[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 14 21:22:14 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
be1205cf by Salvatore Bonaccorso at 2021-04-14T22:20:38+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -127,7 +127,7 @@ CVE-2021-31154
CVE-2021-31153
RESERVED
CVE-2021-31152 (Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request ...)
- TODO: check
+ NOT-FOR-US: Multilaser Router AC1200
CVE-2021-31151
RESERVED
CVE-2021-31150
@@ -1509,9 +1509,9 @@ CVE-2021-30496
CVE-2021-30495
RESERVED
CVE-2021-30494 (Multiple system services installed alongside the Razer Synapse 3 softw ...)
- TODO: check
+ NOT-FOR-US: Razer Synapse 3 software suite
CVE-2021-30493 (Multiple system services installed alongside the Razer Synapse 3 softw ...)
- TODO: check
+ NOT-FOR-US: Razer Synapse 3 software suite
CVE-2021-30492
RESERVED
CVE-2021-30491
@@ -1625,7 +1625,7 @@ CVE-2021-30461
CVE-2021-30460
RESERVED
CVE-2021-30459 (A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolba ...)
- TODO: check
+ NOT-FOR-US: Jazzband Django Debug Toolbar
CVE-2021-30458 (An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x ...)
- mediawiki 1:1.35.2-1
[buster] - mediawiki <not-affected> (Only applies to 1.35 and later)
@@ -3409,7 +3409,7 @@ CVE-2021-29656
CVE-2021-29655
RESERVED
CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data ( ...)
- TODO: check
+ NOT-FOR-US: AjaxSearchPro
CVE-2021-29653
RESERVED
CVE-2021-29652 (Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user s ...)
@@ -5210,9 +5210,9 @@ CVE-2021-28858
CVE-2021-28857
RESERVED
CVE-2021-28856 (In Deark before v1.5.8, a specially crafted input file can cause a div ...)
- TODO: check
+ NOT-FOR-US: Deark
CVE-2021-28855 (In Deark before 1.5.8, a specially crafted input file can cause a NULL ...)
- TODO: check
+ NOT-FOR-US: Deark
CVE-2021-28854
RESERVED
CVE-2021-28853
@@ -5341,7 +5341,7 @@ CVE-2021-28799
CVE-2021-28798
RESERVED
CVE-2021-28797 (A stack-based buffer overflow vulnerability has been reported to affec ...)
- TODO: check
+ NOT-FOR-US: QNAP NAS devices
CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. ...)
NOT-FOR-US: Increments Qiita::Markdown
CVE-2021-28795
@@ -6986,7 +6986,7 @@ CVE-2020-36258
CVE-2020-36257
RESERVED
CVE-2021-28098 (An issue was discovered in Forescout CounterACT before 8.1.4. A local ...)
- TODO: check
+ NOT-FOR-US: Forescout CounterACT
CVE-2021-28097
RESERVED
CVE-2021-28096
@@ -7081,7 +7081,7 @@ CVE-2021-28062
CVE-2021-28061
RESERVED
CVE-2021-28060 (A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4 ...)
- TODO: check
+ NOT-FOR-US: Group Office
CVE-2021-28059
RESERVED
CVE-2021-28058
@@ -7897,17 +7897,17 @@ CVE-2021-27712
CVE-2021-27711
RESERVED
CVE-2021-27710 (Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK X5000R router
CVE-2021-27709
RESERVED
CVE-2021-27708 (Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK X5000R router
CVE-2021-27707 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...)
- TODO: check
+ NOT-FOR-US: Tenda routers
CVE-2021-27706 (Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.1 ...)
- TODO: check
+ NOT-FOR-US: Tenda routers
CVE-2021-27705 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...)
- TODO: check
+ NOT-FOR-US: Tenda routers
CVE-2021-27704
RESERVED
CVE-2021-27703
@@ -8110,7 +8110,7 @@ CVE-2021-27610
CVE-2021-27609 (SAP Focused RUN versions 200, 300, does not perform necessary authoriz ...)
NOT-FOR-US: SAP
CVE-2021-27608 (An unquoted service path in SAPSetup, version - 9.0, could lead to pri ...)
- TODO: check
+ NOT-FOR-US: SAPSetup
CVE-2021-27607
RESERVED
CVE-2021-27606
@@ -8826,7 +8826,7 @@ CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular
CVE-2021-27289
RESERVED
CVE-2021-27288 (Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attack ...)
- TODO: check
+ NOT-FOR-US: X2Engine X2CRM
CVE-2021-27287
RESERVED
CVE-2021-27286
@@ -8886,7 +8886,7 @@ CVE-2021-27260 (This vulnerability allows local attackers to disclose sensitive
CVE-2021-27259 (This vulnerability allows local attackers to escalate privileges on af ...)
TODO: check
CVE-2021-27258 (This vulnerability allows remote attackers to execute escalate privile ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2021-27257 (This vulnerability allows network-adjacent attackers to compromise the ...)
NOT-FOR-US: Netgear
CVE-2021-27256 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
@@ -8896,21 +8896,21 @@ CVE-2021-27255 (This vulnerability allows remote attackers to execute arbitrary
CVE-2021-27254 (This vulnerability allows network-adjacent attackers to bypass authent ...)
NOT-FOR-US: Netgear
CVE-2021-27253 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-27252 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-27251 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-27250 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-27249 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-27248 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-27247 (This vulnerability allows remote attackers to disclose sensitive infor ...)
TODO: check
CVE-2021-27246 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2021-27245 (This vulnerability allows a firewall bypass on affected installations ...)
NOT-FOR-US: TP-Link
CVE-2021-27244 (This vulnerability allows local attackers to disclose sensitive inform ...)
@@ -9177,7 +9177,7 @@ CVE-2021-27132 (SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection
CVE-2021-27131
RESERVED
CVE-2021-27130 (Online Reviewer System 1.0 contains a SQL injection vulnerability thro ...)
- TODO: check
+ NOT-FOR-US: Online Reviewer System
CVE-2021-27129
RESERVED
CVE-2021-27128
@@ -9209,9 +9209,9 @@ CVE-2021-27116
CVE-2021-27115
RESERVED
CVE-2021-27114 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-27113 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-27112
RESERVED
CVE-2021-27111
@@ -9901,7 +9901,7 @@ CVE-2021-26834
CVE-2021-26833 (Code Execution vulnerability in Profile Picture upload in TimelyBills ...)
NOT-FOR-US: TimelyBills App Budget, Expense tracker & Bills
CVE-2021-26832 (Cross Site Scripting (XSS) in the "Reset Password" page form of Priori ...)
- TODO: check
+ NOT-FOR-US: Priority Enterprise Management System
CVE-2021-26831
RESERVED
CVE-2021-26830
@@ -9911,7 +9911,7 @@ CVE-2021-26829
CVE-2021-26828
RESERVED
CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ route ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...)
- godot <unfixed> (bug #982593)
[buster] - godot <no-dsa> (Minor issue)
@@ -11862,9 +11862,9 @@ CVE-2021-26033
CVE-2021-26032
RESERVED
CVE-2021-26031 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate fi ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2021-26030 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate es ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2021-26029 (An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate fi ...)
NOT-FOR-US: Joomla!
CVE-2021-26028 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an ...)
@@ -27535,9 +27535,9 @@ CVE-2020-35421
CVE-2020-35420
RESERVED
CVE-2020-35419 (Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LAN ...)
- TODO: check
+ NOT-FOR-US: Group Office CRM
CVE-2020-35418 (Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4 ...)
- TODO: check
+ NOT-FOR-US: Group Office CRM
CVE-2020-35417
RESERVED
CVE-2020-35416 (Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabber ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be1205cf87b6e6fe2cba76169a2289f7a6c9d3d1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be1205cf87b6e6fe2cba76169a2289f7a6c9d3d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210414/b0cd1fba/attachment.htm>
More information about the debian-security-tracker-commits
mailing list