Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
50bad0b5 by Salvatore Bonaccorso at 2021-10-23T08:50:21+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2021-42842
CVE-2021-42841
RESERVED
CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the
system se ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2021-42839
RESERVED
CVE-2021-42838
@@ -631,7 +631,7 @@ CVE-2021-42558
CVE-2021-42557
RESERVED
CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive
extract ...)
- TODO: check
+ NOT-FOR-US: Rasa X
CVE-2021-42555
RESERVED
CVE-2021-42554
@@ -675,23 +675,23 @@ CVE-2021-42544
CVE-2021-42543
RESERVED
CVE-2021-42542 (The affected product is vulnerable to directory traversal due
to misha ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-42541
RESERVED
CVE-2021-42540 (The affected product is vulnerable to a unsanitized extract
folder for ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-42539 (The affected product is vulnerable to a missing permission
validation ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-42538 (The affected product is vulnerable to a parameter injection
via passph ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-42537
RESERVED
CVE-2021-42536 (The affected product is vulnerable to a disclosure of peer
username an ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-42535
RESERVED
CVE-2021-42534 (The affected product’s web application does not properly
neutral ...)
- TODO: check
+ NOT-FOR-US: Trane
CVE-2021-42533
RESERVED
CVE-2021-42532
@@ -2693,7 +2693,7 @@ CVE-2021-42171
CVE-2021-42170
RESERVED
CVE-2021-42169 (The Simple Payroll System with Dynamic Tax Bracket in PHP
using SQLite ...)
- TODO: check
+ NOT-FOR-US: Dynamic Tax Bracket in PHP using SQLite Free Source Code
CVE-2021-42168
RESERVED
CVE-2021-42167
@@ -3741,13 +3741,13 @@ CVE-2021-41749
CVE-2021-41748
RESERVED
CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP
4.10.0, wh ...)
- TODO: check
+ NOT-FOR-US: Csdn APP
CVE-2021-41746
RESERVED
CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where
attackers can us ...)
- TODO: check
+ NOT-FOR-US: ShowDoc
CVE-2021-41744 (All versions of yongyou PLM are affected by a command
injection issue. ...)
- TODO: check
+ NOT-FOR-US: yongyou PLM
CVE-2021-41743
RESERVED
CVE-2021-41742
@@ -5005,7 +5005,7 @@ CVE-2021-41173
CVE-2021-41172
RESERVED
CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for
research ...)
- TODO: check
+ NOT-FOR-US: eLabFTW
CVE-2021-41170
RESERVED
CVE-2021-41169 (Sulu is an open-source PHP content management system based on
the Symf ...)
@@ -11377,7 +11377,7 @@ CVE-2021-38487
CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 cl ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38485 (The affected product is vulnerable to improper input
validation in the ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-38484 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 do ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38483
@@ -11385,71 +11385,71 @@ CVE-2021-38483
CVE-2021-38482 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 we ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38481 (The scheduler service running on a specific TCP port enables
the user ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38480 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 ar ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38479 (Many API function codes receive raw pointers remotely from the
user an ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38478 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 ar ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38477 (There are multiple API function codes that permit reading and
writing ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38476 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 au ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38475 (The database connection to the server is performed by calling
a specif ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38474 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 ha ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38473 (The affected product’s code base doesn’t properly
control ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38472 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 ma ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38471 (There are multiple API function codes that permit data writing
to any ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38470 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 ar ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38469 (Many of the services used by the affected product do not
specify full ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38468 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 ar ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38467 (A specific function code receives a raw pointer supplied by
the user a ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38466 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 do ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38465 (The webinstaller is a Golang web server executable that
enables the ge ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38464 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 ha ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38463 (The affected product does not properly control the allocation
of resou ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38462 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 do ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38461 (The affected product uses a hard-coded blowfish key for
encryption/dec ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network
Management s ...)
NOT-FOR-US: Moxa
CVE-2021-38459 (The data of a network capture of the initial handshake phase
can be us ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38458 (A path traversal vulnerability in the Moxa MXview Network
Management s ...)
NOT-FOR-US: Moxa
CVE-2021-38457 (The server permits communication without any authentication
procedure, ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38456 (A path traversal vulnerability in the Moxa MXview Network
Management s ...)
NOT-FOR-US: Moxa
CVE-2021-38455 (The affected product’s OS Service does not verify any
given para ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38454 (A path traversal vulnerability in the Moxa MXview Network
Management s ...)
NOT-FOR-US: Moxa
CVE-2021-38453 (Some API functions allow interaction with the registry, which
includes ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network
Management s ...)
NOT-FOR-US: Moxa
CVE-2021-38451 (The affected product’s proprietary protocol CSC allows
for calli ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38450
RESERVED
CVE-2021-38449 (Some API functions permit by-design writing or copying data
into a giv ...)
- TODO: check
+ NOT-FOR-US: AUVESY
CVE-2021-38448
RESERVED
CVE-2021-38447
@@ -16424,7 +16424,7 @@ CVE-2021-36359 (OrbiTeam BSCW Classic before 7.4.3
allows exportpdf authenticate
CVE-2021-36358
RESERVED
CVE-2021-36357 (An issue was discovered in OpenPOWER 2.6 firmware.
unpack_timestamp() ...)
- TODO: check
+ NOT-FOR-US: OpenPOWER firwmware
CVE-2021-36356 (KRAMER VIAware through August 2021 allows remote attackers to
execute ...)
NOT-FOR-US: KRAMER VIAware
CVE-2021-36355
@@ -19136,7 +19136,7 @@ CVE-2021-35232
CVE-2021-35231
RESERVED
CVE-2021-35230 (As a result of an unquoted service path vulnerability present
in the K ...)
- TODO: check
+ NOT-FOR-US: Kiwi CatTools Installation Wizard
CVE-2021-35229
RESERVED
CVE-2021-35228 (This vulnerability occurred due to missing input sanitization
for one ...)
@@ -27469,9 +27469,9 @@ CVE-2021-31837 (Memory corruption vulnerability in the
driver file component in
CVE-2021-31836 (Improper privilege management vulnerability in maconfig for
McAfee Age ...)
NOT-FOR-US: McAfee
CVE-2021-31835 (Cross-Site Scripting vulnerability in McAfee ePolicy
Orchestrator (ePO ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy
Orchestrat ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-31833
RESERVED
CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator
extension fo ...)
@@ -27962,7 +27962,7 @@ CVE-2021-31684 (A vulnerability was discovered in the
indexOf function of JSONPa
CVE-2021-31683
RESERVED
CVE-2021-31682 (The login portal for the Automated Logic WebCTRL/WebCTRL OEM
web appli ...)
- TODO: check
+ NOT-FOR-US: Automated Logic WebCTRL/WebCTRL OEM web application
CVE-2021-31681
RESERVED
CVE-2021-31680
@@ -31354,7 +31354,7 @@ CVE-2021-30361
CVE-2021-30360
RESERVED
CVE-2021-30359 (The Harmony Browse and the SandBlast Agent for Browsers
installers mus ...)
- TODO: check
+ NOT-FOR-US: Harmony Browse and the SandBlast Agent for Browsers
installers
CVE-2021-30358 (Mobile Access Portal Native Applications who's path is defined
by the ...)
NOT-FOR-US: Mobile Access Portal Native Applications
CVE-2021-30357 (SSL Network Extender Client for Linux before build 800008302
reveals p ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50bad0b57f523b58b4644e360da6f2372f46a071
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50bad0b57f523b58b4644e360da6f2372f46a071
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
