[Git][security-tracker-team/security-tracker][master] NFUs

Fri, 03 Sep 2021 05:33:49 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
91e794a8 by Moritz Muehlenhoff at 2021-09-03T14:33:25+02:00
NFUs

- - - - -


2 changed files:

- data/CVE/list
- + data/CVE/list.orig


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-40494 (A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale 
LXDUI throu ...)
-       TODO: check
+       NOT-FOR-US: AdaptiveScale LXDUI
 CVE-2021-40493
        RESERVED
 CVE-2021-40492
@@ -2926,7 +2926,7 @@ CVE-2021-39189
 CVE-2021-39188
        RESERVED
 CVE-2021-39187 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2021-39186 (GlobalNewFiles is a package in Miraheze, a wiki hosting 
service. Prior ...)
        NOT-FOR-US: Miraheze
 CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP 
services. In h ...)
@@ -4827,11 +4827,11 @@ CVE-2021-38316
 CVE-2021-38315 (The SP Project & Document Manager WordPress plugin is 
vulnerable t ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-38314 (The Gutenberg Template Library & Redux Framework plugin 
<= 4.2. ...)
-       TODO: check
+       NOT-FOR-US: Gutenberg Template Library
 CVE-2021-38313
        RESERVED
 CVE-2021-38312 (The Gutenberg Template Library & Redux Framework plugin 
<= 4.2. ...)
-       TODO: check
+       NOT-FOR-US: Gutenberg Template Library
 CVE-2021-38311 (In Contiki 3.0, potential nonterminating acknowledgment loops 
exist in ...)
        NOT-FOR-US: Contiki
 CVE-2021-38310
@@ -13751,7 +13751,7 @@ CVE-2021-3589
 CVE-2021-34437
        RESERVED
 CVE-2021-34436 (In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the 
default ...)
-       TODO: check
+       NOT-FOR-US: Eclipse Theia
 CVE-2021-34435 (In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension 
allows a ...)
        NOT-FOR-US: Eclipse Theia
 CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the 
dynamic se ...)
@@ -40787,7 +40787,7 @@ CVE-2021-23440
 CVE-2021-23439
        RESERVED
 CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Node mpath
 CVE-2021-23437
        RESERVED
 CVE-2021-23436 (This affects the package immer before 9.0.6. A type confusion 
vulnerab ...)
@@ -40799,19 +40799,19 @@ CVE-2021-23434 (This affects the package object-path 
before 0.11.6. A type confu
 CVE-2021-23433
        RESERVED
 CVE-2021-23432 (This affects all versions of package mootools. This is due to 
the abil ...)
-       TODO: check
+       NOT-FOR-US: Node mootools
 CVE-2021-23431 (The package joplin before 2.3.2 are vulnerable to Cross-site 
Request F ...)
-       TODO: check
+       NOT-FOR-US: Node joplin
 CVE-2021-23430 (All versions of package startserver are vulnerable to 
Directory Traver ...)
-       TODO: check
+       NOT-FOR-US: Node startserver
 CVE-2021-23429 (All versions of package transpile are vulnerable to Denial of 
Service  ...)
-       TODO: check
+       NOT-FOR-US: Node transpile
 CVE-2021-23428 (This affects all versions of package elFinder.NetCore. The 
Path.Combin ...)
-       TODO: check
+       NOT-FOR-US: elFinder.NetCore
 CVE-2021-23427 (This affects all versions of package elFinder.NetCore. The 
ExtractAsyn ...)
-       TODO: check
+       NOT-FOR-US: elFinder.NetCore
 CVE-2021-23426 (This affects all versions of package Proto. It is possible to 
inject p ...)
-       TODO: check
+       NOT-FOR-US: Node proto
 CVE-2021-23425 (All versions of package trim-off-newlines are vulnerable to 
Regular Ex ...)
        NOT-FOR-US: Node trim-off-newlines
 CVE-2021-23424 (This affects all versions of package ansi-html. If an attacker 
provide ...)
@@ -42242,15 +42242,15 @@ CVE-2021-22795
 CVE-2021-22794
        RESERVED
 CVE-2021-22793 (A CWE-200: Exposure of Sensitive Information to an 
Unauthorized Actor  ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22792 (A CWE-476: NULL Pointer Dereference vulnerability that could 
cause a D ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22791 (A CWE-787: Out-of-bounds Write vulnerability that could cause 
a Denial ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22790 (A CWE-125: Out-of-bounds Read vulnerability that could cause a 
Denial  ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22789 (A CWE-119: Improper Restriction of Operations within the 
Bounds of a M ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22788
        RESERVED
 CVE-2021-22787
@@ -42278,7 +42278,7 @@ CVE-2021-22777 (A CWE-502: Deserialization of Untrusted 
Data vulnerability exist
 CVE-2021-22776
        RESERVED
 CVE-2021-22775 (A CWE-427: Uncontrolled Search Path Element vulnerability 
exists in GP ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22774 (A CWE-759: Use of a One-Way Hash without a Salt vulnerability 
exists i ...)
        NOT-FOR-US: Schneider Electric
 CVE-2021-22773 (A CWE-620: Unverified Password Change vulnerability exists in 
EVlink C ...)
@@ -42420,7 +42420,7 @@ CVE-2021-22706 (A CWE-79: Improper Neutralization of 
Input During Web Page Gener
 CVE-2021-22705 (Improper Restriction of Operations within the Bounds of a 
Memory Buffe ...)
        NOT-FOR-US: Schneider
 CVE-2021-22704 (A CWE-22: Improper Limitation of a Pathname to a Restricted 
Directory  ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information 
vulnerabili ...)
        NOT-FOR-US: PowerLogic
 CVE-2021-22702 (A CWE-319: Cleartext transmission of sensitive information 
vulnerabili ...)
@@ -42614,7 +42614,7 @@ CVE-2021-3020
 CVE-2021-22685
        RESERVED
 CVE-2021-22684 (Tizen RT RTOS version 3.0.GBB is vulnerable to integer 
wrap-around in  ...)
-       TODO: check
+       NOT-FOR-US: Tizen RT RTOS
 CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an 
out-of-b ...)
        NOT-FOR-US: Fatek FvDesigner
 CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4) is configured by 
default to be ...)
@@ -43487,7 +43487,7 @@ CVE-2021-22253 (Improper authorization in GitLab EE 
affecting all versions since
 CVE-2021-22252 (A confusion between tag and branch names in GitLab CE/EE 
affecting all ...)
        - gitlab <not-affected> (Vulnerable code introduced later)
 CVE-2021-22251 (Improper validation of invited users' email address in GitLab 
EE affec ...)
-       TODO: check
+       - gitlab <not-affected> (Specific to EE)
 CVE-2021-22250 (Improper authorization in GitLab CE/EE affecting all versions 
since 13 ...)
        - gitlab <unfixed>
 CVE-2021-22249 (A verbose error message in GitLab EE affecting all versions 
since 12.2 ...)


=====================================
data/CVE/list.orig
=====================================
The diff for this file was not included because it is too large.


View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e794a8b7d2027a33ae9785c104ec5ad620397a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e794a8b7d2027a33ae9785c104ec5ad620397a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to