Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f7cd5ada by Salvatore Bonaccorso at 2021-11-02T21:20:05+01:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2096,7 +2096,7 @@ CVE-2021-42765 (The Proof-of-Stake (PoS) Ethereum
consensus protocol through 202
CVE-2021-42764 (The Proof-of-Stake (PoS) Ethereum consensus protocol through
2021-10-1 ...)
NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol
CVE-2021-42763 (Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores
Sensitive In ...)
- TODO: check
+ NOT-FOR-US: Couchbase Server
CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before
2.34.1 allow ...)
{DSA-4996-1 DSA-4995-1}
- webkit2gtk 2.34.1-1
@@ -2119,7 +2119,7 @@ CVE-2021-42756
CVE-2021-42755
RESERVED
CVE-2021-42754 (An improper control of generation of code vulnerability
[CWE-94] in Fo ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-42753
RESERVED
CVE-2021-42752
@@ -2533,7 +2533,7 @@ CVE-2021-42570
CVE-2021-42569
RESERVED
CVE-2021-42568 (Sonatype Nexus Repository Manager 3.x through 3.35.0 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: Sonatype
CVE-2021-42567
RESERVED
CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error
parameter. ...)
@@ -7310,15 +7310,15 @@ CVE-2021-41025
CVE-2021-41024
RESERVED
CVE-2021-41023 (A unprotected storage of credentials in Fortinet FortiSIEM
Windows Age ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-41022 (A improper privilege management in Fortinet FortiSIEM Windows
Agent ve ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-41021
RESERVED
CVE-2021-41020
RESERVED
CVE-2021-41019 (An improper validation of certificate with host mismatch
[CWE-297] vul ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-41018
RESERVED
CVE-2021-41017
@@ -15036,7 +15036,7 @@ CVE-2021-3675
CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a
remote att ...)
NOT-FOR-US: resolution SAML SSO apps for Atlassian products
CVE-2021-37842 (metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of
Sensiti ...)
- TODO: check
+ NOT-FOR-US: Couchbase Server
CVE-2021-37841 (Docker Desktop before 3.6.0 suffers from incorrect access
control. If ...)
NOT-FOR-US: Docker Desktop on Windows
CVE-2021-37840 (aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking
(CSWH) in ...)
@@ -17128,13 +17128,13 @@ CVE-2021-36927 (Windows Digital TV Tuner device
registration application Elevati
CVE-2021-36926 (Windows Services for NFS ONCRPC XDR Driver Information
Disclosure Vuln ...)
NOT-FOR-US: Microsoft
CVE-2021-36925 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for
Camera/Hub/Audio t ...)
- TODO: check
+ NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
CVE-2021-36924 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for
Camera/Hub/Audio t ...)
- TODO: check
+ NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
CVE-2021-36923 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for
Camera/Hub/Audio t ...)
- TODO: check
+ NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
CVE-2021-36922 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for
Camera/Hub/Audio t ...)
- TODO: check
+ NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web
Applicatio ...)
NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall
(AIWAF) devices
CVE-2021-36920
@@ -17424,7 +17424,7 @@ CVE-2021-36796
CVE-2021-36795 (A permission issue in the Cohesity Linux agent may allow
privilege esc ...)
NOT-FOR-US: Cohesity
CVE-2021-36794 (In Siren Investigate before 11.1.4, when enabling the cluster
feature ...)
- TODO: check
+ NOT-FOR-US: Siren Investigate
CVE-2021-36793 (The routes (aka Extbase Yaml Routes) extension before 2.1.1
for TYPO3, ...)
NOT-FOR-US: routes (aka Extbase Yaml Routes) extension for TYPO3
CVE-2021-36792 (The dated_news (aka Dated News) extension through 5.1.1 for
TYPO3 has ...)
@@ -18013,7 +18013,7 @@ CVE-2021-36562
CVE-2021-36561
RESERVED
CVE-2021-36560 (Phone Shop Sales Managements System using PHP with Source Code
1.0 is ...)
- TODO: check
+ NOT-FOR-US: Phone Shop Sales Managements System
CVE-2021-36559
RESERVED
CVE-2021-36558
@@ -18823,19 +18823,19 @@ CVE-2021-36189
CVE-2021-36188
RESERVED
CVE-2021-36187 (A uncontrolled resource consumption in Fortinet FortiWeb
version 6.4.0 ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-36186 (A stack-based buffer overflow in Fortinet FortiWeb version
6.4.0, vers ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-36185 (A improper neutralization of special elements used in an OS
command (' ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-36184 (A improper neutralization of Special Elements used in an SQL
Command ( ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-36183 (An improper authorization vulnerability [CWE-285] in
FortiClient for W ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-36182 (A Improper neutralization of special elements used in a
command ('Comm ...)
NOT-FOR-US: FortiGuard
CVE-2021-36181 (A concurrent execution using shared resource with improper
Synchroniza ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-36180
RESERVED
CVE-2021-36179 (A stack-based buffer overflow in Fortinet FortiWeb version
6.3.14 and ...)
@@ -18845,15 +18845,15 @@ CVE-2021-36178 (A insufficiently protected
credentials in Fortinet FortiSDNConne
CVE-2021-36177
RESERVED
CVE-2021-36176 (Multiple uncontrolled resource consumption vulnerabilities in
the web ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in
FortiWeb ...)
NOT-FOR-US: Fortiguard
CVE-2021-36174 (A memory allocation with excessive size value vulnerability in
the lic ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-36173
RESERVED
CVE-2021-36172 (An improper restriction of XML external entity reference
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-36171
RESERVED
CVE-2021-36170 (An information disclosure vulnerability [CWE-200] in
FortiAnalyzerVM a ...)
@@ -27491,7 +27491,7 @@ CVE-2021-32597 (Multiple improper neutralization of
input during web page genera
CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in
the pas ...)
NOT-FOR-US: FortiPortal
CVE-2021-32595 (Multiple uncontrolled resource consumption vulnerabilities in
the web ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface
of Fort ...)
NOT-FOR-US: FortiPortal
CVE-2021-32593
@@ -40084,9 +40084,9 @@ CVE-2021-27725
CVE-2021-27724
RESERVED
CVE-2021-27723 (An issue was discovered in Nsasoft US LLC Product Key Explorer
4.2.7. ...)
- TODO: check
+ NOT-FOR-US: Nsasoft US LLC Product Key Explorer
CVE-2021-27722 (An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5.
The progr ...)
- TODO: check
+ NOT-FOR-US: Nsasoft US LLC SpotAuditor
CVE-2021-27721
RESERVED
CVE-2021-27720
@@ -44039,7 +44039,7 @@ CVE-2021-26109
CVE-2021-26108
RESERVED
CVE-2021-26107 (An improper access control vulnerability [CWE-284] in
FortiManager ver ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2021-26106 (An improper neutralization of special elements used in an OS
Command v ...)
NOT-FOR-US: Fortiguard
CVE-2021-26105
@@ -61021,7 +61021,7 @@ CVE-2020-35251
CVE-2020-35250
RESERVED
CVE-2020-35249 (Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3,
allows ...)
- TODO: check
+ NOT-FOR-US: ElkarBackup
CVE-2020-35248
RESERVED
CVE-2020-35247
@@ -72124,7 +72124,7 @@ CVE-2020-27408 (OpenSIS Community Edition through 7.6
is affected by incorrect a
CVE-2020-27407
RESERVED
CVE-2020-27406 (Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1,
allows authen ...)
- TODO: check
+ NOT-FOR-US: DynPG
CVE-2020-27405
RESERVED
CVE-2020-27404
@@ -80824,7 +80824,7 @@ CVE-2020-23756
CVE-2020-23755
RESERVED
CVE-2020-23754 (Cross Site Scripting (XSS) vulnerability in
infusions/member_poll_pane ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2020-23753
RESERVED
CVE-2020-23752
@@ -80894,9 +80894,9 @@ CVE-2020-23721 (An issue was discovered in FUEL CMS
V1.4.7. An attacker can use
CVE-2020-23720
RESERVED
CVE-2020-23719 (Cross site scripting (XSS) vulnerability in
application/controllers/Ad ...)
- TODO: check
+ NOT-FOR-US: xujinliang zibbs
CVE-2020-23718 (Cross site scripting (XSS) vulnerability in xujinliang zibbs
1.0, allo ...)
- TODO: check
+ NOT-FOR-US: xujinliang zibbs
CVE-2020-23717
RESERVED
CVE-2020-23716
@@ -80960,9 +80960,9 @@ CVE-2020-23688
CVE-2020-23687
RESERVED
CVE-2020-23686 (Cross site request forgery (CSRF) vulnerability in AyaCMS
3.1.2 allows ...)
- TODO: check
+ NOT-FOR-US: AyaCMS
CVE-2020-23685 (SQL Injection vulnerability in 188Jianzhan v2.1.0, allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: 188Jianzhan
CVE-2020-23684
RESERVED
CVE-2020-23683
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7cd5ada1d287af0465162cda130d0573bc10410
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7cd5ada1d287af0465162cda130d0573bc10410
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
