[Git][security-tracker-team/security-tracker][master] new gitlab issues
Moritz Muehlenhoff
jmm at debian.org
Thu Mar 25 09:24:14 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e902e55 by Moritz Muehlenhoff at 2021-03-25T10:23:53+01:00
new gitlab issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1716,7 +1716,7 @@ CVE-2021-28363 (The urllib3 library 1.26.x before 1.26.4 for Python omits SSL ce
NOTE: In Debian urllib3 does require SSL certificate validation by default (since 1.3-3)
NOTE: with the 02_require-cert-verification.patch patch (Cf. #686872).
CVE-2021-28362 (An issue was discovered in Contiki through 3.0. When sending an ICMPv6 ...)
- TODO: check
+ NOT-FOR-US: Contiki
CVE-2021-28361 (An issue was discovered in Storage Performance Development Kit (SPDK) ...)
NOT-FOR-US: Storage Performance Development Kit
CVE-2021-28360
@@ -15848,9 +15848,9 @@ CVE-2021-22195
CVE-2021-22194
RESERVED
CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 ...)
- wireshark 3.4.4-1
[buster] - wireshark <postponed> (Minor issue, can be fixed along in future update)
@@ -15887,13 +15887,13 @@ CVE-2021-22181
CVE-2021-22180
RESERVED
CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. GitLab ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22177
RESERVED
CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22175
RESERVED
CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...)
@@ -18782,9 +18782,9 @@ CVE-2021-21388
CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS an ...)
NOT-FOR-US: Wrongthink
CVE-2021-21386 (APKLeaks is an open-source project for scanning APK file for URIs, end ...)
- TODO: check
+ NOT-FOR-US: APKLeaks
CVE-2021-21385 (Mifos-Mobile Android Application for MifosX is an Android Application ...)
- TODO: check
+ NOT-FOR-US: Mifos-Mobile Android Application
CVE-2021-21384 (shescape is a simple shell escape package for JavaScript. In shescape ...)
NOT-FOR-US: shescape
CVE-2021-21383 (Wiki.js an open-source wiki app built on Node.js. Wiki.js before versi ...)
@@ -20606,7 +20606,7 @@ CVE-2021-20681
CVE-2021-20680
RESERVED
CVE-2021-20679 (Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6 ...)
- TODO: check
+ NOT-FOR-US: Fuji
CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro versions prior ...)
NOT-FOR-US: Paid Memberships Pro
CVE-2021-20677
@@ -27888,11 +27888,11 @@ CVE-2021-1473
CVE-2021-1472
RESERVED
CVE-2021-1471 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1470
RESERVED
CVE-2021-1469 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1468
RESERVED
CVE-2021-1467
@@ -27910,7 +27910,7 @@ CVE-2021-1462
CVE-2021-1461
RESERVED
CVE-2021-1460 (A vulnerability in the Cisco IOx Application Framework of Cisco 809 In ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1459
RESERVED
CVE-2021-1458
@@ -27922,53 +27922,53 @@ CVE-2021-1456
CVE-2021-1455
RESERVED
CVE-2021-1454 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software co ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1453 (A vulnerability in the software image verification functionality of Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1452 (A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software f ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1451 (A vulnerability in the Easy Virtual Switching System (VSS) feature of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1450 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
NOT-FOR-US: Cisco
CVE-2021-1449 (A vulnerability in the boot logic of Cisco Access Points Software coul ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1448
RESERVED
CVE-2021-1447
RESERVED
CVE-2021-1446 (A vulnerability in the DNS application layer gateway (ALG) functionali ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1445
RESERVED
CVE-2021-1444
RESERVED
CVE-2021-1443 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1442 (A vulnerability in a diagnostic command for the Plug-and-Play (PnP) su ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1441 (A vulnerability in the hardware initialization routines of Cisco IOS X ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1440
RESERVED
CVE-2021-1439 (A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1438
RESERVED
CVE-2021-1437 (A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Se ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1436 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1435 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1434 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1433 (A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1432 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1431 (A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1430
RESERVED
CVE-2021-1429
@@ -27984,7 +27984,7 @@ CVE-2021-1425
CVE-2021-1424
RESERVED
CVE-2021-1423 (A vulnerability in the implementation of a CLI command in Cisco Airone ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1422
RESERVED
CVE-2021-1421
@@ -27994,9 +27994,9 @@ CVE-2021-1420
CVE-2021-1419
RESERVED
CVE-2021-1418 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1417 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1416 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...)
NOT-FOR-US: Cisco
CVE-2021-1415
@@ -28008,7 +28008,7 @@ CVE-2021-1413
CVE-2021-1412 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...)
NOT-FOR-US: Cisco
CVE-2021-1411 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1410
RESERVED
CVE-2021-1409
@@ -28024,7 +28024,7 @@ CVE-2021-1405
CVE-2021-1404
RESERVED
CVE-2021-1403 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1402
RESERVED
CVE-2021-1401
@@ -28034,7 +28034,7 @@ CVE-2021-1400
CVE-2021-1399
RESERVED
CVE-2021-1398 (A vulnerability in the boot logic of Cisco IOS XE Software could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1397
RESERVED
CVE-2021-1396 (Multiple vulnerabilities in Cisco Application Services Engine could al ...)
@@ -28042,15 +28042,15 @@ CVE-2021-1396 (Multiple vulnerabilities in Cisco Application Services Engine cou
CVE-2021-1395
RESERVED
CVE-2021-1394 (A vulnerability in the ingress traffic manager of Cisco IOS XE Softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1393 (Multiple vulnerabilities in Cisco Application Services Engine could al ...)
NOT-FOR-US: Cisco
CVE-2021-1392 (A vulnerability in the CLI command permissions of Cisco IOS and Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1391 (A vulnerability in the dragonite debugger of Cisco IOS XE Software cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1390 (A vulnerability in one of the diagnostic test CLI commands of Cisco IO ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1389 (A vulnerability in the IPv6 traffic processing of Cisco IOS XR Softwar ...)
NOT-FOR-US: Cisco
CVE-2021-1388 (A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrato ...)
@@ -28060,15 +28060,15 @@ CVE-2021-1387 (A vulnerability in the network stack of Cisco NX-OS Software coul
CVE-2021-1386
RESERVED
CVE-2021-1385 (A vulnerability in the Cisco IOx application hosting environment of mu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1384 (A vulnerability in Cisco IOx application hosting environment of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1383 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software co ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1382 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1381 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1380
RESERVED
CVE-2021-1379
@@ -28076,19 +28076,19 @@ CVE-2021-1379
CVE-2021-1378 (A vulnerability in the SSH service of the Cisco StarOS operating syste ...)
NOT-FOR-US: Cisco
CVE-2021-1377 (A vulnerability in Address Resolution Protocol (ARP) management of Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1376 (Multiple vulnerabilities in the fast reload feature of Cisco IOS XE So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1375 (Multiple vulnerabilities in the fast reload feature of Cisco IOS XE So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1374 (A vulnerability in the web-based management interface of Cisco IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1373 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1372 (A vulnerability in Cisco Webex Meetings Desktop App and Webex Producti ...)
NOT-FOR-US: Cisco
CVE-2021-1371 (A vulnerability in the role-based access control of Cisco IOS XE SD-WA ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for the Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1369
@@ -28118,7 +28118,7 @@ CVE-2021-1358
CVE-2021-1357 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
NOT-FOR-US: Cisco
CVE-2021-1356 (Multiple vulnerabilities in the web UI of Cisco IOS XE Software could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1355 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
NOT-FOR-US: Cisco
CVE-2021-1354 (A vulnerability in the certificate registration process of Cisco Unifi ...)
@@ -28126,7 +28126,7 @@ CVE-2021-1354 (A vulnerability in the certificate registration process of Cisco
CVE-2021-1353 (A vulnerability in the IPv4 protocol handling of Cisco StarOS could al ...)
NOT-FOR-US: Cisco
CVE-2021-1352 (A vulnerability in the DECnet Phase IV and DECnet/OSI protocol process ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1351 (A vulnerability in the web-based interface of Cisco Webex Meetings cou ...)
NOT-FOR-US: Cisco
CVE-2021-1350 (A vulnerability in the web UI of Cisco Umbrella could allow an unauthe ...)
@@ -28268,7 +28268,7 @@ CVE-2021-1283 (A vulnerability in the logging subsystem of Cisco Data Center Net
CVE-2021-1282 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
NOT-FOR-US: Cisco
CVE-2021-1281 (A vulnerability in CLI management in Cisco IOS XE SD-WAN Software coul ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1280 (A vulnerability in the loading mechanism of specific DLLs of Cisco Adv ...)
NOT-FOR-US: Cisco
CVE-2021-1279 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
@@ -28390,7 +28390,7 @@ CVE-2021-1222 (A vulnerability in the web-based management interface of Cisco Sm
CVE-2021-1221 (A vulnerability in the user interface of Cisco Webex Meetings and Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1220 (Multiple vulnerabilities in the web UI of Cisco IOS XE Software could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1219 (A vulnerability in Cisco Smart Software Manager Satellite could allow ...)
NOT-FOR-US: Cisco
CVE-2021-1218 (A vulnerability in the web management interface of Cisco Smart Softwar ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e902e554b5b7e6615a922bec6565194771b1966
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e902e554b5b7e6615a922bec6565194771b1966
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210325/c2203930/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list