Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
59fc5797 by Salvatore Bonaccorso at 2021-08-04T06:21:35+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2704,11 +2704,11 @@ CVE-2021-36705
CVE-2021-36704
RESERVED
CVE-2021-36703 (The "blog title" field in the "Settings" menu "config" page of
"dashbo ...)
- TODO: check
+ NOT-FOR-US: htmly
CVE-2021-36702 (The "content" field in the "regular post" page of the "add
content" me ...)
- TODO: check
+ NOT-FOR-US: htmly
CVE-2021-36701 (In htmly version 2.8.1, is vulnerable to an Arbitrary File
Deletion on ...)
- TODO: check
+ NOT-FOR-US: htmly
CVE-2021-36700
RESERVED
CVE-2021-36699
@@ -7338,7 +7338,7 @@ CVE-2021-34639
CVE-2021-34638
RESERVED
CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site
Request Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-34636
RESERVED
CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected
Cross-Site ...)
@@ -11580,7 +11580,7 @@ CVE-2021-32814 (Skytable is a NoSQL database with
automated snapshots and TLS. V
CVE-2021-32813
RESERVED
CVE-2021-32812 (Monkshu is an enterprise application server for mobile apps
(iOS and A ...)
- TODO: check
+ NOT-FOR-US: Monkshu
CVE-2021-32811 (Zope is an open-source web application server. Zope versions
prior to ...)
TODO: check
CVE-2021-32810 (crossbeam-deque is a package of work-stealing deques for
building task ...)
@@ -11641,7 +11641,7 @@ CVE-2021-32789 (woocommerce-gutenberg-products-block is
a feature plugin for Woo
CVE-2021-32788 (Discourse is an open source discussion platform. In versions
prior to ...)
NOT-FOR-US: Discourse
CVE-2021-32787 (Sourcegraph is a code search and navigation engine.
Sourcegraph before ...)
- TODO: check
+ NOT-FOR-US: Sourcegraph
CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991582)
[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
@@ -11681,7 +11681,7 @@ CVE-2021-32773 (Racket is a general-purpose programming
language and an ecosyste
[stretch] - racket <no-dsa> (Minor issue)
NOTE:
https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c
CVE-2021-32772 (Poddycast is a podcast app made with Electron. Prior to
version 0.8.1, ...)
- TODO: check
+ NOT-FOR-US: Poddycast
CVE-2021-32771
RESERVED
CVE-2021-32770 (Gatsby is a framework for building websites. The
gatsby-source-wordpre ...)
@@ -13523,13 +13523,13 @@ CVE-2021-32021
CVE-2021-32020 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has
insuffici ...)
NOT-FOR-US: kernel in Amazon Web Services FreeRTOS
CVE-2021-32019 (There is missing input validation of host names displayed in
OpenWrt b ...)
- TODO: check
+ NOT-FOR-US: OpenWrt
CVE-2021-32018 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The
JUMP SOAP A ...)
- TODO: check
+ NOT-FOR-US: JUMP AMS
CVE-2021-32017 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP
SOAP end ...)
- TODO: check
+ NOT-FOR-US: JUMP AMS
CVE-2021-32016 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP
SOAP end ...)
- TODO: check
+ NOT-FOR-US: JUMP AMS
CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local
authenticated mal ...)
NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware
CVE-2021-32014 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to
cause a den ...)
@@ -14999,9 +14999,9 @@ CVE-2021-31506 (This vulnerability allows remote
attackers to disclose sensitive
CVE-2021-31505 (This vulnerability allows attackers with physical access to
escalate p ...)
NOT-FOR-US: Arlo Q Plus
CVE-2021-31504 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: OpenText Brava! Desktop
CVE-2021-31503 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: OpenText Brava! Desktop
CVE-2021-31502 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: OpenText Brava! Desktop
CVE-2021-31501 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
@@ -23876,11 +23876,11 @@ CVE-2019-25025 (The activerecord-session_store (aka
Active Record Session Store)
CVE-2021-27955
RESERVED
CVE-2021-27954 (A heap-based buffer overflow vulnerability exists on the
ecobee3 lite ...)
- TODO: check
+ NOT-FOR-US: ecobee3
CVE-2021-27953 (A NULL pointer dereference vulnerability exists on the ecobee3
lite 4. ...)
- TODO: check
+ NOT-FOR-US: ecobee3
CVE-2021-27952 (Hardcoded default root credentials exist on the ecobee3 lite
4.5.81.20 ...)
- TODO: check
+ NOT-FOR-US: ecobee3
CVE-2021-27951
RESERVED
CVE-2021-27950 (A SQL injection vulnerability in azurWebEngine in Sita AzurCMS
through ...)
@@ -23915,9 +23915,9 @@ CVE-2021-3421 (A flaw was found in the RPM package in
the read functionality. Th
CVE-2021-27944
RESERVED
CVE-2021-27943 (The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and
E50x-E1 ...)
- TODO: check
+ NOT-FOR-US: Vizio
CVE-2021-27942 (Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs
allow a thre ...)
- TODO: check
+ NOT-FOR-US: Vizio
CVE-2021-27941 (Unconstrained Web access to the device's private encryption
key in the ...)
NOT-FOR-US: eWeLink mobile application
CVE-2021-27940 (resources/public/js/orchestrator.js in openark orchestrator
before 3.2 ...)
@@ -32459,7 +32459,7 @@ CVE-2021-24373 (The WP Hardening – Fix Your
WordPress Security WordPress p
CVE-2021-24372 (The WP Hardening – Fix Your WordPress Security WordPress
plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24371 (The Import feature of the RSVPMaker WordPress plugin before
8.7.3 (/wp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24370 (The Fancy Product Designer WordPress plugin before 4.6.9
allows unauth ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24369 (In the GetPaid WordPress plugin before 2.3.4, users with the
contribut ...)
@@ -36961,31 +36961,31 @@ CVE-2021-22427 (There is a Heap-based Buffer Overflow
Vulnerability in Huawei Sm
CVE-2021-22426
RESERVED
CVE-2021-22425 (A component of the HarmonyOS has a Double Free vulnerability.
Local at ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22424 (A component of the HarmonyOS has a Kernel Memory Leakage
Vulnerability ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22423 (A component of the HarmonyOS has a Out-of-bounds Write
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22422 (A component of the HarmonyOS has a Integer Overflow or
Wraparound vuln ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22421 (A component of the HarmonyOS has a Improper Privilege
Management vulne ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22420 (A component of the HarmonyOS has a External Control of System
or Confi ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22419 (A component of the HarmonyOS has a Insufficient Verification
of Data A ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22418 (A component of the HarmonyOS has a Integer Overflow or
Wraparound vuln ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22417 (A component of the HarmonyOS has a Data Processing Errors
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22416 (A component of the HarmonyOS has a Data Processing Errors
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22415 (There is an Incorrect Calculation of Buffer Size Vulnerability
in Huaw ...)
NOT-FOR-US: Huawei
CVE-2021-22414 (There is a Memory Buffer Errors Vulnerability in Huawei
Smartphone.Suc ...)
NOT-FOR-US: Huawei
CVE-2021-22413 (There is an Integer Overflow Vulnerability in Huawei
Smartphone.Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22412 (There is an Integer Overflow Vulnerability in Huawei
Smartphone.Succes ...)
NOT-FOR-US: Huawei
CVE-2021-22411 (There is an out-of-bounds write vulnerability in some Huawei
products. ...)
@@ -37011,7 +37011,7 @@ CVE-2021-22402
CVE-2021-22401
RESERVED
CVE-2021-22400 (Some Huawei Smartphones has an insufficient input validation
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS
vulnerabil ...)
NOT-FOR-US: Huawei
CVE-2021-22398 (There is a logic error vulnerability in several smartphones.
The softw ...)
@@ -38821,7 +38821,7 @@ CVE-2021-21567
CVE-2021-21566
RESERVED
CVE-2021-21565 (Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a
denial of ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-21564
RESERVED
CVE-2021-21563 (Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an
Improper C ...)
@@ -38845,7 +38845,7 @@ CVE-2021-21555 (Dell PowerEdge R640, R740, R740XD,
R840, R940, R940xa, MX740c, M
CVE-2021-21554 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c,
MX840c, ...)
NOT-FOR-US: Dell
CVE-2021-21553 (Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an
Incorrect User M ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-21552 (Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and
earlier ...)
NOT-FOR-US: Dell
CVE-2021-21551 (Dell dbutil_2_3.sys driver contains an insufficient access
control vul ...)
@@ -138807,7 +138807,7 @@ CVE-2013-7474 (Windu CMS 2.2 allows XSS via the name
parameter to admin/content/
CVE-2013-7473 (Windu CMS 2.2 allows CSRF via
admin/users/?mn=admin.message.error to a ...)
NOT-FOR-US: Windu CMS
CVE-2019-14453 (An issue was discovered in Comelit "App lejos de casa (web)"
2.8.0. It ...)
- TODO: check
+ NOT-FOR-US: Comelit "App lejos de casa (web)"
CVE-2018-20953 (cPanel before 68.0.27 allows self XSS in the WHM listips
interface (SE ...)
NOT-FOR-US: cPanel
CVE-2018-20952 (cPanel before 68.0.27 creates world-readable files during use
of WHM A ...)
@@ -216967,7 +216967,7 @@ CVE-2017-18115
CVE-2017-18114
RESERVED
CVE-2017-18113 (The DefaultOSWorkflowConfigurator class in Jira Server and
Jira Data C ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2017-18112 (Affected versions of Atlassian Fisheye allow remote attackers
to view ...)
NOT-FOR-US: Atlassian
CVE-2017-18111 (The OAuthHelper in Atlassian Application Links before version
5.0.10, ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59fc57971b7dadc6bcc7730167bcdd9213fd29cd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59fc57971b7dadc6bcc7730167bcdd9213fd29cd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
