[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 15 09:23:38 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e7335e1c by Salvatore Bonaccorso at 2022-01-15T10:22:58+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5222,7 +5222,7 @@ CVE-2022-21196
CVE-2022-21155
RESERVED
CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...)
- TODO: check
+ NOT-FOR-US: Omron CX-One
CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js ...)
NOT-FOR-US: Node windows
CVE-2021-4154 [cgroup: verify that source is a string]
@@ -5567,7 +5567,7 @@ CVE-2021-45408
CVE-2021-45407
RESERVED
CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to ...)
- TODO: check
+ NOT-FOR-US: SalonERP
CVE-2021-45405
RESERVED
CVE-2021-45404
@@ -6469,9 +6469,9 @@ CVE-2021-26264
CVE-2021-23173 (The affected product is vulnerable to an improper access control, whic ...)
NOT-FOR-US: Philips
CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a he ...)
- TODO: check
+ NOT-FOR-US: WECON LeviStudioU
CVE-2021-23138 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a st ...)
- TODO: check
+ NOT-FOR-US: WECON LeviStudioU
CVE-2021-XXXX [several SQL injection, remote code execution, XSS issues]
- spip 3.2.12-1
[bullseye] - spip 3.2.11-3+deb11u1
@@ -8453,7 +8453,7 @@ CVE-2021-44531 [Improper handling of URI Subject Alternative Names]
NOTE: https://github.com/nodejs/node/commit/e0fe6a635e5929a364986a6c39dc3585b9ddcd85 (v12.x)
NOTE: https://github.com/nodejs/node/commit/a5c7843cab6fdb9c845edadc2a7b9b30e02c8bf2 (v12.x)
CVE-2021-44530 (An injection vulnerability exists in a third-party library used in Uni ...)
- TODO: check
+ NOT-FOR-US: UniFi Network
CVE-2021-44529 (A code injection vulnerability in the Ivanti EPM Cloud Services Applia ...)
NOT-FOR-US: Ivanti
CVE-2021-44528 (A open redirect vulnerability exists in Action Pack >= 6.0.0 that c ...)
@@ -10035,13 +10035,13 @@ CVE-2021-43975 (In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in
[bullseye] - linux 5.10.84-1
NOTE: https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/
CVE-2021-43974 (An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg en ...)
- TODO: check
+ NOT-FOR-US: SysAid ITIL
CVE-2021-43973 (An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysA ...)
- TODO: check
+ NOT-FOR-US: SysAid ITIL
CVE-2021-43972 (An unrestricted file copy vulnerability in /UserSelfServiceSettings.js ...)
- TODO: check
+ NOT-FOR-US: SysAid ITIL
CVE-2021-43971 (A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITI ...)
- TODO: check
+ NOT-FOR-US: SysAid ITIL
CVE-2021-43970
RESERVED
CVE-2021-43969
@@ -10739,7 +10739,7 @@ CVE-2021-3967
CVE-2021-3966
RESERVED
CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to unauthenticated HTT ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2021-43774
RESERVED
CVE-2021-43773
@@ -14428,13 +14428,13 @@ CVE-2021-43057 (An issue was discovered in the Linux kernel before 5.14.8. A use
NOTE: https://git.kernel.org/linus/a3727a8bac0a9e77c70820655fd8715523ba3db7 (5.15-rc3)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2229
CVE-2021-43055 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2021-43054 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2021-43053 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2021-43052 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2021-43051 (The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire ...)
NOT-FOR-US: Spotfire Server component of TIBCO
CVE-2021-43050
@@ -15581,15 +15581,15 @@ CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvclo
CVE-2021-3893
RESERVED
CVE-2021-42562 (An issue was discovered in CALDERA 2.8.1. It does not properly segrega ...)
- TODO: check
+ NOT-FOR-US: CALDERA
CVE-2021-42561 (An issue was discovered in CALDERA 2.8.1. When activated, the Human pl ...)
- TODO: check
+ NOT-FOR-US: CALDERA
CVE-2021-42560 (An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives ...)
- TODO: check
+ NOT-FOR-US: CALDERA
CVE-2021-42559 (An issue was discovered in CALDERA 2.8.1. It contains multiple startup ...)
- TODO: check
+ NOT-FOR-US: CALDERA
CVE-2021-42558 (An issue was discovered in CALDERA 2.8.1. It contains multiple reflect ...)
- TODO: check
+ NOT-FOR-US: CALDERA
CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...)
NOT-FOR-US: Jeedom
CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...)
@@ -15619,7 +15619,7 @@ CVE-2021-42553
CVE-2021-42552
RESERVED
CVE-2021-42551 (Cross-site Scripting (XSS) vulnerability in the search functionality o ...)
- TODO: check
+ NOT-FOR-US: AlCoda NetBiblio WebOPAC
CVE-2021-42549 (Insufficient Input Validation in the search functionality of Wordpress ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-42548 (Insufficient Input Validation in the search functionality of Wordpress ...)
@@ -19154,7 +19154,7 @@ CVE-2021-41599
CVE-2021-41598
RESERVED
CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...)
NOT-FOR-US: SuiteCRM
CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...)
@@ -21084,7 +21084,7 @@ CVE-2021-40815
CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulner ...)
NOT-FOR-US: PrestaShop addon
CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip content" featur ...)
- TODO: check
+ NOT-FOR-US: Element-IT HTTP Commander
CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...)
- libgd2 <unfixed>
[bullseye] - libgd2 <no-dsa> (Minor issue)
@@ -21276,7 +21276,7 @@ CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are aff
CVE-2021-40723
RESERVED
CVE-2021-40722 (AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and bel ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-40721 (Adobe Connect version 11.2.3 (and earlier) is affected by a reflected ...)
NOT-FOR-US: Adobe
CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...)
@@ -22278,7 +22278,7 @@ CVE-2021-3751 (libmobi is vulnerable to Out-of-bounds Write ...)
CVE-2021-40328
RESERVED
CVE-2021-40327 (Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incor ...)
- TODO: check
+ NOT-FOR-US: Trusted Firmware-M (TF-M)
CVE-2021-40326
RESERVED
CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for modification of s ...)
@@ -26181,13 +26181,13 @@ CVE-2020-36473 (UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP,
CVE-2021-38693
RESERVED
CVE-2021-38692 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38691 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38690 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38689 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38688 (An improper authentication vulnerability has been reported to affect A ...)
NOT-FOR-US: QNAP
CVE-2021-38687 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
@@ -26201,7 +26201,7 @@ CVE-2021-38684 (A stack buffer overflow vulnerability has been reported to affec
CVE-2021-38683
RESERVED
CVE-2021-38682 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38681 (A reflected cross-site scripting (XSS) vulnerability has been reported ...)
NOT-FOR-US: QNAP
CVE-2021-38680 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
@@ -26209,9 +26209,9 @@ CVE-2021-38680 (A cross-site scripting (XSS) vulnerability has been reported to
CVE-2021-38679
RESERVED
CVE-2021-38678 (An open redirect vulnerability has been reported to affect QNAP device ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38677 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38676
RESERVED
CVE-2021-38675 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
@@ -29544,9 +29544,9 @@ CVE-2021-3660
[buster] - cockpit <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980688
CVE-2021-37401 (An attacker may obtain the user credentials from file servers, backup ...)
- TODO: check
+ NOT-FOR-US: IDEC
CVE-2021-37400 (An attacker may obtain the user credentials from the communication bet ...)
- TODO: check
+ NOT-FOR-US: IDEC
CVE-2021-37399
RESERVED
CVE-2021-37398
@@ -30649,7 +30649,7 @@ CVE-2021-36922 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/A
CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...)
NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices
CVE-2021-36920 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability disco ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabil ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36918
@@ -32320,7 +32320,7 @@ CVE-2021-36201
CVE-2021-36200
RESERVED
CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can cause some ...)
- TODO: check
+ NOT-FOR-US: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc.
CVE-2021-36198 (Successful exploitation of this vulnerability could allow an unauthori ...)
NOT-FOR-US: Sensormatic Electronics, LLC
CVE-2021-36197
@@ -34067,7 +34067,7 @@ CVE-2021-3620
- ansible-base <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767
CVE-2021-35500 (The Data Virtualization Server component of TIBCO Software Inc.'s TIBC ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2021-35499 (The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus cont ...)
NOT-FOR-US: TIBCO
CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...)
@@ -35212,17 +35212,17 @@ CVE-2021-35000
CVE-2021-34999
RESERVED
CVE-2021-34998 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Panda Security Free Antivirus
CVE-2021-34997 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Commvault CommCell
CVE-2021-34996 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Commvault CommCell
CVE-2021-34995 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Commvault CommCell
CVE-2021-34994 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Commvault CommCell
CVE-2021-34993 (This vulnerability allows remote attackers to bypass authentication on ...)
- TODO: check
+ NOT-FOR-US: Commvault CommCell
CVE-2021-34992 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Orckestra C1 CMS
CVE-2021-34991 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
@@ -35238,9 +35238,9 @@ CVE-2021-34987
CVE-2021-34986
RESERVED
CVE-2021-34985 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley ContextCapture
CVE-2021-34984 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley ContextCapture
CVE-2021-34983
RESERVED
CVE-2021-34982
@@ -35253,13 +35253,13 @@ CVE-2021-34981 [Bluetooth CMTP Module Double Free Privilege Escalation Vulnerabi
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-1223/
NOTE: https://git.kernel.org/linus/3cfdf8fcaafa62a4123f92eb0f4a72650da3a479 (5.14-rc1)
CVE-2021-34980 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-34979 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-34978 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-34977 (This vulnerability allows network-adjacent attackers to bypass authent ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-34976
RESERVED
CVE-2021-34975
@@ -35321,157 +35321,157 @@ CVE-2021-34948
CVE-2021-34947
RESERVED
CVE-2021-34946 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34945 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34944 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34943 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34942 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34941 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34940 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34939 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34938 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34937 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34936 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34935 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34934 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34933 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34932 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34931 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34930 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34929 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34928 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34927 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34926 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34925 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34924 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34923 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34922 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34921 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34920 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34919 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34918 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34917 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34916 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34915 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34914 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34913 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34912 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34911 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34910 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34909 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34908 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34907 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34906 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34905 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34904 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34903 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34902 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34901 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34900 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34899 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34898 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34897 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34896 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34895 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34894 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34893 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34892 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34891 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34890 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34889 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34888 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34887 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34886 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34885 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34884 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34883 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34882 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34881 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34880 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34879 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34878 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34877 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34876 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34875 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34874 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34873 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34872 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34871 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34870
RESERVED
CVE-2021-34869
@@ -35849,7 +35849,7 @@ CVE-2021-34706 (A vulnerability in the web-based management interface of Cisco I
CVE-2021-34705 (A vulnerability in the Voice Telephony Service Provider (VTSP) service ...)
NOT-FOR-US: Cisco
CVE-2021-34704 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34703 (A vulnerability in the Link Layer Discovery Protocol (LLDP) message pa ...)
NOT-FOR-US: Cisco
CVE-2021-34702 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -37540,7 +37540,7 @@ CVE-2021-33964
CVE-2021-33963
RESERVED
CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS comman ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-33961
RESERVED
CVE-2021-33960
@@ -39858,7 +39858,7 @@ CVE-2021-33048
CVE-2021-33047
RESERVED
CVE-2021-33046 (Some Dahua products have access control vulnerability in the password ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2021-33045 (The identity authentication bypass vulnerability found in some Dahua p ...)
NOT-FOR-US: Dahua
CVE-2021-33044 (The identity authentication bypass vulnerability found in some Dahua p ...)
@@ -40893,9 +40893,9 @@ CVE-2021-32652 (Nextcloud Mail is a mail app for the Nextcloud platform. A missi
CVE-2021-32651 (OneDev is a development operations platform. If the LDAP external auth ...)
NOT-FOR-US: OneDev
CVE-2021-32650 (October CMS is a self-hosted content management system (CMS) platform ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2021-32649 (October CMS is a self-hosted content management system (CMS) platform ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2021-32648 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...)
NOT-FOR-US: October CMS
CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected versions ...)
@@ -51771,9 +51771,9 @@ CVE-2021-28509
CVE-2021-28508
RESERVED
CVE-2021-28507 (An issue has recently been discovered in Arista EOS where, under certa ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28506 (An issue has recently been discovered in Arista EOS where certain gNOI ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28505
RESERVED
CVE-2021-28504
@@ -51783,9 +51783,9 @@ CVE-2021-28503
CVE-2021-28502
RESERVED
CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the incorrec ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28500 (An issue has recently been discovered in Arista EOS where the incorrec ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28499 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
NOT-FOR-US: Arista
CVE-2021-28498 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
@@ -52045,9 +52045,9 @@ CVE-2021-28379 (web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP
CVE-2021-28378 (Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue dat ...)
- gitea <removed>
CVE-2021-28377 (ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary fi ...)
- TODO: check
+ NOT-FOR-US: ChronoForums
CVE-2021-28376 (ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary f ...)
- TODO: check
+ NOT-FOR-US: ChronoForums
CVE-2021-28373 (The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03- ...)
- tt-rss <not-affected> (Vulnerable code introduced later)
NOTE: https://community.tt-rss.org/t/check-password-not-called-if-otp-is-enabled-update-asap-if-youre-using-2fa/4502
@@ -72341,9 +72341,9 @@ CVE-2021-20615
CVE-2021-20614
RESERVED
CVE-2021-20613 (Improper initialization vulnerability in MELSEC-F series FX3U-ENET Fir ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2021-20612 (Lack of administrator control over security vulnerability in MELSEC-F ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2021-20611 (Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/0 ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20610 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
@@ -79369,7 +79369,7 @@ CVE-2020-28681
CVE-2020-28680
RESERVED
CVE-2020-28679 (A vulnerability in the showReports module of Zoho ManageEngine Applica ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2020-28678
RESERVED
CVE-2020-28677
@@ -79555,7 +79555,7 @@ CVE-2021-1575 (A vulnerability in the web-based management interface of Cisco Vi
CVE-2021-1574 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1573 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1572 (A vulnerability in ConfD could allow an authenticated, local attacker ...)
NOT-FOR-US: Cisco
CVE-2021-1571 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -83468,9 +83468,9 @@ CVE-2020-28105
CVE-2020-28104
RESERVED
CVE-2020-28103 (cscms v4.1 allows for SQL injection via the "page_del" function. ...)
- TODO: check
+ NOT-FOR-US: cscms
CVE-2020-28102 (cscms v4.1 allows for SQL injection via the "js_del" function. ...)
- TODO: check
+ NOT-FOR-US: cscms
CVE-2020-28101
RESERVED
CVE-2020-28100
@@ -98231,7 +98231,7 @@ CVE-2020-22059
CVE-2020-22058
RESERVED
CVE-2020-22057 (The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precisio ...)
- TODO: check
+ NOT-FOR-US: EVGA Precision XOC
CVE-2020-22056 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
- ffmpeg 7:4.3-2 (unimportant)
[stretch] - ffmpeg <not-affected> (vulnerable code is not present)
@@ -111533,7 +111533,7 @@ CVE-2020-15935 (A cleartext storage of sensitive information in GUI in FortiADC
CVE-2020-15934
RESERVED
CVE-2020-15933 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, c ...)
NOT-FOR-US: Overwolf
CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote attackers to ...)
@@ -128690,7 +128690,7 @@ CVE-2020-10139 (Acronis True Image 2021 includes an OpenSSL component that speci
CVE-2020-10138 (Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL comp ...)
NOT-FOR-US: Acronis
CVE-2020-10137 (Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do n ...)
- TODO: check
+ NOT-FOR-US: Z-Wave devices
CVE-2020-10136 (Multiple products that implement the IP Encapsulation within IP standa ...)
NOT-FOR-US: Cisco
CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...)
@@ -131262,15 +131262,15 @@ CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not au
CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version ...)
NOT-FOR-US: Diebold Nixdorf ProCash 2100xe USB ATMs
CVE-2020-9061 (Z-Wave devices using Silicon Labs 500 and 700 series chipsets, includi ...)
- TODO: check
+ NOT-FOR-US: Z-Wave devices
CVE-2020-9060 (Z-Wave devices based on Silicon Labs 500 series chipsets using S2, inc ...)
- TODO: check
+ NOT-FOR-US: Z-Wave devices
CVE-2020-9059 (Z-Wave devices based on Silicon Labs 500 series chipsets using S0 auth ...)
- TODO: check
+ NOT-FOR-US: Z-Wave devices
CVE-2020-9058 (Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 ...)
- TODO: check
+ NOT-FOR-US: Z-Wave devices
CVE-2020-9057 (Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets ...)
- TODO: check
+ NOT-FOR-US: Z-Wave devices
CVE-2020-9056 (Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scr ...)
NOT-FOR-US: Periscope BuySpeed
CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnera ...)
@@ -134412,7 +134412,7 @@ CVE-2020-7885
CVE-2020-7884
RESERVED
CVE-2020-7883 (Printchaser v2.2021.804.1 and earlier versions contain a vulnerability ...)
- TODO: check
+ NOT-FOR-US: Printchaser
CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can see th ...)
NOT-FOR-US: anySign
CVE-2020-7881 (The vulnerability function is enabled when the streamer service relate ...)
@@ -134422,7 +134422,7 @@ CVE-2020-7880 (The vulnerabilty was discovered in ActiveX module related to NeoR
CVE-2020-7879 (This issue was discovered when the ipTIME C200 IP Camera was synchroni ...)
NOT-FOR-US: ipTIME C200 IP Camera
CVE-2020-7878 (An arbitrary file download and execution vulnerability was found in th ...)
- TODO: check
+ NOT-FOR-US: VideoOffice
CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote adminis ...)
NOT-FOR-US: ZOOK
CVE-2020-7876
@@ -139383,7 +139383,7 @@ CVE-2019-20358 (Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and
CVE-2019-20357 (A Persistent Arbitrary Code Execution vulnerability exists in the Tren ...)
NOT-FOR-US: Trend Micro
CVE-2020-5956 (An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2020-5955 (An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O befor ...)
NOT-FOR-US: Int15MicrocodeSmm
CVE-2020-5954
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7335e1c62610b0d53f8afcdbe2e02c3eb4b2ffc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7335e1c62610b0d53f8afcdbe2e02c3eb4b2ffc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220115/26ac5a83/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list