Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 34c72bc7 by Moritz Muehlenhoff at 2021-03-22T09:34:42+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -9,9 +9,9 @@ CVE-2021-28959 CVE-2021-28958 RESERVED CVE-2021-28956 (** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka S ...) - TODO: check + NOT-FOR-US: vscode-sass-lint CVE-2021-28955 (git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will ...) - TODO: check + NOT-FOR-US: git-bug CVE-2021-28954 (In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary ...) NOT-FOR-US: Chris Walz bit CVE-2021-28953 (The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual S ...) @@ -363,7 +363,7 @@ CVE-2021-28798 CVE-2021-28797 RESERVED CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. ...) - TODO: check + NOT-FOR-US: Increments Qiita::Markdown CVE-2021-28795 RESERVED CVE-2021-28794 (The unofficial ShellCheck extension before 0.13.4 for Visual Studio Co ...) @@ -591,7 +591,7 @@ CVE-2021-28683 CVE-2021-28682 RESERVED CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...) - TODO: check + NOT-FOR-US: Pion WebRTC CVE-2021-28680 RESERVED CVE-2021-28679 @@ -4580,7 +4580,7 @@ CVE-2021-3403 (In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c al CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when ...) NOT-FOR-US: ReplaySorcery CVE-2021-26935 (In WoWonder < 3.1, remote attackers can gain access to the database ...) - TODO: check + NOT-FOR-US: WoWonder CVE-2021-26934 (An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...) - linux <unfixed> (unimportant) [stretch] - linux <not-affected> (Vulnerable code not present) @@ -6173,7 +6173,7 @@ CVE-2021-3329 CVE-2021-3328 RESERVED CVE-2021-3327 (Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_t ...) - TODO: check + NOT-FOR-US: Ovation Dynamic Content CVE-2021-26294 (An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail ...) NOT-FOR-US: AfterLogic Aurora CVE-2021-26293 (An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail ...) @@ -6213,7 +6213,7 @@ CVE-2021-26277 CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka C ...) NOT-FOR-US: GoDaddy node-config-shield CVE-2021-26275 (** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 ...) - TODO: check + NOT-FOR-US: eslint-fixer CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, a ...) NOT-FOR-US: Atlassian CVE-2020-36239 @@ -7064,7 +7064,7 @@ CVE-2021-25918 CVE-2021-25917 RESERVED CVE-2021-25916 (Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 throu ...) - TODO: check + NOT-FOR-US: Node patchmerge CVE-2021-25915 (Prototype pollution vulnerability in 'changeset' versions 0.0.1 throug ...) NOT-FOR-US: changeset CVE-2021-25914 (Prototype pollution vulnerability in 'object-collider' versions 1.0.0 ...) @@ -12880,9 +12880,9 @@ CVE-2021-23362 CVE-2021-23361 RESERVED CVE-2021-23360 (This affects the package killport before 1.0.2. If (attacker-controlle ...) - TODO: check + NOT-FOR-US: Node killport CVE-2021-23359 (This affects all versions of package port-killer. If (attacker-control ...) - TODO: check + NOT-FOR-US: Node port-killer CVE-2021-23358 RESERVED CVE-2021-23357 (All versions of package github.com/tyktechnologies/tyk/gateway are vul ...) @@ -18323,7 +18323,7 @@ CVE-2021-21386 CVE-2021-21385 RESERVED CVE-2021-21384 (shescape is a simple shell escape package for JavaScript. In shescape ...) - TODO: check + NOT-FOR-US: shescape CVE-2021-21383 (Wiki.js an open-source wiki app built on Node.js. Wiki.js before versi ...) NOT-FOR-US: Wiki.js CVE-2021-21382 @@ -26589,7 +26589,7 @@ CVE-2020-28875 CVE-2020-28874 (reset-password.php in ProjectSend before r1295 allows remote attackers ...) NOT-FOR-US: ProjectSend CVE-2020-28873 (Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability b ...) - TODO: check + NOT-FOR-US: Fluxbb CVE-2020-28872 RESERVED CVE-2020-28871 (Remote code execution in Monitorr v1.7.6m in upload.php allows an unau ...) @@ -63426,7 +63426,7 @@ CVE-2020-13967 CVE-2020-13966 RESERVED CVE-2020-13963 (SOPlanning before 1.47 has Incorrect Access Control because certain se ...) - TODO: check + NOT-FOR-US: SOPlanning CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 ...) - qtbase-opensource-src 5.14.2+dfsg-6 [buster] - qtbase-opensource-src <not-affected> (Only affects 5.12.2 and later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34c72bc71cb92040cbb7e94cbb4800a70ad4f740 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34c72bc71cb92040cbb7e94cbb4800a70ad4f740 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits