[Git][security-tracker-team/security-tracker][master] new glances issue

Mon, 02 Aug 2021 00:44:37 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fa2402d7 by Moritz Muehlenhoff at 2021-08-02T09:43:33+02:00
new glances issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -321,7 +321,7 @@ CVE-2021-37607
 CVE-2021-3669
        RESERVED
 CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery 
by an a ...)
-       TODO: check
+       NOT-FOR-US: Meow hash
 CVE-2021-37605
        RESERVED
 CVE-2021-37604
@@ -11225,7 +11225,7 @@ CVE-2021-32809
 CVE-2021-32808
        RESERVED
 CVE-2021-32807 (The module `AccessControl` defines security policies for 
Python code u ...)
-       TODO: check
+       NOT-FOR-US: Zope AccessControl
 CVE-2021-32806
        RESERVED
 CVE-2021-32805
@@ -34276,15 +34276,21 @@ CVE-2021-23420
 CVE-2021-23419
        RESERVED
 CVE-2021-23418 (The package glances before 3.2.1 are vulnerable to XML 
External Entity ...)
-       TODO: check
+       - glances <unfixed>
+       [bullseye] - glances <no-dsa> (Minor issue)
+       [buster] - glances <no-dsa> (Minor issue)
+       NOTE: https://github.com/nicolargo/glances/issues/1025
+       NOTE: 
https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94
+       NOTE: 
https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a
+       NOTE: 
https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32
 CVE-2021-23417 (All versions of package deepmergefn are vulnerable to 
Prototype Pollut ...)
-       TODO: check
+       NOT-FOR-US: Node deepmergefn
 CVE-2021-23416 (This affects all versions of package curly-bracket-parser. 
When used a ...)
-       TODO: check
+       NOT-FOR-US: curly-bracket-parser
 CVE-2021-23415 (This affects the package elFinder.AspNet before 1.1.1. The 
user-contro ...)
        NOT-FOR-US: elFinder.AspNet
 CVE-2021-23414 (This affects the package video.js before 7.14.3. The src 
attribute of  ...)
-       TODO: check
+       NOT-FOR-US: video.js
 CVE-2021-23413 (This affects the package jszip before 3.7.0. Crafting a new 
zip file w ...)
        - node-jszip 3.5.0+dfsg-2
        [buster] - node-jszip <no-dsa> (Minor issue)
@@ -57105,7 +57111,7 @@ CVE-2020-26808 (SAP AS ABAP(DMIS), versions - 
2011_1_620, 2011_1_640, 2011_1_700
 CVE-2020-26807 (SAP ERP Client for E-Bilanz, version - 1.0, installation sets 
Incorrec ...)
        NOT-FOR-US: SAP
 CVE-2020-26806 (admin/file.do in ObjectPlanet Opinio before 7.15 allows 
Unrestricted F ...)
-       TODO: check
+       NOT-FOR-US: ObjectPlanet Opinio
 CVE-2020-26805 (In Sentrifugo 3.2, admin can edit employee's informations via 
this end ...)
        NOT-FOR-US: Sentrifugo
 CVE-2020-26804 (In Sentrifugo 3.2, users can share an announcement under 
"Organization ...)
@@ -57661,9 +57667,9 @@ CVE-2020-26566 (A Denial of Service condition in 
Motion-Project Motion 3.2 throu
        NOTE: 
https://github.com/Motion-Project/motion/issues/1227#issuecomment-715927776
        NOTE: https://github.com/Motion-Project/motion/pull/1232
 CVE-2020-26565 (ObjectPlanet Opinio before 7.14 allows Expression Language 
Injection v ...)
-       TODO: check
+       NOT-FOR-US: ObjectPlanet Opinio
 CVE-2020-26564 (ObjectPlanet Opinio before 7.15 allows XXE attacks via three 
steps: mo ...)
-       TODO: check
+       NOT-FOR-US: ObjectPlanet Opinio
 CVE-2020-26563 (ObjectPlanet Opinio before 7.14 allows reflected XSS via the 
survey/ad ...)
        NOT-FOR-US: ObjectPlanet Opinio
 CVE-2020-26562
@@ -71687,8 +71693,7 @@ CVE-2020-20180
 CVE-2020-20179
        RESERVED
 CVE-2020-20178 (Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol 
latest ve ...)
-       NOTE: Will be rectified by MITRE, then remove TODO
-       TODO: wait for cleanup, CVE is wrongly associated
+       NOT-FOR-US: Ethereum
 CVE-2020-20177
        RESERVED
 CVE-2020-20176
@@ -75761,7 +75766,7 @@ CVE-2020-18174 (A process injection vulnerability in 
setup.exe of AutoHotkey 1.1
 CVE-2020-18173 (A DLL injection vulnerability in 1password.dll of 1Password 
7.3.712 al ...)
        NOT-FOR-US: 1Password
 CVE-2020-18172 (A code injection vulnerability in the SeDebugPrivilege 
component of Tr ...)
-       TODO: check
+       NOT-FOR-US: Trezor Bridge
 CVE-2020-18171 (TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding 
(OLE) w ...)
        NOT-FOR-US: TechSmith Snagit
 CVE-2020-18170 (An issue in the SeChangeNotifyPrivilege component of Abloy Key 
Manager ...)
@@ -81508,7 +81513,7 @@ CVE-2020-15661 (A rogue webpage could override the 
injected WKUserScript used by
        - firefox <not-affected> (Specific to Firefox for iOS)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15661
 CVE-2020-15660 (Missing checks on Content-Type headers in geckodriver before 
0.27.0 co ...)
-       TODO: check
+       NOT-FOR-US: geckodriver
 CVE-2020-15659 (Mozilla developers and community members reported memory 
safety bugs p ...)
        {DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1}
        - firefox 79.0-1
@@ -83210,7 +83215,7 @@ CVE-2020-15001 (An information leak was discovered on 
Yubico YubiKey 5 NFC devic
 CVE-2020-15000 (A PIN management problem was discovered on Yubico YubiKey 5 
devices 5. ...)
        NOT-FOR-US: Yubico YubiKey 5 devices
 CVE-2020-14999 (A logic bug in system monitoring driver of Acronis Agent after 
12.5.21 ...)
-       TODO: check
+       NOT-FOR-US: Acronis
 CVE-2020-14998
        RESERVED
 CVE-2020-14997
@@ -96834,7 +96839,7 @@ CVE-2020-10592 (Tor before 0.3.5.10, 0.4.x before 
0.4.1.9, and 0.4.2.x before 0.
 CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0. 
CORS Ac ...)
        NOT-FOR-US: Walmart Labs Concord
 CVE-2020-10590 (Replicated Classic 2.x versions have an improperly secured API 
that ex ...)
-       TODO: check
+       NOT-FOR-US: Replicated Classic
 CVE-2020-10589 (v2rayL 2.1.3 allows local users to achieve root access because 
/etc/v2 ...)
        NOT-FOR-US: v2rayL
 CVE-2020-10588 (v2rayL 2.1.3 allows local users to achieve root access because 
/etc/v2 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa2402d7db3be7abb0bd4427a8c635d82e516ca7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa2402d7db3be7abb0bd4427a8c635d82e516ca7
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to