[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 5 08:10:23 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
124229f4 by security tracker role at 2021-11-05T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,20 @@
-CVE-2021-43396 [Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset]
+CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ...)
+	TODO: check
+CVE-2021-43399
+	RESERVED
+CVE-2021-43398 (Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in ...)
+	TODO: check
+CVE-2021-43397
+	RESERVED
+CVE-2021-43395
+	RESERVED
+CVE-2021-43394
+	RESERVED
+CVE-2021-43393
+	RESERVED
+CVE-2021-43392
+	RESERVED
+CVE-2021-43396 (In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, re ...)
 	- glibc <unfixed> (bug #998622)
 	[buster] - glibc <not-affected> (Vulnerable code not present)
 	[stretch] - glibc <not-affected> (Vulnerable code not present)
@@ -2293,7 +2309,7 @@ CVE-2021-42814
 CVE-2021-42813
 	RESERVED
 CVE-2021-3896
-	RESERVED
+	REJECTED
 CVE-2021-42812
 	RESERVED
 CVE-2021-42811
@@ -5215,8 +5231,8 @@ CVE-2021-42059
 	RESERVED
 CVE-2021-42058
 	RESERVED
-CVE-2021-42057
-	RESERVED
+CVE-2021-42057 (Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The ev ...)
+	TODO: check
 CVE-2021-42056
 	RESERVED
 CVE-2021-42055 (ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insec ...)
@@ -7091,10 +7107,10 @@ CVE-2021-41251
 	RESERVED
 CVE-2021-41250
 	RESERVED
-CVE-2021-41249
-	RESERVED
-CVE-2021-41248
-	RESERVED
+CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for development of graphQL focused ...)
+	TODO: check
+CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo, GraphQL IDE ...)
+	TODO: check
 CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter notebooks.  ...)
 	NOT-FOR-US: JupyterHub
 CVE-2021-41246
@@ -10240,46 +10256,46 @@ CVE-2021-39916
 	RESERVED
 CVE-2021-39915
 	RESERVED
-CVE-2021-39914
-	RESERVED
-CVE-2021-39913
-	RESERVED
-CVE-2021-39912
-	RESERVED
-CVE-2021-39911
-	RESERVED
+CVE-2021-39914 (A regular expression denial of service issue in GitLab versions 8.13 t ...)
+	TODO: check
+CVE-2021-39913 (Accidental logging of system root password in the migration log in all ...)
+	TODO: check
+CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE starting  ...)
+	TODO: check
+CVE-2021-39911 (An improper access control flaw in GitLab CE/EE since version 13.9 exp ...)
+	TODO: check
 CVE-2021-39910
 	RESERVED
-CVE-2021-39909
-	RESERVED
+CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...)
+	TODO: check
 CVE-2021-39908
 	RESERVED
-CVE-2021-39907
-	RESERVED
-CVE-2021-39906
-	RESERVED
-CVE-2021-39905
-	RESERVED
-CVE-2021-39904
-	RESERVED
-CVE-2021-39903
-	RESERVED
-CVE-2021-39902
-	RESERVED
-CVE-2021-39901
-	RESERVED
+CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE starting  ...)
+	TODO: check
+CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version 13.5 and ab ...)
+	TODO: check
+CVE-2021-39905 (An information disclosure vulnerability in the GitLab CE/EE API since  ...)
+	TODO: check
+CVE-2021-39904 (An Improper Access Control vulnerability in the GraphQL API in GitLab  ...)
+	TODO: check
+CVE-2021-39903 (In all versions of GitLab CE/EE since version 13.0, a privileged user, ...)
+	TODO: check
+CVE-2021-39902 (Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user wi ...)
+	TODO: check
+CVE-2021-39901 (In all versions of GitLab CE/EE since version 11.10, an admin of a gro ...)
+	TODO: check
 CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with 10.8 all ...)
 	- gitlab <unfixed>
 CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical access to a ...)
 	- gitlab <unfixed>
-CVE-2021-39898
-	RESERVED
-CVE-2021-39897
-	RESERVED
+CVE-2021-39898 (In all versions of GitLab CE/EE since version 10.6, a project export l ...)
+	TODO: check
+CVE-2021-39897 (Improper access control in GitLab CE/EE version 10.5 and above allowed ...)
+	TODO: check
 CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an admin uses  ...)
 	- gitlab <unfixed>
-CVE-2021-39895
-	RESERVED
+CVE-2021-39895 (In all versions of GitLab CE/EE since version 8.0, an attacker can set ...)
+	TODO: check
 CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vul ...)
 	- gitlab <unfixed>
 CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...)
@@ -45959,26 +45975,26 @@ CVE-2021-25511
 	RESERVED
 CVE-2021-25510
 	RESERVED
-CVE-2021-25509
-	RESERVED
-CVE-2021-25508
-	RESERVED
-CVE-2021-25507
-	RESERVED
-CVE-2021-25506
-	RESERVED
-CVE-2021-25505
-	RESERVED
-CVE-2021-25504
-	RESERVED
-CVE-2021-25503
-	RESERVED
-CVE-2021-25502
-	RESERVED
-CVE-2021-25501
-	RESERVED
-CVE-2021-25500
-	RESERVED
+CVE-2021-25509 (A missing input validation in Samsung Flow Windows application prior t ...)
+	TODO: check
+CVE-2021-25508 (Improper privilege management vulnerability in API Key used in SmartTh ...)
+	TODO: check
+CVE-2021-25507 (Improper authorization vulnerability in Samsung Flow mobile applicatio ...)
+	TODO: check
+CVE-2021-25506 (Non-existent provider in Samsung Health prior to 6.19.1.0001 allows at ...)
+	TODO: check
+CVE-2021-25505 (Improper authentication in Samsung Pass prior to 3.0.02.4 allows to us ...)
+	TODO: check
+CVE-2021-25504 (Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 a ...)
+	TODO: check
+CVE-2021-25503 (Improper input validation vulnerability in HDCP prior to SMR Nov-2021  ...)
+	TODO: check
+CVE-2021-25502 (A vulnerability of storing sensitive information insecurely in Propert ...)
+	TODO: check
+CVE-2021-25501 (An improper access control vulnerability in SCloudBnRReceiver in SecTe ...)
+	TODO: check
+CVE-2021-25500 (A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release  ...)
+	TODO: check
 CVE-2021-25499 (Intent redirection vulnerability in SamsungAccountSDKSigninActivity of ...)
 	NOT-FOR-US: Samsung
 CVE-2021-25498 (A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSP ...)
@@ -53346,8 +53362,8 @@ CVE-2021-22262 (Missing access control in GitLab version 13.10 and above with Ji
 	- gitlab <unfixed>
 CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira integration in ...)
 	- gitlab <unfixed>
-CVE-2021-22260
-	RESERVED
+CVE-2021-22260 (A stored Cross-Site Scripting vulnerability in the DataDog integration ...)
+	TODO: check
 CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE starting wit ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2021-22258 (The project import/export feature in GitLab 8.9 and greater could be u ...)
@@ -86783,8 +86799,8 @@ CVE-2020-21141
 	RESERVED
 CVE-2020-21140
 	RESERVED
-CVE-2020-21139
-	RESERVED
+CVE-2020-21139 (EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site ...)
+	TODO: check
 CVE-2020-21138
 	RESERVED
 CVE-2020-21137



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/124229f4c2c8d039bcf7dee3642f1aa46639d244

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/124229f4c2c8d039bcf7dee3642f1aa46639d244
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211105/a6ad05a5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list