[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 12 16:35:19 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5ef09232 by Moritz Muehlenhoff at 2021-05-12T17:34:25+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7197,9 +7197,9 @@ CVE-2021-29504
CVE-2021-29503
RESERVED
CVE-2021-29502 (WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability ...)
- TODO: check
+ NOT-FOR-US: Red discord bot addon
CVE-2021-29501 (Ticketer is a command based ticket system cog (plugin) for the red dis ...)
- TODO: check
+ NOT-FOR-US: Red discord bot addon
CVE-2021-29500
RESERVED
CVE-2021-29499 (SIF is an open source implementation of the Singularity Container Imag ...)
@@ -7836,7 +7836,7 @@ CVE-2021-29264 (An issue was discovered in the Linux kernel through 5.11.10. dri
- linux 5.10.28-1
NOTE: https://git.kernel.org/linus/d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f
CVE-2021-29263 (In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible ...)
- TODO: check
+ - intellij-idea <itp> (bug #747616)
CVE-2021-3471
REJECTED
CVE-2021-3470 (A heap overflow issue was found in Redis in versions before 5.0.10, be ...)
@@ -8370,7 +8370,7 @@ CVE-2021-29024
CVE-2021-29023
RESERVED
CVE-2021-29022 (In InvoicePlane 1.5.11, the upload feature discloses the full path of ...)
- TODO: check
+ NOT-FOR-US: InvoicePlane
CVE-2021-29021
RESERVED
CVE-2021-29020
@@ -9634,17 +9634,17 @@ CVE-2021-28481 (Microsoft Exchange Server Remote Code Execution Vulnerability Th
CVE-2021-28480 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
NOT-FOR-US: Microsoft
CVE-2021-28479 (Windows CSC Service Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-28478 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-28477 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2021-28476 (Hyper-V Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-28475 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2021-28474 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-28473 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2021-28472 (Visual Studio Code Maven for Java Extension Remote Code Execution Vuln ...)
@@ -9662,7 +9662,7 @@ CVE-2021-28467
CVE-2021-28466 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2021-28465 (Web Media Extensions Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-28464 (VP9 Video Extensions Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-28463
@@ -9670,7 +9670,7 @@ CVE-2021-28463
CVE-2021-28462
RESERVED
CVE-2021-28461 (Dynamics Finance and Operations Cross-site Scripting Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-28460 (Azure Sphere Unsigned Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-28459 (Azure DevOps Server Spoofing Vulnerability ...)
@@ -9682,7 +9682,7 @@ CVE-2021-28457 (Visual Studio Code Remote Code Execution Vulnerability This CVE
CVE-2021-28456 (Microsoft Excel Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-28455 (Microsoft Jet Red Database Engine and Access Connectivity Engine Remot ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-28454 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
NOT-FOR-US: Microsoft
CVE-2021-28453 (Microsoft Word Remote Code Execution Vulnerability ...)
@@ -11464,7 +11464,7 @@ CVE-2021-27735
CVE-2021-27734
RESERVED
CVE-2021-27733 (In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-27732
RESERVED
CVE-2021-27731 (Accellion FTA 9_12_432 and earlier is affected by stored XSS via a cra ...)
@@ -12941,7 +12941,7 @@ CVE-2021-27070 (Windows 10 Update Assistant Elevation of Privilege Vulnerability
CVE-2021-27069
RESERVED
CVE-2021-27068 (Visual Studio Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-27067 (Azure DevOps Server and Team Foundation Server Information Disclosure ...)
NOT-FOR-US: Microsoft
CVE-2021-27066 (Windows Admin Center Security Feature Bypass Vulnerability ...)
@@ -14091,7 +14091,7 @@ CVE-2021-26585
CVE-2021-26584
RESERVED
CVE-2021-26583 (Potential security vulnerabilities have been identified in HPE iLO Amp ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-26582 (A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgf ...)
NOT-FOR-US: HPE
CVE-2021-26581 (A potential security vulnerability has been identified in HPE Superdom ...)
@@ -14514,15 +14514,15 @@ CVE-2021-26424
CVE-2021-26423
RESERVED
CVE-2021-26422 (Skype for Business and Lync Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26421 (Skype for Business and Lync Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26420
RESERVED
CVE-2021-26419 (Scripting Engine Memory Corruption Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26418 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26417 (Windows Overlay Filter Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-26416 (Windows Hyper-V Denial of Service Vulnerability ...)
@@ -14742,9 +14742,9 @@ CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML es
CVE-2021-3344 (A privilege escalation flaw was found in OpenShift builder. During bui ...)
NOT-FOR-US: OpenShift
CVE-2021-26310 (In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possibl ...)
- TODO: check
+ NOT-FOR-US: TeamCity IntelliJ plugin
CVE-2021-26309 (Information disclosure in the TeamCity plugin for IntelliJ before 2020 ...)
- TODO: check
+ NOT-FOR-US: TeamCity IntelliJ plugin
CVE-2018-25006
RESERVED
CVE-2018-25005
@@ -14938,7 +14938,7 @@ CVE-2021-3317 (KLog Server through 2.4.1 allows authenticated command injection.
CVE-2021-3316
RESERVED
CVE-2021-3315 (In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2021-3314
RESERVED
CVE-2021-3313
@@ -16149,15 +16149,15 @@ CVE-2021-25851
CVE-2021-25850
RESERVED
CVE-2021-25849 (An integer underflow was discovered in userdisk/vport_lldpd in Moxa Ca ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2021-25848 (Improper validation of the length field of LLDP-MED TLV in userdisk/vp ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2021-25847 (Improper validation of the length field of LLDP-MED TLV in userdisk/vp ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2021-25846 (Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Mo ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2021-25845 (Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Mo ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2021-25844
RESERVED
CVE-2021-25843
@@ -20129,7 +20129,7 @@ CVE-2021-24013
CVE-2021-24012
RESERVED
CVE-2021-24011 (A privilege escalation vulnerability in FortiNAC version below 8.8.2 m ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-24010
RESERVED
CVE-2021-24009
@@ -23307,7 +23307,7 @@ CVE-2021-22674
CVE-2021-22673 (The affected product is vulnerable to stack-based buffer overflow whil ...)
NOT-FOR-US: SimpleLink
CVE-2021-22672 (Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2021-22671 (Multiple integer overflow issues exist while processing long domain na ...)
NOT-FOR-US: SimpleLink
CVE-2021-22670 (An uninitialized pointer may be exploited in Fatek FvDesigner Version ...)
@@ -24724,7 +24724,7 @@ CVE-2021-21992
CVE-2021-21991
RESERVED
CVE-2021-21990 (VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior t ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2021-21989
RESERVED
CVE-2021-21988
@@ -25075,7 +25075,7 @@ CVE-2021-21824
CVE-2021-21823
RESERVED
CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-21821
RESERVED
CVE-2021-21820
@@ -27144,11 +27144,11 @@ CVE-2021-21432 (Vela is a Pipeline Automation (CI/CD) framework built on Linux c
CVE-2021-21431 (sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior ...)
NOT-FOR-US: sopel-channelmgnt
CVE-2021-21430 (OpenAPI Generator allows generation of API client libraries (SDK gener ...)
- TODO: check
+ NOT-FOR-US: OpenAPI Generator
CVE-2021-21429 (OpenAPI Generator allows generation of API client libraries, server st ...)
NOT-FOR-US: OpenAPI Generator
CVE-2021-21428 (Openapi generator is a java tool which allows generation of API client ...)
- TODO: check
+ NOT-FOR-US: OpenAPI Generator
CVE-2021-21427 (Magento-lts is a long-term support alternative to Magento Community Ed ...)
NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
CVE-2021-21426 (Magento-lts is a long-term support alternative to Magento Community Ed ...)
@@ -29142,7 +29142,7 @@ CVE-2021-20719
CVE-2021-20718
RESERVED
CVE-2021-20717 (Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2021-20716 (Hidden functionality in multiple Buffalo network devices (BHR-4RV firm ...)
NOT-FOR-US: Buffalo
CVE-2021-20715 (Improper access control vulnerability in Hot Pepper Gourmet App for An ...)
@@ -31374,7 +31374,7 @@ CVE-2020-35440
CVE-2020-35439
RESERVED
CVE-2020-35438 (Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin ...)
- TODO: check
+ NOT-FOR-US: kk-star-ratings
CVE-2020-35437 (Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through t ...)
NOT-FOR-US: Subrion CMS
CVE-2020-35436
@@ -43071,15 +43071,15 @@ CVE-2020-27248 (A specially crafted document can cause the document parser to co
CVE-2020-27247 (A specially crafted document can cause the document parser to copy dat ...)
NOT-FOR-US: SoftMaker
CVE-2020-27246 (An exploitable SQL injection vulnerability exists in ‘listImmoLa ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-27245 (An exploitable SQL injection vulnerability exists in ‘listImmoLa ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-27244 (An exploitable SQL injection vulnerability exists in ‘listImmoLa ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-27243 (An exploitable SQL injection vulnerability exists in ‘listImmoLa ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-27242 (An exploitable SQL injection vulnerability exists in ‘listImmoLa ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-27241 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
NOT-FOR-US: OpenClinic
CVE-2020-27240 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
@@ -43099,19 +43099,19 @@ CVE-2020-27234 (An exploitable SQL injection vulnerability exists in ‘getA
CVE-2020-27233 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
NOT-FOR-US: OpenClinic
CVE-2020-27232 (An exploitable SQL injection vulnerability exists in ‘manageServ ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-27231 (A number of exploitable SQL injection vulnerabilities exists in ‘ ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-27230 (A number of exploitable SQL injection vulnerabilities exists in ‘ ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-27229 (A number of exploitable SQL injection vulnerabilities exists in ‘ ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-27228 (An incorrect default permissions vulnerability exists in the installat ...)
NOT-FOR-US: OpenClinic
CVE-2020-27227 (An exploitable unatuhenticated command injection exists in the OpenCli ...)
NOT-FOR-US: OpenClinic
CVE-2020-27226 (An exploitable SQL injection vulnerability exists in ‘quickFile. ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-27225 (In versions 4.18 and earlier of the Eclipse Platform, the Help Subsyst ...)
- eclipse <removed>
[stretch] - eclipse <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ef09232eec2ff9f78aa6a4c289c9e1c2311c14c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ef09232eec2ff9f78aa6a4c289c9e1c2311c14c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210512/b808b1ff/attachment.htm>
More information about the debian-security-tracker-commits
mailing list