Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3b51b2a9 by Moritz Muehlenhoff at 2021-07-20T13:04:49+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8,7 +8,7 @@ CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through
2.15.0 has a use-a
NOTE:
https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2
NOTE:
https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575
CVE-2021-36979 (Unicorn Engine 1.0.2 has an out-of-bounds write in
tb_flush_armeb (cal ...)
- TODO: check
+ NOT-FOR-US: Unicorn Engine
CVE-2021-36978 (QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a
heap-based buffer ...)
- qpdf <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262
@@ -361,11 +361,11 @@ CVE-2021-36807
CVE-2021-36806
RESERVED
CVE-2020-36431 (Unicorn Engine 1.0.2 has an out-of-bounds write in
helper_wfe_arm. ...)
- TODO: check
+ NOT-FOR-US: Unicorn Engine
CVE-2020-36430 (libass 0.15.x before 0.15.1 has a heap-based buffer overflow
in decode ...)
TODO: check
CVE-2020-36429 (Variant_encodeJson in open62541 1.x before 1.0.4 has an
out-of-bounds ...)
- TODO: check
+ NOT-FOR-US: open62541
CVE-2020-36428 (matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a
heap-base ...)
TODO: check
CVE-2019-25051 (objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow
in acom ...)
@@ -5239,9 +5239,9 @@ CVE-2021-34620 (The WP Fluent Forms plugin < 3.6.67
for WordPress is vulnerab
CVE-2021-34619
RESERVED
CVE-2021-34618 (A remote denial of service (DoS) vulnerability was discovered
in some ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-34617 (A remote cross-site scripting (XSS) vulnerability was
discovered in so ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-34616 (A remote arbitrary command execution vulnerability was
discovered in A ...)
NOT-FOR-US: Aruba
CVE-2021-34615 (A remote arbitrary command execution vulnerability was
discovered in A ...)
@@ -7833,7 +7833,7 @@ CVE-2021-33502 (The normalize-url package before 4.5.1,
5.x before 5.3.1, and 6.
NOTE: https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1
NOTE:
https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103
CVE-2021-33501 (Overwolf Client 0.169.0.22 allows XSS, with resultant Remote
Code Exec ...)
- TODO: check
+ NOT-FOR-US: Overwolf
CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a
denial o ...)
- putty <not-affected> (Windows-specific)
CVE-2021-33499
@@ -9487,7 +9487,7 @@ CVE-2021-32776
CVE-2021-32775
RESERVED
CVE-2021-32774 (DataDump is a MediaWiki extension that provides dumps of
wikis. Prior ...)
- TODO: check
+ NOT-FOR-US: DataDump MediaWiki extension
CVE-2021-32773 (Racket is a general-purpose programming language and an
ecosystem for ...)
TODO: check
CVE-2021-32772
@@ -11313,11 +11313,11 @@ CVE-2021-32016
CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local
authenticated mal ...)
NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware
CVE-2021-32014 (SheetJS Pro through 0.16.9 allows attackers to cause a denial
of servi ...)
- TODO: check
+ NOT-FOR-US: SheetJS
CVE-2021-32013 (SheetJS Pro through 0.16.9 allows attackers to cause a denial
of servi ...)
- TODO: check
+ NOT-FOR-US: SheetJS
CVE-2021-32012 (SheetJS Pro through 0.16.9 allows attackers to cause a denial
of servi ...)
- TODO: check
+ NOT-FOR-US: SheetJS
CVE-2021-3532 (A flaw was found in Ansible where the secret information
present in as ...)
- ansible <unfixed>
[bullseye] - ansible <no-dsa> (Minor issue)
@@ -12489,7 +12489,7 @@ CVE-2021-31592
CVE-2021-31591
RESERVED
CVE-2021-31590 (PwnDoc through 2021-04-22 has incorrect JSON Webtoken
handling, leadin ...)
- TODO: check
+ NOT-FOR-US: PwnDoc
CVE-2021-31589
RESERVED
CVE-2021-31588
@@ -13442,7 +13442,7 @@ CVE-2021-31218
CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200,
insecure ...)
NOT-FOR-US: SolarWinds
CVE-2021-31216 (Siren Investigate before 11.1.1 contains a server side request
forgery ...)
- TODO: check
+ NOT-FOR-US: Siren Investigate
CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x
before 20.11. ...)
- slurm-wlm 20.11.7+really20.11.4-2 (bug #988439)
- slurm-llnl <removed>
@@ -26058,11 +26058,11 @@ CVE-2021-26085
CVE-2021-26084
RESERVED
CVE-2021-26083 (Export HTML Report in Atlassian Jira Server and Jira Data
Center befor ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2021-26082 (The XML Export in Atlassian Jira Server and Jira Data Center
before ve ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2021-26081 (REST API in Atlassian Jira Server and Jira Data Center before
version ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2021-26080 (EditworkflowScheme.jspa in Jira Server and Jira Data Center
before ver ...)
NOT-FOR-US: Atlassian
CVE-2021-26079 (The CardLayoutConfigTable component in Jira Server and Jira
Data Cente ...)
@@ -26555,7 +26555,7 @@ CVE-2020-36202 (An issue was discovered in the async-h1
crate before 2.3.0 for R
CVE-2021-3280
RESERVED
CVE-2021-3279 (sz.chat version 4 allows injection of web scripts and HTML in
the mess ...)
- TODO: check
+ NOT-FOR-US: sz.chat
CVE-2021-3278 (Local Service Search Engine Management System 1.0 has a
vulnerability ...)
NOT-FOR-US: Local Service Search Engine Management System
CVE-2021-3277 (Nagios XI 5.7.5 and earlier allows authenticated admins to
upload arbi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b51b2a95764797fc682bd769c236148dac9383a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b51b2a95764797fc682bd769c236148dac9383a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
