Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
062f4264 by Salvatore Bonaccorso at 2021-02-03T09:32:40+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3
allows r ...)
- TODO: check
+ NOT-FOR-US: Pryaniki
CVE-2021-3394
RESERVED
CVE-2021-3393
@@ -12909,7 +12909,7 @@ CVE-2021-21294 (Http4s (http4s-blaze-server) is a
minimal, idiomatic Scala inter
CVE-2021-21293 (blaze is a Scala library for building asynchronous pipelines,
with a f ...)
TODO: check
CVE-2021-21292 (Traccar is an open source GPS tracking system. In Traccar
before versi ...)
- TODO: check
+ NOT-FOR-US: Traccar
CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file
server th ...)
TODO: check
CVE-2021-21290
@@ -12950,7 +12950,7 @@ CVE-2021-21278 (RSSHub is an open source, easy to use,
and extensible RSS feed g
CVE-2021-21277 (angular-expressions is "angular's nicest part extracted as a
standalon ...)
TODO: check
CVE-2021-21276 (Polr is an open source URL shortener. in Polr before version
2.3.0, a ...)
- TODO: check
+ NOT-FOR-US: Polr
CVE-2021-21275 (The MediaWiki "Report" extension has a Cross-Site Request
Forgery (CSR ...)
NOT-FOR-US: MediaWiki Report extention
CVE-2021-21274
@@ -13622,7 +13622,7 @@ CVE-2021-21045
CVE-2021-21044
RESERVED
CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a
Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21042
RESERVED
CVE-2021-21041
@@ -16749,7 +16749,7 @@ CVE-2020-35154
CVE-2020-35153
RESERVED
CVE-2020-35152 (Cloudflare WARP for Windows allows privilege escalation due to
an unqu ...)
- TODO: check
+ NOT-FOR-US: Cloudflare WARP for Windows
CVE-2020-35151 (The Online Marriage Registration System 1.0 post parameter
"searchdata ...)
NOT-FOR-US: Online Marriage Registration System
CVE-2020-35150
@@ -17912,7 +17912,7 @@ CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and
v2.12.2 has an issue where r
NOTE:
https://github.com/Icinga/icinga2/commit/abbd7d5494369af8bbf8fc12f5dc1a0f05a1f817
NOTE:
https://github.com/Icinga/icinga2/commit/cae22a89da9e6a381904c3b207e5a3f93f6ed838
CVE-2020-29662 (In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the
catalog’s ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2020-29661 (A locking issue was discovered in the tty subsystem of the
Linux kerne ...)
{DSA-4843-1}
- linux 5.9.15-1
@@ -56420,7 +56420,7 @@ CVE-2020-14257
CVE-2020-14256
RESERVED
CVE-2020-14255 (HCL Digital Experience 9.5 containers include vulnerabilities
that cou ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2020-14254 (TLS-RSA cipher suites are not disabled in HCL BigFix Inventory
up to v ...)
NOT-FOR-US: HCL BigFix Inventory
CVE-2020-14253
@@ -56488,7 +56488,7 @@ CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is
susceptible to cross-sit
CVE-2020-14222 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross
site scri ...)
NOT-FOR-US: HCL Digital Experience
CVE-2020-14221 (HCL Digital Experience 8.5, 9.0, and 9.5 exposes information
about the ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2020-14220
RESERVED
CVE-2020-14219
@@ -72262,7 +72262,7 @@ CVE-2020-8674 (Out-of-bounds read in DHCPv6 subsystem
in Intel(R) AMT and Intel(
CVE-2020-8673
RESERVED
CVE-2020-8672 (Out of bound read in BIOS firmware for 8th, 9th Generation
Intel(R) Co ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th
Generat ...)
NOT-FOR-US: Intel
CVE-2020-8670
@@ -90462,7 +90462,7 @@ CVE-2020-1912 (An out-of-bounds read/write
vulnerability when executing lazily c
CVE-2020-1911 (A type confusion vulnerability when resolving properties of
JavaScript ...)
NOT-FOR-US: Facebook Hermes
CVE-2020-1910 (A missing bounds check in WhatsApp for Android prior to
v2.21.1.13 and ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2020-1909 (A use-after-free in a logging library in WhatsApp for iOS prior
to v2. ...)
NOT-FOR-US: WhatsApp
CVE-2020-1908 (Improper authorization of the Screen Lock feature in WhatsApp
and What ...)
@@ -90490,7 +90490,7 @@ CVE-2020-1898
CVE-2020-1897 (A use-after-free is possible due to an error in lifetime
management in ...)
NOT-FOR-US: Facebook Proxygen
CVE-2020-1896 (A stack overflow vulnerability in Facebook Hermes
‘builtin apply ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when
attemp ...)
NOT-FOR-US: Instagram for Android
CVE-2020-1894 (A stack write overflow in WhatsApp for Android prior to
v2.20.35, What ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/062f426421587351b936a106c6056464daed4160
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/062f426421587351b936a106c6056464daed4160
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
