[Git][security-tracker-team/security-tracker][master] new ircii issue

Moritz Muehlenhoff jmm at debian.org
Wed Mar 31 18:23:11 BST 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
54627e3e by Moritz Muehlenhoff at 2021-03-31T19:22:55+02:00
new ircii issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46,7 +46,7 @@ CVE-2021-29644
 CVE-2021-29643
 	RESERVED
 CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to change the U ...)
-	TODO: check
+	NOT-FOR-US: GistPad
 CVE-2021-29641
 	RESERVED
 CVE-2021-29640
@@ -522,7 +522,7 @@ CVE-2021-29418 (The netmask package before 2.0.1 for Node.js mishandles certain
 CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...)
 	TODO: check
 CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...)
-	TODO: check
+	NOT-FOR-US: Burp Suite (different from src:burp)
 CVE-2021-29415
 	RESERVED
 CVE-2021-29414
@@ -602,7 +602,8 @@ CVE-2021-29378
 CVE-2021-29377
 	RESERVED
 CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...)
-	TODO: check
+	- ircii <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/2
 CVE-2021-29375
 	RESERVED
 CVE-2021-29374
@@ -826,7 +827,7 @@ CVE-2021-29269
 CVE-2021-29268
 	RESERVED
 CVE-2021-29267 (Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XS ...)
-	TODO: check
+	NOT-FOR-US: SherlockIM
 CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. drivers/vho ...)
 	- linux 5.10.26-1 (unimportant)
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -5417,15 +5418,15 @@ CVE-2021-27246
 CVE-2021-27245 (This vulnerability allows a firewall bypass on affected installations  ...)
 	NOT-FOR-US: TP-Link
 CVE-2021-27244 (This vulnerability allows local attackers to disclose sensitive inform ...)
-	TODO: check
+	NOT-FOR-US: Parallels
 CVE-2021-27243 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels
 CVE-2021-27242 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels
 CVE-2021-27241 (This vulnerability allows local attackers to delete arbitrary director ...)
-	TODO: check
+	NOT-FOR-US: Avast
 CVE-2021-27240 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-27239 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
 	NOT-FOR-US: Netgear
 CVE-2021-27238
@@ -6978,7 +6979,7 @@ CVE-2021-26581
 CVE-2021-26580
 	RESERVED
 CVE-2021-26579 (A security vulnerability in HPE Unified Data Management (UDM) could al ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-26578 (A potential security vulnerability has been identified in HPE Network  ...)
 	NOT-FOR-US: HPE Network Orchestrator (NetO)
 CVE-2021-26577 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
@@ -16982,7 +16983,7 @@ CVE-2021-22196
 CVE-2021-22195
 	RESERVED
 CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled session keys  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -17011,7 +17012,7 @@ CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version 13.8
 	- gitlab <not-affected> (Only affects 13.8)
 	NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
 CVE-2021-22184 (An information disclosure issue in GitLab starting from version 12.8 a ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...)
 	[experimental] - gitlab 13.6.6-1
 	- gitlab <unfixed>
@@ -17021,7 +17022,7 @@ CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions st
 CVE-2021-22181
 	RESERVED
 CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. GitLab  ...)
 	- gitlab <unfixed>
 CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -19864,9 +19865,9 @@ CVE-2021-21414
 CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...)
 	TODO: check
 CVE-2021-21412 (Potential for arbitrary code execution in npm package @thi.ng/egf `#gp ...)
-	TODO: check
+	NOT-FOR-US: Node @thi.ng/egf
 CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides authenticat ...)
-	TODO: check
+	- oauth2-proxy <itp> (bug #982891)
 CVE-2021-21410
 	RESERVED
 CVE-2021-21409 (Netty is an open-source, asynchronous event-driven network application ...)
@@ -19897,7 +19898,7 @@ CVE-2021-21400
 CVE-2021-21399
 	RESERVED
 CVE-2021-21398 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2021-21397
 	RESERVED
 CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure collaboratio ...)
@@ -24444,9 +24445,9 @@ CVE-2020-35140
 CVE-2020-35139
 	RESERVED
 CVE-2020-35138 (The MobileIron agents through 2021-03-22 for Android and iOS contain a ...)
-	TODO: check
+	NOT-FOR-US: MobileIron
 CVE-2020-35137 (The MobileIron agents through 2021-03-22 for Android and iOS contain a ...)
-	TODO: check
+	NOT-FOR-US: MobileIron
 CVE-2020-35136 (Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution.  ...)
 	- dolibarr <removed>
 CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress allows  ...)
@@ -26855,13 +26856,13 @@ CVE-2021-1631
 CVE-2021-1630
 	RESERVED
 CVE-2021-1629 (Tableau Server fails to validate certain URLs that are embedded in ema ...)
-	TODO: check
+	NOT-FOR-US: Tableau Server
 CVE-2021-1628 (MuleSoft is aware of a XML External Entity (XXE) vulnerability affecti ...)
-	TODO: check
+	NOT-FOR-US: Tableau Server
 CVE-2021-1627 (MuleSoft is aware of a Server Side Request Forgery vulnerability affec ...)
-	TODO: check
+	NOT-FOR-US: MuleSoft
 CVE-2021-1626 (MuleSoft is aware of a Remote Code Execution vulnerability affecting c ...)
-	TODO: check
+	NOT-FOR-US: MuleSoft
 CVE-2020-29477 (Invision Community 4.5.4 is affected by cross-site scripting (XSS) in  ...)
 	NOT-FOR-US: Invision Community
 CVE-2020-29476
@@ -29006,7 +29007,7 @@ CVE-2021-1494
 CVE-2021-1493
 	RESERVED
 CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not properly ...)
-	TODO: check
+	NOT-FOR-US: Duo Authentication Proxy
 CVE-2021-1491
 	RESERVED
 CVE-2021-1490



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54627e3e360e25471e7261705c0289fba3bb89a8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54627e3e360e25471e7261705c0289fba3bb89a8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210331/8550ee9d/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list