Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9d63323f by Salvatore Bonaccorso at 2021-01-22T12:50:45+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -161,7 +161,7 @@ CVE-2021-3201 CVE-2021-3200 RESERVED CVE-2021-3199 (Directory traversal with remote code execution can occur in /upload in ...) - TODO: check + NOT-FOR-US: ONLYOFFICE Document Server CVE-2021-3198 RESERVED CVE-2021-25899 @@ -607,9 +607,9 @@ CVE-2021-25680 CVE-2021-25679 RESERVED CVE-2020-36201 (An issue was discovered in certain Xerox WorkCentre products. They do ...) - TODO: check + NOT-FOR-US: Xerox CVE-2019-25015 (LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafte ...) - TODO: check + NOT-FOR-US: LuCI in OpenWrt CVE-2021-3197 RESERVED CVE-2021-3196 @@ -714,9 +714,9 @@ CVE-2021-25644 CVE-2021-25643 RESERVED CVE-2020-36200 (TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated ...) - TODO: check + NOT-FOR-US: TinyCheck CVE-2020-36199 (TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command ...) - TODO: check + NOT-FOR-US: TinyCheck CVE-2021-25642 RESERVED CVE-2021-25641 @@ -6463,11 +6463,11 @@ CVE-2021-22875 CVE-2021-22874 RESERVED CVE-2021-22873 (Revive Adserver before 5.1.0 is vulnerable to open redirects via the ` ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2021-22872 (Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site s ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2021-22871 (Revive Adserver before 5.1.0 permits any user with a manager account t ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2021-22870 RESERVED CVE-2021-22869 @@ -10421,7 +10421,7 @@ CVE-2020-35755 CVE-2020-35754 RESERVED CVE-2020-35753 (The job posting recommendation form in Persis Human Resource Managemen ...) - TODO: check + NOT-FOR-US: Persis Human Resource Management Portal CVE-2020-35752 RESERVED CVE-2020-35751 @@ -18584,7 +18584,7 @@ CVE-2020-28876 CVE-2020-28875 RESERVED CVE-2020-28874 (reset-password.php in ProjectSend before r1295 allows remote attackers ...) - TODO: check + NOT-FOR-US: ProjectSend CVE-2020-28873 RESERVED CVE-2020-28872 @@ -23637,7 +23637,7 @@ CVE-2020-27861 CVE-2020-27860 RESERVED CVE-2020-27859 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: NEC ESMPRO Manager CVE-2020-27858 (This vulnerability allows remote attackers to disclose sensitive infor ...) TODO: check CVE-2020-27857 @@ -27764,7 +27764,7 @@ CVE-2020-26297 (mdBook is a utility to create modern online books from Markdown CVE-2020-26296 (Vega is a visualization grammar, a declarative format for creating, sa ...) NOT-FOR-US: Node vega CVE-2020-26295 (OpenMage is a community-driven alternative to Magento CE. In OpenMage ...) - TODO: check + NOT-FOR-US: OpenMage CVE-2020-26294 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) NOT-FOR-US: Vela CVE-2020-26293 (HtmlSanitizer is a .NET library for cleaning HTML fragments and docume ...) @@ -27784,7 +27784,7 @@ CVE-2020-26287 (HedgeDoc is a collaborative platform for writing and sharing mar CVE-2020-26286 (HedgeDoc is a collaborative platform for writing and sharing markdown. ...) NOT-FOR-US: HedgeDoc CVE-2020-26285 (OpenMage is a community-driven alternative to Magento CE. In OpenMage ...) - TODO: check + NOT-FOR-US: OpenMage CVE-2020-26284 (Hugo is a fast and Flexible Static Site Generator built in Go. Hugo de ...) - hugo 0.79.1-1 (unimportant) NOTE: https://github.com/gohugoio/hugo/security/advisories/GHSA-8j34-9876-pvfq @@ -27877,7 +27877,7 @@ CVE-2020-26254 (omniauth-apple is the OmniAuth strategy for "Sign In with Apple" CVE-2020-26253 (Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and ...) NOT-FOR-US: Kirby CMS CVE-2020-26252 (OpenMage is a community-driven alternative to Magento CE. In OpenMage ...) - TODO: check + NOT-FOR-US: OpenMage CVE-2020-26251 (Open Zaak is a modern, open-source data- and services-layer to enable ...) NOT-FOR-US: Open Zaak CVE-2020-26250 (OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthent ...) @@ -31936,7 +31936,7 @@ CVE-2020-24551 (IProom MMC+ Server login page does not validate specific paramet CVE-2020-24550 RESERVED CVE-2020-24549 (openMAINT before 1.1-2.4.2 allows remote authenticated users to run ar ...) - TODO: check + NOT-FOR-US: openMAINT CVE-2020-24548 (Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSR ...) NOT-FOR-US: Ericom CVE-2020-24547 @@ -38828,9 +38828,9 @@ CVE-2020-21149 CVE-2020-21148 RESERVED CVE-2020-21147 (RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerabilit ...) - TODO: check + NOT-FOR-US: RockOA CVE-2020-21146 (Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerabil ...) - TODO: check + NOT-FOR-US: Feehi CMS CVE-2020-21145 RESERVED CVE-2020-21144 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d63323feda91e6d5bf6ce8251cad5f454263df7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d63323feda91e6d5bf6ce8251cad5f454263df7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits