[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 13 21:25:38 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e0c091e2 by Salvatore Bonaccorso at 2021-04-13T22:25:15+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1031,9 +1031,9 @@ CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. syn
CVE-2021-30177 (There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User R ...)
NOT-FOR-US: PHP-Nuke
CVE-2021-30176 (The ZEROF Expert pro/2.0 application for mobile devices allows SQL Inj ...)
- TODO: check
+ NOT-FOR-US: ZEROF Expert
CVE-2021-30175 (ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /Handle ...)
- TODO: check
+ NOT-FOR-US: ZEROF Web Server
CVE-2021-30174
RESERVED
CVE-2021-30173
@@ -1464,11 +1464,11 @@ CVE-2021-30001
CVE-2021-30000 (An issue was discovered in LATRIX 0.6.0. SQL injection in the txtacces ...)
NOT-FOR-US: LATRIX
CVE-2021-29999 (An issue was discovered in Wind River VxWorks through 6.8. There is a ...)
- TODO: check
+ NOT-FOR-US: Wind River VxWorks
CVE-2021-29998 (An issue was discovered in Wind River VxWorks before 6.5. There is a p ...)
- TODO: check
+ NOT-FOR-US: Wind River VxWorks
CVE-2021-29997 (XML External Entity Resolution (XXE) in Helix ALM. The XML Import func ...)
- TODO: check
+ NOT-FOR-US: Helix ALM
CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command execution. ...)
NOT-FOR-US: marktext
CVE-2021-29995
@@ -2691,7 +2691,7 @@ CVE-2021-29438 (The Nextcloud dialogs library (npm package @nextcloud/dialogs) b
CVE-2021-29437 (ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth ...)
TODO: check
CVE-2021-29436 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
- TODO: check
+ NOT-FOR-US: Anuko Time Tracker
CVE-2021-29435 (trestle-auth is an authentication plugin for the Trestle admin framewo ...)
TODO: check
CVE-2021-29434
@@ -3740,7 +3740,7 @@ CVE-2021-28975
CVE-2021-28974
RESERVED
CVE-2021-28973 (The XML Import functionality of the Administration console in Perforce ...)
- TODO: check
+ NOT-FOR-US: Helix ALM
CVE-2021-28970 (eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices ...)
NOT-FOR-US: Central Management of FireEye EX 3500 devices
CVE-2021-28969 (eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticat ...)
@@ -16982,17 +16982,17 @@ CVE-2021-23283
CVE-2021-23282
RESERVED
CVE-2021-23281 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23280 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23279 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23278 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23277 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23276 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23275
RESERVED
CVE-2021-23274 (The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Ga ...)
@@ -20186,7 +20186,7 @@ CVE-2021-21786
CVE-2021-21785
RESERVED
CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format SOF mark ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing plugin func ...)
- gsoap <unfixed>
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245
@@ -20295,11 +20295,11 @@ CVE-2021-21733
CVE-2021-21732
RESERVED
CVE-2021-21731 (A CSRF vulnerability exists in the management page of a ZTE product.Th ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21730 (A ZTE product is impacted by improper access control vulnerability. Th ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21729 (Some ZTE products have CSRF vulnerability. Because some pages lack CSR ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21728 (A ZTE product has a configuration error vulnerability. Because a certa ...)
NOT-FOR-US: ZTE
CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...)
@@ -21507,7 +21507,7 @@ CVE-2021-21487 (SAP Payment Engine version 500, does not perform necessary autho
CVE-2021-21486 (SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 6 ...)
NOT-FOR-US: SAP
CVE-2021-21485 (An unauthorized attacker may be able to entice an administrator to inv ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-21484 (LDAP authentication in SAP HANA Database version 2.0 can be bypassed i ...)
NOT-FOR-US: SAP
CVE-2021-21483 (Under certain conditions SAP Solution Manager, version - 720, allows a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0c091e2b1a41dabd6f0421ad57cd98e3564ad75
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0c091e2b1a41dabd6f0421ad57cd98e3564ad75
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210413/350e86e0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list