[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 6 09:24:58 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8fedc428 by Salvatore Bonaccorso at 2021-08-06T10:23:44+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12660,17 +12660,17 @@ CVE-2021-32583
CVE-2021-32582 (An issue was discovered in ConnectWise Automate before 2021.5. A blind ...)
NOT-FOR-US: ConnectWise Automate
CVE-2021-32581 (Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Im ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-32580 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-32579 (Acronis True Image prior to 2021 Update 4 for Windows and Acronis True ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-32578 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-32577 (Acronis True Image prior to 2021 Update 5 for Windows allowed local pr ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-32576 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-32606 (In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/i ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/16
@@ -14082,9 +14082,9 @@ CVE-2021-32005
CVE-2021-32004
RESERVED
CVE-2021-32003 (Unprotected Transport of Credentials vulnerability in SiteManager prov ...)
- TODO: check
+ NOT-FOR-US: Secomea SiteManager
CVE-2021-32002 (Improper Access Control vulnerability in web service of Secomea SiteMa ...)
- TODO: check
+ NOT-FOR-US: Secomea SiteManager
CVE-2021-32001 (A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of S ...)
NOT-FOR-US: Rancher
CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-ma ...)
@@ -27508,7 +27508,7 @@ CVE-2021-26607
CVE-2021-26606
RESERVED
CVE-2021-26605 (An improper input validation vulnerability in the service of ezPDFRead ...)
- TODO: check
+ NOT-FOR-US: ezPDFReader
CVE-2021-26604
RESERVED
CVE-2021-26603
@@ -27561,7 +27561,7 @@ CVE-2021-26588
CVE-2021-26587
RESERVED
CVE-2021-26586 (A potential security vulnerability has been identified in the HPE Edge ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-26585 (A potential vulnerability has been identified in HPE OneView Global Da ...)
NOT-FOR-US: HPE
CVE-2021-26584 (A security vulnerability in HPE OneView for VMware vCenter (OV4VC) cou ...)
@@ -30567,17 +30567,17 @@ CVE-2021-25450
CVE-2021-25449
RESERVED
CVE-2021-25448 (Improper access control vulnerability in Smart Touch Call prior to ver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25447 (Improper access control vulnerability in SmartThings prior to version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25446 (Improper access control vulnerability in SmartThings prior to version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25445 (Unprotected component vulnerability in Samsung Internet prior to versi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25444 (An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25443 (A use after free vulnerability in conn_gadget driver prior to SMR AUG- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25442 (Improper MDM policy management vulnerability in KME module prior to KC ...)
NOT-FOR-US: Samsung (KME module)
CVE-2021-25441 (Improper input validation vulnerability in AR Emoji Editor prior to ve ...)
@@ -36187,9 +36187,9 @@ CVE-2021-22930 [Use after free on close http2 on stream canceling]
CVE-2021-22929
RESERVED
CVE-2021-22928 (A vulnerability has been identified in Citrix Virtual Apps and Desktop ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2021-22927 (A session fixation vulnerability exists in Citrix ADC and Citrix Gatew ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2021-22926 (libcurl-using applications can ask for a specific client certificate t ...)
TODO: check
CVE-2021-22925 (curl supports the `-t` command line option, known as `CURLOPT_TELNETOP ...)
@@ -36223,9 +36223,9 @@ CVE-2021-22922 (When curl is instructed to download content using the metalink f
CVE-2021-22921 (Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local pri ...)
- nodejs <not-affected> (Only affects Windows installer)
CVE-2021-22920 (A vulnerability has been discovered in Citrix ADC (formerly known as N ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2021-22919 (A vulnerability has been discovered in Citrix ADC (formerly known as N ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2021-22918 (Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bou ...)
{DSA-4936-1}
- libuv1 1.40.0-2 (bug #990561)
@@ -37184,7 +37184,7 @@ CVE-2021-22554
CVE-2021-22553 (Any git operation is passed through Jetty and a session is created. No ...)
- gerrit <itp> (bug #589436)
CVE-2021-22552 (An untrusted memory read vulnerability in Asylo versions up to 0.6.1 a ...)
- TODO: check
+ NOT-FOR-US: Asylo
CVE-2021-22551
RESERVED
CVE-2021-22550 (An attacker can modify the pointers in enclave memory to overwrite arb ...)
@@ -38604,7 +38604,7 @@ CVE-2021-21895
CVE-2021-21894
RESERVED
CVE-2021-21893 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-21892
RESERVED
CVE-2021-21891
@@ -38650,7 +38650,7 @@ CVE-2021-21872
CVE-2021-21871 (A memory corruption vulnerability exists in the DMG File Format Handle ...)
NOT-FOR-US: PowerISO
CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-21869
RESERVED
CVE-2021-21868
@@ -38664,7 +38664,7 @@ CVE-2021-21865 (A unsafe deserialization vulnerability exists in the PackageMana
CVE-2021-21864 (A unsafe deserialization vulnerability exists in the ComponentModel Co ...)
NOT-FOR-US: CODESYS
CVE-2021-21863 (A unsafe deserialization vulnerability exists in the ComponentModel Pr ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2021-21862
RESERVED
CVE-2021-21861
@@ -38728,7 +38728,7 @@ CVE-2021-21833 (An improper array index validation vulnerability exists in the T
CVE-2021-21832
RESERVED
CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-21830
RESERVED
CVE-2021-21829
@@ -38784,7 +38784,7 @@ CVE-2021-21806 (An exploitable use-after-free vulnerability exists in WebKitGTK
- wpewebkit 2.30.6-1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214
CVE-2021-21805 (An OS Command Injection vulnerability exists in the ping.php script fu ...)
- TODO: check
+ NOT-FOR-US: Advantech R-SeeNet
CVE-2021-21804 (A local file inclusion (LFI) vulnerability exists in the options.php s ...)
NOT-FOR-US: Advantech R-SeeNet
CVE-2021-21803 (This vulnerability is present in device_graph_page.php script, which i ...)
@@ -38939,9 +38939,9 @@ CVE-2021-21741
CVE-2021-21740
RESERVED
CVE-2021-21739 (A ZTE's product of the transport network access layer has a security v ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21738 (ZTE's big video business platform has two reflective cross-site script ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21737 (A smart STB product of ZTE is impacted by a permission and access cont ...)
NOT-FOR-US: ZTE
CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and access c ...)
@@ -44532,9 +44532,9 @@ CVE-2021-20118
CVE-2021-20117
RESERVED
CVE-2021-20116 (A reflected cross-site scripting vulnerability exists in TCExam <= ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2021-20115 (A reflected cross-site scripting vulnerability exists in TCExam <= ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2021-20114 (When installed following the default/recommended settings, TCExam < ...)
NOT-FOR-US: TCExam
CVE-2021-20113 (An exposure of sensitive information vulnerability exists in TCExam &l ...)
@@ -68044,7 +68044,7 @@ CVE-2020-22394 (In YzmCMS v5.5 the member contribution function in the editor co
CVE-2020-22393
RESERVED
CVE-2020-22392 (Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 w ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2020-22391
RESERVED
CVE-2020-22390 (Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fedc428132b4ba08c304f8370c09c9f8da22fc7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fedc428132b4ba08c304f8370c09c9f8da22fc7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210806/6c7f2c35/attachment.htm>
More information about the debian-security-tracker-commits
mailing list