[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2021-34434/mosquitto

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 31 10:20:39 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
41d7dca4 by Salvatore Bonaccorso at 2021-08-31T11:18:45+02:00
Add CVE-2021-34434/mosquitto

- - - - -
216c030d by Salvatore Bonaccorso at 2021-08-31T11:18:46+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13321,7 +13321,8 @@ CVE-2021-34436
 CVE-2021-34435
 	RESERVED
 CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...)
-	TODO: check
+	- mosquitto <unfixed>
+	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324
 CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3 ...)
 	NOT-FOR-US: Eclipse Californium
 CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server will crash  ...)
@@ -37538,7 +37539,7 @@ CVE-2021-24669
 CVE-2021-24668
 	RESERVED
 CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered in : S ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-24666
 	RESERVED
 CVE-2021-24665 (The WP Video Lightbox WordPress plugin before 1.9.3 does not escape th ...)
@@ -43518,19 +43519,19 @@ CVE-2021-22029
 CVE-2021-22028
 	RESERVED
 CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...)
-	TODO: check
+	NOT-FOR-US: Vmware
 CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...)
-	TODO: check
+	NOT-FOR-US: Vmware
 CVE-2021-22025 (The vRealize Operations Manager API (8.x prior to 8.5) contains a brok ...)
-	TODO: check
+	NOT-FOR-US: Vmware
 CVE-2021-22024 (The vRealize Operations Manager API (8.x prior to 8.5) contains an arb ...)
-	TODO: check
+	NOT-FOR-US: Vmware
 CVE-2021-22023 (The vRealize Operations Manager API (8.x prior to 8.5) has insecure ob ...)
-	TODO: check
+	NOT-FOR-US: Vmware
 CVE-2021-22022 (The vRealize Operations Manager API (8.x prior to 8.5) contains an arb ...)
-	TODO: check
+	NOT-FOR-US: Vmware
 CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site S ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-22020
 	RESERVED
 CVE-2021-22019
@@ -44274,7 +44275,7 @@ CVE-2021-21743
 CVE-2021-21742
 	RESERVED
 CVE-2021-21741 (A conference management system of ZTE is impacted by a command executi ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21740 (There is an information leak vulnerability in the digital media player ...)
 	NOT-FOR-US: ZTE
 CVE-2021-21739 (A ZTE's product of the transport network access layer has a security v ...)
@@ -72526,7 +72527,7 @@ CVE-2020-22850
 CVE-2020-22849
 	RESERVED
 CVE-2020-22848 (A remote code execution (RCE) vulnerability in the \Playsong.php compo ...)
-	TODO: check
+	NOT-FOR-US: cscms
 CVE-2020-22847
 	RESERVED
 CVE-2020-22846
@@ -82288,19 +82289,19 @@ CVE-2020-18129 (A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add
 CVE-2020-18128
 	RESERVED
 CVE-2020-18127 (An issue in the /config/config.php component of Indexhibit 2.1.5 allow ...)
-	TODO: check
+	NOT-FOR-US: Indexhibit
 CVE-2020-18126 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Sect ...)
-	TODO: check
+	NOT-FOR-US: Indexhibit
 CVE-2020-18125 (A reflected cross-site scripting (XSS) vulnerability in the /plugin/aj ...)
-	TODO: check
+	NOT-FOR-US: Indexhibit
 CVE-2020-18124 (A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5  ...)
-	TODO: check
+	NOT-FOR-US: Indexhibit
 CVE-2020-18123 (A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5  ...)
-	TODO: check
+	NOT-FOR-US: Indexhibit
 CVE-2020-18122
 	RESERVED
 CVE-2020-18121 (A configuration issue in Indexhibit 2.1.5 allows authenticated attacke ...)
-	TODO: check
+	NOT-FOR-US: Indexhibit
 CVE-2020-18120
 	RESERVED
 CVE-2020-18119



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/63957298ddd9f85974068f10b74465598ee75e44...216c030ddbddc572f15916a28fb9fc60e508b166

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/63957298ddd9f85974068f10b74465598ee75e44...216c030ddbddc572f15916a28fb9fc60e508b166
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210831/f281bec9/attachment.htm>

More information about the debian-security-tracker-commits mailing list