Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ba055174 by Salvatore Bonaccorso at 2021-04-29T22:20:14+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1099,49 +1099,49 @@ CVE-2021-31440
CVE-2021-31439
RESERVED
CVE-2021-31438 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-31437 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-31436 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-31435 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-31434 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-31433 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-31432 (This vulnerability allows local attackers to disclose
sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31431 (This vulnerability allows local attackers to disclose
sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31430 (This vulnerability allows local attackers to disclose
sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31429 (This vulnerability allows local attackers to escalate
privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31428 (This vulnerability allows local attackers to escalate
privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31427 (This vulnerability allows local attackers to disclose
sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31426 (This vulnerability allows local attackers to escalate
privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31425 (This vulnerability allows local attackers to escalate
privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31424 (This vulnerability allows local attackers to escalate
privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31423 (This vulnerability allows local attackers to disclose
sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31422 (This vulnerability allows local attackers to escalate
privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31421 (This vulnerability allows local attackers to delete arbitrary
files on ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31420 (This vulnerability allows local attackers to escalate
privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31419 (This vulnerability allows local attackers to disclose
sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31418 (This vulnerability allows local attackers to disclose
sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-31417 (This vulnerability allows local attackers to disclose
sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-3501 [userspace applications can misuse the KVM API to cause a write
of 16 bytes at an offset up to 32 GB from vcpu->run]
RESERVED
- linux <unfixed>
@@ -3699,19 +3699,19 @@ CVE-2021-30236
CVE-2021-30235
RESERVED
CVE-2021-30234 (The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An
Lianbao WF-1 ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-30233 (The api/ZRIptv/setIptvInfo interface in China Mobile An
Lianbao WF-1 r ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-30232 (The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An
Lianbao WF- ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-30231 (The api/zrDm/set_ZRElink interface in China Mobile An Lianbao
WF-1 rou ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-30230 (The api/ZRFirmware/set_time_zone interface in China Mobile An
Lianbao ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-30229 (The api/zrDm/set_zrDm interface in China Mobile An Lianbao
WF-1 router ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-30228 (The api/ZRAndlink/set_ZRAndlink interface in China Mobile An
Lianbao W ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-30227 (Cross Site Scripting (XSS) vulnerability in the article
comments featu ...)
TODO: check
CVE-2021-30226
@@ -6286,27 +6286,27 @@ CVE-2021-29149
CVE-2021-29148
RESERVED
CVE-2021-29147 (A remote arbitrary command execution vulnerability was
discovered in A ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29146 (A remote cross-site scripting (XSS) vulnerability was
discovered in Ar ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29145 (A remote server side request forgery (SSRF) remote code
execution vuln ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29144 (A remote disclosure of sensitive information vulnerability was
discove ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29143
RESERVED
CVE-2021-29142 (A remote cross-site scripting (XSS) vulnerability was
discovered in Ar ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29141 (A remote disclosure of sensitive information vulnerability was
discove ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29140 (A remote XML external entity (XXE) vulnerability was
discovered in Aru ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29139 (A remote cross-site scripting (XSS) vulnerability was
discovered in Ar ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29138 (A remote disclosure of privileged information vulnerability
was discov ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29137 (A remote URL redirection vulnerability was discovered in Aruba
AirWave ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-29136 (Open Container Initiative umoci before 0.4.7 allows attackers
to overw ...)
- umoci 0.4.7+ds-1
[buster] - umoci <no-dsa> (Minor issue)
@@ -8202,7 +8202,7 @@ CVE-2021-28282
CVE-2021-28281
RESERVED
CVE-2021-28280 (CSRF + Cross-site scripting (XSS) vulnerability in search.php
in PHPFu ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2021-28279
RESERVED
CVE-2021-28278
@@ -14358,11 +14358,11 @@ CVE-2021-25814
CVE-2021-25813
RESERVED
CVE-2021-25812 (Command injection vulnerability in China Mobile An Lianbao
WF-1 1.01 v ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1
CVE-2021-25811 (MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service
via a craf ...)
- TODO: check
+ NOT-FOR-US: MERCUSYS Mercury X18G 1.0.5 devices
CVE-2021-25810 (Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury
X18G 1.0. ...)
- TODO: check
+ NOT-FOR-US: MERCUSYS Mercury X18G 1.0.5 devices
CVE-2021-25809
RESERVED
CVE-2021-25808
@@ -15892,15 +15892,15 @@ CVE-2021-25169 (The Baseboard Management Controller
(BMC) firmware in HPE Apollo
CVE-2021-25168 (The Baseboard Management Controller (BMC) firmware in HPE
Apollo 70 Sy ...)
NOT-FOR-US: HPE
CVE-2021-25167 (A remote unauthorized access vulnerability was discovered in
Aruba Air ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-25166 (A remote unauthorized access vulnerability was discovered in
Aruba Air ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-25165 (A remote XML external entity vulnerability was discovered in
Aruba Air ...)
NOT-FOR-US: Aruba
CVE-2021-25164 (A remote XML external entity vulnerability was discovered in
Aruba Air ...)
NOT-FOR-US: Aruba
CVE-2021-25163 (A remote XML external entity vulnerability was discovered in
Aruba Air ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-25162 (A remote execution of arbitrary commands vulnerability was
discovered ...)
NOT-FOR-US: Aruba
CVE-2021-25161 (A remote cross-site scripting (xss) vulnerability was
discovered in so ...)
@@ -25259,7 +25259,7 @@ CVE-2021-21416 (django-registration is a user
registration package for Django. T
NOTE:
https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh
NOTE:
https://github.com/ubernostrum/django-registration/commit/8206af081e239598cfd15d165d4d8ab9849ee23c
CVE-2021-21415 (Prisma VS Code a VSCode extension for Prisma schema files.
This is a R ...)
- TODO: check
+ NOT-FOR-US: Prisma VS Code a VSCode extension
CVE-2021-21414 (Prisma is an open source ORM for Node.js & TypeScript. As
of today ...)
NOT-FOR-US: Prisma
CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to
v8's Iso ...)
@@ -28879,11 +28879,11 @@ CVE-2021-20094
CVE-2021-20093
RESERVED
CVE-2021-20092 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version
<= 1.0 ...)
- TODO: check
+ NOT-FOR-US: Buffalo
CVE-2021-20091 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version
<= 1.0 ...)
- TODO: check
+ NOT-FOR-US: Buffalo
CVE-2021-20090 (A path traversal vulnerability in the web interfaces of
Buffalo WSR-25 ...)
- TODO: check
+ NOT-FOR-US: Buffalo
CVE-2021-20089 (Improperly Controlled Modification of Object Prototype
Attributes ('Pr ...)
NOT-FOR-US: purl javascript URL parser (different from src:purl)
CVE-2021-20088 (Improperly Controlled Modification of Object Prototype
Attributes ('Pr ...)
@@ -29461,7 +29461,7 @@ CVE-2020-35432
CVE-2020-35431
RESERVED
CVE-2020-35430 (SQL Injection in
com/inxedu/OS/edu/controller/letter/AdminMsgSystemCon ...)
- TODO: check
+ NOT-FOR-US: Inxedu
CVE-2020-35429
RESERVED
CVE-2020-35428
@@ -34611,13 +34611,13 @@ CVE-2021-1506
CVE-2021-1505
RESERVED
CVE-2021-1504 (Multiple vulnerabilities in Cisco Adaptive Security Appliance
(ASA) So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1503
RESERVED
CVE-2021-1502
RESERVED
CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive
Securit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1500
RESERVED
CVE-2021-1499
@@ -34629,11 +34629,11 @@ CVE-2021-1497
CVE-2021-1496
RESERVED
CVE-2021-1495 (Multiple Cisco products are affected by a vulnerability in the
Snort d ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1494
RESERVED
CVE-2021-1493 (A vulnerability in the web services interface of Cisco Adaptive
Securi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not
properly ...)
NOT-FOR-US: Duo Authentication Proxy
CVE-2021-1491
@@ -34641,9 +34641,9 @@ CVE-2021-1491
CVE-2021-1490
RESERVED
CVE-2021-1489 (A vulnerability in filesystem usage management for Cisco
Firepower Dev ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1488 (A vulnerability in the upgrade process of Cisco Adaptive
Security Appl ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1487
RESERVED
CVE-2021-1486
@@ -34665,9 +34665,9 @@ CVE-2021-1479 (Multiple vulnerabilities in Cisco SD-WAN
vManage Software could a
CVE-2021-1478
RESERVED
CVE-2021-1477 (A vulnerability in an access control mechanism of Cisco
Firepower Mana ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1476 (A vulnerability in the CLI of Cisco Adaptive Security Appliance
(ASA) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1475 (Multiple vulnerabilities in the Admin audit log export feature
and Sch ...)
NOT-FOR-US: Cisco
CVE-2021-1474 (Multiple vulnerabilities in the Admin audit log export feature
and Sch ...)
@@ -34703,13 +34703,13 @@ CVE-2021-1460 (A vulnerability in the Cisco IOx
Application Framework of Cisco 8
CVE-2021-1459 (A vulnerability in the web-based management interface of Cisco
Small B ...)
NOT-FOR-US: Cisco
CVE-2021-1458 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1457 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1456 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1455 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1454 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN
Software co ...)
NOT-FOR-US: Cisco
CVE-2021-1453 (A vulnerability in the software image verification
functionality of Ci ...)
@@ -34723,13 +34723,13 @@ CVE-2021-1450 (A vulnerability in the interprocess
communication (IPC) channel o
CVE-2021-1449 (A vulnerability in the boot logic of Cisco Access Points
Software coul ...)
NOT-FOR-US: Cisco
CVE-2021-1448 (A vulnerability in the CLI of Cisco Firepower Threat Defense
(FTD) Sof ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1447
RESERVED
CVE-2021-1446 (A vulnerability in the DNS application layer gateway (ALG)
functionali ...)
NOT-FOR-US: Cisco
CVE-2021-1445 (Multiple vulnerabilities in Cisco Adaptive Security Appliance
(ASA) So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1444
RESERVED
CVE-2021-1443 (A vulnerability in the web UI of Cisco IOS XE Software could
allow an ...)
@@ -34821,7 +34821,7 @@ CVE-2021-1404 (A vulnerability in the PDF parsing
module in Clam AntiVirus (Clam
CVE-2021-1403 (A vulnerability in the web UI feature of Cisco IOS XE Software
could a ...)
NOT-FOR-US: Cisco
CVE-2021-1402 (A vulnerability in the software-based SSL/TLS message handler
of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1401
RESERVED
CVE-2021-1400
@@ -34887,7 +34887,7 @@ CVE-2021-1371 (A vulnerability in the role-based access
control of Cisco IOS XE
CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for
the Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1369 (A vulnerability in the REST API of Cisco Firepower Device
Manager (FDM ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1368 (A vulnerability in the Unidirectional Link Detection (UDLD)
feature of ...)
NOT-FOR-US: Cisco
CVE-2021-1367 (A vulnerability in the Protocol Independent Multicast (PIM)
feature of ...)
@@ -35113,7 +35113,7 @@ CVE-2021-1258 (A vulnerability in the upgrade component
of Cisco AnyConnect Secu
CVE-2021-1257 (A vulnerability in the web-based management interface of Cisco
DNA Cen ...)
NOT-FOR-US: Cisco
CVE-2021-1256 (A vulnerability in the CLI of Cisco Firepower Threat Defense
(FTD) Sof ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1255 (Multiple vulnerabilities in the REST API endpoint of Cisco Data
Center ...)
NOT-FOR-US: Cisco
CVE-2021-1254
@@ -52709,7 +52709,7 @@ CVE-2020-22004
CVE-2020-22003
RESERVED
CVE-2020-22002 (An Unauthenticated Server-Side Request Forgery (SSRF)
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Inim Electronics Smartliving SmartLAN/G/SI
CVE-2020-22001 (HomeAutomation 3.3.2 suffers from an authentication bypass
vulnerabili ...)
NOT-FOR-US: HomeAutomation
CVE-2020-22000 (HomeAutomation 3.3.2 suffers from an authenticated OS command
executio ...)
@@ -52719,21 +52719,21 @@ CVE-2020-21999
CVE-2020-21998 (In HomeAutomation 3.3.2 input passed via the 'redirect' GET
parameter ...)
NOT-FOR-US: HomeAutomation
CVE-2020-21997 (Smartwares HOME easy <=1.0.9 is vulnerable to an
unauthenticated da ...)
- TODO: check
+ NOT-FOR-US: Smartwares HOME easy
CVE-2020-21996 (AVE DOMINAplus <=1.10.x suffers from an unauthenticated
reboot comm ...)
NOT-FOR-US: AVE DOMINAplus
CVE-2020-21995 (Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses
default hardc ...)
- TODO: check
+ NOT-FOR-US: Inim Electronics Smartliving SmartLAN/G/SI
CVE-2020-21994 (AVE DOMINAplus <=1.10.x suffers from clear-text credentials
disclos ...)
NOT-FOR-US: AVE DOMINAplus
CVE-2020-21993 (In WEMS Limited Enterprise Manager 2.58, input passed to the
GET param ...)
NOT-FOR-US: WEMS Limited Enterprise Manager
CVE-2020-21992 (Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers
from an au ...)
- TODO: check
+ NOT-FOR-US: Inim Electronics SmartLiving SmartLAN/G/SI
CVE-2020-21991 (AVE DOMINAplus <=1.10.x suffers from an authentication
bypass vulne ...)
NOT-FOR-US: AVE DOMINAplus
CVE-2020-21990 (Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS
Gateway 0. ...)
- TODO: check
+ NOT-FOR-US: Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS
Gateway
CVE-2020-21989 (HomeAutomation 3.3.2 is affected by Cross Site Request Forgery
(CSRF). ...)
NOT-FOR-US: HomeAutomation
CVE-2020-21988
@@ -90160,7 +90160,7 @@ CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0,
as used in QEMU 4.2.0, m
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
NOTE:
https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-vjwg-42w7-w64h
CVE-2020-7038 (A vulnerability was discovered in Management component of Avaya
Equino ...)
- TODO: check
+ NOT-FOR-US: Avaya Equinox Conferencing
CVE-2020-7037 (An XML External Entities (XXE) vulnerability in Media Server
component ...)
NOT-FOR-US: Avaya Equinox Conferencing
CVE-2020-7036 (An XML External Entities (XXE)vulnerability in Callback Assist
could a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba0551742f0f75c3845fc13e510f2f0f98d3bea5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba0551742f0f75c3845fc13e510f2f0f98d3bea5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
