Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a1487cff by Salvatore Bonaccorso at 2021-10-26T22:42:43+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3822,7 +3822,7 @@ CVE-2021-41875
CVE-2021-41874
RESERVED
CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top
box produ ...)
- TODO: check
+ NOT-FOR-US: Penguin Aurora TV Box 41502
CVE-2021-41872
RESERVED
CVE-2021-41871
@@ -5380,13 +5380,13 @@ CVE-2021-41190
CVE-2021-41189
RESERVED
CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to
5.7.6 c ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2021-41187
RESERVED
CVE-2021-41186
RESERVED
CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system.
An exploi ...)
- TODO: check
+ NOT-FOR-US: Mycodo
CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior
to vers ...)
- jqueryui <unfixed>
NOTE:
https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
@@ -5413,13 +5413,13 @@ CVE-2021-41177 (Nextcloud is an open-source,
self-hosted productivity platform.
CVE-2021-41176 (Pterodactyl is an open-source game server management panel
built with ...)
NOT-FOR-US: Pterodactyl
CVE-2021-41175 (Pi-hole's Web interface (based on AdminLTE) provides a central
locatio ...)
- TODO: check
+ NOT-FOR-US: Pi-hole
CVE-2021-41174
RESERVED
CVE-2021-41173 (Go Ethereum is the official Golang implementation of the
Ethereum prot ...)
TODO: check
CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. The Redis Manage
plugin for ...)
- TODO: check
+ NOT-FOR-US: AntSword plugin for Redis
CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for
research ...)
NOT-FOR-US: eLabFTW
CVE-2021-41170
@@ -5652,7 +5652,7 @@ CVE-2021-3802
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649
NOTE:
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
CVE-2021-41078 (Nameko through 2.13.0 can be tricked into performing arbitrary
code ex ...)
- TODO: check
+ NOT-FOR-US: Nameko
CVE-2021-3801 (prism is vulnerable to Inefficient Regular Expression
Complexity ...)
- node-prismjs 1.25.0+dfsg-1
[bullseye] - node-prismjs 1.23.0+dfsg-1+deb11u1
@@ -7379,11 +7379,11 @@ CVE-2021-40346 (An integer overflow exists in HAProxy
2.0 through 2.5 in htx_add
NOTE: https://www.mail-archive.com/[email protected]/msg41114.html
NOTE:
https://git.haproxy.org/?p=haproxy.git;a=commit;h=3b69886f7dcc3cfb3d166309018e6cfec9ce2c95
CVE-2021-40345 (An issue was discovered in Nagios XI 5.8.5. In the Manage
Dashlets sec ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-40344 (An issue was discovered in Nagios XI 5.8.5. In the Custom
Includes sec ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-40343 (An issue was discovered in Nagios XI 5.8.5. Insecure file
permissions ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-40342
RESERVED
CVE-2021-40341
@@ -14535,9 +14535,9 @@ CVE-2021-37374
CVE-2021-37373
RESERVED
CVE-2021-37372 (Online Student Admission System 1.0 is affected by an insecure
file up ...)
- TODO: check
+ NOT-FOR-US: Online Student Admission System
CVE-2021-37371 (Online Student Admission System 1.0 is affected by an
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Online Student Admission System
CVE-2021-37370
RESERVED
CVE-2021-37369
@@ -14551,9 +14551,9 @@ CVE-2021-37366 (CTparental before 4.45.03 is vulnerable
to cross-site request fo
CVE-2021-37365 (CTparental before 4.45.03 is vulnerable to cross-site
scripting (XSS) ...)
NOT-FOR-US: CTparental
CVE-2021-37364 (OpenClinic GA 5.194.18 is affected by Insecure Permissions. By
default ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2021-37363 (An Insecure Permissions issue exists in Gestionale Open
11.00.00. A lo ...)
- TODO: check
+ NOT-FOR-US: Gestionale Open
CVE-2021-37362
RESERVED
CVE-2021-37361
@@ -21001,13 +21001,13 @@ CVE-2021-34598
CVE-2021-34597
RESERVED
CVE-2021-34596 (A crafted request may cause a read access to an uninitialized
pointer ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2021-34595 (A crafted request with invalid offsets may cause an
out-of-bounds read ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2021-34594
RESERVED
CVE-2021-34593 (In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior
to versio ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2021-34592
RESERVED
CVE-2021-34591
@@ -21021,13 +21021,13 @@ CVE-2021-34588
CVE-2021-34587
RESERVED
CVE-2021-34586 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web
server req ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2021-34585 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web
server req ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2021-34584 (Crafted web server requests can be utilised to read partial
stack or h ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2021-34583 (Crafted web server requests may cause a heap-based buffer
overflow and ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2021-34582
RESERVED
CVE-2021-34581 (Missing Release of Resource after Effective Lifetime
vulnerability in ...)
@@ -41048,7 +41048,7 @@ CVE-2021-26611
CVE-2021-26610
RESERVED
CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A
SQL-Inject ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-26608 (An arbitrary file download and execution vulnerability was
found in th ...)
NOT-FOR-US: handysoft
CVE-2021-26607 (An Improper input validation in execDefaultBrowser method of
NEXACRO17 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1487cff70016be1b8044d39fa7e4384c14c2f20
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1487cff70016be1b8044d39fa7e4384c14c2f20
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
