[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 11 06:38:30 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9020259d by Salvatore Bonaccorso at 2021-08-11T07:38:07+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before disconnect ...)
- TODO: check
+ NOT-FOR-US: Contiki
CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows remote ...)
- TODO: check
+ NOT-FOR-US: Contiki
CVE-2021-38385
RESERVED
CVE-2021-38384 (Serverless Offline 8.0.0 returns a 403 HTTP status code for a route th ...)
@@ -56,7 +56,7 @@ CVE-2021-38367
CVE-2021-38366
RESERVED
CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remo ...)
- TODO: check
+ NOT-FOR-US: Winner (aka ToneWinner) desktop speakers
CVE-2021-3698
RESERVED
CVE-2021-3697
@@ -2276,11 +2276,11 @@ CVE-2021-37393 (In RPCMS v1.8 and below, the "nickname" variable is not properly
CVE-2021-37392 (In RPCMS v1.8 and below, the "nickname" variable is not properly sanit ...)
NOT-FOR-US: RPCMS
CVE-2021-37391 (A user without privileges in Chamilo LMS 1.11.14 can send an invitatio ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2021-37390 (A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/socia ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2021-37389 (Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/ ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2021-37388 (A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr paramet ...)
NOT-FOR-US: D-Link
CVE-2021-37387
@@ -2324,11 +2324,11 @@ CVE-2021-37369
CVE-2021-37368
RESERVED
CVE-2021-37367 (CTparental before 4.45.07 is affected by a code execution vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: CTparental
CVE-2021-37366 (CTparental before 4.45.03 is vulnerable to cross-site request forgery ...)
- TODO: check
+ NOT-FOR-US: CTparental
CVE-2021-37365 (CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: CTparental
CVE-2021-37364
RESERVED
CVE-2021-37363
@@ -2721,11 +2721,11 @@ CVE-2021-37182
CVE-2021-37181
RESERVED
CVE-2021-37180 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-37179 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-37178 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-37177
RESERVED
CVE-2021-37176
@@ -2737,7 +2737,7 @@ CVE-2021-37174
CVE-2021-37173
RESERVED
CVE-2021-37172 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-37171
RESERVED
CVE-2021-37170
@@ -10640,7 +10640,7 @@ CVE-2021-3567
NOTE: https://gitlab.gnome.org/GNOME/caribou/-/merge_requests/3
NOTE: https://gitlab.gnome.org/GNOME/caribou/-/commit/d41c8e44b12222a290eaca16703406b113a630c6
CVE-2021-33738 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: JT2Go
CVE-2021-33737
RESERVED
CVE-2021-33736
@@ -10674,7 +10674,7 @@ CVE-2021-33723
CVE-2021-33722
RESERVED
CVE-2021-33721 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-33720
RESERVED
CVE-2021-33719
@@ -10682,7 +10682,7 @@ CVE-2021-33719
CVE-2021-33718 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Mendix Applications
CVE-2021-33717 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: JT2Go
CVE-2021-33716
RESERVED
CVE-2021-33715 (A vulnerability has been identified in JT Utilities (All versions < ...)
@@ -12456,7 +12456,7 @@ CVE-2021-32945
CVE-2021-32944 (A use-after-free issue exists in the DGN file-reading procedure in the ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32943 (The affected product is vulnerable to a stack-based buffer overflow, w ...)
- TODO: check
+ NOT-FOR-US: WebAccess/SCADA
CVE-2021-32942 (The vulnerability could expose cleartext credentials from AVEVA InTouc ...)
NOT-FOR-US: AVEVA InTouch Runtime
CVE-2021-32941
@@ -30860,7 +30860,7 @@ CVE-2021-25661 (SmartVNC has an out-of-bounds memory access vulnerability that c
CVE-2021-25660 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
NOT-FOR-US: Siemens
CVE-2021-25659 (A vulnerability has been identified in Automation License Manager 5 (A ...)
- TODO: check
+ NOT-FOR-US: Automation License Manager
CVE-2021-25658
RESERVED
CVE-2021-25657
@@ -37670,11 +37670,11 @@ CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper validation
CVE-2021-22677 (An integer overflow exists in the APIs of the host MCU while trying to ...)
NOT-FOR-US: SimpleLink
CVE-2021-22676 (UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site sc ...)
- TODO: check
+ NOT-FOR-US: WebAccess/SCADA
CVE-2021-22675 (The affected product is vulnerable to integer overflow while parsing m ...)
NOT-FOR-US: SimpleLink
CVE-2021-22674 (The affected product is vulnerable to a relative path traversal condit ...)
- TODO: check
+ NOT-FOR-US: WebAccess/SCADA
CVE-2021-22673 (The affected product is vulnerable to stack-based buffer overflow whil ...)
NOT-FOR-US: SimpleLink
CVE-2021-22672 (Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 ...)
@@ -38257,9 +38257,9 @@ CVE-2021-22388 (There is an Integer Overflow Vulnerability in Huawei Smartphone.
CVE-2021-22387 (There is an Improper Control of Dynamically Managing Code Resources Vu ...)
NOT-FOR-US: Huawei
CVE-2021-22386 (A component of the Huawei smartphone has a Double Free vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Huawei / HarmonyOS
CVE-2021-22385 (A component of the Huawei smartphone has a External Control of System ...)
- TODO: check
+ NOT-FOR-US: Huawei / HarmonyOS
CVE-2021-22384 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...)
NOT-FOR-US: Huawei
CVE-2021-22383 (There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 ...)
@@ -39675,7 +39675,7 @@ CVE-2021-21742
CVE-2021-21741
RESERVED
CVE-2021-21740 (There is an information leak vulnerability in the digital media player ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21739 (A ZTE's product of the transport network access layer has a security v ...)
NOT-FOR-US: ZTE
CVE-2021-21738 (ZTE's big video business platform has two reflective cross-site script ...)
@@ -39982,11 +39982,11 @@ CVE-2021-21600 (Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resou
CVE-2021-21599
RESERVED
CVE-2021-21598 (Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive ...)
- TODO: check
+ NOT-FOR-US: Dell Wyse ThinOS
CVE-2021-21597 (Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclo ...)
- TODO: check
+ NOT-FOR-US: Dell Wyse ThinOS
CVE-2021-21596 (Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenMan ...)
- TODO: check
+ NOT-FOR-US: Dell OpenManage Enterprise
CVE-2021-21595
RESERVED
CVE-2021-21594
@@ -40008,9 +40008,9 @@ CVE-2021-21587 (Dell Wyse Management Suite versions 3.2 and earlier contain a fu
CVE-2021-21586 (Wyse Management Suite versions 3.2 and earlier contain an absolute pat ...)
NOT-FOR-US: Dell
CVE-2021-21585 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS comma ...)
- TODO: check
+ NOT-FOR-US: Dell OpenManage Enterprise
CVE-2021-21584 (Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modul ...)
- TODO: check
+ NOT-FOR-US: Dell OpenManage Enterprise
CVE-2021-21583
RESERVED
CVE-2021-21582
@@ -40044,13 +40044,13 @@ CVE-2021-21569
CVE-2021-21568
RESERVED
CVE-2021-21567 (Dell PowerScale OneFS 9.1.0.x contains an improper privilege managemen ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-21566
RESERVED
CVE-2021-21565 (Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of ...)
NOT-FOR-US: Dell
CVE-2021-21564 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-21563 (Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper C ...)
NOT-FOR-US: EMC
CVE-2021-21562 (Dell EMC PowerScale OneFS contains an untrusted search path vulnerabil ...)
@@ -52688,7 +52688,7 @@ CVE-2020-28399
CVE-2020-28398
RESERVED
CVE-2020-28397 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 (All versio ...)
NOT-FOR-US: Siemens
CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...)
@@ -63031,7 +63031,7 @@ CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the
CVE-2020-25083
RESERVED
CVE-2020-25082 (An attacker with physical access to Nuvoton Trusted Platform Module (N ...)
- TODO: check
+ NOT-FOR-US: Nuvoton
CVE-2020-25081
RESERVED
CVE-2020-25080
@@ -67281,13 +67281,13 @@ CVE-2020-23153
CVE-2020-23152
RESERVED
CVE-2020-23151 (rConfig 3.9.5 allows command injection by sending a crafted GET reques ...)
- TODO: check
+ NOT-FOR-US: rConfig
CVE-2020-23150 (A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allow ...)
- TODO: check
+ NOT-FOR-US: rConfig
CVE-2020-23149 (The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsaniti ...)
- TODO: check
+ NOT-FOR-US: rConfig
CVE-2020-23148 (The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsaniti ...)
- TODO: check
+ NOT-FOR-US: rConfig
CVE-2020-23147
RESERVED
CVE-2020-23146
@@ -372372,7 +372372,7 @@ CVE-2013-6278
CVE-2013-6277 (QNAP VioCard 300 has hardcoded RSA private keys. ...)
NOT-FOR-US: QNAP
CVE-2013-6276 (** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2013-6274
RESERVED
CVE-2013-6273
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9020259d5aaa8ed9ffa3f37169b7590c9e88a0a2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9020259d5aaa8ed9ffa3f37169b7590c9e88a0a2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210811/280a483b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list