[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams (@codehelp)
codehelp at debian.org
Wed Jun 1 11:02:30 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2ff0919f by Neil Williams at 2022-06-01T11:02:14+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -50564,7 +50564,7 @@ CVE-2021-40188 (PHPFusion 9.03.110 is affected by an arbitrary file upload vulne
CVE-2021-40187
RESERVED
CVE-2021-40186 (The AppCheck research team identified a Server-Side Request Forgery (S ...)
- TODO: check
+ NOT-FOR-US: DNN
CVE-2021-40185
RESERVED
CVE-2021-40184
@@ -58844,7 +58844,7 @@ CVE-2021-36892
CVE-2021-36891
RESERVED
CVE-2021-36890 (Cross-Site Request Forgery (CSRF) vulnerability in Social Share Button ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36889 (Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabiliti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading to full ...)
@@ -58892,7 +58892,7 @@ CVE-2021-36868
CVE-2021-36867 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36866 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36865
RESERVED
CVE-2021-36864
@@ -67000,7 +67000,7 @@ CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensu
CVE-2021-33505 (A local malicious user can circumvent the Falco detection engine throu ...)
- falco <itp> (bug #842306)
CVE-2021-33504 (Couchbase Server before 7.1.0 has Incorrect Access Control. ...)
- TODO: check
+ NOT-FOR-US: Couchbase Server
CVE-2021-33503 (An issue was discovered in urllib3 before 1.26.5. When provided with a ...)
- python-urllib3 1.26.5-1~exp1 (bug #989848)
[buster] - python-urllib3 <no-dsa> (Minor issue)
@@ -69504,7 +69504,7 @@ CVE-2021-32548 (It was discovered that read_file() in apport/hookutils.py would
CVE-2021-32547 (It was discovered that read_file() in apport/hookutils.py would follow ...)
NOT-FOR-US: Apport
CVE-2021-32546 (Missing input validation in internal/db/repo_editor.go in Gogs before ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2021-32545 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
NOT-FOR-US: Pexip Infinity
CVE-2021-32544 (Special characters of IGT search function in igt+ are not filtered in ...)
@@ -82082,7 +82082,7 @@ CVE-2021-27780 (The software may be vulnerable to both Un-Auth XML interaction a
CVE-2021-27779 (VersionVault Express exposes sensitive information that an attacker ca ...)
NOT-FOR-US: HCL
CVE-2021-27778 (HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by i ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2021-27777 (XML External Entity (XXE) injection vulnerabilities occur when poorly ...)
NOT-FOR-US: HCL
CVE-2021-27776
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ff0919fc0c786bbf9f01a9ce9d7b2a05349e9d0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ff0919fc0c786bbf9f01a9ce9d7b2a05349e9d0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220601/6d24b413/attachment.htm>
More information about the debian-security-tracker-commits
mailing list