[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Oct 23 07:50:48 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
50bad0b5 by Salvatore Bonaccorso at 2021-10-23T08:50:21+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2021-42842
CVE-2021-42841
RESERVED
CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the system se ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2021-42839
RESERVED
CVE-2021-42838
@@ -631,7 +631,7 @@ CVE-2021-42558
CVE-2021-42557
RESERVED
CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...)
- TODO: check
+ NOT-FOR-US: Rasa X
CVE-2021-42555
RESERVED
CVE-2021-42554
@@ -675,23 +675,23 @@ CVE-2021-42544
CVE-2021-42543
RESERVED
CVE-2021-42542 (The affected product is vulnerable to directory traversal due to misha ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-42541
RESERVED
CVE-2021-42540 (The affected product is vulnerable to a unsanitized extract folder for ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-42539 (The affected product is vulnerable to a missing permission validation ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-42538 (The affected product is vulnerable to a parameter injection via passph ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-42537
RESERVED
CVE-2021-42536 (The affected product is vulnerable to a disclosure of peer username an ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-42535
RESERVED
CVE-2021-42534 (The affected product’s web application does not properly neutral ...)
- TODO: check
+ NOT-FOR-US: Trane
CVE-2021-42533
RESERVED
CVE-2021-42532
@@ -2693,7 +2693,7 @@ CVE-2021-42171
CVE-2021-42170
RESERVED
CVE-2021-42169 (The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite ...)
- TODO: check
+ NOT-FOR-US: Dynamic Tax Bracket in PHP using SQLite Free Source Code
CVE-2021-42168
RESERVED
CVE-2021-42167
@@ -3741,13 +3741,13 @@ CVE-2021-41749
CVE-2021-41748
RESERVED
CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...)
- TODO: check
+ NOT-FOR-US: Csdn APP
CVE-2021-41746
RESERVED
CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can us ...)
- TODO: check
+ NOT-FOR-US: ShowDoc
CVE-2021-41744 (All versions of yongyou PLM are affected by a command injection issue. ...)
- TODO: check
+ NOT-FOR-US: yongyou PLM
CVE-2021-41743
RESERVED
CVE-2021-41742
@@ -5005,7 +5005,7 @@ CVE-2021-41173
CVE-2021-41172
RESERVED
CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for research ...)
- TODO: check
+ NOT-FOR-US: eLabFTW
CVE-2021-41170
RESERVED
CVE-2021-41169 (Sulu is an open-source PHP content management system based on the Symf ...)
@@ -11377,7 +11377,7 @@ CVE-2021-38487
CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cl ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38485 (The affected product is vulnerable to improper input validation in the ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-38484 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38483
@@ -11385,71 +11385,71 @@ CVE-2021-38483
CVE-2021-38482 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 we ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38481 (The scheduler service running on a specific TCP port enables the user ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38480 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38479 (Many API function codes receive raw pointers remotely from the user an ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38478 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38477 (There are multiple API function codes that permit reading and writing ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38476 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 au ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38475 (The database connection to the server is performed by calling a specif ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38474 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38473 (The affected product’s code base doesn’t properly control ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38472 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ma ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38471 (There are multiple API function codes that permit data writing to any ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38470 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38469 (Many of the services used by the affected product do not specify full ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38468 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38467 (A specific function code receives a raw pointer supplied by the user a ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38466 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38465 (The webinstaller is a Golang web server executable that enables the ge ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38464 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38463 (The affected product does not properly control the allocation of resou ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38462 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38461 (The affected product uses a hard-coded blowfish key for encryption/dec ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
NOT-FOR-US: Moxa
CVE-2021-38459 (The data of a network capture of the initial handshake phase can be us ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38458 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
NOT-FOR-US: Moxa
CVE-2021-38457 (The server permits communication without any authentication procedure, ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38456 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
NOT-FOR-US: Moxa
CVE-2021-38455 (The affected product’s OS Service does not verify any given para ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38454 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
NOT-FOR-US: Moxa
CVE-2021-38453 (Some API functions allow interaction with the registry, which includes ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
NOT-FOR-US: Moxa
CVE-2021-38451 (The affected product’s proprietary protocol CSC allows for calli ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38450
RESERVED
CVE-2021-38449 (Some API functions permit by-design writing or copying data into a giv ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38448
RESERVED
CVE-2021-38447
@@ -16424,7 +16424,7 @@ CVE-2021-36359 (OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticate
CVE-2021-36358
RESERVED
CVE-2021-36357 (An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() ...)
- TODO: check
+ NOT-FOR-US: OpenPOWER firwmware
CVE-2021-36356 (KRAMER VIAware through August 2021 allows remote attackers to execute ...)
NOT-FOR-US: KRAMER VIAware
CVE-2021-36355
@@ -19136,7 +19136,7 @@ CVE-2021-35232
CVE-2021-35231
RESERVED
CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...)
- TODO: check
+ NOT-FOR-US: Kiwi CatTools Installation Wizard
CVE-2021-35229
RESERVED
CVE-2021-35228 (This vulnerability occurred due to missing input sanitization for one ...)
@@ -27469,9 +27469,9 @@ CVE-2021-31837 (Memory corruption vulnerability in the driver file component in
CVE-2021-31836 (Improper privilege management vulnerability in maconfig for McAfee Age ...)
NOT-FOR-US: McAfee
CVE-2021-31835 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrat ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-31833
RESERVED
CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator extension fo ...)
@@ -27962,7 +27962,7 @@ CVE-2021-31684 (A vulnerability was discovered in the indexOf function of JSONPa
CVE-2021-31683
RESERVED
CVE-2021-31682 (The login portal for the Automated Logic WebCTRL/WebCTRL OEM web appli ...)
- TODO: check
+ NOT-FOR-US: Automated Logic WebCTRL/WebCTRL OEM web application
CVE-2021-31681
RESERVED
CVE-2021-31680
@@ -31354,7 +31354,7 @@ CVE-2021-30361
CVE-2021-30360
RESERVED
CVE-2021-30359 (The Harmony Browse and the SandBlast Agent for Browsers installers mus ...)
- TODO: check
+ NOT-FOR-US: Harmony Browse and the SandBlast Agent for Browsers installers
CVE-2021-30358 (Mobile Access Portal Native Applications who's path is defined by the ...)
NOT-FOR-US: Mobile Access Portal Native Applications
CVE-2021-30357 (SSL Network Extender Client for Linux before build 800008302 reveals p ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50bad0b57f523b58b4644e360da6f2372f46a071
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50bad0b57f523b58b4644e360da6f2372f46a071
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211023/d8a4ea16/attachment.htm>
More information about the debian-security-tracker-commits
mailing list