[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Dec 13 15:04:45 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
04d38433 by Moritz Muehlenhoff at 2021-12-13T16:04:19+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...)
- TODO: check
+ NOT-FOR-US: CLI for Amazon AWS OpenSearch
CVE-2021-4103
RESERVED
CVE-2021-44832
@@ -107,7 +107,7 @@ CVE-2021-4099
CVE-2021-4098
RESERVED
CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Sequence ...)
- TODO: check
+ NOT-FOR-US: phpservermon
CVE-2021-4096
RESERVED
CVE-2022-21822
@@ -159,7 +159,7 @@ CVE-2021-4093
NOTE: https://git.kernel.org/linus/95e16b4792b0429f1933872f743410f00e590c55 (5.15-rc7)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584
CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: yetiforcecrm
CVE-2021-4091
RESERVED
CVE-2021-4090 [Overflow of bmval[bmlen-1] in nfsd4_decode_bitmap function]
@@ -965,7 +965,7 @@ CVE-2021-44517
CVE-2021-44516
RESERVED
CVE-2021-44515 (Zoho ManageEngine Desktop Central is vulnerable to authentication bypa ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2021-44514 (OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles a ...)
NOT-FOR-US: ManageEngine
CVE-2021-44513 (Insecure creation of temporary directories in tmate-ssh-server 2.3.0 a ...)
@@ -2963,7 +2963,7 @@ CVE-2021-43812
CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neural Ma ...)
NOT-FOR-US: Sockeye
CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2021-43809 (`Bundler` is a package for managing application dependencies in Ruby. ...)
TODO: check
CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...)
@@ -2979,7 +2979,7 @@ CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails
CVE-2021-43804
RESERVED
CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12.0.5 o ...)
- TODO: check
+ NOT-FOR-US: next.js
CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...)
TODO: check
CVE-2021-43801
@@ -6859,11 +6859,11 @@ CVE-2021-42998
CVE-2021-42997
RESERVED
CVE-2021-42996 (Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in th ...)
- TODO: check
+ NOT-FOR-US: Donglify
CVE-2021-42995
RESERVED
CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the ...)
- TODO: check
+ NOT-FOR-US: Donglify
CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x ...)
NOT-FOR-US: FlexiHub For Windows
CVE-2021-42992
@@ -12209,7 +12209,7 @@ CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter noteb
NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7
NOTE: https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
CVE-2021-41246 (Express OpenID Connect is express JS middleware implementing sign on f ...)
- TODO: check
+ NOT-FOR-US: Express OpenID Connect
CVE-2021-41245
RESERVED
CVE-2021-41244 (Grafana is an open-source platform for monitoring and observability. I ...)
@@ -12592,7 +12592,7 @@ CVE-2021-41091 (Moby is an open-source project created by Docker to enable softw
NOTE: https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
NOTE: https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
CVE-2021-41090 (Grafana Agent is a telemetry collector for sending metrics, logs, and ...)
- TODO: check
+ NOT-FOR-US: Grafana Agent
CVE-2021-41089 (Moby is an open-source project created by Docker to enable software co ...)
- docker.io 20.10.10+dfsg1-1
[bullseye] - docker.io <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04d3843308d5d78611feac624775d90c00c49c48
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04d3843308d5d78611feac624775d90c00c49c48
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211213/8042eb17/attachment.htm>
More information about the debian-security-tracker-commits
mailing list