Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
da8c5fc6 by Salvatore Bonaccorso at 2021-11-11T11:21:47+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -411,7 +411,7 @@ CVE-2021-43398 (Crypto++ (aka Cryptopp) 8.6.0 and earlier
contains a timing leak
- libcrypto++ <unfixed>
NOTE: https://github.com/weidai11/cryptopp/issues/1080
CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate
their priv ...)
- TODO: check
+ NOT-FOR-US: LiquidFiles
CVE-2021-43395
RESERVED
CVE-2021-43394
@@ -2652,7 +2652,7 @@ CVE-2021-3898
CVE-2021-3897
RESERVED
CVE-2021-42847 (Zoho ManageEngine ADAudit Plus before 7006 allows attackers to
write t ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2021-42846
RESERVED
CVE-2021-42845
@@ -5839,7 +5839,7 @@ CVE-2021-42004
CVE-2021-42003
RESERVED
CVE-2021-42002 (Zoho ManageEngine ADManager Plus before 7115 is vulnerable to
a filter ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2021-42001
RESERVED
CVE-2021-42000
@@ -6210,7 +6210,7 @@ CVE-2021-41838
CVE-2021-41837
RESERVED
CVE-2021-41833 (Zoho ManageEngine Patch Connect Plus before 90099 is
vulnerable to una ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2021-3848 (An arbitrary file creation by privilege escalation
vulnerability in Tr ...)
NOT-FOR-US: Trend Micro
CVE-2021-3847 [low-privileged user privileges escalation]
@@ -7969,9 +7969,9 @@ CVE-2021-41083 (Dada Mail is a web-based e-mail list
management system. In affec
CVE-2021-41082 (Discourse is a platform for community discussion. In affected
versions ...)
NOT-FOR-US: Discourse
CVE-2021-41081 (Zoho ManageEngine Network Configuration Manager before
 ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2021-41080 (Zoho ManageEngine Network Configuration Manager before
 ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and
10.0.0-M1 to 10. ...)
{DSA-4986-1 DLA-2764-1}
- tomcat9 9.0.53-1
@@ -9305,15 +9305,15 @@ CVE-2021-40523 (In Contiki 3.0, Telnet option
negotiation is mishandled. During
CVE-2021-40522
RESERVED
CVE-2021-40521 (Airangel HSMX Gateway devices through 5.2.04 allow Remote Code
Executi ...)
- TODO: check
+ NOT-FOR-US: Airangel
CVE-2021-40520 (Airangel HSMX Gateway devices through 5.2.04 have Weak SSH
Credentials ...)
- TODO: check
+ NOT-FOR-US: Airangel
CVE-2021-40519 (Airangel HSMX Gateway devices through 5.2.04 have Hard-coded
Database ...)
- TODO: check
+ NOT-FOR-US: Airangel
CVE-2021-40518 (Airangel HSMX Gateway devices through 5.2.04 allow CSRF. ...)
- TODO: check
+ NOT-FOR-US: Airangel
CVE-2021-40517 (Airangel HSMX Gateway devices through 5.2.04 is vulnerable to
stored C ...)
- TODO: check
+ NOT-FOR-US: Airangel
CVE-2021-40516 (WeeChat before 3.2.1 allows remote attackers to cause a denial
of serv ...)
{DLA-2770-1}
- weechat 3.2.1-1 (bug #993803)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da8c5fc6cd1fdcfd665e9768d580c5dbc5b5d3dc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da8c5fc6cd1fdcfd665e9768d580c5dbc5b5d3dc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
