[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 6 06:19:24 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
45400a16 by Salvatore Bonaccorso at 2021-08-06T07:19:03+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2021-38140
CVE-2021-38139
RESERVED
CVE-2021-38138 (OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vend ...)
- TODO: check
+ NOT-FOR-US: OneNav
CVE-2021-38137
RESERVED
CVE-2021-38136
@@ -115,7 +115,7 @@ CVE-2021-38097
CVE-2021-38096
RESERVED
CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote unauthenticated at ...)
- TODO: check
+ NOT-FOR-US: Planview Spigit
CVE-2021-38094
RESERVED
CVE-2021-38093
@@ -453,13 +453,13 @@ CVE-2021-37932
CVE-2021-3681
RESERVED
CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
- TODO: check
+ NOT-FOR-US: showdoc
CVE-2021-3679
RESERVED
- linux <unfixed>
NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a
CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
- TODO: check
+ NOT-FOR-US: showdoc
CVE-2021-37931
RESERVED
CVE-2021-37930
@@ -1106,7 +1106,7 @@ CVE-2021-37627
CVE-2021-37626
RESERVED
CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to 0.6.4 ...)
- TODO: check
+ NOT-FOR-US: Skytable
CVE-2021-37624
RESERVED
CVE-2021-37623
@@ -1150,9 +1150,9 @@ CVE-2021-3669 [reading /proc/sysvipc/shm does not scale with large shared memory
CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery by an a ...)
NOT-FOR-US: Meow hash
CVE-2021-37605 (In the Microchip MiWi v6.5 software stack, there is a possibility of f ...)
- TODO: check
+ NOT-FOR-US: Microchip MiWi
CVE-2021-37604 (In the Microchip MiWi v6.5 software stack, there is a possibility of f ...)
- TODO: check
+ NOT-FOR-US: Microchip MiWi
CVE-2021-37603
RESERVED
CVE-2021-37602
@@ -2885,17 +2885,17 @@ CVE-2019-25050 (netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer over
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156
CVE-2021-36805 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...)
- TODO: check
+ NOT-FOR-US: Akaunting
CVE-2021-36804 (Akaunting version 2.1.12 and earlier suffers from a password reset spo ...)
- TODO: check
+ NOT-FOR-US: Akaunting
CVE-2021-36803 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...)
- TODO: check
+ NOT-FOR-US: Akaunting
CVE-2021-36802 (Akaunting version 2.1.12 and earlier suffers from a denial-of-service ...)
- TODO: check
+ NOT-FOR-US: Akaunting
CVE-2021-36801 (Akaunting version 2.1.12 and earlier suffers from an authentication by ...)
- TODO: check
+ NOT-FOR-US: Akaunting
CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code injection iss ...)
- TODO: check
+ NOT-FOR-US: Akaunting
CVE-2021-36799 (KNX ETS5 uses the hard-coded password ETS5Password, with a salt value ...)
NOT-FOR-US: KNX ETS5
CVE-2021-36798
@@ -3621,7 +3621,7 @@ CVE-2021-36485
CVE-2021-36484
RESERVED
CVE-2021-36483 (DevExpress.XtraReports.UI through v21.1 allows attackers to execute ar ...)
- TODO: check
+ NOT-FOR-US: DevExpress.XtraReports.UI
CVE-2021-36482
RESERVED
CVE-2021-36481
@@ -12607,7 +12607,7 @@ CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute ar
CVE-2021-32604 (Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles ...)
NOT-FOR-US: SolarWinds
CVE-2021-32603 (A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiM ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-32602
RESERVED
CVE-2021-32601
@@ -12617,7 +12617,7 @@ CVE-2021-32600
CVE-2021-32599
RESERVED
CVE-2021-32598 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-32597
RESERVED
CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in the pas ...)
@@ -13762,7 +13762,7 @@ CVE-2021-32078 (An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge
NOTE: https://kirtikumarar.com/CVE-2021-32078.txt
NOTE: https://git.kernel.org/linus/298a58e165e447ccfaae35fe9f651f9d7e15166f (5.13-rc1)
CVE-2021-3539 (EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2021-3538 (A flaw was found in github.com/satori/go.uuid in versions from commit ...)
- golang-github-satori-go.uuid <not-affected> (Vulnerable code introduced later and not in any released version)
NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
@@ -14438,11 +14438,11 @@ CVE-2021-3520 (There's a flaw in lz4. An attacker who submits a crafted file to
NOTE: https://github.com/lz4/lz4/pull/972
NOTE: Fixed by: https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
CVE-2021-31869 (Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injec ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2021-31868
RESERVED
CVE-2021-31867 (Pimcore Customer Data Framework version 3.0.0 and earlier suffers from ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2021-3519
RESERVED
CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to lear ...)
@@ -44966,7 +44966,7 @@ CVE-2021-20030
CVE-2021-20029
RESERVED
CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Comma ...)
- TODO: check
+ NOT-FOR-US: Sonicwall
CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...)
NOT-FOR-US: SonicWall
CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an authent ...)
@@ -50266,7 +50266,7 @@ CVE-2021-1574 (Multiple vulnerabilities in the web-based management interface of
CVE-2021-1573
RESERVED
CVE-2021-1572 (A vulnerability in ConfD could allow an authenticated, local attacker ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1571 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1570 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
@@ -67354,7 +67354,7 @@ CVE-2020-22734
CVE-2020-22733
RESERVED
CVE-2020-22732 (CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions &g ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple (CMSMS)
CVE-2020-22731
RESERVED
CVE-2020-22730
@@ -74425,9 +74425,9 @@ CVE-2020-19304 (An issue in /admin/index.php?n=system&c=filept&a=doGetFi
CVE-2020-19303 (An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 ...)
NOT-FOR-US: hdcms
CVE-2020-19302 (An arbitrary file upload vulnerability in the avatar upload function o ...)
- TODO: check
+ NOT-FOR-US: vaeThink
CVE-2020-19301 (A vulnerability in the vae_admin_rule database table of vaeThink v1.0. ...)
- TODO: check
+ NOT-FOR-US: vaeThink
CVE-2020-19300
RESERVED
CVE-2020-19299
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45400a1662ca20f4bcbcf401bd005b704e7f223c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45400a1662ca20f4bcbcf401bd005b704e7f223c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210806/d3d69217/attachment.htm>
More information about the debian-security-tracker-commits
mailing list