[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 18 21:18:34 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6810b734 by Salvatore Bonaccorso at 2021-05-18T22:18:06+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2014,7 +2014,7 @@ CVE-2021-32240
CVE-2021-32239
RESERVED
CVE-2021-32238 (Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Ove ...)
- TODO: check
+ NOT-FOR-US: Epic Games / Psyonix Rocket League
CVE-2021-32237
RESERVED
CVE-2021-32236
@@ -3131,7 +3131,7 @@ CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 perform
CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 ...)
NOT-FOR-US: OpenDistro for Elasticsearch
CVE-2021-31827 (In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vuln ...)
- TODO: check
+ NOT-FOR-US: Progress MOVEit Transfer
CVE-2021-31825
RESERVED
CVE-2021-31824
@@ -12082,7 +12082,7 @@ CVE-2021-28043
CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Tra ...)
NOT-FOR-US: Deutsche Post Mailoptimizer
CVE-2021-3423 (Uncontrolled Search Path Element vulnerability in the openssl componen ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...)
- openssh 1:8.4p1-5 (bug #984940)
[buster] - openssh <not-affected> (Vulnerable code introduced later)
@@ -50474,7 +50474,7 @@ CVE-2020-24742
CVE-2020-24741
RESERVED
CVE-2020-24740 (An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerab ...)
- TODO: check
+ NOT-FOR-US: Pluck CMS
CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the background deleti ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2020-24738
@@ -52073,7 +52073,7 @@ CVE-2020-24027 (In Live Networks, Inc., liblivemedia version 20200625, there is
NOTE: Fixed in 2020.07.09 upstream, cf.
NOTE: http://www.live555.com/liveMedia/public/changelog.txt
CVE-2020-24026 (TinyShop, a free and open source mall based on RageFrame2, has a store ...)
- TODO: check
+ NOT-FOR-US: TinyShop
CVE-2020-24025 (Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when r ...)
- node-node-sass <unfixed>
[bullseye] - node-node-sass <ignored> (Minor issue)
@@ -52441,9 +52441,9 @@ CVE-2020-23854
CVE-2020-23853
RESERVED
CVE-2020-23852 (A heap based buffer overflow vulnerability exists in ffjpeg through 20 ...)
- TODO: check
+ NOT-FOR-US: ffjpeg
CVE-2020-23851 (A stack-based buffer overflow vulnerability exists in ffjpeg through 2 ...)
- TODO: check
+ NOT-FOR-US: ffjpeg
CVE-2020-23850
RESERVED
CVE-2020-23849 (Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 ...)
@@ -58248,7 +58248,7 @@ CVE-2020-20953
CVE-2020-20952
RESERVED
CVE-2020-20951 (In Pluck-4.7.10-dev2 admin background, a remote command execution vuln ...)
- TODO: check
+ NOT-FOR-US: Pluck CMS
CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip L ...)
NOT-FOR-US: Microchip Libraries for Applications
CVE-2020-20949 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 crypt ...)
@@ -59650,9 +59650,9 @@ CVE-2020-20256
CVE-2020-20255
RESERVED
CVE-2020-20254 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...)
- TODO: check
+ NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20253 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by ...)
- TODO: check
+ NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20252
RESERVED
CVE-2020-20251
@@ -59684,9 +59684,9 @@ CVE-2020-20239
CVE-2020-20238
RESERVED
CVE-2020-20237 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...)
- TODO: check
+ NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20236 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...)
- TODO: check
+ NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20235
RESERVED
CVE-2020-20234
@@ -59714,7 +59714,7 @@ CVE-2020-20224
CVE-2020-20223
RESERVED
CVE-2020-20222 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...)
- TODO: check
+ NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20221
RESERVED
CVE-2020-20220
@@ -59730,7 +59730,7 @@ CVE-2020-20216
CVE-2020-20215
RESERVED
CVE-2020-20214 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion fa ...)
- TODO: check
+ NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20213
RESERVED
CVE-2020-20212
@@ -63817,7 +63817,7 @@ CVE-2020-18180
CVE-2020-18179
RESERVED
CVE-2020-18178 (Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit ...)
- TODO: check
+ NOT-FOR-US: HongCMS
CVE-2020-18177
RESERVED
CVE-2020-18176
@@ -70545,7 +70545,7 @@ CVE-2020-15281
CVE-2020-15280
RESERVED
CVE-2020-15279 (An Improper Access Control vulnerability in the logging component of B ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2020-15278 (Red Discord Bot before version 3.4.1 has an unauthorized privilege esc ...)
NOT-FOR-US: Red Discord Bot
CVE-2020-15277 (baserCMS before version 4.4.1 is affected by Remote Code Execution (RC ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6810b7344c62d5a163b1c86cb12980f553f06573
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6810b7344c62d5a163b1c86cb12980f553f06573
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210518/dfa3251d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list