[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 10 09:10:28 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
25a483c1 by security tracker role at 2021-09-10T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2021-40849
+	RESERVED
+CVE-2021-40848
+	RESERVED
+CVE-2021-40847
+	RESERVED
+CVE-2021-40846
+	RESERVED
+CVE-2021-40845
+	RESERVED
+CVE-2021-40844
+	RESERVED
+CVE-2021-40843
+	RESERVED
+CVE-2021-40842
+	RESERVED
+CVE-2021-40841
+	RESERVED
+CVE-2021-40840
+	RESERVED
+CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...)
+	TODO: check
+CVE-2021-40838
+	RESERVED
 CVE-2021-40837
 	RESERVED
 CVE-2021-40836
@@ -3710,20 +3734,20 @@ CVE-2021-39208
 	RESERVED
 CVE-2021-39207
 	RESERVED
-CVE-2021-39206
-	RESERVED
+CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
+	TODO: check
 CVE-2021-39205
 	RESERVED
-CVE-2021-39204
-	RESERVED
-CVE-2021-39203
-	RESERVED
-CVE-2021-39202
-	RESERVED
-CVE-2021-39201
-	RESERVED
-CVE-2021-39200
-	RESERVED
+CVE-2021-39204 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
+	TODO: check
+CVE-2021-39203 (WordPress is a free and open-source content management system written  ...)
+	TODO: check
+CVE-2021-39202 (WordPress is a free and open-source content management system written  ...)
+	TODO: check
+CVE-2021-39201 (WordPress is a free and open-source content management system written  ...)
+	TODO: check
+CVE-2021-39200 (WordPress is a free and open-source content management system written  ...)
+	TODO: check
 CVE-2021-39199 (remark-html is an open source nodejs library which compiles Markdown t ...)
 	NOT-FOR-US: Node remark-html
 CVE-2021-39198
@@ -3809,8 +3833,8 @@ CVE-2021-39163 (Matrix is an ecosystem for open federated Instant Messaging and
 	- matrix-synapse 1.41.1-1
 	NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2
 	NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1)
-CVE-2021-39162
-	RESERVED
+CVE-2021-39162 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
+	TODO: check
 CVE-2021-39161 (Discourse is an open source platform for community discussion. In affe ...)
 	NOT-FOR-US: Discourse
 CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git repository one ...)
@@ -14840,14 +14864,14 @@ CVE-2021-34348
 	RESERVED
 CVE-2021-34347
 	RESERVED
-CVE-2021-34346
-	RESERVED
-CVE-2021-34345
-	RESERVED
-CVE-2021-34344
-	RESERVED
-CVE-2021-34343
-	RESERVED
+CVE-2021-34346 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+	TODO: check
+CVE-2021-34345 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+	TODO: check
+CVE-2021-34344 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+	TODO: check
+CVE-2021-34343 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+	TODO: check
 CVE-2022-20001
 	RESERVED
 CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not perfor ...)
@@ -18730,8 +18754,8 @@ CVE-2021-32726 (Nextcloud Server is a Nextcloud package that handles data storag
 	- nextcloud-server <itp> (bug #941708)
 CVE-2021-32725 (Nextcloud Server is a Nextcloud package that handles data storage. In  ...)
 	- nextcloud-server <itp> (bug #941708)
-CVE-2021-32724
-	RESERVED
+CVE-2021-32724 (check-spelling is a github action which provides CI spell checking. In ...)
+	TODO: check
 CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before 1.24.0 a ...)
 	NOT-FOR-US: Prism
 CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb705 ...)
@@ -28778,14 +28802,14 @@ CVE-2021-28818 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing
 	NOT-FOR-US: TIBCO
 CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Rend ...)
 	NOT-FOR-US: TIBCO
-CVE-2021-28816
-	RESERVED
+CVE-2021-28816 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+	TODO: check
 CVE-2021-28815 (Insecure storage of sensitive information has been reported to affect  ...)
 	NOT-FOR-US: QNAP
 CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...)
 	NOT-FOR-US: QNAP
-CVE-2021-28813
-	RESERVED
+CVE-2021-28813 (A vulnerability involving insecure storage of sensitive information ha ...)
+	TODO: check
 CVE-2021-28812 (A command injection vulnerability has been reported to affect certain  ...)
 	NOT-FOR-US: QNAP
 CVE-2021-28811 (If exploited, this command injection vulnerability could allow remote  ...)
@@ -70703,7 +70727,7 @@ CVE-2020-24383 (An issue was discovered in FNET through 4.6.4. The code for proc
 	NOT-FOR-US: FNET
 CVE-2020-24382
 	RESERVED
-CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform (aka openeclass) through 3.9 ...)
+CVE-2020-24381 (GUnet Open eClass Platform (aka openeclass) before 3.11 might allow re ...)
 	NOT-FOR-US: GUnet Open eClass Platform
 CVE-2020-24380
 	RESERVED
@@ -81338,38 +81362,38 @@ CVE-2020-19297
 	RESERVED
 CVE-2020-19296
 	RESERVED
-CVE-2020-19295
-	RESERVED
-CVE-2020-19294
-	RESERVED
-CVE-2020-19293
-	RESERVED
-CVE-2020-19292
-	RESERVED
-CVE-2020-19291
-	RESERVED
-CVE-2020-19290
-	RESERVED
-CVE-2020-19289
-	RESERVED
-CVE-2020-19288
-	RESERVED
-CVE-2020-19287
-	RESERVED
-CVE-2020-19286
-	RESERVED
-CVE-2020-19285
-	RESERVED
-CVE-2020-19284
-	RESERVED
-CVE-2020-19283
-	RESERVED
-CVE-2020-19282
-	RESERVED
-CVE-2020-19281
-	RESERVED
-CVE-2020-19280
-	RESERVED
+CVE-2020-19295 (A reflected cross-site scripting (XSS) vulnerability in the /weibo/top ...)
+	TODO: check
+CVE-2020-19294 (A stored cross-site scripting (XSS) vulnerability in the /article/comm ...)
+	TODO: check
+CVE-2020-19293 (A stored cross-site scripting (XSS) vulnerability in the /article/add  ...)
+	TODO: check
+CVE-2020-19292 (A stored cross-site scripting (XSS) vulnerability in the /question/ask ...)
+	TODO: check
+CVE-2020-19291 (A stored cross-site scripting (XSS) vulnerability in the /weibo/publis ...)
+	TODO: check
+CVE-2020-19290 (A stored cross-site scripting (XSS) vulnerability in the /weibo/commen ...)
+	TODO: check
+CVE-2020-19289 (A stored cross-site scripting (XSS) vulnerability in the /member/pictu ...)
+	TODO: check
+CVE-2020-19288 (A stored cross-site scripting (XSS) vulnerability in the /localhost/u  ...)
+	TODO: check
+CVE-2020-19287 (A stored cross-site scripting (XSS) vulnerability in the /group/post c ...)
+	TODO: check
+CVE-2020-19286 (A stored cross-site scripting (XSS) vulnerability in the /question/det ...)
+	TODO: check
+CVE-2020-19285 (A stored cross-site scripting (XSS) vulnerability in the /group/apply  ...)
+	TODO: check
+CVE-2020-19284 (A stored cross-site scripting (XSS) vulnerability in the /group/commen ...)
+	TODO: check
+CVE-2020-19283 (A reflected cross-site scripting (XSS) vulnerability in the /newVersio ...)
+	TODO: check
+CVE-2020-19282 (A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 a ...)
+	TODO: check
+CVE-2020-19281 (A stored cross-site scripting (XSS) vulnerability in the /manage/login ...)
+	TODO: check
+CVE-2020-19280 (Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows ...)
+	TODO: check
 CVE-2020-19279
 	RESERVED
 CVE-2020-19278
@@ -183738,8 +183762,8 @@ CVE-2018-19959
 	RESERVED
 CVE-2018-19958
 	RESERVED
-CVE-2018-19957
-	RESERVED
+CVE-2018-19957 (A vulnerability involving insufficient HTTP security headers has been  ...)
+	TODO: check
 CVE-2018-19956 (The cross-site scripting vulnerability has been reported to affect ear ...)
 	NOT-FOR-US: QNAP
 CVE-2018-19955 (The cross-site scripting vulnerability has been reported to affect ear ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25a483c176cd90cee3767f655fee23fbddcf3296

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25a483c176cd90cee3767f655fee23fbddcf3296
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210910/e108e6e2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list