Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d01aa5b by Moritz Muehlenhoff at 2021-10-14T23:37:50+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45,7 +45,7 @@ CVE-2021-42371
CVE-2021-42370
RESERVED
CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2
allows ...)
- TODO: check
+ NOT-FOR-US: Imagicle Application Suite
CVE-2021-42368
RESERVED
CVE-2021-42367
@@ -571,9 +571,9 @@ CVE-2021-42230
CVE-2021-42229
RESERVED
CVE-2021-42228 (Cross Site Request Forgery (CSRF) vulnerability exists in
KindEdirot 4 ...)
- TODO: check
+ NOT-FOR-US: KindEditor
CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor
4.1.x vi ...)
- TODO: check
+ NOT-FOR-US: KindEditor
CVE-2021-42226
RESERVED
CVE-2021-42225
@@ -3034,7 +3034,7 @@ CVE-2021-41144
CVE-2021-41143
RESERVED
CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end
traceab ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2021-41141
RESERVED
CVE-2021-41140
@@ -3042,7 +3042,7 @@ CVE-2021-41140
CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking
applicat ...)
NOT-FOR-US: Anuko Time Tracker
CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the
newly int ...)
- TODO: check
+ NOT-FOR-US: Frontier
CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage.
All users ...)
TODO: check
CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to
version ...)
@@ -3054,7 +3054,7 @@ CVE-2021-41135
CVE-2021-41134
RESERVED
CVE-2021-41132 (OMERO.web provides a web based client and plugin
infrastructure. In ve ...)
- TODO: check
+ NOT-FOR-US: OMERO.web
CVE-2021-41131
RESERVED
CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables
API mana ...)
@@ -7219,7 +7219,7 @@ CVE-2021-39332
CVE-2021-39331
RESERVED
CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39329
RESERVED
CVE-2021-39328
@@ -9650,11 +9650,11 @@ CVE-2021-38348 (The Advance Search WordPress plugin is
vulnerable to Reflected C
CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to
Reflected Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2021-38346 (The Brizy Page Builder plugin <= 2.3.11 for WordPress
allowed authe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-38345 (The Brizy Page Builder plugin <= 2.3.11 for WordPress used
an incor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-38344 (The Brizy Page Builder plugin <= 2.3.11 for WordPress was
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-38343 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable
to an Op ...)
NOT-FOR-US: WordPress plugin
CVE-2021-38342 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable
to Cross ...)
@@ -10734,7 +10734,7 @@ CVE-2021-37935
CVE-2021-37934
RESERVED
CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow
Enterpri ...)
- TODO: check
+ NOT-FOR-US: Huntflow Enterprise
CVE-2021-37932
RESERVED
CVE-2021-3681
@@ -14256,11 +14256,11 @@ CVE-2021-36391
CVE-2021-36390
RESERVED
CVE-2021-36389 (In Yellowfin before 9.6.1 it is possible to enumerate and
download upl ...)
- TODO: check
+ NOT-FOR-US: Yellowfin
CVE-2021-36388 (In Yellowfin before 9.6.1 it is possible to enumerate and
download use ...)
- TODO: check
+ NOT-FOR-US: Yellowfin
CVE-2021-36387 (In Yellowfin before 9.6.1 there is a Stored Cross-Site
Scripting vulne ...)
- TODO: check
+ NOT-FOR-US: Yellowfin
CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes
omits i ...)
- fetchmail 6.4.16-4 (unimportant)
NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt
@@ -16411,7 +16411,7 @@ CVE-2021-35500
CVE-2021-35499
RESERVED
CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s
TIBCO EBX, ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing
tibftlserve ...)
NOT-FOR-US: TIBCO
CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO
JasperRe ...)
@@ -21900,11 +21900,11 @@ CVE-2021-33181 (Server-Side Request Forgery (SSRF)
vulnerability in webapi compo
CVE-2021-33180 (Improper neutralization of special elements used in an SQL
command ('S ...)
NOT-FOR-US: Synology
CVE-2021-33179 (The general user interface in Nagios XI versions prior to
5.8.4 is vul ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions
prior to 2 ...)
TODO: check
CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions
prior to 5. ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to
a denia ...)
NOT-FOR-US: VerneMQ MQTT Broker
CVE-2021-33175 (EMQ X Broker versions prior to 4.2.8 are vulnerable to a
denial of ser ...)
@@ -23430,11 +23430,11 @@ CVE-2021-32573 (** DISPUTED ** The express-cart
package through 1.1.10 for Node.
CVE-2021-32572 (Speco Web Viewer through 2021-05-12 allows Directory Traversal
via GET ...)
NOT-FOR-US: Speco Web Viewer
CVE-2021-32571 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the
release 18B a ...)
- TODO: check
+ NOT-FOR-US: OSS-RC
CVE-2021-32570
RESERVED
CVE-2021-32569 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the
release 18B a ...)
- TODO: check
+ NOT-FOR-US: OSS-RC
CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data ...)
NOT-FOR-US: mrdoc
CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache
Traffic Se ...)
@@ -33580,7 +33580,7 @@ CVE-2021-28662 (An issue was discovered in Squid 4.x
before 4.15 and 5.x before
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
NOTE:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8.patch
CVE-2021-28661 (Default SilverStripe GraphQL Server (aka silverstripe/graphql)
3.x thr ...)
- TODO: check
+ NOT-FOR-US: ilverStripe GraphQL Server
CVE-2021-3449 (An OpenSSL TLS server may crash if sent a maliciously crafted
renegoti ...)
{DSA-4875-1}
- openssl 1.1.1k-1
@@ -36033,7 +36033,7 @@ CVE-2021-27666
RESERVED
NOT-FOR-US: Android
CVE-2021-27665 (An unauthenticated remote user could exploit a potential
integer overf ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2021-27664 (Under certain configurations an unauthenticated remote user
could be g ...)
NOT-FOR-US: exacqVision
CVE-2021-27663 (A vulnerability in versions 10.1 through 10.5 of Johnson
Controls CEM ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d01aa5b6479b15b989641364153ad80df3ff5a1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d01aa5b6479b15b989641364153ad80df3ff5a1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
