[Git][security-tracker-team/security-tracker][master] new adminer issue

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df43bae4 by Moritz Muehlenhoff at 2021-02-10T18:07:29+01:00
new adminer issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4774,11 +4774,11 @@ CVE-2021-25143
 CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
 	NOT-FOR-US: HPE
 CVE-2021-25141 (A security vulnerability has been identified in in certain HPE and Aru ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-25140 (A potential security vulnerability has been identified in the HPE Moon ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-25139 (A potential security vulnerability has been identified in the HPE Moon ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-25138 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
 	NOT-FOR-US: HPE
 CVE-2021-25137 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
@@ -8562,13 +8562,13 @@ CVE-2021-23333
 CVE-2021-23332
 	RESERVED
 CVE-2021-23331 (This affects all versions of package com.squareup:connect. The method  ...)
-	TODO: check
+	NOT-FOR-US: com.squareup:connect
 CVE-2021-23330 (All versions of package launchpad are vulnerable to Command Injection  ...)
 	NOT-FOR-US: Node launchpad
 CVE-2021-23329 (The package nested-object-assign before 1.0.4 are vulnerable to Protot ...)
-	TODO: check
+	NOT-FOR-US: Node nested-object-assign
 CVE-2021-23328 (This affects all versions of package iniparserjs. This vulnerability r ...)
-	TODO: check
+	NOT-FOR-US: Node iniparserjs
 CVE-2021-23327 (The package apexcharts before 3.24.0 are vulnerable to Cross-site Scri ...)
 	TODO: check
 CVE-2021-23326 (This affects the package @graphql-tools/git-loader before 6.2.6. The u ...)
@@ -10028,7 +10028,7 @@ CVE-2021-22665
 CVE-2021-22664
 	RESERVED
 CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of u ...)
-	TODO: check
+	NOT-FOR-US: Cscape
 CVE-2021-22662
 	RESERVED
 CVE-2021-22661
@@ -10820,7 +10820,7 @@ CVE-2021-22269
 CVE-2021-22268
 	RESERVED
 CVE-2021-22267 (Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, a ...)
-	TODO: check
+	NOT-FOR-US: Idelji Web ViewPoint Suite
 CVE-2021-22266
 	RESERVED
 CVE-2021-22265
@@ -12398,7 +12398,7 @@ CVE-2021-21504
 CVE-2021-21503
 	RESERVED
 CVE-2021-21502 (Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of S ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2021-21501
 	RESERVED
 CVE-2021-21500
@@ -13150,9 +13150,9 @@ CVE-2021-21481
 CVE-2021-21480
 	RESERVED
 CVE-2021-21479 (In SCIMono before 0.0.19, it is possible for an attacker to inject and ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-21478 (SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-21477 (SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certa ...)
 	NOT-FOR-US: SAP
 CVE-2021-21476 (SAP UI5, versions - 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84. ...)
@@ -14662,7 +14662,8 @@ CVE-2020-35575 (A password-disclosure issue in the web interface on certain TP-L
 CVE-2020-35574
 	RESERVED
 CVE-2020-35572 (Adminer through 4.7.8 allows XSS via the history parameter to the defa ...)
-	TODO: check
+	- adminer 4.7.9-1
+	NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-9pgx-gcph-mpqr
 CVE-2020-35571
 	RESERVED
 CVE-2021-21105



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df43bae440004d264262e8d974ebfd42f88dc25c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df43bae440004d264262e8d974ebfd42f88dc25c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210210/6067dfce/attachment.html>