Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2ff0919f by Neil Williams at 2022-06-01T11:02:14+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -50564,7 +50564,7 @@ CVE-2021-40188 (PHPFusion 9.03.110 is affected by an
arbitrary file upload vulne
CVE-2021-40187
RESERVED
CVE-2021-40186 (The AppCheck research team identified a Server-Side Request
Forgery (S ...)
- TODO: check
+ NOT-FOR-US: DNN
CVE-2021-40185
RESERVED
CVE-2021-40184
@@ -58844,7 +58844,7 @@ CVE-2021-36892
CVE-2021-36891
RESERVED
CVE-2021-36890 (Cross-Site Request Forgery (CSRF) vulnerability in Social
Share Button ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36889 (Multiple Stored Authenticated Cross-Site Scripting (XSS)
vulnerabiliti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading
to full ...)
@@ -58892,7 +58892,7 @@ CVE-2021-36868
CVE-2021-36867 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander
Ustimenko ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36866 (Authenticated (author or higher role) Stored Cross-Site
Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36865
RESERVED
CVE-2021-36864
@@ -67000,7 +67000,7 @@ CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before
2.0.5963-1 does not ensu
CVE-2021-33505 (A local malicious user can circumvent the Falco detection
engine throu ...)
- falco <itp> (bug #842306)
CVE-2021-33504 (Couchbase Server before 7.1.0 has Incorrect Access Control.
...)
- TODO: check
+ NOT-FOR-US: Couchbase Server
CVE-2021-33503 (An issue was discovered in urllib3 before 1.26.5. When
provided with a ...)
- python-urllib3 1.26.5-1~exp1 (bug #989848)
[buster] - python-urllib3 <no-dsa> (Minor issue)
@@ -69504,7 +69504,7 @@ CVE-2021-32548 (It was discovered that read_file() in
apport/hookutils.py would
CVE-2021-32547 (It was discovered that read_file() in apport/hookutils.py
would follow ...)
NOT-FOR-US: Apport
CVE-2021-32546 (Missing input validation in internal/db/repo_editor.go in Gogs
before ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2021-32545 (Pexip Infinity before 26 allows remote denial of service
because of mi ...)
NOT-FOR-US: Pexip Infinity
CVE-2021-32544 (Special characters of IGT search function in igt+ are not
filtered in ...)
@@ -82082,7 +82082,7 @@ CVE-2021-27780 (The software may be vulnerable to both
Un-Auth XML interaction a
CVE-2021-27779 (VersionVault Express exposes sensitive information that an
attacker ca ...)
NOT-FOR-US: HCL
CVE-2021-27778 (HCL Traveler is vulnerable to a cross-site scripting (XSS)
caused by i ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2021-27777 (XML External Entity (XXE) injection vulnerabilities occur when
poorly ...)
NOT-FOR-US: HCL
CVE-2021-27776
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ff0919fc0c786bbf9f01a9ce9d7b2a05349e9d0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ff0919fc0c786bbf9f01a9ce9d7b2a05349e9d0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
