[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Apr 28 10:17:04 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ec5867a by Moritz Muehlenhoff at 2021-04-28T11:16:46+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,19 +3,15 @@ CVE-2021-3519
 CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to lear ...)
 	- redmine <unfixed>
 	NOTE: https://www.redmine.org/news/131
-	TODO: check fixing commit
 CVE-2021-31865 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...)
 	- redmine <unfixed>
 	NOTE: https://www.redmine.org/news/131
-	TODO: check fixing commit
 CVE-2021-31864 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...)
 	- redmine <unfixed>
 	NOTE: https://www.redmine.org/news/131
-	TODO: check fixing commit
 CVE-2021-31863 (Insufficient input validation in the Git repository integration of Red ...)
 	- redmine <unfixed>
 	NOTE: https://www.redmine.org/news/131
-	TODO: check fixing commit
 CVE-2021-31862
 	RESERVED
 CVE-2021-31861
@@ -29,7 +25,7 @@ CVE-2021-31858
 CVE-2021-31857
 	RESERVED
 CVE-2021-31856 (A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2  ...)
-	TODO: check
+	NOT-FOR-US: Layer Meshery
 CVE-2021-31855
 	RESERVED
 CVE-2021-31854
@@ -173,7 +169,7 @@ CVE-2019-25031 (Unbound before 1.9.5 allows configuration injection in create_un
 CVE-2021-3513
 	NOT-FOR-US: Keycloak
 CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on A ...)
-	TODO: check
+	NOT-FOR-US: GAEN (aka Google/Apple Exposure Notifications)
 CVE-2021-31814
 	RESERVED
 CVE-2021-31813
@@ -258,11 +254,11 @@ CVE-2021-31781
 CVE-2021-31780 (In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing grou ...)
 	NOT-FOR-US: MISP
 CVE-2021-31779 (The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows  ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension
 CVE-2021-31778 (The media2click (aka 2 Clicks for External Media) extension 1.x before ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension
 CVE-2021-31777 (The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x be ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension
 CVE-2019-25030
 	RESERVED
 CVE-2019-25029
@@ -686,9 +682,9 @@ CVE-2021-31574
 CVE-2021-31573
 	RESERVED
 CVE-2021-3512 (Improper access control vulnerability in Buffalo broadband routers (BH ...)
-	TODO: check
+	NOT-FOR-US: Buffalo
 CVE-2021-3511 (Disclosure of sensitive information to an unauthorized user vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Buffalo
 CVE-2021-31572 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...)
 	NOT-FOR-US: Amazon Web Services FreeRTOS kernel
 CVE-2021-31571 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...)
@@ -5398,7 +5394,7 @@ CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of U
 CVE-2021-29461 (### Impact - This issue could be exploited to read internal files from ...)
 	NOT-FOR-US: Discord-Recon
 CVE-2021-29460 (Kirby is an open source CMS. An editor with write access to the Kirby  ...)
-	TODO: check
+	NOT-FOR-US: Kirby CMS
 CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
@@ -8979,7 +8975,7 @@ CVE-2021-27935 (An issue was discovered in AdGuard before 0.105.2. An attacker a
 CVE-2021-27934
 	RESERVED
 CVE-2021-27933 (pfSense 2.5.0 allows XSS via the services_wol_edit.php Description fie ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2021-27932
 	RESERVED
 CVE-2021-27931 (LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthent ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ec5867a9a4177e8db89e906a5546c293f45fd68

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ec5867a9a4177e8db89e906a5546c293f45fd68
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210428/f0e24212/attachment.htm>

More information about the debian-security-tracker-commits mailing list