[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 20 08:37:13 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0928505e by Salvatore Bonaccorso at 2021-12-20T09:36:44+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -455,11 +455,11 @@ CVE-2021-4134
CVE-2021-4133
RESERVED
CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
- TODO: check
+ NOT-FOR-US: livehelperchat
CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: livehelperchat
CVE-2021-4130 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: snipe-it
CVE-2021-4129
RESERVED
CVE-2021-4128
@@ -551,7 +551,7 @@ CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before
- condor <unfixed>
NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/
CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistan ...)
- TODO: check
+ NOT-FOR-US: Home Assistant Community Add-on: SSH & Web Terminal
CVE-2021-45098 (An issue was discovered in Suricata before 6.0.4. It is possible to by ...)
- suricata 1:6.0.4-1
[bullseye] - suricata <no-dsa> (Minor issue)
@@ -942,9 +942,9 @@ CVE-2022-21833
CVE-2021-45043 (HD-Network Real-time Monitoring System 2.0 allows ../ directory traver ...)
NOT-FOR-US: HD-Network Real-time Monitoring System
CVE-2021-45042 (In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8 ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2021-45041 (SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL i ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2021-4110 (mruby is vulnerable to NULL Pointer Dereference ...)
- mruby <unfixed> (bug #1001768)
[stretch] - mruby <postponed> (revisit when/if fix is complete)
@@ -2886,11 +2886,11 @@ CVE-2021-44319
CVE-2021-44318
RESERVED
CVE-2021-44317 (In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us ...)
- TODO: check
+ NOT-FOR-US: Bus Pass Management System
CVE-2021-44316
RESERVED
CVE-2021-44315 (In Bus Pass Management System v1.0, Directory Listing/Browsing is enab ...)
- TODO: check
+ NOT-FOR-US: Bus Pass Management System
CVE-2021-44314
RESERVED
CVE-2021-44313
@@ -3743,7 +3743,7 @@ CVE-2021-44037 (Team Password Manager (aka TeamPasswordManager) before 10.135.23
CVE-2021-44036 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 has ...)
NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
CVE-2021-44035 (Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads ...)
- TODO: check
+ NOT-FOR-US: Wolters Kluwer TeamMate AM
CVE-2021-3982 [Distributions using CAP_SYS_NICE in gnome-shell may be exposed to privilege escalation]
RESERVED
- gnome-shell <not-affected> (Debian packaging does not set cap_sys_nice+ep on gnome-shell binary)
@@ -5589,7 +5589,7 @@ CVE-2021-43680
CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...)
NOT-FOR-US: ecshop
CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vul ...)
- TODO: check
+ NOT-FOR-US: Wechat-php-sdk
CVE-2021-43677
RESERVED
CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...)
@@ -8568,7 +8568,7 @@ CVE-2021-42914
CVE-2021-42913
RESERVED
CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command inj ...)
- TODO: check
+ NOT-FOR-US: FiberHome ONU GPON AN5506-04-F RP2617
CVE-2021-42911
RESERVED
CVE-2021-42910
@@ -9311,7 +9311,7 @@ CVE-2021-42586
CVE-2021-42585
RESERVED
CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before ...)
- TODO: check
+ NOT-FOR-US: Convos-Chat
CVE-2021-42583
RESERVED
CVE-2021-42582
@@ -11417,7 +11417,7 @@ CVE-2021-42218
CVE-2021-42217
RESERVED
CVE-2021-42216 (A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via ...)
- TODO: check
+ NOT-FOR-US: AnonAddy
CVE-2021-42215
RESERVED
CVE-2021-42214
@@ -12061,7 +12061,7 @@ CVE-2021-41964
CVE-2021-41963
RESERVED
CVE-2021-41962 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehi ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-41961
RESERVED
CVE-2021-41960
@@ -12317,7 +12317,7 @@ CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret
CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate and sanit ...)
NOT-FOR-US: Crocoblock JetEngine
CVE-2021-41843 (An authenticated SQL injection issue in the calendar search function o ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2021-41842
RESERVED
CVE-2021-41841
@@ -13278,7 +13278,7 @@ CVE-2021-41453
CVE-2021-41452
RESERVED
CVE-2021-41451 (An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 al ...)
NOT-FOR-US: TP-Link
CVE-2021-41449 (A path traversal attack in web interfaces of Netgear RAX35, RAX38, and ...)
@@ -14309,7 +14309,7 @@ CVE-2021-41030 (An authentication bypass by capture-replay vulnerability [CWE-29
CVE-2021-41029 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2021-41028 (A combination of a use of hard-coded cryptographic key vulnerability [ ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-41027 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6 ...)
NOT-FOR-US: FortiGuard
CVE-2021-41026
@@ -14709,13 +14709,13 @@ CVE-2021-40855
CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...)
NOT-FOR-US: AnyDesk
CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...)
- TODO: check
+ NOT-FOR-US: TCMAN GIM
CVE-2021-40852 (TCMAN GIM is affected by an open redirect vulnerability. This vulnerab ...)
- TODO: check
+ NOT-FOR-US: TCMAN GIM
CVE-2021-40851 (TCMAN GIM is vulnerable to a lack of authorization in all available we ...)
- TODO: check
+ NOT-FOR-US: TCMAN GIM
CVE-2021-40850 (TCMAN GIM is vulnerable to a SQL injection vulnerability inside severa ...)
- TODO: check
+ NOT-FOR-US: TCMAN GIM
CVE-2021-40849 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account a ...)
- mahara <removed>
CVE-2021-40848 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV ...)
@@ -23461,7 +23461,7 @@ CVE-2021-37264
CVE-2021-37263
RESERVED
CVE-2021-37262 (JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Den ...)
- TODO: check
+ NOT-FOR-US: JFinal_cms
CVE-2021-37261
RESERVED
CVE-2021-37260
@@ -34913,11 +34913,11 @@ CVE-2021-32501
CVE-2021-32500
RESERVED
CVE-2021-32499 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...)
- TODO: check
+ NOT-FOR-US: SICK SOPAS ET
CVE-2021-32498 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...)
- TODO: check
+ NOT-FOR-US: SICK SOPAS ET
CVE-2021-32497 (SICK SOPAS ET before version 4.8.0 allows attackers to wrap any execut ...)
- TODO: check
+ NOT-FOR-US: SICK SOPAS ET
CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inad ...)
NOT-FOR-US: SICK Visionary-S CX
CVE-2021-32495
@@ -49472,7 +49472,7 @@ CVE-2021-26802
CVE-2021-26801
RESERVED
CVE-2021-26800 (Cross Site Request Forgery (CSRF) vulnerability in Change-password.php ...)
- TODO: check
+ NOT-FOR-US: phpgurukul
CVE-2021-26799 (Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka ...)
NOT-FOR-US: Omeka
CVE-2021-26798
@@ -53322,7 +53322,7 @@ CVE-2021-25314 (A Creation of Temporary File With Insecure Permissions vulnerabi
CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...)
NOT-FOR-US: Rancher
CVE-2021-3179 (GGLocker iOS application, contains an insecure data storage of the pas ...)
- TODO: check
+ NOT-FOR-US: GGLocker iOS application
CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, w ...)
{DLA-2586-1}
- linux 5.10.12-1 (unimportant)
@@ -60806,7 +60806,7 @@ CVE-2021-22056
CVE-2021-22055
RESERVED
CVE-2021-22054 (VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 pr ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2021-22053 (Applications using both `spring-cloud-netflix-hystrix-dashboard` and ` ...)
NOT-FOR-US: spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf
CVE-2021-22052
@@ -65926,11 +65926,11 @@ CVE-2021-20610 (Improper Handling of Length Parameter Inconsistency vulnerabilit
CVE-2021-20609 (Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20608 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2021-20607 (Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versi ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2021-20606 (Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 vers ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2021-20605 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20604 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
@@ -100273,13 +100273,13 @@ CVE-2020-18083
CVE-2020-18082
RESERVED
CVE-2020-18081 (The checkuser function of SEMCMS 3.8 was discovered to contain a vulne ...)
- TODO: check
+ NOT-FOR-US: SEMCMS
CVE-2020-18080
RESERVED
CVE-2020-18079
RESERVED
CVE-2020-18078 (A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attack ...)
- TODO: check
+ NOT-FOR-US: SEMCMS
CVE-2020-18077 (A buffer overflow vulnerability in the Virtual Path Mapping component ...)
TODO: check
CVE-2020-18076
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0928505e912f2beb9521f5c65e6f7b6ebbcb0c51
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0928505e912f2beb9521f5c65e6f7b6ebbcb0c51
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211220/4c74fcff/attachment.htm>
More information about the debian-security-tracker-commits
mailing list