[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jun 16 22:15:57 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
81967ca8 by Moritz Muehlenhoff at 2021-06-16T23:15:31+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2021-34805
CVE-2021-34804
RESERVED
CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certai ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2021-34802
RESERVED
CVE-2021-34801 (Valine 1.4.14 allows remote attackers to cause a denial of service (ap ...)
@@ -274,7 +274,7 @@ CVE-2021-34685
CVE-2021-34684
RESERVED
CVE-2021-34683 (An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-docum ...)
- TODO: check
+ NOT-FOR-US: EXCELLENT INFOTEK CORPORATION
CVE-2021-34682 (Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack agains ...)
NOT-FOR-US: Receita Federal IRPF 2021 1.7
CVE-2021-3600
@@ -1332,9 +1332,9 @@ CVE-2021-34205
CVE-2021-34204
RESERVED
CVE-2021-34203 (D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-34202 (There are multiple out-of-bounds vulnerabilities in some processes of ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-34201
RESERVED
CVE-2021-34200
@@ -4217,7 +4217,7 @@ CVE-2021-32930 (The affected product’s configuration is vulnerable due to
CVE-2021-32929
RESERVED
CVE-2021-32928 (The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prio ...)
- TODO: check
+ NOT-FOR-US: Sentinel LDK Run-Time Environment installer
CVE-2021-32927
RESERVED
CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...)
@@ -4917,7 +4917,7 @@ CVE-2021-32613 (In radare2 through 5.3.0 there is a double free vulnerability in
NOTE: https://github.com/radareorg/radare2/issues/18679
NOTE: https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc
CVE-2021-32612 (The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android d ...)
- TODO: check
+ NOT-FOR-US: VeryFitPro
CVE-2021-32611 (A NULL pointer dereference vulnerability exists in eXcall_api.c in Ant ...)
- libexosip2 <removed>
[buster] - libexosip2 <no-dsa> (Minor issue)
@@ -6204,7 +6204,7 @@ CVE-2021-32035
CVE-2021-32034
RESERVED
CVE-2021-32033 (Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in ...)
- TODO: check
+ NOT-FOR-US: Protectimus SLIM NFC
CVE-2021-32032 (In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated ...)
NOT-FOR-US: Trusted Firmware-M
CVE-2021-32031
@@ -6777,7 +6777,7 @@ CVE-2021-31859
CVE-2021-31858
RESERVED
CVE-2021-31857 (In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, att ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Password Manager Pro
CVE-2021-31856 (A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 ...)
NOT-FOR-US: Layer Meshery
CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages ...)
@@ -8521,7 +8521,7 @@ CVE-2021-31161
CVE-2021-31160
RESERVED
CVE-2021-31159 (Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2021-31158 (In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, ...)
NOT-FOR-US: Couchbase Server
CVE-2021-31157
@@ -10188,7 +10188,7 @@ CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::P
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceforge.net/p/podofo/tickets/129/
CVE-2021-30468 (A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows ...)
- TODO: check
+ NOT-FOR-US: Apache CXF
CVE-2021-30467
RESERVED
CVE-2021-30466
@@ -12013,7 +12013,7 @@ CVE-2021-29704
CVE-2021-29703
RESERVED
CVE-2021-29702 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29701
RESERVED
CVE-2021-29700
@@ -13802,7 +13802,7 @@ CVE-2021-28981
CVE-2021-28980
RESERVED
CVE-2021-28979 (SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP resp ...)
- TODO: check
+ NOT-FOR-US: SafeNet KeySecure Management Console
CVE-2021-28978
RESERVED
CVE-2021-28977
@@ -14130,9 +14130,9 @@ CVE-2021-28860 (In Node.js mixme, prior to v0.5.1, an attacker can add or alter
CVE-2021-28859
RESERVED
CVE-2021-28858 (TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL b ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2021-28857 (TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and passw ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2021-28856 (In Deark before v1.5.8, a specially crafted input file can cause a div ...)
NOT-FOR-US: Deark
CVE-2021-28855 (In Deark before 1.5.8, a specially crafted input file can cause a NULL ...)
@@ -14231,7 +14231,7 @@ CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s TIBC
CVE-2021-28816
RESERVED
CVE-2021-28815 (Insecure storage of sensitive information has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...)
NOT-FOR-US: QNAP
CVE-2021-28813
@@ -17129,7 +17129,7 @@ CVE-2021-27612 (In specific situations SAP GUI for Windows until and including 7
CVE-2021-27611 (SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a hig ...)
NOT-FOR-US: SAP
CVE-2021-27610 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-27609 (SAP Focused RUN versions 200, 300, does not perform necessary authoriz ...)
NOT-FOR-US: SAP
CVE-2021-27608 (An unquoted service path in SAPSetup, version - 9.0, could lead to pri ...)
@@ -17385,27 +17385,27 @@ CVE-2021-27491
CVE-2021-27490 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
NOT-FOR-US: Datakit
CVE-2021-27489 (ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allo ...)
- TODO: check
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
CVE-2021-27488 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
NOT-FOR-US: Datakit
CVE-2021-27487 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products co ...)
- TODO: check
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
CVE-2021-27486 (FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to ...)
NOT-FOR-US: Fatek Automation WinProladder
CVE-2021-27485 (ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows us ...)
- TODO: check
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
CVE-2021-27484
RESERVED
CVE-2021-27483 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products con ...)
- TODO: check
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
CVE-2021-27482
RESERVED
CVE-2021-27481 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products ut ...)
- TODO: check
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
CVE-2021-27480 (Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnera ...)
NOT-FOR-US: Delta Industrial Automation COMMGR
CVE-2021-27479 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product̵ ...)
- TODO: check
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
CVE-2021-27478
RESERVED
CVE-2021-27477
@@ -17615,7 +17615,7 @@ CVE-2021-27390 (A vulnerability has been identified in JT2Go (All versions <
CVE-2021-27389 (A vulnerability has been identified in Opcenter Quality (All versions ...)
NOT-FOR-US: Opcenter Quality
CVE-2021-27388 (SINAMICS medium voltage routable products are affected by a vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-27387 (A vulnerability has been identified in Simcenter Femap 2020.2 (All ver ...)
NOT-FOR-US: Simcenter (Siemens)
CVE-2021-27386 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
@@ -28104,7 +28104,7 @@ CVE-2021-22916
CVE-2021-22915 (Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brut ...)
- nextcloud-server <itp> (bug #941708)
CVE-2021-22914 (Citrix Cloud Connector before 6.31.0.62192 suffers from insecure stora ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2021-22913 (Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclos ...)
NOT-FOR-US: Nextcloud Deck
CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from an information disclosure vuln ...)
@@ -32293,13 +32293,13 @@ CVE-2020-35764
CVE-2020-35763
RESERVED
CVE-2020-35762 (bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' pa ...)
- TODO: check
+ NOT-FOR-US: bloofoxCMS
CVE-2020-35761 (bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers t ...)
- TODO: check
+ NOT-FOR-US: bloofoxCMS
CVE-2020-35760 (bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allo ...)
- TODO: check
+ NOT-FOR-US: bloofoxCMS
CVE-2020-35759 (bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an att ...)
- TODO: check
+ NOT-FOR-US: bloofoxCMS
CVE-2020-35758 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...)
NOT-FOR-US: Libre Wireless LS9 LS1.5/p7040 devices
CVE-2020-35757 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...)
@@ -34971,9 +34971,9 @@ CVE-2021-20569
CVE-2021-20568
RESERVED
CVE-2021-20567 (IBM Resilient SOAR V38.0 could allow a local privileged attacker to ob ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-20566 (IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algor ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-20565 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...)
NOT-FOR-US: IBM
CVE-2021-20564 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...)
@@ -35129,7 +35129,7 @@ CVE-2021-20490
CVE-2021-20489
RESERVED
CVE-2021-20488 (IBM Security Identity Manager 6.0.2 could allow an authenticated malic ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-20487 (IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inje ...)
NOT-FOR-US: IBM
CVE-2021-20486 (IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain ...)
@@ -35139,7 +35139,7 @@ CVE-2021-20485
CVE-2021-20484
RESERVED
CVE-2021-20483 (IBM Security Identity Manager 6.0.2 is vulnerable to server-side reque ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-20482 (IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to ...)
NOT-FOR-US: IBM
CVE-2021-20481
@@ -36324,9 +36324,9 @@ CVE-2021-20096 (Cross-site request forgery in OpenOversight 0.6.4 allows a remot
CVE-2021-20095
REJECTED
CVE-2021-20094 (A denial of service vulnerability exists in Wibu-Systems CodeMeter ver ...)
- TODO: check
+ NOT-FOR-US: Wibu-Systems CodeMeter
CVE-2021-20093 (A buffer over-read vulnerability exists in Wibu-Systems CodeMeter vers ...)
- TODO: check
+ NOT-FOR-US: Wibu-Systems CodeMeter
CVE-2021-20092 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.0 ...)
NOT-FOR-US: Buffalo
CVE-2021-20091 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.0 ...)
@@ -40546,9 +40546,9 @@ CVE-2020-29217
CVE-2020-29216
RESERVED
CVE-2020-29215 (A Cross Site Scripting in SourceCodester Employee Management System 1. ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2020-29214 (SQL injection vulnerability in SourceCodester Alumni Management System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2020-29213
RESERVED
CVE-2020-29212
@@ -41950,17 +41950,17 @@ CVE-2021-1573
CVE-2021-1572
RESERVED
CVE-2021-1571 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1570 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1569 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1568 (A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1567 (A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secur ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1566 (A vulnerability in the Cisco Advanced Malware Protection (AMP) for End ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1565
RESERVED
CVE-2021-1564 (Multiple vulnerabilities in the implementation of the Cisco Discovery ...)
@@ -42006,11 +42006,11 @@ CVE-2021-1545
CVE-2021-1544 (A vulnerability in logging mechanisms of Cisco Webex Meetings client s ...)
NOT-FOR-US: Cisco
CVE-2021-1543 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1542 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1541 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1540 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...)
NOT-FOR-US: Cisco
CVE-2021-1539 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...)
@@ -42044,7 +42044,7 @@ CVE-2021-1526 (A vulnerability in Cisco Webex Player for Windows and MacOS could
CVE-2021-1525 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
NOT-FOR-US: Cisco
CVE-2021-1524 (A vulnerability in the API of Cisco Meeting Server could allow an auth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1523
RESERVED
CVE-2021-1522
@@ -42308,7 +42308,7 @@ CVE-2021-1397 (A vulnerability in the web-based management interface of Cisco In
CVE-2021-1396 (Multiple vulnerabilities in Cisco Application Services Engine could al ...)
NOT-FOR-US: Cisco
CVE-2021-1395 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1394 (A vulnerability in the ingress traffic manager of Cisco IOS XE Softwar ...)
NOT-FOR-US: Cisco
CVE-2021-1393 (Multiple vulnerabilities in Cisco Application Services Engine could al ...)
@@ -48417,7 +48417,7 @@ CVE-2020-27341
CVE-2020-27340 (The online help portal of Mitel MiCollab before 9.2 could allow an att ...)
NOT-FOR-US: Mitel
CVE-2020-27339 (An issue was discovered in IdeBusDxe in Insyde InsydeH2O 5.x. Code in ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2020-27338 (An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input ...)
NOT-FOR-US: Treck
CVE-2020-27337 (An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input ...)
@@ -54248,7 +54248,7 @@ CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x before
CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...)
NOT-FOR-US: Laravel
CVE-2020-24939 (Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to ...)
- TODO: check
+ NOT-FOR-US: Stampit supermixer
CVE-2020-24938
RESERVED
CVE-2020-24937
@@ -59945,35 +59945,35 @@ CVE-2020-22214
CVE-2020-22213
RESERVED
CVE-2020-22212 (SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-s ...)
- TODO: check
+ NOT-FOR-US: 74cms
CVE-2020-22211 (SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street ...)
- TODO: check
+ NOT-FOR-US: 74cms
CVE-2020-22210 (SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuildin ...)
- TODO: check
+ NOT-FOR-US: 74cms
CVE-2020-22209 (SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_comm ...)
- TODO: check
+ NOT-FOR-US: 74cms
CVE-2020-22208 (SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.p ...)
- TODO: check
+ NOT-FOR-US: 74cms
CVE-2020-22207
RESERVED
CVE-2020-22206 (SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_c ...)
- TODO: check
+ NOT-FOR-US: ECShop
CVE-2020-22205 (SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php ...)
- TODO: check
+ NOT-FOR-US: ECShop
CVE-2020-22204 (SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.p ...)
- TODO: check
+ NOT-FOR-US: ECShop
CVE-2020-22203 (SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php ...)
- TODO: check
+ NOT-FOR-US: phpCMS
CVE-2020-22202
RESERVED
CVE-2020-22201 (phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary ph ...)
- TODO: check
+ NOT-FOR-US: phpCMS
CVE-2020-22200 (Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter ...)
- TODO: check
+ NOT-FOR-US: phpCMS
CVE-2020-22199 (SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg ...)
- TODO: check
+ NOT-FOR-US: phpCMS
CVE-2020-22198 (SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2020-22197
RESERVED
CVE-2020-22196
@@ -61845,7 +61845,7 @@ CVE-2020-21318
CVE-2020-21317
RESERVED
CVE-2020-21316 (A Cross-site scripting (XSS) vulnerability exists in the comment secti ...)
- TODO: check
+ NOT-FOR-US: zrlog
CVE-2020-21315
RESERVED
CVE-2020-21314
@@ -94723,9 +94723,9 @@ CVE-2020-8302
CVE-2020-8301
RESERVED
CVE-2020-8300 (Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2020-8299 (Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-6 ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2020-8298 (fs-path node module before 0.0.25 is vulnerable to command injection b ...)
NOT-FOR-US: Node fs-path
CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...)
@@ -96001,7 +96001,7 @@ CVE-2020-7866
CVE-2020-7865
RESERVED
CVE-2020-7864 (Parameter manipulation can bypass authentication to cause file upload ...)
- TODO: check
+ NOT-FOR-US: Raonwiz DEXT5Editor
CVE-2020-7863
RESERVED
CVE-2020-7862
@@ -96009,7 +96009,7 @@ CVE-2020-7862
CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows directo ...)
NOT-FOR-US: AnySupport
CVE-2020-7860 (UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, ...)
- TODO: check
+ NOT-FOR-US: UnEgg
CVE-2020-7859
RESERVED
CVE-2020-7858 (There is a directory traversing vulnerability in the download page url ...)
@@ -147453,7 +147453,7 @@ CVE-2019-9477
CVE-2019-9476
RESERVED
CVE-2019-9475 (In /proc/net of the kernel filesystem, there is a possible information ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-9474 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
NOT-FOR-US: Android
CVE-2019-9473 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
@@ -181503,7 +181503,7 @@ CVE-2018-16501
CVE-2018-16500
RESERVED
CVE-2018-16499 (In VOS compromised, an attacker at network endpoints can possibly view ...)
- TODO: check
+ NOT-FOR-US: Versa
CVE-2018-16498 (In Versa Director, the unencrypted backup files stored on the Versa de ...)
NOT-FOR-US: Versa
CVE-2018-16497 (In Versa Analytics, the cron jobs are used for scheduling tasks by exe ...)
@@ -181511,9 +181511,9 @@ CVE-2018-16497 (In Versa Analytics, the cron jobs are used for scheduling tasks
CVE-2018-16496 (In Versa Director, the un-authentication request found. ...)
NOT-FOR-US: Versa
CVE-2018-16495 (In VOS user session identifier (authentication token) is issued to the ...)
- TODO: check
+ NOT-FOR-US: Versa
CVE-2018-16494 (In VOS and overly permissive "umask" may allow for authorized users of ...)
- TODO: check
+ NOT-FOR-US: Versa
CVE-2018-16493 (A path traversal vulnerability was found in module static-resource-ser ...)
NOT-FOR-US: node static-resource-server
CVE-2018-16492 (A prototype pollution vulnerability was found in module extend <2.0 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81967ca899b81348ca35cd4481cc38fc15179442
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81967ca899b81348ca35cd4481cc38fc15179442
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210616/3c796d65/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list