[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Apr 7 07:59:42 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
78cb1d29 by Moritz Muehlenhoff at 2021-04-07T08:53:20+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -96,19 +96,20 @@ CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the q
- ruby-sidekiq <unfixed>
NOTE: https://github.com/mperham/sidekiq/issues/4852
CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...)
- TODO: check
+ NOT-FOR-US: Composr
CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...)
- TODO: check
+ NOT-FOR-US: Composr
CVE-2021-30148
RESERVED
CVE-2021-30147
RESERVED
CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library f ...)
- TODO: check
+ - seafile-client <undetermined>
+ NOTE: https://github.com/Security-AVS/CVE-2021-30146
CVE-2021-30145
RESERVED
CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileg ...)
- TODO: check
+ NOT-FOR-US: GLPI plugin
CVE-2021-30143
RESERVED
CVE-2021-30142
@@ -116,7 +117,7 @@ CVE-2021-30142
CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica through 202 ...)
NOT-FOR-US: Friendica
CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email" functionali ...)
- TODO: check
+ NOT-FOR-US: LiquidFiles
CVE-2021-30139
RESERVED
CVE-2021-30138
@@ -14132,9 +14133,9 @@ CVE-2021-24029 (A packet of death scenario is possible in mvfst via a specially
CVE-2021-24028
RESERVED
CVE-2021-24027 (A cache configuration issue prior to WhatsApp for Android v2.21.4.18 a ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2021-24026 (A missing bounds check within the audio decoding pipeline for WhatsApp ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2021-24025 (Due to incorrect string size calculations inside the preg_quote functi ...)
- hhvm <removed>
CVE-2021-24024
@@ -15665,7 +15666,7 @@ CVE-2021-23365
CVE-2021-23364
RESERVED
CVE-2021-23363 (This affects the package kill-by-port before 0.0.2. If (attacker-contr ...)
- TODO: check
+ NOT-FOR-US: Node kill-by-port
CVE-2021-23362 (The package hosted-git-info before 3.0.8 are vulnerable to Regular Exp ...)
- node-hosted-git-info 3.0.8-1
[buster] - node-hosted-git-info <no-dsa> (Minor issue)
@@ -15704,7 +15705,7 @@ CVE-2021-23350
CVE-2021-23349
RESERVED
CVE-2021-23348 (This affects the package portprocesses before 1.0.5. If (attacker-cont ...)
- TODO: check
+ NOT-FOR-US: Node portprocesses
CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 ...)
NOT-FOR-US: argo-cd
CVE-2021-23346 (This affects the package html-parse-stringify before 2.0.1; all versio ...)
@@ -18173,21 +18174,21 @@ CVE-2021-22205
CVE-2021-22204
RESERVED
CVE-2021-22203 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22202 (An issue has been discovered in GitLab CE/EE affecting all previous ve ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22201 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22200 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22199
RESERVED
CVE-2021-22198 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22197 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22196 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0 and earl ...)
NOT-FOR-US: gitlab-vscode-extension
CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled session keys ...)
@@ -18236,7 +18237,7 @@ CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. G
CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE version 1 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2021-22175
@@ -21055,11 +21056,11 @@ CVE-2021-21425
CVE-2021-21424
RESERVED
CVE-2021-21423 (`projen` is a project generation tool that synthesizes project configu ...)
- TODO: check
+ NOT-FOR-US: projen
CVE-2021-21422
RESERVED
CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client. Applications that a ...)
- TODO: check
+ NOT-FOR-US: node-etsy-client
CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A vulnerability ...)
NOT-FOR-US: vscode-stripe Visual Studio Code extension
CVE-2021-21419
@@ -23719,7 +23720,7 @@ CVE-2021-20336 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cro
CVE-2021-20335 (For MongoDB Ops Manager 4.2.X with multiple OM application servers, th ...)
NOT-FOR-US: MongoDB Ops Manager
CVE-2021-20334 (A malicious 3rd party with local access to the Windows machine where M ...)
- TODO: check
+ NOT-FOR-US: MongoDB Compass
CVE-2021-20333
RESERVED
CVE-2021-20332
@@ -27306,7 +27307,7 @@ CVE-2021-1801 (This issue was addressed with improved iframe sandbox enforcement
- wpewebkit 2.30.6-1
NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
CVE-2021-1800 (A path handling issue was addressed with improved validation. This iss ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1799 (A port redirection issue was addressed with additional port validation ...)
{DSA-4877-1}
- webkit2gtk 2.30.6-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78cb1d29c95db34996aa31bee44824c0001e9490
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78cb1d29c95db34996aa31bee44824c0001e9490
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210407/3864d33e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list