Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b04b18a0 by Salvatore Bonaccorso at 2021-11-24T21:12:25+01:00
Process NFUs
- - - - -
a307440d by Salvatore Bonaccorso at 2021-11-24T21:17:46+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1197,7 +1197,7 @@ CVE-2021-43780 (Redash is a package for data
visualization and sharing. In versi
CVE-2021-43779
RESERVED
CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes.
GLPI inst ...)
- TODO: check
+ NOT-FOR-US: GLPI plugin
CVE-2021-43777 (Redash is a package for data visualization and sharing. In
Redash vers ...)
NOT-FOR-US: Redash
CVE-2021-43776
@@ -3263,7 +3263,7 @@ CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka
seq-app-htmlemail) 3.1.0-dev-001
CVE-2021-43269
RESERVED
CVE-2021-43268 (An issue was discovered in VxWorks 6.9 through 7. In the IKE
component ...)
- TODO: check
+ NOT-FOR-US: Wind River VxWorks
CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0,
exporting col ...)
- mahara <removed>
CVE-2021-43265 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0,
certain tag s ...)
@@ -15896,7 +15896,7 @@ CVE-2021-38875 (IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS,
9.1 CD, and 9.2 CD is vul
CVE-2021-38874
RESERVED
CVE-2021-38873 (IBM Planning Analytics 2.0 is potentially vulnerable to CSV
Injection. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-38872
RESERVED
CVE-2021-38871
@@ -20674,9 +20674,9 @@ CVE-2021-36919
CVE-2021-36918
RESERVED
CVE-2021-36917 (WordPress Hide My WP plugin (versions <= 6.2.3) can be
deactivated ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36916 (The SQL injection vulnerability in the Hide My WP WordPress
plugin (ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36915
RESERVED
CVE-2021-36914
@@ -26580,9 +26580,9 @@ CVE-2021-34426
CVE-2021-34425
RESERVED
CVE-2021-34424 (A vulnerability was discovered in the Zoom Client for Meetings
(for An ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2021-34423 (A buffer overflow vulnerability was discovered in Zoom Client
for Meet ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2021-34422 (The Keybase Client for Windows before version 5.7.0 contains a
path tr ...)
NOT-FOR-US: Keybase Client for Windows
CVE-2021-34421 (The Keybase Client for Android before version 5.8.0 and the
Keybase Cl ...)
@@ -29866,11 +29866,11 @@ CVE-2021-33044 (The identity authentication bypass
vulnerability found in some D
CVE-2020-36363 (Amazon AWS CloudFront TLSv1.2_2019 allows
TLS_ECDHE_RSA_WITH_AES_128_C ...)
NOT-FOR-US: Amazon AWS CloudFront
CVE-2021-3554 (Improper Access Control vulnerability in the patchesUpdate API
as impl ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2021-3553 (A Server-Side Request Forgery (SSRF) vulnerability in the
EPPUpdateSer ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2021-3552 (A Server-Side Request Forgery (SSRF) vulnerability in the
EPPUpdateSer ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2021-33043
RESERVED
CVE-2021-33042
@@ -54933,7 +54933,7 @@ CVE-2021-22959 (The parser in accepts requests with a
space (SP) right after the
CVE-2021-22958 (A Server-Side Request Forgery vulnerability was found in
concrete5 < ...)
NOT-FOR-US: Concrete CMS
CVE-2021-22957 (A Cross-Origin Resource Sharing (CORS) vulnerability found in
UniFi Pr ...)
- TODO: check
+ NOT-FOR-US: UniFi Protect
CVE-2021-22956
RESERVED
CVE-2021-22955
@@ -57117,7 +57117,7 @@ CVE-2021-22051 (Applications using Spring Cloud Gateway
are vulnerable to specif
CVE-2021-22050
RESERVED
CVE-2021-22049 (The vSphere Web Client (FLEX/Flash) contains an SSRF (Server
Side Requ ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2021-22048 (The vCenter Server contains a privilege escalation
vulnerability in th ...)
NOT-FOR-US: VMware
CVE-2021-22047 (In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5,
and older ...)
@@ -57260,7 +57260,7 @@ CVE-2021-21982 (VMware Carbon Black Cloud Workload
appliance 1.0.0 and 1.01 has
CVE-2021-21981 (VMware NSX-T contains a privilege escalation vulnerability due
to an i ...)
NOT-FOR-US: VMware
CVE-2021-21980 (The vSphere Web Client (FLEX/Flash) contains an unauthorized
arbitrary ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2021-21979 (In Bitnami Containers, all Laravel container versions prior
to: 6.20.0 ...)
NOT-FOR-US: Bitnami Containers
CVE-2021-21978 (VMware View Planner 4.x prior to 4.6 Security Patch 1 contains
a remot ...)
@@ -61699,7 +61699,7 @@ CVE-2021-20852
CVE-2021-20851
RESERVED
CVE-2021-20850 (PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS
4.49 and ea ...)
- TODO: check
+ NOT-FOR-US: PowerCMS
CVE-2021-20849
RESERVED
CVE-2021-20848 (Cross-site scripting vulnerability in rwtxt versions prior to
v1.8.6 a ...)
@@ -61707,19 +61707,19 @@ CVE-2021-20848 (Cross-site scripting vulnerability in
rwtxt versions prior to v1
CVE-2021-20847
RESERVED
CVE-2021-20846 (Cross-site request forgery (CSRF) vulnerability in Push
Notifications ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-20845 (Cross-site request forgery (CSRF) vulnerability in Unlimited
Sitemap G ...)
TODO: check
CVE-2021-20844 (Improper neutralization of HTTP request headers for scripting
syntax v ...)
- TODO: check
+ NOT-FOR-US: RTX830
CVE-2021-20843 (Cross-site script inclusion vulnerability in the Web GUI of
RTX830 Rev ...)
- TODO: check
+ NOT-FOR-US: RTX830
CVE-2021-20842 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2
series 2. ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2021-20841 (Improper access control in Management screen of EC-CUBE 2
series 2.11. ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2021-20840 (Cross-site scripting vulnerability in Booking Package -
Appointment Bo ...)
- TODO: check
+ NOT-FOR-US: Booking Package - Appointment Booking Calendar System
CVE-2021-20839 (Office Server Document Converter V7.2MR4 and earlier and
V7.1MR7 and e ...)
NOT-FOR-US: Office Server Document Converter
CVE-2021-20838 (Office Server Document Converter V7.2MR4 and earlier and
V7.1MR7 and e ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b79d100ebfa76d68b3725518011d71c86c3eca1a...a307440dc28fd3a3b44a88a86e43dc57fe1954e7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b79d100ebfa76d68b3725518011d71c86c3eca1a...a307440dc28fd3a3b44a88a86e43dc57fe1954e7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
