[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Tue Jan 26 10:45:44 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
df366beb by Moritz Muehlenhoff at 2021-01-26T11:45:19+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2021-3306
CVE-2021-3305
RESERVED
CVE-2021-3304 (Sagemcom F at ST 3686 v2 3.495 devices have a buffer overflow via a long ...)
- TODO: check
+ NOT-FOR-US: Sagemcom
CVE-2021-3303
RESERVED
CVE-2021-3302
@@ -31,7 +31,7 @@ CVE-2021-3293
CVE-2021-3292
RESERVED
CVE-2021-3291 (Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by insp ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2021-3290
RESERVED
CVE-2021-3289
@@ -43,9 +43,9 @@ CVE-2021-26269
CVE-2021-26268
RESERVED
CVE-2021-26267 (cPanel before 92.0.9 allows a MySQL user (who has an old-style passwor ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2021-26266 (cPanel before 92.0.9 allows a Reseller to bypass the suspension lock ( ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2021-26246
RESERVED
CVE-2021-26245
@@ -1003,7 +1003,7 @@ CVE-2021-3225
CVE-2021-3224
RESERVED
CVE-2021-3223 (Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory tra ...)
- TODO: check
+ NOT-FOR-US: Node-RED-Dashboard
CVE-2021-3222
RESERVED
CVE-2021-3221
@@ -1127,7 +1127,7 @@ CVE-2021-25865
CVE-2021-25864
RESERVED
CVE-2021-25863 (Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 14 ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2021-25862
RESERVED
CVE-2021-25861
@@ -1516,7 +1516,7 @@ CVE-2021-3192
CVE-2021-3191
RESERVED
CVE-2021-3190 (The async-git package before 1.13.2 for Node.js allows OS Command Inje ...)
- TODO: check
+ NOT-FOR-US: Node async-git
CVE-2021-25678
RESERVED
CVE-2021-25677
@@ -7721,9 +7721,9 @@ CVE-2021-22700
CVE-2021-22699
RESERVED
CVE-2021-22698 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Power Build
CVE-2021-22697 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Power Build
CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
@@ -10612,7 +10612,7 @@ CVE-2020-36013
CVE-2020-36012
RESERVED
CVE-2020-36011 (A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart ...)
- TODO: check
+ NOT-FOR-US: QDOCS Smart Hospital Management System
CVE-2020-36010
RESERVED
CVE-2020-36009
@@ -11104,7 +11104,7 @@ CVE-2020-35856
CVE-2020-35855
RESERVED
CVE-2020-35854 (Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Bod ...)
- TODO: check
+ NOT-FOR-US: Textpattern CMS
CVE-2020-35853 (4images Image Gallery Management System 1.7.11 is affected by cross-si ...)
NOT-FOR-US: 4images Image Gallery Management System
CVE-2020-35852
@@ -11145,9 +11145,9 @@ CVE-2020-35847 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Co
CVE-2020-35846 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...)
NOT-FOR-US: Agentejo Cockpit
CVE-2020-35845 (FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted i ...)
- TODO: check
+ NOT-FOR-US: FastStone Image Viewer
CVE-2020-35844 (FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted i ...)
- TODO: check
+ NOT-FOR-US: FastStone Image Viewer
CVE-2020-35843 (FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted i ...)
NOT-FOR-US: FastStone Image Viewer
CVE-2020-35842 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
@@ -11973,13 +11973,13 @@ CVE-2021-21277
CVE-2021-21276
RESERVED
CVE-2021-21275 (The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSR ...)
- TODO: check
+ NOT-FOR-US: MediaWiki Report extention
CVE-2021-21274
RESERVED
CVE-2021-21273
RESERVED
CVE-2021-21272 (ORAS is open source software which enables a way to push OCI Artifacts ...)
- TODO: check
+ NOT-FOR-US: ORAS
CVE-2021-21271
RESERVED
CVE-2021-21270 (OctopusDSC is a PowerShell module with DSC resources that can be used ...)
@@ -12508,7 +12508,7 @@ CVE-2020-35578 (An issue was discovered in the Manage Plugins page in Nagios XI
CVE-2020-35577
RESERVED
CVE-2020-35576 (A Command Injection issue in the traceroute feature on TP-Link TL-WR84 ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2020-35575 (A password-disclosure issue in the web interface on certain TP-Link de ...)
NOT-FOR-US: TP-Link
CVE-2020-35574
@@ -19171,13 +19171,13 @@ CVE-2020-29003 (The PollNY extension for MediaWiki through 1.35 allows XSS via a
CVE-2020-29002 (includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki ...)
NOT-FOR-US: CologneBlue MediaWiki skin
CVE-2020-29001 (An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW0 ...)
- TODO: check
+ NOT-FOR-US: Geeni
CVE-2020-29000 (An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A v ...)
- TODO: check
+ NOT-FOR-US: Geeni
CVE-2020-28999 (An issue was discovered in Apexis Streaming Video Web Application on G ...)
- TODO: check
+ NOT-FOR-US: Geeni
CVE-2020-28998 (An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A v ...)
- TODO: check
+ NOT-FOR-US: Geeni
CVE-2020-28997
RESERVED
CVE-2020-28996
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df366beb737de06d4078dd11c5b768b50ce492e3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df366beb737de06d4078dd11c5b768b50ce492e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210126/140b2fe9/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list