[Git][security-tracker-team/security-tracker][master] NFUs

Sun, 30 May 2021 09:09:37 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
85378633 by Moritz Mühlenhoff at 2021-05-30T18:09:01+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -447,7 +447,7 @@ CVE-2021-33592
 CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior 
to 1.0.15 ...)
        NOT-FOR-US: Naver Comic Viewer
 CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in 
get_device_path_ ...)
-       TODO: check
+       NOT-FOR-US: GattLib
 CVE-2021-33589
        RESERVED
 CVE-2021-33588
@@ -523,7 +523,7 @@ CVE-2021-3565 [during tpm2_import command invocation a 
fixed AES wrapping key is
        NOTE: https://github.com/tpm2-software/tpm2-tools/issues/2738
        NOTE: 
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
 CVE-2021-33564 (An argument injection vulnerability in the Dragonfly gem 
before 1.4.0  ...)
-       TODO: check
+       NOT-FOR-US: Dragonfly gem
 CVE-2021-33563 (Koel before 5.1.4 lacks login throttling, lacks a password 
strength po ...)
        NOT-FOR-US: Koel
 CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in 
Shopizer befor ...)
@@ -2494,15 +2494,15 @@ CVE-2021-32649
 CVE-2021-32648
        RESERVED
 CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected 
versions ...)
-       TODO: check
+       NOT-FOR-US: Emissary
 CVE-2021-32646 (Roomer is a discord bot cog (extension) which provides 
automatic voice ...)
-       TODO: check
+       NOT-FOR-US: Roomer
 CVE-2021-32645 (Tenancy multi-tenant is an open source multi-domain controller 
for the ...)
-       TODO: check
+       NOT-FOR-US: Teancy multi-tenant
 CVE-2021-32644
        RESERVED
 CVE-2021-32643 (Http4s is a Scala interface for HTTP services. 
`StaticFile.fromUrl` ca ...)
-       TODO: check
+       NOT-FOR-US: Http4s
 CVE-2021-32642 (radsecproxy is a generic RADIUS proxy that supports both UDP 
and TLS ( ...)
        - radsecproxy 1.8.2-4 (unimportant)
        NOTE: 
https://github.com/radsecproxy/radsecproxy/commit/ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af
@@ -7801,7 +7801,7 @@ CVE-2021-30463 (VestaCP through 0.9.8-24 allows attackers 
to gain privileges by
 CVE-2021-30462 (VestaCP through 0.9.8-24 allows the admin user to escalate 
privileges  ...)
        NOT-FOR-US: VestaCP
 CVE-2021-30461 (A remote code execution issue was discovered in the web UI of 
VoIPmoni ...)
-       TODO: check
+       NOT-FOR-US: VoIPmonitor
 CVE-2021-30460
        RESERVED
 CVE-2021-30459 (A SQL Injection issue in the SQL Panel in Jazzband Django 
Debug Toolba ...)
@@ -22437,7 +22437,7 @@ CVE-2021-24300 (The slider import search feature of the 
PickPlugins Product Slid
 CVE-2021-24299 (The ReDi Restaurant Reservation WordPress plugin before 
21.0426 provid ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24298 (The method and share GET parameters of the Giveaway pages were 
not san ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24297 (The Goto WordPress theme before 2.1 did not properly sanitize 
the form ...)
        NOT-FOR-US: Goto WordPress theme
 CVE-2021-24296 (The WP Customer Reviews WordPress plugin before 3.5.6 did not 
sanitise ...)
@@ -25556,7 +25556,7 @@ CVE-2021-22910
 CVE-2021-22909 (A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier 
could a ...)
        NOT-FOR-US: EdgeMAX EdgeRouter
 CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File 
Resource Profil ...)
-       TODO: check
+       NOT-FOR-US: Windows File Resource Profiles
 CVE-2021-22907 (An improper access control vulnerability exists in Citrix 
Workspace Ap ...)
        NOT-FOR-US: Citrix
 CVE-2021-22906
@@ -32070,7 +32070,7 @@ CVE-2021-20729
 CVE-2021-20728
        RESERVED
 CVE-2021-20727 (Cross-site scripting vulnerability in Zettlr from 0.20.0 to 
1.8.8 allo ...)
-       TODO: check
+       NOT-FOR-US: Zettlr
 CVE-2021-20726 (Untrusted search path vulnerability in The Installer of 
Overwolf 2.168 ...)
        NOT-FOR-US: Overwolf
 CVE-2021-20725 (Reflected cross-site scripting vulnerability in the admin page 
of [Cal ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85378633b71146e7bc72c2aac9e78a949a3ef2ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85378633b71146e7bc72c2aac9e78a949a3ef2ff
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to