Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
38bf60c7 by Salvatore Bonaccorso at 2021-03-07T09:19:35+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1002,7 +1002,7 @@ CVE-2021-27583 (** UNSUPPORTED WHEN ASSIGNED ** In
Directus 8.x through 8.8.1, a
CVE-2021-27582 (org/mitre/oauth2/web/OAuthConfirmationController.java in the
OpenID Co ...)
NOT-FOR-US: OpenID Connect server implementation for MITREid Connect
CVE-2021-27581 (The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows
SQL inject ...)
- TODO: check
+ NOT-FOR-US: Kentico CMS
CVE-2021-27580
RESERVED
CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on Windows uses CPUID to
report on ...)
@@ -1702,13 +1702,13 @@ CVE-2021-27259
CVE-2021-27258
RESERVED
CVE-2021-27257 (This vulnerability allows network-adjacent attackers to
compromise the ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-27256 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-27255 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-27254 (This vulnerability allows network-adjacent attackers to bypass
authent ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-27253
RESERVED
CVE-2021-27252
@@ -2062,9 +2062,9 @@ CVE-2021-27101 (Accellion FTA 9_12_370 and earlier is
affected by SQL injection
CVE-2021-27100
RESERVED
CVE-2021-27099 (In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and
0.12.1, the ...)
- TODO: check
+ NOT-FOR-US: SPIRE (SPIFFE Runtime Environment)
CVE-2021-27098 (In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4,
0.10.2, 0.11.3 ...)
- TODO: check
+ NOT-FOR-US: SPIRE (SPIFFE Runtime Environment)
CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a
modified ...)
- u-boot <unfixed> (bug #983270)
[buster] - u-boot <no-dsa> (Minor issue)
@@ -2731,7 +2731,7 @@ CVE-2021-26816
CVE-2021-26815
RESERVED
CVE-2021-26814 (Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated
users to e ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2021-26813 (markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a
regular expr ...)
- python-markdown2 <unfixed> (bug #984668)
[buster] - python-markdown2 <no-dsa> (Minor issue)
@@ -6357,13 +6357,13 @@ CVE-2021-25345 (Graphic format mismatch while
converting video format in hwcompo
CVE-2021-25344 (Missing permission check in knox_custom service prior to SMR
Mar-2021 ...)
TODO: check
CVE-2021-25343 (Calling of non-existent provider in Samsung Members prior to
version 2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25342 (Calling of non-existent provider in SMP sdk prior to version
3.0.9 all ...)
TODO: check
CVE-2021-25341 (Calling of non-existent provider in S Assistant prior to
version 6.5.0 ...)
TODO: check
CVE-2021-25340 (Improper access control vulnerability in Samsung keyboard
version prio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25339 (Improper address validation in HArx in Samsung mobile devices
prior to ...)
NOT-FOR-US: Samsung mobile devices
CVE-2021-25338 (Improper memory access control in RKP in Samsung mobile
devices prior ...)
@@ -20243,7 +20243,7 @@ CVE-2020-35298
CVE-2020-35297
RESERVED
CVE-2020-35296 (ThinkAdmin v6 has default administrator credentials, which
allows atta ...)
- TODO: check
+ NOT-FOR-US: ThinkAdmin
CVE-2020-35295
RESERVED
CVE-2020-35294
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38bf60c77f89703396a32881fde4c4a73a333fdf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38bf60c77f89703396a32881fde4c4a73a333fdf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
