Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1007dce4 by Salvatore Bonaccorso at 2021-04-29T07:25:49+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3745,13 +3745,13 @@ CVE-2021-30171
CVE-2021-30170
RESERVED
CVE-2021-30169 (The sensitive information of webcam device is not properly
protected. ...)
- TODO: check
+ NOT-FOR-US: LILIN
CVE-2021-30168 (The sensitive information of webcam device is not properly
protected. ...)
- TODO: check
+ NOT-FOR-US: LILIN
CVE-2021-30167 (The manage users profile services of the network camera device
allows ...)
- TODO: check
+ NOT-FOR-US: LILIN
CVE-2021-30166 (The NTP Server configuration function of the IP camera device
is not v ...)
- TODO: check
+ NOT-FOR-US: LILIN
CVE-2021-30165 (The default administrator account & password of the EDIMAX
wireles ...)
NOT-FOR-US: EDIMAX
CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers
to bypass ...)
@@ -5471,9 +5471,9 @@ CVE-2021-29444 (jose-browser-runtime is an npm package
which provides a number o
CVE-2021-29443 (jose is an npm library providing a number of cryptographic
operations. ...)
NOT-FOR-US: Node jose
CVE-2021-29442 (Nacos is a platform designed for dynamic service discovery and
configu ...)
- TODO: check
+ NOT-FOR-US: Nacos
CVE-2021-29441 (Nacos is a platform designed for dynamic service discovery and
configu ...)
- TODO: check
+ NOT-FOR-US: Nacos
CVE-2021-29440 (Grav is a file based Web-platform. Twig processing of static
pages can ...)
NOT-FOR-US: Grav CMS
CVE-2021-29439 (The Grav admin plugin prior to version 1.10.11 does not
correctly veri ...)
@@ -5631,9 +5631,9 @@ CVE-2021-29390
CVE-2021-29389
RESERVED
CVE-2021-29388 (A stored cross-site scripting (XSS) vulnerability in
SourceCodester Bu ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Budget Management System
CVE-2021-29387 (Multiple stored cross-site scripting (XSS) vulnerabilities in
Sourceco ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Equipment Inventory System
CVE-2021-29386
RESERVED
CVE-2021-29385
@@ -6134,7 +6134,7 @@ CVE-2021-29161
CVE-2021-29160
RESERVED
CVE-2021-29159 (A cross-site scripting (XSS) vulnerability has been discovered
in Nexu ...)
- TODO: check
+ NOT-FOR-US: Nexus Repository Manager
CVE-2021-29158 (Sonatype Nexus Repository Manager 3 Pro up to and including
3.30.0 has ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2021-29157
@@ -9662,7 +9662,7 @@ CVE-2021-27650
CVE-2021-27649
RESERVED
CVE-2021-27648 (Externally controlled reference to a resource in another
sphere in qua ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-27647 (Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core
in Synolo ...)
NOT-FOR-US: Synology
CVE-2021-27646 (Use After Free vulnerability in iscsi_snapshot_comm_core in
Synology D ...)
@@ -15792,13 +15792,13 @@ CVE-2021-25156 (A remote arbitrary directory create
vulnerability was discovered
CVE-2021-25155 (A remote arbitrary file modification vulnerability was
discovered in s ...)
NOT-FOR-US: Aruba
CVE-2021-25154 (A remote escalation of privilege vulnerability was discovered
in Aruba ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-25153 (A remote SQL injection vulnerability was discovered in Aruba
AirWave M ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-25152
RESERVED
CVE-2021-25151 (A remote insecure deserialization vulnerability was discovered
in Arub ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-25150 (A remote execution of arbitrary commands vulnerability was
discovered ...)
NOT-FOR-US: Aruba
CVE-2021-25149 (A remote buffer overflow vulnerability was discovered in some
Aruba In ...)
@@ -15806,7 +15806,7 @@ CVE-2021-25149 (A remote buffer overflow vulnerability
was discovered in some Ar
CVE-2021-25148 (A remote arbitrary file modification vulnerability was
discovered in s ...)
NOT-FOR-US: Aruba
CVE-2021-25147 (A remote authentication restriction bypass vulnerability was
discovere ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-25146 (A remote execution of arbitrary commands vulnerability was
discovered ...)
NOT-FOR-US: Aruba
CVE-2021-25145 (A remote unauthorized disclosure of information vulnerability
was disc ...)
@@ -21824,7 +21824,7 @@ CVE-2021-22395
CVE-2021-22394
RESERVED
CVE-2021-22393 (There is a denial of service vulnerability in some versions of
CloudEn ...)
- TODO: check
+ NOT-FOR-US: CloudEngine (Huawei)
CVE-2021-22392
RESERVED
CVE-2021-22391
@@ -21946,17 +21946,17 @@ CVE-2021-22334
CVE-2021-22333
RESERVED
CVE-2021-22332 (There is a pointer double free vulnerability in some versions
of Cloud ...)
- TODO: check
+ NOT-FOR-US: CloudEngine (Huawei)
CVE-2021-22331 (There is a JavaScript injection vulnerability in certain
Huawei smartp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22330 (There is an out of bounds write vulnerability in Huawei
Smartphone HUA ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22329
RESERVED
CVE-2021-22328
RESERVED
CVE-2021-22327 (There is an arbitrary memory write vulnerability in Huawei
smart phone ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22326
RESERVED
CVE-2021-22325
@@ -52582,17 +52582,17 @@ CVE-2020-21998 (In HomeAutomation 3.3.2 input passed
via the 'redirect' GET para
CVE-2020-21997
RESERVED
CVE-2020-21996 (AVE DOMINAplus <=1.10.x suffers from an unauthenticated
reboot comm ...)
- TODO: check
+ NOT-FOR-US: AVE DOMINAplus
CVE-2020-21995
RESERVED
CVE-2020-21994 (AVE DOMINAplus <=1.10.x suffers from clear-text credentials
disclos ...)
- TODO: check
+ NOT-FOR-US: AVE DOMINAplus
CVE-2020-21993 (In WEMS Limited Enterprise Manager 2.58, input passed to the
GET param ...)
- TODO: check
+ NOT-FOR-US: WEMS Limited Enterprise Manager
CVE-2020-21992
RESERVED
CVE-2020-21991 (AVE DOMINAplus <=1.10.x suffers from an authentication
bypass vulne ...)
- TODO: check
+ NOT-FOR-US: AVE DOMINAplus
CVE-2020-21990
RESERVED
CVE-2020-21989 (HomeAutomation 3.3.2 is affected by Cross Site Request Forgery
(CSRF). ...)
@@ -60556,13 +60556,13 @@ CVE-2020-18024
CVE-2020-18023
RESERVED
CVE-2020-18022 (Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier
allows r ...)
- TODO: check
+ NOT-FOR-US: Qibosoft QiboCMS
CVE-2020-18021
RESERVED
CVE-2020-18020 (SQL Injection in PHPSHE Mall System v1.7 allows remote
attackers to ex ...)
- TODO: check
+ NOT-FOR-US: PHPSHE Mall System
CVE-2020-18019 (SQL Injection in Xinhu OA System v1.8.3 allows remote
attackers to obt ...)
- TODO: check
+ NOT-FOR-US: Xinhu OA System
CVE-2020-18018
RESERVED
CVE-2020-18017
@@ -60602,7 +60602,7 @@ CVE-2020-18001
CVE-2020-18000
RESERVED
CVE-2020-17999 (Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: MiniCMS
CVE-2020-17998
RESERVED
CVE-2020-17997
@@ -89703,7 +89703,7 @@ CVE-2020-7125 (A remote escalation of privilege
vulnerability was discovered in
CVE-2020-7124 (A remote unauthorized access vulnerability was discovered in
Aruba Air ...)
NOT-FOR-US: Aruba
CVE-2020-7123 (A local escalation of privilege vulnerability was discovered in
Aruba ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches
Series ...)
NOT-FOR-US: Aruba
CVE-2020-7121 (Two memory corruption vulnerabilities in the Aruba CX Switches
Series ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1007dce4c67f61988f7de1c6163c977917f69aa7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1007dce4c67f61988f7de1c6163c977917f69aa7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
