[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
543bb7c0 by Moritz Muehlenhoff at 2021-05-05T17:28:15+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6159,7 +6159,7 @@ CVE-2021-29371
 CVE-2021-29370 (A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1. ...)
 	NOT-FOR-US: Thanos-Soft Cheetah Browser in Android
 CVE-2021-29369 (The gnuplot package prior to version 0.1.0 for Node.js allows code exe ...)
-	TODO: check
+	NOT-FOR-US: Node gnuplot
 CVE-2021-29368
 	RESERVED
 CVE-2021-29367
@@ -7304,7 +7304,7 @@ CVE-2021-28862
 CVE-2021-28861
 	RESERVED
 CVE-2021-28860 (Node.js mixme 0.5.0, an attacker can add or alter properties of an obj ...)
-	TODO: check
+	NOT-FOR-US: Node mixme
 CVE-2021-28859
 	RESERVED
 CVE-2021-28858
@@ -20263,7 +20263,7 @@ CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg ar
 CVE-2021-23344 (The package total.js before 3.4.8 are vulnerable to Remote Code Execut ...)
 	NOT-FOR-US: total.js
 CVE-2021-23343 (All versions of package path-parse are vulnerable to Regular Expressio ...)
-	TODO: check
+	NOT-FOR-US: Node path-parse
 CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible to bypa ...)
 	NOT-FOR-US: docsify
 CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular Expression ...)
@@ -22041,7 +22041,7 @@ CVE-2021-22549
 CVE-2021-22548
 	RESERVED
 CVE-2021-22547 (In IoT Devices SDK, there is an implementation of calloc() that doesn' ...)
-	TODO: check
+	NOT-FOR-US: Google Cloud IoT Device SDK
 CVE-2021-22546
 	RESERVED
 CVE-2021-22545
@@ -51625,15 +51625,15 @@ CVE-2020-22787
 CVE-2020-22786
 	RESERVED
 CVE-2020-22785 (Etherpad < 1.8.3 is affected by a missing lock check which could ca ...)
-	TODO: check
+	- etherpad-lite <itp> (bug #576998)
 CVE-2020-22784 (In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces  ...)
-	TODO: check
+	NOT-FOR-US: Etherpad UeberDB
 CVE-2020-22783 (Etherpad <1.8.3 stored passwords used by users insecurely in the da ...)
-	TODO: check
+	- etherpad-lite <itp> (bug #576998)
 CVE-2020-22782 (Etherpad < 1.8.3 is affected by a denial of service in the import f ...)
-	TODO: check
+	- etherpad-lite <itp> (bug #576998)
 CVE-2020-22781 (In Etherpad < 1.8.3, a specially crafted URI would raise an unhandl ...)
-	TODO: check
+	- etherpad-lite <itp> (bug #576998)
 CVE-2020-22780
 	RESERVED
 CVE-2020-22779
@@ -89751,7 +89751,7 @@ CVE-2020-7387
 CVE-2020-7386
 	RESERVED
 CVE-2020-7385 (By launching the drb_remote_codeexec exploit, a Metasploit Framework u ...)
-	TODO: check
+	NOT-FOR-US: Rapid7
 CVE-2020-7384 (Rapid7's Metasploit msfvenom framework handles APK files in a way that ...)
 	NOT-FOR-US: Rapid7
 CVE-2020-7383 (A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that m ...)
@@ -98173,7 +98173,7 @@ CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files
 CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the preview ge ...)
 	NOT-FOR-US: Bolt CMS
 CVE-2020-4039 (SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Serv ...)
-	TODO: check
+	NOT-FOR-US: SUSI.AI
 CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before versio ...)
 	NOT-FOR-US: Node graphql-playground-html
 CVE-2020-4037 (In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/543bb7c0219a3cbe67a717f5fe5ad444e8663314

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/543bb7c0219a3cbe67a717f5fe5ad444e8663314
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210505/a14a5c4a/attachment.htm>