Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d69f6b6d by Salvatore Bonaccorso at 2021-07-22T07:59:03+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3847,7 +3847,7 @@ CVE-2021-35484
CVE-2021-35483
RESERVED
CVE-2021-35482 (An issue was discovered in Barco MirrorOp Windows Sender
before 2.5.4. ...)
- TODO: check
+ NOT-FOR-US: Barco MirrorOp Windows Sender
CVE-2021-35481
RESERVED
CVE-2021-35480
@@ -5762,7 +5762,7 @@ CVE-2021-34621 (A vulnerability in the user registration
component found in the
CVE-2021-34620 (The WP Fluent Forms plugin < 3.6.67 for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34619 (The WooCommerce Stock Manager WordPress plugin is vulnerable
to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-34618 (A remote denial of service (DoS) vulnerability was discovered
in some ...)
NOT-FOR-US: Aruba
CVE-2021-34617 (A remote cross-site scripting (XSS) vulnerability was
discovered in so ...)
@@ -26625,7 +26625,7 @@ CVE-2021-26097
CVE-2021-26096
RESERVED
CVE-2021-26095 (The combination of various cryptographic issues in the session
managem ...)
- TODO: check
+ NOT-FOR-US: FortiMail
CVE-2021-26094
RESERVED
CVE-2021-26093
@@ -27723,19 +27723,19 @@ CVE-2021-25703
CVE-2021-25702
RESERVED
CVE-2021-25701 (The fUSBHub driver in the PCoIP Software Client prior to
version 21.07 ...)
- TODO: check
+ NOT-FOR-US: Teradici
CVE-2021-25700
RESERVED
CVE-2021-25699 (The OpenSSL component of the Teradici PCoIP Software Client
prior to v ...)
- TODO: check
+ NOT-FOR-US: Teradici
CVE-2021-25698 (The OpenSSL component of the Teradici PCoIP Standard Agent
prior to ve ...)
- TODO: check
+ NOT-FOR-US: Teradici
CVE-2021-25697
RESERVED
CVE-2021-25696
RESERVED
CVE-2021-25695 (The USB vHub in the Teradici PCOIP Software Agent prior to
version 21. ...)
- TODO: check
+ NOT-FOR-US: Teradici
CVE-2021-25694 (Teradici PCoIP Graphics Agent for Windows prior to 21.03 does
not vali ...)
NOT-FOR-US: Teradici PCoIP Graphics Agent for Windows
CVE-2021-25693 (An attacker may cause a Denial of Service (DoS) in multiple
versions o ...)
@@ -34262,21 +34262,21 @@ CVE-2021-22779 (Authentication Bypass by Spoofing
vulnerability exists in EcoStr
CVE-2021-22778 (Insufficiently Protected Credentials vulnerability exists in
EcoStruxu ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22777 (A CWE-502: Deserialization of Untrusted Data vulnerability
exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22776
RESERVED
CVE-2021-22775
RESERVED
CVE-2021-22774 (A CWE-759: Use of a One-Way Hash without a Salt vulnerability
exists i ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22773 (A CWE-620: Unverified Password Change vulnerability exists in
EVlink C ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22772 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22771 (A CWE-1236: Improper Neutralization of Formula Elements in a
CSV File ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22770 (A CWE-200: Information Exposure vulnerability exists in
Easergy T300 w ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22769 (A CWE-552: Files or Directories Accessible to External Parties
vulnera ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22768 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input
Validation vu ...)
@@ -34356,25 +34356,25 @@ CVE-2021-22732 (Improper Privilege Management
vulnerability exists in homeLYnk (
CVE-2021-22731 (Weak Password Recovery Mechanism for Forgotten Password
vulnerability ...)
NOT-FOR-US: Modicon
CVE-2021-22730 (A CWE-798: Use of Hard-coded Credentials vulnerability exists
in EVlin ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22729 (A CWE-259: Use of Hard-coded Password vulnerability exists in
EVlink C ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22728 (A CWE-200: Information Exposure vulnerability exists in EVlink
City (E ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22727 (A CWE-331: Insufficient Entropy vulnerability exists in EVlink
City (E ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22726 (A CWE-918: Server-Side Request Forgery (SSRF) vulnerability
exists in ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22725
RESERVED
CVE-2021-22724
RESERVED
CVE-2021-22723 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22722 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22721 (A CWE-200: Information Exposure vulnerability exists in EVlink
City (E ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22720 (A CWE-22: Improper Limitation of a Pathname to a Restricted
Directory ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22719 (A CWE-22: Improper Limitation of a Pathname to a Restricted
Directory ...)
@@ -34400,11 +34400,11 @@ CVE-2021-22710 (A CWE-119:Improper Restriction of
Operations within the Bounds o
CVE-2021-22709 (A CWE-119:Improper Restriction of Operations within the Bounds
of a Me ...)
NOT-FOR-US: Schneider
CVE-2021-22708 (A CWE-347: Improper Verification of Cryptographic Signature
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22707 (A CWE-798: Use of Hard-coded Credentials vulnerability exists
in EVlin ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22706 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22705 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
NOT-FOR-US: Schneider
CVE-2021-22704
@@ -35792,7 +35792,7 @@ CVE-2021-22127
CVE-2021-22126
RESERVED
CVE-2021-22125 (An instance of improper neutralization of special elements in
the snif ...)
- TODO: check
+ NOT-FOR-US: FortiSandbox
CVE-2021-22124
RESERVED
CVE-2021-22123 (An OS command injection vulnerability in FortiWeb's management
interfa ...)
@@ -38606,9 +38606,9 @@ CVE-2021-21409 (Netty is an open-source, asynchronous
event-driven network appli
CVE-2021-21408
RESERVED
CVE-2021-21407 (Combodo iTop is an open source, web based IT Service
Management tool. ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2021-21406 (Combodo iTop is an open source, web based IT Service
Management tool. ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2021-21405 (Lotus is an Implementation of the Filecoin protocol written in
Go. BLS ...)
NOT-FOR-US: Lotus
CVE-2021-21404 (Syncthing is a continuous file synchronization program. In
Syncthing b ...)
@@ -42193,11 +42193,11 @@ CVE-2021-20112
CVE-2021-20111
RESERVED
CVE-2021-20110 (Due to Manage Engine Asset Explorer Agent 1.0.34 not
validating HTTPS ...)
- TODO: check
+ NOT-FOR-US: Manage Engine Asset Explorer Agent
CVE-2021-20109 (Due to the Asset Explorer agent not validating HTTPS
certificates, an ...)
- TODO: check
+ NOT-FOR-US: Asset Explorer agent
CVE-2021-20108 (Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000
for inc ...)
- TODO: check
+ NOT-FOR-US: Manage Engine Asset Explorer Agent
CVE-2021-20107 (There exists an unauthenticated BLE Interface in Sloan
SmartFaucets in ...)
NOT-FOR-US: Sloan
CVE-2021-20106 (Nessus Agent versions 8.2.5 and earlier were found to contain
a privil ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d69f6b6dc4f3f83ead9384673f02957de70541c1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d69f6b6dc4f3f83ead9384673f02957de70541c1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
