Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 18cc00d8 by Salvatore Bonaccorso at 2021-08-19T07:41:42+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -17270,7 +17270,7 @@ CVE-2021-31822 CVE-2021-31821 RESERVED CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server Web Req ...) - TODO: check + NOT-FOR-US: Octopus Server CVE-2021-31819 RESERVED CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL ...) @@ -26010,7 +26010,7 @@ CVE-2021-28373 (The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 20 NOTE: Introduced by: https://git.tt-rss.org/fox/tt-rss/commit/3fd785654372d493c031d9b541ab33a881023a32 NOTE: Fixed by: https://git.tt-rss.org/fox/tt-rss/commit/4949e1a59059d9e72ba7a98f783cec312c06c6d2 CVE-2021-28372 (ThroughTek's Kalay Platform 2.0 network allows an attacker to imperson ...) - TODO: check + NOT-FOR-US: ThroughTek CVE-2021-28371 RESERVED CVE-2021-28370 @@ -41404,9 +41404,9 @@ CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine o CVE-2021-21869 RESERVED CVE-2021-21868 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...) - TODO: check + NOT-FOR-US: CODESYS CVE-2021-21867 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...) - TODO: check + NOT-FOR-US: CODESYS CVE-2021-21866 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...) NOT-FOR-US: CODESYS CVE-2021-21865 (A unsafe deserialization vulnerability exists in the PackageManagement ...) @@ -41490,7 +41490,7 @@ CVE-2021-21827 CVE-2021-21826 RESERVED CVE-2021-21825 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) - TODO: check + NOT-FOR-US: AT&T Labs Xmill CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 ...) NOT-FOR-US: Accusoft ImageGear CVE-2021-21823 @@ -41520,7 +41520,7 @@ CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the comman CVE-2021-21811 RESERVED CVE-2021-21810 (A memory corruption vulnerability exists in the XML-parsing ParseAttri ...) - TODO: check + NOT-FOR-US: AT&T Labs Xmill CVE-2021-21809 (A command execution vulnerability exists in the default legacy spellch ...) NOT-FOR-US: Moodle plugin CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_proces ...) @@ -56799,7 +56799,7 @@ CVE-2020-28148 CVE-2020-28147 RESERVED CVE-2020-28146 (Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and ...) - TODO: check + NOT-FOR-US: Eyoucms CVE-2020-28145 RESERVED CVE-2020-28144 (Certain Moxa Inc products are affected by an improper restriction of o ...) @@ -62823,11 +62823,11 @@ CVE-2020-25930 CVE-2020-25929 RESERVED CVE-2020-25928 (The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: ...) - TODO: check + NOT-FOR-US: InterNiche NicheStack TCP/IP CVE-2020-25927 (The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: ...) - TODO: check + NOT-FOR-US: InterNiche NicheStack TCP/IP CVE-2020-25926 (The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: I ...) - TODO: check + NOT-FOR-US: InterNiche NicheStack TCP/IP CVE-2020-25925 (Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10 ...) NOT-FOR-US: IceWarp CVE-2020-25924 @@ -63215,7 +63215,7 @@ CVE-2020-25769 CVE-2020-25768 (Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 hav ...) NOT-FOR-US: Contao CMS CVE-2020-25767 (An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_c ...) - TODO: check + NOT-FOR-US: HCC Embedded NicheStack CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...) NOT-FOR-US: MISP CVE-2020-25765 (Addressed remote code execution vulnerability in reg_device.php due to ...) @@ -68880,7 +68880,7 @@ CVE-2020-23343 CVE-2020-23342 (A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/ed ...) NOT-FOR-US: Anchor CMS CVE-2020-23341 (A reflected cross site scripting (XSS) vulnerability in the /header.tm ...) - TODO: check + NOT-FOR-US: ATutor CVE-2020-23340 RESERVED CVE-2020-23339 @@ -68894,7 +68894,7 @@ CVE-2020-23336 CVE-2020-23335 RESERVED CVE-2020-23334 (A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTer ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2020-23333 (A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom ...) NOT-FOR-US: Bento4 CVE-2020-23332 (A heap-based buffer overflow exists in the AP4_StdcFileByteStream::Rea ...) @@ -71371,15 +71371,15 @@ CVE-2020-22126 CVE-2020-22125 RESERVED CVE-2020-22124 (A vulnerability in the \inc\config.php component of joyplus-cms v1.6 a ...) - TODO: check + NOT-FOR-US: joyplus-cms CVE-2020-22123 RESERVED CVE-2020-22122 (A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a ...) - TODO: check + NOT-FOR-US: LJCMS CVE-2020-22121 RESERVED CVE-2020-22120 (A remote code execution (RCE) vulnerability in /root/run/adm.php?admin ...) - TODO: check + NOT-FOR-US: imcat CVE-2020-22119 RESERVED CVE-2020-22118 @@ -76476,7 +76476,7 @@ CVE-2020-19671 CVE-2020-19670 (In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication ca ...) NOT-FOR-US: Niushop B2B2C Multi-Business Basic Edition CVE-2020-19669 (Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3. ...) - TODO: check + NOT-FOR-US: Eyoucms CVE-2020-19668 (Unverified indexs into the array lead to out of bound access in the gi ...) - libsixel <unfixed> (bug #990799) [bullseye] - libsixel <no-dsa> (Minor issue) @@ -78120,7 +78120,7 @@ CVE-2020-18877 CVE-2020-18876 RESERVED CVE-2020-18875 (Incorrect Access Control in DotCMS versions before 5.1 allows remote a ...) - TODO: check + NOT-FOR-US: DotCMS CVE-2020-18874 RESERVED CVE-2020-18873 @@ -78378,7 +78378,7 @@ CVE-2020-18748 CVE-2020-18747 RESERVED CVE-2020-18746 (SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbit ...) - TODO: check + NOT-FOR-US: AiteCMS CVE-2020-18745 RESERVED CVE-2020-18744 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18cc00d86c997e47246e2ffe9021452cce6455db -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18cc00d86c997e47246e2ffe9021452cce6455db You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits