Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1dc92906 by Moritz Muehlenhoff at 2021-03-16T14:22:40+01:00
NFUs
- - - - -
2326b6c9 by Moritz Muehlenhoff at 2021-03-16T14:23:39+01:00
NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1577,7 +1577,7 @@ CVE-2021-27819
CVE-2021-27818
RESERVED
CVE-2021-27817 (A remote command execution vulnerability in shopxo 1.9.3
allows an att ...)
- TODO: check
+ NOT-FOR-US: shopxo
CVE-2021-27816
RESERVED
CVE-2021-27815
@@ -2520,9 +2520,9 @@ CVE-2021-27383
CVE-2021-27382
RESERVED
CVE-2021-27381 (A vulnerability has been identified in Solid Edge SE2020 (All
Versions ...)
- TODO: check
+ NOT-FOR-US: Solid Edge SE2020
CVE-2021-27380 (A vulnerability has been identified in Solid Edge SE2020 (All
Versions ...)
- TODO: check
+ NOT-FOR-US: Solid Edge SE2020
CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86
Intel HVM ...)
- xen 4.14.0+80-gd101b417b7-1
[stretch] - xen <not-affected> (Incomplete fix for CVE-2020-15565 not
applied)
@@ -2840,7 +2840,7 @@ CVE-2021-27232 (The RTSPLive555.dll ActiveX control in
Pelco Digital Sentry Serv
CVE-2021-27231 (Hestia Control Panel through 1.3.3, in a shared-hosting
environment, s ...)
NOT-FOR-US: Hestia Control Panel
CVE-2021-27230 (ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP
Code Inj ...)
- TODO: check
+ NOT-FOR-US: ExpressionEngine
CVE-2021-27229 (Mumble before 1.3.4 allows remote code execution if a victim
navigates ...)
{DLA-2562-1}
- mumble 1.3.4-1 (bug #982904)
@@ -3380,7 +3380,7 @@ CVE-2021-26989 (Clustered Data ONTAP versions prior to
9.3P21, 9.5P16, 9.6P12, 9
CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12,
9.7P8 a ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2021-26987 (Element Plug-in for vCenter Server incorporates SpringBoot
Framework. ...)
- TODO: check
+ NOT-FOR-US: Element Plug-in for vCenter Server
CVE-2021-26986
RESERVED
CVE-2021-26985
@@ -3560,9 +3560,9 @@ CVE-2021-26925 (Roundcube before 1.4.11 allows XSS via
crafted Cascading Style S
NOTE: https://roundcube.net/news/2021/02/08/security-update-1.4.11
NOTE:
https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596
CVE-2021-26924 (An issue was discovered in Argo CD before 1.8.4. Browser XSS
protectio ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2021-26923 (An issue was discovered in Argo CD before 1.8.4. Accessing the
endpoin ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2021-26922
RESERVED
CVE-2021-26921 (In util/session/sessionmanager.go in Argo CD before 1.8.4,
tokens cont ...)
@@ -6767,13 +6767,13 @@ CVE-2021-25678
CVE-2021-25677
RESERVED
CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224
(V6.3), SCALAN ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-25675 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4
(All ver ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-25674 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4
(All ver ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-25673 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4
(All ver ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-25672 (A vulnerability has been identified in Mendix Forgot Password
Appstore ...)
NOT-FOR-US: Mendix Forgot Password Appstore module
CVE-2021-25671
@@ -6785,7 +6785,7 @@ CVE-2021-25669
CVE-2021-25668
RESERVED
CVE-2021-25667 (A vulnerability has been identified in RUGGEDCOM RM1224 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740
(IEEE 80 ...)
NOT-FOR-US: Siemens
CVE-2021-25665
@@ -7915,7 +7915,7 @@ CVE-2021-3152 (** DISPUTED ** Home Assistant before
2021.1.3 does not have a pro
CVE-2021-3151 (i-doit before 1.16.0 is affected by Stored Cross-Site Scripting
(XSS) ...)
NOT-FOR-US: i-doit
CVE-2021-3150 (A cross-site scripting (XSS) vulnerability on the Delete
Personal Data ...)
- TODO: check
+ NOT-FOR-US: Cryptshare Server
CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices,
/usr/local/webmin/System/manual_ ...)
NOT-FOR-US: Netshield NANO devices
CVE-2021-3148 (An issue was discovered in SaltStack Salt before 3002.5.
Sending craft ...)
@@ -10299,7 +10299,7 @@ CVE-2021-24033 (react-dev-utils prior to v11.0.4
exposes a function, getProcessF
CVE-2021-24030 (The fbgames protocol handler registered as part of Facebook
Gameroom d ...)
NOT-FOR-US: Facebook Gameroom
CVE-2021-24029 (A packet of death scenario is possible in mvfst via a
specially crafte ...)
- TODO: check
+ NOT-FOR-US: mvfst
CVE-2021-24028
RESERVED
CVE-2021-24027
@@ -10675,6 +10675,7 @@ CVE-2021-25900 (An issue was discovered in the smallvec
crate before 0.6.14 and
NOTE: https://github.com/servo/rust-smallvec/issues/252
CVE-2021-3127
RESERVED
+ NOT-FOR-US: nats-server
CVE-2021-3126
RESERVED
CVE-2021-23896
@@ -11811,11 +11812,11 @@ CVE-2021-23359
CVE-2021-23358
RESERVED
CVE-2021-23357 (All versions of package github.com/tyktechnologies/tyk/gateway
are vul ...)
- TODO: check
+ NOT-FOR-US: tyk/gateway
CVE-2021-23356 (This affects all versions of package kill-process-by-name. If
(attacke ...)
- TODO: check
+ NOT-FOR-US: Node kill-process-by-name
CVE-2021-23355 (This affects all versions of package ps-kill. If
(attacker-controlled) ...)
- TODO: check
+ NOT-FOR-US: Node ps-kill
CVE-2021-23354 (The package printf before 0.6.1 are vulnerable to Regular
Expression D ...)
NOT-FOR-US: Node printf
CVE-2021-23353 (This affects the package jspdf before 2.3.1. ReDoS is possible
via the ...)
@@ -17295,11 +17296,11 @@ CVE-2021-21364 (swagger-codegen is an open-source
project which contains a templ
CVE-2021-21363 (swagger-codegen is an open-source project which contains a
template-dr ...)
- swagger-codegen <itp> (bug #950318)
CVE-2021-21362 (MinIO is an open-source high performance object storage
service and it ...)
- TODO: check
+ NOT-FOR-US: MinIO
CVE-2021-21361 (The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin
contains an inf ...)
- TODO: check
+ NOT-FOR-US: gradle-vagrant-plugin
CVE-2021-21360 (Products.GenericSetup is a mini-framework for expressing the
configure ...)
- TODO: check
+ NOT-FOR-US: Products.GenericSetup
CVE-2021-21359
RESERVED
CVE-2021-21358
@@ -20583,7 +20584,7 @@ CVE-2021-20078
CVE-2021-20077
RESERVED
CVE-2021-20076 (Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0
were fou ...)
- TODO: check
+ NOT-FOR-US: Tenable
CVE-2021-20075 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that
allows for pr ...)
NOT-FOR-US: Racom's MIDGE Firmware
CVE-2021-20074 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that
allows users ...)
@@ -27713,11 +27714,11 @@ CVE-2020-28389
CVE-2020-28388 (A vulnerability has been identified in Nucleus NET (All
versions < ...)
NOT-FOR-US: Siemens
CVE-2020-28387 (A vulnerability has been identified in Solid Edge SE2020 (All
Versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-28386 (A vulnerability has been identified in Solid Edge SE2020 (All
Versions ...)
NOT-FOR-US: Siemens
CVE-2020-28385 (A vulnerability has been identified in Solid Edge SE2020 (All
Versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-28384 (A vulnerability has been identified in Solid Edge SE2020 (All
Versions ...)
NOT-FOR-US: Siemens
CVE-2020-28383 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
@@ -32003,7 +32004,7 @@ CVE-2020-27545
CVE-2020-27544
RESERVED
CVE-2020-27543 (The restify-paginate package 0.0.5 for Node.js allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Node restify-paginate
CVE-2020-27542 (Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command
injection. ...)
NOT-FOR-US: Rostelecom CS-C2SHW
CVE-2020-27541 (Denial of Service vulnerability in Rostelecom CS-C2SHW
5.0.082.1. Agen ...)
@@ -32518,7 +32519,7 @@ CVE-2020-27292
CVE-2020-27291 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is
vulnerable t ...)
NOT-FOR-US: Delta Electronics CNCSoft-B
CVE-2020-27290 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and
prior, an inf ...)
- TODO: check
+ NOT-FOR-US: Hamilton Medical
CVE-2020-27289 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a
null poin ...)
NOT-FOR-US: Delta Electronics CNCSoft-B
CVE-2020-27288 (An untrusted pointer dereference has been identified in the
way TPEdit ...)
@@ -32534,7 +32535,7 @@ CVE-2020-27284 (TPEditor (v1.98 and prior) is
vulnerable to two out-of-bounds wr
CVE-2020-27283 (An attacker could send a specially crafted message to Crimson
3.1 (Bui ...)
NOT-FOR-US: Crimson
CVE-2020-27282 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and
prior, an XML ...)
- TODO: check
+ NOT-FOR-US: Hamilton Medical
CVE-2020-27281 (A stack-based buffer overflow may exist in Delta Electronics
CNCSoft S ...)
NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor
CVE-2020-27280 (A use after free issue has been identified in the way
ISPSoft(v3.12 an ...)
@@ -32542,7 +32543,7 @@ CVE-2020-27280 (A use after free issue has been
identified in the way ISPSoft(v3
CVE-2020-27279 (A NULL pointer deference vulnerability has been identified in
the prot ...)
NOT-FOR-US: Crimson
CVE-2020-27278 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and
prior, hard-c ...)
- TODO: check
+ NOT-FOR-US: Hamilton Medical
CVE-2020-27277 (Delta Electronics DOPSoft Version 4.0.8.21 and prior has a
null pointe ...)
NOT-FOR-US: Delta Electronics DOPSoft
CVE-2020-27276 (SOOIL Developments Co Ltd DiabecareRS,AnyDana-i &
AnyDana-A, the c ...)
@@ -32648,7 +32649,7 @@ CVE-2020-27227
CVE-2020-27226
RESERVED
CVE-2020-27225 (In versions 4.18 and earlier of the Eclipse Platform, the Help
Subsyst ...)
- TODO: check
+ - eclipse <removed>
CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the
Markdown Prev ...)
NOT-FOR-US: Eclipse Theia
CVE-2020-27223 (In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114
(inclusive), 10.0 ...)
@@ -37412,17 +37413,17 @@ CVE-2020-25243
CVE-2020-25242
RESERVED
CVE-2020-25241 (A vulnerability has been identified in SIMATIC MV400 family
(All Versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-25240 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-25239 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-25238 (A vulnerability has been identified in PCS neo (Administration
Console ...)
NOT-FOR-US: Siemens
CVE-2020-25237 (A vulnerability has been identified in SINEC NMS (All versions
< V1 ...)
NOT-FOR-US: Siemens
CVE-2020-25236 (A vulnerability has been identified in LOGO! 8 BM (incl.
SIPLUS varian ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-25235 (A vulnerability has been identified in LOGO! 8 BM (incl.
SIPLUS varian ...)
NOT-FOR-US: Siemens
CVE-2020-25234 (A vulnerability has been identified in LOGO! 8 BM (incl.
SIPLUS varian ...)
@@ -38026,13 +38027,13 @@ CVE-2020-24987 (Tenda AC18 Router through
V15.03.05.05_EN and through V15.03.05.
CVE-2020-24986 (Concrete5 up to and including 8.5.2 allows Unrestricted Upload
of File ...)
NOT-FOR-US: Concrete5
CVE-2020-24985 (An issue was discovered in Quadbase EspressReports ES 7 Update
9. An a ...)
- TODO: check
+ NOT-FOR-US: Quadbase EspressReports
CVE-2020-24984 (An issue was discovered in Quadbase EspressReports ES 7 Update
9. It a ...)
NOT-FOR-US: Quadbase EspressReports
CVE-2020-24983 (An issue was discovered in Quadbase EspressReports ES 7 Update
9. An u ...)
NOT-FOR-US: Quadbase EspressReports
CVE-2020-24982 (An issue was discovered in Quadbase ExpressDashboard (EDAB) 7
Update 9 ...)
- TODO: check
+ NOT-FOR-US: Quadbase EspressDashboard
CVE-2020-24981 (An Incorrect Access Control vulnerability exists in
/ucms/chk.php in U ...)
NOT-FOR-US: UCMS
CVE-2020-24980
@@ -38188,11 +38189,11 @@ CVE-2020-24916 (CGI implementation in Yaws web server
versions 1.81 to 2.0.7 is
CVE-2020-24915
RESERVED
CVE-2020-24914 (A PHP object injection bug in profile.php in qcubed (all
versions incl ...)
- TODO: check
+ NOT-FOR-US: qcubed
CVE-2020-24913 (A SQL injection vulnerability in qcubed (all versions
including 3.1.1) ...)
- TODO: check
+ NOT-FOR-US: qcubed
CVE-2020-24912 (A reflected cross-site scripting (XSS) vulnerability in qcubed
(all ve ...)
- TODO: check
+ NOT-FOR-US: qcubed
CVE-2020-24911
RESERVED
CVE-2020-24910
@@ -73046,7 +73047,7 @@ CVE-2020-10521
CVE-2020-10520
RESERVED
CVE-2020-10519 (A remote code execution vulnerability was identified in GitHub
Enterpr ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2020-10518 (A remote code execution vulnerability was identified in GitHub
Enterpr ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2020-10517 (An improper access control vulnerability was identified in
GitHub Ente ...)
@@ -78374,7 +78375,7 @@ CVE-2020-8300
CVE-2020-8299
RESERVED
CVE-2020-8298 (fs-path node module before 0.0.25 is vulnerable to command
injection b ...)
- TODO: check
+ NOT-FOR-US: Node fs-path
CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct
object ref ...)
NOT-FOR-US: Nextcloud Deck
CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a
recoverable for ...)
@@ -95626,17 +95627,17 @@ CVE-2020-1923
CVE-2020-1922
RESERVED
CVE-2020-1921 (In the crypt function, we attempt to null terminate a buffer
using the ...)
- TODO: check
+ - hhvm <removed>
CVE-2020-1920
RESERVED
CVE-2020-1919 (Incorrect bounds calculations in substr_compare could lead to
an out-o ...)
- TODO: check
+ - hhvm <removed>
CVE-2020-1918 (In-memory file operations (ie: using fopen on a data URI) did
not prop ...)
- TODO: check
+ - hhvm <removed>
CVE-2020-1917 (xbuf_format_converter, used as part of exif_read_data, was
appending a ...)
- TODO: check
+ - hhvm <removed>
CVE-2020-1916 (An incorrect size calculation in ldap_escape may lead to an
integer ov ...)
- TODO: check
+ - hhvm <removed>
CVE-2020-1915 (An out-of-bounds read in the JavaScript Interpreter in Facebook
Hermes ...)
NOT-FOR-US: Facebook Hermes
CVE-2020-1914 (A logic vulnerability when handling the SaveGeneratorLong
instruction ...)
@@ -95668,11 +95669,11 @@ CVE-2020-1902 (A user running a quick search on a
highly forwarded message on Wh
CVE-2020-1901 (Receiving a large text message containing URLs in WhatsApp for
iOS pri ...)
NOT-FOR-US: WhatsApp
CVE-2020-1900 (When unserializing an object with dynamic properties HHVM needs
to pre ...)
- TODO: check
+ - hhvm <removed>
CVE-2020-1899 (The unserialize() function supported a type code, "S", which
was meant ...)
- TODO: check
+ - hhvm <removed>
CVE-2020-1898 (The fb_unserialize function did not impose a depth limit for
nested de ...)
- TODO: check
+ - hhvm <removed>
CVE-2020-1897 (A use-after-free is possible due to an error in lifetime
management in ...)
NOT-FOR-US: Facebook Proxygen
CVE-2020-1896 (A stack overflow vulnerability in Facebook Hermes 'builtin
apply' prio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7ac5d178b243580aea3f6c91637511aa235d057d...2326b6c9b5a7b53e9bbe9f44e1307075c46fc3d0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7ac5d178b243580aea3f6c91637511aa235d057d...2326b6c9b5a7b53e9bbe9f44e1307075c46fc3d0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
