Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f344687c by Salvatore Bonaccorso at 2021-10-15T22:47:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1491,21 +1491,21 @@ CVE-2021-42338
CVE-2021-42337
RESERVED
CVE-2021-42336 (The learning history page of the Easytest is vulnerable by
permission ...)
- TODO: check
+ NOT-FOR-US: Easytest
CVE-2021-42335 (Easytest bulletin board management function of online learning
platfor ...)
- TODO: check
+ NOT-FOR-US: Easytest
CVE-2021-42334 (The Easytest contains SQL injection vulnerabilities. After
obtaining a ...)
- TODO: check
+ NOT-FOR-US: Easytest
CVE-2021-42333 (The Easytest contains SQL injection vulnerabilities. After
obtaining u ...)
- TODO: check
+ NOT-FOR-US: Easytest
CVE-2021-42332 (The “List View” function of ShinHer StudyOnline
System is ...)
- TODO: check
+ NOT-FOR-US: ShinHer StudyOnline System
CVE-2021-42331 (The “Study Edit” function of ShinHer StudyOnline
System do ...)
- TODO: check
+ NOT-FOR-US: ShinHer StudyOnline System
CVE-2021-42330 (The “Teacher Edit” function of ShinHer StudyOnline
System ...)
- TODO: check
+ NOT-FOR-US: ShinHer StudyOnline System
CVE-2021-42329 (The “List_Add” function of message board of
ShinHer StudyO ...)
- TODO: check
+ NOT-FOR-US: ShinHer StudyOnline System
CVE-2022-20111
RESERVED
CVE-2022-20110
@@ -2174,7 +2174,7 @@ CVE-2021-42111
CVE-2021-42110
RESERVED
CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to
a Rest ...)
- TODO: check
+ NOT-FOR-US: bookstack
CVE-2021-3873
RESERVED
CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow
privilege escala ...)
@@ -3998,7 +3998,7 @@ CVE-2021-41322 (Polycom VVX 400/410 version 5.3.1 allows
low-privileged users to
CVE-2021-41321
RESERVED
CVE-2021-41320 (A technical user has hardcoded credentials in Wallstreet Suite
TRM 7.4 ...)
- TODO: check
+ NOT-FOR-US: Wallstreet Suite TRM
CVE-2021-41319
RESERVED
CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an
application endpo ...)
@@ -4384,9 +4384,9 @@ CVE-2021-41150
CVE-2021-41149
RESERVED
CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end
traceab ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end
traceab ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2021-41146
RESERVED
CVE-2021-41145
@@ -4724,33 +4724,33 @@ CVE-2021-41001
CVE-2021-41000
RESERVED
CVE-2021-40999 (A remote arbitrary command execution vulnerability was
discovered in A ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-40998 (A remote arbitrary command execution vulnerability was
discovered in A ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-40997 (A remote authentication bypass vulnerability was discovered in
Aruba C ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-40996 (A remote authentication bypass vulnerability was discovered in
Aruba C ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-40995 (A remote arbitrary command execution vulnerability was
discovered in A ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-40994 (A remote arbitrary command execution vulnerability was
discovered in A ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-40993 (A remote SQL injection vulnerability was discovered in Aruba
ClearPass ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-40992 (A remote SQL injection vulnerability was discovered in Aruba
ClearPass ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-40991 (A remote disclosure of sensitive information vulnerability was
discove ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-40990 (A remote disclosure of sensitive information vulnerability was
discove ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-40989 (A local escalation of privilege vulnerability was discovered
in Aruba ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-40988 (A remote directory traversal vulnerability was discovered in
Aruba Cle ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-40987 (A remote arbitrary command execution vulnerability was
discovered in A ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-40986 (A remote arbitrary command execution vulnerability was
discovered in A ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-3800
RESERVED
CVE-2021-40985
@@ -5358,13 +5358,13 @@ CVE-2021-40733
CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null
pointer ...)
NOT-FOR-US: Adobe
CVE-2021-40731 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier),
21.007.200 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-40730 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier),
21.007.200 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier),
21.007.200 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier),
21.007.200 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-40727
RESERVED
CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier),
2020.004.3000 ...)
@@ -5372,15 +5372,15 @@ CVE-2021-40726 (Acrobat Reader DC versions
2021.005.20060 (and earlier), 2020.00
CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier),
2020.004.3000 ...)
NOT-FOR-US: Adobe
CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are
affected ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-40723
RESERVED
CVE-2021-40722
RESERVED
CVE-2021-40721 (Adobe Connect version 11.2.2 (and earlier) is affected by a
reflected ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a
Deserialization o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-40719
RESERVED
CVE-2021-40718
@@ -7372,7 +7372,7 @@ CVE-2021-39866 (A business logic error in the project
deletion process in GitLab
CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020
Release ...)
NOT-FOR-US: Adobe
CVE-2021-39864 (Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and
earlier) an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-39863 (Acrobat Reader DC versions 2021.005.20060 (and earlier),
2020.004.3000 ...)
NOT-FOR-US: Adobe
CVE-2021-39862 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020
Release ...)
@@ -8544,7 +8544,7 @@ CVE-2021-39351 (The WP Bannerize WordPress plugin is
vulnerable to authenticated
CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable
to Refle ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39349 (The HAL WordPress plugin is vulnerable to Stored Cross-Site
Scripting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39348
RESERVED
CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a
capability ch ...)
@@ -8552,9 +8552,9 @@ CVE-2021-39347 (The Stripe for WooCommerce WordPress
plugin is missing a capabil
CVE-2021-39346
RESERVED
CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site
Scripting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39343
RESERVED
CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's
associated C ...)
@@ -8566,19 +8566,19 @@ CVE-2021-39340
CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy
and Serv ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39338 (The MyBB Cross-Poster WordPress plugin is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39337 (The job-portal WordPress plugin is vulnerable to Stored
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39336 (The Job Manager WordPress plugin is vulnerable to Stored
Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39335 (The WpGenius Job Listing WordPress plugin is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39334 (The Job Board Vanila WordPress plugin is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39333
RESERVED
CVE-2021-39332 (The Business Manager WordPress plugin is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39331
RESERVED
CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to
Stored C ...)
@@ -10798,9 +10798,9 @@ CVE-2021-38434
CVE-2021-38433
RESERVED
CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior
lacks pr ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation Communication Server
CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in
versions 9.0. ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2021-38430
RESERVED
CVE-2021-38429
@@ -12549,13 +12549,13 @@ CVE-2021-37741 (ManageEngine ADManager Plus before
7111 has Pre-authentication R
CVE-2021-37740
RESERVED
CVE-2021-37739 (A remote arbitrary command execution vulnerability was
discovered in A ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-37738 (A remote disclosure of sensitive information vulnerability was
discove ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-37737 (A remote SQL injection vulnerability was discovered in Aruba
ClearPass ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-37736 (A remote authentication bypass vulnerability was discovered in
Aruba C ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2021-37735 (A remote denial of service vulnerability was discovered in
Aruba Insta ...)
NOT-FOR-US: Aruba
CVE-2021-37734 (A remote unauthorized read access to files vulnerability was
discovere ...)
@@ -204453,9 +204453,9 @@ CVE-2018-16062 (dwarf_getaranges in
dwarf_getaranges.c in libdw in elfutils befo
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
NOTE:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9
CVE-2018-16061 (Mitsubishi Electric SmartRTU devices allow XSS via the
username parame ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2018-16060 (Mitsubishi Electric SmartRTU devices allow remote attackers to
obtain ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow
Director ...)
NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices
CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to
2.2.16, the ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f344687cd412f5a79c334f1413f0fb6616da8ad2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f344687cd412f5a79c334f1413f0fb6616da8ad2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
