Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9ba362db by Salvatore Bonaccorso at 2021-04-27T22:18:33+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2513,7 +2513,7 @@ CVE-2021-30644
CVE-2021-30643
RESERVED
CVE-2021-30642 (An input validation flaw in the Symantec Security Analytics
web UI 7.2 ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2020-36323 (In the standard library in Rust before 1.52.0, there is an
optimizatio ...)
- rustc <unfixed>
NOTE: https://github.com/rust-lang/rust/issues/80335
@@ -2598,7 +2598,7 @@ CVE-2018-25007 (Missing check in UIDL request handler in
com.vaadin:flow-server
CVE-2017-20003
REJECTED
CVE-2021-30638 (Information Exposure vulnerability in context asset handling
of Apache ...)
- TODO: check
+ NOT-FOR-US: Apache Tapestry
CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or
Descript ...)
NOT-FOR-US: htmly
CVE-2021-30636
@@ -6074,7 +6074,7 @@ CVE-2021-29135
CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to
CSRF when ...)
NOT-FOR-US: HID OMNIKEY 5427 and OMNIKEY 5127 readers
CVE-2021-3464 (A DLL search path vulnerability was reported in Lenovo
PCManager, prio ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-3463 (A null pointer dereference vulnerability in Lenovo Power
Management Dr ...)
NOT-FOR-US: Lenovo
CVE-2021-3462 (A privilege escalation vulnerability in Lenovo Power Management
Driver ...)
@@ -6475,7 +6475,7 @@ CVE-2021-3453
CVE-2021-3452
RESERVED
CVE-2021-3451 (A denial of service vulnerability was reported in Lenovo
PCManager, pr ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-3450 (The X509_V_FLAG_X509_STRICT flag enables additional security
checks of ...)
- openssl 1.1.1k-1
[buster] - openssl <not-affected> (Vulnerable code introduced in 1.1.1h)
@@ -7977,11 +7977,11 @@ CVE-2021-28273
CVE-2021-28272
RESERVED
CVE-2021-28271 (Soyal Technologies SOYAL 701Server 9.0.1 suffers from an
elevation of ...)
- TODO: check
+ NOT-FOR-US: Soyal Technologies SOYAL 701Server
CVE-2021-28270
RESERVED
CVE-2021-28269 (Soyal Technology 701Client 9.0.1 is vulnerable to Insecure
permissions ...)
- TODO: check
+ NOT-FOR-US: Soyal Technology 701Client
CVE-2021-28268
RESERVED
CVE-2021-28267
@@ -9890,7 +9890,7 @@ CVE-2021-27482
CVE-2021-27481
RESERVED
CVE-2021-27480 (Delta Industrial Automation COMMGR Versions 1.12 and prior are
vulnera ...)
- TODO: check
+ NOT-FOR-US: Delta Industrial Automation COMMGR
CVE-2021-27479
RESERVED
CVE-2021-27478
@@ -21146,7 +21146,7 @@ CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and
prior is vulnerable to a sta
CVE-2021-22665 (Rockwell Automation DriveTools SP v5.13 and below and Drives
AOP v4.12 ...)
NOT-FOR-US: Rockwell Automation
CVE-2021-22664 (CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an
out-of-bounds ...)
- TODO: check
+ NOT-FOR-US: CNCSoft-B
CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper
validation of u ...)
NOT-FOR-US: Cscape
CVE-2021-22662 (A use after free issue has been identified in Fatek FvDesigner
Version ...)
@@ -21154,7 +21154,7 @@ CVE-2021-22662 (A use after free issue has been
identified in Fatek FvDesigner V
CVE-2021-22661 (Changing the password on the module webpage does not require
the user ...)
NOT-FOR-US: ProSoft Technology
CVE-2021-22660 (CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an
out-of-bounds ...)
- TODO: check
+ NOT-FOR-US: CNCSoft-B
CVE-2021-22659 (Rockwell Automation MicroLogix 1400 Version 21.6 and below may
allow a ...)
NOT-FOR-US: Rockwell Automation
CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable
to a SQL ...)
@@ -26914,7 +26914,7 @@ CVE-2021-20717
CVE-2021-20716
RESERVED
CVE-2021-20715 (Improper access control vulnerability in Hot Pepper Gourmet
App for An ...)
- TODO: check
+ NOT-FOR-US: Hot Pepper Gourmet App
CVE-2021-20714 (Directory traversal vulnerability in WP Fastest Cache versions
prior t ...)
TODO: check
CVE-2021-20713
@@ -28641,7 +28641,7 @@ CVE-2020-35544
CVE-2020-35543
RESERVED
CVE-2020-35542 (Unisys Data Exchange Management Studio through 5.0.34 doesn't
sanitize ...)
- TODO: check
+ NOT-FOR-US: Unisys
CVE-2020-35541
RESERVED
CVE-2020-35540
@@ -52399,13 +52399,13 @@ CVE-2020-22003
CVE-2020-22002
RESERVED
CVE-2020-22001 (HomeAutomation 3.3.2 suffers from an authentication bypass
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: HomeAutomation
CVE-2020-22000 (HomeAutomation 3.3.2 suffers from an authenticated OS command
executio ...)
- TODO: check
+ NOT-FOR-US: HomeAutomation
CVE-2020-21999
RESERVED
CVE-2020-21998 (In HomeAutomation 3.3.2 input passed via the 'redirect' GET
parameter ...)
- TODO: check
+ NOT-FOR-US: HomeAutomation
CVE-2020-21997
RESERVED
CVE-2020-21996
@@ -52423,11 +52423,11 @@ CVE-2020-21991
CVE-2020-21990
RESERVED
CVE-2020-21989 (HomeAutomation 3.3.2 is affected by Cross Site Request Forgery
(CSRF). ...)
- TODO: check
+ NOT-FOR-US: HomeAutomation
CVE-2020-21988
RESERVED
CVE-2020-21987 (HomeAutomation 3.3.2 is affected by persistent Cross Site
Scripting (X ...)
- TODO: check
+ NOT-FOR-US: HomeAutomation
CVE-2020-21986
RESERVED
CVE-2020-21985
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ba362db4a2d5e1df4b8a04eddf35b684a3756b6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ba362db4a2d5e1df4b8a04eddf35b684a3756b6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
