Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0255c233 by Salvatore Bonaccorso at 2021-10-27T22:56:23+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -419,7 +419,7 @@ CVE-2021-3902
CVE-2021-3901
RESERVED
CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
...)
- TODO: check
+ NOT-FOR-US: firefly-iii
CVE-2021-42852
RESERVED
CVE-2021-42851
@@ -3866,7 +3866,7 @@ CVE-2021-41874
CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top
box produ ...)
NOT-FOR-US: Penguin Aurora TV Box 41502
CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a
denial of s ...)
- TODO: check
+ NOT-FOR-US: Skyworth Digital Technology Penguin Aurora Box 41502
CVE-2021-41871
RESERVED
CVE-2021-41870
@@ -7983,7 +7983,7 @@ CVE-2021-40127
CVE-2021-40126
RESERVED
CVE-2021-40125 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2)
impleme ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-40124
RESERVED
CVE-2021-40123 (A vulnerability in the web-based management interface of Cisco
Identit ...)
@@ -7997,15 +7997,15 @@ CVE-2021-40120
CVE-2021-40119
RESERVED
CVE-2021-40118 (Multiple vulnerabilities in the web services interface of
Cisco Adapti ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-40117 (A vulnerability in SSL/TLS message handler for Cisco Adaptive
Security ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-40116 (Multiple Cisco products are affected by a vulnerability in
Snort rules ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-40115
RESERVED
CVE-2021-40114 (Multiple Cisco products are affected by a vulnerability in the
way the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-40113
RESERVED
CVE-2021-40112
@@ -11921,7 +11921,7 @@ CVE-2021-38452 (A path traversal vulnerability in the
Moxa MXview Network Manage
CVE-2021-38451 (The affected product’s proprietary protocol CSC allows
for calli ...)
NOT-FOR-US: AUVESY
CVE-2021-38450 (The affected controllers do not properly sanitize the input
containing ...)
- TODO: check
+ NOT-FOR-US: Trane
CVE-2021-38449 (Some API functions permit by-design writing or copying data
into a giv ...)
NOT-FOR-US: AUVESY
CVE-2021-38448
@@ -13581,17 +13581,17 @@ CVE-2021-37810
CVE-2021-37809
RESERVED
CVE-2021-37808 (SQL Injection vulnerabilities exist in https://phpgurukul.com
News Por ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2021-37807 (An SQL Injection vulneraility exists in https://phpgurukul.com
Online ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2021-37806 (An SQL Injection vulnerability exists in
https://phpgurukul.com Vehicl ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2021-37805 (A Stored Cross Site Scripting (XSS) vunerability exists in
Sourcecodes ...)
- TODO: check
+ NOT-FOR-US: Sourcecodeste Vehicle Parking Management System
CVE-2021-37804
RESERVED
CVE-2021-37803 (An SQL Injection vulnerability exists in Sourcecodester Online
Covid V ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Covid Vaccination Scheduler System
CVE-2021-37802
RESERVED
CVE-2021-37801
@@ -14896,7 +14896,7 @@ CVE-2021-37223 (Nagios Enterprises NagiosXI <= 5.8.4
contains a Server-Side R
CVE-2021-37222 (Parsers in the open source project RCDCAP before 1.0.5 allow
remote at ...)
NOT-FOR-US: RCDCAP
CVE-2021-37221 (A file upload vulnerability exists in Sourcecodester Customer
Relation ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Customer Relationship Management System
CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the
cached col ...)
- mupdf 1.17.0+ds1-2 (bug #991402)
[buster] - mupdf <no-dsa> (Minor issue; can be fixed via point release)
@@ -20593,21 +20593,21 @@ CVE-2021-34796
CVE-2021-34795
RESERVED
CVE-2021-34794 (A vulnerability in the Simple Network Management Protocol
version 3 (S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34793 (A vulnerability in the TCP Normalizer of Cisco Adaptive
Security Appli ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34792 (A vulnerability in the memory management of Cisco Adaptive
Security Ap ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34791 (Multiple vulnerabilities in the Application Level Gateway
(ALG) for th ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34790 (Multiple vulnerabilities in the Application Level Gateway
(ALG) for th ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34789 (A vulnerability in the web-based management interface of Cisco
Tetrati ...)
NOT-FOR-US: Cisco
CVE-2021-34788 (A vulnerability in the shared library loading mechanism of
Cisco AnyCo ...)
NOT-FOR-US: Cisco
CVE-2021-34787 (A vulnerability in the identity-based firewall (IDFW) rule
processing ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34786 (Multiple vulnerabilities in Cisco BroadWorks CommPilot
Application Sof ...)
NOT-FOR-US: Cisco
CVE-2021-34785 (Multiple vulnerabilities in Cisco BroadWorks CommPilot
Application Sof ...)
@@ -20615,11 +20615,11 @@ CVE-2021-34785 (Multiple vulnerabilities in Cisco
BroadWorks CommPilot Applicati
CVE-2021-34784
RESERVED
CVE-2021-34783 (A vulnerability in the software-based SSL/TLS message handler
of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34782 (A vulnerability in the API endpoints for Cisco DNA Center
could allow ...)
NOT-FOR-US: Cisco
CVE-2021-34781 (A vulnerability in the processing of SSH connections for
multi-instanc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34780 (Multiple vulnerabilities exist in the Link Layer Discovery
Protocol (L ...)
NOT-FOR-US: Cisco
CVE-2021-34779 (Multiple vulnerabilities exist in the Link Layer Discovery
Protocol (L ...)
@@ -20653,13 +20653,13 @@ CVE-2021-34766 (A vulnerability in the web UI of
Cisco Smart Software Manager On
CVE-2021-34765 (A vulnerability in the web UI for Cisco Nexus Insights could
allow an ...)
NOT-FOR-US: Cisco
CVE-2021-34764 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34763 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34762 (A vulnerability in the web-based management interface of Cisco
Firepow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34761 (A vulnerability in Cisco Firepower Threat Defense (FTD)
Software could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34760 (A vulnerability in the web-based management interface of Cisco
TelePre ...)
NOT-FOR-US: Cisco
CVE-2021-34759 (A vulnerability in the web-based management interface of Cisco
Identit ...)
@@ -20669,11 +20669,11 @@ CVE-2021-34758 (A vulnerability in the memory
management of Cisco TelePresence C
CVE-2021-34757 (Multiple vulnerabilities in Cisco Business 220 Series Smart
Switches f ...)
NOT-FOR-US: Cisco
CVE-2021-34756 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat
Defense ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34755 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat
Defense ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34754 (Multiple vulnerabilities in the payload inspection for
Ethernet Indust ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34753
RESERVED
CVE-2021-34752
@@ -21078,7 +21078,7 @@ CVE-2021-34582
CVE-2021-34581 (Missing Release of Resource after Effective Lifetime
vulnerability in ...)
NOT-FOR-US: WAGO
CVE-2021-34580 (In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated
user can ...)
- TODO: check
+ NOT-FOR-US: MB connect line
CVE-2021-34579
RESERVED
CVE-2021-34578 (This vulnerability allows an attacker who has access to the
WBM to rea ...)
@@ -41099,13 +41099,13 @@ CVE-2021-26612
CVE-2021-26611
RESERVED
CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform
an integ ...)
- TODO: check
+ NOT-FOR-US: godomall5
CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A
SQL-Inject ...)
NOT-FOR-US: WordPress plugin
CVE-2021-26608 (An arbitrary file download and execution vulnerability was
found in th ...)
NOT-FOR-US: handysoft
CVE-2021-26607 (An Improper input validation in execDefaultBrowser method of
NEXACRO17 ...)
- TODO: check
+ NOT-FOR-US: NEXACRO17
CVE-2021-26606 (A vulnerability in PKI Security Solution of Dream Security
could allow ...)
NOT-FOR-US: Dream Security
CVE-2021-26605 (An improper input validation vulnerability in the service of
ezPDFRead ...)
@@ -76583,7 +76583,7 @@ CVE-2020-24934
CVE-2020-24933
RESERVED
CVE-2020-24932 (An SQL Injection vulnerability exists in Sourcecodester
Complaint Mana ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2020-24931
RESERVED
CVE-2020-24930 (Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is
an open ...)
@@ -84654,7 +84654,7 @@ CVE-2020-21252
CVE-2020-21251
RESERVED
CVE-2020-21250 (CSZ CMS v1.2.4 was discovered to contain an arbitrary file
upload vuln ...)
- TODO: check
+ NOT-FOR-US: CSZ CMS
CVE-2020-21249
RESERVED
CVE-2020-21248
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0255c233e22afc42e1cda18f547068e81183b676
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0255c233e22afc42e1cda18f547068e81183b676
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
