Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
439592c1 by Salvatore Bonaccorso at 2021-06-10T22:46:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2591,7 +2591,7 @@ CVE-2021-33395
CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does
not gener ...)
NOT-FOR-US: Cubecart
CVE-2021-33393 (lfs/backup in IPFire 2.25-core155 does not ensure that
/var/ipfire/bac ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2021-33392
RESERVED
CVE-2021-33391
@@ -3424,7 +3424,7 @@ CVE-2021-33034 (In the Linux kernel before 5.12.4,
net/bluetooth/hci_event.c has
CVE-2021-33032
RESERVED
CVE-2021-33031 (In LabCup before <v2_next_18022, it is possible to use the
save API ...)
- TODO: check
+ NOT-FOR-US: LabCup
CVE-2021-33030
RESERVED
CVE-2021-33029
@@ -5763,7 +5763,7 @@ CVE-2021-32017
CVE-2021-32016
RESERVED
CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local
authenticated mal ...)
- TODO: check
+ NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware
CVE-2021-32014
RESERVED
CVE-2021-32013
@@ -5893,9 +5893,9 @@ CVE-2021-31962 (Kerberos AppContainer Security Feature
Bypass Vulnerability ...)
CVE-2021-31961
RESERVED
CVE-2021-31960 (Windows Bind Filter Driver Information Disclosure
Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31959 (Scripting Engine Memory Corruption Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31958 (Windows NTLM Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-31957 (ASP.NET Denial of Service Vulnerability ...)
@@ -5955,11 +5955,11 @@ CVE-2021-31931
CVE-2021-31930 (Persistent cross-site scripting (XSS) in the web interface of
Concerto ...)
NOT-FOR-US: Concerto
CVE-2021-31929 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows
any auth ...)
- TODO: check
+ NOT-FOR-US: Annex Cloud Loyalty Experience Platform
CVE-2021-31928 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows
any auth ...)
- TODO: check
+ NOT-FOR-US: Annex Cloud Loyalty Experience Platform
CVE-2021-31927 (An Insecure Direct Object Reference (IDOR) vulnerability in
Annex Clou ...)
- TODO: check
+ NOT-FOR-US: Annex Cloud Loyalty Experience Platform
CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x
before 2.1. ...)
NOT-FOR-US: CubeCoders AMP
CVE-2021-31925
@@ -6242,9 +6242,9 @@ CVE-2021-31842
CVE-2021-31841
RESERVED
CVE-2021-31840 (A vulnerability in the preloading mechanism of specific
dynamic link l ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-31839 (Improper privilege management vulnerability in McAfee Agent
for Window ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-31838
RESERVED
CVE-2021-31837 (Memory corruption vulnerability in the driver file component
in McAfee ...)
@@ -6742,9 +6742,9 @@ CVE-2021-31661
CVE-2021-31660
RESERVED
CVE-2021-31659 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529
Rel.40524 is v ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2021-31658 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529
Rel.40524 is a ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2021-31657
RESERVED
CVE-2021-31656
@@ -7489,13 +7489,13 @@ CVE-2021-31345
CVE-2021-31344
RESERVED
CVE-2021-31343 (The jutil.dll library in all versions of Solid Edge SE2020
before 2020 ...)
- TODO: check
+ NOT-FOR-US: Solid Edge
CVE-2021-31342 (The ugeom2d.dll library in all versions of Solid Edge SE2020
before 20 ...)
- TODO: check
+ NOT-FOR-US: Solid Edge
CVE-2021-31341 (Uploading a table mapping using a manipulated XML file results
in an e ...)
NOT-FOR-US: Mendix Database Replication
CVE-2021-31340 (A vulnerability has been identified in SIMATIC RF166C (All
versions &g ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-31339 (A vulnerability has been identified in Mendix Excel Importer
Module (A ...)
NOT-FOR-US: Mendix Excel Importer Module
CVE-2021-31338
@@ -7806,11 +7806,11 @@ CVE-2021-31203
CVE-2021-31202
RESERVED
CVE-2021-31201 (Microsoft Enhanced Cryptographic Provider Elevation of
Privilege Vulne ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31200 (Common Utilities Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-31199 (Microsoft Enhanced Cryptographic Provider Elevation of
Privilege Vulne ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-31198 (Microsoft Exchange Server Remote Code Execution Vulnerability
This CVE ...)
NOT-FOR-US: Microsoft
CVE-2021-31197
@@ -10393,7 +10393,7 @@ CVE-2021-30135
CVE-2021-30134
RESERVED
CVE-2021-30133 (A cross-site scripting (XSS) vulnerability in CloverDX Server
5.9.0, C ...)
- TODO: check
+ NOT-FOR-US: CloverDX
CVE-2021-30132
RESERVED
CVE-2021-30131
@@ -10697,7 +10697,7 @@ CVE-2021-29997 (An issue was discovered in Wind River
VxWorks 7 before 21.03. A
CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command
execution. ...)
NOT-FOR-US: marktext
CVE-2021-29995 (A Cross Site Request Forgery (CSRF) issue in Server Console in
CloverD ...)
- TODO: check
+ NOT-FOR-US: CloverDX
CVE-2021-29994
RESERVED
CVE-2021-29993
@@ -13033,7 +13033,7 @@ CVE-2021-29051 (Cross-site scripting (XSS)
vulnerability in the Asset module's A
CVE-2021-29050
RESERVED
CVE-2021-29049 (Cross-site scripting (XSS) vulnerability in the Portal
Workflow module ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2021-29048 (Cross-site scripting (XSS) vulnerability in the Layout
module's page a ...)
NOT-FOR-US: Liferay
CVE-2021-29047 (The SimpleCaptcha implementation in Liferay Portal 7.3.4,
7.3.5 and Li ...)
@@ -16964,7 +16964,7 @@ CVE-2021-3413 (A flaw was found in Red Hat Satellite in
tfm-rubygem-foreman_azur
CVE-2021-3412 (It was found that all versions of 3Scale developer portal
lacked brute ...)
NOT-FOR-US: Red Hat 3scale API Management
CVE-2021-27399 (A vulnerability has been identified in Simcenter Femap 2020.2
(All ver ...)
- TODO: check
+ NOT-FOR-US: Simcenter (Siemens)
CVE-2021-27398 (A vulnerability has been identified in Tecnomatix Plant
Simulation (Al ...)
NOT-FOR-US: Tecnomatix Plant Simulation
CVE-2021-27397 (A vulnerability has been identified in Tecnomatix Plant
Simulation (Al ...)
@@ -16988,7 +16988,7 @@ CVE-2021-27389 (A vulnerability has been identified in
Opcenter Quality (All ver
CVE-2021-27388
RESERVED
CVE-2021-27387 (A vulnerability has been identified in Simcenter Femap 2020.2
(All ver ...)
- TODO: check
+ NOT-FOR-US: Simcenter (Siemens)
CVE-2021-27386 (A vulnerability has been identified in SIMATIC HMI Comfort
Outdoor Pan ...)
NOT-FOR-US: Siemens
CVE-2021-27385 (A remote attacker could send specially crafted packets to a
SmartVNC d ...)
@@ -19202,13 +19202,13 @@ CVE-2021-26476 (EPrints 3.4.2 allows remote attackers
to execute OS commands via
CVE-2021-26475 (EPrints 3.4.2 exposes a reflected XSS opportunity in the via a
cgi/cal ...)
NOT-FOR-US: EPrints
CVE-2021-26474 (Vembu BDR Suite before 4.2.0 allows Unauthenticated SSRF via a
GET req ...)
- TODO: check
+ NOT-FOR-US: Vembu BDR Suite
CVE-2021-26473 (Vembu BDR Suite before 4.2.0 allows Unauthenticated file write
via a G ...)
- TODO: check
+ NOT-FOR-US: Vembu BDR Suite
CVE-2021-26472 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote
Code Execut ...)
- TODO: check
+ NOT-FOR-US: Vembu BDR Suite
CVE-2021-26471 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote
Code Execut ...)
- TODO: check
+ NOT-FOR-US: Vembu BDR Suite
CVE-2021-26470
RESERVED
CVE-2021-26469
@@ -19310,7 +19310,7 @@ CVE-2021-26422 (Skype for Business and Lync Remote Code
Execution Vulnerability
CVE-2021-26421 (Skype for Business and Lync Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-26420 (Microsoft SharePoint Server Remote Code Execution
Vulnerability This C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26419 (Scripting Engine Memory Corruption Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-26418 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is
unique from ...)
@@ -19322,7 +19322,7 @@ CVE-2021-26416 (Windows Hyper-V Denial of Service
Vulnerability ...)
CVE-2021-26415 (Windows Installer Elevation of Privilege Vulnerability This
CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2021-26414 (Windows DCOM Server Security Feature Bypass ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26413 (Windows Installer Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-26412 (Microsoft Exchange Server Remote Code Execution Vulnerability
This CVE ...)
@@ -21305,7 +21305,7 @@ CVE-2021-3197 (An issue was discovered in SaltStack
Salt before 3002.5. The salt
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE:
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
CVE-2021-3196 (An issue was discovered in Hitachi ID Bravura Security Fabric
11.0.0 t ...)
- TODO: check
+ NOT-FOR-US: Hitachi ID Bravura Security Fabric
CVE-2021-3195 (** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can
create a ne ...)
NOTE: Disputed Bitcoin issue
NOTE: https://github.com/bitcoin/bitcoin/issues/20866
@@ -25458,11 +25458,11 @@ CVE-2021-23856
CVE-2021-23855
RESERVED
CVE-2021-23854 (An error in the handling of a page parameter in Bosch IP
cameras may l ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23853 (In Bosch IP cameras, improper validation of the HTTP header
allows an ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23852 (An authenticated attacker with administrator rights Bosch IP
cameras c ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23851
RESERVED
CVE-2021-23850
@@ -25470,9 +25470,9 @@ CVE-2021-23850
CVE-2021-23849
RESERVED
CVE-2021-23848 (An error in the URL handler Bosch IP cameras may lead to a
reflected c ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23847 (A Missing Authentication in Critical Function in Bosch IP
cameras allo ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23846
RESERVED
CVE-2021-23845
@@ -26960,11 +26960,11 @@ CVE-2021-3043
CVE-2021-3042
RESERVED
CVE-2021-3041 (A local privilege escalation vulnerability exists in the Palo
Alto Net ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3040 (An unsafe deserialization vulnerability in Bridgecrew Checkov
by Prism ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3039 (An information exposure through log file vulnerability exists
in the P ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3038 (A denial-of-service (DoS) vulnerability in Palo Alto Networks
GlobalPr ...)
NOT-FOR-US: Palo Alto Networks
CVE-2021-3037 (An information exposure through log file vulnerability exists
in Palo ...)
@@ -30085,9 +30085,9 @@ CVE-2021-21738
CVE-2021-21737
RESERVED
CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and
access c ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21735 (A ZTE product has an information leak vulnerability. Due to
improper p ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21734 (Some PON MDU devices of ZTE stored sensitive information in
plaintext, ...)
NOT-FOR-US: ZTE
CVE-2021-21733 (The management system of ZXCDN is impacted by the information
leak vul ...)
@@ -33965,9 +33965,9 @@ CVE-2021-20733
CVE-2021-20732 (The ATOM (ATOM - Smart life App for Android versions prior to
1.8.1 an ...)
TODO: check
CVE-2021-20731 (WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4
firmware Ver ...)
- TODO: check
+ NOT-FOR-US: WSR-1166DHP3 firmware
CVE-2021-20730 (Improper access control vulnerability in WSR-1166DHP3 firmware
Ver.1.1 ...)
- TODO: check
+ NOT-FOR-US: WSR-1166DHP3 firmware
CVE-2021-20729
RESERVED
CVE-2021-20728 (Improper access control vulnerability in goo blog App for
Android ver. ...)
@@ -35674,7 +35674,7 @@ CVE-2021-20083 (Improperly Controlled Modification of
Object Prototype Attribute
CVE-2021-20082
RESERVED
CVE-2021-20081 (Incomplete List of Disallowed Inputs in ManageEngine
ServiceDesk Plus ...)
- TODO: check
+ NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2021-20080 (Insufficient output sanitization in ManageEngine ServiceDesk
Plus befo ...)
NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2021-20079
@@ -39138,7 +39138,7 @@ CVE-2021-1677 (Azure Active Directory Pod Identity
Spoofing Vulnerability ...)
CVE-2021-1676 (Windows NT Lan Manager Datagram Receiver Driver Information
Disclosure ...)
NOT-FOR-US: Microsoft
CVE-2021-1675 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-1674 (Windows Remote Desktop Protocol Core Security Feature Bypass
Vulnerabi ...)
NOT-FOR-US: Microsoft
CVE-2021-1673 (Remote Procedure Call Runtime Remote Code Execution
Vulnerability This ...)
@@ -46754,13 +46754,13 @@ CVE-2021-0136
CVE-2021-0135
RESERVED
CVE-2021-0134 (Improper input validation in an API for the Intel(R) Security
Library ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0133 (Key exchange without entity authentication in the Intel(R)
Security Li ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0132 (Missing release of resource after effective lifetime in an API
for the ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0131 (Use of cryptographically weak pseudo-random number generator
(PRNG) in ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0130
RESERVED
CVE-2021-0129 (Improper access control in BlueZ may allow an authenticated
user to po ...)
@@ -46800,9 +46800,9 @@ CVE-2021-0115
CVE-2021-0114
RESERVED
CVE-2021-0113 (Out of bounds write in the BMC firmware for Intel(R) Server
Board M10J ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows
before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0111
RESERVED
CVE-2021-0110
@@ -46810,21 +46810,21 @@ CVE-2021-0110
CVE-2021-0109 (Insecure inherited permissions for the Intel(R) SOC driver
package for ...)
NOT-FOR-US: Intel
CVE-2021-0108 (Uncontrolled search path in the Intel Unite(R) Client for
Windows befo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0107
RESERVED
CVE-2021-0106 (Incorrect default permissions in the Intel(R) Optane(TM) DC
Persistent ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0105 (Insecure inherited permissions in some Intel(R) ProSet/Wireless
WiFi d ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0104 (Uncontrolled search path element in the installer for the
Intel(R) Rap ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0103
RESERVED
CVE-2021-0102 (Insecure inherited permissions in the Intel Unite(R) Client for
Window ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0101 (Buffer overflow in the BMC firmware for Intel(R) Server
BoardM10JNP2SB ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0100 (Incorrect default permissions in the installer for the Intel(R)
SSD Da ...)
TODO: check
CVE-2021-0099
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/439592c1706b6e790bfa739fc4eae787d547ebbd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/439592c1706b6e790bfa739fc4eae787d547ebbd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
