[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 9 08:30:53 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a4c266a8 by Salvatore Bonaccorso at 2021-12-09T09:30:31+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6857,7 +6857,7 @@ CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of
NOTE: https://github.com/tidwall/gjson/issues/236
NOTE: https://github.com/tidwall/gjson/issues/237
CVE-2021-42835 (An issue was discovered in Plex Media Server through 1.24.4.5081-e362d ...)
- TODO: check
+ NOT-FOR-US: Plex Media Server
CVE-2021-42834
RESERVED
CVE-2021-42833
@@ -9755,7 +9755,7 @@ CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS t
CVE-2021-42111 (An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 fo ...)
NOT-FOR-US: RCDevs OpenOTP app
CVE-2021-42110 (An issue was discovered in Allegro Windows (formerly Popsy Windows) be ...)
- TODO: check
+ NOT-FOR-US: Allegro Windows
CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
NOT-FOR-US: bookstack
CVE-2021-3873
@@ -12419,7 +12419,7 @@ CVE-2021-41027 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1
CVE-2021-41026
RESERVED
CVE-2021-41025 (Multiple vulnerabilities in the authentication mechanism of confd in F ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-41024 (A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7 ...)
NOT-FOR-US: FortiGuard
CVE-2021-41023 (A unprotected storage of credentials in Fortinet FortiSIEM Windows Age ...)
@@ -12435,7 +12435,7 @@ CVE-2021-41019 (An improper validation of certificate with host mismatch [CWE-29
CVE-2021-41018
RESERVED
CVE-2021-41017 (Multiple heap-based buffer overflow vulnerabilities in some web API co ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-41016
RESERVED
CVE-2021-41015 (A improper neutralization of input during web page generation ('cross- ...)
@@ -12796,9 +12796,9 @@ CVE-2021-40863
CVE-2021-40862 (HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoi ...)
NOT-FOR-US: HashiCorp Terraform Enterprise
CVE-2021-40861 (A SQL Injection in the custom filter query component in Genesys intell ...)
- TODO: check
+ NOT-FOR-US: Genesys
CVE-2021-40860 (A SQL Injection in the custom filter query component in Genesys intell ...)
- TODO: check
+ NOT-FOR-US: Genesys
CVE-2021-40859 (Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B dev ...)
NOT-FOR-US: Auerswald
CVE-2021-40858
@@ -24051,7 +24051,7 @@ CVE-2021-36197
CVE-2021-36196
RESERVED
CVE-2021-36195 (Multiple command injection vulnerabilities in the command line interpr ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-36194
RESERVED
CVE-2021-36193
@@ -24095,7 +24095,7 @@ CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in Fo
CVE-2021-36174 (A memory allocation with excessive size value vulnerability in the lic ...)
NOT-FOR-US: Fortiguard
CVE-2021-36173 (A heap-based buffer overflow in the firmware signature verification fu ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-36172 (An improper restriction of XML external entity reference vulnerability ...)
NOT-FOR-US: Fortiguard
CVE-2021-36171
@@ -59095,7 +59095,7 @@ CVE-2021-21959
CVE-2021-21958
RESERVED
CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...)
- TODO: check
+ NOT-FOR-US: Dream Report ODS Remote Connector
CVE-2021-21956
RESERVED
CVE-2021-21955
@@ -59107,9 +59107,9 @@ CVE-2021-21953
CVE-2021-21952
RESERVED
CVE-2021-21951 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
- TODO: check
+ NOT-FOR-US: Anker Eufy Homebase
CVE-2021-21950 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
- TODO: check
+ NOT-FOR-US: Anker Eufy Homebase
CVE-2021-21949
RESERVED
CVE-2021-21948
@@ -77670,7 +77670,7 @@ CVE-2020-27418
CVE-2020-27417
RESERVED
CVE-2020-27416 (Mahavitaran android application 7.50 and prior are affected by account ...)
- TODO: check
+ NOT-FOR-US: Mahavitaran android application
CVE-2020-27415
RESERVED
CVE-2020-27414 (Mahavitaran android application 7.50 and prior transmit sensitive info ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4c266a85e99ace2cac059a166bba4ccd7701d5d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4c266a85e99ace2cac059a166bba4ccd7701d5d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211209/4be4809f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list