[Git][security-tracker-team/security-tracker][master] NFUs

Thu, 11 Nov 2021 06:06:46 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9c87e690 by Moritz Muehlenhoff at 2021-11-11T15:06:01+01:00
NFUs
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,17 +7,17 @@ CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses 
the hard-coded passwo
 CVE-2021-43574
        RESERVED
 CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices 
before 2 ...)
-       TODO: check
+       NOT-FOR-US: Realtek
 CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library 
(ecdsa-pyth ...)
-       TODO: check
+       NOT-FOR-US: Stark bank libraries
 CVE-2021-43571 (The verify function in the Stark Bank Node.js ECDSA library 
(ecdsa-nod ...)
-       TODO: check
+       NOT-FOR-US: Stark bank libraries
 CVE-2021-43570 (The verify function in the Stark Bank Java ECDSA library 
(ecdsa-java)  ...)
-       TODO: check
+       NOT-FOR-US: Stark bank libraries
 CVE-2021-43569 (The verify function in the Stark Bank .NET ECDSA library 
(ecdsa-dotnet ...)
-       TODO: check
+       NOT-FOR-US: Stark bank libraries
 CVE-2021-43568 (The verify function in the Stark Bank Elixir ECDSA library 
(ecdsa-elix ...)
-       TODO: check
+       NOT-FOR-US: Stark bank libraries
 CVE-2021-43567
        RESERVED
 CVE-2021-43566
@@ -260,7 +260,7 @@ CVE-2021-43468
 CVE-2021-43467
        RESERVED
 CVE-2021-43466 (In the thymeleaf-spring5:3.0.12 component, thymeleaf combined 
with spe ...)
-       TODO: check
+       NOT-FOR-US: thymeleaf-spring5
 CVE-2021-43465
        RESERVED
 CVE-2021-43464
@@ -7588,11 +7588,11 @@ CVE-2021-41252
 CVE-2021-41251 (@sap-cloud-sdk/core contains the core functionality of the SAP 
Cloud S ...)
        NOT-FOR-US: SAP
 CVE-2021-41250 (Python discord bot is the community bot for the Python Discord 
communi ...)
-       TODO: check
+       NOT-FOR-US: Python discord bot
 CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for development of graphQL 
focused ...)
-       TODO: check
+       NOT-FOR-US: GraphQL Playground
 CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo, 
GraphQL IDE ...)
-       TODO: check
+       NOT-FOR-US: GraphiQL
 CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter 
notebooks.  ...)
        NOT-FOR-US: JupyterHub
 CVE-2021-41246
@@ -7755,7 +7755,7 @@ CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. 
The Redis Manage plugi
 CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for 
research ...)
        NOT-FOR-US: eLabFTW
 CVE-2021-41170 (### Impact Versions prior 1.1.1 have allowed for passing in 
closures d ...)
-       TODO: check
+       NOT-FOR-US: neoan3-apps/template
 CVE-2021-41169 (Sulu is an open-source PHP content management system based on 
the Symf ...)
        NOT-FOR-US: Sulu
 CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown 
parser used  ...)
@@ -8097,7 +8097,7 @@ CVE-2021-41040
 CVE-2021-41039
        RESERVED
 CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse 
Theia prior  ...)
-       TODO: check
+       NOT-FOR-US: Eclipse Theia
 CVE-2021-41037
        RESERVED
 CVE-2021-41036 (In versions prior to 1.1 of the Eclipse Paho MQTT C Client, 
the client ...)
@@ -10754,45 +10754,45 @@ CVE-2021-39916
 CVE-2021-39915
        RESERVED
 CVE-2021-39914 (A regular expression denial of service issue in GitLab 
versions 8.13 t ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39913 (Accidental logging of system root password in the migration 
log in all ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE 
starting  ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39911 (An improper access control flaw in GitLab CE/EE since version 
13.9 exp ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39910
        RESERVED
 CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS 
feature ...)
-       TODO: check
+       - gitlab <not-affected> (Specific to EE)
 CVE-2021-39908
        RESERVED
 CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE 
starting  ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version 
13.5 and ab ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39905 (An information disclosure vulnerability in the GitLab CE/EE 
API since  ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39904 (An Improper Access Control vulnerability in the GraphQL API in 
GitLab  ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39903 (In all versions of GitLab CE/EE since version 13.0, a 
privileged user, ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39902 (Incorrect Authorization in GitLab CE/EE 13.4 or above allows a 
user wi ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39901 (In all versions of GitLab CE/EE since version 11.10, an admin 
of a gro ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with 
10.8 all ...)
        - gitlab <unfixed>
 CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical 
access to a ...)
        - gitlab <unfixed>
 CVE-2021-39898 (In all versions of GitLab CE/EE since version 10.6, a project 
export l ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39897 (Improper access control in GitLab CE/EE version 10.5 and above 
allowed ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an 
admin uses  ...)
        - gitlab <unfixed>
 CVE-2021-39895 (In all versions of GitLab CE/EE since version 8.0, an attacker 
can set ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS 
rebinding vul ...)
        - gitlab <unfixed>
 CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab 
starting with v ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c87e6905661006f28056c21491e88df9e190722

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c87e6905661006f28056c21491e88df9e190722
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to