[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 3 13:33:41 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
91e794a8 by Moritz Muehlenhoff at 2021-09-03T14:33:25+02:00
NFUs

- - - - -


2 changed files:

- data/CVE/list
- + data/CVE/list.orig


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-40494 (A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI throu ...)
-	TODO: check
+	NOT-FOR-US: AdaptiveScale LXDUI
 CVE-2021-40493
 	RESERVED
 CVE-2021-40492
@@ -2926,7 +2926,7 @@ CVE-2021-39189
 CVE-2021-39188
 	RESERVED
 CVE-2021-39187 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2021-39186 (GlobalNewFiles is a package in Miraheze, a wiki hosting service. Prior ...)
 	NOT-FOR-US: Miraheze
 CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP services. In h ...)
@@ -4827,11 +4827,11 @@ CVE-2021-38316
 CVE-2021-38315 (The SP Project & Document Manager WordPress plugin is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-38314 (The Gutenberg Template Library & Redux Framework plugin <= 4.2. ...)
-	TODO: check
+	NOT-FOR-US: Gutenberg Template Library
 CVE-2021-38313
 	RESERVED
 CVE-2021-38312 (The Gutenberg Template Library & Redux Framework plugin <= 4.2. ...)
-	TODO: check
+	NOT-FOR-US: Gutenberg Template Library
 CVE-2021-38311 (In Contiki 3.0, potential nonterminating acknowledgment loops exist in ...)
 	NOT-FOR-US: Contiki
 CVE-2021-38310
@@ -13751,7 +13751,7 @@ CVE-2021-3589
 CVE-2021-34437
 	RESERVED
 CVE-2021-34436 (In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Theia
 CVE-2021-34435 (In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a ...)
 	NOT-FOR-US: Eclipse Theia
 CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...)
@@ -40787,7 +40787,7 @@ CVE-2021-23440
 CVE-2021-23439
 	RESERVED
 CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Node mpath
 CVE-2021-23437
 	RESERVED
 CVE-2021-23436 (This affects the package immer before 9.0.6. A type confusion vulnerab ...)
@@ -40799,19 +40799,19 @@ CVE-2021-23434 (This affects the package object-path before 0.11.6. A type confu
 CVE-2021-23433
 	RESERVED
 CVE-2021-23432 (This affects all versions of package mootools. This is due to the abil ...)
-	TODO: check
+	NOT-FOR-US: Node mootools
 CVE-2021-23431 (The package joplin before 2.3.2 are vulnerable to Cross-site Request F ...)
-	TODO: check
+	NOT-FOR-US: Node joplin
 CVE-2021-23430 (All versions of package startserver are vulnerable to Directory Traver ...)
-	TODO: check
+	NOT-FOR-US: Node startserver
 CVE-2021-23429 (All versions of package transpile are vulnerable to Denial of Service  ...)
-	TODO: check
+	NOT-FOR-US: Node transpile
 CVE-2021-23428 (This affects all versions of package elFinder.NetCore. The Path.Combin ...)
-	TODO: check
+	NOT-FOR-US: elFinder.NetCore
 CVE-2021-23427 (This affects all versions of package elFinder.NetCore. The ExtractAsyn ...)
-	TODO: check
+	NOT-FOR-US: elFinder.NetCore
 CVE-2021-23426 (This affects all versions of package Proto. It is possible to inject p ...)
-	TODO: check
+	NOT-FOR-US: Node proto
 CVE-2021-23425 (All versions of package trim-off-newlines are vulnerable to Regular Ex ...)
 	NOT-FOR-US: Node trim-off-newlines
 CVE-2021-23424 (This affects all versions of package ansi-html. If an attacker provide ...)
@@ -42242,15 +42242,15 @@ CVE-2021-22795
 CVE-2021-22794
 	RESERVED
 CVE-2021-22793 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22792 (A CWE-476: NULL Pointer Dereference vulnerability that could cause a D ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22791 (A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22790 (A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22789 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22788
 	RESERVED
 CVE-2021-22787
@@ -42278,7 +42278,7 @@ CVE-2021-22777 (A CWE-502: Deserialization of Untrusted Data vulnerability exist
 CVE-2021-22776
 	RESERVED
 CVE-2021-22775 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22774 (A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists i ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2021-22773 (A CWE-620: Unverified Password Change vulnerability exists in EVlink C ...)
@@ -42420,7 +42420,7 @@ CVE-2021-22706 (A CWE-79: Improper Neutralization of Input During Web Page Gener
 CVE-2021-22705 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
 	NOT-FOR-US: Schneider
 CVE-2021-22704 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...)
 	NOT-FOR-US: PowerLogic
 CVE-2021-22702 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...)
@@ -42614,7 +42614,7 @@ CVE-2021-3020
 CVE-2021-22685
 	RESERVED
 CVE-2021-22684 (Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in  ...)
-	TODO: check
+	NOT-FOR-US: Tizen RT RTOS
 CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
 	NOT-FOR-US: Fatek FvDesigner
 CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4) is configured by default to be ...)
@@ -43487,7 +43487,7 @@ CVE-2021-22253 (Improper authorization in GitLab EE affecting all versions since
 CVE-2021-22252 (A confusion between tag and branch names in GitLab CE/EE affecting all ...)
 	- gitlab <not-affected> (Vulnerable code introduced later)
 CVE-2021-22251 (Improper validation of invited users' email address in GitLab EE affec ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2021-22250 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...)
 	- gitlab <unfixed>
 CVE-2021-22249 (A verbose error message in GitLab EE affecting all versions since 12.2 ...)


=====================================
data/CVE/list.orig
=====================================
The diff for this file was not included because it is too large.


View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e794a8b7d2027a33ae9785c104ec5ad620397a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e794a8b7d2027a33ae9785c104ec5ad620397a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210903/80fa9448/attachment.htm>

More information about the debian-security-tracker-commits mailing list