[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 13 14:11:00 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
467f281f by Salvatore Bonaccorso at 2021-08-13T15:10:24+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2021-38608
CVE-2021-38607
RESERVED
CVE-2021-38606 (reNgine through 0.5 relies on a predictable directory name. ...)
- TODO: check
+ NOT-FOR-US: reNgine
CVE-2021-38605
RESERVED
CVE-2021-38604 (In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/s ...)
@@ -29,7 +29,7 @@ CVE-2021-38601
CVE-2021-38600
RESERVED
CVE-2021-38599 (WAL-G before 1.1, when a non-libsodium build (e.g., one of the officia ...)
- TODO: check
+ NOT-FOR-US: WAL-G
CVE-2021-38598
RESERVED
CVE-2021-38597 (wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain si ...)
@@ -534,7 +534,7 @@ CVE-2021-38368
CVE-2021-38367
RESERVED
CVE-2021-38366 (Sitecore through 10.1, when Update Center is enabled, allows remote au ...)
- TODO: check
+ NOT-FOR-US: Sitecore
CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remo ...)
NOT-FOR-US: Winner (aka ToneWinner) desktop speakers
CVE-2021-3698
@@ -1257,11 +1257,11 @@ CVE-2021-3682 (A flaw was found in the USB redirector device emulation of QEMU i
NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/b2d1fe67d09d2b6c7da647fbcea6ca0148c206d3 (v1.4.0-rc0)
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/5e796671e6b8d5de4b0b423dce1b3eba144a92c9 (v6.1.0-rc2)
CVE-2021-38088 (Acronis Cyber Protect 15 for Windows prior to build 27009 allowed loca ...)
- TODO: check
+ NOT-FOR-US: Acronis Cyber Protect
CVE-2021-38087 (Reflected cross-site scripting (XSS) was possible on the login page in ...)
- TODO: check
+ NOT-FOR-US: Acronis Cyber Protect
CVE-2021-38086 (Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis ...)
- TODO: check
+ NOT-FOR-US: Acronis Cyber Protect
CVE-2021-38085 (The Canon TR150 print driver through 3.71.2.10 is vulnerable to a priv ...)
NOT-FOR-US: Canon
CVE-2021-38084 (An issue was discovered in the POP3 component of Courier Mail Server b ...)
@@ -3701,7 +3701,7 @@ CVE-2021-36960
CVE-2021-36959
RESERVED
CVE-2021-36958 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36957
RESERVED
CVE-2021-36956
@@ -3717,43 +3717,43 @@ CVE-2021-36952
CVE-2021-36951
RESERVED
CVE-2021-36950 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36949 (Microsoft Azure Active Directory Connect Authentication Bypass Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36948 (Windows Update Medic Service Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36947 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36946 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36945 (Windows 10 Update Assistant Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36944
RESERVED
CVE-2021-36943 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36942 (Windows LSA Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36941 (Microsoft Word Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36940 (Microsoft SharePoint Server Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36939
RESERVED
CVE-2021-36938 (Windows Cryptographic Primitives Library Information Disclosure Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36937 (Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36936 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36935
RESERVED
CVE-2021-36934 (Windows Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-36933 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36932 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36931
RESERVED
CVE-2021-36930
@@ -3763,9 +3763,9 @@ CVE-2021-36929
CVE-2021-36928
RESERVED
CVE-2021-36927 (Windows Digital TV Tuner device registration application Elevation of ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36926 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-36925
RESERVED
CVE-2021-36924
@@ -6076,7 +6076,7 @@ CVE-2021-35957 (Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does
CVE-2021-35956 (Stored cross-site scripting (XSS) in the embedded webserver of AKCP se ...)
NOT-FOR-US: AKCP sensorProbe
CVE-2021-35955 (Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML fi ...)
- TODO: check
+ NOT-FOR-US: Contao CMS
CVE-2021-35954
RESERVED
CVE-2021-35953
@@ -9271,21 +9271,21 @@ CVE-2021-34538
CVE-2019-25046 (The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11 ...)
NOT-FOR-US: Cerberus FTP Server Enterprise
CVE-2021-34537 (Windows Bluetooth Driver Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34536 (Storage Spaces Controller Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34535 (Remote Desktop Client Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34534 (Windows MSHTML Platform Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34533 (Windows Graphics Component Font Parsing Remote Code Execution Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34532 (ASP.NET Core and Visual Studio Information Disclosure Vulnerability ...)
TODO: check
CVE-2021-34531
RESERVED
CVE-2021-34530 (Windows Graphics Component Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34529 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2021-34528 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
@@ -9297,7 +9297,7 @@ CVE-2021-34526
CVE-2021-34525 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2021-34524 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34523 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...)
NOT-FOR-US: Microsoft
CVE-2021-34522 (Microsoft Defender Remote Code Execution Vulnerability This CVE ID is ...)
@@ -9371,25 +9371,25 @@ CVE-2021-34489 (DirectWrite Remote Code Execution Vulnerability ...)
CVE-2021-34488 (Windows Console Driver Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-34487 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34486 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34485 (.NET Core and Visual Studio Information Disclosure Vulnerability ...)
TODO: check
CVE-2021-34484 (Windows User Profile Service Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34483 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34482
RESERVED
CVE-2021-34481 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-34480 (Scripting Engine Memory Corruption Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34479 (Microsoft Visual Studio Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-34478 (Microsoft Office Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34477 (Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-34476 (Bowser.sys Denial of Service Vulnerability ...)
@@ -9403,7 +9403,7 @@ CVE-2021-34473 (Microsoft Exchange Server Remote Code Execution Vulnerability Th
CVE-2021-34472
RESERVED
CVE-2021-34471 (Microsoft Windows Defender Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-34470 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...)
NOT-FOR-US: Microsoft
CVE-2021-34469 (Microsoft Office Security Feature Bypass Vulnerability ...)
@@ -11035,7 +11035,7 @@ CVE-2021-33764 (Windows Key Distribution Center Information Disclosure Vulnerabi
CVE-2021-33763 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
NOT-FOR-US: Microsoft
CVE-2021-33762 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-33761 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
NOT-FOR-US: Microsoft
CVE-2021-33760 (Media Foundation Information Disclosure Vulnerability ...)
@@ -12723,7 +12723,7 @@ CVE-2021-33045
CVE-2021-33044
RESERVED
CVE-2020-36363 (Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_C ...)
- TODO: check
+ NOT-FOR-US: Amazon AWS CloudFront
CVE-2021-3554
RESERVED
CVE-2021-3553
@@ -16187,7 +16187,7 @@ CVE-2021-31700
CVE-2021-31699
RESERVED
CVE-2021-31698 (Quectel EG25-G devices through 202006130814 allow executing arbitrary ...)
- TODO: check
+ NOT-FOR-US: Quectel EG25-G devices
CVE-2021-31697
RESERVED
CVE-2021-31696
@@ -22193,7 +22193,7 @@ CVE-2021-29379 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Lin
CVE-2021-29378
RESERVED
CVE-2021-29377 (Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Pear Admin Think
CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...)
- ircii-pana <removed>
- ircii 20210314-1 (bug #986214)
@@ -23343,7 +23343,7 @@ CVE-2021-28892
CVE-2021-28891
RESERVED
CVE-2021-28890 (J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via th ...)
- TODO: check
+ NOT-FOR-US: J2eeFAST
CVE-2021-28889
RESERVED
CVE-2021-28888
@@ -29238,25 +29238,25 @@ CVE-2021-26435
CVE-2021-26434
RESERVED
CVE-2021-26433 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26432 (Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26431 (Windows Recovery Environment Agent Elevation of Privilege Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26430 (Azure Sphere Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26429 (Azure Sphere Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26428 (Azure Sphere Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26427
RESERVED
CVE-2021-26426 (Windows User Account Profile Picture Elevation of Privilege Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26425 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26424 (Windows TCP/IP Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26423 (.NET Core and Visual Studio Denial of Service Vulnerability ...)
TODO: check
CVE-2021-26422 (Skype for Business and Lync Remote Code Execution Vulnerability ...)
@@ -39458,7 +39458,7 @@ CVE-2021-22100
CVE-2021-22099
RESERVED
CVE-2021-22098 (UAA server versions prior to 75.4.0 are vulnerable to an open redirect ...)
- TODO: check
+ NOT-FOR-US: UAA server
CVE-2021-22097
RESERVED
CVE-2021-22096
@@ -44595,7 +44595,7 @@ CVE-2021-20511 (IBM Security Verify Access Docker 10.0.0 could allow a remote at
CVE-2021-20510 (IBM Security Verify Access Docker 10.0.0 stores user credentials in pl ...)
NOT-FOR-US: IBM
CVE-2021-20509 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-20508
RESERVED
CVE-2021-20507 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
@@ -52633,23 +52633,23 @@ CVE-2021-1116
CVE-2021-1115
RESERVED
CVE-2021-1114 (NVIDIA Linux kernel distributions contain a vulnerability in the kerne ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-1113 (NVIDIA camera firmware contains a vulnerability where an unauthorized ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-1112 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap, wh ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-1111 (Bootloader contains a vulnerability in the NV3P server where any user ...)
TODO: check
CVE-2021-1110 (NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerabi ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-1109 (NVIDIA camera firmware contains a multistep, timing-related vulnerabil ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-1108 (NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capt ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-1107 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVM ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-1106 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap, wh ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-1105
RESERVED
CVE-2021-1104
@@ -55307,7 +55307,7 @@ CVE-2020-28167
CVE-2020-28166
RESERVED
CVE-2020-28165 (The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary f ...)
- TODO: check
+ NOT-FOR-US: EasyCorp ZenTao PMS
CVE-2020-28164
RESERVED
CVE-2020-28163
@@ -64781,7 +64781,7 @@ CVE-2020-24578 (An issue was discovered on D-Link DSL-2888A devices with firmwar
CVE-2020-24577 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
NOT-FOR-US: D-Link
CVE-2020-24576 (Netskope Client through 77 allows low-privileged users to elevate thei ...)
- TODO: check
+ NOT-FOR-US: Netskope Client
CVE-2020-24575
RESERVED
CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.20 ...)
@@ -72330,11 +72330,11 @@ CVE-2020-20992
CVE-2020-20991
RESERVED
CVE-2020-20990 (A cross site scripting (XSS) vulnerability in the /segments/edit.php c ...)
- TODO: check
+ NOT-FOR-US: DomainMOD
CVE-2020-20989 (A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmo ...)
- TODO: check
+ NOT-FOR-US: DomainMOD
CVE-2020-20988 (A cross site scripting (XSS) vulnerability in the /domains/cost-by-own ...)
- TODO: check
+ NOT-FOR-US: DomainMOD
CVE-2020-20987
RESERVED
CVE-2020-20986
@@ -72348,19 +72348,19 @@ CVE-2020-20983
CVE-2020-20982
RESERVED
CVE-2020-20981 (A SQL injection in the /admin/?n=logs&c=index&a=dolist compone ...)
- TODO: check
+ NOT-FOR-US: Metinfo
CVE-2020-20980
RESERVED
CVE-2020-20979 (An arbitrary file upload vulnerability in the move_uploaded_file() fun ...)
- TODO: check
+ NOT-FOR-US: LJCMS
CVE-2020-20978
RESERVED
CVE-2020-20977 (A stored cross site scripting (XSS) vulnerability in index.php/legend/ ...)
- TODO: check
+ NOT-FOR-US: UK CMS
CVE-2020-20976
RESERVED
CVE-2020-20975 (In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: Gxlcms
CVE-2020-20974
RESERVED
CVE-2020-20973
@@ -77472,45 +77472,45 @@ CVE-2020-18466
CVE-2020-18465
RESERVED
CVE-2020-18464 (Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in vid ...)
- TODO: check
+ NOT-FOR-US: AikCms
CVE-2020-18463 (Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in vi ...)
TODO: check
CVE-2020-18462 (File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because t ...)
- TODO: check
+ NOT-FOR-US: AikCms
CVE-2020-18461
RESERVED
CVE-2020-18460 (Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0. ...)
- TODO: check
+ NOT-FOR-US: 711cms
CVE-2020-18459
RESERVED
CVE-2020-18458 (Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0 ...)
- TODO: check
+ NOT-FOR-US: DamiCMS
CVE-2020-18457 (Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 ...)
- TODO: check
+ NOT-FOR-US: bycms
CVE-2020-18456 (Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2020-18455 (Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via th ...)
- TODO: check
+ NOT-FOR-US: bycms
CVE-2020-18454 (Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admi ...)
- TODO: check
+ NOT-FOR-US: bycms
CVE-2020-18453
RESERVED
CVE-2020-18452
RESERVED
CVE-2020-18451 (Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via ...)
- TODO: check
+ NOT-FOR-US: DamiCMS
CVE-2020-18450
RESERVED
CVE-2020-18449 (Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via d ...)
- TODO: check
+ NOT-FOR-US: UKCMS
CVE-2020-18448
RESERVED
CVE-2020-18447
RESERVED
CVE-2020-18446 (Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via t ...)
- TODO: check
+ NOT-FOR-US: YUNUCMS
CVE-2020-18445 (Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via t ...)
- TODO: check
+ NOT-FOR-US: YUNUCMS
CVE-2020-18444
RESERVED
CVE-2020-18443
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/467f281f27c8db766fbb0e1a77e53440c08c44dd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/467f281f27c8db766fbb0e1a77e53440c08c44dd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210813/2f527946/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list