[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 3 20:47:49 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ae70653a by Salvatore Bonaccorso at 2021-11-03T21:47:23+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2451,7 +2451,7 @@ CVE-2021-42699
CVE-2021-42698
RESERVED
CVE-2021-42697 (Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhausti ...)
- TODO: check
+ NOT-FOR-US: Akka HTTP
CVE-2021-42696
RESERVED
CVE-2021-42695
@@ -13553,7 +13553,7 @@ CVE-2021-38490 (Altova MobileTogether Server before 7.3 SP1 allows XML exponenti
CVE-2021-38489
RESERVED
CVE-2021-38488 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38487
RESERVED
CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cl ...)
@@ -13673,7 +13673,7 @@ CVE-2021-38430 (FATEK Automation WinProladder versions 3.30 and prior proper val
CVE-2021-38429
RESERVED
CVE-2021-38428 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38427
RESERVED
CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
@@ -13681,23 +13681,23 @@ CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks prop
CVE-2021-38425
RESERVED
CVE-2021-38424 (The tag interface of Delta Electronics DIALink versions 1.2.4.0 and pr ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38423
RESERVED
CVE-2021-38422 (Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38421
RESERVED
CVE-2021-38420 (Delta Electronics DIALink versions 1.2.4.0 and prior default permissio ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38419
RESERVED
CVE-2021-38418 (Delta Electronics DIALink versions 1.2.4.0 and prior runs by default o ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38417
RESERVED
CVE-2021-38416 (Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38415
RESERVED
CVE-2021-38414
@@ -13707,7 +13707,7 @@ CVE-2021-38413
CVE-2021-38412 (Properly formatted POST requests to multiple resources on the HTTP and ...)
NOT-FOR-US: Digi PortServer TS
CVE-2021-38411 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38410
RESERVED
CVE-2021-38409
@@ -13715,7 +13715,7 @@ CVE-2021-38409
CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAccess Ver ...)
NOT-FOR-US: Advantech WebAccess
CVE-2021-38407 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
NOT-FOR-US: Delta Electronic
CVE-2021-38405
@@ -13723,7 +13723,7 @@ CVE-2021-38405
CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
NOT-FOR-US: Delta Electronic
CVE-2021-38403 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
NOT-FOR-US: Delta Electronic
CVE-2021-38401
@@ -17925,9 +17925,9 @@ CVE-2021-36700
CVE-2021-36699
RESERVED
CVE-2021-36698 (Pandora FMS through 755 allows XSS via a new Event Filter with a craft ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2021-36697 (With an admin account, the .htaccess file in Artica Pandora FMS <=7 ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2021-36696 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...)
NOT-FOR-US: Deskpro
CVE-2021-36695 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...)
@@ -19008,7 +19008,7 @@ CVE-2021-36194
CVE-2021-36193
RESERVED
CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-36191
RESERVED
CVE-2021-36190
@@ -26071,9 +26071,9 @@ CVE-2021-33212 (A Cross-site scripting (XSS) vulnerability in the "View in Brows
CVE-2021-33211 (A Directory Traversal vulnerability in the Unzip feature in Elements-I ...)
NOT-FOR-US: Elements-IT HTTP Commander
CVE-2021-33210 (An issue was discovered in Fimer Aurora Vision before 2.97.10. An atta ...)
- TODO: check
+ NOT-FOR-US: Fimer Aurora
CVE-2021-33209 (An issue was discovered in Fimer Aurora Vision before 2.97.10. The res ...)
- TODO: check
+ NOT-FOR-US: Fimer Aurora
CVE-2021-33208
RESERVED
CVE-2021-33207
@@ -42440,7 +42440,7 @@ CVE-2021-26788 (Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affe
CVE-2021-26787
RESERVED
CVE-2021-26786 (An issue was discoverered in in customercentric-selling-poland PlayTub ...)
- TODO: check
+ NOT-FOR-US: PlayTube
CVE-2021-26785
RESERVED
CVE-2021-26784
@@ -49724,7 +49724,7 @@ CVE-2021-23822
CVE-2021-23821
RESERVED
CVE-2021-23820 (This affects all versions of package json-pointer. A type confusion vu ...)
- TODO: check
+ NOT-FOR-US: Node json-pointer
CVE-2021-23819
RESERVED
CVE-2021-23818
@@ -49750,7 +49750,7 @@ CVE-2021-23809
CVE-2021-23808
RESERVED
CVE-2021-23807 (This affects the package jsonpointer before 5.0.0. A type confusion vu ...)
- TODO: check
+ NOT-FOR-US: Node json-pointer
CVE-2021-23806
RESERVED
CVE-2021-23805
@@ -58559,21 +58559,21 @@ CVE-2021-20709 (Improper validation of integrity check value vulnerability in NE
CVE-2021-20708 (NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm ...)
NOT-FOR-US: Aterm firmware
CVE-2021-20707 (Improper input validation vulnerability in the Transaction Server CLUS ...)
- TODO: check
+ NOT-FOR-US: Nec
CVE-2021-20706 (Improper input validation vulnerability in the WebManager CLUSTERPRO X ...)
- TODO: check
+ NOT-FOR-US: Nec
CVE-2021-20705 (Improper input validation vulnerability in the WebManager CLUSTERPRO X ...)
- TODO: check
+ NOT-FOR-US: Nec
CVE-2021-20704 (Buffer overflow vulnerability in the compatible API with previous vers ...)
- TODO: check
+ NOT-FOR-US: Nec
CVE-2021-20703 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1 ...)
- TODO: check
+ NOT-FOR-US: Nec
CVE-2021-20702 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1 ...)
- TODO: check
+ NOT-FOR-US: Nec
CVE-2021-20701 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for W ...)
- TODO: check
+ NOT-FOR-US: Nec
CVE-2021-20700 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for W ...)
- TODO: check
+ NOT-FOR-US: Nec
CVE-2021-20699 (Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
NOT-FOR-US: SHARP
CVE-2021-20698 (Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
@@ -67577,7 +67577,7 @@ CVE-2020-28418
CVE-2020-28417
RESERVED
CVE-2020-28416 (HP has identified a security vulnerability with the I.R.I.S. OCR (Opti ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2020-25710 (A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allo ...)
{DSA-4792-1 DLA-2481-1}
- openldap 2.4.56+dfsg-1
@@ -78779,7 +78779,7 @@ CVE-2020-24745
CVE-2020-24744
RESERVED
CVE-2020-24743 (An issue was found in /showReports.do Zoho ManageEngine Applications M ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2020-24742 (An issue has been fixed in Qt versions 5.14.0 where QPluginLoader atte ...)
{DSA-4617-1}
- qtbase-opensource-src 5.12.5+dfsg-8
@@ -80496,7 +80496,7 @@ CVE-2020-24002
CVE-2020-24001
RESERVED
CVE-2020-24000 (SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to ...)
- TODO: check
+ NOT-FOR-US: eyoucms cms
CVE-2020-23999
RESERVED
CVE-2020-23998
@@ -81164,9 +81164,9 @@ CVE-2020-23682
CVE-2020-23681
RESERVED
CVE-2020-23680 (An issue was discovered in function StartPage in text2pdf.c in pdfcorn ...)
- TODO: check
+ NOT-FOR-US: pdfcorner text2pdf
CVE-2020-23679 (Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1 ...)
- TODO: check
+ NOT-FOR-US: Renleilei1992 Linux_Network_Project
CVE-2020-23678
RESERVED
CVE-2020-23677
@@ -82344,7 +82344,7 @@ CVE-2020-23128 (Chamilo LMS 1.11.10 does not properly manage privileges which co
CVE-2020-23127 (Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) v ...)
NOT-FOR-US: Chamilo LMS
CVE-2020-23126 (Chamilo LMS version 1.11.10 contains an XSS vulnerability in the perso ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2020-23125
RESERVED
CVE-2020-23124
@@ -86963,7 +86963,7 @@ CVE-2020-20984
CVE-2020-20983
RESERVED
CVE-2020-20982 (Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allo ...)
- TODO: check
+ NOT-FOR-US: shadoweb wdja
CVE-2020-20981 (A SQL injection in the /admin/?n=logs&c=index&a=dolist compone ...)
NOT-FOR-US: Metinfo
CVE-2020-20980
@@ -92608,15 +92608,15 @@ CVE-2020-18265 (Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remo
CVE-2020-18264 (Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote att ...)
NOT-FOR-US: Simple-Log
CVE-2020-18263 (PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability i ...)
- TODO: check
+ NOT-FOR-US: PHP-CMS
CVE-2020-18262 (ED01-CMS v1.0 was discovered to contain a SQL injection in the compone ...)
- TODO: check
+ NOT-FOR-US: ED01-CMS
CVE-2020-18261 (An arbitrary file upload vulnerability in the image upload function of ...)
- TODO: check
+ NOT-FOR-US: ED01-CMS
CVE-2020-18260
RESERVED
CVE-2020-18259 (ED01-CMS v1.0 was discovered to contain a reflective cross-site script ...)
- TODO: check
+ NOT-FOR-US: ED01-CMS
CVE-2020-18258
RESERVED
CVE-2020-18257
@@ -122854,7 +122854,7 @@ CVE-2020-6933 (An improper input validation vulnerability in the UEM Core of Bla
CVE-2020-6932 (An information disclosure and remote code execution vulnerability in t ...)
NOT-FOR-US: BlackBerry QNX Software Development Platform
CVE-2020-6931 (HP Print and Scan Doctor may potentially be vulnerable to local elevat ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2020-6930
RESERVED
CVE-2020-6929
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae70653af5b1ec5f550c8df81d6655b3153fb9aa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae70653af5b1ec5f550c8df81d6655b3153fb9aa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211103/614fef61/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list