[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jul 2 22:37:58 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e7b5df8 by Moritz Muehlenhoff at 2021-07-02T23:31:11+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,21 +3,21 @@ CVE-2021-36134
CVE-2021-36133
RESERVED
CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...)
- TODO: check
+ NOT-FOR-US: FileImport MediaWiki extension
CVE-2021-36131 (An XSS issue was discovered in the SportsTeams extension in MediaWiki ...)
- TODO: check
+ NOT-FOR-US: SportsTeams MediaWiki extension
CVE-2021-36130 (An XSS issue was discovered in the SocialProfile extension in MediaWik ...)
- TODO: check
+ NOT-FOR-US: SocialProfile MediaWiki extension
CVE-2021-36129 (An issue was discovered in the Translate extension in MediaWiki throug ...)
- TODO: check
+ NOT-FOR-US: Translate MediaWiki extension
CVE-2021-36128 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...)
- TODO: check
+ NOT-FOR-US: CentralAuth MediaWiki extension
CVE-2021-36127 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...)
- TODO: check
+ NOT-FOR-US: CentralAuth MediaWiki extension
CVE-2021-36126 (An issue was discovered in the AbuseFilter extension in MediaWiki thro ...)
- TODO: check
+ NOT-FOR-US: AbuseFilter MediaWiki extension
CVE-2021-36125 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...)
- TODO: check
+ NOT-FOR-US: CentralAuth MediaWiki extension
CVE-2021-36124
RESERVED
CVE-2021-36123
@@ -94,23 +94,23 @@ CVE-2021-3632
CVE-2021-36090
RESERVED
CVE-2020-36416 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-36415 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-36414 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-36413 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-36412 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-36411 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-36410 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-36409 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-36408 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::File ...)
- libgrokj2k <unfixed> (bug #990525)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
@@ -187,15 +187,15 @@ CVE-2020-36400 (ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp
NOTE: Introduced by: https://github.com/zeromq/libzmq/commit/b56195e995e0875afabf405826d97b1dd9817bb0 (v4.3.3)
NOTE: Fixed by: https://github.com/zeromq/libzmq/commit/397ac80850bf8d010fae23dd215db0ee2c677306 (v4.3.3)
CVE-2020-36399 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and ...)
- TODO: check
+ - phplist <itp> (bug #612288)
CVE-2020-36398 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and ...)
- TODO: check
+ - phplist <itp> (bug #612288)
CVE-2020-36397 (A stored cross site scripting (XSS) vulnerability in the /admin/contac ...)
- TODO: check
+ NOT-FOR-US: LavaLite
CVE-2020-36396 (A stored cross site scripting (XSS) vulnerability in the /admin/roles/ ...)
- TODO: check
+ NOT-FOR-US: LavaLite
CVE-2020-36395 (A stored cross site scripting (XSS) vulnerability in the /admin/user/t ...)
- TODO: check
+ NOT-FOR-US: LavaLite
CVE-2019-25049 (LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_pr ...)
- libressl <itp> (bug #754513)
CVE-2019-25048 (LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_p ...)
@@ -2037,15 +2037,15 @@ CVE-2020-36394 (pam_setquota.c in the pam_setquota module before 2020-05-29 for
NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/5
NOTE: https://github.com/linux-pam/linux-pam/commit/27ded8954a1235bb65ffc9c730ae5a50b1dfed61
CVE-2021-3613 (OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitra ...)
- TODO: check
+ NOT-FOR-US: OpenVPN Connect
CVE-2021-35210 (Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x be ...)
NOT-FOR-US: Contao CMS
CVE-2021-35209 (An issue was discovered in ProxyServlet.java in the /proxy servlet in ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2021-35208 (An issue was discovered in ZmMailMsgView.js in the Calendar Invite com ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2021-35207 (An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.1 ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2021-35206 (Gitpod before 0.6.0 allows unvalidated redirects. ...)
NOT-FOR-US: Gitpod
CVE-2021-35205
@@ -2446,7 +2446,7 @@ CVE-2021-35031
CVE-2021-35030
RESERVED
CVE-2021-35029 (An authentication bypasss vulnerability in the web-based management in ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2021-35028
RESERVED
CVE-2021-35027
@@ -2862,7 +2862,7 @@ CVE-2021-3607 [pvrdma: unchecked malloc size due to integer overflow in init_dev
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973349
CVE-2021-3606 (OpenVPN before version 2.5.3 on Windows allows local users to load arb ...)
- TODO: check
+ - openvpn <not-affected> (Windows-specific)
CVE-2021-34826
RESERVED
CVE-2021-34825 (Quassel through 0.13.1, when --require-ssl is enabled, launches withou ...)
@@ -2918,7 +2918,7 @@ CVE-2021-34809 (Improper neutralization of special elements used in a command ('
CVE-2021-34808 (Server-Side Request Forgery (SSRF) vulnerability in cgi component in S ...)
NOT-FOR-US: Synology
CVE-2021-34807 (An open redirect vulnerability exists in the /preauth Servlet in Zimbr ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2021-34806
RESERVED
CVE-2021-34805
@@ -7611,11 +7611,11 @@ CVE-2021-32739
CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with a Stella ...)
TODO: check
CVE-2021-32737 (Sulu is an open-source PHP content management system based on the Symf ...)
- TODO: check
+ NOT-FOR-US: Sulu
CVE-2021-32736 (think-helper defines a set of helper functions for ThinkJS. In version ...)
NOT-FOR-US: think-helper
CVE-2021-32735 (Kirby is a content management system. In Kirby CMS versions 3.5.5 and ...)
- TODO: check
+ NOT-FOR-US: Kirby
CVE-2021-32734
RESERVED
CVE-2021-32733
@@ -7822,7 +7822,7 @@ CVE-2021-32640 (ws is an open source WebSocket client and server library for Nod
NOTE: https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
NOTE: https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
CVE-2021-32639 (Emissary is a P2P-based, data-driven workflow engine. Emissary version ...)
- TODO: check
+ NOT-FOR-US: NSA Emissary
CVE-2021-32638 (Github's CodeQL action is provided to run CodeQL-based code scanning o ...)
NOT-FOR-US: Github
CVE-2021-32637 (Authelia is a a single sign-on multi-factor portal for web apps. This ...)
@@ -9671,7 +9671,7 @@ CVE-2021-31876 (Bitcoin Core 0.12.0 through 0.21.1 does not properly implement t
CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSO ...)
NOT-FOR-US: Cesanta MongooseOS mJS
CVE-2021-31874 (Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2021-31873 (An issue was discovered in klibc before 2.0.9. Additions in the malloc ...)
{DLA-2695-1}
- klibc 2.0.8-6 (bug #989505)
@@ -19384,7 +19384,7 @@ CVE-2021-27952
CVE-2021-27951
RESERVED
CVE-2021-27950 (A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through ...)
- TODO: check
+ NOT-FOR-US: Sita AzurCMS
CVE-2021-27949 (Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom mo ...)
NOT-FOR-US: MyBB
CVE-2021-27948 (SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (is ...)
@@ -20507,7 +20507,7 @@ CVE-2021-27457 (A vulnerability has been found in multiple revisions of Emerson
CVE-2021-27456
RESERVED
CVE-2021-27455 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2021-27454 (The software performs an operation at a privilege level higher than th ...)
NOT-FOR-US: GE
CVE-2021-27453
@@ -20593,7 +20593,7 @@ CVE-2021-27414
CVE-2021-27413 (Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0 ...)
NOT-FOR-US: Omron CX-One
CVE-2021-27412 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2021-27411
RESERVED
CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write, which ma ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e7b5df8fb29853f889298deb31dbd1b28734cbc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e7b5df8fb29853f889298deb31dbd1b28734cbc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210702/a57689c6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list