[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 16 21:10:45 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f7e36a4e by security tracker role at 2021-08-16T20:10:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,507 @@
+CVE-2021-39108
+	RESERVED
+CVE-2021-39107
+	RESERVED
+CVE-2021-39106
+	RESERVED
+CVE-2021-39105
+	RESERVED
+CVE-2021-39104
+	RESERVED
+CVE-2021-39103
+	RESERVED
+CVE-2021-39102
+	RESERVED
+CVE-2021-39101
+	RESERVED
+CVE-2021-39100
+	RESERVED
+CVE-2021-39099
+	RESERVED
+CVE-2021-39098
+	RESERVED
+CVE-2021-39097
+	RESERVED
+CVE-2021-39096
+	RESERVED
+CVE-2021-39095
+	RESERVED
+CVE-2021-39094
+	RESERVED
+CVE-2021-39093
+	RESERVED
+CVE-2021-39092
+	RESERVED
+CVE-2021-39091
+	RESERVED
+CVE-2021-39090
+	RESERVED
+CVE-2021-39089
+	RESERVED
+CVE-2021-39088
+	RESERVED
+CVE-2021-39087
+	RESERVED
+CVE-2021-39086
+	RESERVED
+CVE-2021-39085
+	RESERVED
+CVE-2021-39084
+	RESERVED
+CVE-2021-39083
+	RESERVED
+CVE-2021-39082
+	RESERVED
+CVE-2021-39081
+	RESERVED
+CVE-2021-39080
+	RESERVED
+CVE-2021-39079
+	RESERVED
+CVE-2021-39078
+	RESERVED
+CVE-2021-39077
+	RESERVED
+CVE-2021-39076
+	RESERVED
+CVE-2021-39075
+	RESERVED
+CVE-2021-39074
+	RESERVED
+CVE-2021-39073
+	RESERVED
+CVE-2021-39072
+	RESERVED
+CVE-2021-39071
+	RESERVED
+CVE-2021-39070
+	RESERVED
+CVE-2021-39069
+	RESERVED
+CVE-2021-39068
+	RESERVED
+CVE-2021-39067
+	RESERVED
+CVE-2021-39066
+	RESERVED
+CVE-2021-39065
+	RESERVED
+CVE-2021-39064
+	RESERVED
+CVE-2021-39063
+	RESERVED
+CVE-2021-39062
+	RESERVED
+CVE-2021-39061
+	RESERVED
+CVE-2021-39060
+	RESERVED
+CVE-2021-39059
+	RESERVED
+CVE-2021-39058
+	RESERVED
+CVE-2021-39057
+	RESERVED
+CVE-2021-39056
+	RESERVED
+CVE-2021-39055
+	RESERVED
+CVE-2021-39054
+	RESERVED
+CVE-2021-39053
+	RESERVED
+CVE-2021-39052
+	RESERVED
+CVE-2021-39051
+	RESERVED
+CVE-2021-39050
+	RESERVED
+CVE-2021-39049
+	RESERVED
+CVE-2021-39048
+	RESERVED
+CVE-2021-39047
+	RESERVED
+CVE-2021-39046
+	RESERVED
+CVE-2021-39045
+	RESERVED
+CVE-2021-39044
+	RESERVED
+CVE-2021-39043
+	RESERVED
+CVE-2021-39042
+	RESERVED
+CVE-2021-39041
+	RESERVED
+CVE-2021-39040
+	RESERVED
+CVE-2021-39039
+	RESERVED
+CVE-2021-39038
+	RESERVED
+CVE-2021-39037
+	RESERVED
+CVE-2021-39036
+	RESERVED
+CVE-2021-39035
+	RESERVED
+CVE-2021-39034
+	RESERVED
+CVE-2021-39033
+	RESERVED
+CVE-2021-39032
+	RESERVED
+CVE-2021-39031
+	RESERVED
+CVE-2021-39030
+	RESERVED
+CVE-2021-39029
+	RESERVED
+CVE-2021-39028
+	RESERVED
+CVE-2021-39027
+	RESERVED
+CVE-2021-39026
+	RESERVED
+CVE-2021-39025
+	RESERVED
+CVE-2021-39024
+	RESERVED
+CVE-2021-39023
+	RESERVED
+CVE-2021-39022
+	RESERVED
+CVE-2021-39021
+	RESERVED
+CVE-2021-39020
+	RESERVED
+CVE-2021-39019
+	RESERVED
+CVE-2021-39018
+	RESERVED
+CVE-2021-39017
+	RESERVED
+CVE-2021-39016
+	RESERVED
+CVE-2021-39015
+	RESERVED
+CVE-2021-39014
+	RESERVED
+CVE-2021-39013
+	RESERVED
+CVE-2021-39012
+	RESERVED
+CVE-2021-39011
+	RESERVED
+CVE-2021-39010
+	RESERVED
+CVE-2021-39009
+	RESERVED
+CVE-2021-39008
+	RESERVED
+CVE-2021-39007
+	RESERVED
+CVE-2021-39006
+	RESERVED
+CVE-2021-39005
+	RESERVED
+CVE-2021-39004
+	RESERVED
+CVE-2021-39003
+	RESERVED
+CVE-2021-39002
+	RESERVED
+CVE-2021-39001
+	RESERVED
+CVE-2021-39000
+	RESERVED
+CVE-2021-38999
+	RESERVED
+CVE-2021-38998
+	RESERVED
+CVE-2021-38997
+	RESERVED
+CVE-2021-38996
+	RESERVED
+CVE-2021-38995
+	RESERVED
+CVE-2021-38994
+	RESERVED
+CVE-2021-38993
+	RESERVED
+CVE-2021-38992
+	RESERVED
+CVE-2021-38991
+	RESERVED
+CVE-2021-38990
+	RESERVED
+CVE-2021-38989
+	RESERVED
+CVE-2021-38988
+	RESERVED
+CVE-2021-38987
+	RESERVED
+CVE-2021-38986
+	RESERVED
+CVE-2021-38985
+	RESERVED
+CVE-2021-38984
+	RESERVED
+CVE-2021-38983
+	RESERVED
+CVE-2021-38982
+	RESERVED
+CVE-2021-38981
+	RESERVED
+CVE-2021-38980
+	RESERVED
+CVE-2021-38979
+	RESERVED
+CVE-2021-38978
+	RESERVED
+CVE-2021-38977
+	RESERVED
+CVE-2021-38976
+	RESERVED
+CVE-2021-38975
+	RESERVED
+CVE-2021-38974
+	RESERVED
+CVE-2021-38973
+	RESERVED
+CVE-2021-38972
+	RESERVED
+CVE-2021-38971
+	RESERVED
+CVE-2021-38970
+	RESERVED
+CVE-2021-38969
+	RESERVED
+CVE-2021-38968
+	RESERVED
+CVE-2021-38967
+	RESERVED
+CVE-2021-38966
+	RESERVED
+CVE-2021-38965
+	RESERVED
+CVE-2021-38964
+	RESERVED
+CVE-2021-38963
+	RESERVED
+CVE-2021-38962
+	RESERVED
+CVE-2021-38961
+	RESERVED
+CVE-2021-38960
+	RESERVED
+CVE-2021-38959
+	RESERVED
+CVE-2021-38958
+	RESERVED
+CVE-2021-38957
+	RESERVED
+CVE-2021-38956
+	RESERVED
+CVE-2021-38955
+	RESERVED
+CVE-2021-38954
+	RESERVED
+CVE-2021-38953
+	RESERVED
+CVE-2021-38952
+	RESERVED
+CVE-2021-38951
+	RESERVED
+CVE-2021-38950
+	RESERVED
+CVE-2021-38949
+	RESERVED
+CVE-2021-38948
+	RESERVED
+CVE-2021-38947
+	RESERVED
+CVE-2021-38946
+	RESERVED
+CVE-2021-38945
+	RESERVED
+CVE-2021-38944
+	RESERVED
+CVE-2021-38943
+	RESERVED
+CVE-2021-38942
+	RESERVED
+CVE-2021-38941
+	RESERVED
+CVE-2021-38940
+	RESERVED
+CVE-2021-38939
+	RESERVED
+CVE-2021-38938
+	RESERVED
+CVE-2021-38937
+	RESERVED
+CVE-2021-38936
+	RESERVED
+CVE-2021-38935
+	RESERVED
+CVE-2021-38934
+	RESERVED
+CVE-2021-38933
+	RESERVED
+CVE-2021-38932
+	RESERVED
+CVE-2021-38931
+	RESERVED
+CVE-2021-38930
+	RESERVED
+CVE-2021-38929
+	RESERVED
+CVE-2021-38928
+	RESERVED
+CVE-2021-38927
+	RESERVED
+CVE-2021-38926
+	RESERVED
+CVE-2021-38925
+	RESERVED
+CVE-2021-38924
+	RESERVED
+CVE-2021-38923
+	RESERVED
+CVE-2021-38922
+	RESERVED
+CVE-2021-38921
+	RESERVED
+CVE-2021-38920
+	RESERVED
+CVE-2021-38919
+	RESERVED
+CVE-2021-38918
+	RESERVED
+CVE-2021-38917
+	RESERVED
+CVE-2021-38916
+	RESERVED
+CVE-2021-38915
+	RESERVED
+CVE-2021-38914
+	RESERVED
+CVE-2021-38913
+	RESERVED
+CVE-2021-38912
+	RESERVED
+CVE-2021-38911
+	RESERVED
+CVE-2021-38910
+	RESERVED
+CVE-2021-38909
+	RESERVED
+CVE-2021-38908
+	RESERVED
+CVE-2021-38907
+	RESERVED
+CVE-2021-38906
+	RESERVED
+CVE-2021-38905
+	RESERVED
+CVE-2021-38904
+	RESERVED
+CVE-2021-38903
+	RESERVED
+CVE-2021-38902
+	RESERVED
+CVE-2021-38901
+	RESERVED
+CVE-2021-38900
+	RESERVED
+CVE-2021-38899
+	RESERVED
+CVE-2021-38898
+	RESERVED
+CVE-2021-38897
+	RESERVED
+CVE-2021-38896
+	RESERVED
+CVE-2021-38895
+	RESERVED
+CVE-2021-38894
+	RESERVED
+CVE-2021-38893
+	RESERVED
+CVE-2021-38892
+	RESERVED
+CVE-2021-38891
+	RESERVED
+CVE-2021-38890
+	RESERVED
+CVE-2021-38889
+	RESERVED
+CVE-2021-38888
+	RESERVED
+CVE-2021-38887
+	RESERVED
+CVE-2021-38886
+	RESERVED
+CVE-2021-38885
+	RESERVED
+CVE-2021-38884
+	RESERVED
+CVE-2021-38883
+	RESERVED
+CVE-2021-38882
+	RESERVED
+CVE-2021-38881
+	RESERVED
+CVE-2021-38880
+	RESERVED
+CVE-2021-38879
+	RESERVED
+CVE-2021-38878
+	RESERVED
+CVE-2021-38877
+	RESERVED
+CVE-2021-38876
+	RESERVED
+CVE-2021-38875
+	RESERVED
+CVE-2021-38874
+	RESERVED
+CVE-2021-38873
+	RESERVED
+CVE-2021-38872
+	RESERVED
+CVE-2021-38871
+	RESERVED
+CVE-2021-38870
+	RESERVED
+CVE-2021-38869
+	RESERVED
+CVE-2021-38868
+	RESERVED
+CVE-2021-38867
+	RESERVED
+CVE-2021-38866
+	RESERVED
+CVE-2021-38865
+	RESERVED
+CVE-2021-38864
+	RESERVED
+CVE-2021-38863
+	RESERVED
+CVE-2021-38862
+	RESERVED
+CVE-2021-38861
+	RESERVED
+CVE-2021-38860
+	RESERVED
+CVE-2021-38859
+	RESERVED
+CVE-2021-3712
+	RESERVED
+CVE-2021-3711
+	RESERVED
 CVE-2021-38858
 	RESERVED
 CVE-2021-38857
@@ -198,22 +702,22 @@ CVE-2021-38760
 	RESERVED
 CVE-2021-38759
 	RESERVED
-CVE-2021-38758
-	RESERVED
-CVE-2021-38757
-	RESERVED
-CVE-2021-38756
-	RESERVED
-CVE-2021-38755
-	RESERVED
-CVE-2021-38754
-	RESERVED
-CVE-2021-38753
-	RESERVED
-CVE-2021-38752
-	RESERVED
-CVE-2021-38751
-	RESERVED
+CVE-2021-38758 (Directory traversal in Online Catering Reservation System due to lack  ...)
+	TODO: check
+CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...)
+	TODO: check
+CVE-2021-38756 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...)
+	TODO: check
+CVE-2021-38755 (Unauthenticated doctor entry deletion in Hospital Management System in ...)
+	TODO: check
+CVE-2021-38754 (SQL Injection vulnerability in Hospital Management System due to lack  ...)
+	TODO: check
+CVE-2021-38753 (An unrestricted file upload on Simple Image Gallery Web App can be exp ...)
+	TODO: check
+CVE-2021-38752 (A cross-site scripting (XSS) vulnerability in Online Catering Reservat ...)
+	TODO: check
+CVE-2021-38751 (A HTTP Host header attack exists in ExponentCMS 2.6 and below in /expo ...)
+	TODO: check
 CVE-2021-38750
 	RESERVED
 CVE-2021-38749
@@ -519,10 +1023,10 @@ CVE-2021-38610
 	RESERVED
 CVE-2021-38609
 	RESERVED
-CVE-2021-38608
-	RESERVED
-CVE-2021-38607
-	RESERVED
+CVE-2021-38608 (Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.73 ...)
+	TODO: check
+CVE-2021-38607 (Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated u ...)
+	TODO: check
 CVE-2021-38606 (reNgine through 0.5 relies on a predictable directory name. ...)
 	NOT-FOR-US: reNgine
 CVE-2021-38605
@@ -1158,8 +1662,8 @@ CVE-2021-38317
 	RESERVED
 CVE-2021-38316
 	RESERVED
-CVE-2021-38315
-	RESERVED
+CVE-2021-38315 (The SP Project & Document Manager WordPress plugin is vulnerable t ...)
+	TODO: check
 CVE-2021-38314
 	RESERVED
 CVE-2021-38313
@@ -2595,8 +3099,8 @@ CVE-2021-37709
 	RESERVED
 CVE-2021-37708
 	RESERVED
-CVE-2021-37707
-	RESERVED
+CVE-2021-37707 (### Impact Manipulation of product reviews via API ### Patches We reco ...)
+	TODO: check
 CVE-2021-37706
 	RESERVED
 CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...)
@@ -6673,8 +7177,7 @@ CVE-2021-35937 [TOCTOU race in checks for unsafe symlinks]
 	[buster] - rpm <no-dsa> (Minor issue)
 	[stretch] - rpm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964125
-CVE-2021-35936
-	RESERVED
+CVE-2021-35936 (If remote logging is not used, the worker (in the case of CeleryExecut ...)
 	- airflow <itp> (bug #819700)
 CVE-2021-3626
 	RESERVED
@@ -7857,14 +8360,14 @@ CVE-2021-35397 (A path traversal vulnerability in the static router for Drogon f
 	NOT-FOR-US: Drogon
 CVE-2021-35396
 	RESERVED
-CVE-2021-35395
-	RESERVED
-CVE-2021-35394
-	RESERVED
-CVE-2021-35393
-	RESERVED
-CVE-2021-35392
-	RESERVED
+CVE-2021-35395 (Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web se ...)
+	TODO: check
+CVE-2021-35394 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic t ...)
+	TODO: check
+CVE-2021-35393 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...)
+	TODO: check
+CVE-2021-35392 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...)
+	TODO: check
 CVE-2021-35391
 	RESERVED
 CVE-2021-35390
@@ -9471,44 +9974,44 @@ CVE-2021-34669
 	RESERVED
 CVE-2021-34668
 	RESERVED
-CVE-2021-34667
-	RESERVED
-CVE-2021-34666
-	RESERVED
-CVE-2021-34665
-	RESERVED
-CVE-2021-34664
-	RESERVED
-CVE-2021-34663
-	RESERVED
+CVE-2021-34667 (The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross- ...)
+	TODO: check
+CVE-2021-34666 (The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site ...)
+	TODO: check
+CVE-2021-34665 (The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site ...)
+	TODO: check
+CVE-2021-34664 (The Moova for WooCommerce WordPress plugin is vulnerable to Reflected  ...)
+	TODO: check
+CVE-2021-34663 (The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected ...)
+	TODO: check
 CVE-2021-34662
 	RESERVED
 CVE-2021-34661 (The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Reques ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2021-34660 (The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-S ...)
 	NOT-FOR-US: Wordpress plugin
-CVE-2021-34659
-	RESERVED
-CVE-2021-34658
-	RESERVED
-CVE-2021-34657
-	RESERVED
-CVE-2021-34656
-	RESERVED
-CVE-2021-34655
-	RESERVED
-CVE-2021-34654
-	RESERVED
-CVE-2021-34653
-	RESERVED
-CVE-2021-34652
-	RESERVED
-CVE-2021-34651
-	RESERVED
+CVE-2021-34659 (The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Re ...)
+	TODO: check
+CVE-2021-34658 (The Simple Popup Newsletter WordPress plugin is vulnerable to Reflecte ...)
+	TODO: check
+CVE-2021-34657 (The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scr ...)
+	TODO: check
+CVE-2021-34656 (The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress ...)
+	TODO: check
+CVE-2021-34655 (The Custom Post Type Relations WordPress plugin is vulnerable to Refle ...)
+	TODO: check
+CVE-2021-34654 (The Custom Post Type Relations WordPress plugin is vulnerable to Refle ...)
+	TODO: check
+CVE-2021-34653 (The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site ...)
+	TODO: check
+CVE-2021-34652 (The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site ...)
+	TODO: check
+CVE-2021-34651 (The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Si ...)
+	TODO: check
 CVE-2021-34650
 	RESERVED
-CVE-2021-34649
-	RESERVED
+CVE-2021-34649 (The Simple Behance Portfolio WordPress plugin is vulnerable to Reflect ...)
+	TODO: check
 CVE-2021-34648
 	RESERVED
 CVE-2021-34647
@@ -9517,14 +10020,14 @@ CVE-2021-34646
 	RESERVED
 CVE-2021-34645
 	RESERVED
-CVE-2021-34644
-	RESERVED
-CVE-2021-34643
-	RESERVED
-CVE-2021-34642
-	RESERVED
-CVE-2021-34641
-	RESERVED
+CVE-2021-34644 (The Multiplayer Games WordPress plugin is vulnerable to Reflected Cros ...)
+	TODO: check
+CVE-2021-34643 (The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site ...)
+	TODO: check
+CVE-2021-34642 (The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cro ...)
+	TODO: check
+CVE-2021-34641 (The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scrip ...)
+	TODO: check
 CVE-2021-34640 (The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-34639 (Authenticated File Upload in WordPress Download Manager <= 3.1.24 a ...)
@@ -12913,8 +13416,7 @@ CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allow
 	NOTE: https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ
 	NOTE: https://github.com/golang/go/issues/46288
 	TODO: check completeness
-CVE-2021-33193 [Apache mod_proxy HTTP2 request line injection]
-	RESERVED
+CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and be for ...)
 	- apache2 2.4.48-4
 	[bullseye] - apache2 2.4.48-3.1+deb11u1
 	[buster] - apache2 <postponed> (Revisit when a suitable backport is available for 2.4.38)
@@ -13767,8 +14269,8 @@ CVE-2021-32827
 	RESERVED
 CVE-2021-32826
 	RESERVED
-CVE-2021-32825
-	RESERVED
+CVE-2021-32825 (bblfshd is an open source self-hosted server for source code parsing.  ...)
+	TODO: check
 CVE-2021-32824
 	RESERVED
 CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potential deni ...)
@@ -13779,8 +14281,8 @@ CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potentia
 	NOTE: https://github.com/dmendel/bindata/commit/d99f050b88337559be2cb35906c1f8da49531323
 	NOTE: https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#update-bindata-dependency
 	NOTE: https://github.com/dmendel/bindata/blob/v2.4.10/ChangeLog.rdoc#version-2410-2021-05-18-
-CVE-2021-32822
-	RESERVED
+CVE-2021-32822 (The npm hbs package is an Express view engine wrapper for Handlebars.  ...)
+	TODO: check
 CVE-2021-32821
 	RESERVED
 CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express. Express-ha ...)
@@ -21080,7 +21582,7 @@ CVE-2021-29990
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29990
 CVE-2021-29989
 	RESERVED
-	{DSA-4959-1 DSA-4956-1 DLA-2740-1}
+	{DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
 	- firefox 91.0-1
 	- firefox-esr 78.13.0esr-1
 	- thunderbird 1:78.13.0-1
@@ -21089,7 +21591,7 @@ CVE-2021-29989
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29989
 CVE-2021-29988
 	RESERVED
-	{DSA-4959-1 DSA-4956-1 DLA-2740-1}
+	{DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
 	- firefox 91.0-1
 	- firefox-esr 78.13.0esr-1
 	- thunderbird 1:78.13.0-1
@@ -21104,7 +21606,7 @@ CVE-2021-29987
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29987
 CVE-2021-29986
 	RESERVED
-	{DSA-4959-1 DSA-4956-1 DLA-2740-1}
+	{DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
 	- firefox 91.0-1
 	- firefox-esr 78.13.0esr-1
 	- thunderbird 1:78.13.0-1
@@ -21113,7 +21615,7 @@ CVE-2021-29986
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29986
 CVE-2021-29985
 	RESERVED
-	{DSA-4959-1 DSA-4956-1 DLA-2740-1}
+	{DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
 	- firefox 91.0-1
 	- firefox-esr 78.13.0esr-1
 	- thunderbird 1:78.13.0-1
@@ -21122,7 +21624,7 @@ CVE-2021-29985
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29985
 CVE-2021-29984
 	RESERVED
-	{DSA-4959-1 DSA-4956-1 DLA-2740-1}
+	{DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
 	- firefox 91.0-1
 	- firefox-esr 78.13.0esr-1
 	- thunderbird 1:78.13.0-1
@@ -21147,7 +21649,7 @@ CVE-2021-29981
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29981
 CVE-2021-29980
 	RESERVED
-	{DSA-4959-1 DSA-4956-1 DLA-2740-1}
+	{DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
 	- firefox 91.0-1
 	- firefox-esr 78.13.0esr-1
 	- thunderbird 1:78.13.0-1
@@ -34414,8 +34916,8 @@ CVE-2021-24550
 	RESERVED
 CVE-2021-24549
 	RESERVED
-CVE-2021-24548
-	RESERVED
+CVE-2021-24548 (The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Au ...)
+	TODO: check
 CVE-2021-24547
 	RESERVED
 CVE-2021-24546
@@ -34428,22 +34930,22 @@ CVE-2021-24543
 	RESERVED
 CVE-2021-24542
 	RESERVED
-CVE-2021-24541
-	RESERVED
-CVE-2021-24540
-	RESERVED
+CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not escape param ...)
+	TODO: check
+CVE-2021-24540 (The Wonder Video Embed WordPress plugin before 1.8 does not escape par ...)
+	TODO: check
 CVE-2021-24539
 	RESERVED
-CVE-2021-24538
-	RESERVED
+CVE-2021-24538 (The Current Book WordPress plugin through 1.0.1 does not sanitize user ...)
+	TODO: check
 CVE-2021-24537
 	RESERVED
-CVE-2021-24536
-	RESERVED
-CVE-2021-24535
-	RESERVED
-CVE-2021-24534
-	RESERVED
+CVE-2021-24536 (The Custom Login Redirect WordPress plugin through 1.0.0 does not have ...)
+	TODO: check
+CVE-2021-24535 (The Light Messages WordPress plugin through 1.0 is lacking CSRF check  ...)
+	TODO: check
+CVE-2021-24534 (The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not  ...)
+	TODO: check
 CVE-2021-24533
 	RESERVED
 CVE-2021-24532
@@ -34456,10 +34958,10 @@ CVE-2021-24529
 	RESERVED
 CVE-2021-24528
 	RESERVED
-CVE-2021-24527
-	RESERVED
-CVE-2021-24526
-	RESERVED
+CVE-2021-24527 (The User Registration & User Profile – Profile Builder WordP ...)
+	TODO: check
+CVE-2021-24526 (The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contac ...)
+	TODO: check
 CVE-2021-24525
 	RESERVED
 CVE-2021-24524
@@ -34472,10 +34974,10 @@ CVE-2021-24521 (The Side Menu Lite – add sticky fixed buttons WordPress pl
 	NOT-FOR-US: Wordpress plugin
 CVE-2021-24520 (The Stock in & out WordPress plugin through 1.0.4 lacks proper san ...)
 	NOT-FOR-US: Wordpress plugin
-CVE-2021-24519
-	RESERVED
-CVE-2021-24518
-	RESERVED
+CVE-2021-24519 (The VikRentCar Car Rental Management System WordPress plugin before 1. ...)
+	TODO: check
+CVE-2021-24518 (The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does  ...)
+	TODO: check
 CVE-2021-24517
 	RESERVED
 CVE-2021-24516
@@ -34486,8 +34988,8 @@ CVE-2021-24514
 	RESERVED
 CVE-2021-24513
 	RESERVED
-CVE-2021-24512
-	RESERVED
+CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an a ...)
+	TODO: check
 CVE-2021-24511
 	RESERVED
 CVE-2021-24510
@@ -34568,8 +35070,8 @@ CVE-2021-24473 (The User Profile Picture WordPress plugin before 2.6.0 was affec
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24472 (The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress ...)
 	NOT-FOR-US: WordPress theme
-CVE-2021-24471
-	RESERVED
+CVE-2021-24471 (The YouTube Embed WordPress plugin before 5.2.2 does not validate, esc ...)
+	TODO: check
 CVE-2021-24470 (The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24469
@@ -34578,8 +35080,8 @@ CVE-2021-24468 (The Leaflet Map WordPress plugin before 3.0.0 does not escape so
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24467 (The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF ...)
 	NOT-FOR-US: Wordpress plugin
-CVE-2021-24466
-	RESERVED
+CVE-2021-24466 (The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSR ...)
+	TODO: check
 CVE-2021-24465
 	RESERVED
 CVE-2021-24464 (The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin bef ...)
@@ -34620,8 +35122,8 @@ CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not validate
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24446
 	RESERVED
-CVE-2021-24445
-	RESERVED
+CVE-2021-24445 (The My Site Audit WordPress plugin through 1.2.4 does not sanitise or  ...)
+	TODO: check
 CVE-2021-24444 (The TaxoPress – Create and Manage Taxonomies, Tags, Categories W ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24443 (The About Me widget of the Youzify – BuddyPress Community, User  ...)
@@ -34688,10 +35190,10 @@ CVE-2021-24413
 	RESERVED
 CVE-2021-24412
 	RESERVED
-CVE-2021-24411
-	RESERVED
-CVE-2021-24410
-	RESERVED
+CVE-2021-24411 (The Social Tape WordPress plugin through 1.0 does not have CSRF checks ...)
+	TODO: check
+CVE-2021-24410 (The తెలుగు బైబ&# ...)
+	TODO: check
 CVE-2021-24409 (The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GE ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2021-24408 (The Prismatic WordPress plugin before 2.8 does not sanitise or validat ...)
@@ -34750,8 +35252,8 @@ CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24381
 	RESERVED
-CVE-2021-24380
-	RESERVED
+CVE-2021-24380 (The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking an ...)
+	TODO: check
 CVE-2021-24379 (The Comments Like Dislike WordPress plugin before 1.1.4 allows users t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24378 (The Autoptimize WordPress plugin before 2.7.8 does not check for malic ...)
@@ -34784,10 +35286,10 @@ CVE-2021-24365 (The Admin Columns WordPress plugin Free before 4.3.2 and Pro bef
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24364 (The Jannah WordPress theme before 5.4.4 did not properly sanitize the  ...)
 	NOT-FOR-US: WordPress theme
-CVE-2021-24363
-	RESERVED
-CVE-2021-24362
-	RESERVED
+CVE-2021-24363 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...)
+	TODO: check
+CVE-2021-24362 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...)
+	TODO: check
 CVE-2021-24361 (In the Location Manager WordPress plugin before 2.1.0.10, the AJAX act ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24360 (The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its s ...)
@@ -36957,10 +37459,10 @@ CVE-2021-23425
 	RESERVED
 CVE-2021-23424
 	RESERVED
-CVE-2021-23423
-	RESERVED
-CVE-2021-23422
-	RESERVED
+CVE-2021-23423 (This affects the package bikeshed before 3.0.0. This can occur when an ...)
+	TODO: check
+CVE-2021-23422 (This affects the package bikeshed before 3.0.0. This can occur when an ...)
+	TODO: check
 CVE-2021-23421 (All versions of package merge-change are vulnerable to Prototype Pollu ...)
 	TODO: check
 CVE-2021-23420 (This affects the package codeception/codeception from 4.0.0 and before ...)
@@ -37982,34 +38484,31 @@ CVE-2021-22942
 	RESERVED
 CVE-2021-22941
 	RESERVED
-CVE-2021-22940
-	RESERVED
+CVE-2021-22940 (Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use aft ...)
 	- nodejs 12.22.5~dfsg-1
 	[bullseye] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
 	[buster] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
 	[stretch] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
 	NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22940
-CVE-2021-22939
-	RESERVED
+CVE-2021-22939 (If the Node.js https API was used incorrectly and "undefined" was in p ...)
 	- nodejs 12.22.5~dfsg-1
 	[bullseye] - nodejs 12.22.5~dfsg-2~11u1
 	NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#incomplete-validation-of-rejectunauthorized-parameter-low-cve-2021-22939
-CVE-2021-22938
-	RESERVED
-CVE-2021-22937
-	RESERVED
-CVE-2021-22936
-	RESERVED
-CVE-2021-22935
-	RESERVED
-CVE-2021-22934
-	RESERVED
-CVE-2021-22933
-	RESERVED
-CVE-2021-22932
-	RESERVED
-CVE-2021-22931 [cares upgrade - Improper handling of untypical characters in domain names]
-	RESERVED
+CVE-2021-22938 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+	TODO: check
+CVE-2021-22937 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+	TODO: check
+CVE-2021-22936 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow a th ...)
+	TODO: check
+CVE-2021-22935 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+	TODO: check
+CVE-2021-22934 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+	TODO: check
+CVE-2021-22933 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+	TODO: check
+CVE-2021-22932 (An issue has been identified in the CTX269106 mitigation tool for Citr ...)
+	TODO: check
+CVE-2021-22931 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Co ...)
 	- nodejs <undetermined>
 	NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931
 	TODO: check, nodejs uses system c-ares which fixed CVE-2021-3672 and so this entry might be not-affected
@@ -40506,12 +41005,12 @@ CVE-2021-21863 (A unsafe deserialization vulnerability exists in the ComponentMo
 	NOT-FOR-US: CODESYS
 CVE-2021-21862
 	RESERVED
-CVE-2021-21861
-	RESERVED
-CVE-2021-21860
-	RESERVED
-CVE-2021-21859
-	RESERVED
+CVE-2021-21861 (An exploitable integer truncation vulnerability exists within the MPEG ...)
+	TODO: check
+CVE-2021-21860 (An exploitable integer truncation vulnerability exists within the MPEG ...)
+	TODO: check
+CVE-2021-21859 (An exploitable integer truncation vulnerability exists within the MPEG ...)
+	TODO: check
 CVE-2021-21858
 	RESERVED
 CVE-2021-21857
@@ -57652,8 +58151,8 @@ CVE-2021-0116
 	RESERVED
 CVE-2021-0115
 	RESERVED
-CVE-2021-0114
-	RESERVED
+CVE-2021-0114 (Insecure default variable initialization for the Intel BSSA DFT featur ...)
+	TODO: check
 CVE-2021-0113 (Out of bounds write in the BMC firmware for Intel(R) Server Board M10J ...)
 	NOT-FOR-US: Intel
 CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows before  ...)
@@ -77556,22 +78055,22 @@ CVE-2020-18707
 	RESERVED
 CVE-2020-18706
 	RESERVED
-CVE-2020-18705
-	RESERVED
-CVE-2020-18704
-	RESERVED
-CVE-2020-18703
-	RESERVED
-CVE-2020-18702
-	RESERVED
-CVE-2020-18701
-	RESERVED
+CVE-2020-18705 (XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers t ...)
+	TODO: check
+CVE-2020-18704 (Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 ...)
+	TODO: check
+CVE-2020-18703 (XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers t ...)
+	TODO: check
+CVE-2020-18702 (Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to ...)
+	TODO: check
+CVE-2020-18701 (Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attacke ...)
+	TODO: check
 CVE-2020-18700
 	RESERVED
-CVE-2020-18699
-	RESERVED
-CVE-2020-18698
-	RESERVED
+CVE-2020-18699 (Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attac ...)
+	TODO: check
+CVE-2020-18698 (Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attacker ...)
+	TODO: check
 CVE-2020-18697
 	RESERVED
 CVE-2020-18696



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7e36a4ef0901c713b15a5dcfdfe1509d16bbddd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7e36a4ef0901c713b15a5dcfdfe1509d16bbddd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210816/a6ac5d8a/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list