[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Mon, 21 Jun 2021 13:47:14 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f6425497 by Moritz Muehlenhoff at 2021-06-21T22:46:33+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2021-3612
        RESERVED
 CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 
2021.0.6.13 ...)
-       TODO: check
+       NOT-FOR-US: ConnectWise Automate
 CVE-2021-35065
        RESERVED
 CVE-2021-35064
@@ -33,9 +33,9 @@ CVE-2020-36391
 CVE-2020-36390
        RESERVED
 CVE-2019-25047 (Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone 
OS (GOS) ...)
-       TODO: check
+       NOT-FOR-US: Greenbone Security Assistant
 CVE-2018-25016 (Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone 
OS (GOS) ...)
-       TODO: check
+       NOT-FOR-US: Greenbone Security Assistant
 CVE-2021-35054
        RESERVED
 CVE-2021-XXXX [memory leak when authenticated client connects with MQTT v5 
sent a crafted CONNECT message to the broker]
@@ -551,7 +551,7 @@ CVE-2020-36388 (In CiviCRM before 5.21.3 and 5.22.x through 
5.24.x before 5.24.3
        - civicrm 5.24.5+dfsg1-1
        NOTE: https://civicrm.org/advisory/civi-sa-2020-03
 CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary 
PHP cod ...)
-       TODO: check
+       NOT-FOR-US: Elemin
 CVE-2021-34814
        RESERVED
 CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix 
homeserver to cra ...)
@@ -3349,7 +3349,7 @@ CVE-2021-33574 (The mq_notify function in the GNU C 
Library (aka glibc) versions
 CVE-2021-33573
        RESERVED
 CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in 
F-Secure Lin ...)
-       TODO: check
+       NOT-FOR-US: F-Secure
 CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 
3.2.4,  ...)
        {DLA-2676-1}
        - python-django 2:2.2.24-1 (bug #989394)
@@ -3863,7 +3863,7 @@ CVE-2021-33349
 CVE-2021-33348
        RESERVED
 CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are 
XSS vuln ...)
-       TODO: check
+       NOT-FOR-US: JPress
 CVE-2021-33346
        RESERVED
 CVE-2021-33345
@@ -5320,13 +5320,13 @@ CVE-2021-32699
 CVE-2021-32698
        RESERVED
 CVE-2021-32697 (neos/forms is an open source framework to build web forms. By 
crafting ...)
-       TODO: check
+       NOT-FOR-US: neos/forms
 CVE-2021-32696 (The npm package "striptags" is an implementation of PHP's 
strip_tags i ...)
        TODO: check
 CVE-2021-32695 (Nextcloud Android app is the Android client for Nextcloud. In 
versions ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Android app
 CVE-2021-32694 (Nextcloud Android app is the Android client for Nextcloud. In 
versions ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Android app
 CVE-2021-32693 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        - symfony <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq
@@ -7709,7 +7709,7 @@ CVE-2021-31771
 CVE-2021-31770
        RESERVED
 CVE-2021-31769 (MyQ Server in MyQ X Smart before 8.2 allows remote code 
execution by u ...)
-       TODO: check
+       NOT-FOR-US: MyQ
 CVE-2021-31768
        RESERVED
 CVE-2021-31767
@@ -13648,7 +13648,7 @@ CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 
allows remote attackers to c
        [stretch] - openjpeg2 <no-dsa> (Minor issue)
        NOTE: https://github.com/uclouvain/openjpeg/issues/1338
 CVE-2021-29337 (MODAPI.sys in MSI Dragon Center 2.0.104.0 allows 
low-privileged users  ...)
-       TODO: check
+       NOT-FOR-US: MSI
 CVE-2021-29336
        RESERVED
 CVE-2021-29335
@@ -15155,7 +15155,7 @@ CVE-2021-28686 (AsIO2_64.sys and AsIO2_32.sys in ASUS 
GPUTweak II before 2.3.0.3
 CVE-2021-28685 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 
2.3.0.3 allow ...)
        NOT-FOR-US: ASUS
 CVE-2021-28684 (The XML parser used in ConeXware PowerArchiver before 20.10.02 
allows  ...)
-       TODO: check
+       NOT-FOR-US: ConeXware PowerArchiver
 CVE-2021-28683 (An issue was discovered in Envoy through 1.71.1. There is a 
remotely e ...)
        - envoyproxy <itp> (bug #987544)
 CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a 
remotely e ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f642549746f904c5921c662e73614e3cefcbf1f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f642549746f904c5921c662e73614e3cefcbf1f9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to