[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 23 21:31:41 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b33eb94a by Salvatore Bonaccorso at 2021-04-23T22:31:19+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -463,9 +463,9 @@ CVE-2021-31542
CVE-2021-31541
RESERVED
CVE-2021-31540 (Wowza Streaming Engine through 4.8.5 (in a default installation) has i ...)
- TODO: check
+ NOT-FOR-US: Wowza Streaming Engine
CVE-2021-31539 (Wowza Streaming Engine through 4.8.5 (in a default installation) has c ...)
- TODO: check
+ NOT-FOR-US: Wowza Streaming Engine
CVE-2021-31538
RESERVED
CVE-2021-31537
@@ -775,21 +775,21 @@ CVE-2021-31412
CVE-2021-31411
RESERVED
CVE-2021-31410 (Overly relaxed configuration of frontend resources server in Vaadin De ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2021-31409
RESERVED
CVE-2021-31408 (Authentication.logout() helper in com.vaadin:flow-client versions 5.0. ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2021-31407 (Vulnerability in OSGi integration in com.vaadin:flow-server versions 1 ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2021-31406 (Non-constant-time comparison of CSRF tokens in endpoint request handle ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2021-31405 (Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-t ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2021-31404 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2021-31403 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2021-3502 [reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames]
RESERVED
- avahi <unfixed> (bug #986018)
@@ -2403,17 +2403,17 @@ CVE-2021-30640
CVE-2021-30639
RESERVED
CVE-2020-36321 (Improper URL validation in development mode handler in com.vaadin:flow ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2020-36320 (Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-s ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2020-36319 (Insecure configuration of default ObjectMapper in com.vaadin:flow-serv ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2019-25028 (Missing variable sanitization in Grid component in com.vaadin:vaadin-s ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2019-25027 (Missing output sanitization in default RouteNotFoundError view in com. ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2018-25007 (Missing check in UIDL request handler in com.vaadin:flow-server versio ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2017-20003
REJECTED
CVE-2021-30638
@@ -11020,9 +11020,9 @@ CVE-2021-26912 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows una
CVE-2021-26911 (core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL ...)
NOT-FOR-US: Canary Mail
CVE-2021-26909 (Automox Agent prior to version 31 uses an insufficiently protected S3 ...)
- TODO: check
+ NOT-FOR-US: Automox Agent
CVE-2021-26908 (Automox Agent prior to version 31 logs potentially sensitive informati ...)
- TODO: check
+ NOT-FOR-US: Automox Agent
CVE-2021-26907
RESERVED
CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...)
@@ -20312,7 +20312,7 @@ CVE-2021-22895
CVE-2021-22894
RESERVED
CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authen ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2021-22892
RESERVED
CVE-2021-22891
@@ -20916,7 +20916,7 @@ CVE-2021-22684
CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
NOT-FOR-US: Fatek FvDesigner
CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4) is configured by default to be ...)
- TODO: check
+ NOT-FOR-US: Cscape
CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, ...)
NOT-FOR-US: Rockwell Automation
CVE-2021-22680
@@ -20924,7 +20924,7 @@ CVE-2021-22680
CVE-2021-22679
RESERVED
CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper validation of use ...)
- TODO: check
+ NOT-FOR-US: Cscape
CVE-2021-22677
RESERVED
CVE-2021-22676
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b33eb94a91a6ac1e889c8644a565d3b65310e353
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b33eb94a91a6ac1e889c8644a565d3b65310e353
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210423/ffd78fa1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list