Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
062b6071 by Salvatore Bonaccorso at 2021-05-13T10:41:35+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9551,7 +9551,7 @@ CVE-2021-28801
CVE-2021-28800
RESERVED
CVE-2021-28799 (An improper authorization vulnerability has been reported to
affect QN ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-28798
RESERVED
CVE-2021-28797 (A stack-based buffer overflow vulnerability has been reported
to affec ...)
@@ -12850,11 +12850,11 @@ CVE-2021-3412
CVE-2021-27399
RESERVED
CVE-2021-27398 (A vulnerability has been identified in Tecnomatix Plant
Simulation (Al ...)
- TODO: check
+ NOT-FOR-US: Tecnomatix Plant Simulation
CVE-2021-27397 (A vulnerability has been identified in Tecnomatix Plant
Simulation (Al ...)
- TODO: check
+ NOT-FOR-US: Tecnomatix Plant Simulation
CVE-2021-27396 (A vulnerability has been identified in Tecnomatix Plant
Simulation (Al ...)
- TODO: check
+ NOT-FOR-US: Tecnomatix Plant Simulation
CVE-2021-27395
RESERVED
CVE-2021-27394 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
@@ -12874,13 +12874,13 @@ CVE-2021-27388
CVE-2021-27387
RESERVED
CVE-2021-27386 (A vulnerability has been identified in SIMATIC HMI Comfort
Outdoor Pan ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-27385 (A vulnerability has been identified in SIMATIC HMI Comfort
Outdoor Pan ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-27384 (A vulnerability has been identified in SIMATIC HMI Comfort
Outdoor Pan ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-27383 (A vulnerability has been identified in SIMATIC HMI Comfort
Outdoor Pan ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-27382 (A vulnerability has been identified in Solid Edge SE2020 (All
versions ...)
NOT-FOR-US: Solid Edge (Siemens)
CVE-2021-27381 (A vulnerability has been identified in Solid Edge SE2020 (All
Versions ...)
@@ -17216,11 +17216,11 @@ CVE-2021-25664 (A vulnerability has been identified
in Nucleus 4 (All versions &
CVE-2021-25663 (A vulnerability has been identified in Nucleus 4 (All versions
< V4 ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2021-25662 (A vulnerability has been identified in SIMATIC HMI Comfort
Outdoor Pan ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-25661 (A vulnerability has been identified in SIMATIC HMI Comfort
Outdoor Pan ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-25660 (A vulnerability has been identified in SIMATIC HMI Comfort
Outdoor Pan ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-25659
RESERVED
CVE-2021-25658
@@ -17905,9 +17905,9 @@ CVE-2021-25331 (Improper access control in Samsung Pay
mini application prior to
CVE-2021-25330 (Calling of non-existent provider in MobileWips application
prior to SM ...)
NOT-FOR-US: MobileWips application
CVE-2020-36198 (A command injection vulnerability has been reported to affect
certain ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-36197 (An improper access control vulnerability has been reported to
affect e ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-36196
RESERVED
CVE-2020-36195 (An SQL injection vulnerability has been reported to affect
QNAP NAS ru ...)
@@ -21237,9 +21237,9 @@ CVE-2021-23894
CVE-2021-23893
RESERVED
CVE-2021-23892 (By exploiting a time of check to time of use (TOCTOU) race
condition d ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23891 (Privilege Escalation vulnerability in McAfee Total Protection
(MTP) pr ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23890 (Information leak vulnerability in the Agent Handler of McAfee
ePolicy ...)
NOT-FOR-US: McAfee
CVE-2021-23889 (Cross-Site Scripting vulnerability in McAfee ePolicy
Orchestrator (ePO ...)
@@ -21277,7 +21277,7 @@ CVE-2021-23874 (Arbitrary Process Execution
vulnerability in McAfee Total Protec
CVE-2021-23873 (Privilege Escalation vulnerability in McAfee Total Protection
(MTP) pr ...)
NOT-FOR-US: McAfee
CVE-2021-23872 (Privilege Escalation vulnerability in the File Lock component
of McAfe ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23871
RESERVED
CVE-2021-23870
@@ -25053,7 +25053,7 @@ CVE-2021-22157 (Proofpoint Insider Threat Management
Server (formerly ObserveIT
CVE-2021-22156
RESERVED
CVE-2021-22155 (An Authentication Bypass vulnerability in the SAML
Authentication comp ...)
- TODO: check
+ NOT-FOR-US: BlackBerry Workspaces Server
CVE-2021-22154
RESERVED
CVE-2021-22153
@@ -32529,7 +32529,7 @@ CVE-2020-35200 (Ignite Realtime Openfire 4.6.0 has
plugins/clientcontrol/spark-f
CVE-2020-35199 (Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp
groupchatJID St ...)
NOT-FOR-US: Ignite Realtime Openfire
CVE-2020-35198 (An issue was discovered in Wind River VxWorks 7. The memory
allocator ...)
- TODO: check
+ NOT-FOR-US: Wind River VxWorks 7
CVE-2020-35197 (The official memcached docker images before 1.5.11-alpine
(Alpine spec ...)
NOT-FOR-US: memcached docker images before 1.5.11-alpine (Alpine
specific)
CVE-2020-35196 (The official rabbitmq docker images before
3.7.13-beta.1-management-al ...)
@@ -38745,7 +38745,7 @@ CVE-2020-28395 (A vulnerability has been identified in
SCALANCE X-300 switch fam
CVE-2020-28394 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: Siemens
CVE-2020-28393 (A vulnerability has been identified in SCALANCE XM-400 Family
(All ver ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-28392 (A vulnerability has been identified in SIMARIS configuration
(All vers ...)
NOT-FOR-US: Siemens
CVE-2020-28391 (A vulnerability has been identified in SCALANCE X-200 switch
family (i ...)
@@ -46330,7 +46330,7 @@ CVE-2020-26147 (An issue was discovered in the Linux
kernel 5.8.9. The WEP, WPA,
NOTE:
https://lore.kernel.org/linux-wireless/[email protected]/
NOTE:
https://lore.kernel.org/linux-wireless/20210511200110.30c4394bb835.I5acfdb552cc1d20c339c262315950b3eac491397@changeid/
CVE-2020-26146 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4
devices. The ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2020-26145 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4
devices. The ...)
- linux <unfixed>
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
@@ -46339,7 +46339,7 @@ CVE-2020-26145 (An issue was discovered on Samsung
Galaxy S3 i9305 4.4.4 devices
NOTE:
https://lore.kernel.org/linux-wireless/20210511200110.5a0bd289bda8.Idd6ebea20038fb1cfee6de924aa595e5647c9eae@changeid/
NOTE:
https://lore.kernel.org/linux-wireless/20210511200110.9ca6ca7945a9.I1e18b514590af17c155bda86699bc3a971a8dcf4@changeid/
CVE-2020-26144 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4
devices. The ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2020-26143 (An issue was discovered in the ALFA Windows 10 driver
1030.36.604 for ...)
TODO: check
CVE-2020-26142 (An issue was discovered in the kernel in OpenBSD 6.6. The WEP,
WPA, WP ...)
@@ -48607,7 +48607,7 @@ CVE-2020-25244 (A vulnerability has been identified in
LOGO! Soft Comfort (All v
CVE-2020-25243 (A vulnerability has been identified in LOGO! Soft Comfort (All
version ...)
NOT-FOR-US: Siemens
CVE-2020-25242 (A vulnerability has been identified in SIMATIC NET CP 343-1
Advanced ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-25241 (A vulnerability has been identified in SIMATIC MV400 family
(All Versi ...)
NOT-FOR-US: Siemens
CVE-2020-25240 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
@@ -52689,21 +52689,21 @@ CVE-2020-23378
CVE-2020-23377
RESERVED
CVE-2020-23376 (NoneCMS v1.3 has a CSRF vulnerability in
public/index.php/admin/nav/ad ...)
- TODO: check
+ NOT-FOR-US: NoneCMS
CVE-2020-23375
RESERVED
CVE-2020-23374 (Cross-site scripting (XSS) vulnerability in
admin/article/add.html in ...)
- TODO: check
+ NOT-FOR-US: NoneCMS
CVE-2020-23373 (Cross-site scripting (XSS) vulnerability in admin/nav/add.html
in none ...)
- TODO: check
+ NOT-FOR-US: NoneCMS
CVE-2020-23372
RESERVED
CVE-2020-23371 (Cross-site scripting (XSS) vulnerability in
static/admin/js/kindeditor ...)
- TODO: check
+ NOT-FOR-US: NoneCMS
CVE-2020-23370 (In YzmCMS 5.6, stored XSS exists via the
common/static/plugin/ueditor/ ...)
- TODO: check
+ NOT-FOR-US: YzmCMS
CVE-2020-23369 (In YzmCMS 5.6, XSS was discovered in
member/member_content/init.html v ...)
- TODO: check
+ NOT-FOR-US: YzmCMS
CVE-2020-23368
RESERVED
CVE-2020-23367
@@ -58920,11 +58920,11 @@ CVE-2020-20269 (A specially crafted Markdown document
could cause the execution
CVE-2020-20268
RESERVED
CVE-2020-20267 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a
memory corr ...)
- TODO: check
+ NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20266
RESERVED
CVE-2020-20265 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a
memory corr ...)
- TODO: check
+ NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20264
RESERVED
CVE-2020-20263
@@ -60913,9 +60913,9 @@ CVE-2020-19277
CVE-2020-19276
RESERVED
CVE-2020-19275 (An Information Disclosure vulnerability exists in dhcms
2017-09-18 whe ...)
- TODO: check
+ NOT-FOR-US: dhcms
CVE-2020-19274 (A Cross SIte Scripting (XSS) vulnerability exists in Dhcms
2017-09-18 ...)
- TODO: check
+ NOT-FOR-US: dhcms
CVE-2020-19273
RESERVED
CVE-2020-19272
@@ -61065,7 +61065,7 @@ CVE-2020-19201
CVE-2020-19200
RESERVED
CVE-2020-19199 (A Cross Site Request Forgery (CSRF) vulnerability exists in
PHPOK 5.2. ...)
- TODO: check
+ NOT-FOR-US: PHPOK
CVE-2020-19198
RESERVED
CVE-2020-19197
@@ -61535,7 +61535,7 @@ CVE-2020-18966
CVE-2020-18965
RESERVED
CVE-2020-18964 (Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog
latest v ...)
- TODO: check
+ NOT-FOR-US: ForestBlog
CVE-2020-18963
RESERVED
CVE-2020-18962
@@ -63139,7 +63139,7 @@ CVE-2020-18167
CVE-2020-18166
RESERVED
CVE-2020-18165 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote
attackers t ...)
- TODO: check
+ NOT-FOR-US: LAOBANCMS
CVE-2020-18164
RESERVED
CVE-2020-18163
@@ -63265,7 +63265,7 @@ CVE-2020-18104
CVE-2020-18103
RESERVED
CVE-2020-18102 (Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote
attacke ...)
- TODO: check
+ NOT-FOR-US: Hotels_Server
CVE-2020-18101
RESERVED
CVE-2020-18100
@@ -108203,7 +108203,7 @@ CVE-2019-19278 (A vulnerability has been identified
in SINAMICS PERFECT HARMONY
CVE-2019-19277 (A vulnerability has been identified in SIPORT MP (All versions
< 3. ...)
NOT-FOR-US: Siemens
CVE-2019-19276 (A vulnerability has been identified in SIMATIC HMI Comfort
Panels 1st ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-19275 (typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments
out-of-bounds read. ...)
- python3-typed-ast 1.4.0-1 (low)
[buster] - python3-typed-ast <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/062b6071ff18040e3fc64bda83f735210cd4852e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/062b6071ff18040e3fc64bda83f735210cd4852e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
