[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jul 9 22:45:03 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9e86d28d by Moritz Muehlenhoff at 2021-07-09T23:44:36+02:00
NFUs
new gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5739,13 +5739,13 @@ CVE-2021-3573
[buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2
CVE-2021-33795 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorr ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-33794
RESERVED
CVE-2021-33793
RESERVED
CVE-2021-33792 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-3572 [Don't split git references on unicode separators #9827]
RESERVED
- python-pip 20.3.4-2
@@ -7062,7 +7062,7 @@ CVE-2021-33216 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1
CVE-2021-33215 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
NOT-FOR-US: CommScope Ruckus IoT Controller
CVE-2021-33214 (In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could ...)
- TODO: check
+ NOT-FOR-US: HMS Ewon eCatcher
CVE-2021-33213
RESERVED
CVE-2021-33212
@@ -7594,7 +7594,7 @@ CVE-2021-33014
CVE-2021-33013
RESERVED
CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2021-33011
RESERVED
CVE-2021-33010
@@ -7674,7 +7674,7 @@ CVE-2021-32974
CVE-2021-32973
RESERVED
CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacke ...)
- TODO: check
+ NOT-FOR-US: Panasonic
CVE-2021-32971
RESERVED
CVE-2021-32970
@@ -8154,9 +8154,9 @@ CVE-2021-32755
CVE-2021-32754
RESERVED
CVE-2021-32753 (EdgeX Foundry is an open source project for building a common open fra ...)
- TODO: check
+ NOT-FOR-US: EdgeX Foundry
CVE-2021-32752 (Ether Logs is a package that allows one to check one's logs in the Cra ...)
- TODO: check
+ NOT-FOR-US: Ether Logs
CVE-2021-32751
RESERVED
CVE-2021-32750
@@ -8176,7 +8176,7 @@ CVE-2021-32744
CVE-2021-32743
RESERVED
CVE-2021-32742 (Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug ...)
- TODO: check
+ NOT-FOR-US: Vapor
CVE-2021-32741
RESERVED
CVE-2021-32740 (Addressable is an alternative implementation to the URI implementation ...)
@@ -14385,7 +14385,7 @@ CVE-2021-30203
CVE-2021-30202
RESERVED
CVE-2021-30201 (An XML External Entity (XXE) issue exists in Kaseya VSA before 9.5.6. ...)
- TODO: check
+ NOT-FOR-US: Kaseya
CVE-2021-30200
RESERVED
CVE-2021-30199 (In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Derefe ...)
@@ -14713,17 +14713,17 @@ CVE-2021-30123 (FFmpeg <=4.3 contains a buffer overflow vulnerability in liba
CVE-2021-30122
RESERVED
CVE-2021-30121 (Local file inclusion exists in Kaseya VSA before 9.5.6. ...)
- TODO: check
+ NOT-FOR-US: Kaseya
CVE-2021-30120 (Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requiremen ...)
- TODO: check
+ NOT-FOR-US: Kaseya
CVE-2021-30119 (Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7. ...)
- TODO: check
+ NOT-FOR-US: Kaseya
CVE-2021-30118 (Kaseya VSA before 9.5.5 allows remote code execution. ...)
- TODO: check
+ NOT-FOR-US: Kaseya
CVE-2021-30117 (SQL injection exists in Kaseya VSA before 9.5.6. ...)
- TODO: check
+ NOT-FOR-US: Kaseya
CVE-2021-30116 (Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in ...)
- TODO: check
+ NOT-FOR-US: Kaseya
CVE-2021-30115
RESERVED
CVE-2021-30114 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...)
@@ -15599,7 +15599,7 @@ CVE-2021-29732
CVE-2021-29731
RESERVED
CVE-2021-29730 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29729
RESERVED
CVE-2021-29728
@@ -15635,7 +15635,7 @@ CVE-2021-29714
CVE-2021-29713
RESERVED
CVE-2021-29712 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29711 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3. ...)
NOT-FOR-US: IBM
CVE-2021-29710
@@ -22097,19 +22097,19 @@ CVE-2021-27041 (A maliciously crafted DWG file can be used to write beyond the a
CVE-2021-27040 (A maliciously crafted DWG file can be forced to read beyond allocated ...)
NOT-FOR-US: Autodesk
CVE-2021-27039 (A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013, 2012, 20 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-27038 (A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 2012, 201 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk 2018, 2017, 201 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-27036 (A maliciously crafted PDF, PICT or TIFF file can be used to write beyo ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-27035 (A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT or TIFF fi ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-27033 (A Double Free vulnerability allows remote attackers to execute arbitra ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-27032 (Autodesk Licensing Installer was found to be vulnerable to privilege e ...)
NOT-FOR-US: Autodesk
CVE-2021-27031 (A user may be tricked into opening a malicious FBX file which may expl ...)
@@ -24527,7 +24527,7 @@ CVE-2021-26108
CVE-2021-26107
RESERVED
CVE-2021-26106 (An improper neutralization of special elements used in an OS Command v ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-26105
RESERVED
CVE-2021-26104
@@ -24539,7 +24539,7 @@ CVE-2021-26102
CVE-2021-26101
RESERVED
CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption service ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-26099
RESERVED
CVE-2021-26098
@@ -29308,7 +29308,7 @@ CVE-2021-24022
CVE-2021-24021
RESERVED
CVE-2021-24020 (A missing cryptographic step in the implementation of the hash digest ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-24019
RESERVED
CVE-2021-24018
@@ -29334,7 +29334,7 @@ CVE-2021-24009
CVE-2021-24008
RESERVED
CVE-2021-24007 (Multiple improper neutralization of special elements of SQL commands v ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-24006
RESERVED
CVE-2021-24005 (Usage of hard-coded cryptographic keys to encrypt configuration files ...)
@@ -33410,21 +33410,21 @@ CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions 13
CVE-2021-22232 (HTML injection was possible via the full name field before versions 13 ...)
- gitlab <unfixed>
CVE-2021-22231 (A denial of service in user's profile page is found starting with GitL ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22230 (Improper code rendering while rendering merge requests could be exploi ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22229 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions. Imprope ...)
- gitlab <unfixed>
CVE-2021-22227 (A reflected cross-site script vulnerability in GitLab before versions ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22226 (Under certain conditions, some users were able to push to protected br ...)
- gitlab <unfixed>
CVE-2021-22225 (Insufficient input sanitization in markdown in GitLab version 13.11 an ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22224 (A cross-site request forgery vulnerability in the GraphQL API in GitLa ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22223 (Client-Side code injection through Feature Flag name in GitLab CE/EE s ...)
- gitlab <unfixed>
CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allow ...)
@@ -33674,7 +33674,7 @@ CVE-2021-22131
CVE-2021-22130 (A stack-based buffer overflow vulnerability in FortiProxy physical app ...)
NOT-FOR-US: FortiProxy (FortiGuard)
CVE-2021-22129 (Multiple instances of incorrect calculation of buffer size in the Webm ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN portal ...)
NOT-FOR-US: FortiProxy SSL VPN portal
CVE-2021-22127
@@ -44722,7 +44722,7 @@ CVE-2020-29016 (A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 th
CVE-2020-29015 (A blind SQL injection in the user interface of FortiWeb 6.3.0 through ...)
NOT-FOR-US: Fortiguard
CVE-2020-29014 (A concurrent execution using shared resource with improper synchroniza ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2020-29013
RESERVED
CVE-2020-29012
@@ -55465,7 +55465,7 @@ CVE-2020-25927
CVE-2020-25926
RESERVED
CVE-2020-25925 (Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10 ...)
- TODO: check
+ NOT-FOR-US: IceWarp
CVE-2020-25924
RESERVED
CVE-2020-25923
@@ -63117,7 +63117,7 @@ CVE-2020-22537
CVE-2020-22536
RESERVED
CVE-2020-22535 (Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2020-22534
RESERVED
CVE-2020-22533
@@ -65629,7 +65629,7 @@ CVE-2020-21335
CVE-2020-21334
RESERVED
CVE-2020-21333 (Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an ad ...)
- TODO: check
+ NOT-FOR-US: PublicCMS
CVE-2020-21332
RESERVED
CVE-2020-21331
@@ -70852,7 +70852,7 @@ CVE-2020-18743
CVE-2020-18742
RESERVED
CVE-2020-18741 (Improper Authorization in ThinkSAAS v2.7 allows remote attackers to mo ...)
- TODO: check
+ NOT-FOR-US: ThinkSAAS
CVE-2020-18740
RESERVED
CVE-2020-18739
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e86d28d099a0210370888997e26db3241d25de3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e86d28d099a0210370888997e26db3241d25de3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210709/d167494a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list