[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun May 30 17:09:29 BST 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
85378633 by Moritz Mühlenhoff at 2021-05-30T18:09:01+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -447,7 +447,7 @@ CVE-2021-33592
 CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15 ...)
 	NOT-FOR-US: Naver Comic Viewer
 CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_ ...)
-	TODO: check
+	NOT-FOR-US: GattLib
 CVE-2021-33589
 	RESERVED
 CVE-2021-33588
@@ -523,7 +523,7 @@ CVE-2021-3565 [during tpm2_import command invocation a fixed AES wrapping key is
 	NOTE: https://github.com/tpm2-software/tpm2-tools/issues/2738
 	NOTE: https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
 CVE-2021-33564 (An argument injection vulnerability in the Dragonfly gem before 1.4.0  ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly gem
 CVE-2021-33563 (Koel before 5.1.4 lacks login throttling, lacks a password strength po ...)
 	NOT-FOR-US: Koel
 CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in Shopizer befor ...)
@@ -2494,15 +2494,15 @@ CVE-2021-32649
 CVE-2021-32648
 	RESERVED
 CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected versions ...)
-	TODO: check
+	NOT-FOR-US: Emissary
 CVE-2021-32646 (Roomer is a discord bot cog (extension) which provides automatic voice ...)
-	TODO: check
+	NOT-FOR-US: Roomer
 CVE-2021-32645 (Tenancy multi-tenant is an open source multi-domain controller for the ...)
-	TODO: check
+	NOT-FOR-US: Teancy multi-tenant
 CVE-2021-32644
 	RESERVED
 CVE-2021-32643 (Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` ca ...)
-	TODO: check
+	NOT-FOR-US: Http4s
 CVE-2021-32642 (radsecproxy is a generic RADIUS proxy that supports both UDP and TLS ( ...)
 	- radsecproxy 1.8.2-4 (unimportant)
 	NOTE: https://github.com/radsecproxy/radsecproxy/commit/ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af
@@ -7801,7 +7801,7 @@ CVE-2021-30463 (VestaCP through 0.9.8-24 allows attackers to gain privileges by
 CVE-2021-30462 (VestaCP through 0.9.8-24 allows the admin user to escalate privileges  ...)
 	NOT-FOR-US: VestaCP
 CVE-2021-30461 (A remote code execution issue was discovered in the web UI of VoIPmoni ...)
-	TODO: check
+	NOT-FOR-US: VoIPmonitor
 CVE-2021-30460
 	RESERVED
 CVE-2021-30459 (A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolba ...)
@@ -22437,7 +22437,7 @@ CVE-2021-24300 (The slider import search feature of the PickPlugins Product Slid
 CVE-2021-24299 (The ReDi Restaurant Reservation WordPress plugin before 21.0426 provid ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24298 (The method and share GET parameters of the Giveaway pages were not san ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24297 (The Goto WordPress theme before 2.1 did not properly sanitize the form ...)
 	NOT-FOR-US: Goto WordPress theme
 CVE-2021-24296 (The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise ...)
@@ -25556,7 +25556,7 @@ CVE-2021-22910
 CVE-2021-22909 (A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could a ...)
 	NOT-FOR-US: EdgeMAX EdgeRouter
 CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File Resource Profil ...)
-	TODO: check
+	NOT-FOR-US: Windows File Resource Profiles
 CVE-2021-22907 (An improper access control vulnerability exists in Citrix Workspace Ap ...)
 	NOT-FOR-US: Citrix
 CVE-2021-22906
@@ -32070,7 +32070,7 @@ CVE-2021-20729
 CVE-2021-20728
 	RESERVED
 CVE-2021-20727 (Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allo ...)
-	TODO: check
+	NOT-FOR-US: Zettlr
 CVE-2021-20726 (Untrusted search path vulnerability in The Installer of Overwolf 2.168 ...)
 	NOT-FOR-US: Overwolf
 CVE-2021-20725 (Reflected cross-site scripting vulnerability in the admin page of [Cal ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85378633b71146e7bc72c2aac9e78a949a3ef2ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85378633b71146e7bc72c2aac9e78a949a3ef2ff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210530/4f2b4ba2/attachment.htm>


More information about the debian-security-tracker-commits mailing list