[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2021-34434/mosquitto

Tue, 31 Aug 2021 02:20:47 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
41d7dca4 by Salvatore Bonaccorso at 2021-08-31T11:18:45+02:00
Add CVE-2021-34434/mosquitto

- - - - -
216c030d by Salvatore Bonaccorso at 2021-08-31T11:18:46+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13321,7 +13321,8 @@ CVE-2021-34436
 CVE-2021-34435
        RESERVED
 CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the 
dynamic se ...)
-       TODO: check
+       - mosquitto <unfixed>
+       NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324
 CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 
3.0.0-M3 ...)
        NOT-FOR-US: Eclipse Californium
 CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server 
will crash  ...)
@@ -37538,7 +37539,7 @@ CVE-2021-24669
 CVE-2021-24668
        RESERVED
 CVE-2021-24667 (A stored cross-site scripting vulnerability has been 
discovered in : S ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2021-24666
        RESERVED
 CVE-2021-24665 (The WP Video Lightbox WordPress plugin before 1.9.3 does not 
escape th ...)
@@ -43518,19 +43519,19 @@ CVE-2021-22029
 CVE-2021-22028
        RESERVED
 CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) 
contains a Serv ...)
-       TODO: check
+       NOT-FOR-US: Vmware
 CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) 
contains a Serv ...)
-       TODO: check
+       NOT-FOR-US: Vmware
 CVE-2021-22025 (The vRealize Operations Manager API (8.x prior to 8.5) 
contains a brok ...)
-       TODO: check
+       NOT-FOR-US: Vmware
 CVE-2021-22024 (The vRealize Operations Manager API (8.x prior to 8.5) 
contains an arb ...)
-       TODO: check
+       NOT-FOR-US: Vmware
 CVE-2021-22023 (The vRealize Operations Manager API (8.x prior to 8.5) has 
insecure ob ...)
-       TODO: check
+       NOT-FOR-US: Vmware
 CVE-2021-22022 (The vRealize Operations Manager API (8.x prior to 8.5) 
contains an arb ...)
-       TODO: check
+       NOT-FOR-US: Vmware
 CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a 
Cross Site S ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2021-22020
        RESERVED
 CVE-2021-22019
@@ -44274,7 +44275,7 @@ CVE-2021-21743
 CVE-2021-21742
        RESERVED
 CVE-2021-21741 (A conference management system of ZTE is impacted by a command 
executi ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2021-21740 (There is an information leak vulnerability in the digital 
media player ...)
        NOT-FOR-US: ZTE
 CVE-2021-21739 (A ZTE's product of the transport network access layer has a 
security v ...)
@@ -72526,7 +72527,7 @@ CVE-2020-22850
 CVE-2020-22849
        RESERVED
 CVE-2020-22848 (A remote code execution (RCE) vulnerability in the 
\Playsong.php compo ...)
-       TODO: check
+       NOT-FOR-US: cscms
 CVE-2020-22847
        RESERVED
 CVE-2020-22846
@@ -82288,19 +82289,19 @@ CVE-2020-18129 (A CSRF vulnerability in Eyoucms 
v1.2.7 allows an attacker to add
 CVE-2020-18128
        RESERVED
 CVE-2020-18127 (An issue in the /config/config.php component of Indexhibit 
2.1.5 allow ...)
-       TODO: check
+       NOT-FOR-US: Indexhibit
 CVE-2020-18126 (Multiple stored cross-site scripting (XSS) vulnerabilities in 
the Sect ...)
-       TODO: check
+       NOT-FOR-US: Indexhibit
 CVE-2020-18125 (A reflected cross-site scripting (XSS) vulnerability in the 
/plugin/aj ...)
-       TODO: check
+       NOT-FOR-US: Indexhibit
 CVE-2020-18124 (A cross-site request forgery (CSRF) vulnerability in 
Indexhibit 2.1.5  ...)
-       TODO: check
+       NOT-FOR-US: Indexhibit
 CVE-2020-18123 (A cross-site request forgery (CSRF) vulnerability in 
Indexhibit 2.1.5  ...)
-       TODO: check
+       NOT-FOR-US: Indexhibit
 CVE-2020-18122
        RESERVED
 CVE-2020-18121 (A configuration issue in Indexhibit 2.1.5 allows authenticated 
attacke ...)
-       TODO: check
+       NOT-FOR-US: Indexhibit
 CVE-2020-18120
        RESERVED
 CVE-2020-18119



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/63957298ddd9f85974068f10b74465598ee75e44...216c030ddbddc572f15916a28fb9fc60e508b166

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/63957298ddd9f85974068f10b74465598ee75e44...216c030ddbddc572f15916a28fb9fc60e508b166
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to