Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6f05cae2 by Salvatore Bonaccorso at 2021-11-30T21:26:47+01:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5109,7 +5109,7 @@ CVE-2021-3919
CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the
OAuth2 a ...)
NOT-FOR-US: JetBrains Ktor
CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options
header is m ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2021-43201 (In JetBrains TeamCity before 2021.1.3, a newly created project
could t ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2021-43200 (In JetBrains TeamCity before 2021.1.2, permission checks in
the Agent ...)
@@ -6643,9 +6643,9 @@ CVE-2021-42547
CVE-2021-42546
RESERVED
CVE-2021-42545 (An insufficient session expiration vulnerability exists in
Business-DN ...)
- TODO: check
+ NOT-FOR-US: Business-DNA Solutions
CVE-2021-42544 (Missing Rate Limiting in Web Applications operating on
Business-DNA So ...)
- TODO: check
+ NOT-FOR-US: Business-DNA Solutions
CVE-2021-42543 (The affected application uses specific functions that could be
abused ...)
NOT-FOR-US: AzeoTech
CVE-2021-42542 (The affected product is vulnerable to directory traversal due
to misha ...)
@@ -8833,23 +8833,23 @@ CVE-2021-42125
CVE-2021-42124
RESERVED
CVE-2021-42123 (Unrestricted File Upload in Web Applications operating on
Business-DNA ...)
- TODO: check
+ NOT-FOR-US: Business-DNA Solutions
CVE-2021-42122 (Insufficient Input Validation in Web Applications operating on
Busines ...)
- TODO: check
+ NOT-FOR-US: Business-DNA Solutions
CVE-2021-42121 (Insufficient Input Validation in Web Applications operating on
Busines ...)
- TODO: check
+ NOT-FOR-US: Business-DNA Solutions
CVE-2021-42120 (Insufficient Input Validation in Web Applications operating on
Busines ...)
- TODO: check
+ NOT-FOR-US: Business-DNA Solutions
CVE-2021-42119 (Persistent Cross Site Scripting in Web Applications operating
on Busin ...)
- TODO: check
+ NOT-FOR-US: Business-DNA Solutions
CVE-2021-42118 (Persistent Cross Site Scripting in Web Applications operating
on Busin ...)
- TODO: check
+ NOT-FOR-US: Business-DNA Solutions
CVE-2021-42117 (Insufficient Input Validation in Web Applications operating on
Busines ...)
- TODO: check
+ NOT-FOR-US: Business-DNA Solutions
CVE-2021-42116 (Incorrect Access Control in Web Applications operating on
Business-DNA ...)
- TODO: check
+ NOT-FOR-US: Business-DNA Solutions
CVE-2021-42115 (Missing HTTPOnly flag in Web Applications operating on
Business-DNA So ...)
- TODO: check
+ NOT-FOR-US: Business-DNA Solutions
CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a
vulnerability ...)
NOT-FOR-US: hardware vulnerability in DRAM devices (Blacksmith)
NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf
@@ -8917,7 +8917,7 @@ CVE-2021-41133 (Flatpak is a system for building,
distributing, and running sand
CVE-2021-42100
RESERVED
CVE-2021-42099 (Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable
to file- ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2021-42098 (An incomplete permission check on entries in Devolutions
Remote Deskto ...)
NOT-FOR-US: Devolutions
CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege
Escalation. A csr ...)
@@ -9940,11 +9940,11 @@ CVE-2021-41681
CVE-2021-41680
RESERVED
CVE-2021-41679 (A SQL injection vulnerability exists in version 8.0 of openSIS
when My ...)
- TODO: check
+ NOT-FOR-US: openSIS
CVE-2021-41678 (A SQL injection vulnerability exists in version 8.0 of openSIS
when My ...)
- TODO: check
+ NOT-FOR-US: openSIS
CVE-2021-41677 (A SQL injection vulnerability exists in version 8.0 of openSIS
when My ...)
- TODO: check
+ NOT-FOR-US: openSIS
CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy
Point o ...)
NOT-FOR-US: oretnom23 Pharmacy Point of Sale System
CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in
Sourcecodester E- ...)
@@ -16369,7 +16369,7 @@ CVE-2021-39001
CVE-2021-39000 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local
attacker to ob ...)
NOT-FOR-US: IBM
CVE-2021-38999 (IBM MQ Appliance could allow a local attacker to obtain
sensitive info ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-38998
RESERVED
CVE-2021-38997
@@ -34060,7 +34060,7 @@ CVE-2021-31789
CVE-2021-31788
RESERVED
CVE-2021-31787 (The Bluetooth Classic implementation on Actions ATS2815
chipsets does ...)
- TODO: check
+ NOT-FOR-US: Bluetooth Classic implementation on Actions ATS2815 chipsets
CVE-2021-31786 (The Bluetooth Classic Audio implementation on Actions ATS2815
and ATS2 ...)
NOT-FOR-US: Actions ATS
CVE-2021-31785 (The Bluetooth Classic implementation on Actions ATS2815 and
ATS2819 ch ...)
@@ -124982,7 +124982,7 @@ CVE-2020-7881 (The vulnerability function is enabled
when the streamer service r
CVE-2020-7880 (The vulnerabilty was discovered in ActiveX module related to
NeoRS rem ...)
TODO: check
CVE-2020-7879 (This issue was discovered when the ipTIME C200 IP Camera was
synchroni ...)
- TODO: check
+ NOT-FOR-US: ipTIME C200 IP Camera
CVE-2020-7878
RESERVED
CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote
adminis ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f05cae2333e6b34284502bc90d495eb25cd00ae
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f05cae2333e6b34284502bc90d495eb25cd00ae
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
