Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0ba0e547 by Moritz Muehlenhoff at 2021-06-17T14:19:10+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads
untrusted DLLs in
CVE-2021-34802
RESERVED
CVE-2021-34801 (Valine 1.4.14 allows remote attackers to cause a denial of
service (ap ...)
- TODO: check
+ NOT-FOR-US: Valine
CVE-2021-34800
RESERVED
CVE-2021-34799
@@ -4746,7 +4746,7 @@ CVE-2021-32693
CVE-2021-32692
RESERVED
CVE-2021-32691 (Apollos Apps is an open source platform for launching
church-related a ...)
- TODO: check
+ NOT-FOR-US: Apollo Apps
CVE-2021-32690 (Helm is a tool for managing Charts (packages of pre-configured
Kuberne ...)
TODO: check
CVE-2021-32689
@@ -4758,11 +4758,11 @@ CVE-2021-32687
CVE-2021-32686
RESERVED
CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the
browser ( ...)
- TODO: check
+ NOT-FOR-US: tEnvoy
CVE-2021-32684 (magento-scripts contains scripts and configuration used by
Create Mage ...)
NOT-FOR-US: Create Magento app
CVE-2021-32683 (wire-webapp is the web version of Wire, an open-source
messenger. A cr ...)
- TODO: check
+ NOT-FOR-US: wire-webapp
CVE-2021-32682 (elFinder is an open-source file manager for web, written in
JavaScript ...)
NOT-FOR-US: elFinder
CVE-2021-32681
@@ -4812,7 +4812,7 @@ CVE-2021-32661 (Backstage is an open platform for
building developer portals. In
CVE-2021-32660 (Backstage is an open platform for building developer portals,
and tech ...)
NOT-FOR-US: Backstage
CVE-2021-32659 (Matrix-appservice-bridge is the bridging service for the
Matrix commun ...)
- TODO: check
+ NOT-FOR-US: Matrix-appservice-bridge
CVE-2021-32658 (Nextcloud Android is the Android client for the Nextcloud open
source ...)
NOT-FOR-US: Nextcloud client for Android
CVE-2021-32657 (Nextcloud Server is a Nextcloud package that handles data
storage. In ...)
@@ -4897,7 +4897,7 @@ CVE-2021-32625 (Redis is an open source (BSD licensed),
in-memory data structure
CVE-2021-32624 (Keystone 5 is an open source CMS platform to build Node.js
application ...)
NOT-FOR-US: Keystone CMS
CVE-2021-32623 (Opencast is a free and open source solution for automated
video captur ...)
- TODO: check
+ NOT-FOR-US: Opencast
CVE-2021-32622 (Matrix-React-SDK is a react-based SDK for inserting a Matrix
chat/voip ...)
NOT-FOR-US: Matrix-React-SDK
CVE-2021-32621 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
@@ -5756,11 +5756,11 @@ CVE-2021-32247
CVE-2021-32246
RESERVED
CVE-2021-32245 (In PageKit v1.0.18, a user can upload SVG files in the file
upload por ...)
- TODO: check
+ NOT-FOR-US: PageKit CMS
CVE-2021-32244 (Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote
attackers to ...)
- moodle <removed>
CVE-2021-32243 (FOGProject v1.5.9 is affected by a File Upload RCE
(Authenticated). ...)
- TODO: check
+ NOT-FOR-US: FOGProject
CVE-2021-32242
RESERVED
CVE-2021-32241
@@ -25579,8 +25579,7 @@ CVE-2021-24039
RESERVED
CVE-2021-24038
RESERVED
-CVE-2021-24037 (A use after free in hermes, while emitting certain error
messages, pri ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2021-24036
RESERVED
CVE-2021-24035 (A lack of filename validation when unzipping archives prior to
WhatsAp ...)
@@ -52149,13 +52148,13 @@ CVE-2020-25756 (** DISPUTED ** A buffer overflow
vulnerability exists in the mg_
NOT-FOR-US: Cesanta Mongoose
NOTE: smplayer embeds a copy, which is unused in any released version
and disabled since 18.5.0~ds1-1
CVE-2020-25755 (An issue was discovered on Enphase Envoy R3.x and D4.x (and
other curr ...)
- TODO: check
+ NOT-FOR-US: Enphase Envoy
CVE-2020-25754 (An issue was discovered on Enphase Envoy R3.x and D4.x
devices. There ...)
- TODO: check
+ NOT-FOR-US: Enphase Envoy
CVE-2020-25753 (An issue was discovered on Enphase Envoy R3.x and D4.x devices
with v3 ...)
- TODO: check
+ NOT-FOR-US: Enphase Envoy
CVE-2020-25752 (An issue was discovered on Enphase Envoy R3.x and D4.x
devices. There ...)
- TODO: check
+ NOT-FOR-US: Enphase Envoy
CVE-2020-25751 (The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL
Injection via ...)
NOT-FOR-US: paGO Commerce plugin for Joomla!
CVE-2020-25750 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in
DotPlant2 b ...)
@@ -63636,7 +63635,7 @@ CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By
Zero issue via libavcodec/
NOTE: https://trac.ffmpeg.org/ticket/7996
NOTE: Negligible security impact
CVE-2020-20444 (Jact OpenClinic 0.8.20160412 allows the attacker to read
server files ...)
- TODO: check
+ NOT-FOR-US: Jact OpenClinic
CVE-2020-20443
RESERVED
CVE-2020-20442
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ba0e547ce5891ea87ef48162c287f97eea61962
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ba0e547ce5891ea87ef48162c287f97eea61962
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
