[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 12 21:40:50 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f396798c by Salvatore Bonaccorso at 2021-10-12T22:40:21+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -205,7 +205,7 @@ CVE-2021-42327
CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of ...)
TODO: check
CVE-2021-42325 (Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbM ...)
- TODO: check
+ NOT-FOR-US: Froxlor
CVE-2021-42324
RESERVED
CVE-2021-42323
@@ -1990,7 +1990,7 @@ CVE-2021-41548
CVE-2021-41547
RESERVED
CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41545
RESERVED
CVE-2021-41544
@@ -4082,7 +4082,7 @@ CVE-2021-40620
CVE-2021-40619
RESERVED
CVE-2021-40618 (An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1 ...)
- TODO: check
+ NOT-FOR-US: openSIS
CVE-2021-40617 (An SQL Injection vulnerability exists in openSIS Community Edition ver ...)
NOT-FOR-US: openSIS
CVE-2021-40616
@@ -4898,7 +4898,7 @@ CVE-2021-40294
CVE-2021-40293
RESERVED
CVE-2021-40292 (A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2 ...)
- TODO: check
+ NOT-FOR-US: DzzOffice
CVE-2021-40291
RESERVED
CVE-2021-40290
@@ -9208,23 +9208,23 @@ CVE-2021-38462
CVE-2021-38461
RESERVED
CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2021-38459
RESERVED
CVE-2021-38458 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2021-38457
RESERVED
CVE-2021-38456 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2021-38455
RESERVED
CVE-2021-38454 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2021-38453
RESERVED
CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2021-38451
RESERVED
CVE-2021-38450
@@ -11021,25 +11021,25 @@ CVE-2021-37737
CVE-2021-37736
RESERVED
CVE-2021-37735 (A remote denial of service vulnerability was discovered in Aruba Insta ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-37734 (A remote unauthorized read access to files vulnerability was discovere ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-37733 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...)
NOT-FOR-US: Aruba
CVE-2021-37732 (A remote arbitrary command execution vulnerability was discovered in H ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-37731 (A local path traversal vulnerability was discovered in Aruba SD-WAN So ...)
NOT-FOR-US: Aruba
CVE-2021-37730 (A remote arbitrary command execution vulnerability was discovered in H ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-37729 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...)
NOT-FOR-US: Aruba
CVE-2021-37728 (A remote path traversal vulnerability was discovered in Aruba Operatin ...)
NOT-FOR-US: Aruba
CVE-2021-37727 (A remote arbitrary command execution vulnerability was discovered in H ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-37726 (A remote buffer overflow vulnerability was discovered in HPE Aruba Ins ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-37725 (A remote cross-site request forgery (csrf) vulnerability was discovere ...)
NOT-FOR-US: Aruba
CVE-2021-37724 (A remote arbitrary command execution vulnerability was discovered in A ...)
@@ -12211,7 +12211,7 @@ CVE-2021-37201 (A vulnerability has been identified in SINEC NMS (All versions &
CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
NOT-FOR-US: Siemens
CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-37198
RESERVED
CVE-2021-37197
@@ -16866,7 +16866,7 @@ CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution
CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...)
NOT-FOR-US: Solarwinds
CVE-2021-35214 (The vulnerability can be described as a failure to invalidate user ses ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability was disc ...)
NOT-FOR-US: SolarWinds
CVE-2021-35212 (An SQL injection Privilege Escalation Vulnerability was discovered in ...)
@@ -30944,9 +30944,9 @@ CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations in
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1
NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0)
CVE-2021-29645 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendM ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-29644 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remo ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-29643 (PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsa ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to change the U ...)
@@ -36429,7 +36429,7 @@ CVE-2021-27397 (A vulnerability has been identified in Tecnomatix Plant Simulati
CVE-2021-27396 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
NOT-FOR-US: Tecnomatix Plant Simulation
CVE-2021-27395 (A vulnerability has been identified in SIMATIC Process Historian 2013 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-27394 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Mendix Applications (Siemens)
CVE-2021-27393 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
@@ -37322,7 +37322,7 @@ CVE-2021-27005
CVE-2021-27004
RESERVED
CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 a ...)
- TODO: check
+ NOT-FOR-US: Clustered Data ONTAP (NetApp)
CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...)
NOT-FOR-US: NetApp Cloud Manager
CVE-2021-27001
@@ -65172,7 +65172,7 @@ CVE-2020-28147
CVE-2020-28146 (Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and ...)
NOT-FOR-US: Eyoucms
CVE-2020-28145 (Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0 ...)
- TODO: check
+ NOT-FOR-US: wuzhicms
CVE-2020-28144 (Certain Moxa Inc products are affected by an improper restriction of o ...)
NOT-FOR-US: Moxa
CVE-2020-28143
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f396798cbf68b581273d301b6de2e6b480ecc028
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f396798cbf68b581273d301b6de2e6b480ecc028
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211012/a190ce94/attachment.htm>
More information about the debian-security-tracker-commits
mailing list