[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jan 31 21:12:52 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
709d23d3 by Salvatore Bonaccorso at 2022-01-31T22:12:18+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1561,9 +1561,9 @@ CVE-2021-46461
CVE-2021-46460
RESERVED
CVE-2021-46459 (Victor CMS v1.0 was discovered to contain multiple SQL injection vulne ...)
- TODO: check
+ NOT-FOR-US: Victor CMS
CVE-2021-46458 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Victor CMS
CVE-2021-46457
RESERVED
CVE-2021-46456
@@ -10027,7 +10027,7 @@ CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before
CVE-2021-45106
RESERVED
CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an attacker to ac ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-44462
RESERVED
CVE-2021-4137
@@ -12764,7 +12764,7 @@ CVE-2021-44257
CVE-2021-44256
RESERVED
CVE-2021-44255 (Authenticated remote code execution in MotionEye <= 0.42.1 and Moti ...)
- TODO: check
+ NOT-FOR-US: MotionEye
CVE-2021-44254
RESERVED
CVE-2021-44253
@@ -13320,7 +13320,7 @@ CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <
CVE-2021-44115
RESERVED
CVE-2021-44114 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stoc ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-44113
RESERVED
CVE-2021-44112
@@ -19218,7 +19218,7 @@ CVE-2021-42637
CVE-2021-42636
RESERVED
CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcode ...)
- TODO: check
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42634
RESERVED
CVE-2021-42633
@@ -19226,7 +19226,7 @@ CVE-2021-42633
CVE-2021-42632
RESERVED
CVE-2021-42631 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes a ...)
- TODO: check
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42630
RESERVED
CVE-2021-42629
@@ -26825,7 +26825,7 @@ CVE-2021-40044
CVE-2021-40043
RESERVED
CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huawei pro ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n pr ...)
NOT-FOR-US: Huawei
CVE-2021-40040
@@ -26843,7 +26843,7 @@ CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary error
CVE-2021-40034
RESERVED
CVE-2021-40033 (There is an information exposure vulnerability on several Huawei Produ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40032 (The bone voice ID TA has a vulnerability in information management,Suc ...)
NOT-FOR-US: Huawei
CVE-2021-40031 (There is a Null pointer dereference vulnerability in the camera module ...)
@@ -39589,7 +39589,7 @@ CVE-2021-34807 (An open redirect vulnerability exists in the /preauth Servlet in
CVE-2021-34806
RESERVED
CVE-2021-34805 (An issue was discovered in FAUST iServer before 9.0.019.019.7. For eac ...)
- TODO: check
+ NOT-FOR-US: FAUST iServer
CVE-2021-34804
RESERVED
CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certai ...)
@@ -47667,7 +47667,7 @@ CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol chec
NOTE: https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4
NOTE: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759
CVE-2021-31617 (In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8. ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...)
NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware
CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Spec ...)
@@ -54691,7 +54691,7 @@ CVE-2021-28964 (A race condition was discovered in get_old_root in fs/btrfs/ctre
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
CVE-2021-28962 (Stormshield Network Security (SNS) before 4.2.2 allows a read-only adm ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDN ...)
NOT-FOR-US: DDNS package for OpenWrt
CVE-2021-28960 (Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthe ...)
@@ -57979,7 +57979,7 @@ CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior c
CVE-2021-27655
RESERVED
CVE-2021-27654 (Forgotten password reset functionality for local accounts can be used ...)
- TODO: check
+ NOT-FOR-US: Pega
CVE-2021-27653 (Misconfiguration of the Pega Chat Access Group portal in Pega platform ...)
NOT-FOR-US: Pega
CVE-2021-27652
@@ -67204,7 +67204,7 @@ CVE-2021-23865
CVE-2021-23864
RESERVED
CVE-2021-23863 (HTML code injection vulnerability in Android Application, Bosch Video ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23862 (A crafted configuration packet sent by an authenticated administrative ...)
NOT-FOR-US: Bosch
CVE-2021-23861 (By executing a special command, an user with administrative rights can ...)
@@ -69561,47 +69561,47 @@ CVE-2021-22829
CVE-2021-22828
RESERVED
CVE-2021-22827 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22826 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22825 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22824
RESERVED
CVE-2021-22823
RESERVED
CVE-2021-22822 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22821 (A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22820 (A CWE-614 Insufficient Session Expiration vulnerability exists that co ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22819 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22818 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22817
RESERVED
CVE-2021-22816 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22815 (A CWE-200: Information Exposure vulnerability exists which could cause ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22814 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22813 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22811 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22810 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22809 (A CWE-125:Out-of-Bounds Read vulnerability exists that could cause uni ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22808 (A CWE-416: Use After Free vulnerability exists that could cause arbitr ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22807 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause a ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22806
RESERVED
CVE-2021-22805
@@ -69617,7 +69617,7 @@ CVE-2021-22801
CVE-2021-22800
RESERVED
CVE-2021-22799 (A CWE-331: Insufficient Entropy vulnerability exists that could cause ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22798
RESERVED
CVE-2021-22797
@@ -69765,9 +69765,9 @@ CVE-2021-22727 (A CWE-331: Insufficient Entropy vulnerability exists in EVlink C
CVE-2021-22726 (A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22725 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22724 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22723 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22722 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
@@ -73018,7 +73018,7 @@ CVE-2020-36066 (GJSON <1.6.5 allows attackers to cause a denial of service (r
CVE-2020-36065
RESERVED
CVE-2020-36064 (Online Course Registration v1.0 was discovered to contain hardcoded cr ...)
- TODO: check
+ NOT-FOR-US: Online Course Registration
CVE-2020-36063
RESERVED
CVE-2020-36062
@@ -73034,7 +73034,7 @@ CVE-2020-36058
CVE-2020-36057
RESERVED
CVE-2020-36056 (Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_ ...)
- TODO: check
+ NOT-FOR-US: Beetel
CVE-2020-36055
RESERVED
CVE-2020-36054
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/709d23d37d4d0cf2d9614bbc9a8781db528f6be7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/709d23d37d4d0cf2d9614bbc9a8781db528f6be7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220131/d9438775/attachment.htm>
More information about the debian-security-tracker-commits
mailing list