[Git][security-tracker-team/security-tracker][master] NFUs and resolve various TODOs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Mar 10 15:41:05 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
03bae39b by Moritz Muehlenhoff at 2023-03-10T16:40:33+01:00
NFUs and resolve various TODOs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16057,19 +16057,19 @@ CVE-2023-22486 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
- cmark-gfm <unfixed>
NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p
NOTE: https://github.com/github/cmark-gfm/commit/ece074cc3378f7a8dec0395f00123e9fa6981f7b (0.29.0.gfm.7)
- TODO: check other codebase, python-cmarkgfm, ghostwriter, ruby-commonmarker and r-cran-commonmark
+ TODO: check other codebase, python-cmarkgfm, ruby-commonmarker and r-cran-commonmark
CVE-2023-22485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm <unfixed>
NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr
- TODO: check other codebase, python-cmarkgfm, ghostwriter, ruby-commonmarker and r-cran-commonmark
+ TODO: check other codebase, python-cmarkgfm, ruby-commonmarker and r-cran-commonmark
CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm <unfixed>
NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r
- TODO: check other codebase, python-cmarkgfm, ghostwriter, ruby-commonmarker and r-cran-commonmark
+ TODO: check other codebase, python-cmarkgfm, ruby-commonmarker and r-cran-commonmark
CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm <unfixed>
NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c
- TODO: check other codebase, python-cmarkgfm, ghostwriter, ruby-commonmarker and r-cran-commonmark
+ TODO: check other codebase, python-cmarkgfm, ruby-commonmarker and r-cran-commonmark
CVE-2023-22482 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2023-22481 (FreshRSS is a self-hosted RSS feed aggregator. When using the greader ...)
@@ -38726,7 +38726,6 @@ CVE-2022-41882 (The Nextcloud Desktop Client is a tool to synchronize files from
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63
NOTE: https://github.com/nextcloud/desktop/pull/5039
NOTE: https://github.com/nextcloud/server/pull/34559
- TODO: check details, is owncloud-client similarly affected?
CVE-2022-41881 (Netty project is an event-driven asynchronous network application fram ...)
{DSA-5316-1 DLA-3268-1}
- netty 1:4.1.48-6 (bug #1027180)
@@ -91574,11 +91573,9 @@ CVE-2022-23462 (IOWOW is a C utility library and persistent key/value storage en
CVE-2022-23461 (Jodit Editor is a WYSIWYG editor written in pure TypeScript without th ...)
NOT-FOR-US: Jodit Editor
CVE-2022-23460 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...)
- TODO: check - numerous jsonxx repositories exist on github
- NOTE: https://github.com/advisories/GHSA-h8mv-q3c4-8hw2
+ NOT-FOR-US: github.com/hjiang/jsonxx/ (different from src:libjsoncpp)
CVE-2022-23459 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...)
- TODO: check - numerous jsonxx repositories exist on github
- NOTE: https://github.com/advisories/GHSA-8662-6hf9-cr47
+ NOT-FOR-US: github.com/hjiang/jsonxx/ (different from src:libjsoncpp)
CVE-2022-23458 (Toast UI Grid is a component to display and edit data. Versions prior ...)
NOT-FOR-US: Toast UI Grid
CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...)
@@ -114939,7 +114936,6 @@ CVE-2021-3800 (A flaw was found in glib before version 2.63.6. Due to random cha
- glib2.0 2.64.0-1
NOTE: https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a519959a5d9cb787404296322618a1 (2.63.6)
NOTE: https://www.openwall.com/lists/oss-security/2017/06/23/8
- TODO: check completeness
CVE-2021-40985 (A stack-based buffer under-read in htmldoc before 1.9.12, allows attac ...)
{DLA-2928-1}
- htmldoc 1.9.13-1 (unimportant)
@@ -126207,21 +126203,21 @@ CVE-2021-36541
CVE-2021-36540
RESERVED
CVE-2021-36539 (Instructure Canvas LMS didn't properly deny access to locked/unpublish ...)
- TODO: check
+ NOT-FOR-US: Instructure Canvas LMS
CVE-2021-36538 (Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1 ...)
- TODO: check
+ NOT-FOR-US: Gurock TestRail
CVE-2021-36537
RESERVED
CVE-2021-36536
RESERVED
CVE-2021-36535 (Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attack ...)
- TODO: check
+ NOT-FOR-US: Cesanta mJS
CVE-2021-36534
RESERVED
CVE-2021-36533
RESERVED
CVE-2021-36532 (Race condition vulnerability discovered in portfolioCMS 1.0 allows rem ...)
- TODO: check
+ NOT-FOR-US: portfolioCMS
CVE-2021-36531 (ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLI ...)
NOT-FOR-US: ngiflib
CVE-2021-36530 (ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NG ...)
@@ -126279,7 +126275,7 @@ CVE-2021-36505
CVE-2021-36504
RESERVED
CVE-2021-36503 (SQL injection vulnerability in native-php-cms 1.0 allows remote attack ...)
- TODO: check
+ NOT-FOR-US: native-php-cms
CVE-2021-36502
RESERVED
CVE-2021-36501
@@ -126317,7 +126313,7 @@ CVE-2021-36486
CVE-2021-36485
RESERVED
CVE-2021-36484 (SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run ...)
- TODO: check
+ NOT-FOR-US: JIZHICMS
CVE-2021-36483 (DevExpress.XtraReports.UI through v21.1 allows attackers to execute ar ...)
NOT-FOR-US: DevExpress.XtraReports.UI
CVE-2021-36482
@@ -126343,7 +126339,7 @@ CVE-2021-36473
CVE-2021-36472
RESERVED
CVE-2021-36471 (Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote atta ...)
- TODO: check
+ NOT-FOR-US: AdminLTE
CVE-2021-36470
RESERVED
CVE-2021-36469
@@ -126397,9 +126393,9 @@ CVE-2021-36446
CVE-2021-36445
RESERVED
CVE-2021-36444 (Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows re ...)
- TODO: check
+ NOT-FOR-US: imcat
CVE-2021-36443 (Cross Site Request Forgery vulnerability in imcat 5.4 allows remote at ...)
- TODO: check
+ NOT-FOR-US: imcat
CVE-2021-36442
RESERVED
CVE-2021-36441
@@ -126417,13 +126413,13 @@ CVE-2021-36436
CVE-2021-36435
RESERVED
CVE-2021-36434 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...)
- TODO: check
+ NOT-FOR-US: jocms
CVE-2021-36433 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...)
- TODO: check
+ NOT-FOR-US: jocms
CVE-2021-36432 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...)
- TODO: check
+ NOT-FOR-US: jocms
CVE-2021-36431 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...)
- TODO: check
+ NOT-FOR-US: jocms
CVE-2021-36430
RESERVED
CVE-2021-36429
@@ -126433,11 +126429,11 @@ CVE-2021-36428
CVE-2021-36427
RESERVED
CVE-2021-36426 (File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: phpwcms
CVE-2021-36425 (Directory traversal vulnerability in phpcms 1.9.25 allows remote attac ...)
- TODO: check
+ NOT-FOR-US: phpcms
CVE-2021-36424 (An issue discovered in phpwcms 1.9.25 allows remote attackers to run a ...)
- TODO: check
+ NOT-FOR-US: phpwcms
CVE-2021-36423
RESERVED
CVE-2021-36422
@@ -126914,11 +126910,11 @@ CVE-2021-36228
CVE-2021-36227
RESERVED
CVE-2021-36226 (Western Digital My Cloud devices before OS5 do not use cryptographical ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2021-36225 (Western Digital My Cloud devices before OS5 allow REST API access by l ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2021-36224 (Western Digital My Cloud devices before OS5 have a nobody account with ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2021-36223
RESERVED
CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) ...)
@@ -126977,7 +126973,7 @@ CVE-2021-36206 (All versions of CEVAS prior to 1.01.46 do not sufficiently valid
CVE-2021-36205 (Under certain circumstances the session token is not cleared on logout ...)
NOT-FOR-US: Johnson Controls
CVE-2021-36204 (Under some circumstances an Insufficiently Protected Credentials vulne ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2021-36203 (The affected product may allow an attacker to identify and forge reque ...)
NOT-FOR-US: Johnson Controls
CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls M ...)
@@ -127739,13 +127735,13 @@ CVE-2021-35956 (Stored cross-site scripting (XSS) in the embedded webserver of A
CVE-2021-35955 (Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML fi ...)
NOT-FOR-US: Contao CMS
CVE-2021-35954 (fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physic ...)
- TODO: check
+ NOT-FOR-US: fastrack Reflex
CVE-2021-35953 (fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remo ...)
- TODO: check
+ NOT-FOR-US: fastrack Reflex
CVE-2021-35952 (fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remo ...)
- TODO: check
+ NOT-FOR-US: fastrack Reflex
CVE-2021-35951 (fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows an Una ...)
- TODO: check
+ NOT-FOR-US: fastrack Reflex
CVE-2021-35950
RESERVED
CVE-2021-35949 (The shareinfo controller in the ownCloud Server before 10.8.0 allows a ...)
@@ -129095,7 +129091,7 @@ CVE-2021-35379
CVE-2021-35378
RESERVED
CVE-2021-35377 (Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v. ...)
- TODO: check
+ NOT-FOR-US: VICIdial
CVE-2021-35376
RESERVED
CVE-2021-35375
@@ -129109,9 +129105,9 @@ CVE-2021-35372
CVE-2021-35371
RESERVED
CVE-2021-35370 (An issue found in Peacexie Imcat v5.4 allows attackers to execute arbi ...)
- TODO: check
+ NOT-FOR-US: Peacexie Imcat
CVE-2021-35369 (Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed ...)
- TODO: check
+ NOT-FOR-US: Peacexie Imcat
CVE-2021-35368 (OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1 ...)
- modsecurity-crs 3.3.2-1 (bug #992000)
[bullseye] - modsecurity-crs 3.3.0-1+deb11u1
@@ -129282,7 +129278,7 @@ CVE-2021-35292
CVE-2021-35291
RESERVED
CVE-2021-35290 (File Upload vulnerability in balerocms-src 0.8.3 allows remote attacke ...)
- TODO: check
+ NOT-FOR-US: balerocms-src
CVE-2021-35289
RESERVED
CVE-2021-35288
@@ -129356,7 +129352,7 @@ CVE-2021-35263
CVE-2021-35262
RESERVED
CVE-2021-35261 (File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153 ...)
- TODO: check
+ NOT-FOR-US: Yupoxion BearAdmin
CVE-2021-35260
RESERVED
CVE-2021-35259
@@ -129386,7 +129382,7 @@ CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts ca
CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing characters ...)
NOT-FOR-US: SolarWinds
CVE-2021-35246 (The application fails to prevent users from connecting to it over unen ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can move, cre ...)
NOT-FOR-US: SolarWinds
CVE-2021-35244 (The "Log alert to a file" action within action management enables any ...)
@@ -131712,7 +131708,7 @@ CVE-2021-34251
CVE-2021-34250
REJECTED
CVE-2021-34249 (SQL injection vulnerability in sourcecodester online-book-store 1.0 al ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-34248
REJECTED
CVE-2021-34247
@@ -131876,13 +131872,13 @@ CVE-2021-34169
CVE-2021-34168
RESERVED
CVE-2021-34167 (Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows ...)
- TODO: check
+ NOT-FOR-US: taoCMS
CVE-2021-34166 (A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1. ...)
NOT-FOR-US: Sourcecodester
CVE-2021-34165 (A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1. ...)
NOT-FOR-US: Sourcecodester
CVE-2021-34164 (Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated at ...)
- TODO: check
+ NOT-FOR-US: LIZHIFAKA
CVE-2021-34163
RESERVED
CVE-2021-34162
@@ -131975,7 +131971,7 @@ CVE-2021-34127
CVE-2021-34126
RESERVED
CVE-2021-34125 (An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and ...)
- TODO: check
+ NOT-FOR-US: Yuneec Mantis
CVE-2021-34124
RESERVED
CVE-2021-34123
@@ -131991,7 +131987,7 @@ CVE-2021-34119
CVE-2021-34118
RESERVED
CVE-2021-34117 (SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in ...)
- TODO: check
+ NOT-FOR-US: SEO Panel
CVE-2021-34116
RESERVED
CVE-2021-34115
@@ -132264,7 +132260,7 @@ CVE-2021-33985
CVE-2021-33984
RESERVED
CVE-2021-33983 (Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local ...)
- TODO: check
+ NOT-FOR-US: Dvidelabs
CVE-2021-33982 (An insufficient session expiration vulnerability exists in the "Fish | ...)
NOT-FOR-US: "Fish | Hunt FL" iOS app
CVE-2021-33981 (An insecure, direct object vulnerability in hunting/fishing license re ...)
@@ -132315,7 +132311,7 @@ CVE-2021-33961 (A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-g
CVE-2021-33960
RESERVED
CVE-2021-33959 (Plex media server 1.21 and before is vulnerable to ddos reflection att ...)
- TODO: check
+ NOT-FOR-US: Plex
CVE-2021-33958
RESERVED
CVE-2021-33957
@@ -132333,11 +132329,11 @@ CVE-2021-33952
CVE-2021-33951
RESERVED
CVE-2021-33950 (An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensi ...)
- TODO: check
+ NOT-FOR-US: OpenKM
CVE-2021-33949 (An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary cod ...)
- TODO: check
+ NOT-FOR-US: FeMiner WMS
CVE-2021-33948 (SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows ...)
- TODO: check
+ NOT-FOR-US: FantasticLBP Hotels Server
CVE-2021-33947
RESERVED
CVE-2021-33946
@@ -132397,9 +132393,9 @@ CVE-2021-33928 (Buffer overflow vulnerability in function pool_installable in sr
CVE-2021-33927
RESERVED
CVE-2021-33926 (An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5. ...)
- TODO: check
+ NOT-FOR-US: Plone
CVE-2021-33925 (SQL Injection vulnerability in nitinparashar30 cms-corephp through com ...)
- TODO: check
+ NOT-FOR-US: nitinparashar30
CVE-2021-33924 (Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 i ...)
NOT-FOR-US: Confluent Ansible
CVE-2021-33923 (Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5 ...)
@@ -133198,14 +133194,13 @@ CVE-2021-33644 (An attacker who submits a crafted tar file with size in header s
CVE-2021-33643 (An attacker who submits a crafted tar file with size in header struct ...)
NOT-FOR-US: Huawei OpenEuler OS
CVE-2021-33642 (When a file is processed, an infinite loop occurs in next_inline() of ...)
- TODO: check
+ NOT-FOR-US: OpenEuler
CVE-2021-33641 (When processing files, malloc stores the data of the current line. Whe ...)
- TODO: check
+ NOT-FOR-US: OpenEuler
CVE-2021-33640 (After tar_close(), libtar.c releases the memory pointed to by pointer ...)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2143012
- TODO: check details, possibly Huawei OpenEuler OS specific as the related CVEs
+ NOT-FOR-US: OpenEuler
CVE-2021-33639 (REMAP cmd of SVM driver can be used to remap read only memory as read- ...)
- TODO: check
+ NOT-FOR-US: OpenEuler
CVE-2021-33638
RESERVED
CVE-2021-33637
@@ -133818,7 +133813,7 @@ CVE-2021-33422
CVE-2021-33421
RESERVED
CVE-2021-33420 (A deserialization issue discovered in inikulin replicator before 1.0.4 ...)
- TODO: check
+ NOT-FOR-US: inikulin replicator
CVE-2021-33419
RESERVED
CVE-2021-33418
@@ -133884,7 +133879,7 @@ CVE-2021-33389
CVE-2021-33388
RESERVED
CVE-2021-33387 (Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker t ...)
- TODO: check
+ NOT-FOR-US: MiniCMS
CVE-2021-33386
RESERVED
CVE-2021-33385
@@ -133984,11 +133979,11 @@ CVE-2021-33355
CVE-2021-33354 (Directory Traversal vulnerability in htmly before 2.8.1 allows remote ...)
NOT-FOR-US: htmly
CVE-2021-33353 (Directory Traversal vulnerability in Wyomind Help Desk Magento 2 exten ...)
- TODO: check
+ NOT-FOR-US: Wyomind Help Desk Magento
CVE-2021-33352 (An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before f ...)
- TODO: check
+ NOT-FOR-US: Wyomind Help Desk Magento
CVE-2021-33351 (Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 exte ...)
- TODO: check
+ NOT-FOR-US: Wyomind Help Desk Magento
CVE-2021-33350
RESERVED
CVE-2021-33349
@@ -134082,7 +134077,7 @@ CVE-2021-33306
CVE-2021-33305
RESERVED
CVE-2021-33304 (Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP- ...)
- TODO: check
+ NOT-FOR-US: picoTCP
CVE-2021-33303
RESERVED
CVE-2021-33302
@@ -134269,11 +134264,11 @@ CVE-2021-33228
CVE-2021-33227
RESERVED
CVE-2021-33226 (** DISPUTED ** Buffer Overflow vulnerability in Saltstack v.3003 and b ...)
- TODO: check
+ NOT-FOR-US: Disputed Salt issue
CVE-2021-33225
RESERVED
CVE-2021-33224 (File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthentica ...)
- TODO: check
+ NOT-FOR-US: Umbraco Forms
CVE-2021-33223
RESERVED
CVE-2021-33222
@@ -134637,7 +134632,7 @@ CVE-2021-33106 (Integer overflow in the Safestring library maintained by Intel(R
CVE-2021-33105 (Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM ...)
NOT-FOR-US: Intel
CVE-2021-33104 (Improper access control in the Intel(R) OFU software before version 14 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-33103 (Unintended intermediary in the BIOS authenticated code module for some ...)
NOT-FOR-US: Intel
CVE-2021-33102
@@ -135212,25 +135207,25 @@ CVE-2021-32862 (The GitHub Security Lab discovered sixteen ways to exploit a cro
CVE-2021-32861
REJECTED
CVE-2021-32860 (iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vu ...)
- TODO: check
+ NOT-FOR-US: jquery plugin
CVE-2021-32859 (The Baremetrics date range picker is a solution for selecting both dat ...)
- TODO: check
+ NOT-FOR-US: Baremetrics
CVE-2021-32858 (esdoc-publish-html-plugin is a plugin for the document maintenance sof ...)
- TODO: check
+ NOT-FOR-US: esdoc-publish-html-plugin
CVE-2021-32857 (Cockpit is a content management system that allows addition of content ...)
- TODO: check
+ NOT-FOR-US: Cockpit CMS (different from src:cockpit)
CVE-2021-32856 (Microweber is a drag and drop website builder and content management s ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2021-32855 (Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are ...)
- TODO: check
+ NOT-FOR-US: Vditor
CVE-2021-32854 (textAngular is a text editor for Angular.js. Version 1.5.16 and prior ...)
- TODO: check
+ NOT-FOR-US: textAngular
CVE-2021-32853 (Erxes, an experience operating system (XOS) with a set of plugins, is ...)
- TODO: check
+ NOT-FOR-US: Erxes
CVE-2021-32852 (Countly, a product analytics solution, is vulnerable to cross-site scr ...)
- TODO: check
+ NOT-FOR-US: Countly
CVE-2021-32851 (Mind-elixir is a free, open source mind map core. Prior to version 0.1 ...)
- TODO: check
+ NOT-FOR-US: Mind-elixir
CVE-2021-32850 (jQuery MiniColors is a color picker built on jQuery. Prior to version ...)
- jquery-minicolors <unfixed> (bug #1031791)
[bullseye] - jquery-minicolors <no-dsa> (Minor issue)
@@ -135240,17 +135235,17 @@ CVE-2021-32850 (jQuery MiniColors is a color picker built on jQuery. Prior to ve
CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to version ...)
NOT-FOR-US: Gerapy
CVE-2021-32848 (Octobox is software for managing GitHub notifications. Prior to pull r ...)
- TODO: check
+ NOT-FOR-US: Octobox
CVE-2021-32847 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
- TODO: check
+ NOT-FOR-US: HyperKit
CVE-2021-32846 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
- TODO: check
+ NOT-FOR-US: HyperKit
CVE-2021-32845 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
- TODO: check
+ NOT-FOR-US: HyperKit
CVE-2021-32844 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
- TODO: check
+ NOT-FOR-US: HyperKit
CVE-2021-32843 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...)
- TODO: check
+ NOT-FOR-US: HyperKit
CVE-2021-32842 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...)
- mono <not-affected> (Vulnerable code not yet uploaded)
NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
@@ -135297,7 +135292,7 @@ CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locat
CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...)
NOT-FOR-US: ZStack
CVE-2021-32828 (The Nuxeo Platform is an open source content management platform for b ...)
- TODO: check
+ NOT-FOR-US: Nuxeo
CVE-2021-32827 (MockServer is open source software which enables easy mocking of any s ...)
NOT-FOR-US: MockServer
CVE-2021-32826 (Proxyee-Down is open source proxy software. An attacker being able to ...)
@@ -135305,7 +135300,7 @@ CVE-2021-32826 (Proxyee-Down is open source proxy software. An attacker being ab
CVE-2021-32825 (bblfshd is an open source self-hosted server for source code parsing. ...)
NOT-FOR-US: bblfshd
CVE-2021-32824 (Apache Dubbo is a java based, open source RPC framework. Versions prio ...)
- TODO: check
+ NOT-FOR-US: Apache Dubbo
CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potential deni ...)
- ruby-bindata 2.4.14-1 (bug #990577)
[bullseye] - ruby-bindata <no-dsa> (Minor issue)
@@ -135723,7 +135718,7 @@ CVE-2021-32693 (Symfony is a PHP framework for web and console applications and
NOTE: Fixed by: https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728 (v5.3.2)
NOTE: https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one
CVE-2021-32692 (Activity Watch is a free and open-source automated time tracker. Versi ...)
- TODO: check
+ NOT-FOR-US: Activity Watch
CVE-2021-32691 (Apollos Apps is an open source platform for launching church-related a ...)
NOT-FOR-US: Apollo Apps
CVE-2021-32690 (Helm is a tool for managing Charts (packages of pre-configured Kuberne ...)
@@ -136388,7 +136383,7 @@ CVE-2021-32443
CVE-2021-32442
RESERVED
CVE-2021-32441 (SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 all ...)
- TODO: check
+ NOT-FOR-US: Exponent-CMS
CVE-2021-32440 (The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to ca ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
@@ -136707,7 +136702,7 @@ CVE-2021-32304
CVE-2021-32303
RESERVED
CVE-2021-32302 (Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router ...)
- TODO: check
+ NOT-FOR-US: IRZ Electronics
CVE-2021-32301
RESERVED
CVE-2021-32300
@@ -137035,7 +137030,7 @@ CVE-2021-32165
CVE-2021-32164
RESERVED
CVE-2021-32163 (Authentication vulnerability in MOSN v.0.23.0 allows attacker to escal ...)
- TODO: check
+ NOT-FOR-US: MOSN
CVE-2021-32162 (A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.9 ...)
- webmin <removed>
CVE-2021-32161 (A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 thro ...)
@@ -138778,17 +138773,17 @@ CVE-2021-31580 (The restricted shell provided by Akkadian Provisioning Manager E
CVE-2021-31579 (Akkadian Provisioning Manager Engine (PME) ships with a hard-coded cre ...)
NOT-FOR-US: Akkadian Provisioning Manager Engine (PME)
CVE-2021-31578 (In Boa, there is a possible escalation of privilege due to a stack buf ...)
- TODO: check
+ NOT-FOR-US: Boa as provided by MediaTek
CVE-2021-31577 (In Boa, there is a possible escalation of privilege due to a missing p ...)
- TODO: check
+ NOT-FOR-US: Boa as provided by MediaTek
CVE-2021-31576 (In Boa, there is a possible information disclosure due to a missing pe ...)
- TODO: check
+ NOT-FOR-US: Boa as provided by MediaTek
CVE-2021-31575 (In Config Manager, there is a possible command injection due to improp ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2021-31574 (In Config Manager, there is a possible command injection due to improp ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2021-31573 (In Config Manager, there is a possible command injection due to improp ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2021-3512 (Improper access control vulnerability in Buffalo broadband routers (BH ...)
NOT-FOR-US: Buffalo
CVE-2021-3511 (Disclosure of sensitive information to an unauthorized user vulnerabil ...)
@@ -144764,7 +144759,7 @@ CVE-2021-29370 (A UXSS was discovered in the Thanos-Soft Cheetah Browser in Andr
CVE-2021-29369 (The gnuplot package prior to version 0.1.0 for Node.js allows code exe ...)
NOT-FOR-US: Node gnuplot
CVE-2021-29368 (Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924c ...)
- TODO: check
+ NOT-FOR-US: CuppaCMS
CVE-2021-29367 (A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows ...)
NOT-FOR-US: IrfanView
CVE-2021-29366 (A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irf ...)
@@ -146897,7 +146892,7 @@ CVE-2021-28512
CVE-2021-28511 (This advisory documents the impact of an internally found vulnerabilit ...)
NOT-FOR-US: Arista
CVE-2021-28510 (For certain systems running EOS, a Precision Time Protocol (PTP) packe ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28509 (This advisory documents the impact of an internally found vulnerabilit ...)
NOT-FOR-US: Arista
CVE-2021-28508 (This advisory documents the impact of an internally found vulnerabilit ...)
@@ -147532,7 +147527,7 @@ CVE-2021-3441 (A potential security vulnerability has been identified for the HP
CVE-2021-3440 (HP Print and Scan Doctor, an application within the HP Smart App for W ...)
NOT-FOR-US: HP
CVE-2021-3439 (HP has identified a potential vulnerability in BIOS firmware of some W ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...)
NOT-FOR-US: HP LaserJet products and Samsung product printers
CVE-2021-3437 (Potential security vulnerabilities have been identified in an OMEN Gam ...)
@@ -148743,7 +148738,7 @@ CVE-2021-27784 (The provided HCL Launch Container images contain non-unique HTTP
CVE-2021-27783 (User generated PPKG file for Bulk Enroll may have unencrypted sensitiv ...)
NOT-FOR-US: HCL
CVE-2021-27782 (HCL BigFix Mobile / Modern Client Management Admin and Config UI passw ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2021-27781 (The Master operator may be able to embed script tag in HTML with alert ...)
NOT-FOR-US: HCL
CVE-2021-27780 (The software may be vulnerable to both Un-Auth XML interaction and una ...)
@@ -151428,11 +151423,11 @@ CVE-2021-26646
CVE-2021-26645
RESERVED
CVE-2021-26644 (SQL-Injection vulnerability caused by the lack of verification of inpu ...)
- TODO: check
+ NOT-FOR-US: Hometory
CVE-2021-26643
RESERVED
CVE-2021-26642 (When uploading an image file to a bulletin board developed with Xpress ...)
- TODO: check
+ NOT-FOR-US: XEHub
CVE-2021-26641
RESERVED
CVE-2021-26640
@@ -152014,21 +152009,21 @@ CVE-2021-26411 (Internet Explorer Memory Corruption Vulnerability ...)
CVE-2021-26410
RESERVED
CVE-2021-26409 (Insufficient bounds checking in SEV-ES may allow an attacker to corrup ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26408 (Insufficient validation of elliptic curve points in SEV-legacy firmwar ...)
NOT-FOR-US: AMD
CVE-2021-26407 (A randomly generated Initialization Vector (IV) may lead to a collisio ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26406
RESERVED
CVE-2021-26405
REJECTED
CVE-2021-26404 (Improper input validation and bounds checking in SEV firmware may leak ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26403 (Insufficient checks in SEV may lead to a malicious hypervisor disclosi ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26402 (Insufficient bounds checking in ASP (AMD Secure Processor) firmware wh ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26401 (LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-57 ...)
- linux 5.16.12-1
[bullseye] - linux 5.10.103-1
@@ -152041,11 +152036,11 @@ CVE-2021-26400 (AMD processors may speculatively re-order load instructions whic
CVE-2021-26399
REJECTED
CVE-2021-26398 (Insufficient input validation in SYS_KEY_DERIVE system call in a compr ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26397
RESERVED
CVE-2021-26396 (Insufficient validation of address mapping to IO in ASP (AMD Secure Pr ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26395
RESERVED
CVE-2021-26394
@@ -152127,7 +152122,7 @@ CVE-2021-26357
CVE-2021-26356
RESERVED
CVE-2021-26355 (Insufficient fencing and checks in System Management Unit (SMU) may re ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26354
RESERVED
CVE-2021-26353 (Failure to validate inputs in SMM may allow an attacker to create a mi ...)
@@ -152152,7 +152147,7 @@ CVE-2021-26345
CVE-2021-26344
RESERVED
CVE-2021-26343 (Insufficient validation in ASP BIOS and DRTM commands may allow malici ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26342 (In SEV guest VMs, the CPU may fail to flush the Translation Lookaside ...)
NOT-FOR-US: AMD
CVE-2021-26341 (Some AMD CPUs may transiently execute beyond unconditional direct bran ...)
@@ -152185,7 +152180,7 @@ CVE-2021-26330 (AMD System Management Unit (SMU) may experience a heap-based ove
CVE-2021-26329 (AMD System Management Unit (SMU) may experience an integer overflow wh ...)
NOT-FOR-US: AMD
CVE-2021-26328 (Failure to verify the mode of CPU execution at the time of SNP_INIT ma ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26327 (Insufficient validation of guest context in the SNP Firmware could lea ...)
NOT-FOR-US: AMD
CVE-2021-26326 (Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss o ...)
@@ -152325,7 +152320,7 @@ CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrar
CVE-2021-3330 (RCE/DOS: Linked-list corruption leading to large out-of-bounds write w ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2021-3329 (Lack of proper validation in HCI Host stack initialization can cause a ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2021-3328 (An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.1 ...)
NOT-FOR-US: Aprelium Abyss Web Server
CVE-2021-3327 (Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_t ...)
@@ -152372,7 +152367,7 @@ CVE-2021-26279
CVE-2021-26278
RESERVED
CVE-2021-26277 (The framework service handles pendingIntent incorrectly, allowing a ma ...)
- TODO: check
+ NOT-FOR-US: Vivo
CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka C ...)
NOT-FOR-US: GoDaddy node-config-shield
CVE-2021-26275 (** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 ...)
@@ -152511,7 +152506,7 @@ CVE-2021-26267 (cPanel before 92.0.9 allows a MySQL user (who has an old-style p
CVE-2021-26266 (cPanel before 92.0.9 allows a Reseller to bypass the suspension lock ( ...)
NOT-FOR-US: cPanel
CVE-2021-26246 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2021-26245
RESERVED
CVE-2021-26244
@@ -152802,15 +152797,15 @@ CVE-2021-26125
CVE-2021-26124
RESERVED
CVE-2021-23232 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2021-23230 (A SQL Injection vulnerability in the OPCUA interface of Gallagher Comm ...)
NOT-FOR-US: Gallagher Command Centre Server
CVE-2021-23224 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2021-23220 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2021-23212 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2021-23211 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...)
NOT-FOR-US: Gallagher Command Centre Server
CVE-2021-23205 (Improper Encoding or Escaping in Gallagher Command Centre Server allow ...)
@@ -152818,13 +152813,13 @@ CVE-2021-23205 (Improper Encoding or Escaping in Gallagher Command Centre Server
CVE-2021-23204 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: Gallagher Command Centre Server
CVE-2021-23199 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2021-23197 (Unquoted service path vulnerability in the Gallagher Controller Servic ...)
NOT-FOR-US: Gallagher Controller Service
CVE-2021-23193 (Improper privilege validation vulnerability in COM Interface of Gallag ...)
NOT-FOR-US: Gallagher Command Centre Server
CVE-2021-23185 (This candidate was in a CNA pool that was not assigned to any issues d ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2021-23182 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...)
NOT-FOR-US: Gallagher Command Centre Server
CVE-2021-23167 (Improper certificate validation vulnerability in SMTP Client allows ma ...)
@@ -154986,7 +154981,7 @@ CVE-2020-36192 (An issue was discovered in the Source Integration plugin before
CVE-2021-3173
RESERVED
CVE-2021-3172 (An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2021-3171
RESERVED
CVE-2021-3170
@@ -160781,7 +160776,7 @@ CVE-2021-22788 (A CWE-787: Out-of-bounds Write vulnerability exists that could c
CVE-2021-22787 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22786 (A CWE-200: Information Exposure vulnerability exists that could cause ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22785 (A CWE-200: Information Exposure vulnerability exists that could cause ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22784 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
@@ -161985,7 +161980,7 @@ CVE-2021-22285 (Improper Handling of Exceptional Conditions, Improper Check for
CVE-2021-22284 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
NOT-FOR-US: ABB
CVE-2021-22283 (Improper Initialization vulnerability in ABB Relion protection relays ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2021-22282
RESERVED
CVE-2021-22281
@@ -165527,7 +165522,7 @@ CVE-2021-21397
CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure collaboratio ...)
NOT-FOR-US: wire-server
CVE-2021-21395 (Magneto LTS (Long Term Support) is a community developed alternative t ...)
- TODO: check
+ NOT-FOR-US: Magneto
CVE-2021-21394 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
- matrix-synapse 1.28.0-1
NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362
@@ -169705,7 +169700,7 @@ CVE-2020-35474 (In MediaWiki before 1.35.1, the combination of Html::rawElement
NOTE: https://phabricator.wikimedia.org/T268894
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
CVE-2020-35473 (An information leakage vulnerability in the Bluetooth Low Energy adver ...)
- TODO: check
+ NOT-FOR-US: Bluetooth protocol
CVE-2020-35472
RESERVED
CVE-2020-35471 (Envoy before 1.16.1 mishandles dropped and truncated datagrams, as dem ...)
@@ -170021,7 +170016,7 @@ CVE-2020-35328 (Courier Management System 1.0 - 'First Name' Stored XSS ...)
CVE-2020-35327 (SQL injection vulnerability was discovered in Courier Management Syste ...)
NOT-FOR-US: Courier Management System
CVE-2020-35326 (SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/ ...)
- TODO: check
+ NOT-FOR-US: inxedu
CVE-2020-35325
RESERVED
CVE-2020-35324
@@ -170408,7 +170403,7 @@ CVE-2020-35139
CVE-2020-35138 (** DISPUTED ** The MobileIron agents through 2021-03-22 for Android an ...)
NOT-FOR-US: MobileIron
CVE-2020-35137 (** DISPUTED ** The MobileIron agents through 2021-03-22 for Android an ...)
- TODO: check
+ NOT-FOR-US: MobileIron
CVE-2020-35136 (Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. ...)
- dolibarr <removed>
CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress allows ...)
@@ -173340,7 +173335,7 @@ CVE-2020-29299 (Certain Zyxel products allow command injection by an admin via a
CVE-2020-29298
RESERVED
CVE-2020-29297 (Multiple SQL Injection vulnerabilies in tourist5 Online-food-ordering- ...)
- TODO: check
+ NOT-FOR-US: tourist5
CVE-2020-29296
RESERVED
CVE-2020-29295
@@ -173601,7 +173596,7 @@ CVE-2020-29170
CVE-2020-29169
RESERVED
CVE-2020-29168 (SQL Injection vulnerability in Projectworlds Online Doctor Appointment ...)
- TODO: check
+ NOT-FOR-US: Projectworlds Online Doctor Appointment
CVE-2020-29167
RESERVED
CVE-2020-29166 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by fil ...)
@@ -178787,7 +178782,7 @@ CVE-2020-28193
CVE-2020-28192
RESERVED
CVE-2020-28191 (The console in Togglz before 2.9.4 allows CSRF. ...)
- TODO: check
+ NOT-FOR-US: Togglz
CVE-2020-28190 (TerraMaster TOS <= 4.2.06 was found to check for updates (of both s ...)
NOT-FOR-US: TerraMaster TOS
CVE-2020-28189
@@ -180506,7 +180501,7 @@ CVE-2021-0189 (Use of out-of-range pointer offset in the BIOS firmware for some
CVE-2021-0188 (Return of pointer value outside of expected range in the BIOS firmware ...)
NOT-FOR-US: Intel
CVE-2021-0187 (Improper access control in the BIOS firmware for some Intel(R) Process ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0186 (Improper input validation in the Intel(R) SGX SDK applications compile ...)
NOT-FOR-US: Intel
CVE-2021-0185 (Improper input validation in the firmware for some Intel(R) Server Boa ...)
@@ -184110,7 +184105,7 @@ CVE-2020-26304
CVE-2020-26303
RESERVED
CVE-2020-26302 (is.js is a general-purpose check library. Versions 0.9.0 and prior con ...)
- TODO: check
+ NOT-FOR-US: is.js
CVE-2020-26301 (ssh2 is client and server modules written in pure JavaScript for node. ...)
NOT-FOR-US: Node ssh2
CVE-2020-26300 (systeminformation is an npm package that provides system and OS inform ...)
@@ -186307,7 +186302,7 @@ CVE-2020-25504
CVE-2020-25503
RESERVED
CVE-2020-25502 (Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.34 ...)
- TODO: check
+ NOT-FOR-US: Cybereason EDR
CVE-2020-25501
RESERVED
CVE-2020-25500
@@ -187804,7 +187799,7 @@ CVE-2020-24857
CVE-2020-24856
RESERVED
CVE-2020-24855 (Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allo ...)
- TODO: check
+ NOT-FOR-US: easywebpack-cli
CVE-2020-24854
RESERVED
CVE-2020-24853
@@ -188306,13 +188301,13 @@ CVE-2020-24647 (A remote accessmgrservlet classname input validation code execut
CVE-2020-24646 (A tftpserver stack-based buffer overflow remote code execution vulnera ...)
NOT-FOR-US: HPE Intelligent Management Center (iMC)
CVE-2020-24645 (CVE was unused by HPE. ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2020-24644 (CVE was unused by HPE. ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2020-24643 (CVE was unused by HPE. ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2020-24642 (CVE was unused by HPE. ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2020-24641 (In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Fo ...)
NOT-FOR-US: Aruba
CVE-2020-24640 (There is a vulnerability caused by insufficient input validation that ...)
@@ -188401,7 +188396,7 @@ CVE-2020-24602 (Ignite Realtime Openfire 4.5.1 has a reflected Cross-site script
CVE-2020-24601 (In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability al ...)
NOT-FOR-US: Ignite Realtime Openfire
CVE-2020-24600 (Shilpi CAPExWeb 1.1 allows SQL injection via a servlet/capexweb.cap_se ...)
- TODO: check
+ NOT-FOR-US: Shilpi CAPExWeb
CVE-2020-24599 (An issue was discovered in Joomla! before 3.9.21. Lack of escaping in ...)
NOT-FOR-US: Joomla!
CVE-2020-24598 (An issue was discovered in Joomla! before 3.9.21. Lack of input valida ...)
@@ -189152,7 +189147,7 @@ CVE-2020-24309
CVE-2020-24308
RESERVED
CVE-2020-24307 (** DISPUTED ** An issue in mRemoteNG v1.76.20 allows attackers to esca ...)
- TODO: check
+ NOT-FOR-US: mRemoteNG
CVE-2020-24306
RESERVED
CVE-2020-24305
@@ -191401,7 +191396,7 @@ CVE-2020-23258
CVE-2020-23257
RESERVED
CVE-2020-23256 (An issue was discovered in Electerm 1.3.22, allows attackers to execut ...)
- TODO: check
+ NOT-FOR-US: Electerm
CVE-2020-23255
REJECTED
CVE-2020-23254
@@ -192637,25 +192632,23 @@ CVE-2020-22664
CVE-2020-22663
RESERVED
CVE-2020-22662 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
- TODO: check
-CVE-2020-22661 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2020-22660 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2020-22659 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2020-22658 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2020-22657 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2020-22656 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2020-22655 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2020-22654 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2020-22653 (In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2020-22652
RESERVED
CVE-2020-22651
@@ -193325,7 +193318,7 @@ CVE-2020-22329
CVE-2020-22328
RESERVED
CVE-2020-22327 (An issue was discovered in HFish 0.5.1. When a payload is inserted whe ...)
- TODO: check
+ NOT-FOR-US: HFish
CVE-2020-22326
RESERVED
CVE-2020-22325
@@ -194106,7 +194099,7 @@ CVE-2020-22009
CVE-2020-22008
RESERVED
CVE-2020-22007 (OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, a ...)
- TODO: check
+ NOT-FOR-US: OKER
CVE-2020-22006
RESERVED
CVE-2020-22005
@@ -195962,7 +195955,7 @@ CVE-2020-21154
CVE-2020-21153
RESERVED
CVE-2020-21152 (SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execut ...)
- TODO: check
+ NOT-FOR-US: inxedu
CVE-2020-21151
RESERVED
CVE-2020-21150
@@ -196026,9 +196019,9 @@ CVE-2020-21122 (UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in
CVE-2020-21121 (Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via ...)
NOT-FOR-US: Pligg CMS
CVE-2020-21120 (SQL Injection vulnerability in file home\controls\cart.class.php in UQ ...)
- TODO: check
+ NOT-FOR-US: UQCMS
CVE-2020-21119 (SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_ ...)
- TODO: check
+ NOT-FOR-US: Kliqqi-CMS
CVE-2020-21118
RESERVED
CVE-2020-21117
@@ -197551,7 +197544,7 @@ CVE-2020-20404
CVE-2020-20403
RESERVED
CVE-2020-20402 (Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password ...)
- TODO: check
+ NOT-FOR-US: portfolioCMS
CVE-2020-20401
RESERVED
CVE-2020-20400
@@ -198716,7 +198709,7 @@ CVE-2020-19827
CVE-2020-19826
RESERVED
CVE-2020-19825 (Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 i ...)
- TODO: check
+ NOT-FOR-US: kevinpapst kimai2
CVE-2020-19824 (An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute ar ...)
TODO: check
CVE-2020-19823
@@ -201864,11 +201857,11 @@ CVE-2020-18333
CVE-2020-18332
RESERVED
CVE-2020-18331 (Directory traversal vulnerability in ChinaMobile PLC Wireless Router m ...)
- TODO: check
+ NOT-FOR-US: ChinaMobile
CVE-2020-18330 (An issue was discovered in the default configuration of ChinaMobile PL ...)
- TODO: check
+ NOT-FOR-US: ChinaMobile
CVE-2020-18329 (An issue was discovered in Rehau devices that use a pCOWeb card BIOS v ...)
- TODO: check
+ NOT-FOR-US: Rehau
CVE-2020-18328
RESERVED
CVE-2020-18327 (Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco C ...)
@@ -207889,7 +207882,7 @@ CVE-2020-15680 (If a valid external protocol handler was referenced in an image
- firefox 82.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15680
CVE-2020-15679 (An OAuth session fixation vulnerability existed in the VPN login flow, ...)
- TODO: check
+ NOT-FOR-US: Mozilla VPN
CVE-2020-15678 (When recursing through graphical layers while scrolling, an iterator m ...)
{DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1}
- firefox 81.0-1
@@ -217788,11 +217781,11 @@ CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post conten
CVE-2020-12070 (The Advanced Woo Search plugin version through 1.99 for Wordpress suff ...)
NOT-FOR-US: Advanced Woo Search plugin for WordPress
CVE-2020-12069 (In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Devel ...)
- TODO: check
+ NOT-FOR-US: Pilz PMC programming tool
CVE-2020-12068 (An issue was discovered in CODESYS Development System before 3.5.16.0. ...)
NOT-FOR-US: CODESYS
CVE-2020-12067 (In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Devel ...)
- TODO: check
+ NOT-FOR-US: Pilz PMC programming tool
CVE-2020-12066 (CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before ...)
{DSA-4763-1}
- teeworlds 0.7.5-1
@@ -221358,7 +221351,7 @@ CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the co
NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/1
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850 (v5.0.0-rc1)
CVE-2020-11101 (Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles ...)
- TODO: check
+ NOT-FOR-US: Sierra Wireless AirLink Mobility Manager
CVE-2020-11100 (In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 ...)
{DSA-4649-1}
- haproxy 2.0.13-2
@@ -225008,7 +225001,7 @@ CVE-2020-9848 (An authorization issue was addressed with improved state manageme
CVE-2020-9847 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2020-9846 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9845
RESERVED
CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...)
@@ -231783,7 +231776,7 @@ CVE-2020-7120 (A local authenticated buffer overflow vulnerability was discovere
CVE-2020-7119 (A vulnerability exists in the Aruba Analytics and Location Engine (ALE ...)
NOT-FOR-US: Aruba
CVE-2020-7118 (CVE was unused by HPE. ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2020-7117 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
NOT-FOR-US: ClearPass Policy Manager WebUI
CVE-2020-7116 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
@@ -231795,7 +231788,7 @@ CVE-2020-7114 (A vulnerability exists allowing attackers, when present in the sa
CVE-2020-7113 (A vulnerability was found when an attacker, while communicating with t ...)
NOT-FOR-US: ClearPass
CVE-2020-7112 (CVE was unused by HPE. ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2020-7111 (A server side injection vulnerability exists which could allow an auth ...)
NOT-FOR-US: ClearPass
CVE-2020-7110 (ClearPass is vulnerable to Stored Cross Site Scripting by allowing a m ...)
@@ -253919,7 +253912,7 @@ CVE-2019-18179 (An issue was discovered in Open Ticket Request System (OTRS) 7.0
CVE-2019-18178 (Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The fun ...)
NOT-FOR-US: FreeRTOS+FAT
CVE-2019-18177 (In certain Citrix products, information disclosure can be achieved by ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2019-18176
RESERVED
CVE-2019-18175
@@ -256917,7 +256910,7 @@ CVE-2019-17005 (The plain text serializer used a fixed-size array for the number
CVE-2019-17004
RESERVED
CVE-2019-17003 (Scanning a QR code that contained a javascript: URL would have resulte ...)
- TODO: check
+ NOT-FOR-US: Mozilla Firefox for iOS
CVE-2019-17002 (If upgrade-insecure-requests was specified in the Content Security Pol ...)
- firefox 70.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17002
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03bae39b5e1c2cf959005292de52c30dc5b24f50
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03bae39b5e1c2cf959005292de52c30dc5b24f50
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230310/991c0b93/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list