[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Mon, 07 Jun 2021 03:42:35 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3fc5b04b by Moritz Muehlenhoff at 2021-06-07T12:41:53+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2021-33899
        RESERVED
 CVE-2021-33898 (In Invoice Ninja before 4.4.0, there is an unsafe call to 
unserialize( ...)
-       TODO: check
+       NOT-FOR-US: Invoice Ninja
 CVE-2021-33897
        RESERVED
 CVE-2021-33896
@@ -44,7 +44,7 @@ CVE-2021-33881 (On NXP MIFARE Ultralight and NTAG cards, an 
attacker can interru
 CVE-2021-33880 (The aaugustin websockets library before 9.1 for Python has an 
Observab ...)
        TODO: check
 CVE-2021-33879 (Tencent GameLoop before 4.1.21.90 downloaded updates over an 
insecure  ...)
-       TODO: check
+       NOT-FOR-US: Tencent
 CVE-2021-33878
        RESERVED
 CVE-2021-33877
@@ -2827,7 +2827,7 @@ CVE-2021-32642 (radsecproxy is a generic RADIUS proxy 
that supports both UDP and
        NOTE: 
https://github.com/radsecproxy/radsecproxy/commit/ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af
        NOTE: Only affects example script
 CVE-2021-32641 (auth0-lock is Auth0's signin solution. Versions of nauth0-lock 
before  ...)
-       TODO: check
+       NOT-FOR-US: auth0-lock
 CVE-2021-32640 (ws is an open source WebSocket client and server library for 
Node.js.  ...)
        - node-ws 7.4.2+~cs18.0.8-2
        [buster] - node-ws <no-dsa> (Minor issue)
@@ -10460,7 +10460,7 @@ CVE-2021-29502 (WarnSystem is a cog (plugin) for the 
Red discord bot. A vulnerab
 CVE-2021-29501 (Ticketer is a command based ticket system cog (plugin) for the 
red dis ...)
        NOT-FOR-US: Red discord bot addon
 CVE-2021-29500 (bubble fireworks is an open source java package relating to 
Spring Fra ...)
-       TODO: check
+       NOT-FOR-US: bubble fireworks
 CVE-2021-29499 (SIF is an open source implementation of the Singularity 
Container Imag ...)
        - golang-github-sylabs-sif <undetermined>
        NOTE: 
https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg
@@ -16594,7 +16594,7 @@ CVE-2021-26929 (An XSS issue was discovered in Horde 
Groupware Webmail Edition t
        NOTE: 
https://github.com/horde/Text_Filter/commit/a2f67da064d7a91440b7a2448e56a6387ab94c67
 (v2.3.7)
        NOTE: https://www.alexbirnberg.com/horde-xss.html
 CVE-2021-26928 (** DISPUTED ** BIRD through 2.0.7 does not provide 
functionality for p ...)
-       TODO: check
+       NOT-FOR-US: Disputed BIRD issue
 CVE-2021-26927 (A flaw was found in jasper before 2.0.25. A null pointer 
dereference i ...)
        - jasper <removed>
        NOTE: https://github.com/jasper-software/jasper/issues/265
@@ -19006,7 +19006,7 @@ CVE-2021-25949
 CVE-2021-25948
        RESERVED
 CVE-2021-25947 (Prototype pollution vulnerability in 'nestie' versions 0.0.0 
through 1 ...)
-       TODO: check
+       NOT-FOR-US: Node nestie
 CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 
0.0.1 throu ...)
        NOT-FOR-US: Node nconf-toml
 CVE-2021-25945 (Prototype pollution vulnerability in 'js-extend' versions 
0.0.1 throug ...)
@@ -46325,9 +46325,9 @@ CVE-2020-27304
 CVE-2020-27303
        RESERVED
 CVE-2020-27302 (A stack buffer overflow in Realtek RTL8710 (and other 
Ameba-based devi ...)
-       TODO: check
+       NOT-FOR-US: Realtek
 CVE-2020-27301 (A stack buffer overflow in Realtek RTL8710 (and other 
Ameba-based devi ...)
-       TODO: check
+       NOT-FOR-US: Realtek
 CVE-2020-27300
        RESERVED
 CVE-2020-27299 (The affected product is vulnerable to an out-of-bounds read, 
which may ...)
@@ -47332,7 +47332,7 @@ CVE-2020-26887 (FRITZ!OS before 7.21 on FRITZ!Box 
devices allows a bypass of a D
 CVE-2020-26886 (Softaculous before 5.5.7 is affected by a code execution 
vulnerability ...)
        NOT-FOR-US: Softaculous
 CVE-2020-26885 (An issue was discovered in 2sic 2sxc before 11.22. A XSS 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: 2sxc
 CVE-2020-26884 (RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL 
injection vulner ...)
        NOT-FOR-US: RSA Archer
 CVE-2020-26883 (In Play Framework 2.6.0 through 2.8.2, stack consumption can 
occur bec ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fc5b04be51d2a071f80054906bc0e94ed3bffc3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fc5b04be51d2a071f80054906bc0e94ed3bffc3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to