[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 21 21:47:06 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6425497 by Moritz Muehlenhoff at 2021-06-21T22:46:33+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2021-3612
 	RESERVED
 CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.13 ...)
-	TODO: check
+	NOT-FOR-US: ConnectWise Automate
 CVE-2021-35065
 	RESERVED
 CVE-2021-35064
@@ -33,9 +33,9 @@ CVE-2020-36391
 CVE-2020-36390
 	RESERVED
 CVE-2019-25047 (Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) ...)
-	TODO: check
+	NOT-FOR-US: Greenbone Security Assistant
 CVE-2018-25016 (Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) ...)
-	TODO: check
+	NOT-FOR-US: Greenbone Security Assistant
 CVE-2021-35054
 	RESERVED
 CVE-2021-XXXX [memory leak when authenticated client connects with MQTT v5 sent a crafted CONNECT message to the broker]
@@ -551,7 +551,7 @@ CVE-2020-36388 (In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3
 	- civicrm 5.24.5+dfsg1-1
 	NOTE: https://civicrm.org/advisory/civi-sa-2020-03
 CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary PHP cod ...)
-	TODO: check
+	NOT-FOR-US: Elemin
 CVE-2021-34814
 	RESERVED
 CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...)
@@ -3349,7 +3349,7 @@ CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions
 CVE-2021-33573
 	RESERVED
 CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Lin ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4,  ...)
 	{DLA-2676-1}
 	- python-django 2:2.2.24-1 (bug #989394)
@@ -3863,7 +3863,7 @@ CVE-2021-33349
 CVE-2021-33348
 	RESERVED
 CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are XSS vuln ...)
-	TODO: check
+	NOT-FOR-US: JPress
 CVE-2021-33346
 	RESERVED
 CVE-2021-33345
@@ -5320,13 +5320,13 @@ CVE-2021-32699
 CVE-2021-32698
 	RESERVED
 CVE-2021-32697 (neos/forms is an open source framework to build web forms. By crafting ...)
-	TODO: check
+	NOT-FOR-US: neos/forms
 CVE-2021-32696 (The npm package "striptags" is an implementation of PHP's strip_tags i ...)
 	TODO: check
 CVE-2021-32695 (Nextcloud Android app is the Android client for Nextcloud. In versions ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Android app
 CVE-2021-32694 (Nextcloud Android app is the Android client for Nextcloud. In versions ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Android app
 CVE-2021-32693 (Symfony is a PHP framework for web and console applications and a set  ...)
 	- symfony <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq
@@ -7709,7 +7709,7 @@ CVE-2021-31771
 CVE-2021-31770
 	RESERVED
 CVE-2021-31769 (MyQ Server in MyQ X Smart before 8.2 allows remote code execution by u ...)
-	TODO: check
+	NOT-FOR-US: MyQ
 CVE-2021-31768
 	RESERVED
 CVE-2021-31767
@@ -13648,7 +13648,7 @@ CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to c
 	[stretch] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1338
 CVE-2021-29337 (MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users  ...)
-	TODO: check
+	NOT-FOR-US: MSI
 CVE-2021-29336
 	RESERVED
 CVE-2021-29335
@@ -15155,7 +15155,7 @@ CVE-2021-28686 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3
 CVE-2021-28685 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...)
 	NOT-FOR-US: ASUS
 CVE-2021-28684 (The XML parser used in ConeXware PowerArchiver before 20.10.02 allows  ...)
-	TODO: check
+	NOT-FOR-US: ConeXware PowerArchiver
 CVE-2021-28683 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...)
 	- envoyproxy <itp> (bug #987544)
 CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f642549746f904c5921c662e73614e3cefcbf1f9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f642549746f904c5921c662e73614e3cefcbf1f9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210621/91840926/attachment.htm>

More information about the debian-security-tracker-commits mailing list