[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 11 11:44:57 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2de24c2c by Salvatore Bonaccorso at 2021-11-11T12:44:36+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17414,9 +17414,9 @@ CVE-2021-37161 (A buffer overflow issue was discovered in the HMI3 Control Panel
CVE-2021-37160 (A firmware validation issue was discovered in HMI3 Control Panel in Sw ...)
NOT-FOR-US: Swisslog Healthcare Nexus Panel
CVE-2021-37158 (An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021- ...)
- TODO: check
+ NOT-FOR-US: OpenGamePanel
CVE-2021-37157 (An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021- ...)
- TODO: check
+ NOT-FOR-US: OpenGamePanel
CVE-2021-37156 (Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon ...)
- redmine <not-affected> (Only affected 4.2.0 and 4.2.1 upstream)
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
@@ -21414,9 +21414,9 @@ CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Strea
CVE-2021-35490
RESERVED
CVE-2021-35489 (Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTN ...)
- TODO: check
+ NOT-FOR-US: Thruk
CVE-2021-35488 (Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&titl ...)
- TODO: check
+ NOT-FOR-US: Thruk
CVE-2021-35487
RESERVED
CVE-2021-35486
@@ -43707,7 +43707,7 @@ CVE-2021-3382 (Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1
CVE-2021-3381
RESERVED
CVE-2021-3380 (Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRM ...)
- TODO: check
+ NOT-FOR-US: ICREM H8 SSRMS
CVE-2021-26548
RESERVED
CVE-2021-26547
@@ -45213,9 +45213,9 @@ CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored
CVE-2021-25976
RESERVED
CVE-2021-25975 (In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a ...)
- TODO: check
+ NOT-FOR-US: Publify
CVE-2021-25974 (In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A us ...)
- TODO: check
+ NOT-FOR-US: Publify
CVE-2021-25973 (In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Cont ...)
NOT-FOR-US: Publify
CVE-2021-25972 (In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-S ...)
@@ -51790,23 +51790,23 @@ CVE-2021-3066
CVE-2021-3065
RESERVED
CVE-2021-3064 (A memory corruption vulnerability exists in Palo Alto Networks GlobalP ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3063 (An improper handling of exceptional conditions vulnerability exists in ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3062 (An improper access control vulnerability in PAN-OS software enables an ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3061 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3060 (An OS command injection vulnerability in the Simple Certificate Enroll ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3059 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3058 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3057 (A stack-based buffer overflow vulnerability exists in the Palo Alto Ne ...)
NOT-FOR-US: Palo Alto Networks
CVE-2021-3056 (A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalP ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3055 (An improper restriction of XML external entity (XXE) reference vulnera ...)
NOT-FOR-US: Palo Alto Networks
CVE-2021-3054 (A time-of-check to time-of-use (TOCTOU) race condition vulnerability i ...)
@@ -54419,7 +54419,7 @@ CVE-2021-22050
CVE-2021-22049
RESERVED
CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2021-22047 (In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older ...)
NOT-FOR-US: Spring Data REST
CVE-2021-22046
@@ -70522,7 +70522,7 @@ CVE-2020-28139 (SourceCodester Online Clothing Store 1.0 is affected by a cross-
CVE-2020-28138 (SourceCodester Online Clothing Store 1.0 is affected by a SQL Injectio ...)
NOT-FOR-US: SourceCodester Online Clothing Store
CVE-2020-28137 (Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, al ...)
- TODO: check
+ NOT-FOR-US: Genexis Platinum
CVE-2020-28136 (An Arbitrary File Upload is discovered in SourceCodester Tourism Manag ...)
NOT-FOR-US: SourceCodester Tourism Management System
CVE-2020-28135
@@ -81531,39 +81531,39 @@ CVE-2020-23904 (A stack buffer overflow in speexenc.c of Speex v1.2 allows attac
CVE-2020-23903 (A Divide by Zero vulnerability in the function static int read_samples ...)
TODO: check
CVE-2020-23902 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...)
- TODO: check
+ NOT-FOR-US: WildBit Viewer
CVE-2020-23901 (A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows at ...)
- TODO: check
+ NOT-FOR-US: WildBit Viewer
CVE-2020-23900 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...)
- TODO: check
+ NOT-FOR-US: WildBit Viewer
CVE-2020-23899 (A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows at ...)
- TODO: check
+ NOT-FOR-US: WildBit Viewer
CVE-2020-23898 (A User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows at ...)
- TODO: check
+ NOT-FOR-US: WildBit Viewer
CVE-2020-23897 (A User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec ...)
- TODO: check
+ NOT-FOR-US: WildBit Viewer
CVE-2020-23896 (A User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows at ...)
- TODO: check
+ NOT-FOR-US: WildBit Viewer
CVE-2020-23895 (A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows at ...)
- TODO: check
+ NOT-FOR-US: WildBit Viewer
CVE-2020-23894 (A User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit ...)
- TODO: check
+ NOT-FOR-US: WildBit Viewer
CVE-2020-23893 (A User Mode Write AV in Editor!TMethodImplementationIntercept+0x3c3682 ...)
- TODO: check
+ NOT-FOR-US: WildBit Viewer
CVE-2020-23892
RESERVED
CVE-2020-23891 (A User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows at ...)
- TODO: check
+ NOT-FOR-US: WildBit Viewer
CVE-2020-23890 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...)
- TODO: check
+ NOT-FOR-US: WildBit Viewer
CVE-2020-23889 (A User Mode Write AV starting at Editor!TMethodImplementationIntercept ...)
- TODO: check
+ NOT-FOR-US: WildBit Viewer
CVE-2020-23888 (A User Mode Write AV in Editor!TMethodImplementationIntercept+0x53f6c3 ...)
- TODO: check
+ NOT-FOR-US: WildBit Viewer
CVE-2020-23887 (XnView MP v0.96.4 was discovered to contain a heap overflow which allo ...)
- TODO: check
+ NOT-FOR-US: XnView MP
CVE-2020-23886 (XnView MP v0.96.4 was discovered to contain a heap overflow which allo ...)
- TODO: check
+ NOT-FOR-US: XnView MP
CVE-2020-23885
RESERVED
CVE-2020-23884 (A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial ...)
@@ -107957,7 +107957,7 @@ CVE-2020-12490
CVE-2020-12489
RESERVED
CVE-2020-12488 (The attacker can access the sensitive information stored within the jo ...)
- TODO: check
+ NOT-FOR-US: Vivo
CVE-2020-12487
RESERVED
CVE-2020-12486
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de24c2c09b6c5f877d7aa8d943059b621acb68d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de24c2c09b6c5f877d7aa8d943059b621acb68d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211111/05572a7c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list