[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 28 21:23:26 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1dd5d16e by Salvatore Bonaccorso at 2021-09-28T22:23:03+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -500,21 +500,21 @@ CVE-2021-41542
CVE-2021-41541
RESERVED
CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41538 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41537 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41536 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41535 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41534 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41533 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41532
RESERVED
CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if ...)
@@ -958,7 +958,7 @@ CVE-2021-41320
CVE-2021-41319
RESERVED
CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an application endpo ...)
- TODO: check
+ NOT-FOR-US: Progress WhatsUp Gold
CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce authent ...)
NOT-FOR-US: XSS Hunter Express
CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize user inp ...)
@@ -1426,7 +1426,7 @@ CVE-2021-41106
CVE-2021-41105
RESERVED
CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with web_serv ...)
- TODO: check
+ NOT-FOR-US: ESPHome
CVE-2021-41103
RESERVED
CVE-2021-41102
@@ -7925,7 +7925,7 @@ CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute a
CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL driver in ...)
NOT-FOR-US: National Instruments NI-PAL driver
CVE-2021-38303 (A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0 ...)
- TODO: check
+ NOT-FOR-US: Sureline SUREedge Migrator
CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. ...)
NOT-FOR-US: Newsletter extension for TYPO3
CVE-2021-38301
@@ -10366,7 +10366,7 @@ CVE-2021-37275
CVE-2021-37274 (Kingdee KIS Professional Edition has a privilege escalation vulnerabil ...)
NOT-FOR-US: Kingdee KIS Professional Edition
CVE-2021-37273 (A Denial of Service issue exists in China Telecom Corporation EPON Tia ...)
- TODO: check
+ NOT-FOR-US: Tianyi Gateway
CVE-2021-37272
RESERVED
CVE-2021-37271 (Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, w ...)
@@ -10749,11 +10749,11 @@ CVE-2021-37108
CVE-2021-37107
RESERVED
CVE-2021-37106 (There is a command injection vulnerability in CMA service module of Fu ...)
- TODO: check
+ NOT-FOR-US: FusionCompute (Huawei)
CVE-2021-37105 (There is an improper file upload control vulnerability in FusionComput ...)
- TODO: check
+ NOT-FOR-US: FusionCompute (Huawei)
CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI P40 ver ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37103
RESERVED
CVE-2021-37102
@@ -12441,13 +12441,13 @@ CVE-2021-36367 (PuTTY through 0.75 proceeds with establishing an SSH session eve
[stretch] - putty <no-dsa> (Minor issue)
NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa
CVE-2021-36366 (Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-36365 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairm ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-36364 (Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-36363 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-36362
RESERVED
CVE-2021-36361
@@ -12884,7 +12884,7 @@ CVE-2021-36167
CVE-2021-36166
RESERVED
CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by c ...)
- TODO: check
+ NOT-FOR-US: RICON Industrial Cellular Router
CVE-2021-36164
RESERVED
CVE-2021-36163 (In Apache Dubbo, users may choose to use the Hessian protocol. The Hes ...)
@@ -16469,7 +16469,7 @@ CVE-2021-34638 (Authenticated Directory Traversal in WordPress Download Manager
CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site Request Fo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34636 (The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34634 (The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Req ...)
@@ -18888,9 +18888,9 @@ CVE-2021-33603
CVE-2021-33602
RESERVED
CVE-2021-33601 (A vulnerability was discovered in the web user interface of F-Secure I ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2021-33600 (A denial-of-service (DoS) vulnerability was discovered in the web user ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2021-33599 (A vulnerability affecting F-Secure Antivirus engine was discovered whe ...)
NOT-FOR-US: F-Secure Antivirus
CVE-2021-33598 (A Denial-of-Service (DoS) vulnerability was discovered in all versions ...)
@@ -29945,25 +29945,25 @@ CVE-2021-29369 (The gnuplot package prior to version 0.1.0 for Node.js allows co
CVE-2021-29368
RESERVED
CVE-2021-29367 (A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29366 (A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irf ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29365 (Irfanview 4.57 is affected by an infinite loop when processing a craft ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29364 (A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanvi ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29363 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanvie ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29362 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanvie ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29361 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfa ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29360 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfa ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29359
RESERVED
CVE-2021-29358 (A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29357 (The ECT Provider component in OutSystems Platform Server 10 before 10. ...)
NOT-FOR-US: OutSystems Platform Server
CVE-2021-29356
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dd5d16e31acc7f1452609455584fa72002d5cf4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dd5d16e31acc7f1452609455584fa72002d5cf4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210928/5da993fa/attachment.htm>
More information about the debian-security-tracker-commits
mailing list