Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9e86d28d by Moritz Muehlenhoff at 2021-07-09T23:44:36+02:00
NFUs
new gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5739,13 +5739,13 @@ CVE-2021-3573
[buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2
CVE-2021-33795 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4
produce incorr ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-33794
RESERVED
CVE-2021-33793
RESERVED
CVE-2021-33792 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have
an out-of ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-3572 [Don't split git references on unicode separators #9827]
RESERVED
- python-pip 20.3.4-2
@@ -7062,7 +7062,7 @@ CVE-2021-33216 (An issue was discovered in CommScope
Ruckus IoT Controller 1.7.1
CVE-2021-33215 (An issue was discovered in CommScope Ruckus IoT Controller
1.7.1.0 and ...)
NOT-FOR-US: CommScope Ruckus IoT Controller
CVE-2021-33214 (In HMS Ewon eCatcher through 6.6.4, weak filesystem
permissions could ...)
- TODO: check
+ NOT-FOR-US: HMS Ewon eCatcher
CVE-2021-33213
RESERVED
CVE-2021-33212
@@ -7594,7 +7594,7 @@ CVE-2021-33014
CVE-2021-33013
RESERVED
CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a
remote, un ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2021-33011
RESERVED
CVE-2021-33010
@@ -7674,7 +7674,7 @@ CVE-2021-32974
CVE-2021-32973
RESERVED
CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an
attacke ...)
- TODO: check
+ NOT-FOR-US: Panasonic
CVE-2021-32971
RESERVED
CVE-2021-32970
@@ -8154,9 +8154,9 @@ CVE-2021-32755
CVE-2021-32754
RESERVED
CVE-2021-32753 (EdgeX Foundry is an open source project for building a common
open fra ...)
- TODO: check
+ NOT-FOR-US: EdgeX Foundry
CVE-2021-32752 (Ether Logs is a package that allows one to check one's logs in
the Cra ...)
- TODO: check
+ NOT-FOR-US: Ether Logs
CVE-2021-32751
RESERVED
CVE-2021-32750
@@ -8176,7 +8176,7 @@ CVE-2021-32744
CVE-2021-32743
RESERVED
CVE-2021-32742 (Vapor is a web framework for Swift. In versions 4.47.1 and
prior, bug ...)
- TODO: check
+ NOT-FOR-US: Vapor
CVE-2021-32741
RESERVED
CVE-2021-32740 (Addressable is an alternative implementation to the URI
implementation ...)
@@ -14385,7 +14385,7 @@ CVE-2021-30203
CVE-2021-30202
RESERVED
CVE-2021-30201 (An XML External Entity (XXE) issue exists in Kaseya VSA before
9.5.6. ...)
- TODO: check
+ NOT-FOR-US: Kaseya
CVE-2021-30200
RESERVED
CVE-2021-30199 (In filters/reframe_latm.c in GPAC 1.0.1 there is a Null
Pointer Derefe ...)
@@ -14713,17 +14713,17 @@ CVE-2021-30123 (FFmpeg <=4.3 contains a buffer
overflow vulnerability in liba
CVE-2021-30122
RESERVED
CVE-2021-30121 (Local file inclusion exists in Kaseya VSA before 9.5.6. ...)
- TODO: check
+ NOT-FOR-US: Kaseya
CVE-2021-30120 (Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA
requiremen ...)
- TODO: check
+ NOT-FOR-US: Kaseya
CVE-2021-30119 (Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7.
...)
- TODO: check
+ NOT-FOR-US: Kaseya
CVE-2021-30118 (Kaseya VSA before 9.5.5 allows remote code execution. ...)
- TODO: check
+ NOT-FOR-US: Kaseya
CVE-2021-30117 (SQL injection exists in Kaseya VSA before 9.5.6. ...)
- TODO: check
+ NOT-FOR-US: Kaseya
CVE-2021-30116 (Kaseya VSA before 9.5.7 allows credential disclosure, as
exploited in ...)
- TODO: check
+ NOT-FOR-US: Kaseya
CVE-2021-30115
RESERVED
CVE-2021-30114 (Web-School ERP V 5.0 contains a cross-site request forgery
(CSRF) vuln ...)
@@ -15599,7 +15599,7 @@ CVE-2021-29732
CVE-2021-29731
RESERVED
CVE-2021-29730 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL
injection. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29729
RESERVED
CVE-2021-29728
@@ -15635,7 +15635,7 @@ CVE-2021-29714
CVE-2021-29713
RESERVED
CVE-2021-29712 (IBM InfoSphere Information Server 11.7 is vulnerable to
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29711 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 ,
6.2.7.9, 7.0.3. ...)
NOT-FOR-US: IBM
CVE-2021-29710
@@ -22097,19 +22097,19 @@ CVE-2021-27041 (A maliciously crafted DWG file can be
used to write beyond the a
CVE-2021-27040 (A maliciously crafted DWG file can be forced to read beyond
allocated ...)
NOT-FOR-US: Autodesk
CVE-2021-27039 (A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013,
2012, 20 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-27038 (A Type Confusion vulnerability in Autodesk 2018, 2017, 2013,
2012, 201 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk 2018,
2017, 201 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-27036 (A maliciously crafted PDF, PICT or TIFF file can be used to
write beyo ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-27035 (A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk
2018, 2 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT or
TIFF fi ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-27033 (A Double Free vulnerability allows remote attackers to execute
arbitra ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-27032 (Autodesk Licensing Installer was found to be vulnerable to
privilege e ...)
NOT-FOR-US: Autodesk
CVE-2021-27031 (A user may be tricked into opening a malicious FBX file which
may expl ...)
@@ -24527,7 +24527,7 @@ CVE-2021-26108
CVE-2021-26107
RESERVED
CVE-2021-26106 (An improper neutralization of special elements used in an OS
Command v ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-26105
RESERVED
CVE-2021-26104
@@ -24539,7 +24539,7 @@ CVE-2021-26102
CVE-2021-26101
RESERVED
CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption
service ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-26099
RESERVED
CVE-2021-26098
@@ -29308,7 +29308,7 @@ CVE-2021-24022
CVE-2021-24021
RESERVED
CVE-2021-24020 (A missing cryptographic step in the implementation of the hash
digest ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-24019
RESERVED
CVE-2021-24018
@@ -29334,7 +29334,7 @@ CVE-2021-24009
CVE-2021-24008
RESERVED
CVE-2021-24007 (Multiple improper neutralization of special elements of SQL
commands v ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-24006
RESERVED
CVE-2021-24005 (Usage of hard-coded cryptographic keys to encrypt
configuration files ...)
@@ -33410,21 +33410,21 @@ CVE-2021-22233 (An information disclosure
vulnerability in GitLab EE versions 13
CVE-2021-22232 (HTML injection was possible via the full name field before
versions 13 ...)
- gitlab <unfixed>
CVE-2021-22231 (A denial of service in user's profile page is found starting
with GitL ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22230 (Improper code rendering while rendering merge requests could
be exploi ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22229 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions.
Imprope ...)
- gitlab <unfixed>
CVE-2021-22227 (A reflected cross-site script vulnerability in GitLab before
versions ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22226 (Under certain conditions, some users were able to push to
protected br ...)
- gitlab <unfixed>
CVE-2021-22225 (Insufficient input sanitization in markdown in GitLab version
13.11 an ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22224 (A cross-site request forgery vulnerability in the GraphQL API
in GitLa ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22223 (Client-Side code injection through Feature Flag name in GitLab
CE/EE s ...)
- gitlab <unfixed>
CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to
3.4.5 allow ...)
@@ -33674,7 +33674,7 @@ CVE-2021-22131
CVE-2021-22130 (A stack-based buffer overflow vulnerability in FortiProxy
physical app ...)
NOT-FOR-US: FortiProxy (FortiGuard)
CVE-2021-22129 (Multiple instances of incorrect calculation of buffer size in
the Webm ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN
portal ...)
NOT-FOR-US: FortiProxy SSL VPN portal
CVE-2021-22127
@@ -44722,7 +44722,7 @@ CVE-2020-29016 (A stack-based buffer overflow
vulnerability in FortiWeb 6.3.0 th
CVE-2020-29015 (A blind SQL injection in the user interface of FortiWeb 6.3.0
through ...)
NOT-FOR-US: Fortiguard
CVE-2020-29014 (A concurrent execution using shared resource with improper
synchroniza ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2020-29013
RESERVED
CVE-2020-29012
@@ -55465,7 +55465,7 @@ CVE-2020-25927
CVE-2020-25926
RESERVED
CVE-2020-25925 (Cross Site Scripting (XSS) in Webmail Calender in IceWarp
WebClient 10 ...)
- TODO: check
+ NOT-FOR-US: IceWarp
CVE-2020-25924
RESERVED
CVE-2020-25923
@@ -63117,7 +63117,7 @@ CVE-2020-22537
CVE-2020-22536
RESERVED
CVE-2020-22535 (Incorrect Access Control vulnerability in PbootCMS 2.0.6 via
the list ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2020-22534
RESERVED
CVE-2020-22533
@@ -65629,7 +65629,7 @@ CVE-2020-21335
CVE-2020-21334
RESERVED
CVE-2020-21333 (Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to
get an ad ...)
- TODO: check
+ NOT-FOR-US: PublicCMS
CVE-2020-21332
RESERVED
CVE-2020-21331
@@ -70852,7 +70852,7 @@ CVE-2020-18743
CVE-2020-18742
RESERVED
CVE-2020-18741 (Improper Authorization in ThinkSAAS v2.7 allows remote
attackers to mo ...)
- TODO: check
+ NOT-FOR-US: ThinkSAAS
CVE-2020-18740
RESERVED
CVE-2020-18739
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e86d28d099a0210370888997e26db3241d25de3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e86d28d099a0210370888997e26db3241d25de3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
