Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0dafbee6 by Salvatore Bonaccorso at 2021-03-26T09:39:12+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -343,17 +343,17 @@ CVE-2021-29100
CVE-2021-29099
RESERVED
CVE-2021-29098 (Multiple uninitialized pointer vulnerabilities when parsing a
speciall ...)
- TODO: check
+ NOT-FOR-US: Esri (various ArcGIS products)
CVE-2021-29097 (Multiple buffer overflow vulnerabilities when parsing a
specially craf ...)
- TODO: check
+ NOT-FOR-US: Esri (various ArcGIS products)
CVE-2021-29096 (A use-after-free vulnerability when parsing a specially
crafted file i ...)
NOT-FOR-US: Esri (various ArcGIS products)
CVE-2021-29095 (Multiple uninitialized pointer vulnerabilities when parsing a
speciall ...)
- TODO: check
+ NOT-FOR-US: Esri (various ArcGIS products)
CVE-2021-29094 (Multiple buffer overflow vulnerabilities when parsing a
specially craf ...)
- TODO: check
+ NOT-FOR-US: Esri (various ArcGIS products)
CVE-2021-29093 (A use-after-free vulnerability when parsing a specially
crafted file i ...)
- TODO: check
+ NOT-FOR-US: Esri (various ArcGIS products)
CVE-2021-3461
RESERVED
NOT-FOR-US: Keycloak
@@ -528,11 +528,11 @@ CVE-2021-29012
CVE-2021-29011
RESERVED
CVE-2021-29010 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows
remote at ...)
- TODO: check
+ NOT-FOR-US: SEO Panel
CVE-2021-29009 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows
remote at ...)
- TODO: check
+ NOT-FOR-US: SEO Panel
CVE-2021-29008 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows
remote at ...)
- TODO: check
+ NOT-FOR-US: SEO Panel
CVE-2021-29007
RESERVED
CVE-2021-29006
@@ -2174,7 +2174,7 @@ CVE-2021-28248
CVE-2021-28247
RESERVED
CVE-2021-28246 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager
through ...)
- TODO: check
+ NOT-FOR-US: CA eHealth Performance Manager
CVE-2021-28245
RESERVED
CVE-2021-28244
@@ -4052,19 +4052,19 @@ CVE-2021-27456
CVE-2021-27455
RESERVED
CVE-2021-27454 (The software performs an operation at a privilege level higher
than th ...)
- TODO: check
+ NOT-FOR-US: GE
CVE-2021-27453
RESERVED
CVE-2021-27452 (The software contains a hard-coded password that could allow
an attack ...)
- TODO: check
+ NOT-FOR-US: GE
CVE-2021-27451
RESERVED
CVE-2021-27450 (SSH server configuration file does not implement some best
practices. ...)
- TODO: check
+ NOT-FOR-US: GE
CVE-2021-27449
RESERVED
CVE-2021-27448 (A miscommunication in the file system allows adversaries with
access t ...)
- TODO: check
+ NOT-FOR-US: GE
CVE-2021-27447
RESERVED
CVE-2021-27446
@@ -4080,11 +4080,11 @@ CVE-2021-27442
CVE-2021-27441
RESERVED
CVE-2021-27440 (The software contains a hard-coded password it uses for its
own inboun ...)
- TODO: check
+ NOT-FOR-US: GE
CVE-2021-27439
RESERVED
CVE-2021-27438 (The software contains a hard-coded password it uses for its
own inboun ...)
- TODO: check
+ NOT-FOR-US: GE
CVE-2021-27437
RESERVED
CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to
cross-site scr ...)
@@ -9162,15 +9162,15 @@ CVE-2021-25355 (Using unsafe PendingIntent in Samsung
Notes prior to version 4.2
CVE-2021-25354 (Improper input check in Samsung Internet prior to version
13.2.1.46 al ...)
NOT-FOR-US: Samsung
CVE-2021-25353 (Using empty PendingIntent in Galaxy Themes prior to version
5.2.00.121 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25352 (Using PendingIntent with implicit intent in Bixby Voice prior
to versi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25351 (Improper Access Control in EmailValidationView in Samsung
Account prio ...)
NOT-FOR-US: Samsung
CVE-2021-25350 (Information Exposure vulnerability in Samsung Account prior to
version ...)
NOT-FOR-US: Samsung
CVE-2021-25349 (Using unsafe PendingIntent in Slow Motion Editor prior to
version 3.5. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to
version 1 ...)
NOT-FOR-US: Samsung Internet
CVE-2021-25347 (Hijacking vulnerability in Samsung Email application version
prior to ...)
@@ -15035,7 +15035,7 @@ CVE-2020-36170 (The Ultimate Member plugin before
2.1.13 for WordPress mishandle
CVE-2012-10001 (The Limit Login Attempts plugin before 1.7.1 for WordPress
does not cl ...)
NOT-FOR-US: Limit Login Attempts plugin for WordPress
CVE-2021-3027 (app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is
affected ...)
- TODO: check
+ NOT-FOR-US: LibrIT PaSSHport
CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows
XSS durin ...)
NOT-FOR-US: Invision Community IPS Community Suite
CVE-2021-3025 (Invision Community IPS Community Suite before 4.5.4.2 allows
SQL Injec ...)
@@ -43017,7 +43017,7 @@ CVE-2020-23519
CVE-2020-23518 (Cross Site Scripting (XSS) vulnerability in UltimateKode Neo
Billing - ...)
NOT-FOR-US: UltimateKode Neo Billing - Accounting, Invoicing And CRM
Software
CVE-2020-23517 (Cross Site Scripting (XSS) vulnerability in Aryanic HighMail
(High CMS ...)
- TODO: check
+ NOT-FOR-US: Aryanic HighMail (High CMS)
CVE-2020-23516
RESERVED
CVE-2020-23515
@@ -74753,17 +74753,17 @@ CVE-2020-10586
CVE-2020-10585
RESERVED
CVE-2020-10584 (A directory traversal on the /admin/search_by.php script of
Invigo Aut ...)
- TODO: check
+ NOT-FOR-US: Invigo Automatic Device Management (ADM)
CVE-2020-10583 (The /admin/admapi.php script of Invigo Automatic Device
Management (AD ...)
- TODO: check
+ NOT-FOR-US: Invigo Automatic Device Management (ADM)
CVE-2020-10582 (A SQL injection on the /admin/display_errors.php script of
Invigo Auto ...)
- TODO: check
+ NOT-FOR-US: Invigo Automatic Device Management (ADM)
CVE-2020-10581 (Multiple session validity check issues in several
administration funct ...)
- TODO: check
+ NOT-FOR-US: Invigo Automatic Device Management (ADM)
CVE-2020-10580 (A command injection on the /admin/broadcast.php script of
Invigo Autom ...)
- TODO: check
+ NOT-FOR-US: Invigo Automatic Device Management (ADM)
CVE-2020-10579 (A directory traversal on the /admin/sysmon.php script of
Invigo Automa ...)
- TODO: check
+ NOT-FOR-US: Invigo Automatic Device Management (ADM)
CVE-2020-10578 (An arbitrary file read vulnerability exists in
system/controller/backe ...)
NOT-FOR-US: QCMS
CVE-2020-10577 (An issue was discovered in Janus through 0.9.1. janus.c has
multiple c ...)
@@ -81536,7 +81536,7 @@ CVE-2020-7854
CVE-2020-7853 (An outbound read/write vulnerability exists in XPLATFORM that
does not ...)
NOT-FOR-US: XPLATFORM
CVE-2020-7852 (DaviewIndy has a Heap-based overflow vulnerability, triggered
when the ...)
- TODO: check
+ NOT-FOR-US: DaviewIndy
CVE-2020-7851
RESERVED
CVE-2020-7850
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dafbee6935854c1409b02a67beeb38b1512c04c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dafbee6935854c1409b02a67beeb38b1512c04c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
