Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b9db915d by Salvatore Bonaccorso at 2021-10-29T22:17:29+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3969,7 +3969,7 @@ CVE-2021-41876
CVE-2021-41875
RESERVED
CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of
Portain ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top
box produ ...)
NOT-FOR-US: Penguin Aurora TV Box 41502
CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a
denial of s ...)
@@ -4297,11 +4297,11 @@ CVE-2021-41750
CVE-2021-41749
RESERVED
CVE-2021-41748 (An Incorrect Access Control issue exists in all versions of
Portainer. ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP
4.10.0, wh ...)
NOT-FOR-US: Csdn APP
CVE-2021-41746 (SQL Injection vulnerability exists in all versions of Yonyou
TurboCRM. ...)
- TODO: check
+ NOT-FOR-US: Yonyou TurboCRM
CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where
attackers can us ...)
NOT-FOR-US: ShowDoc
CVE-2021-41744 (All versions of yongyou PLM are affected by a command
injection issue. ...)
@@ -4445,11 +4445,11 @@ CVE-2021-41678
CVE-2021-41677
RESERVED
CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy
Point o ...)
- TODO: check
+ NOT-FOR-US: oretnom23 Pharmacy Point of Sale System
CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in
Sourcecodester E- ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester
E-Negosyo Syst ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-41673
RESERVED
CVE-2021-41672
@@ -4505,13 +4505,13 @@ CVE-2021-41648 (An un-authenticated SQL Injection
exists in PuneethReddyHC onlin
CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL
injection vul ...)
NOT-FOR-US: Kaushik Jadhav Online Food Ordering Web App
CVE-2021-41646 (Remote Code Execution (RCE) vulnerability exists in
Sourcecodester Onl ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-41645 (Remote Code Execution (RCE) vulnerability exists in
Sourcecodester Bud ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-41644 (Remote Code Exection (RCE) vulnerability exists in
Sourcecodester Onli ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in
Sourcecodester Chu ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-41642
RESERVED
CVE-2021-41641
@@ -5527,7 +5527,7 @@ CVE-2021-41191 (Roblox-Purchasing-Hub is an open source
Roblox product purchasin
CVE-2021-41190
RESERVED
CVE-2021-41189 (DSpace is an open source turnkey repository application. In
version 7. ...)
- TODO: check
+ NOT-FOR-US: DSpace
CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to
5.7.6 c ...)
NOT-FOR-US: Shopware
CVE-2021-41187
@@ -10341,7 +10341,7 @@ CVE-2021-39181 (OpenOlat is a web-based learning
management system (LMS). Prior
CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A
path trave ...)
NOT-FOR-US: OpenOLAT
CVE-2021-39179 (DHIS 2 is an information system for data capture, management,
validati ...)
- TODO: check
+ NOT-FOR-US: DHIS 2
CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between
10.0.0 and 1 ...)
NOT-FOR-US: next.js
CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and
Minecraft: J ...)
@@ -14631,7 +14631,7 @@ CVE-2021-37404
CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive
Authent ...)
NOT-FOR-US: firefly-iii
CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2021-3661
RESERVED
CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before
7.10.4-rev18 allows ...)
@@ -19726,11 +19726,11 @@ CVE-2021-35239 (A security researcher found a user
with Orion map manage rights
CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through
URL POST ...)
NOT-FOR-US: Solarwinds
CVE-2021-35237 (A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server
has left ...)
- TODO: check
+ NOT-FOR-US: Kiwi Syslog Server
CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog
Server 9.7 ...)
NOT-FOR-US: SolarWinds
CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog
Server ...)
- TODO: check
+ NOT-FOR-US: Kiwi Syslog Server
CVE-2021-35234
RESERVED
CVE-2021-35233 (The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog
Server ...)
@@ -28019,7 +28019,7 @@ CVE-2021-31863 (Insufficient input validation in the
Git repository integration
NOTE: https://www.redmine.org/news/131
NOTE:
https://www.redmine.org/projects/redmine/repository/revisions/20962
CVE-2021-31862 (SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp
parameter withou ...)
- TODO: check
+ NOT-FOR-US: SysAid
CVE-2021-31861
RESERVED
CVE-2021-31860
@@ -28682,13 +28682,13 @@ CVE-2021-31629
CVE-2021-31628
RESERVED
CVE-2021-31627 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through
V15.03.05.19(6 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2021-31626
RESERVED
CVE-2021-31625
RESERVED
CVE-2021-31624 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through
V15.03.05.19(6 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2021-31623
RESERVED
CVE-2021-31622
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9db915dc46ed218882a811da438d8d222642bd8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9db915dc46ed218882a811da438d8d222642bd8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
