Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5674efb by Salvatore Bonaccorso at 2021-09-21T22:45:30+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,7 +43,7 @@ CVE-2021-41527
CVE-2021-41526
RESERVED
CVE-2021-41525 (An issue related to modification of otherwise restricted files
through ...)
- TODO: check
+ NOT-FOR-US: FlexNet
CVE-2021-3821
RESERVED
CVE-2021-3820
@@ -976,7 +976,7 @@ CVE-2021-41086
CVE-2021-41085
RESERVED
CVE-2021-41084 (http4s is an open source scala interface for HTTP. In affected
version ...)
- TODO: check
+ NOT-FOR-US: Http4s
CVE-2021-41083 (Dada Mail is a web-based e-mail list management system. In
affected ve ...)
NOT-FOR-US: Dada Mail
CVE-2021-41082 (Discourse is a platform for community discussion. In affected
versions ...)
@@ -1428,7 +1428,7 @@ CVE-2021-40870 (An issue was discovered in Aviatrix
Controller 6.x before 6.5-18
CVE-2021-40869
RESERVED
CVE-2021-40868 (In Cloudron 6.2, the returnTo parameter on the login page is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: Cloudron
CVE-2021-40867 (Certain NETGEAR smart switches are affected by an
authentication hijac ...)
NOT-FOR-US: Netgear
CVE-2021-40866 (Certain NETGEAR smart switches are affected by a remote admin
password ...)
@@ -1495,7 +1495,7 @@ CVE-2021-40849
CVE-2021-40848
RESERVED
CVE-2021-40847 (The update process of the Circle Parental Control Service on
various N ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-40846
RESERVED
CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through
11.2.3.10, ca ...)
@@ -5283,9 +5283,9 @@ CVE-2021-3713 (An out-of-bounds write flaw was found in
the UAS (USB Attached SC
[buster] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1994640
CVE-2021-39230 (Butter is a system usability utility. Due to a kernel error
the JPNS k ...)
- TODO: check
+ NOT-FOR-US: Butter
CVE-2021-39229 (Apprise is an open source library which allows you to send a
notificat ...)
- TODO: check
+ NOT-FOR-US: Apprise
CVE-2021-39228 (Tremor is an event processing system for unstructured data. A
vulnerab ...)
NOT-FOR-US: Tremor event processing (different from Vorbis Tremor)
CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for
Apache ...)
@@ -8779,7 +8779,7 @@ CVE-2021-37743 (app/View/GalaxyElements/ajax/index.ctp in
MISP 2.4.147 allows St
CVE-2021-37742 (app/View/Elements/GalaxyClusters/view_relation_tree.ctp in
MISP 2.4.14 ...)
NOT-FOR-US: MISP
CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication
RCE vul ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2021-37740
RESERVED
CVE-2021-37739
@@ -9469,7 +9469,7 @@ CVE-2021-37426
CVE-2021-37425 (Altova MobileTogether Server before 7.3 SP1 allows XXE
attacks, such a ...)
NOT-FOR-US: Altova MobileTogether Server
CVE-2021-37424 (ManageEngine ADSelfService Plus before 6112 is vulnerable to
domain us ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2021-37423 (Zoho ManageEngine ADSelfService Plus 6111 and prior is
vulnerable to l ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is
vulnerable to S ...)
@@ -9477,9 +9477,9 @@ CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111
and prior is vulnerabl
CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is
vulnerable to a ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37420 (ManageEngine ADSelfService Plus before 6112 is vulnerable to
mail spoo ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2021-37419 (ManageEngine ADSelfService Plus before 6112 is vulnerable to
SSRF. ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2021-37418
REJECTED
CVE-2021-37417 (Zoho ManageEngine ADSelfService Plus version 6103 and prior
allows CAP ...)
@@ -30279,7 +30279,7 @@ CVE-2021-28962
CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in
the DDN ...)
NOT-FOR-US: DDNS package for OpenWrt
CVE-2021-28960 (ManageEngine Desktop Central before build 10.0.683 allows
Unauthentica ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2021-28959 (Zoho ManageEngine Eventlog Analyzer through 12147 is
vulnerable to una ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-28958 (Zoho ManageEngine ADSelfService Plus through 6101 is
vulnerable to una ...)
@@ -51340,7 +51340,7 @@ CVE-2021-20831
CVE-2021-20830
RESERVED
CVE-2021-20829 (Cross-site scripting vulnerability due to the inadequate tag
sanitizat ...)
- TODO: check
+ NOT-FOR-US: GROWI
CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch
Change Plug-i ...)
NOT-FOR-US: EC-CUBE plugin
CVE-2021-20827
@@ -53629,7 +53629,7 @@ CVE-2021-20039
CVE-2021-20038
RESERVED
CVE-2021-20037 (SonicWall Global VPN Client 4.10.5 installer (32-bit and
64-bit) incor ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2021-20036
RESERVED
CVE-2021-20035
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5674efb404a858ede15524c4b47d1d42eb8c86c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5674efb404a858ede15524c4b47d1d42eb8c86c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
