Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
917884e5 by Salvatore Bonaccorso at 2021-04-01T11:24:02+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -595,7 +595,7 @@ CVE-2020-36288
CVE-2020-36287
RESERVED
CVE-2020-36286 (The membersOf of JQL search function in Jira Server and Data
Center be ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2021-29663 (CourseMS (aka Course Registration Management System) 2.1 is
affected b ...)
NOT-FOR-US: CourseMS (aka Course Registration Management System)
CVE-2021-29661
@@ -1511,7 +1511,7 @@ CVE-2021-29253
CVE-2021-29252
RESERVED
CVE-2021-29251 (BTCPay Server before 1.0.7.1 mishandles the policy setting in
which us ...)
- TODO: check
+ NOT-FOR-US: BTCPay Server
CVE-2021-29250
RESERVED
CVE-2021-29249 (BTCPay Server before 1.0.6.0, when the payment button is used,
has a p ...)
@@ -5837,7 +5837,7 @@ CVE-2021-27351 (The Terminate Session feature in the
Telegram application throug
CVE-2021-27350
RESERVED
CVE-2021-27349 (Advanced Order Export before 3.1.8 for WooCommerce allows XSS,
a diffe ...)
- TODO: check
+ NOT-FOR-US: WooCommerce
CVE-2021-27348
RESERVED
CVE-2021-27347
@@ -6704,7 +6704,7 @@ CVE-2021-26951 (An issue was discovered in the calamine
crate before 0.17.0 for
CVE-2021-26944
RESERVED
CVE-2021-26943 (The UX360CA BIOS through 303 on ASUS laptops allow an attacker
(with t ...)
- TODO: check
+ NOT-FOR-US: UX360CA BIOS
CVE-2021-26942
RESERVED
CVE-2021-26941
@@ -8401,7 +8401,7 @@ CVE-2020-36240 (The ResourceDownloadRewriteRule class in
Crowd before version 4.
CVE-2020-36239
RESERVED
CVE-2020-36238 (The /rest/api/1.0/render resource in Jira Server and Data
Center befor ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-36237 (Affected versions of Atlassian Jira Server and Data Center
allow unaut ...)
NOT-FOR-US: Atlassian
CVE-2020-36236 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
@@ -8914,7 +8914,7 @@ CVE-2021-26073
CVE-2021-26072
RESERVED
CVE-2021-26071 (The SetFeatureEnabled.jspa resource in Jira Server and Data
Center bef ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2021-26070 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
NOT-FOR-US: Atlassian
CVE-2021-26069 (Affected versions of Atlassian Jira Server and Data Center
allow unaut ...)
@@ -16929,7 +16929,7 @@ CVE-2021-22540
CVE-2021-22539
RESERVED
CVE-2021-22538 (A privilege escalation vulnerability impacting the Google
Exposure Not ...)
- TODO: check
+ NOT-FOR-US: Google Exposure Notification Verification Server
CVE-2021-22537
RESERVED
CVE-2021-22536
@@ -18078,7 +18078,7 @@ CVE-2021-21985
CVE-2021-21984
RESERVED
CVE-2021-21983 (Arbitrary file write vulnerability in vRealize Operations
Manager API ...)
- TODO: check
+ NOT-FOR-US: vRealize Operations Manager API (Vmware)
CVE-2021-21982
RESERVED
CVE-2021-21981
@@ -18094,7 +18094,7 @@ CVE-2021-21977
CVE-2021-21976 (vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to
8.2.1.1, 8. ...)
NOT-FOR-US: vSphere Replication
CVE-2021-21975 (Server Side Request Forgery in vRealize Operations Manager API
(CVE-20 ...)
- TODO: check
+ NOT-FOR-US: vRealize Operations Manager API (Vmware)
CVE-2021-21974 (OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7
before ESX ...)
NOT-FOR-US: VMware
NOTE: Might affect src:openslp-dfsg, but removed years ago
@@ -18495,7 +18495,7 @@ CVE-2021-21784
CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing
plugin func ...)
TODO: check
CVE-2021-21782 (An out-of-bounds write vulnerability exists in the SGI format
buffer s ...)
- TODO: check
+ NOT-FOR-US: ImageGear
CVE-2021-21781
RESERVED
CVE-2021-21780
@@ -18507,13 +18507,13 @@ CVE-2021-21778
CVE-2021-21777
RESERVED
CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format
Buffer S ...)
- TODO: check
+ NOT-FOR-US: ImageGear
CVE-2021-21775
RESERVED
CVE-2021-21774
RESERVED
CVE-2021-21773 (An out-of-bounds write vulnerability exists in the TIFF header
count-p ...)
- TODO: check
+ NOT-FOR-US: ImageGear
CVE-2021-21772 (A use-after-free vulnerability exists in the
NMR::COpcPackageReader::r ...)
- lib3mf <unfixed> (bug #985092)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1226
@@ -33148,9 +33148,9 @@ CVE-2020-28175 (There is a local privilege escalation
vulnerability in Alfredo M
CVE-2020-28174
RESERVED
CVE-2020-28173 (Simple College Website 1.0 allows a user to conduct remote
code execut ...)
- TODO: check
+ NOT-FOR-US: Simple College Website
CVE-2020-28172 (A SQL injection vulnerability in Simple College Website 1.0
allows rem ...)
- TODO: check
+ NOT-FOR-US: Simple College Website
CVE-2020-28171
RESERVED
CVE-2020-28170
@@ -145363,7 +145363,7 @@ CVE-2019-5321 (Aruba Intelligent Edge Switch Series
2540, 2530, 2930F, 2930M, 29
CVE-2019-5320 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M,
2920, 5 ...)
NOT-FOR-US: Aruba Intelligent Edge Switch Series
CVE-2019-5319 (A remote buffer overflow vulnerability was discovered in some
Aruba In ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2019-5318
RESERVED
CVE-2019-5317 (A local authentication bypass vulnerability was discovered in
some Aru ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/917884e53ad0a3f1ae082ad0d30c4b828052f553
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/917884e53ad0a3f1ae082ad0d30c4b828052f553
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
