[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 26 09:10:20 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f4e3f84 by security tracker role at 2021-10-26T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2021-43032
+	RESERVED
+CVE-2021-43031
+	RESERVED
+CVE-2021-43030
+	RESERVED
+CVE-2021-43029
+	RESERVED
+CVE-2021-43028
+	RESERVED
+CVE-2021-43027
+	RESERVED
+CVE-2021-43026
+	RESERVED
+CVE-2021-43025
+	RESERVED
+CVE-2021-43024
+	RESERVED
+CVE-2021-43023
+	RESERVED
+CVE-2021-43022
+	RESERVED
+CVE-2021-43021
+	RESERVED
+CVE-2021-43020
+	RESERVED
+CVE-2021-43019
+	RESERVED
+CVE-2021-43018
+	RESERVED
+CVE-2021-43017
+	RESERVED
+CVE-2021-43016
+	RESERVED
+CVE-2021-43015
+	RESERVED
+CVE-2021-43014
+	RESERVED
+CVE-2021-43013
+	RESERVED
+CVE-2021-43012
+	RESERVED
+CVE-2021-43011
+	RESERVED
+CVE-2021-3905
+	RESERVED
 CVE-2021-3904
 	RESERVED
 CVE-2021-3903
@@ -5049,16 +5095,16 @@ CVE-2021-41310
 	RESERVED
 CVE-2021-41309
 	RESERVED
-CVE-2021-41308
-	RESERVED
-CVE-2021-41307
-	RESERVED
-CVE-2021-41306
-	RESERVED
-CVE-2021-41305
-	RESERVED
-CVE-2021-41304
-	RESERVED
+CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
+	TODO: check
+CVE-2021-41307 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+	TODO: check
+CVE-2021-41306 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+	TODO: check
+CVE-2021-41305 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+	TODO: check
+CVE-2021-41304 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+	TODO: check
 CVE-2021-3812 (adminlte is vulnerable to Improper Neutralization of Input During Web  ...)
 	NOT-FOR-US: adminlte
 CVE-2021-3811 (adminlte is vulnerable to Improper Neutralization of Input During Web  ...)
@@ -5343,12 +5389,12 @@ CVE-2021-41181
 	RESERVED
 CVE-2021-41180
 	RESERVED
-CVE-2021-41179
-	RESERVED
-CVE-2021-41178
-	RESERVED
-CVE-2021-41177
-	RESERVED
+CVE-2021-41179 (Nextcloud is an open-source, self-hosted productivity platform. Prior  ...)
+	TODO: check
+CVE-2021-41178 (Nextcloud is an open-source, self-hosted productivity platform. Prior  ...)
+	TODO: check
+CVE-2021-41177 (Nextcloud is an open-source, self-hosted productivity platform. Prior  ...)
+	TODO: check
 CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with  ...)
 	NOT-FOR-US: Pterodactyl
 CVE-2021-41175
@@ -5429,8 +5475,7 @@ CVE-2021-41146 (qutebrowser is an open source keyboard-focused browser with a mi
 	NOTE: https://github.com/qutebrowser/qutebrowser/commit/8f46ba3f6dc7b18375f7aa63c48a1fe461190430
 	NOTE: Additional hardening for potential similar issues on Linux were added, but
 	NOTE: are not fixing a security vulnerability.
-CVE-2021-41145
-	RESERVED
+CVE-2021-41145 (Software Defined Telecom Stack enabling the digital transformation fro ...)
 	- freeswitch <itp> (bug #389591)
 	NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m
 CVE-2021-41144
@@ -5514,8 +5559,7 @@ CVE-2021-41107
 	RESERVED
 CVE-2021-41106 (JWT is a library to work with JSON Web Token and JSON Web Signature. P ...)
 	NOT-FOR-US: PHP lcobucci/jwt
-CVE-2021-41105
-	RESERVED
+CVE-2021-41105 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
 	- freeswitch <itp> (bug #389591)
 	NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36
 CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with web_serv ...)
@@ -10001,12 +10045,12 @@ CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for A
 	NOT-FOR-US: ZRender
 CVE-2021-39226 (Grafana is an open source data visualization platform. In affected ver ...)
 	- grafana <removed>
-CVE-2021-39225
-	RESERVED
-CVE-2021-39224
-	RESERVED
-CVE-2021-39223
-	RESERVED
+CVE-2021-39225 (Nextcloud is an open-source, self-hosted productivity platform. A miss ...)
+	TODO: check
+CVE-2021-39224 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
+	TODO: check
+CVE-2021-39223 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
+	TODO: check
 CVE-2021-39222
 	RESERVED
 CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
@@ -12262,12 +12306,12 @@ CVE-2021-38262
 	RESERVED
 CVE-2021-38261
 	RESERVED
-CVE-2021-38260
-	RESERVED
+CVE-2021-38260 (NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow  ...)
+	TODO: check
 CVE-2021-38259
 	RESERVED
-CVE-2021-38258
-	RESERVED
+CVE-2021-38258 (NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow  ...)
+	TODO: check
 CVE-2021-38257
 	RESERVED
 CVE-2021-38256
@@ -52768,6 +52812,7 @@ CVE-2021-21704 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x
 	NOTE: PHP Bug: https://bugs.php.net/76450
 	NOTE: PHP Bug: https://bugs.php.net/76452
 CVE-2021-21703 (In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 a ...)
+	{DSA-4993-1 DSA-4992-1}
 	- php8.0 <unfixed>
 	- php7.4 <unfixed> (bug #997003)
 	- php7.3 <removed>
@@ -56417,8 +56462,8 @@ CVE-2021-20839
 	RESERVED
 CVE-2021-20838
 	RESERVED
-CVE-2021-20837
-	RESERVED
+CVE-2021-20837 (Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Typ ...)
+	TODO: check
 CVE-2021-20836 (Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0 ...)
 	NOT-FOR-US: CX-Supervisor
 CVE-2021-20835



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f4e3f84265d46c9dcd369d310826fae521fbc3f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f4e3f84265d46c9dcd369d310826fae521fbc3f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211026/09a7a97f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list