[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue May 18 12:29:33 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f8c90cca by Moritz Muehlenhoff at 2021-05-18T13:28:32+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -738,13 +738,13 @@ CVE-2021-32822
CVE-2021-32821
RESERVED
CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express. Express-ha ...)
- TODO: check
+ NOT-FOR-US: Express-handlebars
CVE-2021-32819 (Squirrelly is a template engine implemented in JavaScript that works o ...)
- TODO: check
+ NOT-FOR-US: Squirrelly
CVE-2021-32818 (haml-coffee is a JavaScript templating solution. haml-coffee mixes pur ...)
- TODO: check
+ NOT-FOR-US: haml-coffee
CVE-2021-32817 (express-hbs is an Express handlebars template engine. express-hbs mixe ...)
- TODO: check
+ NOT-FOR-US: express-hbs
CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for the Pro ...)
NOT-FOR-US: ProtonMail Web Client
CVE-2021-32815
@@ -1134,7 +1134,7 @@ CVE-2021-32624
CVE-2021-32623
RESERVED
CVE-2021-32622 (Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip ...)
- TODO: check
+ NOT-FOR-US: Matrix-React-SDK
CVE-2021-32621
RESERVED
CVE-2021-32620
@@ -2382,7 +2382,7 @@ CVE-2021-32056 (Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allow
NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995
NOTE: https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released
CVE-2021-32054 (Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers ...)
- TODO: check
+ NOT-FOR-US: Firely/Incendi Spark
CVE-2021-32053 (JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e. ...)
NOT-FOR-US: HAPI FHIR
CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 ( ...)
@@ -8446,7 +8446,7 @@ CVE-2021-29513 (TensorFlow is an end-to-end open source platform for machine lea
CVE-2021-29512 (TensorFlow is an end-to-end open source platform for machine learning. ...)
- tensorflow <itp> (bug #804612)
CVE-2021-29511 (evm is a pure Rust implementation of Ethereum Virtual Machine. Prior t ...)
- TODO: check
+ NOT-FOR-US: Rust crate evm
CVE-2021-29510 (Pydantic is a data validation and settings management using Python typ ...)
- pydantic <unfixed> (bug #988480)
NOTE: https://github.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh
@@ -8457,11 +8457,11 @@ CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications.
NOTE: https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837
NOTE: CVE is related to an incomplete fix for CVE-2019-16770
CVE-2021-29508 (Due to how Wire handles type information in its serialization format, ...)
- TODO: check
+ NOT-FOR-US: Wire
CVE-2021-29507
RESERVED
CVE-2021-29506 (GraphHopper is an open-source Java routing engine. In GrassHopper from ...)
- TODO: check
+ NOT-FOR-US: GraphHopper
CVE-2021-29505
RESERVED
CVE-2021-29504
@@ -16013,7 +16013,7 @@ CVE-2021-26313
CVE-2021-26312
RESERVED
CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...)
NOT-FOR-US: Foris
CVE-2021-3344 (A privilege escalation flaw was found in OpenShift builder. During bui ...)
@@ -16966,11 +16966,11 @@ CVE-2021-25945
CVE-2021-25944
RESERVED
CVE-2021-25943 (Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6. ...)
- TODO: check
+ NOT-FOR-US: Node 101
CVE-2021-25942
RESERVED
CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.0.0 th ...)
- TODO: check
+ NOT-FOR-US: Node deep-override
CVE-2021-25940
RESERVED
CVE-2021-25939
@@ -20749,7 +20749,7 @@ CVE-2021-24325 (The tab parameter of the settings page of the 404 SEO Redirectio
CVE-2021-24324 (The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF c ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24323 (When taxes are enabled, the "Additional tax classes" field was not pro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24322
RESERVED
CVE-2021-24321
@@ -20819,7 +20819,7 @@ CVE-2021-24290 (There are several endpoints in the Store Locator Plus for WordPr
CVE-2021-24289 (There is functionality in the Store Locator Plus for WordPress plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24288 (When subscribing using AcyMailing, the 'redirect' parameter isn't prop ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24287 (The settings page of the Select All Categories and Taxonomies, Change ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24286 (The settings page of the Redirect 404 to parent WordPress plugin befor ...)
@@ -20829,7 +20829,7 @@ CVE-2021-24285 (The request_list_request AJAX call of the Car Seller - Auto Clas
CVE-2021-24284 (The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows una ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24283 (The tab GET parameter of the settings page is not sanitised or escaped ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24282 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24281 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...)
@@ -22924,7 +22924,7 @@ CVE-2021-23386
CVE-2021-23385
RESERVED
CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Node koa-remove-trailing-slashes before
CVE-2021-23383 (The package handlebars before 4.7.7 are vulnerable to Prototype Pollut ...)
- node-handlebars 3:4.7.6+~4.1.0-2
[buster] - node-handlebars <no-dsa> (Minor issue; can be fixed via point release)
@@ -23456,7 +23456,7 @@ CVE-2021-3030
CVE-2021-23234
RESERVED
CVE-2021-23135 (Exposure of System Data to an Unauthorized Control Sphere vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2021-23134 (Use After Free vulnerability in nfc sockets in the Linux Kernel before ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
@@ -24044,7 +24044,7 @@ CVE-2021-22868
CVE-2021-22867
RESERVED
CVE-2021-22866 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2021-22865 (An improper access control vulnerability was identified in GitHub Ente ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2021-22864 (A remote code execution vulnerability was identified in GitHub Enterpr ...)
@@ -52487,7 +52487,7 @@ CVE-2020-23792
CVE-2020-23791
RESERVED
CVE-2020-23790 (An Arbitrary File Upload vulnerability was discovered in the Golo Lara ...)
- TODO: check
+ NOT-FOR-US: Golo Laravel theme
CVE-2020-23789
RESERVED
CVE-2020-23788
@@ -52917,7 +52917,7 @@ CVE-2020-23577
CVE-2020-23576 (Laborator Neon dashboard v3 is affected by stored Cross Site Scripting ...)
NOT-FOR-US: Laborator Neon dashboard
CVE-2020-23575 (A directory traversal vulnerability exists in Kyocera Printer d-COPIA2 ...)
- TODO: check
+ NOT-FOR-US: Kyocera
CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an authenticated use ...)
NOT-FOR-US: Sysax Multi Server
CVE-2020-23573
@@ -54449,7 +54449,7 @@ CVE-2020-22811
CVE-2020-22810
RESERVED
CVE-2020-22809 (In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Serv ...)
- TODO: check
+ NOT-FOR-US: Windscribe
CVE-2020-22808 (An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulne ...)
NOT-FOR-US: yii2_fecshop
CVE-2020-22807 (An issue was dicovered in vtiger crm 7.2. Union sql injection in the c ...)
@@ -75087,7 +75087,7 @@ CVE-2020-13669
CVE-2020-13668
RESERVED
CVE-2020-13667 (Access bypass vulnerability in of Drupal Core Workspaces allows an att ...)
- TODO: check
+ NOT-FOR-US: Drupal 8.x
CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...)
{DLA-2458-1}
- drupal7 <removed>
@@ -76799,7 +76799,7 @@ CVE-2020-12969
CVE-2020-12968
RESERVED
CVE-2020-12967 (The lack of nested page table protection in the AMD SEV/SEV-ES feature ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12966
RESERVED
CVE-2020-12965
@@ -77970,7 +77970,7 @@ CVE-2020-12528 (An issue was discovered in MB connect line mymbCONNECT24 and mbC
CVE-2020-12527 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...)
NOT-FOR-US: MB connect software
CVE-2020-12526 (TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics U ...)
- TODO: check
+ NOT-FOR-US: TwinCAT OPC UA Server
CVE-2020-12525 (M&M Software fdtCONTAINER Component in versions below 3.5.20304.x ...)
NOT-FOR-US: M&M Software fdtCONTAINER Component
CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause the Phoeni ...)
@@ -451936,7 +451936,7 @@ CVE-2007-5969 (MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0
CVE-2007-5968
REJECTED
CVE-2007-5967 (A flaw in Mozilla's embedded certificate code might allow web sites to ...)
- TODO: check
+ NOT-FOR-US: Historic Mozilla issue
CVE-2007-5966 (Integer overflow in the hrtimer_start function in kernel/hrtimer.c in ...)
{DSA-1436-1}
- linux-2.6 2.6.23-2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8c90cca35c38809b23cd7f76f80da717c174c56
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8c90cca35c38809b23cd7f76f80da717c174c56
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210518/e3ff7581/attachment.htm>
More information about the debian-security-tracker-commits
mailing list