[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 8 21:24:55 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b5e6bf74 by Salvatore Bonaccorso at 2021-09-08T22:23:18+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -916,7 +916,7 @@ CVE-2021-40379 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_
CVE-2021-40378 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...)
NOT-FOR-US: Compro devices
CVE-2021-40377 (SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The ap ...)
- TODO: check
+ NOT-FOR-US: SmarterTools
CVE-2021-40376
RESERVED
CVE-2021-40375
@@ -5362,7 +5362,7 @@ CVE-2021-38390 (A Blind SQL injection vulnerability exists in the /DataHandler/H
CVE-2021-38389
RESERVED
CVE-2021-38388 (Central Dogma allows privilege escalation with mirroring to the intern ...)
- TODO: check
+ NOT-FOR-US: Central Dogma
CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before disconnect ...)
NOT-FOR-US: Contiki
CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows remote ...)
@@ -9320,7 +9320,7 @@ CVE-2021-36697
CVE-2021-36696 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...)
NOT-FOR-US: Deskpro
CVE-2021-36695 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...)
- TODO: check
+ NOT-FOR-US: Deskpro
CVE-2021-36694
RESERVED
CVE-2021-36693
@@ -10345,9 +10345,9 @@ CVE-2021-36218
CVE-2021-36217
REJECTED
CVE-2021-36216 (LINE for Windows 6.2.1.2289 and before allows arbitrary code execution ...)
- TODO: check
+ NOT-FOR-US: LINE for Windows
CVE-2021-36215 (LINE client for iOS 10.21.3 and before allows address bar spoofing due ...)
- TODO: check
+ NOT-FOR-US: LINE client for iOS
CVE-2021-36214 (LINE client for iOS before 10.16.3 allows cross site script with speci ...)
NOT-FOR-US: LINE client for iOS
CVE-2021-36213 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default de ...)
@@ -10417,13 +10417,13 @@ CVE-2021-36184
CVE-2021-36183
RESERVED
CVE-2021-36182 (A Improper neutralization of special elements used in a command ('Comm ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-36181
RESERVED
CVE-2021-36180
RESERVED
CVE-2021-36179 (A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-36178
RESERVED
CVE-2021-36177
@@ -11966,7 +11966,7 @@ CVE-2021-35528
CVE-2021-35527 (Password autocomplete vulnerability in the web application password fi ...)
NOT-FOR-US: Hitachi ABB Power Grids eSOMS
CVE-2021-35526 (Backup file without encryption vulnerability is found in Hitachi ABB P ...)
- TODO: check
+ NOT-FOR-US: Hitachi ABB Power Grids System Data Manager
CVE-2021-3624 [buffer-overflow caused by integer-overflow in foveon_load_camf()]
RESERVED
- dcraw <unfixed> (bug #984761)
@@ -12711,7 +12711,7 @@ CVE-2021-35219 (ExportToPdfCmd Arbitrary File Read Information Disclosure Vulner
CVE-2021-35218 (Deserialization of Untrusted Data in the Web Console Chart Endpoint ca ...)
NOT-FOR-US: Solarwinds
CVE-2021-35217 (Insecure Deseralization of untrusted data remote code execution vulner ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution vulne ...)
NOT-FOR-US: Solarwinds
CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...)
@@ -15474,9 +15474,9 @@ CVE-2021-33984
CVE-2021-33983
RESERVED
CVE-2021-33982 (An insufficient session expiration vulnerability exists in the "Fish | ...)
- TODO: check
+ NOT-FOR-US: "Fish | Hunt FL" iOS app
CVE-2021-33981 (An insecure, direct object vulnerability in hunting/fishing license re ...)
- TODO: check
+ NOT-FOR-US: "Fish | Hunt FL" iOS app
CVE-2021-33980
RESERVED
CVE-2021-33979
@@ -22340,7 +22340,7 @@ CVE-2021-31276
CVE-2021-31275
RESERVED
CVE-2021-31274 (In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2021-31273
RESERVED
CVE-2021-31272 (SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c cont ...)
@@ -47270,8 +47270,6 @@ CVE-2020-35701 (An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL inj
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/565e0604a53f4988dc5b544d01f4a631eaa80d82
CVE-2020-35700 (A second-order SQL injection issue in Widgets/TopDevicesController.php ...)
NOT-FOR-US: LibreNMS
- NOTE: https://github.com/librenms/librenms/releases/tag/21.1.0
- NOTE: https://github.com/librenms/librenms/pull/12422
CVE-2020-35699
RESERVED
CVE-2020-35698
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5e6bf74cec4a695432a43543939fdd64e02f923
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5e6bf74cec4a695432a43543939fdd64e02f923
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210908/1475f6a3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list