Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
906f360e by Salvatore Bonaccorso at 2021-11-26T21:42:25+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1382,7 +1382,7 @@ CVE-2021-43778 (Barcode is a GLPI plugin for printing
barcodes and QR codes. GLP
CVE-2021-43777 (Redash is a package for data visualization and sharing. In
Redash vers ...)
NOT-FOR-US: Redash
CVE-2021-43776 (Backstage is an open platform for building developer portals.
In affec ...)
- TODO: check
+ NOT-FOR-US: Backstage
CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment
trackin ...)
NOT-FOR-US: Aim
CVE-2021-3967
@@ -10333,7 +10333,7 @@ CVE-2021-41281 (Synapse is a package for Matrix
homeservers written in Python 3/
CVE-2021-41280 (Sharetribe Go is a source available marketplace software. In
affected ...)
NOT-FOR-US: Sharetribe Go
CVE-2021-41279 (BaserCMS is an open source content management system with a
focus on J ...)
- TODO: check
+ NOT-FOR-US: BaserCMS
CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing
necessary ...)
NOT-FOR-US: EdgeX
CVE-2021-41277 (Metabase is an open source data analytics platform. In
affected versio ...)
@@ -10423,7 +10423,7 @@ CVE-2021-41245
CVE-2021-41244 (Grafana is an open-source platform for monitoring and
observability. I ...)
- grafana <removed>
CVE-2021-41243 (There is a Potential Zip Slip Vulnerability and OS Command
Injection V ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2021-41242
RESERVED
CVE-2021-41241
@@ -11396,7 +11396,7 @@ CVE-2021-40835
CVE-2021-40834
RESERVED
CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was
discovered whe ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in
F-Secure Atl ...)
NOT-FOR-US: F-Secure
CVE-2021-40831 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js
appends a ...)
@@ -16510,9 +16510,9 @@ CVE-2021-38688
CVE-2021-38687
RESERVED
CVE-2021-38686 (An improper authentication vulnerability has been reported to
affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38685 (A command injection vulnerability has been reported to affect
QNAP dev ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38684 (A stack buffer overflow vulnerability has been reported to
affect QNAP ...)
NOT-FOR-US: QNAP
CVE-2021-38683
@@ -20867,7 +20867,7 @@ CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP
Application Insight Web Appl
CVE-2021-36920
RESERVED
CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS)
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36918
RESERVED
CVE-2021-36917 (WordPress Hide My WP plugin (versions <= 6.2.3) can be
deactivated ...)
@@ -21019,7 +21019,7 @@ CVE-2021-36845 (Multiple Authenticated Stored
Cross-Site Scripting (XSS) vulnera
CVE-2021-36844
RESERVED
CVE-2021-36843 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability
discover ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36842
RESERVED
CVE-2021-36841 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability
in YITH ...)
@@ -21091,7 +21091,7 @@ CVE-2021-36809
CVE-2021-36808 (A local attacker could bypass the app password using a race
condition ...)
NOT-FOR-US: Sophos
CVE-2021-36807 (An authenticated user could potentially execute code via an
SQLi vulne ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2021-36806
RESERVED
CVE-2020-36431 (Unicorn Engine 1.0.2 has an out-of-bounds write in
helper_wfe_arm. ...)
@@ -33318,7 +33318,7 @@ CVE-2021-31824
CVE-2021-31823
RESERVED
CVE-2021-31822 (When Octopus Tentacle is installed on a Linux operating
system, the sy ...)
- TODO: check
+ NOT-FOR-US: Octopus Tentacle
CVE-2021-31821
RESERVED
CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server
Web Req ...)
@@ -46426,7 +46426,7 @@ CVE-2021-26617
CVE-2021-26616
RESERVED
CVE-2021-26615 (ARK library allows attackers to execute remote code via the
parameter( ...)
- TODO: check
+ NOT-FOR-US: ARK library
CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code
execution. A remo ...)
NOT-FOR-US: IpTime C200 camera
CVE-2021-26613
@@ -46434,7 +46434,7 @@ CVE-2021-26613
CVE-2021-26612
RESERVED
CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials
vulnera ...)
- TODO: check
+ NOT-FOR-US: HejHome GKW-IC052 IP Camera
CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform
an integ ...)
NOT-FOR-US: godomall5
CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A
SQL-Inject ...)
@@ -50065,7 +50065,7 @@ CVE-2021-25271 (A local attacker could read or write
arbitrary files with admini
CVE-2021-25270 (A local attacker could execute arbitrary code with
administrator privi ...)
NOT-FOR-US: HitmanPro
CVE-2021-25269 (A local administrator could prevent the HMPA service from
starting des ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2021-25268
RESERVED
CVE-2021-25267
@@ -61933,7 +61933,7 @@ CVE-2021-20837 (Movable Type 7 r.5002 and earlier
(Movable Type 7 Series), Movab
CVE-2021-20836 (Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13
and v4.0.0 ...)
NOT-FOR-US: CX-Supervisor
CVE-2021-20835 (Improper authorization in handler for custom URL scheme
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Android App 'Mercari (Merpay) - Marketplace and Mobile
Payments App'
CVE-2021-20834 (Improper authorization in handler for custom URL scheme
vulnerability ...)
NOT-FOR-US: Nike App
CVE-2021-20833 (The SNKRDUNK Market Place App for iOS versions prior to 2.2.0
does not ...)
@@ -124409,7 +124409,7 @@ CVE-2020-7883
CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can
see th ...)
NOT-FOR-US: anySign
CVE-2020-7881 (The vulnerability function is enabled when the streamer service
relate ...)
- TODO: check
+ NOT-FOR-US: AfreecaTV
CVE-2020-7880
RESERVED
CVE-2020-7879
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/906f360e750ded8df9c842d36e6a27141145000a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/906f360e750ded8df9c842d36e6a27141145000a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
