[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 12 10:11:31 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c8454d3c by Moritz Muehlenhoff at 2021-05-12T11:11:03+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2021-3547
RESERVED
CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrar ...)
- TODO: check
+ NOT-FOR-US: zzzcms
CVE-2021-32604 (SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEma ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2021-32603
RESERVED
CVE-2021-32602
@@ -89,7 +89,7 @@ CVE-2021-32575
CVE-2021-32574
RESERVED
CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node.js all ...)
- TODO: check
+ NOT-FOR-US: Node express-cart
CVE-2021-32572
RESERVED
CVE-2021-32571
@@ -111,9 +111,9 @@ CVE-2021-32564
CVE-2021-32562
RESERVED
CVE-2021-32561 (OctoPrint before 1.6.0 allows XSS because API error messages include t ...)
- TODO: check
+ NOT-FOR-US: OctoPrint
CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect access c ...)
- TODO: check
+ NOT-FOR-US: OctoPrint
CVE-2021-32559
RESERVED
CVE-2021-32558
@@ -145,7 +145,7 @@ CVE-2021-32546
CVE-2021-32545
RESERVED
CVE-2021-32544 (Special characters of IGT search function in igt+ are not filtered in ...)
- TODO: check
+ NOT-FOR-US: igt+
CVE-2021-32543
RESERVED
CVE-2021-32542
@@ -247,7 +247,7 @@ CVE-2021-32495
CVE-2021-32494
RESERVED
CVE-2021-32489 (An issue was discovered in the _send_secure_msg() function of Yubico y ...)
- TODO: check
+ NOT-FOR-US: Yubico yubihsm-shell
CVE-2021-32488
RESERVED
CVE-2021-32487
@@ -1085,7 +1085,7 @@ CVE-2021-32091 (A Cross-site scripting (XSS) vulnerability exists in StackLift L
CVE-2021-32090 (The dashboard component of StackLift LocalStack 0.12.6 allows attacker ...)
NOT-FOR-US: StackList LocalStack
CVE-2021-32089 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on Zebra (form ...)
- TODO: check
+ NOT-FOR-US: Zebra
CVE-2021-32088
RESERVED
CVE-2021-32087
@@ -1196,7 +1196,7 @@ CVE-2021-32056 (Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allow
CVE-2021-32054
RESERVED
CVE-2021-32053 (JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e. ...)
- TODO: check
+ NOT-FOR-US: HAPI FHIR
CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 ( ...)
- python-django 2:2.2.22-1 (bug #988136; unimportant)
NOTE: https://www.djangoproject.com/weblog/2021/may/06/security-releases/
@@ -1522,7 +1522,7 @@ CVE-2021-31938
CVE-2021-31937
RESERVED
CVE-2021-31936 (Microsoft Accessibility Insights for Web Information Disclosure Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31935 (OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution ...)
NOT-FOR-US: OX App Suite
CVE-2021-31934 (OX App Suite 7.10.4 and earlier allows XSS via a crafted contact objec ...)
@@ -1590,43 +1590,43 @@ CVE-2021-31916 (An out-of-bounds (OOB) memory write flaw was found in list_devic
NOTE: https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/1
CVE-2021-31915 (In JetBrains TeamCity before 2020.2.4, OS command injection leading to ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31914 (In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execu ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31913 (In JetBrains TeamCity before 2020.2.3, insufficient checks of the redi ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31912 (In JetBrains TeamCity before 2020.2.3, account takeover was potentiall ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31911 (In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on s ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31910 (In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31909 (In JetBrains TeamCity before 2020.2.3, argument injection leading to r ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31908 (In JetBrains TeamCity before 2020.2.3, stored XSS was possible on seve ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31907 (In JetBrains TeamCity before 2020.2.2, permission checks for changing ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31906 (In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31905 (In JetBrains YouTrack before 2020.6.8801, information disclosure in an ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31904 (In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31903 (In JetBrains YouTrack before 2021.1.9819, a pull request's title was s ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31902 (In JetBrains YouTrack before 2020.6.6600, access control during the ex ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31901 (In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31900 (In JetBrains Code With Me bundled to the compatible IDE versions befor ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31899 (In JetBrains Code With Me bundled to the compatible IDEs before versio ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31898 (In JetBrains WebStorm before 2021.1, HTTP requests were used instead o ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31897 (In JetBrains WebStorm before 2021.1, code execution without user confi ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-31896
RESERVED
CVE-2021-31895
@@ -2520,7 +2520,7 @@ CVE-2021-31539 (Wowza Streaming Engine before 4.8.8.01 (in a default installatio
CVE-2021-31538
RESERVED
CVE-2021-31537 (SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (a ...)
- TODO: check
+ NOT-FOR-US: SIS-REWE Go
CVE-2021-31536
RESERVED
CVE-2021-31535
@@ -3264,27 +3264,27 @@ CVE-2021-3499
RESERVED
NOT-FOR-US: Openshift/ovn-kubernetes
CVE-2021-31214 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31213 (Visual Studio Code Remote Containers Extension Remote Code Execution V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31212
RESERVED
CVE-2021-31211 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31210
RESERVED
CVE-2021-31209 (Microsoft Exchange Server Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31208 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31207 (Microsoft Exchange Server Security Feature Bypass Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31206
RESERVED
CVE-2021-31205 (Windows SMB Client Security Feature Bypass Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31204 (.NET and Visual Studio Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31203
RESERVED
CVE-2021-31202
@@ -3292,77 +3292,77 @@ CVE-2021-31202
CVE-2021-31201
RESERVED
CVE-2021-31200 (Common Utilities Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31199
RESERVED
CVE-2021-31198 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31197
RESERVED
CVE-2021-31196
RESERVED
CVE-2021-31195 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31194 (OLE Automation Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31193 (Windows SSDP Service Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31192 (Windows Media Foundation Core Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31191 (Windows Projected File System FS Filter Driver Information Disclosure ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31190 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31189
RESERVED
CVE-2021-31188 (Windows Graphics Component Elevation of Privilege Vulnerability This C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31187 (Windows WalletService Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31186 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31185 (Windows Desktop Bridge Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31184 (Microsoft Windows Infrared Data Association (IrDA) Information Disclos ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31183
RESERVED
CVE-2021-31182 (Microsoft Bluetooth Driver Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31181 (Microsoft SharePoint Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31180 (Microsoft Office Graphics Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31179 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31178 (Microsoft Office Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31177 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31176 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31175 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31174 (Microsoft Excel Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31173 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31172 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31171 (Microsoft SharePoint Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31170 (Windows Graphics Component Elevation of Privilege Vulnerability This C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31169 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31168 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31167 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31166 (HTTP Protocol Stack Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31165 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31164 (Apache Unomi prior to version 1.5.5 allows CRLF log injection because ...)
NOT-FOR-US: Apache Unomi
CVE-2021-31163
@@ -4825,7 +4825,7 @@ CVE-2021-30506
CVE-2021-30505
RESERVED
CVE-2021-30504 (In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-30503 (The unofficial GLSL Linting extension before 1.4.0 for Visual Studio C ...)
NOT-FOR-US: GLSL Linting extension for Visual Studio Code
CVE-2021-30502 (The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) ...)
@@ -4901,7 +4901,7 @@ CVE-2021-30484
CVE-2021-30483
RESERVED
CVE-2021-30482 (In JetBrains UpSource before 2020.1.1883, application passwords were n ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-30481 (Valve Steam through 2021-04-10, when a Source engine game is installed ...)
NOT-FOR-US: Valve Steam
NOTE: Debian ships an installer as src:steam, but it auto-updates whenever Steam
@@ -5604,7 +5604,7 @@ CVE-2021-30176 (The ZEROF Expert pro/2.0 application for mobile devices allows S
CVE-2021-30175 (ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /Handle ...)
NOT-FOR-US: ZEROF Web Server
CVE-2021-30174 (RiyaLab CloudISO event item is added, special characters in specific f ...)
- TODO: check
+ NOT-FOR-US: RiyaLab CloudISO
CVE-2021-30173 (Local File Inclusion vulnerability of the omni-directional communicati ...)
NOT-FOR-US: omni-directional communication system
CVE-2021-30172 (Special characters of picture preview page in the Quan-Fang-Wei-Tong-X ...)
@@ -6043,9 +6043,9 @@ CVE-2021-30008
CVE-2021-30007
RESERVED
CVE-2021-30006 (In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to informa ...)
- TODO: check
+ - intellij-idea <itp> (bug #747616)
CVE-2021-30005 (In JetBrains PyCharm before 2020.3.4, local code execution was possibl ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-30004 (In wpa_supplicant and hostapd 2.9, forging attacks may occur because A ...)
- wpa <unfixed> (unimportant)
NOTE: https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15
@@ -6829,7 +6829,7 @@ CVE-2020-36291
CVE-2020-36290
RESERVED
CVE-2020-36289 (Affected versions of Atlassian Jira Server and Data Center allow an un ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-36288 (The issue navigation and search view in Jira Server and Data Center be ...)
NOT-FOR-US: Atlassian
CVE-2020-36287 (The dashboard gadgets preference resource of the Atlassian gadgets plu ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8454d3cb9b3d6b3d01cc62fdc65f6d3187c1eac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8454d3cb9b3d6b3d01cc62fdc65f6d3187c1eac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210512/25f6f290/attachment.htm>
More information about the debian-security-tracker-commits
mailing list