[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Mar 3 22:22:23 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
84d5c0be by Moritz Muehlenhoff at 2021-03-03T23:21:58+01:00
NFUs
pillow ignored

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,10 +23,13 @@ CVE-2021-27924
 	RESERVED
 CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
 	- pillow <unfixed>
+	[buster] - pillow <ignored> (Minor issue)
 CVE-2021-27922 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
 	- pillow <unfixed>
+	[buster] - pillow <ignored> (Minor issue)
 CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
 	- pillow <unfixed>
+	[buster] - pillow <ignored> (Minor issue)
 CVE-2021-27920
 	RESERVED
 CVE-2021-27919
@@ -109,7 +112,7 @@ CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command inject
 CVE-2021-27885 (usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protect ...)
 	NOT-FOR-US: e107
 CVE-2021-27884 (Weak JSON Web Token (JWT) signing secret generation in YMFE YApi throu ...)
-	TODO: check
+	NOT-FOR-US: YMFE YApi
 CVE-2021-27883
 	RESERVED
 CVE-2021-27882
@@ -1527,7 +1530,7 @@ CVE-2021-27217
 CVE-2021-27216
 	RESERVED
 CVE-2021-27215 (An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x thro ...)
-	TODO: check
+	NOT-FOR-US: genua genugate
 CVE-2021-27214 (A Server-side request forgery (SSRF) vulnerability in the ProductConfi ...)
 	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
 CVE-2021-27213 (config.py in pystemon before 2021-02-13 allows code execution via YAML ...)
@@ -11385,9 +11388,9 @@ CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5,
 CVE-2021-22879
 	RESERVED
 CVE-2021-22878 (Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2021-22876
 	RESERVED
 CVE-2021-22875 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...)
@@ -11415,11 +11418,11 @@ CVE-2021-22865
 CVE-2021-22864
 	RESERVED
 CVE-2021-22863 (An improper access control vulnerability was identified in the GitHub  ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise
 CVE-2021-22862 (An improper access control vulnerability was identified in GitHub Ente ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise
 CVE-2021-22861 (An improper access control vulnerability was identified in GitHub Ente ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise
 CVE-2021-22860
 	RESERVED
 CVE-2021-22859
@@ -11929,7 +11932,7 @@ CVE-2021-22685
 CVE-2021-22684
 	RESERVED
 CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
-	TODO: check
+	NOT-FOR-US: Fatek FvDesigner
 CVE-2021-22682
 	RESERVED
 CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and later,  ...)
@@ -11955,7 +11958,7 @@ CVE-2021-22672
 CVE-2021-22671
 	RESERVED
 CVE-2021-22670 (An uninitialized pointer may be exploited in Fatek FvDesigner Version  ...)
-	TODO: check
+	NOT-FOR-US: Fatek FvDesigner
 CVE-2021-22669
 	RESERVED
 CVE-2021-22668
@@ -11963,7 +11966,7 @@ CVE-2021-22668
 CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the ...)
 	NOT-FOR-US: BB-ESWGP506-2SFP-T
 CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-bas ...)
-	TODO: check
+	NOT-FOR-US: Fatek FvDesigner
 CVE-2021-22665
 	RESERVED
 CVE-2021-22664
@@ -11971,7 +11974,7 @@ CVE-2021-22664
 CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of u ...)
 	NOT-FOR-US: Cscape
 CVE-2021-22662 (A use after free issue has been identified in Fatek FvDesigner Version ...)
-	TODO: check
+	NOT-FOR-US: Fatek FvDesigner
 CVE-2021-22661 (Changing the password on the module webpage does not require the user  ...)
 	NOT-FOR-US: ProSoft Technology
 CVE-2021-22660
@@ -12019,7 +12022,7 @@ CVE-2021-22640
 CVE-2021-22639 (An uninitialized pointer issue has been identified in the way the appl ...)
 	NOT-FOR-US: Fuji Electric
 CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
-	TODO: check
+	NOT-FOR-US: Fatek FvDesigner
 CVE-2021-22637 (Multiple stack-based buffer overflow issues have been identified in th ...)
 	NOT-FOR-US: Fuji Electric
 CVE-2021-22636
@@ -76812,7 +76815,7 @@ CVE-2020-8298
 CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...)
 	NOT-FOR-US: Nextcloud Deck
 CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2020-8294 (A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 1 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84d5c0beae9a8ba96774c90164917b2990f17c98

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84d5c0beae9a8ba96774c90164917b2990f17c98
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210303/9171a1c3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list