[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 22 07:11:24 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d69f6b6d by Salvatore Bonaccorso at 2021-07-22T07:59:03+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3847,7 +3847,7 @@ CVE-2021-35484
CVE-2021-35483
RESERVED
CVE-2021-35482 (An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4. ...)
- TODO: check
+ NOT-FOR-US: Barco MirrorOp Windows Sender
CVE-2021-35481
RESERVED
CVE-2021-35480
@@ -5762,7 +5762,7 @@ CVE-2021-34621 (A vulnerability in the user registration component found in the
CVE-2021-34620 (The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34619 (The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-34618 (A remote denial of service (DoS) vulnerability was discovered in some ...)
NOT-FOR-US: Aruba
CVE-2021-34617 (A remote cross-site scripting (XSS) vulnerability was discovered in so ...)
@@ -26625,7 +26625,7 @@ CVE-2021-26097
CVE-2021-26096
RESERVED
CVE-2021-26095 (The combination of various cryptographic issues in the session managem ...)
- TODO: check
+ NOT-FOR-US: FortiMail
CVE-2021-26094
RESERVED
CVE-2021-26093
@@ -27723,19 +27723,19 @@ CVE-2021-25703
CVE-2021-25702
RESERVED
CVE-2021-25701 (The fUSBHub driver in the PCoIP Software Client prior to version 21.07 ...)
- TODO: check
+ NOT-FOR-US: Teradici
CVE-2021-25700
RESERVED
CVE-2021-25699 (The OpenSSL component of the Teradici PCoIP Software Client prior to v ...)
- TODO: check
+ NOT-FOR-US: Teradici
CVE-2021-25698 (The OpenSSL component of the Teradici PCoIP Standard Agent prior to ve ...)
- TODO: check
+ NOT-FOR-US: Teradici
CVE-2021-25697
RESERVED
CVE-2021-25696
RESERVED
CVE-2021-25695 (The USB vHub in the Teradici PCOIP Software Agent prior to version 21. ...)
- TODO: check
+ NOT-FOR-US: Teradici
CVE-2021-25694 (Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not vali ...)
NOT-FOR-US: Teradici PCoIP Graphics Agent for Windows
CVE-2021-25693 (An attacker may cause a Denial of Service (DoS) in multiple versions o ...)
@@ -34262,21 +34262,21 @@ CVE-2021-22779 (Authentication Bypass by Spoofing vulnerability exists in EcoStr
CVE-2021-22778 (Insufficiently Protected Credentials vulnerability exists in EcoStruxu ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22777 (A CWE-502: Deserialization of Untrusted Data vulnerability exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22776
RESERVED
CVE-2021-22775
RESERVED
CVE-2021-22774 (A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists i ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22773 (A CWE-620: Unverified Password Change vulnerability exists in EVlink C ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22772 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22771 (A CWE-1236: Improper Neutralization of Formula Elements in a CSV File ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22770 (A CWE-200: Information Exposure vulnerability exists in Easergy T300 w ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22769 (A CWE-552: Files or Directories Accessible to External Parties vulnera ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22768 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
@@ -34356,25 +34356,25 @@ CVE-2021-22732 (Improper Privilege Management vulnerability exists in homeLYnk (
CVE-2021-22731 (Weak Password Recovery Mechanism for Forgotten Password vulnerability ...)
NOT-FOR-US: Modicon
CVE-2021-22730 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlin ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22729 (A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink C ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22728 (A CWE-200: Information Exposure vulnerability exists in EVlink City (E ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22727 (A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (E ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22726 (A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22725
RESERVED
CVE-2021-22724
RESERVED
CVE-2021-22723 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22722 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22721 (A CWE-200: Information Exposure vulnerability exists in EVlink City (E ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22720 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22719 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
@@ -34400,11 +34400,11 @@ CVE-2021-22710 (A CWE-119:Improper Restriction of Operations within the Bounds o
CVE-2021-22709 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
NOT-FOR-US: Schneider
CVE-2021-22708 (A CWE-347: Improper Verification of Cryptographic Signature vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22707 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlin ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22706 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22705 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
NOT-FOR-US: Schneider
CVE-2021-22704
@@ -35792,7 +35792,7 @@ CVE-2021-22127
CVE-2021-22126
RESERVED
CVE-2021-22125 (An instance of improper neutralization of special elements in the snif ...)
- TODO: check
+ NOT-FOR-US: FortiSandbox
CVE-2021-22124
RESERVED
CVE-2021-22123 (An OS command injection vulnerability in FortiWeb's management interfa ...)
@@ -38606,9 +38606,9 @@ CVE-2021-21409 (Netty is an open-source, asynchronous event-driven network appli
CVE-2021-21408
RESERVED
CVE-2021-21407 (Combodo iTop is an open source, web based IT Service Management tool. ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2021-21406 (Combodo iTop is an open source, web based IT Service Management tool. ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2021-21405 (Lotus is an Implementation of the Filecoin protocol written in Go. BLS ...)
NOT-FOR-US: Lotus
CVE-2021-21404 (Syncthing is a continuous file synchronization program. In Syncthing b ...)
@@ -42193,11 +42193,11 @@ CVE-2021-20112
CVE-2021-20111
RESERVED
CVE-2021-20110 (Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS ...)
- TODO: check
+ NOT-FOR-US: Manage Engine Asset Explorer Agent
CVE-2021-20109 (Due to the Asset Explorer agent not validating HTTPS certificates, an ...)
- TODO: check
+ NOT-FOR-US: Asset Explorer agent
CVE-2021-20108 (Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for inc ...)
- TODO: check
+ NOT-FOR-US: Manage Engine Asset Explorer Agent
CVE-2021-20107 (There exists an unauthenticated BLE Interface in Sloan SmartFaucets in ...)
NOT-FOR-US: Sloan
CVE-2021-20106 (Nessus Agent versions 8.2.5 and earlier were found to contain a privil ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d69f6b6dc4f3f83ead9384673f02957de70541c1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d69f6b6dc4f3f83ead9384673f02957de70541c1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210722/c9fec3d9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list