[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Tue Apr 27 11:08:28 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cd915a82 by Moritz Muehlenhoff at 2021-04-27T12:08:00+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -135,9 +135,9 @@ CVE-2021-31786
CVE-2021-31785
RESERVED
CVE-2021-31784 (An out-of-bounds write vulnerability exists in the file-reading proced ...)
- TODO: check
+ NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-31783 (show_default.php in the LocalFilesEditor extension before 11.4.0.1 for ...)
- TODO: check
+ NOT-FOR-US: Piwigo extension
CVE-2021-31782
RESERVED
CVE-2021-31781
@@ -275,7 +275,7 @@ CVE-2021-31720
CVE-2021-31719
RESERVED
CVE-2021-31718 (The server in npupnp before 4.1.4 is affected by DNS rebinding in the ...)
- TODO: check
+ NOT-FOR-US: npupnp
CVE-2021-31717
RESERVED
CVE-2021-31716
@@ -287,7 +287,7 @@ CVE-2021-31714
CVE-2021-31713
RESERVED
CVE-2021-31712 (react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a j ...)
- TODO: check
+ NOT-FOR-US: react-draft-wysiwyg
CVE-2021-31711
RESERVED
CVE-2021-31710
@@ -369,7 +369,7 @@ CVE-2021-31673
CVE-2021-31672
RESERVED
CVE-2021-31671 (pgsync before 0.6.7 is affected by Information Disclosure of sensitive ...)
- TODO: check
+ NOT-FOR-US: pgsync
CVE-2021-31670
RESERVED
CVE-2021-31669
@@ -419,7 +419,7 @@ CVE-2021-31648
CVE-2021-31647
RESERVED
CVE-2021-31646 (Gestsup before 3.2.10 allows account takeover through the password rec ...)
- TODO: check
+ NOT-FOR-US: Gestsup
CVE-2021-31645
RESERVED
CVE-2021-31644
@@ -2588,7 +2588,7 @@ CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or De
CVE-2021-30636
RESERVED
CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...)
- TODO: check
+ NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2021-30634
RESERVED
CVE-2021-30633
@@ -3625,7 +3625,7 @@ CVE-2021-30167
CVE-2021-30166
RESERVED
CVE-2021-30165 (The default administrator account & password of the EDIMAX wireles ...)
- TODO: check
+ NOT-FOR-US: EDIMAX
CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...)
- redmine <unfixed> (bug #986800)
CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...)
@@ -5233,7 +5233,7 @@ CVE-2021-29476
CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
NOT-FOR-US: HedgeDoc
CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
- TODO: check
+ NOT-FOR-US: HedgeDoc
CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
@@ -8533,7 +8533,7 @@ CVE-2021-28081
CVE-2021-28080
RESERVED
CVE-2021-28079 (Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnera ...)
- TODO: check
+ NOT-FOR-US: Jamovi
CVE-2021-28078
RESERVED
CVE-2021-28077
@@ -13592,9 +13592,9 @@ CVE-2021-25930
CVE-2021-25929
RESERVED
CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through ...)
- TODO: check
+ NOT-FOR-US: Node safe-obj
CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 throug ...)
- TODO: check
+ NOT-FOR-US: Node safe-flat
CVE-2021-25926 (In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Re ...)
NOT-FOR-US: SiCKRAGE
CVE-2021-25925 (in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored C ...)
@@ -14043,9 +14043,9 @@ CVE-2021-25841
CVE-2021-25840
RESERVED
CVE-2021-25839 (A weak password requirement vulnerability exists in the Create New Use ...)
- TODO: check
+ NOT-FOR-US: MintHCM
CVE-2021-25838 (The Import function in MintHCM RELEASE 3.0.8 allows an attacker to exe ...)
- TODO: check
+ NOT-FOR-US: MintHCM
CVE-2021-25837 (Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle i ...)
NOT-FOR-US: Cosmos Network Ethermint
CVE-2021-25836 (Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd915a8237269683ec0753cd94d2049b550af772
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd915a8237269683ec0753cd94d2049b550af772
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210427/2756da91/attachment.htm>
More information about the debian-security-tracker-commits
mailing list