Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ef0e02db by Moritz Muehlenhoff at 2021-02-11T12:17:04+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2021-27187
CVE-2021-27186 (Fluent Bit 1.6.10 has a NULL pointer dereference when an
flb_malloc re ...)
NOT-FOR-US: Fluent Bit
CVE-2021-27185 (The samba-client package before 4.0.0 for Node.js allows
command injec ...)
- TODO: check
+ NOT-FOR-US: Node samba-client
CVE-2021-27184 (Pelco Digital Sentry Server 7.18.72.11464 has an XML External
Entity v ...)
NOT-FOR-US: Pelco Digital Sentry Server
CVE-2021-27183
@@ -501,9 +501,9 @@ CVE-2021-26941
CVE-2021-26940
RESERVED
CVE-2021-26939 (An information disclosure issue exists in henriquedornas
5.2.17 becaus ...)
- TODO: check
+ NOT-FOR-US: henriquedornas
CVE-2021-26938 (A stored XSS issue exists in henriquedornas 5.2.17 via online
live cha ...)
- TODO: check
+ NOT-FOR-US: henriquedornas
CVE-2021-27135 (xterm through Patch #365 allows remote attackers to cause a
denial of ...)
- xterm 366-1 (bug #982439)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/7
@@ -534,7 +534,7 @@ CVE-2021-3403
- libytnef <unfixed>
NOTE: https://github.com/Yeraze/ytnef/issues/85
CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through
0.5.0, when ...)
- TODO: check
+ NOT-FOR-US: ReplaySorcery
CVE-2021-26935
RESERVED
CVE-2021-26934
@@ -8746,7 +8746,7 @@ CVE-2021-23329 (The package nested-object-assign before
1.0.4 are vulnerable to
CVE-2021-23328 (This affects all versions of package iniparserjs. This
vulnerability r ...)
NOT-FOR-US: Node iniparserjs
CVE-2021-23327 (The package apexcharts before 3.24.0 are vulnerable to
Cross-site Scri ...)
- TODO: check
+ NOT-FOR-US: apexcharts
CVE-2021-23326 (This affects the package @graphql-tools/git-loader before
6.2.6. The u ...)
NOT-FOR-US: graphql-tools/git-loader
CVE-2021-23325
@@ -9096,7 +9096,7 @@ CVE-2021-3035
CVE-2021-3034
RESERVED
CVE-2021-3033 (An improper verification of cryptographic signature
vulnerability exis ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3032 (An information exposure through log file vulnerability exists
in Palo ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2021-3031 (Padding bytes in Ethernet packets on PA-200, PA-220, PA-500,
PA-800, P ...)
@@ -13424,13 +13424,13 @@ CVE-2021-21438
CVE-2021-21437
RESERVED
CVE-2021-21436 (Agents are able to see and link Config Items without
permissions, whic ...)
- TODO: check
+ NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon)
CVE-2021-21435 (Article Bcc fields and agent personal information are shown
when custo ...)
- otrs2 <unfixed>
[buster] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-02/
CVE-2021-21434 (Survey administrator can craft a survey in such way that
malicious cod ...)
- TODO: check
+ NOT-FOR-US: OTRS Survey addon
CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in
cockpit-project.org Coc ...)
- cockpit <unfixed>
[bullseye] - cockpit <ignored> (Minor issue)
@@ -92546,7 +92546,7 @@ CVE-2020-1781
CVE-2020-1780
RESERVED
CVE-2020-1779 (When dynamic templates are used (OTRSTicketForms), admin can
use OTRS ...)
- TODO: check
+ NOT-FOR-US: OTRSTicketForms (OTRS addon)
CVE-2020-1778 (When OTRS uses multiple backends for user authentication (with
LDAP), ...)
- otrs2 <not-affected> (Only affects 8.x)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-16/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef0e02db3c77d987a96e5ba4c590d137d90c24c8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef0e02db3c77d987a96e5ba4c590d137d90c24c8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
