[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 22 09:10:20 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
413c5ffb by security tracker role at 2021-10-22T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2021-42812
+	RESERVED
+CVE-2021-42811
+	RESERVED
+CVE-2021-42810
+	RESERVED
+CVE-2021-42809
+	RESERVED
+CVE-2021-42808
+	RESERVED
+CVE-2021-42807
+	RESERVED
+CVE-2021-42806
+	RESERVED
+CVE-2021-42805
+	RESERVED
+CVE-2021-42804
+	RESERVED
+CVE-2021-42803
+	RESERVED
+CVE-2021-42802
+	RESERVED
+CVE-2021-42801
+	RESERVED
+CVE-2021-42800
+	RESERVED
+CVE-2021-42799
+	RESERVED
+CVE-2021-42798
+	RESERVED
+CVE-2021-42797
+	RESERVED
+CVE-2021-42796
+	RESERVED
+CVE-2021-42795
+	RESERVED
+CVE-2021-42794
+	RESERVED
 CVE-2021-42793
 	RESERVED
 CVE-2021-42792
@@ -4889,10 +4927,10 @@ CVE-2021-41171
 	RESERVED
 CVE-2021-41170
 	RESERVED
-CVE-2021-41169
-	RESERVED
-CVE-2021-41168
-	RESERVED
+CVE-2021-41169 (Sulu is an open-source PHP content management system based on the Symf ...)
+	TODO: check
+CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser used  ...)
+	TODO: check
 CVE-2021-41167 (modern-async is an open source JavaScript tooling library for asynchro ...)
 	TODO: check
 CVE-2021-41166
@@ -4981,8 +5019,8 @@ CVE-2021-41129 (Pterodactyl is an open-source game server management panel built
 	NOT-FOR-US: Pterodactyl
 CVE-2021-41128 (Hygeia is an application for collecting and processing personal and ca ...)
 	NOT-FOR-US: Hygeia
-CVE-2021-41127
-	RESERVED
+CVE-2021-41127 (Rasa is an open source machine learning framework to automate text-and ...)
+	TODO: check
 CVE-2021-41126 (October is a Content Management System (CMS) and web platform built on ...)
 	NOT-FOR-US: October CMS
 CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for Python. ...)
@@ -5938,8 +5976,8 @@ CVE-2021-40721 (Adobe Connect version 11.2.2 (and earlier) is affected by a refl
 	NOT-FOR-US: Adobe
 CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...)
 	NOT-FOR-US: Adobe
-CVE-2021-40719
-	RESERVED
+CVE-2021-40719 (Adobe Connect version 11.2.2 (and earlier) is affected by a Deserializ ...)
+	TODO: check
 CVE-2021-40718
 	RESERVED
 CVE-2021-40717
@@ -9089,26 +9127,26 @@ CVE-2021-3731 (LedgerSMB does not sufficiently guard against being wrapped by ot
 	{DSA-4962-1}
 	- ledgersmb 1.6.9+ds-2.1 (bug #992817)
 	NOTE: https://ledgersmb.org/cve-2021-3731-clickjacking
-CVE-2021-39357
-	RESERVED
-CVE-2021-39356
-	RESERVED
+CVE-2021-39357 (The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2021-39356 (The Content Staging WordPress plugin is vulnerable to Stored Cross-Sit ...)
+	TODO: check
 CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-39354
-	RESERVED
+CVE-2021-39354 (The Easy Digital Downloads WordPress plugin is vulnerable to Reflected ...)
+	TODO: check
 CVE-2021-39353
 	RESERVED
-CVE-2021-39352
-	RESERVED
+CVE-2021-39352 (The Catch Themes Demo Import WordPress plugin is vulnerable to arbitra ...)
+	TODO: check
 CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated SQL i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-39349 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting  ...)
+CVE-2021-39349 (The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-39348
-	RESERVED
+CVE-2021-39348 (The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
+	TODO: check
 CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-39346
@@ -9147,8 +9185,8 @@ CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to St
 	NOT-FOR-US: WordPress plugin
 CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-39328
-	RESERVED
+CVE-2021-39328 (The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Si ...)
+	TODO: check
 CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-39326
@@ -9161,8 +9199,8 @@ CVE-2021-39323
 	RESERVED
 CVE-2021-39322 (The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-39321
-	RESERVED
+CVE-2021-39321 (Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerabl ...)
+	TODO: check
 CVE-2021-39320 (The underConstruction plugin <= 1.18 for WordPress echoes out the r ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-39319
@@ -15100,8 +15138,8 @@ CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vul
 	NOT-FOR-US: Wordpress plugin
 CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
 	NOT-FOR-US: Wordpress plugin
-CVE-2021-36869
-	RESERVED
+CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory  ...)
+	TODO: check
 CVE-2021-36868
 	RESERVED
 CVE-2021-36867
@@ -21017,8 +21055,8 @@ CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows
 	[stretch] - thefuck <no-dsa> (Minor issue)
 	NOTE: https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 (3.31)
 	NOTE: https://github.com/nvbn/thefuck/pull/1206
-CVE-2021-34362
-	RESERVED
+CVE-2021-34362 (A command injection vulnerability has been reported to affect QNAP dev ...)
+	TODO: check
 CVE-2021-34361
 	RESERVED
 CVE-2021-34360
@@ -37825,8 +37863,8 @@ CVE-2021-27748
 	RESERVED
 CVE-2021-27747
 	RESERVED
-CVE-2021-27746
-	RESERVED
+CVE-2021-27746 ("HCL Connections Security Update for Reflected Cross-Site Scripting (X ...)
+	TODO: check
 CVE-2021-27745
 	RESERVED
 CVE-2021-27744
@@ -51360,8 +51398,8 @@ CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an ope
 	NOT-FOR-US: VMware
 CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Se ...)
 	NOT-FOR-US: VMware
-CVE-2021-22034
-	RESERVED
+CVE-2021-22034 (Releases prior to VMware vRealize Operations Tenant App 8.6 contain an ...)
+	TODO: check
 CVE-2021-22033 (Releases prior to VMware vRealize Operations 8.6 contain a Server Side ...)
 	NOT-FOR-US: VMware
 CVE-2021-22032



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/413c5ffbee3f0e8876f366ab279be55803375d03

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/413c5ffbee3f0e8876f366ab279be55803375d03
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211022/7d0a5b51/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list