Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8fedc428 by Salvatore Bonaccorso at 2021-08-06T10:23:44+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12660,17 +12660,17 @@ CVE-2021-32583
CVE-2021-32582 (An issue was discovered in ConnectWise Automate before 2021.5.
A blind ...)
NOT-FOR-US: ConnectWise Automate
CVE-2021-32581 (Acronis True Image prior to 2021 Update 4 for Windows, Acronis
True Im ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-32580 (Acronis True Image prior to 2021 Update 4 for Windows allowed
local pr ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-32579 (Acronis True Image prior to 2021 Update 4 for Windows and
Acronis True ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-32578 (Acronis True Image prior to 2021 Update 4 for Windows allowed
local pr ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-32577 (Acronis True Image prior to 2021 Update 5 for Windows allowed
local pr ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-32576 (Acronis True Image prior to 2021 Update 4 for Windows allowed
local pr ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-32606 (In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in
net/can/i ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/16
@@ -14082,9 +14082,9 @@ CVE-2021-32005
CVE-2021-32004
RESERVED
CVE-2021-32003 (Unprotected Transport of Credentials vulnerability in
SiteManager prov ...)
- TODO: check
+ NOT-FOR-US: Secomea SiteManager
CVE-2021-32002 (Improper Access Control vulnerability in web service of
Secomea SiteMa ...)
- TODO: check
+ NOT-FOR-US: Secomea SiteManager
CVE-2021-32001 (A Missing Encryption of Sensitive Data vulnerability in k3s,
kde2 of S ...)
NOT-FOR-US: Rancher
CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the
clone-ma ...)
@@ -27508,7 +27508,7 @@ CVE-2021-26607
CVE-2021-26606
RESERVED
CVE-2021-26605 (An improper input validation vulnerability in the service of
ezPDFRead ...)
- TODO: check
+ NOT-FOR-US: ezPDFReader
CVE-2021-26604
RESERVED
CVE-2021-26603
@@ -27561,7 +27561,7 @@ CVE-2021-26588
CVE-2021-26587
RESERVED
CVE-2021-26586 (A potential security vulnerability has been identified in the
HPE Edge ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-26585 (A potential vulnerability has been identified in HPE OneView
Global Da ...)
NOT-FOR-US: HPE
CVE-2021-26584 (A security vulnerability in HPE OneView for VMware vCenter
(OV4VC) cou ...)
@@ -30567,17 +30567,17 @@ CVE-2021-25450
CVE-2021-25449
RESERVED
CVE-2021-25448 (Improper access control vulnerability in Smart Touch Call
prior to ver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25447 (Improper access control vulnerability in SmartThings prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25446 (Improper access control vulnerability in SmartThings prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25445 (Unprotected component vulnerability in Samsung Internet prior
to versi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25444 (An IV reuse vulnerability in keymaster prior to SMR AUG-2021
Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25443 (A use after free vulnerability in conn_gadget driver prior to
SMR AUG- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25442 (Improper MDM policy management vulnerability in KME module
prior to KC ...)
NOT-FOR-US: Samsung (KME module)
CVE-2021-25441 (Improper input validation vulnerability in AR Emoji Editor
prior to ve ...)
@@ -36187,9 +36187,9 @@ CVE-2021-22930 [Use after free on close http2 on stream
canceling]
CVE-2021-22929
RESERVED
CVE-2021-22928 (A vulnerability has been identified in Citrix Virtual Apps and
Desktop ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2021-22927 (A session fixation vulnerability exists in Citrix ADC and
Citrix Gatew ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2021-22926 (libcurl-using applications can ask for a specific client
certificate t ...)
TODO: check
CVE-2021-22925 (curl supports the `-t` command line option, known as
`CURLOPT_TELNETOP ...)
@@ -36223,9 +36223,9 @@ CVE-2021-22922 (When curl is instructed to download
content using the metalink f
CVE-2021-22921 (Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to
local pri ...)
- nodejs <not-affected> (Only affects Windows installer)
CVE-2021-22920 (A vulnerability has been discovered in Citrix ADC (formerly
known as N ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2021-22919 (A vulnerability has been discovered in Citrix ADC (formerly
known as N ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2021-22918 (Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an
out-of-bou ...)
{DSA-4936-1}
- libuv1 1.40.0-2 (bug #990561)
@@ -37184,7 +37184,7 @@ CVE-2021-22554
CVE-2021-22553 (Any git operation is passed through Jetty and a session is
created. No ...)
- gerrit <itp> (bug #589436)
CVE-2021-22552 (An untrusted memory read vulnerability in Asylo versions up to
0.6.1 a ...)
- TODO: check
+ NOT-FOR-US: Asylo
CVE-2021-22551
RESERVED
CVE-2021-22550 (An attacker can modify the pointers in enclave memory to
overwrite arb ...)
@@ -38604,7 +38604,7 @@ CVE-2021-21895
CVE-2021-21894
RESERVED
CVE-2021-21893 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-21892
RESERVED
CVE-2021-21891
@@ -38650,7 +38650,7 @@ CVE-2021-21872
CVE-2021-21871 (A memory corruption vulnerability exists in the DMG File
Format Handle ...)
NOT-FOR-US: PowerISO
CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-21869
RESERVED
CVE-2021-21868
@@ -38664,7 +38664,7 @@ CVE-2021-21865 (A unsafe deserialization vulnerability
exists in the PackageMana
CVE-2021-21864 (A unsafe deserialization vulnerability exists in the
ComponentModel Co ...)
NOT-FOR-US: CODESYS
CVE-2021-21863 (A unsafe deserialization vulnerability exists in the
ComponentModel Pr ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2021-21862
RESERVED
CVE-2021-21861
@@ -38728,7 +38728,7 @@ CVE-2021-21833 (An improper array index validation
vulnerability exists in the T
CVE-2021-21832
RESERVED
CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-21830
RESERVED
CVE-2021-21829
@@ -38784,7 +38784,7 @@ CVE-2021-21806 (An exploitable use-after-free
vulnerability exists in WebKitGTK
- wpewebkit 2.30.6-1
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214
CVE-2021-21805 (An OS Command Injection vulnerability exists in the ping.php
script fu ...)
- TODO: check
+ NOT-FOR-US: Advantech R-SeeNet
CVE-2021-21804 (A local file inclusion (LFI) vulnerability exists in the
options.php s ...)
NOT-FOR-US: Advantech R-SeeNet
CVE-2021-21803 (This vulnerability is present in device_graph_page.php script,
which i ...)
@@ -38939,9 +38939,9 @@ CVE-2021-21741
CVE-2021-21740
RESERVED
CVE-2021-21739 (A ZTE's product of the transport network access layer has a
security v ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21738 (ZTE's big video business platform has two reflective
cross-site script ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21737 (A smart STB product of ZTE is impacted by a permission and
access cont ...)
NOT-FOR-US: ZTE
CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and
access c ...)
@@ -44532,9 +44532,9 @@ CVE-2021-20118
CVE-2021-20117
RESERVED
CVE-2021-20116 (A reflected cross-site scripting vulnerability exists in
TCExam <= ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2021-20115 (A reflected cross-site scripting vulnerability exists in
TCExam <= ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2021-20114 (When installed following the default/recommended settings,
TCExam < ...)
NOT-FOR-US: TCExam
CVE-2021-20113 (An exposure of sensitive information vulnerability exists in
TCExam &l ...)
@@ -68044,7 +68044,7 @@ CVE-2020-22394 (In YzmCMS v5.5 the member contribution
function in the editor co
CVE-2020-22393
RESERVED
CVE-2020-22392 (Cross Site Scripting (XSS) vulnerability exists in Subrion CMS
4.2.2 w ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2020-22391
RESERVED
CVE-2020-22390 (Akaunting <= 2.0.9 is vulnerable to CSV injection in the
Item name ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fedc428132b4ba08c304f8370c09c9f8da22fc7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fedc428132b4ba08c304f8370c09c9f8da22fc7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
