[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 14 21:19:43 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c4708bfb by Salvatore Bonaccorso at 2021-09-14T22:15:49+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6547,13 +6547,13 @@ CVE-2021-38179
CVE-2021-38178
RESERVED
CVE-2021-38177 (SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null poin ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-38176 (Due to improper input sanitization, an authenticated user with certain ...)
TODO: check
CVE-2021-38175 (SAP Analysis for Microsoft Office - version 2.8, allows an attacker wi ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-38174 (When a user opens manipulated files received from untrusted sources in ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-3689 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...)
- yii <itp> (bug #597899)
CVE-2020-36472 (An issue was discovered in the max7301 crate before 0.2.0 for Rust. Th ...)
@@ -6664,11 +6664,11 @@ CVE-2021-38168 (Roxy-WI through 5.2.2.0 allows authenticated SQL injection via s
CVE-2021-38167 (Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unaut ...)
NOT-FOR-US: Roxy-WI
CVE-2021-38164 (SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-38163 (SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7. ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-38161
RESERVED
CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is a ...)
@@ -6709,7 +6709,7 @@ CVE-2021-38152 (index.php/appointment/insert_patient_add_appointment in Chikitsa
CVE-2021-38151 (index.php/appointment/todos in Chikitsa Patient Management System 2.0. ...)
NOT-FOR-US: Chikitsa Patient Management System
CVE-2021-38150 (When an attacker manages to get access to the local memory, or the mem ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 a ...)
NOT-FOR-US: Chikitsa Patient Management System
CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for non-htt ...)
@@ -8088,15 +8088,15 @@ CVE-2021-37537
CVE-2021-37536
RESERVED
CVE-2021-37535 (SAP NetWeaver Application Server Java (JMS Connector Service) - versio ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-37534 (app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when ...)
NOT-FOR-US: MISP
CVE-2021-37533
RESERVED
CVE-2021-37532 (SAP Business One version - 10, due to improper input validation, allow ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-37531 (SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7. ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-37530
RESERVED
CVE-2021-37529
@@ -16954,13 +16954,13 @@ CVE-2021-33690
CVE-2021-33689 (When user with insufficient privileges tries to access any application ...)
NOT-FOR-US: SAP
CVE-2021-33688 (SAP Business One allows an attacker with business privileges to execut ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-33687 (SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30 ...)
NOT-FOR-US: SAP
CVE-2021-33686 (Under certain conditions, SAP Business One version - 10.0, allows an u ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-33685 (SAP Business One version - 10.0 allows low-level authorized attacker t ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-33684 (SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7. ...)
NOT-FOR-US: SAP
CVE-2021-33683 (SAP Web Dispatcher and Internet Communication Manager (ICM), versions ...)
@@ -16972,7 +16972,7 @@ CVE-2021-33681 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to o
CVE-2021-33680 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
NOT-FOR-US: SAP
CVE-2021-33679 (The SAP BusinessObjects BI Platform version - 420 allows an attacker, ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-33678 (A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), ...)
NOT-FOR-US: SAP
CVE-2021-33677 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, ...)
@@ -16980,13 +16980,13 @@ CVE-2021-33677 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702
CVE-2021-33676 (A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 7 ...)
NOT-FOR-US: SAP
CVE-2021-33675 (Under certain conditions, SAP Contact Center - version 700, does not s ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-33674 (Under certain conditions, SAP Contact Center - version 700, does not s ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-33673 (Under certain conditions, SAP Contact Center - version 700,does not su ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-33672 (Due to missing encoding in SAP Contact Center's Communication Desktop ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-33671 (SAP NetWeaver Guided Procedures (Administration Workset), versions - 7 ...)
NOT-FOR-US: SAP
CVE-2021-33670 (SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - ...)
@@ -26843,7 +26843,7 @@ CVE-2021-29843
CVE-2021-29842
RESERVED
CVE-2021-29841 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29840
RESERVED
CVE-2021-29839
@@ -43077,51 +43077,51 @@ CVE-2021-23055
CVE-2021-23054
RESERVED
CVE-2021-23053 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x be ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23052 (On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23051 (On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Develo ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23050 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 a ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23049 (On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, whe ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23048 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23047 (On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 1 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23046 (On all versions of Guided Configuration before 8.0.0, when a configura ...)
TODO: check
CVE-2021-23045 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23044 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x b ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23043 (On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23042 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23041 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23040 (On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23039 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23038 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x befo ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23037 (On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23036 (On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe prof ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23035 (On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured o ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23034 (On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23033 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15. ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23032 (On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 1 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23031 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2021-23030
RESERVED
CVE-2021-23029
@@ -47528,7 +47528,7 @@ CVE-2021-21491 (SAP Netweaver Application Server Java (Applications based on Web
CVE-2021-21490 (SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, ...)
NOT-FOR-US: SAP
CVE-2021-21489 (SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.3 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-21488 (Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allow ...)
NOT-FOR-US: Knowledge Management
CVE-2021-21487 (SAP Payment Engine version 500, does not perform necessary authorizati ...)
@@ -50512,7 +50512,7 @@ CVE-2021-20584
CVE-2021-20583 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) coul ...)
NOT-FOR-US: IBM
CVE-2021-20582 (IBM Security Secret Server up to 11.0 stores sensitive information in ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-20581
RESERVED
CVE-2021-20580 (IBM Planning Analytics 2.0 could be vulnerable to cross-site request f ...)
@@ -50538,7 +50538,7 @@ CVE-2021-20571
CVE-2021-20570
RESERVED
CVE-2021-20569 (IBM Security Secret Server up to 11.0 could allow an attacker to enume ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-20568
RESERVED
CVE-2021-20567 (IBM Resilient SOAR V38.0 could allow a local privileged attacker to ob ...)
@@ -50660,7 +50660,7 @@ CVE-2021-20510 (IBM Security Verify Access Docker 10.0.0 stores user credentials
CVE-2021-20509 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable ...)
NOT-FOR-US: IBM
CVE-2021-20508 (IBM Security Secret Server up to 11.0 could allow a remote attacker to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-20507 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
NOT-FOR-US: IBM
CVE-2021-20506 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4708bfbaab0ce382e1e594364f8a780109bec79
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4708bfbaab0ce382e1e594364f8a780109bec79
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210914/c7d3ec77/attachment.htm>
More information about the debian-security-tracker-commits
mailing list