[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 01 Oct 2021 02:33:19 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4a67572b by Moritz Muehlenhoff at 2021-10-01T11:32:52+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1104,7 +1104,7 @@ CVE-2021-41326 (In MISP before 2.4.148, 
app/Lib/Export/OpendataExport.php mishan
 CVE-2021-41325 (Broken access control for user creation in Pydio Cells 2.2.9 
allows re ...)
        NOT-FOR-US: Pydio Cells
 CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in 
Pydio Ce ...)
-       TODO: check
+       NOT-FOR-US: Pydio Cells
 CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 
2.2.9 allow ...)
        NOT-FOR-US: Pydio Cells
 CVE-2021-41322
@@ -1574,13 +1574,13 @@ CVE-2021-41111
 CVE-2021-41110
        RESERVED
 CVE-2021-41109 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2021-41108
        RESERVED
 CVE-2021-41107
        RESERVED
 CVE-2021-41106 (JWT is a library to work with JSON Web Token and JSON Web 
Signature. P ...)
-       TODO: check
+       NOT-FOR-US: PHP lcobucci/jwt
 CVE-2021-41105
        RESERVED
 CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with 
web_serv ...)
@@ -1590,7 +1590,7 @@ CVE-2021-41103
 CVE-2021-41102
        RESERVED
 CVE-2021-41101 (wire-server is an open-source back end for Wire, a secure 
collaboratio ...)
-       TODO: check
+       NOT-FOR-US: wire-server
 CVE-2021-41100
        RESERVED
 CVE-2021-41099
@@ -3774,7 +3774,7 @@ CVE-2021-40156 (A maliciously crafted DWG file in 
Autodesk Navisworks 2019, 2020
 CVE-2021-40155 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 
2020, 2021 ...)
        NOT-FOR-US: Autodesk
 CVE-2021-3747 (The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, 
acciden ...)
-       TODO: check
+       NOT-FOR-US: Multipass
 CVE-2021-40154
        RESERVED
 CVE-2021-40152
@@ -7229,7 +7229,7 @@ CVE-2021-38677
 CVE-2021-38676
        RESERVED
 CVE-2021-38675 (A cross-site scripting (XSS) vulnerability has been reported 
to affect ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-38674
        RESERVED
 CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' 
Flag ...)
@@ -13772,7 +13772,7 @@ CVE-2021-35937 [TOCTOU race in checks for unsafe 
symlinks]
 CVE-2021-35936 (If remote logging is not used, the worker (in the case of 
CeleryExecut ...)
        - airflow <itp> (bug #819700)
 CVE-2021-3626 (The Windows version of Multipass before 1.7.0 allowed any local 
proces ...)
-       TODO: check
+       NOT-FOR-US: Multipass
 CVE-2021-3625
        RESERVED
 CVE-2021-35935
@@ -17320,15 +17320,15 @@ CVE-2021-34358
 CVE-2021-34357
        RESERVED
 CVE-2021-34356 (A cross-site scripting (XSS) vulnerability has been reported 
to affect ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-34355 (A cross-site scripting (XSS) vulnerability has been reported 
to affect ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-34354 (A cross-site scripting (XSS) vulnerability has been reported 
to affect ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-34353
        RESERVED
 CVE-2021-34352 (A command injection vulnerability has been reported to affect 
QNAP dev ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-34351 (A command injection vulnerability has been reported to affect 
QNAP dev ...)
        NOT-FOR-US: QNAP
 CVE-2021-34350
@@ -18241,9 +18241,9 @@ CVE-2021-33926
 CVE-2021-33925
        RESERVED
 CVE-2021-33924 (Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 
6.0.0 i ...)
-       TODO: check
+       NOT-FOR-US: Confluent Ansible
 CVE-2021-33923 (Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 
5.5.1, 5 ...)
-       TODO: check
+       NOT-FOR-US: Confluent Ansible
 CVE-2021-33922
        RESERVED
 CVE-2021-33921
@@ -19019,7 +19019,7 @@ CVE-2021-33628
 CVE-2021-33627
        RESERVED
 CVE-2021-33626 (In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did 
not cor ...)
-       TODO: check
+       NOT-FOR-US: Insyde
 CVE-2021-33625
        RESERVED
 CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a 
branch  ...)
@@ -19114,7 +19114,7 @@ CVE-2021-33585
 CVE-2021-33584
        RESERVED
 CVE-2021-33583 (REINER timeCard 6.05.07 installs a Microsoft SQL Server with 
an sa pas ...)
-       TODO: check
+       NOT-FOR-US: REINER
 CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a 
denial of s ...)
        - cyrus-imapd 3.4.2-1 (bug #993433)
        [bullseye] - cyrus-imapd <no-dsa> (Minor issue; pending fix via point 
release)
@@ -44319,7 +44319,7 @@ CVE-2021-23448
 CVE-2021-23447
        RESERVED
 CVE-2021-23446 (The package handsontable before 10.0.0; the package 
handsontable from  ...)
-       TODO: check
+       NOT-FOR-US: Node handsontable
 CVE-2021-23445 (This affects the package datatables.net before 1.11.3. If an 
array is  ...)
        - datatables.js 1.10.21+dfsg-3 (bug #995229)
        NOTE: 
https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
 (v1.11.3)
@@ -81138,13 +81138,13 @@ CVE-2020-20801
 CVE-2020-20800 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL 
Injection ...)
        NOT-FOR-US: MetInfo
 CVE-2020-20799 (JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: JeeCMS
 CVE-2020-20798
        RESERVED
 CVE-2020-20797 (FlameCMS 3.3.5 contains a time-based blind SQL injection 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: FlameCMS
 CVE-2020-20796 (FlameCMS 3.3.5 contains a SQL injection vulnerability in 
/master/artic ...)
-       TODO: check
+       NOT-FOR-US: FlameCMS
 CVE-2020-20795
        RESERVED
 CVE-2020-20794
@@ -81244,7 +81244,7 @@ CVE-2020-20748
 CVE-2020-20747
        RESERVED
 CVE-2020-20746 (A stack-based buffer overflow in the httpd server on Tenda AC9 
V15.03. ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2020-20745
        RESERVED
 CVE-2020-20744
@@ -102242,7 +102242,7 @@ CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 
1.10, 1.11 and ExactaMix EM120
 CVE-2020-12031 (In all versions of FactoryTalk View SE, after bypassing memory 
corrupt ...)
        NOT-FOR-US: FactoryTalk View SE
 CVE-2020-12030 (There is a flaw in the code used to configure the internal 
gateway fir ...)
-       TODO: check
+       NOT-FOR-US: Emerson WirelessHART Gateway
 CVE-2020-12029 (All versions of FactoryTalk View SE do not properly validate 
input of  ...)
        NOT-FOR-US: FactoryTalk View SE
 CVE-2020-12028 (In all versions of FactoryTalk View SEA remote, an 
authenticated attac ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a67572b8d0594760fb19bc165bc896c1c77b924

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a67572b8d0594760fb19bc165bc896c1c77b924
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to