Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c3f47c16 by Moritz Muehlenhoff at 2021-07-26T09:35:01+02:00
new node-jszip issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2021-37438
CVE-2021-37437
RESERVED
CVE-2021-37436 (Amazon Echo Dot devices through 2021-07-02 sometimes allow
attackers, ...)
- TODO: check
+ NOT-FOR-US: Amazon Echo
CVE-2021-37435
RESERVED
CVE-2021-37434
@@ -70,7 +70,7 @@ CVE-2021-XXXX [Remote Information Disclosure]
CVE-2021-37404
RESERVED
CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive
Authent ...)
- TODO: check
+ NOT-FOR-US: firefly-iii
CVE-2021-3662
RESERVED
CVE-2021-3661
@@ -1520,7 +1520,7 @@ CVE-2021-36741
CVE-2021-3648
RESERVED
CVE-2021-3647 (URI.js is vulnerable to URL Redirection to Untrusted Site ...)
- TODO: check
+ NOT-FOR-US: URI.js
CVE-2021-3646
RESERVED
CVE-2021-3645
@@ -4428,7 +4428,7 @@ CVE-2021-35466
CVE-2021-35465
RESERVED
CVE-2021-35464 (ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a
Java deseri ...)
- TODO: check
+ NOT-FOR-US: ForgeRock
CVE-2021-35463
RESERVED
CVE-2021-35462
@@ -5289,7 +5289,7 @@ CVE-2019-25047 (Greenbone Security Assistant (GSA) before
8.0.2 and Greenbone OS
CVE-2018-25016 (Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone
OS (GOS) ...)
NOT-FOR-US: Greenbone Security Assistant
CVE-2021-35054 (Minecraft before 1.17.1, when online-mode=false is configured,
allows ...)
- TODO: check
+ NOT-FOR-US: Minecraft
CVE-2021-3611 [QEMU: intel-hda: segmentation fault due to stack overflow]
RESERVED
- qemu <unfixed> (bug #990562)
@@ -8945,7 +8945,7 @@ CVE-2021-33483
CVE-2021-33482
RESERVED
CVE-2021-33478 (The TrustZone implementation in certain Broadcom MediaxChange
firmware ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A
flawed bound ...)
- fig2dev 1:3.2.8-3
[buster] - fig2dev 1:3.2.7a-5+deb10u4
@@ -10538,7 +10538,7 @@ CVE-2021-32785 (mod_auth_openidc is an
authentication/authorization module for t
CVE-2021-32784
RESERVED
CVE-2021-32783 (Contour is a Kubernetes ingress controller using Envoy proxy.
In Conto ...)
- TODO: check
+ NOT-FOR-US: Countour
CVE-2021-32782
RESERVED
CVE-2021-32781
@@ -10582,7 +10582,7 @@ CVE-2021-32765
CVE-2021-32764 (Discourse is an open-source discussion platform. In Discourse
versions ...)
NOT-FOR-US: Discourse
CVE-2021-32763 (OpenProject is open-source, web-based project management
software. In ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2021-32762
RESERVED
CVE-2021-32761 (Redis is an in-memory database that persists on disk. A
vulnerability ...)
@@ -10600,7 +10600,7 @@ CVE-2021-32758
CVE-2021-32757
RESERVED
CVE-2021-32756 (ManageIQ is an open-source management platform. In versions
prior to j ...)
- TODO: check
+ NOT-FOR-US: ManageIQ
CVE-2021-32755 (Wire is a collaboration platform. wire-ios-transport handles
authentic ...)
NOT-FOR-US: wire-ios (iOS version of Wire)
CVE-2021-32754 (FlowDroid is a data flow analysis tool. FlowDroid versions
prior to 2. ...)
@@ -29209,7 +29209,7 @@ CVE-2021-3171
CVE-2021-3170
RESERVED
CVE-2021-3169 (An issue in Jumpserver 2.6.2 and below allows attackers to
create a co ...)
- TODO: check
+ NOT-FOR-US: Jumpserver
CVE-2021-3168
RESERVED
CVE-2021-3167 (In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication
tokens ar ...)
@@ -31919,7 +31919,7 @@ CVE-2021-24038
CVE-2021-24037 (A use after free in hermes, while emitting certain error
messages, pri ...)
NOT-FOR-US: Facebook Hermes
CVE-2021-24036 (Passing an attacker controlled size when creating an IOBuf
could cause ...)
- TODO: check
+ - hhvm <removed>
CVE-2021-24035 (A lack of filename validation when unzipping archives prior to
WhatsAp ...)
NOT-FOR-US: WhatsApp
CVE-2021-24034
@@ -33413,7 +33413,9 @@ CVE-2021-23415
CVE-2021-23414
RESERVED
CVE-2021-23413 (This affects the package jszip before 3.7.0. Crafting a new
zip file w ...)
- TODO: check
+ - node-jszip <unfixed>
+ NOTE: https://github.com/Stuk/jszip/pull/766
+ NOTE:
https://github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36
CVE-2021-23412 (All versions of package gitlogplus are vulnerable to Command
Injection ...)
TODO: check
CVE-2021-23411 (All versions of package anchorme are vulnerable to Cross-site
Scriptin ...)
@@ -34811,7 +34813,7 @@ CVE-2021-22786
CVE-2021-22785
RESERVED
CVE-2021-22784 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22783
RESERVED
CVE-2021-22782 (Missing Encryption of Sensitive Data vulnerability exists in
EcoStruxu ...)
@@ -36610,7 +36612,7 @@ CVE-2021-22003
CVE-2021-22002
RESERVED
CVE-2021-22001 (In UAA versions prior to 75.3.0, sensitive information like
relaying s ...)
- TODO: check
+ NOT-FOR-US: CloudFoundry
CVE-2021-22000 (VMware Thinapp version 5.x prior to 5.2.10 contain a DLL
hijacking vul ...)
NOT-FOR-US: VMware
CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware
Remote Conso ...)
@@ -41367,7 +41369,7 @@ CVE-2021-20598
CVE-2021-20597
RESERVED
CVE-2021-20596 (NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware
version ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2021-20595 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20594
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3f47c16f2389eb4d83391ddb5fa56a6ff634cb6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3f47c16f2389eb4d83391ddb5fa56a6ff634cb6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
