[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 9 21:06:21 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5966c07a by Salvatore Bonaccorso at 2021-12-09T22:05:57+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -798,7 +798,7 @@ CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted wl
CVE-2021-44478
RESERVED
CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-21240
RESERVED
CVE-2022-21237
@@ -3763,7 +3763,7 @@ CVE-2021-43705
CVE-2021-43704
RESERVED
CVE-2021-43703 (An Incorrect Access Control vulnerability exists in zzcms less than or ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2021-43702
RESERVED
CVE-2021-43701
@@ -6055,7 +6055,7 @@ CVE-2021-43206
CVE-2021-43205
RESERVED
CVE-2021-43204 (A improper control of a resource through its lifetime in Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: firefly-iii
CVE-2021-3920 (grav-plugin-admin is vulnerable to Improper Neutralization of Input Du ...)
@@ -6117,9 +6117,9 @@ CVE-2021-43178
CVE-2021-43177
RESERVED
CVE-2021-43176 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...)
- TODO: check
+ NOT-FOR-US: GOautodial API
CVE-2021-43175 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...)
- TODO: check
+ NOT-FOR-US: GOautodial API
CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification of Obj ...)
- node-json-schema 0.4.0+~7.0.9-1 (bug #999765)
[bullseye] - node-json-schema <no-dsa> (Minor issue)
@@ -6355,19 +6355,19 @@ CVE-2021-43073
CVE-2021-43072
RESERVED
CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6. ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-43070
RESERVED
CVE-2021-43069
RESERVED
CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator version 6.4.0 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-43067 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
NOT-FOR-US: FortiGuard
CVE-2021-43066
RESERVED
CVE-2021-43065 (A incorrect permission assignment for critical resource in Fortinet Fo ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-43064 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
NOT-FOR-US: FortiGuard
CVE-2021-43063 (A improper neutralization of input during web page generation ('cross- ...)
@@ -7095,7 +7095,7 @@ CVE-2021-42761
CVE-2021-42760 (A improper neutralization of special elements used in an sql command ( ...)
NOT-FOR-US: FortiGuard
CVE-2021-42759 (A violation of secure design principles in Fortinet Meru AP version 8. ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-42758 (An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 a ...)
NOT-FOR-US: FortiGuard
CVE-2021-42757 (A buffer overflow [CWE-121] in the TFTP client library of FortiOS befo ...)
@@ -11304,7 +11304,7 @@ CVE-2021-3819 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ..
CVE-2021-3818 (grav is vulnerable to Reliance on Cookies without Validation and Integ ...)
NOT-FOR-US: Grav CMS
CVE-2021-3817 (wbce_cms is vulnerable to Improper Neutralization of Special Elements ...)
- TODO: check
+ NOT-FOR-US: wbce_cms
CVE-2021-41523
RESERVED
CVE-2021-41522
@@ -11466,7 +11466,7 @@ CVE-2021-41451
CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 al ...)
NOT-FOR-US: TP-Link
CVE-2021-41449 (A path traversal attack in web interfaces of Netgear RAX35, RAX38, and ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-41448
RESERVED
CVE-2021-41447
@@ -14298,13 +14298,13 @@ CVE-2021-40284 (D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overfl
CVE-2021-40283
RESERVED
CVE-2021-40282 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 202 ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2021-40281 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2021-40280 (An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2021-40279 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2021-40278
RESERVED
CVE-2021-40277
@@ -24132,7 +24132,7 @@ CVE-2021-36196
CVE-2021-36195 (Multiple command injection vulnerabilities in the command line interpr ...)
NOT-FOR-US: FortiGuard
CVE-2021-36194 (Multiple stack-based buffer overflows in the API controllers of FortiW ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-36193
RESERVED
CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
@@ -24142,7 +24142,7 @@ CVE-2021-36191 (A url redirection to untrusted site ('open redirect') in Fortine
CVE-2021-36190 (A unintended proxy or intermediary ('confused deputy') in Fortinet For ...)
NOT-FOR-US: FortiGuard
CVE-2021-36189 (A missing encryption of sensitive data in Fortinet FortiClientEMS vers ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-36188 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2021-36187 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0 ...)
@@ -24186,7 +24186,7 @@ CVE-2021-36169
CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...)
NOT-FOR-US: Fortinet
CVE-2021-36167 (An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windo ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-36166
RESERVED
CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by c ...)
@@ -45185,7 +45185,7 @@ CVE-2021-27862
CVE-2021-27861
RESERVED
CVE-2021-27860 (A vulnerability in the web management interface of FatPipe WARP, IPVPN ...)
- TODO: check
+ NOT-FOR-US: FatPipe
CVE-2021-27859
RESERVED
CVE-2021-27858
@@ -54835,13 +54835,13 @@ CVE-2021-23864
CVE-2021-23863
RESERVED
CVE-2021-23862 (A crafted configuration packet sent by an authenticated administrative ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23861 (By executing a special command, an user with administrative rights can ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23860 (An error in a page handler of the VRM may lead to a reflected cross si ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23859 (An unauthenticated attacker is able to send a special HTTP request, th ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23858 (Information disclosure: The main configuration, including users and th ...)
NOT-FOR-US: Bosch
CVE-2021-23857 (Login with hash: The login routine allows the client to log in to the ...)
@@ -59179,9 +59179,9 @@ CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server
CVE-2021-21956
RESERVED
CVE-2021-21955 (An authentication bypass vulnerability exists in the get_aes_key_info_ ...)
- TODO: check
+ NOT-FOR-US: Anker Eufy Homebase
CVE-2021-21954 (A command execution vulnerability exists in the wifi_country_code_upda ...)
- TODO: check
+ NOT-FOR-US: Anker Eufy Homebase
CVE-2021-21953
RESERVED
CVE-2021-21952
@@ -95164,9 +95164,9 @@ CVE-2020-19685
CVE-2020-19684
RESERVED
CVE-2020-19683 (A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile a ...)
- TODO: check
+ NOT-FOR-US: zzzcms
CVE-2020-19682 (A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7 ...)
- TODO: check
+ NOT-FOR-US: zzzcms
CVE-2020-19681
RESERVED
CVE-2020-19680
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5966c07a80142710d42bdad78a7f72d9eae65c85
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5966c07a80142710d42bdad78a7f72d9eae65c85
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211209/97f8da50/attachment.htm>
More information about the debian-security-tracker-commits
mailing list