Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3efb1bab by Salvatore Bonaccorso at 2021-08-19T22:31:42+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5701,7 +5701,7 @@ CVE-2021-36764 (In CODESYS Gateway V3 before 3.5.17.10,
there is a NULL Pointer
CVE-2021-36763 (In CODESYS V3 web server before 3.5.17.10, files or
directories are ac ...)
NOT-FOR-US: CODESYS V3 web server
CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack
through ...)
- TODO: check
+ NOT-FOR-US: HCC Embedded InterNiche NicheStack
CVE-2021-36761
RESERVED
CVE-2021-36760
@@ -10504,7 +10504,7 @@ CVE-2021-34647
CVE-2021-34646
RESERVED
CVE-2021-34645 (The Shopping Cart & eCommerce Store WordPress plugin is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-34644 (The Multiplayer Games WordPress plugin is vulnerable to
Reflected Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34643 (The Skaut bazar WordPress plugin is vulnerable to Reflected
Cross-Site ...)
@@ -17186,7 +17186,7 @@ CVE-2021-3520 (There's a flaw in lz4. An attacker who
submits a crafted file to
CVE-2021-31869 (Pimcore AdminBundle version 6.8.0 and earlier suffers from a
SQL injec ...)
NOT-FOR-US: Pimcore
CVE-2021-31868 (Rapid7 Nexpose version 6.6.95 and earlier allows authenticated
users o ...)
- TODO: check
+ NOT-FOR-US: Rapid7 Nexpose
CVE-2021-31867 (Pimcore Customer Data Framework version 3.0.0 and earlier
suffers from ...)
NOT-FOR-US: Pimcore
CVE-2021-3519
@@ -18475,9 +18475,9 @@ CVE-2021-3500 (A flaw was found in djvulibre-3.5.28 and
earlier. A Stack overflo
CVE-2021-31402 (The dio package 4.0.0 for Dart allows CRLF injection if the
attacker c ...)
NOT-FOR-US: dio package for Dart
CVE-2021-31401 (An issue was discovered in tcp_rcv() in nptcp.c in HCC
embedded InterN ...)
- TODO: check
+ NOT-FOR-US: HCC embedded InterNiche
CVE-2021-31400 (An issue was discovered in tcp_pulloutofband() in tcp_in.c in
HCC embe ...)
- TODO: check
+ NOT-FOR-US: HCC embedded InterNiche
CVE-2021-31399 (On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can
pose as the ...)
NOT-FOR-US: On 2N Access Unit devices
CVE-2021-31398
@@ -18631,7 +18631,7 @@ CVE-2021-31340 (A vulnerability has been identified in
SIMATIC RF166C (All versi
CVE-2021-31339 (A vulnerability has been identified in Mendix Excel Importer
Module (A ...)
NOT-FOR-US: Mendix Excel Importer Module
CVE-2021-31338 (A vulnerability has been identified in SINEMA Remote Connect
Client (A ...)
- TODO: check
+ NOT-FOR-US: SINEMA Remote Connect Client
CVE-2021-31337 (The Telnet service of the SIMATIC HMI Comfort Panels system
component ...)
NOT-FOR-US: Siemens
CVE-2021-31336
@@ -18908,11 +18908,11 @@ CVE-2021-31229 (An issue was discovered in libezxml.a
in ezXML 0.8.6. The functi
[buster] - netcdf-parallel <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/26/
CVE-2021-31228 (An issue was discovered in HCC embedded InterNiche 4.0.1. This
vulnera ...)
- TODO: check
+ NOT-FOR-US: HCC embedded InterNiche
CVE-2021-31227 (An issue was discovered in HCC embedded InterNiche 4.0.1. A
potential ...)
- TODO: check
+ NOT-FOR-US: HCC embedded InterNiche
CVE-2021-31226 (An issue was discovered in HCC embedded InterNiche 4.0.1. A
potential ...)
- TODO: check
+ NOT-FOR-US: HCC embedded InterNiche
CVE-2021-31225 (SES Evolution before 2.1.0 allows deleting some resources not
currentl ...)
NOT-FOR-US: SES Evolution
CVE-2021-31224 (SES Evolution before 2.1.0 allows duplicating an existing
security pol ...)
@@ -23946,7 +23946,7 @@ CVE-2021-29282
CVE-2021-29281
RESERVED
CVE-2021-29280 (In TP-Link Wireless N Router WR840N an ARP poisoning attack
can cause ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2021-29279 (There is a integer overflow in function
filter_core/filter_props.c:gf_ ...)
- gpac 1.0.1+dfsg1-4 (bug #987323)
[buster] - gpac <not-affected> (Vulnerable code not present)
@@ -27076,11 +27076,11 @@ CVE-2021-28003
CVE-2021-28002 (A persistent cross-site scripting vulnerability was discovered
in the ...)
TODO: check
CVE-2021-28001 (A cross-site scripting vulnerability was discovered in the
Comments pa ...)
- TODO: check
+ NOT-FOR-US: Textpattern CMS
CVE-2021-28000 (A persistent cross-site scripting vulnerability was discovered
in Loca ...)
- TODO: check
+ NOT-FOR-US: Local Services Search Engine Management System Project
CVE-2021-27999 (A SQL injection vulnerability was discovered in the editid
parameter i ...)
- TODO: check
+ NOT-FOR-US: Local Services Search Engine Management System Project
CVE-2021-27998
RESERVED
CVE-2021-27997
@@ -27520,7 +27520,7 @@ CVE-2021-27824
CVE-2021-27823 (An information disclosure vulnerability was discovered in
/index.class ...)
NOT-FOR-US: NetWave
CVE-2021-27822 (A persistent cross site scripting (XSS) vulnerability in the
Add Categ ...)
- TODO: check
+ NOT-FOR-US: Vehicle Parking Management System
CVE-2021-27821 (The Web Interface for OpenWRT LuCI version 19.07 and lower has
been di ...)
NOT-FOR-US: OpenWRT LuCI
CVE-2021-27820
@@ -28084,7 +28084,7 @@ CVE-2021-3414
RESERVED
NOT-FOR-US: Red Hat Satellite
CVE-2021-27565 (The web server in InterNiche NicheStack through 4.0.1 allows
remote at ...)
- TODO: check
+ NOT-FOR-US: InterNiche NicheStack
CVE-2021-27564 (A stored XSS issue exists in Appspace 6.2.4. After a user is
authentic ...)
NOT-FOR-US: Appspace
CVE-2021-27563
@@ -43542,11 +43542,11 @@ CVE-2020-35687 (PHPFusion version 9.03.90 is
vulnerable to CSRF attack which lea
CVE-2020-35686 (The SECOMN service in Sound Research DCHU model software
component mod ...)
NOT-FOR-US: Sound Research
CVE-2020-35685 (An issue was discovered in HCC Nichestack 3.0. The code that
generates ...)
- TODO: check
+ NOT-FOR-US: HCC Nichestack
CVE-2020-35684 (An issue was discovered in HCC Nichestack 3.0. The code that
parses TC ...)
- TODO: check
+ NOT-FOR-US: HCC Nichestack
CVE-2020-35683 (An issue was discovered in HCC Nichestack 3.0. The code that
parses IC ...)
- TODO: check
+ NOT-FOR-US: HCC Nichestack
CVE-2020-35682 (Zoho ManageEngine ServiceDesk Plus before 11134 allows an
Authenticati ...)
NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2020-35681 (Django Channels 3.x before 3.0.3 allows remote attackers to
obtain sen ...)
@@ -53128,7 +53128,7 @@ CVE-2021-1563 (Multiple vulnerabilities in the
implementation of the Cisco Disco
CVE-2021-1562 (A vulnerability in the XSI-Actions interface of Cisco
BroadWorks Appli ...)
NOT-FOR-US: Cisco
CVE-2021-1561 (A vulnerability in the spam quarantine feature of Cisco Secure
Email a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1560 (Multiple vulnerabilities in Cisco DNA Spaces Connector could
allow an ...)
NOT-FOR-US: Cisco
CVE-2021-1559 (Multiple vulnerabilities in Cisco DNA Spaces Connector could
allow an ...)
@@ -74594,13 +74594,13 @@ CVE-2020-20647
CVE-2020-20646
RESERVED
CVE-2020-20645 (Cross Site Scripting (XSS) vulnerability exists in
EyouCMS1.3.6 in the ...)
- TODO: check
+ NOT-FOR-US: EyouCMS
CVE-2020-20644
RESERVED
CVE-2020-20643
RESERVED
CVE-2020-20642 (Cross Site Request Forgery (CSRF) vulnerability exists in
EyouCMS 1.3. ...)
- TODO: check
+ NOT-FOR-US: EyouCMS
CVE-2020-20641
RESERVED
CVE-2020-20640 (Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to
security ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3efb1bab2fa4af3ff55298d5234dcf91dade0204
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3efb1bab2fa4af3ff55298d5234dcf91dade0204
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
