[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 12 21:21:34 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bc230176 by Salvatore Bonaccorso at 2021-07-12T22:20:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -669,9 +669,9 @@ CVE-2021-36384
CVE-2021-36383 (Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0 ...)
TODO: check
CVE-2021-36382 (Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows ...)
- TODO: check
+ NOT-FOR-US: Devolutions Server
CVE-2021-36381 (In Edifecs Transaction Management through 2021-07-12, an unauthenticat ...)
- TODO: check
+ NOT-FOR-US: Edifecs
CVE-2021-36380
RESERVED
CVE-2021-36379
@@ -3589,7 +3589,7 @@ CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.
CVE-2021-35065
RESERVED
CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege escalation thro ...)
- TODO: check
+ NOT-FOR-US: KramerAV VIAWare
CVE-2021-35063
RESERVED
[experimental] - suricata 1:6.0.3-1~exp1
@@ -3683,7 +3683,7 @@ CVE-2021-35039 (kernel/module.c in the Linux kernel before 5.12.14 mishandles Si
CVE-2021-35038
RESERVED
CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnera ...)
- TODO: check
+ NOT-FOR-US: Jamf Pro
CVE-2021-35036
RESERVED
CVE-2021-35035
@@ -6401,7 +6401,7 @@ CVE-2021-33809
CVE-2021-33808
RESERVED
CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/d ...)
- TODO: check
+ NOT-FOR-US: Cartadis Gespage
CVE-2021-3579
RESERVED
CVE-2021-3578 [possible remote code execution in isync/mbsync]
@@ -22233,7 +22233,7 @@ CVE-2021-27295
CVE-2021-27294
RESERVED
CVE-2021-27293 (RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is ...)
- TODO: check
+ NOT-FOR-US: RestSharp
CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression ...)
- node-ua-parser-js 0.7.24+ds-1 (bug #985568)
[buster] - node-ua-parser-js <no-dsa> (Minor issue)
@@ -25256,7 +25256,7 @@ CVE-2021-26101
CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption service ...)
NOT-FOR-US: Fortiguard
CVE-2021-26099 (Missing cryptographic steps in the Identity-Based Encryption service o ...)
- TODO: check
+ NOT-FOR-US: FortiMail
CVE-2021-26098
RESERVED
CVE-2021-26097
@@ -25274,9 +25274,9 @@ CVE-2021-26092
CVE-2021-26091
RESERVED
CVE-2021-26090 (A missing release of memory after its effective lifetime vulnerability ...)
- TODO: check
+ NOT-FOR-US: FortiMail
CVE-2021-26089 (An improper symlink following in FortiClient for Mac 6.4.3 and below m ...)
- TODO: check
+ NOT-FOR-US: FortiClient
CVE-2021-26088 (An improper authentication vulnerability in FSSO Collector version 5.0 ...)
TODO: check
CVE-2021-26087
@@ -33555,7 +33555,7 @@ CVE-2021-22517
CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability in Micr ...)
NOT-FOR-US: Micro Focus Secure API Manager
CVE-2021-22515 (Multi-Factor Authentication (MFA) functionality can be bypassed, allow ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2021-22514 (An arbitrary code execution vulnerability exists in Micro Focus Applic ...)
NOT-FOR-US: Micro Focus
CVE-2021-22513 (Missing Authorization vulnerability in Micro Focus Application Automat ...)
@@ -66754,11 +66754,11 @@ CVE-2020-21135
CVE-2020-21134
RESERVED
CVE-2020-21133 (SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpasswor ...)
- TODO: check
+ NOT-FOR-US: Metinfo
CVE-2020-21132 (SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. ...)
- TODO: check
+ NOT-FOR-US: Metinfo
CVE-2020-21131 (SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language ...)
- TODO: check
+ NOT-FOR-US: Metinfo
CVE-2020-21130 (Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the grou ...)
NOT-FOR-US: HisiPHP
CVE-2020-21129
@@ -70651,7 +70651,7 @@ CVE-2020-19206
CVE-2020-19205
RESERVED
CVE-2020-19204 (Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 is affected ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2020-19203 (Netgate pfSense Community Edition 2.4.4 - p2 (arm64) is affected by: C ...)
TODO: check
CVE-2020-19202 (An authenticated Stored XSS (Cross-site Scripting) exists in the "capt ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc230176a768a7482f1b2bda16b4fd7d75b91fea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc230176a768a7482f1b2bda16b4fd7d75b91fea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210712/13f8bac8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list