[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 2 09:22:14 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3dfbf70d by Moritz Muehlenhoff at 2021-06-02T10:21:46+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2021-3570
 CVE-2020-36382
 	RESERVED
 CVE-2021-33790 (The RebornCore library before 4.7.3 allows remote code execution becau ...)
-	TODO: check
+	NOT-FOR-US: RebornCore
 CVE-2021-33789
 	RESERVED
 CVE-2021-33788
@@ -2507,19 +2507,19 @@ CVE-2021-32659
 CVE-2021-32658
 	RESERVED
 CVE-2021-32657 (Nextcloud Server is a Nextcloud package that handles data storage. In  ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2021-32656 (Nextcloud Server is a Nextcloud package that handles data storage. A v ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2021-32655 (Nextcloud Server is a Nextcloud package that handles data storage. In  ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2021-32654 (Nextcloud Server is a Nextcloud package that handles data storage. In  ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2021-32653 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2021-32652 (Nextcloud Mail is a mail app for the Nextcloud platform. A missing per ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2021-32651 (OneDev is a development operations platform. If the LDAP external auth ...)
-	TODO: check
+	NOT-FOR-US: OneDev
 CVE-2021-32650
 	RESERVED
 CVE-2021-32649
@@ -11164,11 +11164,11 @@ CVE-2021-3461
 CVE-2021-29092 (Unrestricted upload of file with dangerous type vulnerability in file  ...)
 	NOT-FOR-US: Synology
 CVE-2021-29091 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-29090 (Improper neutralization of special elements used in an SQL command ('S ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-29089 (Improper neutralization of special elements used in an SQL command ('S ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-29088 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
 	NOT-FOR-US: Synology
 CVE-2021-29087
@@ -18314,7 +18314,7 @@ CVE-2021-26113
 CVE-2021-26112
 	RESERVED
 CVE-2021-26111 (A missing release of memory after effective lifetime vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2021-26110
 	RESERVED
 CVE-2021-26109
@@ -22486,7 +22486,7 @@ CVE-2021-24314 (The Goto WordPress theme before 2.1 did not sanitise, validate o
 CVE-2021-24313 (The WP Prayer WordPress plugin before 1.6.2 provides the functionality ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24312 (The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_ ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24311 (The wp_ajax_upload-remote-file AJAX action of the External Media WordP ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24310 (The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress p ...)
@@ -24631,7 +24631,7 @@ CVE-2021-23390
 CVE-2021-23389
 	RESERVED
 CVE-2021-23388 (The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulner ...)
-	TODO: check
+	NOT-FOR-US: Node forms
 CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open Redirec ...)
 	NOT-FOR-US: Node trailing-slash
 CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...)
@@ -25402,13 +25402,13 @@ CVE-2021-23023
 CVE-2021-23022
 	RESERVED
 CVE-2021-23021 (The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/co ...)
-	TODO: check
+	NOT-FOR-US: NGINX Controller
 CVE-2021-23020 (The NAAS 3.x before 3.10.0 API keys were generated using an insecure p ...)
-	TODO: check
+	NOT-FOR-US: NGINX Controller
 CVE-2021-23019 (The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administra ...)
-	TODO: check
+	NOT-FOR-US: NGINX Controller
 CVE-2021-23018 (Intra-cluster communication does not use TLS. The services within the  ...)
-	TODO: check
+	NOT-FOR-US: NGINX Controller
 CVE-2021-23017 (A security issue in nginx resolver was identified, which might allow a ...)
 	{DSA-4921-1 DLA-2670-1}
 	- nginx 1.18.0-6.1 (bug #989095)
@@ -27467,7 +27467,7 @@ CVE-2021-22125
 CVE-2021-22124
 	RESERVED
 CVE-2021-22123 (An OS command injection vulnerability in FortiWeb's management interfa ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-22122 (An improper neutralization of input during web page generation in Fort ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-22121



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dfbf70d721f73ed27149f7da18a67f38bb90af2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dfbf70d721f73ed27149f7da18a67f38bb90af2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210602/20a99ffe/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list