Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c1c9978d by Salvatore Bonaccorso at 2021-03-15T21:29:00+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1219,13 +1219,13 @@ CVE-2021-27951
CVE-2021-27950
RESERVED
CVE-2021-27949 (Cross-site Scripting vulnerability in MyBB before 1.8.26 via
Custom mo ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2021-27948 (SQL Injection vulnerability in MyBB before 1.8.26 via User
Groups. (is ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2021-27947 (SQL Injection vulnerability in MyBB before 1.8.26 via the Copy
Forum f ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2021-27946 (SQL Injection vulnerability in MyBB before 1.8.26 via poll
vote count. ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2021-27945
RESERVED
CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through
5.11.3, as u ...)
@@ -1380,15 +1380,15 @@ CVE-2021-27895
CVE-2021-27894
RESERVED
CVE-2021-27893 (SSH Tectia Client and Server before 6.4.19 on Windows allow
local priv ...)
- TODO: check
+ NOT-FOR-US: SSH Tectia Client and Server
CVE-2021-27892 (SSH Tectia Client and Server before 6.4.19 on Windows allow
local priv ...)
- TODO: check
+ NOT-FOR-US: SSH Tectia Client and Server
CVE-2021-27891 (SSH Tectia Client and Server before 6.4.19 on Windows have
weak key ge ...)
- TODO: check
+ NOT-FOR-US: SSH Tectia Client and Server
CVE-2021-27890 (SQL Injection vulnerablity in MyBB before 1.8.26 via theme
properties ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2021-27889 (Cross-site Scriptiong (XSS) vulnerability in MyBB before
1.8.26 via Ne ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2021-27888 (ZendTo before 6.06-4 Beta allows XSS during the display of a
drop-off ...)
NOT-FOR-US: ZendTo
CVE-2021-27887
@@ -1702,7 +1702,7 @@ CVE-2021-27738
CVE-2021-27737
RESERVED
CVE-2020-35358 (DomainMOD domainmod-v4.15.0 is affected by an insufficient
session exp ...)
- TODO: check
+ NOT-FOR-US: DomainMOD
CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in
wpa_supplicant b ...)
{DLA-2581-1}
- wpa 2:2.9.0-21
@@ -1801,7 +1801,7 @@ CVE-2021-27697
CVE-2021-27696
RESERVED
CVE-2021-27695 (Multiple stored cross-site scripting (XSS) vulnerabilities in
openMAIN ...)
- TODO: check
+ NOT-FOR-US: openMAINT
CVE-2021-27694
RESERVED
CVE-2021-27693
@@ -2855,7 +2855,7 @@ CVE-2021-27210 (TP-Link Archer C5v 1.7_181221 devices
allows remote attackers to
CVE-2021-27209 (In the management interface on TP-Link Archer C5v 1.7_181221
devices, ...)
NOT-FOR-US: TP-Link
CVE-2021-27208 (When booting a Zync-7000 SOC device from nand flash memory,
the nand d ...)
- TODO: check
+ NOT-FOR-US: Zync-7000 SOC device
CVE-2021-27207
RESERVED
CVE-2021-27206
@@ -6736,7 +6736,7 @@ CVE-2021-25674 (A vulnerability has been identified in
SIMATIC S7-PLCSIM V5.4 (A
CVE-2021-25673 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4
(All ver ...)
TODO: check
CVE-2021-25672 (A vulnerability has been identified in Mendix Forgot Password
Appstore ...)
- TODO: check
+ NOT-FOR-US: Mendix Forgot Password Appstore module
CVE-2021-25671
RESERVED
CVE-2021-25670
@@ -7581,7 +7581,7 @@ CVE-2021-3169
CVE-2021-3168
RESERVED
CVE-2021-3167 (In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication
tokens ar ...)
- TODO: check
+ NOT-FOR-US: Cloudera Data Engineering (CDE)
CVE-2021-3166 (An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805
devices. An at ...)
NOT-FOR-US: ASUS devices
CVE-2021-3165 (SmartAgent 3.1.0 allows a ViewOnly attacker to create a
SuperUser acco ...)
@@ -10669,7 +10669,7 @@ CVE-2021-23881 (A stored cross site scripting
vulnerability in ePO extension of
CVE-2021-23880 (Improper Access Control in attribute in McAfee Endpoint
Security (ENS) ...)
NOT-FOR-US: McAfee
CVE-2021-23879 (Unquoted service path vulnerability in McAfee Endpoint Product
Removal ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23878 (Clear text storage of sensitive Information in memory
vulnerability in ...)
NOT-FOR-US: McAfee
CVE-2021-23877
@@ -23620,13 +23620,13 @@ CVE-2020-29558
CVE-2020-29557 (An issue was discovered on D-Link DIR-825 R1 devices through
3.0.1 bef ...)
NOT-FOR-US: D-Link
CVE-2020-29556 (The Backup functionality in Grav CMS through 1.7.0-rc.17
allows an aut ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2020-29555 (The BackupDelete functionality in Grav CMS through 1.7.0-rc.17
allows ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2020-29554
RESERVED
CVE-2020-29553 (The Scheduler in Grav CMS through 1.7.0-rc.17 allows an
attacker to ex ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2020-29552 (An issue was discovered in URVE Build 24.03.2020. By using the
_intern ...)
NOT-FOR-US: URVE
CVE-2020-29551 (An issue was discovered in URVE Build 24.03.2020. Using the
_internal/ ...)
@@ -29721,7 +29721,7 @@ CVE-2020-28151
CVE-2020-28150 (I-Net Software Clear Reports 20.10.136 web application accepts
a user- ...)
NOT-FOR-US: I-Net Software Clear Reports
CVE-2020-28149 (myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS).
The impac ...)
- TODO: check
+ NOT-FOR-US: myDBR
CVE-2020-28148
RESERVED
CVE-2020-28147
@@ -38215,7 +38215,7 @@ CVE-2020-24879
CVE-2020-24878
RESERVED
CVE-2020-24877 (A SQL injection vulnerability in zzzphp v1.8.0 through
/form/index.php ...)
- TODO: check
+ NOT-FOR-US: zzzphp
CVE-2020-24876 (Use of a hard-coded cryptographic key in Pancake versions <
4.13.29 ...)
NOT-FOR-US: Pancake
CVE-2020-24875
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1c9978de60e399d860d1d5c2c1ee839e07c6a2d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1c9978de60e399d860d1d5c2c1ee839e07c6a2d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
