Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1dd5d16e by Salvatore Bonaccorso at 2021-09-28T22:23:03+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -500,21 +500,21 @@ CVE-2021-41542
CVE-2021-41541
RESERVED
CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41538 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41537 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41536 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41535 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41534 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41533 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41532
RESERVED
CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR
payload if ...)
@@ -958,7 +958,7 @@ CVE-2021-41320
CVE-2021-41319
RESERVED
CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an
application endpo ...)
- TODO: check
+ NOT-FOR-US: Progress WhatsUp Gold
CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce
authent ...)
NOT-FOR-US: XSS Hunter Express
CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize
user inp ...)
@@ -1426,7 +1426,7 @@ CVE-2021-41106
CVE-2021-41105
RESERVED
CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with
web_serv ...)
- TODO: check
+ NOT-FOR-US: ESPHome
CVE-2021-41103
RESERVED
CVE-2021-41102
@@ -7925,7 +7925,7 @@ CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote
attackers to execute a
CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL
driver in ...)
NOT-FOR-US: National Instruments NI-PAL driver
CVE-2021-38303 (A SQL injection vulnerability exists in Sureline SUREedge
Migrator 7.0 ...)
- TODO: check
+ NOT-FOR-US: Sureline SUREedge Migrator
CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL
Injection. ...)
NOT-FOR-US: Newsletter extension for TYPO3
CVE-2021-38301
@@ -10366,7 +10366,7 @@ CVE-2021-37275
CVE-2021-37274 (Kingdee KIS Professional Edition has a privilege escalation
vulnerabil ...)
NOT-FOR-US: Kingdee KIS Professional Edition
CVE-2021-37273 (A Denial of Service issue exists in China Telecom Corporation
EPON Tia ...)
- TODO: check
+ NOT-FOR-US: Tianyi Gateway
CVE-2021-37272
RESERVED
CVE-2021-37271 (Cross Site Scripting (XSS) vulnerability exists in UEditor
v1.4.3.3, w ...)
@@ -10749,11 +10749,11 @@ CVE-2021-37108
CVE-2021-37107
RESERVED
CVE-2021-37106 (There is a command injection vulnerability in CMA service
module of Fu ...)
- TODO: check
+ NOT-FOR-US: FusionCompute (Huawei)
CVE-2021-37105 (There is an improper file upload control vulnerability in
FusionComput ...)
- TODO: check
+ NOT-FOR-US: FusionCompute (Huawei)
CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI
P40 ver ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37103
RESERVED
CVE-2021-37102
@@ -12441,13 +12441,13 @@ CVE-2021-36367 (PuTTY through 0.75 proceeds with
establishing an SSH session eve
[stretch] - putty <no-dsa> (Minor issue)
NOTE:
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa
CVE-2021-36366 (Nagios XI before 5.8.5 incorrectly allows manage_services.sh
wildcards ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-36365 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for
repairm ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-36364 (Nagios XI before 5.8.5 incorrectly allows backup_xi.sh
wildcards. ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-36363 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for
migrate ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-36362
RESERVED
CVE-2021-36361
@@ -12884,7 +12884,7 @@ CVE-2021-36167
CVE-2021-36166
RESERVED
CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is
affected by c ...)
- TODO: check
+ NOT-FOR-US: RICON Industrial Cellular Router
CVE-2021-36164
RESERVED
CVE-2021-36163 (In Apache Dubbo, users may choose to use the Hessian protocol.
The Hes ...)
@@ -16469,7 +16469,7 @@ CVE-2021-34638 (Authenticated Directory Traversal in
WordPress Download Manager
CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site
Request Fo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34636 (The Countdown and CountUp, WooCommerce Sales Timers WordPress
plugin i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34634 (The Nifty Newsletters WordPress plugin is vulnerable to
Cross-Site Req ...)
@@ -18888,9 +18888,9 @@ CVE-2021-33603
CVE-2021-33602
RESERVED
CVE-2021-33601 (A vulnerability was discovered in the web user interface of
F-Secure I ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2021-33600 (A denial-of-service (DoS) vulnerability was discovered in the
web user ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2021-33599 (A vulnerability affecting F-Secure Antivirus engine was
discovered whe ...)
NOT-FOR-US: F-Secure Antivirus
CVE-2021-33598 (A Denial-of-Service (DoS) vulnerability was discovered in all
versions ...)
@@ -29945,25 +29945,25 @@ CVE-2021-29369 (The gnuplot package prior to version
0.1.0 for Node.js allows co
CVE-2021-29368
RESERVED
CVE-2021-29367 (A buffer overflow vulnerability in WPG+0x1dda of Irfanview
4.57 allows ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29366 (A buffer overflow vulnerability in
FORMATS!GetPlugInInfo+0x2de9 of Irf ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29365 (Irfanview 4.57 is affected by an infinite loop when processing
a craft ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29364 (A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of
Irfanvi ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29363 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of
Irfanvie ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29362 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of
Irfanvie ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29361 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340
of Irfa ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29360 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a
of Irfa ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29359
RESERVED
CVE-2021-29358 (A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of
Irfanview ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2021-29357 (The ECT Provider component in OutSystems Platform Server 10
before 10. ...)
NOT-FOR-US: OutSystems Platform Server
CVE-2021-29356
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dd5d16e31acc7f1452609455584fa72002d5cf4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dd5d16e31acc7f1452609455584fa72002d5cf4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
