[Git][security-tracker-team/security-tracker][master] NFUs

Tue, 06 Apr 2021 23:59:52 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
78cb1d29 by Moritz Muehlenhoff at 2021-04-07T08:53:20+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -96,19 +96,20 @@ CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 
allows XSS via the q
        - ruby-sidekiq <unfixed>
        NOTE: https://github.com/mperham/sidekiq/issues/4852
 CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...)
-       TODO: check
+       NOT-FOR-US: Composr
 CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...)
-       TODO: check
+       NOT-FOR-US: Composr
 CVE-2021-30148
        RESERVED
 CVE-2021-30147
        RESERVED
 CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of 
library f ...)
-       TODO: check
+       - seafile-client <undetermined>
+       NOTE: https://github.com/Security-AVS/CVE-2021-30146
 CVE-2021-30145
        RESERVED
 CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote 
low-privileg ...)
-       TODO: check
+       NOT-FOR-US: GLPI plugin
 CVE-2021-30143
        RESERVED
 CVE-2021-30142
@@ -116,7 +117,7 @@ CVE-2021-30142
 CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica 
through 202 ...)
        NOT-FOR-US: Friendica
 CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email" 
functionali ...)
-       TODO: check
+       NOT-FOR-US: LiquidFiles
 CVE-2021-30139
        RESERVED
 CVE-2021-30138
@@ -14132,9 +14133,9 @@ CVE-2021-24029 (A packet of death scenario is possible 
in mvfst via a specially
 CVE-2021-24028
        RESERVED
 CVE-2021-24027 (A cache configuration issue prior to WhatsApp for Android 
v2.21.4.18 a ...)
-       TODO: check
+       NOT-FOR-US: WhatsApp
 CVE-2021-24026 (A missing bounds check within the audio decoding pipeline for 
WhatsApp ...)
-       TODO: check
+       NOT-FOR-US: WhatsApp
 CVE-2021-24025 (Due to incorrect string size calculations inside the 
preg_quote functi ...)
        - hhvm <removed>
 CVE-2021-24024
@@ -15665,7 +15666,7 @@ CVE-2021-23365
 CVE-2021-23364
        RESERVED
 CVE-2021-23363 (This affects the package kill-by-port before 0.0.2. If 
(attacker-contr ...)
-       TODO: check
+       NOT-FOR-US: Node kill-by-port
 CVE-2021-23362 (The package hosted-git-info before 3.0.8 are vulnerable to 
Regular Exp ...)
        - node-hosted-git-info 3.0.8-1
        [buster] - node-hosted-git-info <no-dsa> (Minor issue)
@@ -15704,7 +15705,7 @@ CVE-2021-23350
 CVE-2021-23349
        RESERVED
 CVE-2021-23348 (This affects the package portprocesses before 1.0.5. If 
(attacker-cont ...)
-       TODO: check
+       NOT-FOR-US: Node portprocesses
 CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, 
from 1.8.0  ...)
        NOT-FOR-US: argo-cd
 CVE-2021-23346 (This affects the package html-parse-stringify before 2.0.1; 
all versio ...)
@@ -18173,21 +18174,21 @@ CVE-2021-22205
 CVE-2021-22204
        RESERVED
 CVE-2021-22203 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22202 (An issue has been discovered in GitLab CE/EE affecting all 
previous ve ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22201 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22200 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22199
        RESERVED
 CVE-2021-22198 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22197 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22196 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0 
and earl ...)
        NOT-FOR-US: gitlab-vscode-extension
 CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled 
session keys  ...)
@@ -18236,7 +18237,7 @@ CVE-2021-22179 (A vulnerability was discovered in 
GitLab versions before 12.2. G
 CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        - gitlab <unfixed>
 CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE 
version 1 ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        - gitlab <unfixed>
 CVE-2021-22175
@@ -21055,11 +21056,11 @@ CVE-2021-21425
 CVE-2021-21424
        RESERVED
 CVE-2021-21423 (`projen` is a project generation tool that synthesizes project 
configu ...)
-       TODO: check
+       NOT-FOR-US: projen
 CVE-2021-21422
        RESERVED
 CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client. 
Applications that a ...)
-       TODO: check
+       NOT-FOR-US: node-etsy-client
 CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A 
vulnerability  ...)
        NOT-FOR-US: vscode-stripe Visual Studio Code extension
 CVE-2021-21419
@@ -23719,7 +23720,7 @@ CVE-2021-20336 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is 
vulnerable to stored cro
 CVE-2021-20335 (For MongoDB Ops Manager 4.2.X with multiple OM application 
servers, th ...)
        NOT-FOR-US: MongoDB Ops Manager
 CVE-2021-20334 (A malicious 3rd party with local access to the Windows machine 
where M ...)
-       TODO: check
+       NOT-FOR-US: MongoDB Compass
 CVE-2021-20333
        RESERVED
 CVE-2021-20332
@@ -27306,7 +27307,7 @@ CVE-2021-1801 (This issue was addressed with improved 
iframe sandbox enforcement
        - wpewebkit 2.30.6-1
        NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
 CVE-2021-1800 (A path handling issue was addressed with improved validation. 
This iss ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2021-1799 (A port redirection issue was addressed with additional port 
validation ...)
        {DSA-4877-1}
        - webkit2gtk 2.30.6-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78cb1d29c95db34996aa31bee44824c0001e9490

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78cb1d29c95db34996aa31bee44824c0001e9490
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to