[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 29 21:20:42 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ba055174 by Salvatore Bonaccorso at 2021-04-29T22:20:14+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1099,49 +1099,49 @@ CVE-2021-31440
CVE-2021-31439
RESERVED
CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-31437 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-31436 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-31435 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-31434 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-31433 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-31432 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31431 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31430 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31429 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31428 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31427 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31426 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31425 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31424 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31423 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31422 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31421 (This vulnerability allows local attackers to delete arbitrary files on ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31420 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31419 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31418 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31417 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-3501 [userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run]
RESERVED
- linux <unfixed>
@@ -3699,19 +3699,19 @@ CVE-2021-30236
CVE-2021-30235
RESERVED
CVE-2021-30234 (The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-30233 (The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 r ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-30232 (The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF- ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-30231 (The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 rou ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-30230 (The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-30229 (The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-30228 (The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao W ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-30227 (Cross Site Scripting (XSS) vulnerability in the article comments featu ...)
TODO: check
CVE-2021-30226
@@ -6286,27 +6286,27 @@ CVE-2021-29149
CVE-2021-29148
RESERVED
CVE-2021-29147 (A remote arbitrary command execution vulnerability was discovered in A ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29146 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29145 (A remote server side request forgery (SSRF) remote code execution vuln ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29144 (A remote disclosure of sensitive information vulnerability was discove ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29143
RESERVED
CVE-2021-29142 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29141 (A remote disclosure of sensitive information vulnerability was discove ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29140 (A remote XML external entity (XXE) vulnerability was discovered in Aru ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29139 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29138 (A remote disclosure of privileged information vulnerability was discov ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29137 (A remote URL redirection vulnerability was discovered in Aruba AirWave ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29136 (Open Container Initiative umoci before 0.4.7 allows attackers to overw ...)
- umoci 0.4.7+ds-1
[buster] - umoci <no-dsa> (Minor issue)
@@ -8202,7 +8202,7 @@ CVE-2021-28282
CVE-2021-28281
RESERVED
CVE-2021-28280 (CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFu ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2021-28279
RESERVED
CVE-2021-28278
@@ -14358,11 +14358,11 @@ CVE-2021-25814
CVE-2021-25813
RESERVED
CVE-2021-25812 (Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 v ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1
CVE-2021-25811 (MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a craf ...)
- TODO: check
+ NOT-FOR-US: MERCUSYS Mercury X18G 1.0.5 devices
CVE-2021-25810 (Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0. ...)
- TODO: check
+ NOT-FOR-US: MERCUSYS Mercury X18G 1.0.5 devices
CVE-2021-25809
RESERVED
CVE-2021-25808
@@ -15892,15 +15892,15 @@ CVE-2021-25169 (The Baseboard Management Controller (BMC) firmware in HPE Apollo
CVE-2021-25168 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
NOT-FOR-US: HPE
CVE-2021-25167 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-25166 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-25165 (A remote XML external entity vulnerability was discovered in Aruba Air ...)
NOT-FOR-US: Aruba
CVE-2021-25164 (A remote XML external entity vulnerability was discovered in Aruba Air ...)
NOT-FOR-US: Aruba
CVE-2021-25163 (A remote XML external entity vulnerability was discovered in Aruba Air ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-25162 (A remote execution of arbitrary commands vulnerability was discovered ...)
NOT-FOR-US: Aruba
CVE-2021-25161 (A remote cross-site scripting (xss) vulnerability was discovered in so ...)
@@ -25259,7 +25259,7 @@ CVE-2021-21416 (django-registration is a user registration package for Django. T
NOTE: https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh
NOTE: https://github.com/ubernostrum/django-registration/commit/8206af081e239598cfd15d165d4d8ab9849ee23c
CVE-2021-21415 (Prisma VS Code a VSCode extension for Prisma schema files. This is a R ...)
- TODO: check
+ NOT-FOR-US: Prisma VS Code a VSCode extension
CVE-2021-21414 (Prisma is an open source ORM for Node.js & TypeScript. As of today ...)
NOT-FOR-US: Prisma
CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...)
@@ -28879,11 +28879,11 @@ CVE-2021-20094
CVE-2021-20093
RESERVED
CVE-2021-20092 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.0 ...)
- TODO: check
+ NOT-FOR-US: Buffalo
CVE-2021-20091 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.0 ...)
- TODO: check
+ NOT-FOR-US: Buffalo
CVE-2021-20090 (A path traversal vulnerability in the web interfaces of Buffalo WSR-25 ...)
- TODO: check
+ NOT-FOR-US: Buffalo
CVE-2021-20089 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
NOT-FOR-US: purl javascript URL parser (different from src:purl)
CVE-2021-20088 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
@@ -29461,7 +29461,7 @@ CVE-2020-35432
CVE-2020-35431
RESERVED
CVE-2020-35430 (SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemCon ...)
- TODO: check
+ NOT-FOR-US: Inxedu
CVE-2020-35429
RESERVED
CVE-2020-35428
@@ -34611,13 +34611,13 @@ CVE-2021-1506
CVE-2021-1505
RESERVED
CVE-2021-1504 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1503
RESERVED
CVE-2021-1502
RESERVED
CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive Securit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1500
RESERVED
CVE-2021-1499
@@ -34629,11 +34629,11 @@ CVE-2021-1497
CVE-2021-1496
RESERVED
CVE-2021-1495 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1494
RESERVED
CVE-2021-1493 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not properly ...)
NOT-FOR-US: Duo Authentication Proxy
CVE-2021-1491
@@ -34641,9 +34641,9 @@ CVE-2021-1491
CVE-2021-1490
RESERVED
CVE-2021-1489 (A vulnerability in filesystem usage management for Cisco Firepower Dev ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1488 (A vulnerability in the upgrade process of Cisco Adaptive Security Appl ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1487
RESERVED
CVE-2021-1486
@@ -34665,9 +34665,9 @@ CVE-2021-1479 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could a
CVE-2021-1478
RESERVED
CVE-2021-1477 (A vulnerability in an access control mechanism of Cisco Firepower Mana ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1476 (A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1475 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...)
NOT-FOR-US: Cisco
CVE-2021-1474 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...)
@@ -34703,13 +34703,13 @@ CVE-2021-1460 (A vulnerability in the Cisco IOx Application Framework of Cisco 8
CVE-2021-1459 (A vulnerability in the web-based management interface of Cisco Small B ...)
NOT-FOR-US: Cisco
CVE-2021-1458 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1457 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1456 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1455 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1454 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software co ...)
NOT-FOR-US: Cisco
CVE-2021-1453 (A vulnerability in the software image verification functionality of Ci ...)
@@ -34723,13 +34723,13 @@ CVE-2021-1450 (A vulnerability in the interprocess communication (IPC) channel o
CVE-2021-1449 (A vulnerability in the boot logic of Cisco Access Points Software coul ...)
NOT-FOR-US: Cisco
CVE-2021-1448 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1447
RESERVED
CVE-2021-1446 (A vulnerability in the DNS application layer gateway (ALG) functionali ...)
NOT-FOR-US: Cisco
CVE-2021-1445 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1444
RESERVED
CVE-2021-1443 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
@@ -34821,7 +34821,7 @@ CVE-2021-1404 (A vulnerability in the PDF parsing module in Clam AntiVirus (Clam
CVE-2021-1403 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
NOT-FOR-US: Cisco
CVE-2021-1402 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1401
RESERVED
CVE-2021-1400
@@ -34887,7 +34887,7 @@ CVE-2021-1371 (A vulnerability in the role-based access control of Cisco IOS XE
CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for the Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1369 (A vulnerability in the REST API of Cisco Firepower Device Manager (FDM ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1368 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...)
NOT-FOR-US: Cisco
CVE-2021-1367 (A vulnerability in the Protocol Independent Multicast (PIM) feature of ...)
@@ -35113,7 +35113,7 @@ CVE-2021-1258 (A vulnerability in the upgrade component of Cisco AnyConnect Secu
CVE-2021-1257 (A vulnerability in the web-based management interface of Cisco DNA Cen ...)
NOT-FOR-US: Cisco
CVE-2021-1256 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1255 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
NOT-FOR-US: Cisco
CVE-2021-1254
@@ -52709,7 +52709,7 @@ CVE-2020-22004
CVE-2020-22003
RESERVED
CVE-2020-22002 (An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Inim Electronics Smartliving SmartLAN/G/SI
CVE-2020-22001 (HomeAutomation 3.3.2 suffers from an authentication bypass vulnerabili ...)
NOT-FOR-US: HomeAutomation
CVE-2020-22000 (HomeAutomation 3.3.2 suffers from an authenticated OS command executio ...)
@@ -52719,21 +52719,21 @@ CVE-2020-21999
CVE-2020-21998 (In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter ...)
NOT-FOR-US: HomeAutomation
CVE-2020-21997 (Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated da ...)
- TODO: check
+ NOT-FOR-US: Smartwares HOME easy
CVE-2020-21996 (AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot comm ...)
NOT-FOR-US: AVE DOMINAplus
CVE-2020-21995 (Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardc ...)
- TODO: check
+ NOT-FOR-US: Inim Electronics Smartliving SmartLAN/G/SI
CVE-2020-21994 (AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclos ...)
NOT-FOR-US: AVE DOMINAplus
CVE-2020-21993 (In WEMS Limited Enterprise Manager 2.58, input passed to the GET param ...)
NOT-FOR-US: WEMS Limited Enterprise Manager
CVE-2020-21992 (Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an au ...)
- TODO: check
+ NOT-FOR-US: Inim Electronics SmartLiving SmartLAN/G/SI
CVE-2020-21991 (AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulne ...)
NOT-FOR-US: AVE DOMINAplus
CVE-2020-21990 (Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0. ...)
- TODO: check
+ NOT-FOR-US: Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway
CVE-2020-21989 (HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). ...)
NOT-FOR-US: HomeAutomation
CVE-2020-21988
@@ -90160,7 +90160,7 @@ CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, m
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-vjwg-42w7-w64h
CVE-2020-7038 (A vulnerability was discovered in Management component of Avaya Equino ...)
- TODO: check
+ NOT-FOR-US: Avaya Equinox Conferencing
CVE-2020-7037 (An XML External Entities (XXE) vulnerability in Media Server component ...)
NOT-FOR-US: Avaya Equinox Conferencing
CVE-2020-7036 (An XML External Entities (XXE)vulnerability in Callback Assist could a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba0551742f0f75c3845fc13e510f2f0f98d3bea5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba0551742f0f75c3845fc13e510f2f0f98d3bea5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210429/c8965e4a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list