Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2e204660 by Salvatore Bonaccorso at 2021-07-30T14:51:00+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2021-37745
CVE-2021-37744
RESERVED
CVE-2021-37743 (app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows
Stored X ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2021-37742 (app/View/Elements/GalaxyClusters/view_relation_tree.ctp in
MISP 2.4.14 ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2021-37741
RESERVED
CVE-2021-37740
@@ -27453,7 +27453,7 @@ CVE-2021-26275 (** UNSUPPORTED WHEN ASSIGNED ** The
eslint-fixer package through
CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version
4.0.4, a ...)
NOT-FOR-US: Atlassian
CVE-2020-36239 (Jira Data Center, Jira Core Data Center, Jira Software Data
Center fro ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-36238 (The /rest/api/1.0/render resource in Jira Server and Data
Center befor ...)
NOT-FOR-US: Atlassian
CVE-2020-36237 (Affected versions of Atlassian Jira Server and Data Center
allow unaut ...)
@@ -30158,7 +30158,7 @@ CVE-2021-25274 (The Collector Service in SolarWinds
Orion Platform before 2020.2
CVE-2021-3159 (A stored cross site scripting (XSS) vulnerability in the
/sys/attachme ...)
NOT-FOR-US: Landray EKP
CVE-2021-25273 (Stored XSS can execute as administrator in quarantined email
detail vi ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2021-25272
RESERVED
CVE-2021-25271
@@ -57607,7 +57607,7 @@ CVE-2020-26565
CVE-2020-26564
RESERVED
CVE-2020-26563 (ObjectPlanet Opinio before 7.13 allows reflected XSS via the
survey/ad ...)
- TODO: check
+ NOT-FOR-US: ObjectPlanet Opinio
CVE-2020-26562
RESERVED
CVE-2020-26561 (** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL
1.0.04.002_US_ ...)
@@ -75698,11 +75698,11 @@ CVE-2020-18173 (A DLL injection vulnerability in
1password.dll of 1Password 7.3.
CVE-2020-18172 (A code injection vulnerability in the SeDebugPrivilege
component of Tr ...)
TODO: check
CVE-2020-18171 (TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding
(OLE) w ...)
- TODO: check
+ NOT-FOR-US: TechSmith Snagit
CVE-2020-18170 (An issue in the SeChangeNotifyPrivilege component of Abloy Key
Manager ...)
NOT-FOR-US: Abloy Key Manager
CVE-2020-18169 (A vulnerability in the Windows installer XML (WiX) toolset of
TechSmit ...)
- TODO: check
+ NOT-FOR-US: TechSmith Snagit
CVE-2020-18168
RESERVED
CVE-2020-18167 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote
attackers t ...)
@@ -78469,7 +78469,7 @@ CVE-2020-16841
CVE-2020-16840
RESERVED
CVE-2020-16839 (On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices
before th ...)
- TODO: check
+ NOT-FOR-US: Crestron
CVE-2020-16838
RESERVED
CVE-2020-16837
@@ -80621,7 +80621,7 @@ CVE-2020-15950 (Immuta v2.8.2 is affected by improper
session management: user s
CVE-2020-15949 (Immuta v2.8.2 is affected by one instance of insecure
permissions that ...)
NOT-FOR-US: Immuta
CVE-2020-15948 (eGain Chat 15.5.5 allows XSS via the Name (aka full_name)
field. ...)
- TODO: check
+ NOT-FOR-US: eGain Chat
CVE-2020-25573 (An issue was discovered in the linked-hash-map crate before
0.5.3 for ...)
- rust-linked-hash-map 0.5.4-1 (bug #966246)
[buster] - rust-linked-hash-map <no-dsa> (Minor issue)
@@ -104610,13 +104610,13 @@ CVE-2020-7392
CVE-2020-7391
RESERVED
CVE-2020-7390 (Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of
User Pr ...)
- TODO: check
+ NOT-FOR-US: Sage X3
CVE-2020-7389 (Sage X3 System CHAINE Variable Script Command Injection. An
authentica ...)
- TODO: check
+ NOT-FOR-US: Sage X3
CVE-2020-7388 (Sage X3 Unauthenticated Remote Command Execution (RCE) as
SYSTEM in Ad ...)
- TODO: check
+ NOT-FOR-US: Sage X3
CVE-2020-7387 (Sage X3 Installation Pathname Disclosure. A specially crafted
packet c ...)
- TODO: check
+ NOT-FOR-US: Sage X3
CVE-2020-7386
RESERVED
CVE-2020-7385 (By launching the drb_remote_codeexec exploit, a Metasploit
Framework u ...)
@@ -336276,7 +336276,7 @@ CVE-2015-2157 (The (1) ssh2_load_userkey and (2)
ssh2_save_userkey functions in
CVE-2015-2100 (Multiple stack-based buffer overflows in WebGate eDVR Manager
and Cont ...)
NOT-FOR-US: eDVR Manager and Control Center
CVE-2015-2099 (Multiple buffer overflows in WebGate Control Center allow
remote attac ...)
- TODO: check
+ NOT-FOR-US: WebGate Control Center
CVE-2015-2098 (Multiple stack-based buffer overflows in WebGate eDVR Manager
allow re ...)
NOT-FOR-US: WebGate eDVR Manager
CVE-2015-2097 (Multiple buffer overflows in WebGate Embedded Standard Protocol
(WESP) ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e20466096d2166416825ca5255728b46305a922
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e20466096d2166416825ca5255728b46305a922
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
