Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
413c5ffb by security tracker role at 2021-10-22T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2021-42812
+ RESERVED
+CVE-2021-42811
+ RESERVED
+CVE-2021-42810
+ RESERVED
+CVE-2021-42809
+ RESERVED
+CVE-2021-42808
+ RESERVED
+CVE-2021-42807
+ RESERVED
+CVE-2021-42806
+ RESERVED
+CVE-2021-42805
+ RESERVED
+CVE-2021-42804
+ RESERVED
+CVE-2021-42803
+ RESERVED
+CVE-2021-42802
+ RESERVED
+CVE-2021-42801
+ RESERVED
+CVE-2021-42800
+ RESERVED
+CVE-2021-42799
+ RESERVED
+CVE-2021-42798
+ RESERVED
+CVE-2021-42797
+ RESERVED
+CVE-2021-42796
+ RESERVED
+CVE-2021-42795
+ RESERVED
+CVE-2021-42794
+ RESERVED
CVE-2021-42793
RESERVED
CVE-2021-42792
@@ -4889,10 +4927,10 @@ CVE-2021-41171
RESERVED
CVE-2021-41170
RESERVED
-CVE-2021-41169
- RESERVED
-CVE-2021-41168
- RESERVED
+CVE-2021-41169 (Sulu is an open-source PHP content management system based on
the Symf ...)
+ TODO: check
+CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown
parser used ...)
+ TODO: check
CVE-2021-41167 (modern-async is an open source JavaScript tooling library for
asynchro ...)
TODO: check
CVE-2021-41166
@@ -4981,8 +5019,8 @@ CVE-2021-41129 (Pterodactyl is an open-source game server
management panel built
NOT-FOR-US: Pterodactyl
CVE-2021-41128 (Hygeia is an application for collecting and processing
personal and ca ...)
NOT-FOR-US: Hygeia
-CVE-2021-41127
- RESERVED
+CVE-2021-41127 (Rasa is an open source machine learning framework to automate
text-and ...)
+ TODO: check
CVE-2021-41126 (October is a Content Management System (CMS) and web platform
built on ...)
NOT-FOR-US: October CMS
CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for
Python. ...)
@@ -5938,8 +5976,8 @@ CVE-2021-40721 (Adobe Connect version 11.2.2 (and
earlier) is affected by a refl
NOT-FOR-US: Adobe
CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a
Deserialization o ...)
NOT-FOR-US: Adobe
-CVE-2021-40719
- RESERVED
+CVE-2021-40719 (Adobe Connect version 11.2.2 (and earlier) is affected by a
Deserializ ...)
+ TODO: check
CVE-2021-40718
RESERVED
CVE-2021-40717
@@ -9089,26 +9127,26 @@ CVE-2021-3731 (LedgerSMB does not sufficiently guard
against being wrapped by ot
{DSA-4962-1}
- ledgersmb 1.6.9+ds-2.1 (bug #992817)
NOTE: https://ledgersmb.org/cve-2021-3731-clickjacking
-CVE-2021-39357
- RESERVED
-CVE-2021-39356
- RESERVED
+CVE-2021-39357 (The Leaky Paywall WordPress plugin is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2021-39356 (The Content Staging WordPress plugin is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to
Stored Cross ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39354
- RESERVED
+CVE-2021-39354 (The Easy Digital Downloads WordPress plugin is vulnerable to
Reflected ...)
+ TODO: check
CVE-2021-39353
RESERVED
-CVE-2021-39352
- RESERVED
+CVE-2021-39352 (The Catch Themes Demo Import WordPress plugin is vulnerable to
arbitra ...)
+ TODO: check
CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to
authenticated SQL i ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable
to Refle ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39349 (The HAL WordPress plugin is vulnerable to Stored Cross-Site
Scripting ...)
+CVE-2021-39349 (The Author Bio Box WordPress plugin is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39348
- RESERVED
+CVE-2021-39348 (The LearnPress WordPress plugin is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a
capability ch ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39346
@@ -9147,8 +9185,8 @@ CVE-2021-39330 (The Formidable Form Builder WordPress
plugin is vulnerable to St
NOT-FOR-US: WordPress plugin
CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored
Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39328
- RESERVED
+CVE-2021-39328 (The Simple Job Board WordPress plugin is vulnerable to Stored
Cross-Si ...)
+ TODO: check
CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to
sensitive i ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39326
@@ -9161,8 +9199,8 @@ CVE-2021-39323
RESERVED
CVE-2021-39322 (The Easy Social Icons plugin <= 3.0.8 for WordPress echoes
out the ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39321
- RESERVED
+CVE-2021-39321 (Version 3.3.23 of the Sassy Social Share WordPress plugin is
vulnerabl ...)
+ TODO: check
CVE-2021-39320 (The underConstruction plugin <= 1.18 for WordPress echoes
out the r ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39319
@@ -15100,8 +15138,8 @@ CVE-2021-36871 (Multiple Authenticated Persistent
Cross-Site Scripting (XSS) vul
NOT-FOR-US: Wordpress plugin
CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS)
vulnerabi ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-36869
- RESERVED
+CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in
WordPress Ivory ...)
+ TODO: check
CVE-2021-36868
RESERVED
CVE-2021-36867
@@ -21017,8 +21055,8 @@ CVE-2021-34363 (The thefuck (aka The Fuck) package
before 3.31 for Python allows
[stretch] - thefuck <no-dsa> (Minor issue)
NOTE:
https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092
(3.31)
NOTE: https://github.com/nvbn/thefuck/pull/1206
-CVE-2021-34362
- RESERVED
+CVE-2021-34362 (A command injection vulnerability has been reported to affect
QNAP dev ...)
+ TODO: check
CVE-2021-34361
RESERVED
CVE-2021-34360
@@ -37825,8 +37863,8 @@ CVE-2021-27748
RESERVED
CVE-2021-27747
RESERVED
-CVE-2021-27746
- RESERVED
+CVE-2021-27746 ("HCL Connections Security Update for Reflected Cross-Site
Scripting (X ...)
+ TODO: check
CVE-2021-27745
RESERVED
CVE-2021-27744
@@ -51360,8 +51398,8 @@ CVE-2021-22036 (VMware vRealize Orchestrator ((8.x
prior to 8.6) contains an ope
NOT-FOR-US: VMware
CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a
CSV(Comma Se ...)
NOT-FOR-US: VMware
-CVE-2021-22034
- RESERVED
+CVE-2021-22034 (Releases prior to VMware vRealize Operations Tenant App 8.6
contain an ...)
+ TODO: check
CVE-2021-22033 (Releases prior to VMware vRealize Operations 8.6 contain a
Server Side ...)
NOT-FOR-US: VMware
CVE-2021-22032
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/413c5ffbee3f0e8876f366ab279be55803375d03
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/413c5ffbee3f0e8876f366ab279be55803375d03
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
