Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0e902e55 by Moritz Muehlenhoff at 2021-03-25T10:23:53+01:00
new gitlab issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1716,7 +1716,7 @@ CVE-2021-28363 (The urllib3 library 1.26.x before 1.26.4
for Python omits SSL ce
NOTE: In Debian urllib3 does require SSL certificate validation by
default (since 1.3-3)
NOTE: with the 02_require-cert-verification.patch patch (Cf. #686872).
CVE-2021-28362 (An issue was discovered in Contiki through 3.0. When sending
an ICMPv6 ...)
- TODO: check
+ NOT-FOR-US: Contiki
CVE-2021-28361 (An issue was discovered in Storage Performance Development Kit
(SPDK) ...)
NOT-FOR-US: Storage Performance Development Kit
CVE-2021-28360
@@ -15848,9 +15848,9 @@ CVE-2021-22195
CVE-2021-22194
RESERVED
CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions
starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to
3.2.11 ...)
- wireshark 3.4.4-1
[buster] - wireshark <postponed> (Minor issue, can be fixed along in
future update)
@@ -15887,13 +15887,13 @@ CVE-2021-22181
CVE-2021-22180
RESERVED
CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2.
GitLab ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions
starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22177
RESERVED
CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions
starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22175
RESERVED
CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows
denial o ...)
@@ -18782,9 +18782,9 @@ CVE-2021-21388
CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with
PeerJS an ...)
NOT-FOR-US: Wrongthink
CVE-2021-21386 (APKLeaks is an open-source project for scanning APK file for
URIs, end ...)
- TODO: check
+ NOT-FOR-US: APKLeaks
CVE-2021-21385 (Mifos-Mobile Android Application for MifosX is an Android
Application ...)
- TODO: check
+ NOT-FOR-US: Mifos-Mobile Android Application
CVE-2021-21384 (shescape is a simple shell escape package for JavaScript. In
shescape ...)
NOT-FOR-US: shescape
CVE-2021-21383 (Wiki.js an open-source wiki app built on Node.js. Wiki.js
before versi ...)
@@ -20606,7 +20606,7 @@ CVE-2021-20681
CVE-2021-20680
RESERVED
CVE-2021-20679 (Fuji Xerox multifunction devices and printers (DocuCentre-VII
C7773/C6 ...)
- TODO: check
+ NOT-FOR-US: Fuji
CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro
versions prior ...)
NOT-FOR-US: Paid Memberships Pro
CVE-2021-20677
@@ -27888,11 +27888,11 @@ CVE-2021-1473
CVE-2021-1472
RESERVED
CVE-2021-1471 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco
Jabber for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1470
RESERVED
CVE-2021-1469 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco
Jabber for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1468
RESERVED
CVE-2021-1467
@@ -27910,7 +27910,7 @@ CVE-2021-1462
CVE-2021-1461
RESERVED
CVE-2021-1460 (A vulnerability in the Cisco IOx Application Framework of Cisco
809 In ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1459
RESERVED
CVE-2021-1458
@@ -27922,53 +27922,53 @@ CVE-2021-1456
CVE-2021-1455
RESERVED
CVE-2021-1454 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN
Software co ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1453 (A vulnerability in the software image verification
functionality of Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1452 (A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE
Software f ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1451 (A vulnerability in the Easy Virtual Switching System (VSS)
feature of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1450 (A vulnerability in the interprocess communication (IPC) channel
of Cis ...)
NOT-FOR-US: Cisco
CVE-2021-1449 (A vulnerability in the boot logic of Cisco Access Points
Software coul ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1448
RESERVED
CVE-2021-1447
RESERVED
CVE-2021-1446 (A vulnerability in the DNS application layer gateway (ALG)
functionali ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1445
RESERVED
CVE-2021-1444
RESERVED
CVE-2021-1443 (A vulnerability in the web UI of Cisco IOS XE Software could
allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1442 (A vulnerability in a diagnostic command for the Plug-and-Play
(PnP) su ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1441 (A vulnerability in the hardware initialization routines of
Cisco IOS X ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1440
RESERVED
CVE-2021-1439 (A vulnerability in the multicast DNS (mDNS) gateway feature of
Cisco A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1438
RESERVED
CVE-2021-1437 (A vulnerability in the FlexConnect Upgrade feature of Cisco
Aironet Se ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1436 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software
could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1435 (A vulnerability in the web UI of Cisco IOS XE Software could
allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1434 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software
could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1433 (A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN
Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1432 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software
could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1431 (A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN
Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1430
RESERVED
CVE-2021-1429
@@ -27984,7 +27984,7 @@ CVE-2021-1425
CVE-2021-1424
RESERVED
CVE-2021-1423 (A vulnerability in the implementation of a CLI command in Cisco
Airone ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1422
RESERVED
CVE-2021-1421
@@ -27994,9 +27994,9 @@ CVE-2021-1420
CVE-2021-1419
RESERVED
CVE-2021-1418 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco
Jabber for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1417 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco
Jabber for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1416 (Multiple vulnerabilities in the Admin portal of Cisco Identity
Service ...)
NOT-FOR-US: Cisco
CVE-2021-1415
@@ -28008,7 +28008,7 @@ CVE-2021-1413
CVE-2021-1412 (Multiple vulnerabilities in the Admin portal of Cisco Identity
Service ...)
NOT-FOR-US: Cisco
CVE-2021-1411 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco
Jabber for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1410
RESERVED
CVE-2021-1409
@@ -28024,7 +28024,7 @@ CVE-2021-1405
CVE-2021-1404
RESERVED
CVE-2021-1403 (A vulnerability in the web UI feature of Cisco IOS XE Software
could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1402
RESERVED
CVE-2021-1401
@@ -28034,7 +28034,7 @@ CVE-2021-1400
CVE-2021-1399
RESERVED
CVE-2021-1398 (A vulnerability in the boot logic of Cisco IOS XE Software
could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1397
RESERVED
CVE-2021-1396 (Multiple vulnerabilities in Cisco Application Services Engine
could al ...)
@@ -28042,15 +28042,15 @@ CVE-2021-1396 (Multiple vulnerabilities in Cisco
Application Services Engine cou
CVE-2021-1395
RESERVED
CVE-2021-1394 (A vulnerability in the ingress traffic manager of Cisco IOS XE
Softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1393 (Multiple vulnerabilities in Cisco Application Services Engine
could al ...)
NOT-FOR-US: Cisco
CVE-2021-1392 (A vulnerability in the CLI command permissions of Cisco IOS and
Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1391 (A vulnerability in the dragonite debugger of Cisco IOS XE
Software cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1390 (A vulnerability in one of the diagnostic test CLI commands of
Cisco IO ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1389 (A vulnerability in the IPv6 traffic processing of Cisco IOS XR
Softwar ...)
NOT-FOR-US: Cisco
CVE-2021-1388 (A vulnerability in an API endpoint of Cisco ACI Multi-Site
Orchestrato ...)
@@ -28060,15 +28060,15 @@ CVE-2021-1387 (A vulnerability in the network stack
of Cisco NX-OS Software coul
CVE-2021-1386
RESERVED
CVE-2021-1385 (A vulnerability in the Cisco IOx application hosting
environment of mu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1384 (A vulnerability in Cisco IOx application hosting environment of
Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1383 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN
Software co ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1382 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software
could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1381 (A vulnerability in Cisco IOS XE Software could allow an
authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1380
RESERVED
CVE-2021-1379
@@ -28076,19 +28076,19 @@ CVE-2021-1379
CVE-2021-1378 (A vulnerability in the SSH service of the Cisco StarOS
operating syste ...)
NOT-FOR-US: Cisco
CVE-2021-1377 (A vulnerability in Address Resolution Protocol (ARP) management
of Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1376 (Multiple vulnerabilities in the fast reload feature of Cisco
IOS XE So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1375 (Multiple vulnerabilities in the fast reload feature of Cisco
IOS XE So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1374 (A vulnerability in the web-based management interface of Cisco
IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1373 (A vulnerability in the Control and Provisioning of Wireless
Access Poi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1372 (A vulnerability in Cisco Webex Meetings Desktop App and Webex
Producti ...)
NOT-FOR-US: Cisco
CVE-2021-1371 (A vulnerability in the role-based access control of Cisco IOS
XE SD-WA ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for
the Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1369
@@ -28118,7 +28118,7 @@ CVE-2021-1358
CVE-2021-1357 (Multiple vulnerabilities in Cisco Unified Communications
Manager IM &a ...)
NOT-FOR-US: Cisco
CVE-2021-1356 (Multiple vulnerabilities in the web UI of Cisco IOS XE Software
could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1355 (Multiple vulnerabilities in Cisco Unified Communications
Manager IM &a ...)
NOT-FOR-US: Cisco
CVE-2021-1354 (A vulnerability in the certificate registration process of
Cisco Unifi ...)
@@ -28126,7 +28126,7 @@ CVE-2021-1354 (A vulnerability in the certificate
registration process of Cisco
CVE-2021-1353 (A vulnerability in the IPv4 protocol handling of Cisco StarOS
could al ...)
NOT-FOR-US: Cisco
CVE-2021-1352 (A vulnerability in the DECnet Phase IV and DECnet/OSI protocol
process ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1351 (A vulnerability in the web-based interface of Cisco Webex
Meetings cou ...)
NOT-FOR-US: Cisco
CVE-2021-1350 (A vulnerability in the web UI of Cisco Umbrella could allow an
unauthe ...)
@@ -28268,7 +28268,7 @@ CVE-2021-1283 (A vulnerability in the logging subsystem
of Cisco Data Center Net
CVE-2021-1282 (Multiple vulnerabilities in Cisco Unified Communications
Manager IM &a ...)
NOT-FOR-US: Cisco
CVE-2021-1281 (A vulnerability in CLI management in Cisco IOS XE SD-WAN
Software coul ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1280 (A vulnerability in the loading mechanism of specific DLLs of
Cisco Adv ...)
NOT-FOR-US: Cisco
CVE-2021-1279 (Multiple vulnerabilities in Cisco SD-WAN products could allow
an unaut ...)
@@ -28390,7 +28390,7 @@ CVE-2021-1222 (A vulnerability in the web-based
management interface of Cisco Sm
CVE-2021-1221 (A vulnerability in the user interface of Cisco Webex Meetings
and Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1220 (Multiple vulnerabilities in the web UI of Cisco IOS XE Software
could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1219 (A vulnerability in Cisco Smart Software Manager Satellite could
allow ...)
NOT-FOR-US: Cisco
CVE-2021-1218 (A vulnerability in the web management interface of Cisco Smart
Softwar ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e902e554b5b7e6615a922bec6565194771b1966
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e902e554b5b7e6615a922bec6565194771b1966
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
