[Git][security-tracker-team/security-tracker][master] new ircii issue

Moritz Muehlenhoff Wed, 31 Mar 2021 10:23:20 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
54627e3e by Moritz Muehlenhoff at 2021-03-31T19:22:55+02:00
new ircii issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46,7 +46,7 @@ CVE-2021-29644
 CVE-2021-29643
        RESERVED
 CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to 
change the U ...)
-       TODO: check
+       NOT-FOR-US: GistPad
 CVE-2021-29641
        RESERVED
 CVE-2021-29640
@@ -522,7 +522,7 @@ CVE-2021-29418 (The netmask package before 2.0.1 for 
Node.js mishandles certain
 CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute 
arbitrary co ...)
        TODO: check
 CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 
2021.2. Durin ...)
-       TODO: check
+       NOT-FOR-US: Burp Suite (different from src:burp)
 CVE-2021-29415
        RESERVED
 CVE-2021-29414
@@ -602,7 +602,8 @@ CVE-2021-29378
 CVE-2021-29377
        RESERVED
 CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a 
denial of ser ...)
-       TODO: check
+       - ircii <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/2
 CVE-2021-29375
        RESERVED
 CVE-2021-29374
@@ -826,7 +827,7 @@ CVE-2021-29269
 CVE-2021-29268
        RESERVED
 CVE-2021-29267 (Sherlock SherlockIM through 2021-03-29 allows Cross Site 
Scripting (XS ...)
-       TODO: check
+       NOT-FOR-US: SherlockIM
 CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. 
drivers/vho ...)
        - linux 5.10.26-1 (unimportant)
        [buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -5417,15 +5418,15 @@ CVE-2021-27246
 CVE-2021-27245 (This vulnerability allows a firewall bypass on affected 
installations  ...)
        NOT-FOR-US: TP-Link
 CVE-2021-27244 (This vulnerability allows local attackers to disclose 
sensitive inform ...)
-       TODO: check
+       NOT-FOR-US: Parallels
 CVE-2021-27243 (This vulnerability allows local attackers to escalate 
privileges on af ...)
-       TODO: check
+       NOT-FOR-US: Parallels
 CVE-2021-27242 (This vulnerability allows local attackers to escalate 
privileges on af ...)
-       TODO: check
+       NOT-FOR-US: Parallels
 CVE-2021-27241 (This vulnerability allows local attackers to delete arbitrary 
director ...)
-       TODO: check
+       NOT-FOR-US: Avast
 CVE-2021-27240 (This vulnerability allows local attackers to escalate 
privileges on af ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-27239 (This vulnerability allows network-adjacent attackers to 
execute arbitr ...)
        NOT-FOR-US: Netgear
 CVE-2021-27238
@@ -6978,7 +6979,7 @@ CVE-2021-26581
 CVE-2021-26580
        RESERVED
 CVE-2021-26579 (A security vulnerability in HPE Unified Data Management (UDM) 
could al ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2021-26578 (A potential security vulnerability has been identified in HPE 
Network  ...)
        NOT-FOR-US: HPE Network Orchestrator (NetO)
 CVE-2021-26577 (The Baseboard Management Controller (BMC) firmware in HPE 
Apollo 70 Sy ...)
@@ -16982,7 +16983,7 @@ CVE-2021-22196
 CVE-2021-22195
        RESERVED
 CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled 
session keys  ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        - gitlab <unfixed>
 CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
@@ -17011,7 +17012,7 @@ CVE-2021-22185 (Insufficient input sanitization in 
wikis in GitLab version 13.8
        - gitlab <not-affected> (Only affects 13.8)
        NOTE: 
https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
 CVE-2021-22184 (An information disclosure issue in GitLab starting from 
version 12.8 a ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        [experimental] - gitlab 13.6.6-1
        - gitlab <unfixed>
@@ -17021,7 +17022,7 @@ CVE-2021-22182 (An issue has been discovered in GitLab 
affecting all versions st
 CVE-2021-22181
        RESERVED
 CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions 
starting ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. 
GitLab  ...)
        - gitlab <unfixed>
 CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions 
starting ...)
@@ -19864,9 +19865,9 @@ CVE-2021-21414
 CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to 
v8's Iso ...)
        TODO: check
 CVE-2021-21412 (Potential for arbitrary code execution in npm package 
@thi.ng/egf `#gp ...)
-       TODO: check
+       NOT-FOR-US: Node @thi.ng/egf
 CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides 
authenticat ...)
-       TODO: check
+       - oauth2-proxy <itp> (bug #982891)
 CVE-2021-21410
        RESERVED
 CVE-2021-21409 (Netty is an open-source, asynchronous event-driven network 
application ...)
@@ -19897,7 +19898,7 @@ CVE-2021-21400
 CVE-2021-21399
        RESERVED
 CVE-2021-21398 (PrestaShop is a fully scalable open source e-commerce 
solution. In Pre ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop
 CVE-2021-21397
        RESERVED
 CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure 
collaboratio ...)
@@ -24444,9 +24445,9 @@ CVE-2020-35140
 CVE-2020-35139
        RESERVED
 CVE-2020-35138 (The MobileIron agents through 2021-03-22 for Android and iOS 
contain a ...)
-       TODO: check
+       NOT-FOR-US: MobileIron
 CVE-2020-35137 (The MobileIron agents through 2021-03-22 for Android and iOS 
contain a ...)
-       TODO: check
+       NOT-FOR-US: MobileIron
 CVE-2020-35136 (Dolibarr 12.0.3 is vulnerable to authenticated Remote Code 
Execution.  ...)
        - dolibarr <removed>
 CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress 
allows  ...)
@@ -26855,13 +26856,13 @@ CVE-2021-1631
 CVE-2021-1630
        RESERVED
 CVE-2021-1629 (Tableau Server fails to validate certain URLs that are embedded 
in ema ...)
-       TODO: check
+       NOT-FOR-US: Tableau Server
 CVE-2021-1628 (MuleSoft is aware of a XML External Entity (XXE) vulnerability 
affecti ...)
-       TODO: check
+       NOT-FOR-US: Tableau Server
 CVE-2021-1627 (MuleSoft is aware of a Server Side Request Forgery 
vulnerability affec ...)
-       TODO: check
+       NOT-FOR-US: MuleSoft
 CVE-2021-1626 (MuleSoft is aware of a Remote Code Execution vulnerability 
affecting c ...)
-       TODO: check
+       NOT-FOR-US: MuleSoft
 CVE-2020-29477 (Invision Community 4.5.4 is affected by cross-site scripting 
(XSS) in  ...)
        NOT-FOR-US: Invision Community
 CVE-2020-29476
@@ -29006,7 +29007,7 @@ CVE-2021-1494
 CVE-2021-1493
        RESERVED
 CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not 
properly ...)
-       TODO: check
+       NOT-FOR-US: Duo Authentication Proxy
 CVE-2021-1491
        RESERVED
 CVE-2021-1490



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54627e3e360e25471e7261705c0289fba3bb89a8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54627e3e360e25471e7261705c0289fba3bb89a8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new ircii issue

Reply via email to