED
CVE-2020-21137
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/124229f4c2c8d039bcf7dee3642f1aa46639d244
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/124229f4c2c8d039bcf7dee3642f1aa46639d244
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
