Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9b8d1a56 by Salvatore Bonaccorso at 2021-02-25T21:37:22+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -133,9 +133,9 @@ CVE-2021-27673
CVE-2021-27672
RESERVED
CVE-2021-27671 (An issue was discovered in the comrak crate before 0.9.1 for
Rust. XSS ...)
- TODO: check
+ NOT-FOR-US: comrak rust crate
CVE-2021-27670 (Appspace 6.2.4 allows SSRF via the
api/v1/core/proxy/jsonprequest url ...)
- TODO: check
+ NOT-FOR-US: Appspace
CVE-2021-27669
RESERVED
CVE-2021-27668
@@ -871,7 +871,7 @@ CVE-2021-27332
CVE-2021-27331
RESERVED
CVE-2021-27330 (Triconsole Datepicker Calendar <3.77 is affected by
cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Triconsole Datepicker Calendar
CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS
lookups or ...)
NOT-FOR-US: Friendica
CVE-2021-27328 (Yeastar NeoGate TG400 91.3.0.3 devices are affected by
Directory Trave ...)
@@ -4342,7 +4342,7 @@ CVE-2021-3275
CVE-2021-3274
RESERVED
CVE-2021-3273 (Nagios XI below 5.7 is affected by code injection in the
/nagiosxi/adm ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-3272 (jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a
heap-b ...)
- jasper <removed>
NOTE: https://github.com/jasper-software/jasper/issues/259
@@ -16309,11 +16309,11 @@ CVE-2021-21068
CVE-2021-21067
RESERVED
CVE-2021-21066 (Adobe Bridge version 11.0 (and earlier) is affected by an
out-of-bound ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21065 (Adobe Bridge version 11.0 (and earlier) is affected by an
out-of-bound ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21064 (Magento UPWARD-php version 1.1.4 (and earlier) is affected by
a Path t ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2021-21063 (Acrobat Reader DC versions versions 2020.013.20074 (and
earlier), 2020 ...)
NOT-FOR-US: Adobe
CVE-2021-21062 (Acrobat Reader DC versions versions 2020.013.20074 (and
earlier), 2020 ...)
@@ -24304,7 +24304,7 @@ CVE-2021-1452
CVE-2021-1451
RESERVED
CVE-2021-1450 (A vulnerability in the interprocess communication (IPC) channel
of Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1449
RESERVED
CVE-2021-1448
@@ -24412,13 +24412,13 @@ CVE-2021-1398
CVE-2021-1397
RESERVED
CVE-2021-1396 (Multiple vulnerabilities in Cisco Application Services Engine
could al ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1395
RESERVED
CVE-2021-1394
RESERVED
CVE-2021-1393 (Multiple vulnerabilities in Cisco Application Services Engine
could al ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1392
RESERVED
CVE-2021-1391
@@ -24428,9 +24428,9 @@ CVE-2021-1390
CVE-2021-1389 (A vulnerability in the IPv6 traffic processing of Cisco IOS XR
Softwar ...)
NOT-FOR-US: Cisco
CVE-2021-1388 (A vulnerability in an API endpoint of Cisco ACI Multi-Site
Orchestrato ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1387 (A vulnerability in the network stack of Cisco NX-OS Software
could all ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1386
RESERVED
CVE-2021-1385
@@ -24468,9 +24468,9 @@ CVE-2021-1370 (A vulnerability in a CLI command of
Cisco IOS XR Software for the
CVE-2021-1369
RESERVED
CVE-2021-1368 (A vulnerability in the Unidirectional Link Detection (UDLD)
feature of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1367 (A vulnerability in the Protocol Independent Multicast (PIM)
feature of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1366 (A vulnerability in the interprocess communication (IPC) channel
of Cis ...)
NOT-FOR-US: Cisco
CVE-2021-1365
@@ -24482,7 +24482,7 @@ CVE-2021-1363
CVE-2021-1362
RESERVED
CVE-2021-1361 (A vulnerability in the implementation of an internal file
management s ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1360 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1359
@@ -24742,15 +24742,15 @@ CVE-2021-1233 (A vulnerability in the CLI of Cisco
SD-WAN Software could allow a
CVE-2021-1232
RESERVED
CVE-2021-1231 (A vulnerability in the Link Layer Discovery Protocol (LLDP) for
Nexus ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1230 (A vulnerability with the Border Gateway Protocol (BGP) for
Cisco Nexus ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1229 (A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco
NX-OS S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1228 (A vulnerability in the fabric infrastructure VLAN connection
establish ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1227 (A vulnerability in the NX-API feature of Cisco NX-OS Software
could al ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1226 (A vulnerability in the audit logging component of Cisco Unified
Commun ...)
NOT-FOR-US: Cisco
CVE-2021-1225 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
@@ -39030,7 +39030,7 @@ CVE-2020-23536
CVE-2020-23535
RESERVED
CVE-2020-23534 (A server-side request forgery (SSRF) vulnerability in
Upgrade.php of g ...)
- TODO: check
+ NOT-FOR-US: gopeak masterlab
CVE-2020-23533
RESERVED
CVE-2020-23532
@@ -74738,7 +74738,7 @@ CVE-2020-8903 (A vulnerability in Google Cloud
Platform's guest-oslogin versions
NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
CVE-2020-8902 (Rendertron versions prior to 3.0.0 are are susceptible to a
Server-Sid ...)
- TODO: check
+ NOT-FOR-US: Rendertron
CVE-2020-8901
RESERVED
CVE-2020-8900
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b8d1a56b4a3d8ecece5cbb17ecc2f12823efdd4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b8d1a56b4a3d8ecece5cbb17ecc2f12823efdd4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
