Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
543bb7c0 by Moritz Muehlenhoff at 2021-05-05T17:28:15+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6159,7 +6159,7 @@ CVE-2021-29371
CVE-2021-29370 (A UXSS was discovered in the Thanos-Soft Cheetah Browser in
Android 1. ...)
NOT-FOR-US: Thanos-Soft Cheetah Browser in Android
CVE-2021-29369 (The gnuplot package prior to version 0.1.0 for Node.js allows
code exe ...)
- TODO: check
+ NOT-FOR-US: Node gnuplot
CVE-2021-29368
RESERVED
CVE-2021-29367
@@ -7304,7 +7304,7 @@ CVE-2021-28862
CVE-2021-28861
RESERVED
CVE-2021-28860 (Node.js mixme 0.5.0, an attacker can add or alter properties
of an obj ...)
- TODO: check
+ NOT-FOR-US: Node mixme
CVE-2021-28859
RESERVED
CVE-2021-28858
@@ -20263,7 +20263,7 @@ CVE-2021-23345 (All versions of package
github.com/thecodingmachine/gotenberg ar
CVE-2021-23344 (The package total.js before 3.4.8 are vulnerable to Remote
Code Execut ...)
NOT-FOR-US: total.js
CVE-2021-23343 (All versions of package path-parse are vulnerable to Regular
Expressio ...)
- TODO: check
+ NOT-FOR-US: Node path-parse
CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible
to bypa ...)
NOT-FOR-US: docsify
CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular
Expression ...)
@@ -22041,7 +22041,7 @@ CVE-2021-22549
CVE-2021-22548
RESERVED
CVE-2021-22547 (In IoT Devices SDK, there is an implementation of calloc()
that doesn' ...)
- TODO: check
+ NOT-FOR-US: Google Cloud IoT Device SDK
CVE-2021-22546
RESERVED
CVE-2021-22545
@@ -51625,15 +51625,15 @@ CVE-2020-22787
CVE-2020-22786
RESERVED
CVE-2020-22785 (Etherpad < 1.8.3 is affected by a missing lock check which
could ca ...)
- TODO: check
+ - etherpad-lite <itp> (bug #576998)
CVE-2020-22784 (In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing
spaces ...)
- TODO: check
+ NOT-FOR-US: Etherpad UeberDB
CVE-2020-22783 (Etherpad <1.8.3 stored passwords used by users insecurely
in the da ...)
- TODO: check
+ - etherpad-lite <itp> (bug #576998)
CVE-2020-22782 (Etherpad < 1.8.3 is affected by a denial of service in the
import f ...)
- TODO: check
+ - etherpad-lite <itp> (bug #576998)
CVE-2020-22781 (In Etherpad < 1.8.3, a specially crafted URI would raise an
unhandl ...)
- TODO: check
+ - etherpad-lite <itp> (bug #576998)
CVE-2020-22780
RESERVED
CVE-2020-22779
@@ -89751,7 +89751,7 @@ CVE-2020-7387
CVE-2020-7386
RESERVED
CVE-2020-7385 (By launching the drb_remote_codeexec exploit, a Metasploit
Framework u ...)
- TODO: check
+ NOT-FOR-US: Rapid7
CVE-2020-7384 (Rapid7's Metasploit msfvenom framework handles APK files in a
way that ...)
NOT-FOR-US: Rapid7
CVE-2020-7383 (A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49
that m ...)
@@ -98173,7 +98173,7 @@ CVE-2020-4041 (In Bolt CMS before version 3.7.1, the
filename of uploaded files
CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the
preview ge ...)
NOT-FOR-US: Bolt CMS
CVE-2020-4039 (SUSI.AI is an intelligent Open Source personal assistant.
SUSI.AI Serv ...)
- TODO: check
+ NOT-FOR-US: SUSI.AI
CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before
versio ...)
NOT-FOR-US: Node graphql-playground-html
CVE-2020-4037 (In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0,
users ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/543bb7c0219a3cbe67a717f5fe5ad444e8663314
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/543bb7c0219a3cbe67a717f5fe5ad444e8663314
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
