[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jul 14 13:57:52 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
53153f9b by Moritz Muehlenhoff at 2021-07-14T14:57:28+02:00
NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -747,7 +747,7 @@ CVE-2021-36377 (Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the ho
- fossil 1:2.15.2-1
NOTE: https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036
CVE-2021-36376 (dandavison delta before 0.8.3 on Windows resolves an executable's path ...)
- TODO: check
+ NOT-FOR-US: dandavison delta
CVE-2021-36375
RESERVED
CVE-2021-36374 (When reading a specially crafted ZIP archive, or a derived formats, an ...)
@@ -6765,19 +6765,19 @@ CVE-2021-33717
CVE-2021-33716
RESERVED
CVE-2021-33715 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-33714 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-33713 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-33712 (A vulnerability has been identified in Mendix SAML Module (All version ...)
NOT-FOR-US: Mendix SAML Module
CVE-2021-33711 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-33710 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-33708
RESERVED
CVE-2021-33707
@@ -9063,11 +9063,11 @@ CVE-2021-32707 (Nextcloud Mail is a mail app for Nextcloud. In versions prior to
CVE-2021-32706
RESERVED
CVE-2021-32705 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-32704 (DHIS 2 is an information system for data capture, management, validati ...)
NOT-FOR-US: DHIS 2
CVE-2021-32703 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-32702 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
NOT-FOR-US: Auth0 Next.js SDK
CVE-2021-32701 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Cont ...)
@@ -9100,7 +9100,7 @@ CVE-2021-32690 (Helm is a tool for managing Charts (packages of pre-configured K
CVE-2021-32689 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...)
NOT-FOR-US: Nextcloud Talk
CVE-2021-32688 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-32687
RESERVED
CVE-2021-32686
@@ -9116,11 +9116,11 @@ CVE-2021-32682 (elFinder is an open-source file manager for web, written in Java
CVE-2021-32681 (Wagtail is an open source content management system built on Django. A ...)
NOT-FOR-US: Wagtail
CVE-2021-32680 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-32679 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-32678 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-32677 (FastAPI is a web framework for building APIs with Python 3.6+ based on ...)
- fastapi <unfixed> (bug #990582)
NOTE: https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7
@@ -11012,13 +11012,13 @@ CVE-2021-31897 (In JetBrains WebStorm before 2021.1, code execution without user
CVE-2021-31896
RESERVED
CVE-2021-31895 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-31894 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-31893 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-31892 (A vulnerability has been identified in SINUMERIK Analyse MyCondition ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-31891
RESERVED
CVE-2021-31890
@@ -12820,23 +12820,23 @@ CVE-2021-31227
CVE-2021-31226
RESERVED
CVE-2021-31225 (SES Evolution before 2.1.0 allows deleting some resources not currentl ...)
- TODO: check
+ NOT-FOR-US: SES Evolution
CVE-2021-31224 (SES Evolution before 2.1.0 allows duplicating an existing security pol ...)
- TODO: check
+ NOT-FOR-US: SES Evolution
CVE-2021-31223 (SES Evolution before 2.1.0 allows reading some parts of a security pol ...)
- TODO: check
+ NOT-FOR-US: SES Evolution
CVE-2021-31222 (SES Evolution before 2.1.0 allows updating some parts of a security po ...)
- TODO: check
+ NOT-FOR-US: SES Evolution
CVE-2021-31221 (SES Evolution before 2.1.0 allows deleting some parts of a security po ...)
- TODO: check
+ NOT-FOR-US: SES Evolution
CVE-2021-31220 (SES Evolution before 2.1.0 allows modifying security policies by lever ...)
- TODO: check
+ NOT-FOR-US: SES Evolution
CVE-2021-31219
RESERVED
CVE-2021-31218
RESERVED
CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2021-31216
RESERVED
CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...)
@@ -25417,7 +25417,7 @@ CVE-2021-26090 (A missing release of memory after its effective lifetime vulnera
CVE-2021-26089 (An improper symlink following in FortiClient for Mac 6.4.3 and below m ...)
NOT-FOR-US: FortiClient
CVE-2021-26088 (An improper authentication vulnerability in FSSO Collector version 5.0 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-26087
RESERVED
CVE-2021-26086
@@ -26580,7 +26580,7 @@ CVE-2021-25673 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (A
CVE-2021-25672 (A vulnerability has been identified in Mendix Forgot Password Appstore ...)
NOT-FOR-US: Mendix Forgot Password Appstore module
CVE-2021-25671 (A vulnerability has been identified in RWG1.M12 (All versions < V1. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-25670 (A vulnerability has been identified in Tecnomatix RobotExpert (All ver ...)
NOT-FOR-US: Tecnomatix RobotExpert (Siemens)
CVE-2021-25669 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
@@ -29259,7 +29259,7 @@ CVE-2021-24456
CVE-2021-24455
RESERVED
CVE-2021-24454 (In the YOP Poll WordPress plugin before 6.2.8, when a pool is created ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24453
RESERVED
CVE-2021-24452
@@ -30172,11 +30172,11 @@ CVE-2021-24017
CVE-2021-24016
RESERVED
CVE-2021-24015 (An improper neutralization of special elements used in an OS Command v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-24014
RESERVED
CVE-2021-24013 (Multiple Path traversal vulnerabilities in the Webmail of FortiMail be ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-24012 (An improper following of a certificate's chain of trust vulnerability ...)
NOT-FOR-US: FortiGate
CVE-2021-24011 (A privilege escalation vulnerability in FortiNAC version below 8.8.2 m ...)
@@ -33844,7 +33844,7 @@ CVE-2021-22442
CVE-2021-22441
RESERVED
CVE-2021-22440 (There is a path traversal vulnerability in some Huawei products. The v ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice V200R006C ...)
NOT-FOR-US: Huawei
CVE-2021-22438
@@ -33926,7 +33926,7 @@ CVE-2021-22401
CVE-2021-22400
RESERVED
CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22398
RESERVED
CVE-2021-22397
@@ -39228,7 +39228,7 @@ CVE-2021-20750 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3
CVE-2021-20749 (Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and ear ...)
NOT-FOR-US: Fudousan plugin
CVE-2021-20748 (Retty App for Android versions prior to 4.8.13 and Retty App for iOS v ...)
- TODO: check
+ NOT-FOR-US: Retty
CVE-2021-20747 (Improper authorization in handler for custom URL scheme vulnerability ...)
TODO: check
CVE-2021-20746 (Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 an ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -20,6 +20,8 @@ chromium
--
djvulibre
--
+firedox-esr (jmm)
+--
icu
--
linux (carnil)
@@ -38,5 +40,7 @@ runc
--
salt
--
+thunderbird (jmm)
+--
trafficserver (jmm)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53153f9b13d44e60e3caa6149abb92092b15d88f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53153f9b13d44e60e3caa6149abb92092b15d88f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210714/1a6112c2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list