[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 5 05:37:20 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e4041e52 by Salvatore Bonaccorso at 2021-08-05T06:36:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...)
- TODO: check
+ NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif)
CVE-2021-38112
RESERVED
CVE-2021-38111 (The DEF CON 27 badge allows remote attackers to exploit a buffer overf ...)
- TODO: check
+ NOT-FOR-US: DEF CON 27 badge
CVE-2021-38110
RESERVED
CVE-2021-38109
@@ -2921,9 +2921,9 @@ CVE-2021-36767
CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable co ...)
NOT-FOR-US: Concrete5
CVE-2021-36765 (In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests ma ...)
- TODO: check
+ NOT-FOR-US: CODESYS EtherNetIP
CVE-2021-36764 (In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Derefe ...)
- TODO: check
+ NOT-FOR-US: CODESYS Gateway
CVE-2021-36763 (In CODESYS V3 web server before 3.5.17.10, files or directories are ac ...)
NOT-FOR-US: CODESYS V3 web server
CVE-2021-36762
@@ -4207,7 +4207,7 @@ CVE-2021-36170
CVE-2021-36169
RESERVED
CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-36167
RESERVED
CVE-2021-36166
@@ -5913,7 +5913,7 @@ CVE-2021-35465
CVE-2021-35464 (ForgeRock AM server before 7.0 has a Java deserialization vulnerabilit ...)
NOT-FOR-US: ForgeRock
CVE-2021-35463 (Cross-site scripting (XSS) vulnerability in the Frontend Taglib module ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2021-35462
RESERVED
CVE-2021-35461
@@ -7196,49 +7196,49 @@ CVE-2021-34855
CVE-2021-34854
RESERVED
CVE-2021-34853 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34852 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34851 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34850 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34849 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34848 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34847 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34846 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34845 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34844 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34843 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34842 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34841 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34840 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34839 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34838 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34837 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34836 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34835 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34834 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34833 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34832 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-34831 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit Reader
CVE-2021-34830 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
@@ -7524,7 +7524,7 @@ CVE-2021-34709
CVE-2021-34708
RESERVED
CVE-2021-34707 (A vulnerability in the REST API of Cisco Evolved Programmable Network ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34706
RESERVED
CVE-2021-34705
@@ -10723,13 +10723,13 @@ CVE-2021-33341
CVE-2021-33340
RESERVED
CVE-2021-33339 (Cross-site scripting (XSS) vulnerability in the Fragment module in Lif ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2021-33338 (The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay D ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2021-33337 (Cross-site scripting (XSS) vulnerability in the Document Library modul ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2021-33336 (Cross-site scripting (XSS) vulnerability in the Journal module's add a ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2021-33335 (Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3 ...)
NOT-FOR-US: Liferay
CVE-2021-33334 (The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, ...)
@@ -12004,7 +12004,7 @@ CVE-2021-32795 (ArchiSteamFarm is a C# application with primary purpose of idlin
CVE-2021-32794 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...)
NOT-FOR-US: ArchiSteamFarm
CVE-2021-32793 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...)
- TODO: check
+ NOT-FOR-US: Pi-hole
CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991580)
[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
@@ -12244,7 +12244,7 @@ CVE-2021-32708 (Flysystem is an open source file storage library for PHP. The wh
CVE-2021-32707 (Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6 ...)
NOT-FOR-US: Nextcloud Mail
CVE-2021-32706 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...)
- TODO: check
+ NOT-FOR-US: Pi-hole
CVE-2021-32705 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
- nextcloud-server <itp> (bug #941708)
CVE-2021-32704 (DHIS 2 is an information system for data capture, management, validati ...)
@@ -12508,11 +12508,11 @@ CVE-2021-32598
CVE-2021-32597
RESERVED
CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in the pas ...)
- TODO: check
+ NOT-FOR-US: FortiPortal
CVE-2021-32595
RESERVED
CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface of Fort ...)
- TODO: check
+ NOT-FOR-US: FortiPortal
CVE-2021-32593
RESERVED
CVE-2021-32592
@@ -12520,7 +12520,7 @@ CVE-2021-32592
CVE-2021-32591
RESERVED
CVE-2021-32590 (Multiple improper neutralization of special elements used in an SQL co ...)
- TODO: check
+ NOT-FOR-US: FortiPortal
CVE-2021-32589
RESERVED
CVE-2021-32588
@@ -15006,7 +15006,7 @@ CVE-2021-31632
CVE-2021-31631
RESERVED
CVE-2021-31630 (Command Injection in Open PLC Webserver v3 allows remote attackers to ...)
- NOT-FOR-US: OpenPlc webserver
+ NOT-FOR-US: Open PLC webserver
CVE-2021-31629
RESERVED
CVE-2021-31628
@@ -28782,11 +28782,11 @@ CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption se
CVE-2021-26099 (Missing cryptographic steps in the Identity-Based Encryption service o ...)
NOT-FOR-US: FortiMail
CVE-2021-26098 (An instance of small space of random values in the RPC API of FortiSan ...)
- TODO: check
+ NOT-FOR-US: FortiSandbox
CVE-2021-26097 (An improper neutralization of special elements used in an OS Command v ...)
- TODO: check
+ NOT-FOR-US: FortiSandbox
CVE-2021-26096 (Multiple instances of heap-based buffer overflow in the command shell ...)
- TODO: check
+ NOT-FOR-US: FortiSandbox
CVE-2021-26095 (The combination of various cryptographic issues in the session managem ...)
NOT-FOR-US: FortiMail
CVE-2021-26094
@@ -33571,7 +33571,7 @@ CVE-2021-24020 (A missing cryptographic step in the implementation of the hash d
CVE-2021-24019
RESERVED
CVE-2021-24018 (A buffer underwrite vulnerability in the firmware verification routine ...)
- TODO: check
+ NOT-FOR-US: FortiOS
CVE-2021-24017
RESERVED
CVE-2021-24016
@@ -33579,7 +33579,7 @@ CVE-2021-24016
CVE-2021-24015 (An improper neutralization of special elements used in an OS Command v ...)
NOT-FOR-US: Fortinet
CVE-2021-24014 (Multiple instances of improper neutralization of input during web page ...)
- TODO: check
+ NOT-FOR-US: FortiSandbox
CVE-2021-24013 (Multiple Path traversal vulnerabilities in the Webmail of FortiMail be ...)
NOT-FOR-US: Fortinet
CVE-2021-24012 (An improper following of a certificate's chain of trust vulnerability ...)
@@ -33587,7 +33587,7 @@ CVE-2021-24012 (An improper following of a certificate's chain of trust vulnerab
CVE-2021-24011 (A privilege escalation vulnerability in FortiNAC version below 8.8.2 m ...)
NOT-FOR-US: Fortiguard
CVE-2021-24010 (Improper limitation of a pathname to a restricted directory vulnerabil ...)
- TODO: check
+ NOT-FOR-US: FortiSandbox
CVE-2021-24009
RESERVED
CVE-2021-24008
@@ -38003,7 +38003,7 @@ CVE-2021-22126
CVE-2021-22125 (An instance of improper neutralization of special elements in the snif ...)
NOT-FOR-US: FortiSandbox
CVE-2021-22124 (An uncontrolled resource consumption (denial of service) vulnerability ...)
- TODO: check
+ NOT-FOR-US: FortiSandbox
CVE-2021-22123 (An OS command injection vulnerability in FortiWeb's management interfa ...)
NOT-FOR-US: FortiGuard
CVE-2021-22122 (An improper neutralization of input during web page generation in Fort ...)
@@ -38543,11 +38543,11 @@ CVE-2021-21868
CVE-2021-21867
RESERVED
CVE-2021-21866 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2021-21865 (A unsafe deserialization vulnerability exists in the PackageManagement ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2021-21864 (A unsafe deserialization vulnerability exists in the ComponentModel Co ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2021-21863
RESERVED
CVE-2021-21862
@@ -49172,7 +49172,7 @@ CVE-2020-29013
CVE-2020-29012
RESERVED
CVE-2020-29011 (Instances of SQL Injection vulnerabilities in the checksum search and ...)
- TODO: check
+ NOT-FOR-US: FortiSandbox
CVE-2020-29010
RESERVED
CVE-2020-29009
@@ -50069,9 +50069,9 @@ CVE-2021-1612
CVE-2021-1611
RESERVED
CVE-2021-1610 (Multiple vulnerabilities in the web-based management interface of the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1609 (Multiple vulnerabilities in the web-based management interface of the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1608
RESERVED
CVE-2021-1607 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -50085,7 +50085,7 @@ CVE-2021-1604 (Multiple vulnerabilities in the web-based management interface of
CVE-2021-1603 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1602 (A vulnerability in the web-based management interface of Cisco Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1601 (Multiple vulnerabilities in Cisco Intersight Virtual Appliance could a ...)
NOT-FOR-US: Cisco
CVE-2021-1600 (Multiple vulnerabilities in Cisco Intersight Virtual Appliance could a ...)
@@ -50103,7 +50103,7 @@ CVE-2021-1595 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LL
CVE-2021-1594
RESERVED
CVE-2021-1593 (A vulnerability in Cisco Packet Tracer for Windows could allow an auth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1592
RESERVED
CVE-2021-1591
@@ -50245,7 +50245,7 @@ CVE-2021-1524 (A vulnerability in the API of Cisco Meeting Server could allow an
CVE-2021-1523
RESERVED
CVE-2021-1522 (A vulnerability in the change password API of Cisco Connected Mobile E ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1521 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
NOT-FOR-US: Cisco
CVE-2021-1520 (A vulnerability in the internal message processing of Cisco RV340, RV3 ...)
@@ -74295,11 +74295,11 @@ CVE-2020-19307
CVE-2020-19306
RESERVED
CVE-2020-19305 (An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 ...)
- TODO: check
+ NOT-FOR-US: Metinfo
CVE-2020-19304 (An issue in /admin/index.php?n=system&c=filept&a=doGetFileList ...)
- TODO: check
+ NOT-FOR-US: Metinfo
CVE-2020-19303 (An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 ...)
- TODO: check
+ NOT-FOR-US: hdcms
CVE-2020-19302 (An arbitrary file upload vulnerability in the avatar upload function o ...)
TODO: check
CVE-2020-19301 (A vulnerability in the vae_admin_rule database table of vaeThink v1.0. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4041e521d8c971c2d1ff7f024036fd342ebacdc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4041e521d8c971c2d1ff7f024036fd342ebacdc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210805/e3e2702c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list