[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 27 21:42:50 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
06da020b by Salvatore Bonaccorso at 2021-05-27T22:42:04+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -452,7 +452,7 @@ CVE-2021-33396
CVE-2021-33395
RESERVED
CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does not gener ...)
- TODO: check
+ NOT-FOR-US: Cubecart
CVE-2021-33393
RESERVED
CVE-2021-33392
@@ -14413,23 +14413,23 @@ CVE-2021-27498
CVE-2021-27497
RESERVED
CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
- TODO: check
+ NOT-FOR-US: Datakit
CVE-2021-27495
RESERVED
CVE-2021-27494 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
- TODO: check
+ NOT-FOR-US: Datakit
CVE-2021-27493
RESERVED
CVE-2021-27492 (When opening a specially crafted 3DXML file, the application containin ...)
- TODO: check
+ NOT-FOR-US: Datakit
CVE-2021-27491
RESERVED
CVE-2021-27490 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
- TODO: check
+ NOT-FOR-US: Datakit
CVE-2021-27489
RESERVED
CVE-2021-27488 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
- TODO: check
+ NOT-FOR-US: Datakit
CVE-2021-27487
RESERVED
CVE-2021-27486 (FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to ...)
@@ -25098,15 +25098,15 @@ CVE-2021-22913
CVE-2021-22912
RESERVED
CVE-2021-22911 (A improper input sanitization vulnerability exists in Rocket.Chat serv ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2021-22910
RESERVED
CVE-2021-22909 (A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could a ...)
- TODO: check
+ NOT-FOR-US: EdgeMAX EdgeRouter
CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File Resource Profil ...)
TODO: check
CVE-2021-22907 (An improper access control vulnerability exists in Citrix Workspace Ap ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2021-22906
RESERVED
CVE-2021-22905
@@ -25137,9 +25137,9 @@ CVE-2021-22901 [TLS session caching disaster]
NOTE: Introduced by: https://github.com/curl/curl/commit/a304051620b92e12b6b1b4e19edc57b34ea332b6 (7.75.0)
NOTE: Fixed by: https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479 (7.77.0)
CVE-2021-22900 (A vulnerability allowed multiple unrestricted uploads in Pulse Connect ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure befor ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2021-22898 [TELNET stack contents disclosure]
RESERVED
- curl <unfixed>
@@ -25159,13 +25159,13 @@ CVE-2021-22896
CVE-2021-22895
RESERVED
CVE-2021-22894 (A buffer overflow vulnerability exists in Pulse Connect Secure before ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authen ...)
NOT-FOR-US: Pulse Connect Secure
CVE-2021-22892 (An information disclosure vulnerability exists in the Rocket.Chat serv ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2021-22891 (A missing authorization vulnerability exists in Citrix ShareFile Stora ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2021-22890 (curl 7.63.0 to and including 7.75.0 includes vulnerability that allows ...)
{DSA-4881-1}
- curl 7.74.0-1.2 (bug #986270)
@@ -26314,7 +26314,7 @@ CVE-2021-22413
CVE-2021-22412
RESERVED
CVE-2021-22411 (There is an out-of-bounds write vulnerability in some Huawei products. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22410
RESERVED
CVE-2021-22409 (There is a denial of service vulnerability in some versions of ManageO ...)
@@ -26408,19 +26408,19 @@ CVE-2021-22366
CVE-2021-22365
RESERVED
CVE-2021-22364 (There is a denial of service vulnerability in the versions 10.1.0.126( ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22363
RESERVED
CVE-2021-22362 (There is an out of bounds write vulnerability in some Huawei products. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22361
RESERVED
CVE-2021-22360 (There is a resource management error vulnerability in the verisions V5 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22359 (There is a denial of service vulnerability in the verisions V200R005C0 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22358 (There is an insufficient input validation vulnerability in FusionCompu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22357
RESERVED
CVE-2021-22356
@@ -64902,9 +64902,9 @@ CVE-2020-18232
CVE-2020-18231
RESERVED
CVE-2020-18230 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...)
- TODO: check
+ NOT-FOR-US: PHPMyWind
CVE-2020-18229 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...)
- TODO: check
+ NOT-FOR-US: PHPMyWind
CVE-2020-18228
RESERVED
CVE-2020-18227
@@ -66364,7 +66364,7 @@ CVE-2020-17516 (Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.
CVE-2020-17515 (The "origin" parameter passed to some of the endpoints like '/trigger' ...)
- airflow <itp> (bug #819700)
CVE-2020-17514 (Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ...)
- TODO: check
+ NOT-FOR-US: Apache Fineract
CVE-2020-17513 (In Apache Airflow versions prior to 1.10.13, the Charts and Query View ...)
- airflow <itp> (bug #819700)
CVE-2020-17512
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06da020bac3c05a0265d4a645f606978238e520e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06da020bac3c05a0265d4a645f606978238e520e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210527/5c14a1c3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list