[Git][security-tracker-team/security-tracker][master] new ircii issue
Moritz Muehlenhoff
jmm at debian.org
Wed Mar 31 18:23:11 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
54627e3e by Moritz Muehlenhoff at 2021-03-31T19:22:55+02:00
new ircii issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46,7 +46,7 @@ CVE-2021-29644
CVE-2021-29643
RESERVED
CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to change the U ...)
- TODO: check
+ NOT-FOR-US: GistPad
CVE-2021-29641
RESERVED
CVE-2021-29640
@@ -522,7 +522,7 @@ CVE-2021-29418 (The netmask package before 2.0.1 for Node.js mishandles certain
CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...)
TODO: check
CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...)
- TODO: check
+ NOT-FOR-US: Burp Suite (different from src:burp)
CVE-2021-29415
RESERVED
CVE-2021-29414
@@ -602,7 +602,8 @@ CVE-2021-29378
CVE-2021-29377
RESERVED
CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...)
- TODO: check
+ - ircii <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/2
CVE-2021-29375
RESERVED
CVE-2021-29374
@@ -826,7 +827,7 @@ CVE-2021-29269
CVE-2021-29268
RESERVED
CVE-2021-29267 (Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XS ...)
- TODO: check
+ NOT-FOR-US: SherlockIM
CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. drivers/vho ...)
- linux 5.10.26-1 (unimportant)
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -5417,15 +5418,15 @@ CVE-2021-27246
CVE-2021-27245 (This vulnerability allows a firewall bypass on affected installations ...)
NOT-FOR-US: TP-Link
CVE-2021-27244 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels
CVE-2021-27243 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels
CVE-2021-27242 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels
CVE-2021-27241 (This vulnerability allows local attackers to delete arbitrary director ...)
- TODO: check
+ NOT-FOR-US: Avast
CVE-2021-27240 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2021-27239 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
NOT-FOR-US: Netgear
CVE-2021-27238
@@ -6978,7 +6979,7 @@ CVE-2021-26581
CVE-2021-26580
RESERVED
CVE-2021-26579 (A security vulnerability in HPE Unified Data Management (UDM) could al ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-26578 (A potential security vulnerability has been identified in HPE Network ...)
NOT-FOR-US: HPE Network Orchestrator (NetO)
CVE-2021-26577 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
@@ -16982,7 +16983,7 @@ CVE-2021-22196
CVE-2021-22195
RESERVED
CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled session keys ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -17011,7 +17012,7 @@ CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version 13.8
- gitlab <not-affected> (Only affects 13.8)
NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
CVE-2021-22184 (An information disclosure issue in GitLab starting from version 12.8 a ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...)
[experimental] - gitlab 13.6.6-1
- gitlab <unfixed>
@@ -17021,7 +17022,7 @@ CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions st
CVE-2021-22181
RESERVED
CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. GitLab ...)
- gitlab <unfixed>
CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -19864,9 +19865,9 @@ CVE-2021-21414
CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...)
TODO: check
CVE-2021-21412 (Potential for arbitrary code execution in npm package @thi.ng/egf `#gp ...)
- TODO: check
+ NOT-FOR-US: Node @thi.ng/egf
CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides authenticat ...)
- TODO: check
+ - oauth2-proxy <itp> (bug #982891)
CVE-2021-21410
RESERVED
CVE-2021-21409 (Netty is an open-source, asynchronous event-driven network application ...)
@@ -19897,7 +19898,7 @@ CVE-2021-21400
CVE-2021-21399
RESERVED
CVE-2021-21398 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2021-21397
RESERVED
CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure collaboratio ...)
@@ -24444,9 +24445,9 @@ CVE-2020-35140
CVE-2020-35139
RESERVED
CVE-2020-35138 (The MobileIron agents through 2021-03-22 for Android and iOS contain a ...)
- TODO: check
+ NOT-FOR-US: MobileIron
CVE-2020-35137 (The MobileIron agents through 2021-03-22 for Android and iOS contain a ...)
- TODO: check
+ NOT-FOR-US: MobileIron
CVE-2020-35136 (Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. ...)
- dolibarr <removed>
CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress allows ...)
@@ -26855,13 +26856,13 @@ CVE-2021-1631
CVE-2021-1630
RESERVED
CVE-2021-1629 (Tableau Server fails to validate certain URLs that are embedded in ema ...)
- TODO: check
+ NOT-FOR-US: Tableau Server
CVE-2021-1628 (MuleSoft is aware of a XML External Entity (XXE) vulnerability affecti ...)
- TODO: check
+ NOT-FOR-US: Tableau Server
CVE-2021-1627 (MuleSoft is aware of a Server Side Request Forgery vulnerability affec ...)
- TODO: check
+ NOT-FOR-US: MuleSoft
CVE-2021-1626 (MuleSoft is aware of a Remote Code Execution vulnerability affecting c ...)
- TODO: check
+ NOT-FOR-US: MuleSoft
CVE-2020-29477 (Invision Community 4.5.4 is affected by cross-site scripting (XSS) in ...)
NOT-FOR-US: Invision Community
CVE-2020-29476
@@ -29006,7 +29007,7 @@ CVE-2021-1494
CVE-2021-1493
RESERVED
CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not properly ...)
- TODO: check
+ NOT-FOR-US: Duo Authentication Proxy
CVE-2021-1491
RESERVED
CVE-2021-1490
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54627e3e360e25471e7261705c0289fba3bb89a8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54627e3e360e25471e7261705c0289fba3bb89a8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210331/8550ee9d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list