Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8139e6a8 by Salvatore Bonaccorso at 2021-06-23T22:32:27+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6151,9 +6151,9 @@ CVE-2021-32703
CVE-2021-32702
RESERVED
CVE-2021-32701 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and
Access Cont ...)
- TODO: check
+ NOT-FOR-US: ORY Oathkeeper
CVE-2021-32700 (Ballerina is an open source programming language and platform
for clou ...)
- TODO: check
+ NOT-FOR-US: Ballerina
CVE-2021-32699 (Wings is the control plane software for the open source
Pterodactyl ga ...)
TODO: check
CVE-2021-32698 (eLabFTW is an open source electronic lab notebook for research
labs. T ...)
@@ -8942,9 +8942,9 @@ CVE-2021-31588
CVE-2021-31587
RESERVED
CVE-2021-31586 (Accellion Kiteworks before 7.4.0 allows an authenticated user
to perfo ...)
- TODO: check
+ NOT-FOR-US: Accellion Kiteworks
CVE-2021-31585 (Accellion Kiteworks before 7.3.1 allows a user with Admin
privileges t ...)
- TODO: check
+ NOT-FOR-US: Accellion Kiteworks
CVE-2021-31584 (Sipwise C5 NGCP www_admin version 3.6.7 allows call/click2dial
CSRF at ...)
NOT-FOR-US: Sipwise
CVE-2021-31583 (Sipwise C5 NGCP CSC through CE_mr9.3.1 has multiple
authenticated stor ...)
@@ -15071,13 +15071,13 @@ CVE-2021-29089 (Improper neutralization of special
elements used in an SQL comma
CVE-2021-29088 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
NOT-FOR-US: Synology
CVE-2021-29087 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-29086 (Exposure of sensitive information to an unauthorized actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-29085 (Improper neutralization of special elements in output used by
a downst ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-29084 (Improper neutralization of special elements in output used by
a downst ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-29083 (Improper neutralization of special elements used in an OS
command in S ...)
NOT-FOR-US: Synology
CVE-2021-3460 (The Motorola MH702x devices, prior to version 2.0.0.301, do not
proper ...)
@@ -15304,9 +15304,9 @@ CVE-2021-28979 (SafeNet KeySecure Management Console
8.12.0 is vulnerable to HTT
CVE-2021-28978
RESERVED
CVE-2021-28977 (Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in
admin/upl ...)
- TODO: check
+ NOT-FOR-US: GetSimpleCMS
CVE-2021-28976 (Remote Code Execution vulnerability in GetSimpleCMS before
3.3.16 in a ...)
- TODO: check
+ NOT-FOR-US: GetSimpleCMS
CVE-2021-3457 (An improper authorization handling flaw was found in Foreman.
The Shel ...)
- foreman <itp> (bug #663101)
CVE-2021-3456
@@ -18554,7 +18554,7 @@ CVE-2021-3415
CVE-2021-27650
RESERVED
CVE-2021-27649 (Use after free vulnerability in file transfer protocol
component in Sy ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-27648 (Externally controlled reference to a resource in another
sphere in qua ...)
NOT-FOR-US: Synology
CVE-2021-27647 (Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core
in Synolo ...)
@@ -30902,7 +30902,7 @@ CVE-2021-22385
CVE-2021-22384
RESERVED
CVE-2021-22383 (There is an out-of-bounds read vulnerability in eCNS280_TD
V100R005C10 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22382 (Huawei LTE USB Dongle products have an improper permission
assignment ...)
NOT-FOR-US: Huawei
CVE-2021-22381
@@ -30912,9 +30912,9 @@ CVE-2021-22380
CVE-2021-22379
RESERVED
CVE-2021-22378 (There is a race condition vulnerability in eCNS280_TD
V100R005C00 and ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22377 (There is a command injection vulnerability in S12700
V200R019C00SPC500 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22376
RESERVED
CVE-2021-22375
@@ -30936,17 +30936,17 @@ CVE-2021-22368
CVE-2021-22367
RESERVED
CVE-2021-22366 (There is an out-of-bounds read vulnerability in eSE620X vESS
V100R001C ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22365 (There is an out of bounds read vulnerability in eSE620X vESS
V100R001C ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22364 (There is a denial of service vulnerability in the versions
10.1.0.126( ...)
NOT-FOR-US: Huawei
CVE-2021-22363 (There is a resource management error vulnerability in
eCNS280_TD V100R ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22362 (There is an out of bounds write vulnerability in some Huawei
products. ...)
NOT-FOR-US: Huawei
CVE-2021-22361 (There is an improper authorization vulnerability in eCNS280
V100R005C0 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22360 (There is a resource management error vulnerability in the
verisions V5 ...)
NOT-FOR-US: Huawei
CVE-2021-22359 (There is a denial of service vulnerability in the verisions
V200R005C0 ...)
@@ -31732,9 +31732,9 @@ CVE-2021-22001
CVE-2021-22000
RESERVED
CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware
Remote Conso ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2021-21998 (VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8,
and 8.6 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a
denial-of ...)
NOT-FOR-US: VMware
CVE-2021-21996
@@ -36157,9 +36157,9 @@ CVE-2021-20739
CVE-2021-20738
RESERVED
CVE-2021-20737 (Improper authentication vulnerability in GROWI versions prior
to v4.2. ...)
- TODO: check
+ NOT-FOR-US: GROWI
CVE-2021-20736 (NoSQL injection vulnerability in GROWI versions prior to
v4.2.20 allow ...)
- TODO: check
+ NOT-FOR-US: GROWI
CVE-2021-20735 (Cross-site scripting vulnerability in ETUNA EC-CUBE plugins
(Delivery ...)
NOT-FOR-US: ETUNA EC-CUBE plugins
CVE-2021-20734 (Cross-site scripting vulnerability in Welcart e-Commerce
versions prio ...)
@@ -57942,7 +57942,7 @@ CVE-2020-23964
CVE-2020-23963
RESERVED
CVE-2020-23962 (A cross site scripting (XSS) vulnerability in Catfish CMS
4.9.90 allow ...)
- TODO: check
+ NOT-FOR-US: Catfish CMS
CVE-2020-23961
RESERVED
CVE-2020-23960 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Admi ...)
@@ -61121,7 +61121,7 @@ CVE-2020-22392
CVE-2020-22391
RESERVED
CVE-2020-22390 (Akaunting <= 2.0.9 is vulnerable to CSV injection in the
Item name ...)
- TODO: check
+ NOT-FOR-US: Akaunting
CVE-2020-22389
RESERVED
CVE-2020-22388
@@ -61549,31 +61549,31 @@ CVE-2020-22178
CVE-2020-22177
RESERVED
CVE-2020-22176 (PHPGurukul Hospital Management System in PHP v4.0 has a
sensitive info ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
CVE-2020-22175 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
CVE-2020-22174 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
CVE-2020-22173 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
CVE-2020-22172 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
CVE-2020-22171 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
CVE-2020-22170 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
CVE-2020-22169 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
CVE-2020-22168 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
CVE-2020-22167 (PHPGurukul Hospital Management System in PHP v4.0 has a
Persistent Cro ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
CVE-2020-22166 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
CVE-2020-22165 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
CVE-2020-22164 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
CVE-2020-22163
RESERVED
CVE-2020-22162
@@ -62975,7 +62975,7 @@ CVE-2020-21519
CVE-2020-21518
RESERVED
CVE-2020-21517 (Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via
the gour ...)
- TODO: check
+ NOT-FOR-US: MetInfo
CVE-2020-21516
RESERVED
CVE-2020-21515
@@ -63749,7 +63749,7 @@ CVE-2020-21132
CVE-2020-21131
RESERVED
CVE-2020-21130 (Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via
the grou ...)
- TODO: check
+ NOT-FOR-US: HisiPHP
CVE-2020-21129
RESERVED
CVE-2020-21128
@@ -65254,13 +65254,13 @@ CVE-2020-20394
CVE-2020-20393
RESERVED
CVE-2020-20392 (SQL Injection vulnerability in imcat v5.2 via the fm[auser]
parameters ...)
- TODO: check
+ NOT-FOR-US: imcat
CVE-2020-20391 (Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in
admin/sni ...)
- TODO: check
+ NOT-FOR-US: GetSimpleCMS
CVE-2020-20390
RESERVED
CVE-2020-20389 (Cross Site Scripting (XSS) vulnerability in GetSimpleCMS
3.4.0a in adm ...)
- TODO: check
+ NOT-FOR-US: GetSimpleCMS
CVE-2020-20388
RESERVED
CVE-2020-20387
@@ -68730,17 +68730,17 @@ CVE-2020-18661
CVE-2020-18660
RESERVED
CVE-2020-18659 (Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15
via the ...)
- TODO: check
+ NOT-FOR-US: GetSimpleCMS
CVE-2020-18658 (Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS
<=3.3.15 ...)
- TODO: check
+ NOT-FOR-US: GetSimpleCMS
CVE-2020-18657 (Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <=
3.3.15 ...)
- TODO: check
+ NOT-FOR-US: GetSimpleCMS
CVE-2020-18656
RESERVED
CVE-2020-18655
RESERVED
CVE-2020-18654 (Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Wuzhi CMS
CVE-2020-18653
RESERVED
CVE-2020-18652
@@ -68752,11 +68752,11 @@ CVE-2020-18650
CVE-2020-18649
RESERVED
CVE-2020-18648 (Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows
remote atta ...)
- TODO: check
+ NOT-FOR-US: JuQingCMS
CVE-2020-18647 (Information Disclosure in NoneCMS v1.3 allows remote attackers
to obta ...)
- TODO: check
+ NOT-FOR-US: NoneCMS
CVE-2020-18646 (Information Disclosure in NoneCMS v1.3 allows remote attackers
to obta ...)
- TODO: check
+ NOT-FOR-US: NoneCMS
CVE-2020-18645
RESERVED
CVE-2020-18644
@@ -75189,7 +75189,7 @@ CVE-2020-15734 (An Origin Validation Error
vulnerability in Bitdefender Safepay
CVE-2020-15733 (An Origin Validation Error vulnerability in the SafePay
component of B ...)
NOT-FOR-US: Bitdefender Antivirus Plus
CVE-2020-15732 (Improper Certificate Validation vulnerability in the Online
Threat Pre ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2020-15731 (An improper Input Validation vulnerability in the code
handling file r ...)
NOT-FOR-US: Bitdefender
CVE-2020-15730
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8139e6a8b69c54ce409cc417e4d450f9f9a7d6ee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8139e6a8b69c54ce409cc417e4d450f9f9a7d6ee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
