[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 15 21:30:08 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
083bc345 by Salvatore Bonaccorso at 2021-07-15T22:29:20+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3734,7 +3734,7 @@ CVE-2021-35058
CVE-2021-35057
RESERVED
CVE-2021-35056 (Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an un ...)
- TODO: check
+ NOT-FOR-US: Unisys
CVE-2021-35055
RESERVED
CVE-2020-36393
@@ -4223,13 +4223,13 @@ CVE-2021-34832
CVE-2021-34831
RESERVED
CVE-2021-34830 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-34829 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-34828 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-34827 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-3608 [pvrdma: uninitialized memory unmap in pvrdma_ring_init()]
RESERVED
- qemu <unfixed> (bug #990563)
@@ -32277,9 +32277,9 @@ CVE-2021-3045
CVE-2021-3044 (An improper authorization vulnerability in Palo Alto Networks Cortex X ...)
NOT-FOR-US: Palo Alto Networks
CVE-2021-3043 (A reflected cross-site scripting (XSS) vulnerability exists in the Pri ...)
- TODO: check
+ NOT-FOR-US: Prisma Cloud Compute web console (Palo Alto Networks)
CVE-2021-3042 (A local privilege escalation (PE) vulnerability exists in the Palo Alt ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3041 (A local privilege escalation vulnerability exists in the Palo Alto Net ...)
NOT-FOR-US: Palo Alto Networks
CVE-2021-3040 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...)
@@ -35771,9 +35771,9 @@ CVE-2021-21589 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0
CVE-2021-21588 (Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vu ...)
NOT-FOR-US: EMC
CVE-2021-21587 (Dell Wyse Management Suite versions 3.2 and earlier contain a full pat ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-21586 (Wyse Management Suite versions 3.2 and earlier contain an absolute pat ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-21585
RESERVED
CVE-2021-21584
@@ -56934,7 +56934,7 @@ CVE-2020-25738 (CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows atta
CVE-2020-25737 (An elevation of privilege vulnerability exists in Hackolade versions p ...)
NOT-FOR-US: Hackolade
CVE-2020-25736 (Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2020-25735 (webTareas through 2.1 allows XSS in clients/editclient.php, extensions ...)
NOT-FOR-US: webTareas
CVE-2020-25734 (webTareas through 2.1 allows files/Default/ Directory Listing. ...)
@@ -57518,7 +57518,7 @@ CVE-2020-25595 (An issue was discovered in Xen through 4.14.x. The PCI passthrou
CVE-2020-25594 (HashiCorp Vault and Vault Enterprise allowed for enumeration of Secret ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-25593 (Acronis True Image through 2021 on macOS allows local privilege escala ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2020-25592 (In SaltStack Salt through 3002, salt-netapi improperly validates eauth ...)
{DSA-4837-1 DLA-2480-1}
- salt 3002.1+dfsg1-1
@@ -79219,7 +79219,7 @@ CVE-2020-15497 (** DISPUTED ** jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2
CVE-2020-15496 (Acronis True Image for Mac before 2021 Update 4 allowed local privileg ...)
TODO: check
CVE-2020-15495 (Acronis True Image 2019 update 1 through 2020 on macOS allows local pr ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2020-15494
RESERVED
CVE-2020-15493
@@ -86730,17 +86730,17 @@ CVE-2020-12736 (Code42 environments with on-premises server versions 7.0.4 and e
CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...)
NOT-FOR-US: DomainMOD
CVE-2020-12734 (DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change t ...)
- TODO: check
+ NOT-FOR-US: DEPSTECH WiFi Digital Microscope
CVE-2020-12733 (Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microsc ...)
- TODO: check
+ NOT-FOR-US: DEPSTECH WiFi Digital Microscope
CVE-2020-12732 (DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxx ...)
- TODO: check
+ NOT-FOR-US: DEPSTECH WiFi Digital Microscope
CVE-2020-12731 (The MagicMotion Flamingo 2 application for Android stores data on an s ...)
- TODO: check
+ NOT-FOR-US: MagicMotion Flamingo 2 application for Android
CVE-2020-12730 (MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing an ...)
- TODO: check
+ NOT-FOR-US: MagicMotion Flamingo 2
CVE-2020-12729 (MagicMotion Flamingo 2 has a lack of access control for reading from d ...)
- TODO: check
+ NOT-FOR-US: MagicMotion Flamingo 2
CVE-2020-12728
RESERVED
CVE-2020-12727
@@ -90652,7 +90652,7 @@ CVE-2020-11635 (The Zscaler Client Connector prior to 3.1.0 did not sufficiently
CVE-2020-11634
RESERVED
CVE-2020-11633 (The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack ...)
- TODO: check
+ NOT-FOR-US: Zscaler Client Connector for Windows
CVE-2020-11632
RESERVED
CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/083bc3456a7616995360deb0343ff29481669c13
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/083bc3456a7616995360deb0343ff29481669c13
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210715/ba5d6887/attachment.htm>
More information about the debian-security-tracker-commits
mailing list