Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3dfbf70d by Moritz Muehlenhoff at 2021-06-02T10:21:46+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2021-3570
CVE-2020-36382
RESERVED
CVE-2021-33790 (The RebornCore library before 4.7.3 allows remote code
execution becau ...)
- TODO: check
+ NOT-FOR-US: RebornCore
CVE-2021-33789
RESERVED
CVE-2021-33788
@@ -2507,19 +2507,19 @@ CVE-2021-32659
CVE-2021-32658
RESERVED
CVE-2021-32657 (Nextcloud Server is a Nextcloud package that handles data
storage. In ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-32656 (Nextcloud Server is a Nextcloud package that handles data
storage. A v ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-32655 (Nextcloud Server is a Nextcloud package that handles data
storage. In ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-32654 (Nextcloud Server is a Nextcloud package that handles data
storage. In ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-32653 (Nextcloud Server is a Nextcloud package that handles data
storage. Nex ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-32652 (Nextcloud Mail is a mail app for the Nextcloud platform. A
missing per ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-32651 (OneDev is a development operations platform. If the LDAP
external auth ...)
- TODO: check
+ NOT-FOR-US: OneDev
CVE-2021-32650
RESERVED
CVE-2021-32649
@@ -11164,11 +11164,11 @@ CVE-2021-3461
CVE-2021-29092 (Unrestricted upload of file with dangerous type vulnerability
in file ...)
NOT-FOR-US: Synology
CVE-2021-29091 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-29090 (Improper neutralization of special elements used in an SQL
command ('S ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-29089 (Improper neutralization of special elements used in an SQL
command ('S ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-29088 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
NOT-FOR-US: Synology
CVE-2021-29087
@@ -18314,7 +18314,7 @@ CVE-2021-26113
CVE-2021-26112
RESERVED
CVE-2021-26111 (A missing release of memory after effective lifetime
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-26110
RESERVED
CVE-2021-26109
@@ -22486,7 +22486,7 @@ CVE-2021-24314 (The Goto WordPress theme before 2.1 did
not sanitise, validate o
CVE-2021-24313 (The WP Prayer WordPress plugin before 1.6.2 provides the
functionality ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24312 (The parameters $cache_path, $wp_cache_debug_ip,
$wp_super_cache_front_ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24311 (The wp_ajax_upload-remote-file AJAX action of the External
Media WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24310 (The Photo Gallery by 10Web - Mobile-Friendly Image Gallery
WordPress p ...)
@@ -24631,7 +24631,7 @@ CVE-2021-23390
CVE-2021-23389
RESERVED
CVE-2021-23388 (The package forms before 1.2.1, from 1.3.0 and before 1.3.2
are vulner ...)
- TODO: check
+ NOT-FOR-US: Node forms
CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open
Redirec ...)
NOT-FOR-US: Node trailing-slash
CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates
buffers w ...)
@@ -25402,13 +25402,13 @@ CVE-2021-23023
CVE-2021-23022
RESERVED
CVE-2021-23021 (The Nginx Controller 3.x before 3.7.0 agent configuration file
/etc/co ...)
- TODO: check
+ NOT-FOR-US: NGINX Controller
CVE-2021-23020 (The NAAS 3.x before 3.10.0 API keys were generated using an
insecure p ...)
- TODO: check
+ NOT-FOR-US: NGINX Controller
CVE-2021-23019 (The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0
Administra ...)
- TODO: check
+ NOT-FOR-US: NGINX Controller
CVE-2021-23018 (Intra-cluster communication does not use TLS. The services
within the ...)
- TODO: check
+ NOT-FOR-US: NGINX Controller
CVE-2021-23017 (A security issue in nginx resolver was identified, which might
allow a ...)
{DSA-4921-1 DLA-2670-1}
- nginx 1.18.0-6.1 (bug #989095)
@@ -27467,7 +27467,7 @@ CVE-2021-22125
CVE-2021-22124
RESERVED
CVE-2021-22123 (An OS command injection vulnerability in FortiWeb's management
interfa ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-22122 (An improper neutralization of input during web page generation
in Fort ...)
NOT-FOR-US: FortiGuard
CVE-2021-22121
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dfbf70d721f73ed27149f7da18a67f38bb90af2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dfbf70d721f73ed27149f7da18a67f38bb90af2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
