[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 13 21:19:40 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c978e422 by Salvatore Bonaccorso at 2021-08-13T22:19:16+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -103,11 +103,11 @@ CVE-2021-38623 (The deferred_image_processing (aka Deferred image processing) ex
CVE-2021-38622
RESERVED
CVE-2021-38621 (The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index ...)
- TODO: check
+ NOT-FOR-US: Agora Flat Server
CVE-2021-38620
RESERVED
CVE-2021-38619 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...)
- TODO: check
+ NOT-FOR-US: openBaraza HCM
CVE-2021-38618
RESERVED
CVE-2021-38617
@@ -195,7 +195,7 @@ CVE-2021-38585 (The WHM Locale Upload feature in cPanel before 98.0.1 allows uns
CVE-2021-38584 (The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attac ...)
NOT-FOR-US: cPanel
CVE-2021-38583 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...)
- TODO: check
+ NOT-FOR-US: openBaraza HCM
CVE-2021-38582
RESERVED
CVE-2021-38581
@@ -261,9 +261,9 @@ CVE-2021-38556
CVE-2021-38555
RESERVED
CVE-2021-38554 (HashiCorp Vault and Vault Enterprise’s UI erroneously cached and ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2021-38553 (HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized a ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2021-38552
RESERVED
CVE-2021-38551
@@ -2214,7 +2214,7 @@ CVE-2021-37705
CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...)
TODO: check
CVE-2021-37703 (Discourse is an open-source platform for community discussion. In Disc ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2021-37702
RESERVED
CVE-2021-37701
@@ -2236,7 +2236,7 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content
CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...)
TODO: check
CVE-2021-37693 (Discourse is an open-source platform for community discussion. In Disc ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2021-37692 (TensorFlow is an end-to-end open source platform for machine learning. ...)
- tensorflow <itp> (bug #804612)
CVE-2021-37691 (TensorFlow is an end-to-end open source platform for machine learning. ...)
@@ -2476,7 +2476,7 @@ CVE-2021-37588 (In Charm 0.43, any two users can collude to achieve the ability
CVE-2021-37587 (In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 dat ...)
NOT-FOR-US: Charm
CVE-2021-37586 (The PowerPlay Web component of Mitel Interaction Recording Multitenanc ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2021-37585
RESERVED
CVE-2021-37584
@@ -2972,27 +2972,27 @@ CVE-2021-37355
CVE-2021-37354
RESERVED
CVE-2021-37353 (Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-37352 (An open redirect vulnerability exists in Nagios XI before version 5.8. ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-37351 (Nagios XI before version 5.8.5 is vulnerable to insecure permissions a ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-37350 (Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerab ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-37349 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-37348 (Nagios XI before version 5.8.5 is vulnerable to local file inclusion t ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-37347 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-37346 (Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remo ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-37345 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-37344 (Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote c ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-37343 (A path traversal vulnerability exists in Nagios XI below version 5.8.5 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-37342
RESERVED
CVE-2021-37341
@@ -3656,7 +3656,7 @@ CVE-2021-37030
CVE-2021-37029
RESERVED
CVE-2021-37028 (There is a command injection vulnerability in the HG8045Q product. Whe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37027
RESERVED
CVE-2021-37026
@@ -5138,7 +5138,7 @@ CVE-2021-36382 (Devolutions Server before 2021.1.18, and LTS before 2020.3.20, a
CVE-2021-36381 (In Edifecs Transaction Management through 2021-07-12, an unauthenticat ...)
NOT-FOR-US: Edifecs
CVE-2021-36380 (Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command I ...)
- TODO: check
+ NOT-FOR-US: Sunhillo SureLine
CVE-2021-36379
REJECTED
CVE-2021-36378
@@ -9708,7 +9708,7 @@ CVE-2021-34400
CVE-2021-34399
RESERVED
CVE-2021-34398 (NVIDIA DCGM contains a vulnerability in the DIAG module where any user ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-34397 (Bootloader contains a vulnerability in NVIDIA MB2, which may cause fre ...)
NOT-FOR-US: NVIDIA
CVE-2021-34396 (Bootloader contains a vulnerability in access permission settings wher ...)
@@ -15130,15 +15130,15 @@ CVE-2021-32073 (DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a rem
CVE-2021-32072 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
TODO: check
CVE-2021-32071 (The MiCollab Client service in Mitel MiCollab before 9.3 could allow a ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2021-32070 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2021-32069 (The AWV component of Mitel MiCollab before 9.3 could allow an attacker ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2021-32068 (The AWV and MiCollab Client Service components in Mitel MiCollab befor ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2021-32067 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
@@ -17082,7 +17082,7 @@ CVE-2021-31401
CVE-2021-31400
RESERVED
CVE-2021-31399 (On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the ...)
- TODO: check
+ NOT-FOR-US: On 2N Access Unit devices
CVE-2021-31398
RESERVED
CVE-2021-31397
@@ -26282,7 +26282,7 @@ CVE-2021-27743
CVE-2021-27742
RESERVED
CVE-2021-27741 (" Security vulnerability in HCL Commerce Management Center allowing XM ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2021-27740
RESERVED
CVE-2021-27739
@@ -27015,9 +27015,9 @@ CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow
CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-b ...)
NOT-FOR-US: Askey devices
CVE-2021-27402 (The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an u ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2021-27401 (The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 coul ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2021-27400 (HashiCorp Vault and Vault Enterprise Cassandra integrations (storage b ...)
NOT-FOR-US: HashiCorp Vault and Vault Enterprise
CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has one out ...)
@@ -29153,7 +29153,7 @@ CVE-2021-3354
CVE-2021-3353
RESERVED
CVE-2021-3352 (The Software Development Kit in Mitel MiContact Center Business from 8 ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2021-3351 (OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device ...)
NOT-FOR-US: OpenPLC
CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c978e4224374c5bcb05f4674fe2d79607bb829f5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c978e4224374c5bcb05f4674fe2d79607bb829f5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210813/9dfcf6d6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list