[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Apr 27 11:08:28 BST 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd915a82 by Moritz Muehlenhoff at 2021-04-27T12:08:00+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -135,9 +135,9 @@ CVE-2021-31786
 CVE-2021-31785
 	RESERVED
 CVE-2021-31784 (An out-of-bounds write vulnerability exists in the file-reading proced ...)
-	TODO: check
+	NOT-FOR-US: Open Design Alliance Drawings SDK
 CVE-2021-31783 (show_default.php in the LocalFilesEditor extension before 11.4.0.1 for ...)
-	TODO: check
+	NOT-FOR-US: Piwigo extension
 CVE-2021-31782
 	RESERVED
 CVE-2021-31781
@@ -275,7 +275,7 @@ CVE-2021-31720
 CVE-2021-31719
 	RESERVED
 CVE-2021-31718 (The server in npupnp before 4.1.4 is affected by DNS rebinding in the  ...)
-	TODO: check
+	NOT-FOR-US: npupnp
 CVE-2021-31717
 	RESERVED
 CVE-2021-31716
@@ -287,7 +287,7 @@ CVE-2021-31714
 CVE-2021-31713
 	RESERVED
 CVE-2021-31712 (react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a j ...)
-	TODO: check
+	NOT-FOR-US: react-draft-wysiwyg
 CVE-2021-31711
 	RESERVED
 CVE-2021-31710
@@ -369,7 +369,7 @@ CVE-2021-31673
 CVE-2021-31672
 	RESERVED
 CVE-2021-31671 (pgsync before 0.6.7 is affected by Information Disclosure of sensitive ...)
-	TODO: check
+	NOT-FOR-US: pgsync
 CVE-2021-31670
 	RESERVED
 CVE-2021-31669
@@ -419,7 +419,7 @@ CVE-2021-31648
 CVE-2021-31647
 	RESERVED
 CVE-2021-31646 (Gestsup before 3.2.10 allows account takeover through the password rec ...)
-	TODO: check
+	NOT-FOR-US: Gestsup
 CVE-2021-31645
 	RESERVED
 CVE-2021-31644
@@ -2588,7 +2588,7 @@ CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or De
 CVE-2021-30636
 	RESERVED
 CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...)
-	TODO: check
+	NOT-FOR-US: Sonatype Nexus Repository Manager
 CVE-2021-30634
 	RESERVED
 CVE-2021-30633
@@ -3625,7 +3625,7 @@ CVE-2021-30167
 CVE-2021-30166
 	RESERVED
 CVE-2021-30165 (The default administrator account & password of the EDIMAX wireles ...)
-	TODO: check
+	NOT-FOR-US: EDIMAX
 CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...)
 	- redmine <unfixed> (bug #986800)
 CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...)
@@ -5233,7 +5233,7 @@ CVE-2021-29476
 CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
 	NOT-FOR-US: HedgeDoc
 CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
-	TODO: check
+	NOT-FOR-US: HedgeDoc
 CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
@@ -8533,7 +8533,7 @@ CVE-2021-28081
 CVE-2021-28080
 	RESERVED
 CVE-2021-28079 (Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnera ...)
-	TODO: check
+	NOT-FOR-US: Jamovi
 CVE-2021-28078
 	RESERVED
 CVE-2021-28077
@@ -13592,9 +13592,9 @@ CVE-2021-25930
 CVE-2021-25929
 	RESERVED
 CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through ...)
-	TODO: check
+	NOT-FOR-US: Node safe-obj
 CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 throug ...)
-	TODO: check
+	NOT-FOR-US: Node safe-flat
 CVE-2021-25926 (In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Re ...)
 	NOT-FOR-US: SiCKRAGE
 CVE-2021-25925 (in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored C ...)
@@ -14043,9 +14043,9 @@ CVE-2021-25841
 CVE-2021-25840
 	RESERVED
 CVE-2021-25839 (A weak password requirement vulnerability exists in the Create New Use ...)
-	TODO: check
+	NOT-FOR-US: MintHCM
 CVE-2021-25838 (The Import function in MintHCM RELEASE 3.0.8 allows an attacker to exe ...)
-	TODO: check
+	NOT-FOR-US: MintHCM
 CVE-2021-25837 (Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle i ...)
 	NOT-FOR-US: Cosmos Network Ethermint
 CVE-2021-25836 (Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd915a8237269683ec0753cd94d2049b550af772

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd915a8237269683ec0753cd94d2049b550af772
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210427/2756da91/attachment.htm>


More information about the debian-security-tracker-commits mailing list