Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e0c091e2 by Salvatore Bonaccorso at 2021-04-13T22:25:15+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1031,9 +1031,9 @@ CVE-2021-30178 (An issue was discovered in the Linux
kernel through 5.11.11. syn
CVE-2021-30177 (There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in
the User R ...)
NOT-FOR-US: PHP-Nuke
CVE-2021-30176 (The ZEROF Expert pro/2.0 application for mobile devices allows
SQL Inj ...)
- TODO: check
+ NOT-FOR-US: ZEROF Expert
CVE-2021-30175 (ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the
/Handle ...)
- TODO: check
+ NOT-FOR-US: ZEROF Web Server
CVE-2021-30174
RESERVED
CVE-2021-30173
@@ -1464,11 +1464,11 @@ CVE-2021-30001
CVE-2021-30000 (An issue was discovered in LATRIX 0.6.0. SQL injection in the
txtacces ...)
NOT-FOR-US: LATRIX
CVE-2021-29999 (An issue was discovered in Wind River VxWorks through 6.8.
There is a ...)
- TODO: check
+ NOT-FOR-US: Wind River VxWorks
CVE-2021-29998 (An issue was discovered in Wind River VxWorks before 6.5.
There is a p ...)
- TODO: check
+ NOT-FOR-US: Wind River VxWorks
CVE-2021-29997 (XML External Entity Resolution (XXE) in Helix ALM. The XML
Import func ...)
- TODO: check
+ NOT-FOR-US: Helix ALM
CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command
execution. ...)
NOT-FOR-US: marktext
CVE-2021-29995
@@ -2691,7 +2691,7 @@ CVE-2021-29438 (The Nextcloud dialogs library (npm
package @nextcloud/dialogs) b
CVE-2021-29437 (ScratchOAuth2 is an Oauth implementation for Scratch. Any
ScratchOAuth ...)
TODO: check
CVE-2021-29436 (Anuko Time Tracker is an open source, web-based time tracking
applicat ...)
- TODO: check
+ NOT-FOR-US: Anuko Time Tracker
CVE-2021-29435 (trestle-auth is an authentication plugin for the Trestle admin
framewo ...)
TODO: check
CVE-2021-29434
@@ -3740,7 +3740,7 @@ CVE-2021-28975
CVE-2021-28974
RESERVED
CVE-2021-28973 (The XML Import functionality of the Administration console in
Perforce ...)
- TODO: check
+ NOT-FOR-US: Helix ALM
CVE-2021-28970 (eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500
devices ...)
NOT-FOR-US: Central Management of FireEye EX 3500 devices
CVE-2021-28969 (eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote
authenticat ...)
@@ -16982,17 +16982,17 @@ CVE-2021-23283
CVE-2021-23282
RESERVED
CVE-2021-23281 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is
vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23280 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is
vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23279 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is
vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23278 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is
vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23277 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is
vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23276 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is
vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23275
RESERVED
CVE-2021-23274 (The Config UI component of TIBCO Software Inc.'s TIBCO API
Exchange Ga ...)
@@ -20186,7 +20186,7 @@ CVE-2021-21786
CVE-2021-21785
RESERVED
CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format
SOF mark ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing
plugin func ...)
- gsoap <unfixed>
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245
@@ -20295,11 +20295,11 @@ CVE-2021-21733
CVE-2021-21732
RESERVED
CVE-2021-21731 (A CSRF vulnerability exists in the management page of a ZTE
product.Th ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21730 (A ZTE product is impacted by improper access control
vulnerability. Th ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21729 (Some ZTE products have CSRF vulnerability. Because some pages
lack CSR ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21728 (A ZTE product has a configuration error vulnerability. Because
a certa ...)
NOT-FOR-US: ZTE
CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can
amplify t ...)
@@ -21507,7 +21507,7 @@ CVE-2021-21487 (SAP Payment Engine version 500, does
not perform necessary autho
CVE-2021-21486 (SAP Enterprise Financial Services versions, 101, 102, 103,
104, 105, 6 ...)
NOT-FOR-US: SAP
CVE-2021-21485 (An unauthorized attacker may be able to entice an
administrator to inv ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-21484 (LDAP authentication in SAP HANA Database version 2.0 can be
bypassed i ...)
NOT-FOR-US: SAP
CVE-2021-21483 (Under certain conditions SAP Solution Manager, version - 720,
allows a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0c091e2b1a41dabd6f0421ad57cd98e3564ad75
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0c091e2b1a41dabd6f0421ad57cd98e3564ad75
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
