[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed May 5 10:14:13 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ac708853 by Salvatore Bonaccorso at 2021-05-05T11:13:52+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1997,7 +1997,7 @@ CVE-2021-31166
CVE-2021-31165
RESERVED
CVE-2021-31164 (Apache Unomi prior to version 1.5.5 allows CRLF log injection because ...)
- TODO: check
+ NOT-FOR-US: Apache Unomi
CVE-2021-31163
RESERVED
CVE-2021-31162 (In the standard library in Rust before 1.53.0, a double free can occur ...)
@@ -6454,7 +6454,7 @@ CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper inpu
CVE-2021-29241 (CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer dereference that ...)
NOT-FOR-US: CODESYS Gateway 3
CVE-2021-29240 (The Package Manager of CODESYS Development System 3 before 3.5.17.0 do ...)
- TODO: check
+ NOT-FOR-US: Package Manager of CODESYS Development System 3
CVE-2021-29239 (CODESYS Development System 3 before 3.5.17.0 displays or executes mali ...)
NOT-FOR-US: CODESYS Development System 3
CVE-2021-29238 (CODESYS Automation Server before 1.16.0 allows cross-site request forg ...)
@@ -16207,7 +16207,7 @@ CVE-2021-3156 (Sudo before 1.9.5p2 contains an off-by-one error that can result
CVE-2021-3155
RESERVED
CVE-2021-3154 (An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenti ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2021-3153 (HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an or ...)
NOT-FOR-US: HashiCorp Terraform Enterprise
CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a protecti ...)
@@ -16258,7 +16258,7 @@ CVE-2021-25181
CVE-2021-25180
RESERVED
CVE-2021-25179 (SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2021-25178 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-25177 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
@@ -24110,7 +24110,7 @@ CVE-2021-21553
CVE-2021-21552
RESERVED
CVE-2021-21551 (Dell dbutil_2_3.sys driver contains an insufficient access control vul ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-21550
RESERVED
CVE-2021-21549
@@ -40976,7 +40976,7 @@ CVE-2020-27520
CVE-2020-27519 (Pritunl Client v1.2.2550.20 contains a local privilege escalation vuln ...)
NOT-FOR-US: Pritunl Client
CVE-2020-27518 (All versions of Windscribe VPN for Mac and Windows <= v2.02.10 cont ...)
- TODO: check
+ NOT-FOR-US: Windscribe VPN
CVE-2020-27517
RESERVED
CVE-2020-27516
@@ -51166,7 +51166,7 @@ CVE-2020-23017
CVE-2020-23016
RESERVED
CVE-2020-23015 (An open redirect issue was discovered in OPNsense through 20.1.5. The ...)
- TODO: check
+ NOT-FOR-US: OPNsense
CVE-2020-23014 (APfell 1.4 is vulnerable to authenticated reflected cross-site scripti ...)
NOT-FOR-US: APfell
CVE-2020-23013
@@ -52340,7 +52340,7 @@ CVE-2020-22430
CVE-2020-22429
RESERVED
CVE-2020-22428 (SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2020-22427 (** DISPUTED ** NagiosXI 5.6.11 is affected by a remote code execution ...)
NOT-FOR-US: Nagios XI
CVE-2020-22426
@@ -53200,7 +53200,7 @@ CVE-2020-22001 (HomeAutomation 3.3.2 suffers from an authentication bypass vulne
CVE-2020-22000 (HomeAutomation 3.3.2 suffers from an authenticated OS command executio ...)
NOT-FOR-US: HomeAutomation
CVE-2020-21999 (iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authent ...)
- TODO: check
+ NOT-FOR-US: iWT Ltd FaceSentry Access Control System
CVE-2020-21998 (In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter ...)
NOT-FOR-US: HomeAutomation
CVE-2020-21997 (Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated da ...)
@@ -96261,7 +96261,7 @@ CVE-2020-4989
CVE-2020-4988 (Loopback 8.0.0 contains a vulnerability that could allow an attacker t ...)
NOT-FOR-US: IBM
CVE-2020-4987 (IBM FlashSystem 900 1.5.2.9 and 1.6.1.3 user management GUI is vulnera ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4986
RESERVED
CVE-2020-4985
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac7088537c001dadb3539c6465cdc46f0e382b58
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac7088537c001dadb3539c6465cdc46f0e382b58
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210505/8c89893f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list