[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 22 21:29:15 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ea206f56 by Salvatore Bonaccorso at 2021-07-22T22:28:48+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2021-3660
RESERVED
CVE-2021-37401
@@ -4134,11 +4134,11 @@ CVE-2021-35524
CVE-2021-35523 (Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe conf ...)
NOT-FOR-US: Securepoint
CVE-2021-35522 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...)
- TODO: check
+ NOT-FOR-US: IDEMIA
CVE-2021-35521 (A path traversal in Thrift command handlers in IDEMIA Morpho Wave Comp ...)
- TODO: check
+ NOT-FOR-US: IDEMIA
CVE-2021-35520 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...)
- TODO: check
+ NOT-FOR-US: IDEMIA
CVE-2021-35519
RESERVED
CVE-2021-35518
@@ -5931,7 +5931,7 @@ CVE-2021-34702
CVE-2021-34701
RESERVED
CVE-2021-34700 (A vulnerability in the CLI interface of Cisco SD-WAN vManage Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34699
RESERVED
CVE-2021-34698
@@ -9848,7 +9848,7 @@ CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3
CVE-2021-33032 (eQ-3 HomeMatic CCU2 2.57.5 and CCU3 3.57.5 devices allow remote code e ...)
- TODO: check
+ NOT-FOR-US: eQ-3 HomeMatic CCU2
CVE-2021-33031 (In LabCup before <v2_next_18022, it is possible to use the save API ...)
NOT-FOR-US: LabCup
CVE-2021-33030
@@ -10489,9 +10489,9 @@ CVE-2021-32746 (Icinga Web 2 is an open source monitoring web interface, framewo
NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43
NOTE: https://github.com/Icinga/icingaweb2/commit/80875d91bbfa52553fe7bb2c1a32a9814880d9c1 (v2.8.3)
CVE-2021-32745 (Collabora Online is a collaborative online office suite. A reflected X ...)
- TODO: check
+ NOT-FOR-US: Collabora Online
CVE-2021-32744 (Collabora Online is a collaborative online office suite. In versions p ...)
- TODO: check
+ NOT-FOR-US: Collabora Online
CVE-2021-32743 (Icinga is a monitoring system which checks the availability of network ...)
[experimental] - icinga2 2.12.5-1~exp1
- icinga2 <unfixed>
@@ -11217,7 +11217,7 @@ CVE-2021-32454 (SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded p
CVE-2021-32453 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...)
NOT-FOR-US: SITEL CAP/PRX firmware
CVE-2021-3540 (By abusing the 'install rpm info detail' command, an attacker can esca ...)
- TODO: check
+ NOT-FOR-US: Ivanti MobileIron Core
CVE-2021-32452
RESERVED
CVE-2021-32451
@@ -13438,11 +13438,11 @@ CVE-2021-31583 (Sipwise C5 NGCP CSC through CE_mr9.3.1 has multiple authenticate
CVE-2021-31582
RESERVED
CVE-2021-31581 (The restricted shell provided by Akkadian Provisioning Manager Engine ...)
- TODO: check
+ NOT-FOR-US: Akkadian Provisioning Manager Engine (PME)
CVE-2021-31580 (The restricted shell provided by Akkadian Provisioning Manager Engine ...)
- TODO: check
+ NOT-FOR-US: Akkadian Provisioning Manager Engine (PME)
CVE-2021-31579 (Akkadian Provisioning Manager Engine (PME) ships with a hard-coded cre ...)
- TODO: check
+ NOT-FOR-US: Akkadian Provisioning Manager Engine (PME)
CVE-2021-31578
RESERVED
CVE-2021-31577
@@ -16168,7 +16168,7 @@ CVE-2015-20001 (In the standard library in Rust before 1.2.0, BinaryHeap is not
CVE-2021-30487 (In the topic moving API in Zulip Server 3.x before 3.4, organization a ...)
- zulip-server <itp> (bug #800052)
CVE-2021-30486 (SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via ...)
- TODO: check
+ NOT-FOR-US: SysAid
CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
{DLA-2705-1}
- mapcache <unfixed> (bug #989363)
@@ -17170,7 +17170,7 @@ CVE-2021-30112 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF
CVE-2021-30111 (A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Eve ...)
NOT-FOR-US: Web-School ERP
CVE-2021-30110 (dttray.exe in Greyware Automation Products Inc Domain Time II before 5 ...)
- TODO: check
+ NOT-FOR-US: Greyware
CVE-2021-30109 (Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under c ...)
NOT-FOR-US: Froala Editor
CVE-2021-30108 (Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vu ...)
@@ -17292,7 +17292,7 @@ CVE-2021-30051
CVE-2021-30050
RESERVED
CVE-2021-30049 (SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /Ke ...)
- TODO: check
+ NOT-FOR-US: SysAid
CVE-2021-30048 (Directory Traversal in the fileDownload function in com/java2nb/common ...)
NOT-FOR-US: Novel-plus
CVE-2021-30047
@@ -19566,9 +19566,9 @@ CVE-2021-29151 (A remote authentication bypass vulnerability was discovered in A
CVE-2021-29150 (A remote insecure deserialization vulnerability was discovered in Arub ...)
NOT-FOR-US: Aruba
CVE-2021-29149 (A local bypass security restrictions vulnerability was discovered in A ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29148 (A local cross-site scripting (XSS) vulnerability was discovered in Aru ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29147 (A remote arbitrary command execution vulnerability was discovered in A ...)
NOT-FOR-US: Aruba
CVE-2021-29146 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
@@ -19578,7 +19578,7 @@ CVE-2021-29145 (A remote server side request forgery (SSRF) remote code executio
CVE-2021-29144 (A remote disclosure of sensitive information vulnerability was discove ...)
NOT-FOR-US: Aruba
CVE-2021-29143 (A remote execution of arbitrary commands vulnerability was discovered ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29142 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
NOT-FOR-US: Aruba
CVE-2021-29141 (A remote disclosure of sensitive information vulnerability was discove ...)
@@ -23905,7 +23905,7 @@ CVE-2021-27334
CVE-2021-27333
RESERVED
CVE-2021-27332 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...)
- TODO: check
+ NOT-FOR-US: CASAP Automated Enrollment System
CVE-2021-27331
RESERVED
CVE-2021-27330 (Triconsole Datepicker Calendar <3.77 is affected by cross-site scri ...)
@@ -25240,13 +25240,13 @@ CVE-2021-26767
CVE-2021-26766
RESERVED
CVE-2021-26765 (SQL injection vulnerability in PHPGurukul Student Record System 4.0 al ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Student Record System
CVE-2021-26764 (SQL injection vulnerability in PHPGurukul Student Record System v 4.0 ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Student Record System
CVE-2021-26763
RESERVED
CVE-2021-26762 (SQL injection vulnerability in PHPGurukul Student Record System 4.0 al ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Student Record System
CVE-2021-26761
RESERVED
CVE-2021-26760
@@ -25389,9 +25389,9 @@ CVE-2021-26701 (.NET Core Remote Code Execution Vulnerability This CVE ID is uni
CVE-2021-26700 (Visual Studio Code npm-script Extension Remote Code Execution Vulnerab ...)
NOT-FOR-US: Microsoft
CVE-2021-26699 (OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows S ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2021-26698 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2021-26708 (A local privilege escalation was discovered in the Linux kernel before ...)
- linux 5.10.13-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -26630,25 +26630,25 @@ CVE-2021-26234 (FastStone Image Viewer <= 7.5 is affected by a user mode writ
CVE-2021-26233 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...)
NOT-FOR-US: FastStone Image Viewer
CVE-2021-26232 (SQL injection vulnerability in SourceCodester Simple College Website v ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple College Website
CVE-2021-26231 (SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Fantastic Blog CMS
CVE-2021-26230 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...)
- TODO: check
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
CVE-2021-26229 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...)
- TODO: check
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
CVE-2021-26228 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...)
- TODO: check
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
CVE-2021-26227 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...)
- TODO: check
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
CVE-2021-26226 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...)
- TODO: check
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
CVE-2021-26225
RESERVED
CVE-2021-26224 (Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-B ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Fantastic-Blog-CMS
CVE-2021-26223 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...)
- TODO: check
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
CVE-2021-26222 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...)
- mapcache <unfixed> (bug #989363)
[bullseye] - mapcache <no-dsa> (Minor issue)
@@ -27699,7 +27699,7 @@ CVE-2021-3200 (Buffer overflow vulnerability in libsolv 2020-12-13 via the Solve
CVE-2021-3199 (Directory traversal with remote code execution can occur in /upload in ...)
NOT-FOR-US: ONLYOFFICE Document Server
CVE-2021-3198 (By abusing the 'install rpm url' command, an attacker can escape the r ...)
- TODO: check
+ NOT-FOR-US: Ivanti MobileIron Core
CVE-2021-25899 (An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0 ...)
NOT-FOR-US: Void Aural Rec Monitor
CVE-2021-25898 (An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0 ...)
@@ -29316,13 +29316,13 @@ CVE-2021-25214 (In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.1
CVE-2021-25213
RESERVED
CVE-2021-25212 (SQL injection vulnerability in SourceCodester Alumni Management System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Alumni Management System
CVE-2021-25211
RESERVED
CVE-2021-25210 (Arbitrary file upload vulnerability in SourceCodester Alumni Managemen ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Alumni Management System
CVE-2021-25209 (SQL injection vulnerability in SourceCodester Theme Park Ticketing Sys ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Theme Park Ticketing System
CVE-2021-25208
RESERVED
CVE-2021-25207
@@ -29336,7 +29336,7 @@ CVE-2021-25204
CVE-2021-25203
RESERVED
CVE-2021-25202 (SQL injection vulnerability in SourceCodester Sales and Inventory Syst ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Sales and Inventory System
CVE-2021-25201
RESERVED
CVE-2021-25200
@@ -29346,7 +29346,7 @@ CVE-2021-25199
CVE-2021-25198
RESERVED
CVE-2021-25197 (Cross-site scripting (XSS) vulnerability in SourceCodester Content Man ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Content Management System
CVE-2021-3158
RESERVED
CVE-2021-3157
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea206f56727faab17aaa749087547838f75c35ef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea206f56727faab17aaa749087547838f75c35ef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210722/0295c9c3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list