Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f8c90cca by Moritz Muehlenhoff at 2021-05-18T13:28:32+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -738,13 +738,13 @@ CVE-2021-32822
CVE-2021-32821
RESERVED
CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express.
Express-ha ...)
- TODO: check
+ NOT-FOR-US: Express-handlebars
CVE-2021-32819 (Squirrelly is a template engine implemented in JavaScript that
works o ...)
- TODO: check
+ NOT-FOR-US: Squirrelly
CVE-2021-32818 (haml-coffee is a JavaScript templating solution. haml-coffee
mixes pur ...)
- TODO: check
+ NOT-FOR-US: haml-coffee
CVE-2021-32817 (express-hbs is an Express handlebars template engine.
express-hbs mixe ...)
- TODO: check
+ NOT-FOR-US: express-hbs
CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for
the Pro ...)
NOT-FOR-US: ProtonMail Web Client
CVE-2021-32815
@@ -1134,7 +1134,7 @@ CVE-2021-32624
CVE-2021-32623
RESERVED
CVE-2021-32622 (Matrix-React-SDK is a react-based SDK for inserting a Matrix
chat/voip ...)
- TODO: check
+ NOT-FOR-US: Matrix-React-SDK
CVE-2021-32621
RESERVED
CVE-2021-32620
@@ -2382,7 +2382,7 @@ CVE-2021-32056 (Cyrus IMAP before 3.2.7, and 3.3.x and
3.4.x before 3.4.1, allow
NOTE:
https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995
NOTE:
https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released
CVE-2021-32054 (Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition
headers ...)
- TODO: check
+ NOT-FOR-US: Firely/Incendi Spark
CVE-2021-32053 (JPA Server in HAPI FHIR before 5.4.0 allows a user to deny
service (e. ...)
NOT-FOR-US: HAPI FHIR
CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before
3.2.2 ( ...)
@@ -8446,7 +8446,7 @@ CVE-2021-29513 (TensorFlow is an end-to-end open source
platform for machine lea
CVE-2021-29512 (TensorFlow is an end-to-end open source platform for machine
learning. ...)
- tensorflow <itp> (bug #804612)
CVE-2021-29511 (evm is a pure Rust implementation of Ethereum Virtual Machine.
Prior t ...)
- TODO: check
+ NOT-FOR-US: Rust crate evm
CVE-2021-29510 (Pydantic is a data validation and settings management using
Python typ ...)
- pydantic <unfixed> (bug #988480)
NOTE:
https://github.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh
@@ -8457,11 +8457,11 @@ CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server
for Ruby/Rack applications.
NOTE:
https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837
NOTE: CVE is related to an incomplete fix for CVE-2019-16770
CVE-2021-29508 (Due to how Wire handles type information in its serialization
format, ...)
- TODO: check
+ NOT-FOR-US: Wire
CVE-2021-29507
RESERVED
CVE-2021-29506 (GraphHopper is an open-source Java routing engine. In
GrassHopper from ...)
- TODO: check
+ NOT-FOR-US: GraphHopper
CVE-2021-29505
RESERVED
CVE-2021-29504
@@ -16013,7 +16013,7 @@ CVE-2021-26313
CVE-2021-26312
RESERVED
CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the
guest a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML
escapin ...)
NOT-FOR-US: Foris
CVE-2021-3344 (A privilege escalation flaw was found in OpenShift builder.
During bui ...)
@@ -16966,11 +16966,11 @@ CVE-2021-25945
CVE-2021-25944
RESERVED
CVE-2021-25943 (Prototype pollution vulnerability in '101' versions 1.0.0
through 1.6. ...)
- TODO: check
+ NOT-FOR-US: Node 101
CVE-2021-25942
RESERVED
CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions
1.0.0 th ...)
- TODO: check
+ NOT-FOR-US: Node deep-override
CVE-2021-25940
RESERVED
CVE-2021-25939
@@ -20749,7 +20749,7 @@ CVE-2021-24325 (The tab parameter of the settings page
of the 404 SEO Redirectio
CVE-2021-24324 (The 404 SEO Redirection WordPress plugin through 1.3 is
lacking CSRF c ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24323 (When taxes are enabled, the "Additional tax classes" field was
not pro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24322
RESERVED
CVE-2021-24321
@@ -20819,7 +20819,7 @@ CVE-2021-24290 (There are several endpoints in the
Store Locator Plus for WordPr
CVE-2021-24289 (There is functionality in the Store Locator Plus for WordPress
plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24288 (When subscribing using AcyMailing, the 'redirect' parameter
isn't prop ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24287 (The settings page of the Select All Categories and Taxonomies,
Change ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24286 (The settings page of the Redirect 404 to parent WordPress
plugin befor ...)
@@ -20829,7 +20829,7 @@ CVE-2021-24285 (The request_list_request AJAX call of
the Car Seller - Auto Clas
CVE-2021-24284 (The Kaswara Modern VC Addons WordPress plugin through 3.0.1
allows una ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24283 (The tab GET parameter of the settings page is not sanitised or
escaped ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24282 (In the Redirection for Contact Form 7 WordPress plugin before
2.3.4, a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24281 (In the Redirection for Contact Form 7 WordPress plugin before
2.3.4, a ...)
@@ -22924,7 +22924,7 @@ CVE-2021-23386
CVE-2021-23385
RESERVED
CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Node koa-remove-trailing-slashes before
CVE-2021-23383 (The package handlebars before 4.7.7 are vulnerable to
Prototype Pollut ...)
- node-handlebars 3:4.7.6+~4.1.0-2
[buster] - node-handlebars <no-dsa> (Minor issue; can be fixed via
point release)
@@ -23456,7 +23456,7 @@ CVE-2021-3030
CVE-2021-23234
RESERVED
CVE-2021-23135 (Exposure of System Data to an Unauthorized Control Sphere
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2021-23134 (Use After Free vulnerability in nfc sockets in the Linux
Kernel before ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
@@ -24044,7 +24044,7 @@ CVE-2021-22868
CVE-2021-22867
RESERVED
CVE-2021-22866 (A UI misrepresentation vulnerability was identified in GitHub
Enterpri ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2021-22865 (An improper access control vulnerability was identified in
GitHub Ente ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2021-22864 (A remote code execution vulnerability was identified in GitHub
Enterpr ...)
@@ -52487,7 +52487,7 @@ CVE-2020-23792
CVE-2020-23791
RESERVED
CVE-2020-23790 (An Arbitrary File Upload vulnerability was discovered in the
Golo Lara ...)
- TODO: check
+ NOT-FOR-US: Golo Laravel theme
CVE-2020-23789
RESERVED
CVE-2020-23788
@@ -52917,7 +52917,7 @@ CVE-2020-23577
CVE-2020-23576 (Laborator Neon dashboard v3 is affected by stored Cross Site
Scripting ...)
NOT-FOR-US: Laborator Neon dashboard
CVE-2020-23575 (A directory traversal vulnerability exists in Kyocera Printer
d-COPIA2 ...)
- TODO: check
+ NOT-FOR-US: Kyocera
CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an
authenticated use ...)
NOT-FOR-US: Sysax Multi Server
CVE-2020-23573
@@ -54449,7 +54449,7 @@ CVE-2020-22811
CVE-2020-22810
RESERVED
CVE-2020-22809 (In Windscribe v1.83 Build 20, 'WindscribeService' has an
Unquoted Serv ...)
- TODO: check
+ NOT-FOR-US: Windscribe
CVE-2020-22808 (An issue was found in yii2_fecshop 2.x. There is a reflected
XSS vulne ...)
NOT-FOR-US: yii2_fecshop
CVE-2020-22807 (An issue was dicovered in vtiger crm 7.2. Union sql injection
in the c ...)
@@ -75087,7 +75087,7 @@ CVE-2020-13669
CVE-2020-13668
RESERVED
CVE-2020-13667 (Access bypass vulnerability in of Drupal Core Workspaces
allows an att ...)
- TODO: check
+ NOT-FOR-US: Drupal 8.x
CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX
API doe ...)
{DLA-2458-1}
- drupal7 <removed>
@@ -76799,7 +76799,7 @@ CVE-2020-12969
CVE-2020-12968
RESERVED
CVE-2020-12967 (The lack of nested page table protection in the AMD SEV/SEV-ES
feature ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12966
RESERVED
CVE-2020-12965
@@ -77970,7 +77970,7 @@ CVE-2020-12528 (An issue was discovered in MB connect
line mymbCONNECT24 and mbC
CVE-2020-12527 (An issue was discovered in MB connect line mymbCONNECT24 and
mbCONNECT ...)
NOT-FOR-US: MB connect software
CVE-2020-12526 (TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC
Diagnostics U ...)
- TODO: check
+ NOT-FOR-US: TwinCAT OPC UA Server
CVE-2020-12525 (M&M Software fdtCONTAINER Component in versions below
3.5.20304.x ...)
NOT-FOR-US: M&M Software fdtCONTAINER Component
CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause
the Phoeni ...)
@@ -451936,7 +451936,7 @@ CVE-2007-5969 (MySQL Community Server 5.0.x before
5.0.51, Enterprise Server 5.0
CVE-2007-5968
REJECTED
CVE-2007-5967 (A flaw in Mozilla's embedded certificate code might allow web
sites to ...)
- TODO: check
+ NOT-FOR-US: Historic Mozilla issue
CVE-2007-5966 (Integer overflow in the hrtimer_start function in
kernel/hrtimer.c in ...)
{DSA-1436-1}
- linux-2.6 2.6.23-2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8c90cca35c38809b23cd7f76f80da717c174c56
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8c90cca35c38809b23cd7f76f80da717c174c56
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
