Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
270cbd7f by Moritz Muehlenhoff at 2021-08-16T22:01:02+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9809,7 +9809,7 @@ CVE-2021-34534 (Windows MSHTML Platform Remote Code
Execution Vulnerability ...)
CVE-2021-34533 (Windows Graphics Component Font Parsing Remote Code Execution
Vulnerab ...)
NOT-FOR-US: Microsoft
CVE-2021-34532 (ASP.NET Core and Visual Studio Information Disclosure
Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34531
RESERVED
CVE-2021-34530 (Windows Graphics Component Remote Code Execution Vulnerability
...)
@@ -9903,7 +9903,7 @@ CVE-2021-34487 (Windows Event Tracing Elevation of
Privilege Vulnerability This
CVE-2021-34486 (Windows Event Tracing Elevation of Privilege Vulnerability
This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2021-34485 (.NET Core and Visual Studio Information Disclosure
Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34484 (Windows User Profile Service Elevation of Privilege
Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-34483 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
@@ -11734,7 +11734,7 @@ CVE-2021-33701
CVE-2021-33700
RESERVED
CVE-2021-33699 (Task Hijacking is a vulnerability that affects the
applications runnin ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-33698
RESERVED
CVE-2021-33697
@@ -13821,7 +13821,7 @@ CVE-2021-32808 (ckeditor is an open source WYSIWYG HTML
editor with rich content
CVE-2021-32807 (The module `AccessControl` defines security policies for
Python code u ...)
NOT-FOR-US: Zope AccessControl
CVE-2021-32806 (Products.isurlinportal is a replacement for isURLInPortal
method in Pl ...)
- TODO: check
+ NOT-FOR-US: Plone
CVE-2021-32805
RESERVED
CVE-2021-32804 (The npm package "tar" (aka node-tar) before versions 6.1.1,
5.0.6, 4.4 ...)
@@ -29811,7 +29811,7 @@ CVE-2021-26425 (Windows Event Tracing Elevation of
Privilege Vulnerability This
CVE-2021-26424 (Windows TCP/IP Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-26423 (.NET Core and Visual Studio Denial of Service Vulnerability
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26422 (Skype for Business and Lync Remote Code Execution
Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-26421 (Skype for Business and Lync Spoofing Vulnerability ...)
@@ -38027,7 +38027,7 @@ CVE-2021-22928 (A vulnerability has been identified in
Citrix Virtual Apps and D
CVE-2021-22927 (A session fixation vulnerability exists in Citrix ADC and
Citrix Gatew ...)
NOT-FOR-US: Citrix
CVE-2021-22926 (libcurl-using applications can ask for a specific client
certificate t ...)
- TODO: check
+ NOT-FOR-US: curl builds on MacOS
CVE-2021-22925 (curl supports the `-t` command line option, known as
`CURLOPT_TELNETOP ...)
- curl <not-affected> (Incomplete fix for CVE-2021-22898 not applied)
NOTE: https://curl.se/docs/CVE-2021-22925.html
@@ -45508,7 +45508,7 @@ CVE-2021-20333 (Sending specially crafted commands to a
MongoDB Server may resul
[stretch] - mongodb <end-of-life>
(https://lists.debian.org/debian-lts/2020/11/msg00058.html)
NOTE: https://jira.mongodb.org/browse/SERVER-50605
CVE-2021-20332 (Specific MongoDB Rust Driver versions can include credentials
used by ...)
- TODO: check
+ NOT-FOR-US: MongoDB rust driver
CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously
publish eve ...)
NOT-FOR-US: MongoDB C# Driver
CVE-2021-20330
@@ -50108,7 +50108,7 @@ CVE-2021-1632
CVE-2021-1631
RESERVED
CVE-2021-1630 (XML external entity (XXE) vulnerability affecting certain
versions of ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2021-1629 (Tableau Server fails to validate certain URLs that are embedded
in ema ...)
NOT-FOR-US: Tableau Server
CVE-2021-1628 (MuleSoft is aware of a XML External Entity (XXE) vulnerability
affecti ...)
@@ -53213,7 +53213,7 @@ CVE-2021-1106 (NVIDIA Linux kernel distributions
contain a vulnerability in nvma
CVE-2021-1105
RESERVED
CVE-2021-1104 (The RISC-V Instruction Set Manual contains a documented
ambiguity for ...)
- TODO: check
+ NOT-FOR-US: RISC-V
CVE-2021-1103 (NVIDIA vGPU software contains a vulnerability in the Virtual
GPU Manag ...)
NOT-FOR-US: NVIDIA vGPU software
CVE-2021-1102 (NVIDIA vGPU software contains a vulnerability in the Virtual
GPU Manag ...)
@@ -69898,7 +69898,7 @@ CVE-2020-22405
CVE-2020-22404
RESERVED
CVE-2020-22403 (The express-cart package through 1.1.10 for Node.js allows
CSRF. ...)
- TODO: check
+ NOT-FOR-US: Node express-cart
CVE-2020-22402
RESERVED
CVE-2020-22401
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/270cbd7f6c6a253e47da19399c33b2d93b842d6b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/270cbd7f6c6a253e47da19399c33b2d93b842d6b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
