[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 9 08:10:26 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd50c7e2 by security tracker role at 2021-11-09T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2021-43556
+	RESERVED
+CVE-2021-43555
+	RESERVED
+CVE-2021-43554
+	RESERVED
+CVE-2021-43553
+	RESERVED
+CVE-2021-43552
+	RESERVED
+CVE-2021-43551
+	RESERVED
+CVE-2021-43550
+	RESERVED
+CVE-2021-43549
+	RESERVED
+CVE-2021-43548
+	RESERVED
+CVE-2021-43547
+	RESERVED
+CVE-2021-43546
+	RESERVED
+CVE-2021-43545
+	RESERVED
+CVE-2021-43544
+	RESERVED
+CVE-2021-43543
+	RESERVED
+CVE-2021-43542
+	RESERVED
+CVE-2021-43541
+	RESERVED
+CVE-2021-43540
+	RESERVED
+CVE-2021-43539
+	RESERVED
+CVE-2021-43538
+	RESERVED
+CVE-2021-43537
+	RESERVED
+CVE-2021-43536
+	RESERVED
+CVE-2021-43535
+	RESERVED
+CVE-2021-43534
+	RESERVED
+CVE-2021-43533
+	RESERVED
+CVE-2021-43532
+	RESERVED
+CVE-2021-43531
+	RESERVED
+CVE-2021-43530
+	RESERVED
+CVE-2021-43529
+	RESERVED
+CVE-2021-43528
+	RESERVED
+CVE-2021-43527
+	RESERVED
+CVE-2021-43526
+	RESERVED
+CVE-2021-43525
+	RESERVED
+CVE-2021-43524
+	RESERVED
+CVE-2021-43523
+	RESERVED
+CVE-2021-43522
+	RESERVED
+CVE-2021-3939
+	RESERVED
+CVE-2021-3938
+	RESERVED
+CVE-2021-3937
+	RESERVED
+CVE-2021-3936
+	RESERVED
 CVE-2021-3935
 	RESERVED
 CVE-2021-3934
@@ -7386,8 +7464,8 @@ CVE-2021-41255
 	RESERVED
 CVE-2021-41254
 	RESERVED
-CVE-2021-41253
-	RESERVED
+CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v ...)
+	TODO: check
 CVE-2021-41252
 	RESERVED
 CVE-2021-41251 (@sap-cloud-sdk/core contains the core functionality of the SAP Cloud S ...)
@@ -7559,8 +7637,8 @@ CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. The Redis Manage plugi
 	NOT-FOR-US: AntSword plugin for Redis
 CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for research ...)
 	NOT-FOR-US: eLabFTW
-CVE-2021-41170
-	RESERVED
+CVE-2021-41170 (### Impact Versions prior 1.1.1 have allowed for passing in closures d ...)
+	TODO: check
 CVE-2021-41169 (Sulu is an open-source PHP content management system based on the Symf ...)
 	NOT-FOR-US: Sulu
 CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser used  ...)
@@ -9768,10 +9846,10 @@ CVE-2021-40263
 	RESERVED
 CVE-2021-40262
 	RESERVED
-CVE-2021-40261
-	RESERVED
-CVE-2021-40260
-	RESERVED
+CVE-2021-40261 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...)
+	TODO: check
+CVE-2021-40260 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...)
+	TODO: check
 CVE-2021-40259
 	RESERVED
 CVE-2021-40258
@@ -16024,6 +16102,7 @@ CVE-2021-37697 (tmerc-cogs are a collection of open source plugins for the Red D
 CVE-2021-37696 (tmerc-cogs are a collection of open source plugins for the Red Discord ...)
 	NOT-FOR-US: tmerc-cogs
 CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...)
+	{DLA-2813-1}
 	- ckeditor 4.16.2+dfsg-1 (bug #992290)
 	[bullseye] - ckeditor <no-dsa> (Minor issue)
 	[buster] - ckeditor <no-dsa> (Minor issue)
@@ -25011,6 +25090,7 @@ CVE-2021-33831 (api/account/register in the TH Wildau COVID-19 Contact Tracing a
 CVE-2021-33830
 	RESERVED
 CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor  ...)
+	{DLA-2813-1}
 	- ckeditor 4.16.0+dfsg-2
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
@@ -81899,8 +81979,8 @@ CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an authenticat
 	NOT-FOR-US: Sysax Multi Server
 CVE-2020-23573
 	RESERVED
-CVE-2020-23572
-	RESERVED
+CVE-2020-23572 (BEESCMS v4.0 was discovered to contain an arbitrary file upload vulner ...)
+	TODO: check
 CVE-2020-23571
 	RESERVED
 CVE-2020-23570
@@ -260633,7 +260713,7 @@ CVE-2017-14739 (The AcquireResampleFilterThreadSet function in magick/resample-p
 CVE-2017-14738 (FileRun (version 2017.09.18 and below) suffers from a remote SQL injec ...)
 	NOT-FOR-US: FileRun
 CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementation in  ...)
-	{DLA-1125-1}
+	{DLA-2812-1 DLA-1125-1}
 	- botan1.10 1.10.17-0.1 (bug #877436)
 	[jessie] - botan1.10 <no-dsa> (Minor issue)
 	NOTE: https://github.com/randombit/botan/issues/1222



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd50c7e2603e1f436b6896b0cce021689cfac84e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd50c7e2603e1f436b6896b0cce021689cfac84e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211109/56b5846e/attachment.htm>

More information about the debian-security-tracker-commits mailing list