[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Feb 10 17:00:11 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
764e3865 by Moritz Muehlenhoff at 2021-02-10T17:59:39+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -398,7 +398,7 @@ CVE-2021-26923
 CVE-2021-26922
 	RESERVED
 CVE-2021-26921 (In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens cont ...)
-	TODO: check
+	NOT-FOR-US: Argo CD
 CVE-2021-26920
 	RESERVED
 CVE-2021-26919
@@ -830,7 +830,7 @@ CVE-2021-26721
 CVE-2021-26720
 	RESERVED
 CVE-2021-26719 (A directory traversal issue was discovered in Gradle gradle-enterprise ...)
-	TODO: check
+	NOT-FOR-US: gradle-enterprise-test-distribution-agent
 CVE-2021-26718
 	RESERVED
 CVE-2021-26717
@@ -1107,7 +1107,7 @@ CVE-2021-26598
 CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows r ...)
 	NOT-FOR-US: Pryaniki
 CVE-2021-3394 (Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.3 ...)
-	TODO: check
+	NOT-FOR-US: Millennium Millewin
 CVE-2021-3393
 	RESERVED
 CVE-2021-3392 [scsi: mptsas: use-after-free while processing io requests]
@@ -1224,11 +1224,11 @@ CVE-2021-26553
 CVE-2021-26552
 	RESERVED
 CVE-2021-26551 (An issue was discovered in SmartFoxServer 2.17.0. An attacker can exec ...)
-	TODO: check
+	NOT-FOR-US: SmartFoxServer
 CVE-2021-26550 (An issue was discovered in SmartFoxServer 2.17.0. Cleartext password d ...)
-	TODO: check
+	NOT-FOR-US: SmartFoxServer
 CVE-2021-26549 (An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to  ...)
-	TODO: check
+	NOT-FOR-US: SmartFoxServer
 CVE-2021-3386
 	RESERVED
 CVE-2021-3385
@@ -1258,11 +1258,11 @@ CVE-2021-26543
 CVE-2021-26542
 	RESERVED
 CVE-2021-26541 (The gitlog function in src/index.ts in gitlog before 4.0.4 has a comma ...)
-	TODO: check
+	NOT-FOR-US: Node gitlog
 CVE-2021-26540 (Apostrophe Technologies sanitize-html before 2.3.2 does not properly v ...)
-	TODO: check
+	NOT-FOR-US: sanitize-html
 CVE-2021-26539 (Apostrophe Technologies sanitize-html before 2.3.1 does not properly h ...)
-	TODO: check
+	NOT-FOR-US: sanitize-html
 CVE-2021-3379
 	RESERVED
 CVE-2021-3378 (FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a  ...)
@@ -1342,11 +1342,14 @@ CVE-2021-26532
 CVE-2021-26531
 	RESERVED
 CVE-2021-26530 (The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compile ...)
-	TODO: check
+	NOT-FOR-US: Cesanta Mongoose
+	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
 CVE-2021-26529 (The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7- ...)
-	TODO: check
+	NOT-FOR-US: Cesanta Mongoose
+	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
 CVE-2021-26528 (The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is ...)
-	TODO: check
+	NOT-FOR-US: Cesanta Mongoose
+	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
 CVE-2021-26527
 	RESERVED
 CVE-2021-26526
@@ -2770,7 +2773,7 @@ CVE-2021-25915
 CVE-2021-25914
 	RESERVED
 CVE-2021-25913 (Prototype pollution vulnerability in ‘set-or-get’ version  ...)
-	TODO: check
+	NOT-FOR-US: Node set-or-get
 CVE-2021-25912 (Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0. ...)
 	NOT-FOR-US: Node dotty
 CVE-2018-25003
@@ -3533,7 +3536,7 @@ CVE-2021-3193 (Improper access and command validation in the Nagios Docker Confi
 CVE-2021-3192
 	RESERVED
 CVE-2021-3191 (Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, a ...)
-	TODO: check
+	NOT-FOR-US: Idelji Web ViewPoint
 CVE-2021-3190 (The async-git package before 1.13.2 for Node.js allows OS Command Inje ...)
 	NOT-FOR-US: Node async-git
 CVE-2021-25678
@@ -3561,7 +3564,7 @@ CVE-2021-25668
 CVE-2021-25667
 	RESERVED
 CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 80 ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-25665
 	RESERVED
 CVE-2021-25664



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/764e38659e7ff6786e82aedbfc1a7eb780789419

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/764e38659e7ff6786e82aedbfc1a7eb780789419
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210210/46ab9ed7/attachment.html>

More information about the debian-security-tracker-commits mailing list