[Git][security-tracker-team/security-tracker][master] NFUs

Wed Jun 16 10:03:22 BST 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3161f1b9 by Moritz Muehlenhoff at 2021-06-16T11:02:55+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1363,7 +1363,7 @@ CVE-2021-34172
 CVE-2021-34171
 	RESERVED
 CVE-2021-34170 (Bandai Namco FromSoftware Dark Souls III allows remote attackers to ex ...)
-	TODO: check
+	NOT-FOR-US: Bandai
 CVE-2021-34169
 	RESERVED
 CVE-2021-34168
@@ -1445,9 +1445,9 @@ CVE-2021-34131
 CVE-2021-34130
 	RESERVED
 CVE-2021-34129 (LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary f ...)
-	TODO: check
+	NOT-FOR-US: LaikeTui
 CVE-2021-34128 (LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary  ...)
-	TODO: check
+	NOT-FOR-US: LaikeTui
 CVE-2021-34127
 	RESERVED
 CVE-2021-34126
@@ -1967,7 +1967,7 @@ CVE-2017-20005 (NGINX before 1.13.6 has a buffer overflow for years that exceed
 	NOTE: https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b
 	NOTE: https://trac.nginx.org/nginx/ticket/1368
 CVE-2021-33887 (Insufficient verification of data authenticity in Peloton TTR01 up to  ...)
-	TODO: check
+	NOT-FOR-US: Peloton TTR01
 CVE-2021-33886
 	RESERVED
 CVE-2021-33885
@@ -4727,7 +4727,7 @@ CVE-2021-32677 (FastAPI is a web framework for building APIs with Python 3.6+ ba
 	NOTE: https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7
 	NOTE: https://github.com/tiangolo/fastapi/commit/fa7e3c996edf2d5482fff8f9d890ac2390dede4d (0.65.2)
 CVE-2021-32676 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Talk
 CVE-2021-32675
 	RESERVED
 CVE-2021-32674 (Zope is an open-source web application server. This advisory extends t ...)
@@ -6107,7 +6107,7 @@ CVE-2021-3537 (A vulnerability found in libxml2 in versions before 2.9.11 shows
 CVE-2021-3536 (A flaw was found in Wildfly in versions before 23.0.2.Final while crea ...)
 	- wildfly <itp> (bug #752018)
 CVE-2021-3535 (Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting  ...)
-	TODO: check
+	NOT-FOR-US: Rapid7
 CVE-2021-32061
 	RESERVED
 CVE-2021-32060
@@ -30235,6 +30235,7 @@ CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page i
 	NOT-FOR-US: MikroTik RouterOS
 CVE-2021-3013 (ripgrep before 13 allows attackers to trigger execution of arbitrary p ...)
 	- rust-ripgrep <not-affected> (Only affects ripgrep on Windows)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0071.html
 CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link of doc ...)
 	NOT-FOR-US: ESRI ArcGIS Online
 CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3161f1b9e37870be8bdd649d9ee567a951f9c15d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3161f1b9e37870be8bdd649d9ee567a951f9c15d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210616/3d243537/attachment.htm>
