Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
081ba4b7 by Moritz Muehlenhoff at 2021-12-24T23:45:20+01:00
consul n/a
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -323,7 +323,7 @@ CVE-2022-21155
CVE-2022-21137
RESERVED
CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for
Node.js ...)
- TODO: check
+ NOT-FOR-US: Node windows
CVE-2021-4154 [cgroup: verify that source is a string]
RESERVED
- linux 5.14.6-1
@@ -1790,7 +1790,7 @@ CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is
vulnerable to stored cross
CVE-2021-4119 (bookstack is vulnerable to Improper Access Control ...)
NOT-FOR-US: bookstack
CVE-2021-4118 (pytorch-lightning is vulnerable to Deserialization of Untrusted
Data ...)
- TODO: check
+ NOT-FOR-US: pytorch-lightning
CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors ...)
NOT-FOR-US: yetiforcecrm
CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input
During ...)
@@ -3068,7 +3068,7 @@ CVE-2021-4074
CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for
unauthenti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During
Web Page ...)
- TODO: check
+ NOT-FOR-US: elgg
CVE-2021-4071
RESERVED
CVE-2021-44674
@@ -3324,7 +3324,7 @@ CVE-2021-44550
CVE-2021-4070
RESERVED
CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on
top of ...)
- TODO: check
+ NOT-FOR-US: Apache Sling
CVE-2021-4069 (vim is vulnerable to Use After Free ...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/
@@ -5479,7 +5479,7 @@ CVE-2021-43854 (NLTK (Natural Language Toolkit) is a
suite of open source Python
NOTE: https://github.com/nltk/nltk/pull/2869
NOTE:
https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341
(3.6.6)
CVE-2021-43853 (Ajax.NET Professional (AjaxPro) is an AJAX framework available
for Mic ...)
- TODO: check
+ NOT-FOR-US: Ajax.NET Professional
CVE-2021-43852
RESERVED
CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking
applicat ...)
@@ -5487,19 +5487,19 @@ CVE-2021-43851 (Anuko Time Tracker is an open source,
web-based time tracking ap
CVE-2021-43850
RESERVED
CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single
and simpl ...)
- TODO: check
+ NOT-FOR-US: cordova-plugin-fingerprint-aio
CVE-2021-43848
RESERVED
CVE-2021-43847 (HumHub is an open-source social network kit written in PHP.
Prior to H ...)
NOT-FOR-US: HumHub Social Network Kit Enterprise
CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus
e-commer ...)
- TODO: check
+ NOT-FOR-US: solidus_frontend
CVE-2021-43845
RESERVED
CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets,
weather, a ...)
NOT-FOR-US: MSEdgeRedirect
CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack
block kit s ...)
- TODO: check
+ NOT-FOR-US: jsx-slack
CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions
2.5.257 and e ...)
NOT-FOR-US: Wiki.js
CVE-2021-43841
@@ -5509,7 +5509,7 @@ CVE-2021-43840 (message_bus is a messaging bus for Ruby
processes and web client
CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In
Cronos nodes ...)
NOT-FOR-US: Cronos
CVE-2021-43838 (jsx-slack is a library for building JSON objects for Slack
Block Kit s ...)
- TODO: check
+ NOT-FOR-US: jsx-slack
CVE-2021-43837 (vault-cli is a configurable command-line interface tool (and
python li ...)
TODO: check
CVE-2021-43836 (Sulu is an open-source PHP content management system based on
the Symf ...)
@@ -5523,7 +5523,7 @@ CVE-2021-43833 (eLabFTW is an electronic lab notebook
manager for research teams
CVE-2021-43832
RESERVED
CVE-2021-43831 (Gradio is an open source framework for building interactive
machine le ...)
- TODO: check
+ NOT-FOR-US: gradio
CVE-2021-43830 (OpenProject is a web-based project management software.
OpenProject ve ...)
NOT-FOR-US: OpenProject
CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating
Security ...)
@@ -5531,7 +5531,7 @@ CVE-2021-43829 (PatrOwl is a free and open-source
solution for orchestrating Sec
CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating
Security ...)
NOT-FOR-US: PatrOwl
CVE-2021-43827 (discourse-footnote is a library providing footnotes for posts
in Disco ...)
- TODO: check
+ NOT-FOR-US: discourse-footnote
CVE-2021-43826
RESERVED
CVE-2021-43825
@@ -13533,9 +13533,8 @@ CVE-2021-41807
CVE-2021-41806
RESERVED
CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before
1.9.11, and 1. ...)
- - consul <unfixed>
+ - consul <not-affected> (Only affects Consul Enterprise)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871
- TODO: check details, fixing commit
CVE-2021-41804
RESERVED
CVE-2021-41803
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/081ba4b75e0e5075ee6381732a3becce20217c56
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/081ba4b75e0e5075ee6381732a3becce20217c56
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
