[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Oct 15 12:10:53 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
23b0caaa by Moritz Muehlenhoff at 2021-10-15T13:10:26+02:00
new gitlab issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -50146,9 +50146,9 @@ CVE-2021-22264 (An issue has been discovered in GitLab affecting all versions st
 CVE-2021-22263 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2021-22262 (Missing access control in GitLab version 13.10 and above with Jira Clo ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira integration in ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22260
 	RESERVED
 CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE starting wit ...)
@@ -57104,19 +57104,19 @@ CVE-2021-20131 (ManageEngine ADManager Plus Build 7111 contains a post-authentic
 CVE-2021-20130 (ManageEngine ADManager Plus Build 7111 contains a post-authentication  ...)
 	NOT-FOR-US: ManageEngine ADManager Plus
 CVE-2021-20129 (An information disclosure vulnerability exists in Draytek VigorConnect ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2021-20128 (The Profile Name field in the floor plan (Network Menu) page in Drayte ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2021-20127 (An arbitrary file deletion vulnerability exists in the file delete fun ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2021-20126 (Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protect ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2021-20125 (An arbitrary file upload and directory traversal vulnerability exists  ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2021-20124 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2021-20123 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2021-20122 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...)
 	NOT-FOR-US: Telus Wi-Fi Hub
 CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...)
@@ -65478,7 +65478,7 @@ CVE-2021-0690 (In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is
 CVE-2021-0689 (In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out  ...)
 	NOT-FOR-US: Android media framework
 CVE-2021-0688 (In lockNow of PhoneWindowManager.java, there is a possible lock screen ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2021-0687 (In ellipsize of Layout.java, there is a possible ANR due to improper i ...)
 	NOT-FOR-US: Android
 CVE-2021-0686 (In getDefaultSmsPackage of RoleManagerService.java, there is a possibl ...)
@@ -65695,7 +65695,7 @@ CVE-2021-0585 (In beginWrite and beginRead of MessageQueueBase.h, there is a pos
 CVE-2021-0584 (In verifyBufferObject of Parcel.cpp, there is a possible out of bounds ...)
 	NOT-FOR-US: Android
 CVE-2021-0583 (In onCreate of BluetoothPairingDialog, there is a possible way to enab ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2021-0582 (In wifi driver, there is a possible out of bounds read due to a missin ...)
 	NOT-FOR-US: MediaTek components for Android
 CVE-2021-0581 (In wifi driver, there is a possible out of bounds read due to a missin ...)
@@ -80102,7 +80102,7 @@ CVE-2020-22726
 CVE-2020-22725
 	RESERVED
 CVE-2020-22724 (A remote command execution vulnerability exists in add_server_service  ...)
-	TODO: check
+	NOT-FOR-US: Mercury Router MER1200
 CVE-2020-22723 (A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhiche ...)
 	NOT-FOR-US: Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop
 CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23b0caaa943ad1ccd66f6445badff794584a258b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23b0caaa943ad1ccd66f6445badff794584a258b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211015/cbe0de9f/attachment.htm>

More information about the debian-security-tracker-commits mailing list