[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Aug 10 12:28:14 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d1e1ada1 by Moritz Mühlenhoff at 2021-08-10T13:28:01+02:00
NFUs
new gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -107,7 +107,7 @@ CVE-2021-38313
CVE-2021-38312
RESERVED
CVE-2021-38311 (In Contiki 3.0, potential nonterminating acknowledgment loops exist in ...)
- TODO: check
+ NOT-FOR-US: Contiki
CVE-2021-38310
RESERVED
CVE-2021-38309
@@ -119,7 +119,7 @@ CVE-2021-38307
CVE-2021-38306
RESERVED
CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute arbitra ...)
- TODO: check
+ NOT-FOR-US: 23andMe Yamale
CVE-2021-38304
RESERVED
CVE-2021-38303
@@ -1230,7 +1230,6 @@ CVE-2021-3673 (A vulnerability was found in Radare2 in version 5.3.1. Improper i
- radare2 <unfixed>
NOTE: https://github.com/radareorg/radare2/issues/18923
NOTE: https://github.com/radareorg/radare2/commit/d7ea20fb2e1433ebece9f004d87ad8f2377af23d
- TODO: check details
CVE-2021-37838
RESERVED
CVE-2021-37837
@@ -1668,9 +1667,9 @@ CVE-2021-37636
CVE-2021-37635
RESERVED
CVE-2021-37634 (Leafkit is a templating language with Swift-inspired syntax. Versions ...)
- TODO: check
+ NOT-FOR-US: Leafkit
CVE-2021-37633 (Discourse is an open source discussion platform. In versions prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2021-37632 (SuperMartijn642's Config Lib is a library used by a number of mods for ...)
NOT-FOR-US: SuperMartijn642's Config Lib (lib for Minecraft)
CVE-2021-37631
@@ -1822,7 +1821,7 @@ CVE-2021-37575
CVE-2021-37574
RESERVED
CVE-2021-37573 (A reflected cross-site scripting (XSS) vulnerability in the web server ...)
- TODO: check
+ NOT-FOR-US: TTiny Java Web Server and Servlet Container (TJWS)
CVE-2021-37572
RESERVED
CVE-2021-37571
@@ -2585,15 +2584,15 @@ CVE-2021-3658
CVE-2021-37216 (QSAN Storage Manager header page parameters does not filter special ch ...)
NOT-FOR-US: QSAN Storage Manager
CVE-2021-37215 (The employee management page of Flygo contains an Insecure Direct Obje ...)
- TODO: check
+ NOT-FOR-US: Flygo
CVE-2021-37214 (The employee management page of Flygo contains Insecure Direct Object ...)
- TODO: check
+ NOT-FOR-US: Flygo
CVE-2021-37213 (The check-in record page of Flygo contains Insecure Direct Object Refe ...)
- TODO: check
+ NOT-FOR-US: Flygo
CVE-2021-37212 (The bulletin function of Flygo contains Insecure Direct Object Referen ...)
- TODO: check
+ NOT-FOR-US: Flygo
CVE-2021-37211 (The bulletin function of Flygo does not filter special characters whil ...)
- TODO: check
+ NOT-FOR-US: Flygo
CVE-2021-37210
RESERVED
CVE-2021-37209
@@ -3498,13 +3497,13 @@ CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code injecti
CVE-2021-36799 (KNX ETS5 uses the hard-coded password ETS5Password, with a salt value ...)
NOT-FOR-US: KNX ETS5
CVE-2021-36798 (A Denial-of-Service (DoS) vulnerability was discovered in Team Server ...)
- TODO: check
+ NOT-FOR-US: HelpSystems Cobalt Strike
CVE-2021-36797 (** DISPUTED ** In Victron Energy Venus OS through 2.72, root access is ...)
NOT-FOR-US: Victron Energy Venus OS
CVE-2021-36796
RESERVED
CVE-2021-36795 (A permission issue in the Cohesity Linux agent may allow privilege esc ...)
- TODO: check
+ NOT-FOR-US: Cohesity
CVE-2021-36794
RESERVED
CVE-2021-36793
@@ -4678,9 +4677,9 @@ CVE-2021-36279
CVE-2021-36278
RESERVED
CVE-2021-36277 (Dell Command Update, Dell Update, and Alienware Update versions prior ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36276 (Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insuffic ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36275
RESERVED
CVE-2021-36274
@@ -4947,9 +4946,9 @@ CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and othe
CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...)
- xrdp <not-affected> (xrdp as packaged in Alpine)
CVE-2021-36157 (An issue was discovered in Grafana Cortex through 1.9.0. The header va ...)
- TODO: check
+ NOT-FOR-US: Grafana Cortex
CVE-2021-36156 (An issue was discovered in Grafana Loki through 2.2.1. The header valu ...)
- TODO: check
+ NOT-FOR-US: Grafana Loki
CVE-2021-36155 (LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates ...)
NOT-FOR-US: gRPC Swift
CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remot ...)
@@ -8399,9 +8398,9 @@ CVE-2021-34663
CVE-2021-34662
RESERVED
CVE-2021-34661 (The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-34660 (The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-S ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-34659
RESERVED
CVE-2021-34658
@@ -11626,7 +11625,7 @@ CVE-2021-33258
CVE-2021-33257
RESERVED
CVE-2021-33256 (A CSV injection vulnerability on the login panel of ManageEngine ADSel ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2021-33255
RESERVED
CVE-2021-33254
@@ -19975,7 +19974,7 @@ CVE-2021-29980
CVE-2021-29979 (Hubs Cloud allows users to download shared content, specifically HTML ...)
NOT-FOR-US: Hubs Cloud
CVE-2021-29978 (Multiple low security issues were discovered and fixed in a security a ...)
- TODO: check
+ NOT-FOR-US: Mozilla VPN
CVE-2021-29977 (Mozilla developers reported memory safety bugs present in Firefox 89. ...)
- firefox 90.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29977
@@ -20622,7 +20621,7 @@ CVE-2021-29716
CVE-2021-29715
RESERVED
CVE-2021-29714 (IBM Content Navigator 3.0.CD could allow a malicious user to cause a d ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29713
RESERVED
CVE-2021-29712 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
@@ -28381,7 +28380,7 @@ CVE-2021-3353
CVE-2021-3352
RESERVED
CVE-2021-3351 (OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device ...)
- TODO: check
+ NOT-FOR-US: OpenPLC
CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS ...)
NOT-FOR-US: Delete Account plugin for MyBB
CVE-2021-3349 (** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signat ...)
@@ -33279,11 +33278,11 @@ CVE-2021-24524
CVE-2021-24523
RESERVED
CVE-2021-24522 (The User Registration, User Profile, Login & Membership – Pr ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24521 (The Side Menu Lite – add sticky fixed buttons WordPress plugin b ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24520 (The Stock in & out WordPress plugin through 1.0.4 lacks proper san ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24519
RESERVED
CVE-2021-24518
@@ -33305,27 +33304,27 @@ CVE-2021-24511
CVE-2021-24510
RESERVED
CVE-2021-24509 (The Page View Count WordPress plugin before 2.4.9 does not escape the ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24508
RESERVED
CVE-2021-24507 (The Astra Pro Addon WordPress plugin before 3.5.2 did not properly san ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24506
RESERVED
CVE-2021-24505 (The Forms WordPress plugin before 1.12.3 did not sanitise its input fi ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24504 (The WP LMS – Best WordPress LMS Plugin WordPress plugin through ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24503 (The Popular Brand Icons – Simple Icons WordPress plugin before 2 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24502 (The WP Google Map WordPress plugin before 1.7.7 did not sanitise or es ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24501 (The Workreap WordPress theme before 2.2.2 had several AJAX actions mis ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2021-24500 (Several AJAX actions available in the Workreap WordPress theme before ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2021-24499 (The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_ ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2021-24498 (The Calendar Event Multi View WordPress plugin before 1.4.01 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24497
@@ -33333,7 +33332,7 @@ CVE-2021-24497
CVE-2021-24496 (The Community Events WordPress plugin before 1.4.8 does not sanitise, ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24495 (The Marmoset Viewer WordPress plugin before 1.9.3 does not property sa ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24494 (The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape s ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24493
@@ -33389,7 +33388,7 @@ CVE-2021-24469
CVE-2021-24468 (The Leaflet Map WordPress plugin before 3.0.0 does not escape some sho ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24467 (The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24466
RESERVED
CVE-2021-24465
@@ -33715,7 +33714,7 @@ CVE-2021-24306 (The Ultimate Member – User Profile, User Registration, Log
CVE-2021-24305 (The Target First WordPress Plugin v2.0, also previously known as Watch ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24304 (The Newsmag WordPress theme before 5.0 does not sanitise the td_block_ ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2021-24303
RESERVED
CVE-2021-24302 (The Hana Flv Player WordPress plugin through 3.1.3 is vulnerable to an ...)
@@ -36885,7 +36884,7 @@ CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from an information disclosur
CVE-2021-22911 (A improper input sanitization vulnerability exists in Rocket.Chat serv ...)
NOT-FOR-US: Rocket.Chat
CVE-2021-22910 (A sanitization vulnerability exists in Rocket.Chat server versions < ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2021-22909 (A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could a ...)
NOT-FOR-US: EdgeMAX EdgeRouter
CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File Resource Profil ...)
@@ -38447,9 +38446,9 @@ CVE-2021-22243
CVE-2021-22242
RESERVED
CVE-2021-22241 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22240 (Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14 ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2021-22239
RESERVED
- gitlab <unfixed>
@@ -38473,7 +38472,7 @@ CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-06.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17462
CVE-2021-22234 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions 13.10 an ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22232 (HTML injection was possible via the full name field before versions 13 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1e1ada188b85717f69be2be11fdac7d3599bfd3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1e1ada188b85717f69be2be11fdac7d3599bfd3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210810/05463713/attachment.htm>
More information about the debian-security-tracker-commits
mailing list