Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
54f0f060 by Neil Williams at 2021-12-03T11:34:53+00:00
NFUs and two ITPs
libredwg and libretime
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3127,13 +3127,13 @@ CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a
Cross Site Scripting (XSS)
CVE-2021-43686 (nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS)
vulnerabilit ...)
NOT-FOR-US: nZEDb
CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation
vulnerab ...)
- TODO: check
+ - libretime <itp> (bug #888687)
CVE-2021-43684
RESERVED
CVE-2021-43683 (pictshare v1.5 is affected by a Cross Site Scripting (XSS)
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: pictshare
CVE-2021-43682 (thinkphp-bjyblog (last update Jun 4 2021) is affected by a
Cross Site ...)
- TODO: check
+ NOT-FOR-US: ThinkPHP BJY Blog
CVE-2021-43681 (SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting
(XSS) vulne ...)
NOT-FOR-US: SakuraPanel
CVE-2021-43680
@@ -4047,7 +4047,7 @@ CVE-2021-43329
CVE-2021-43328
RESERVED
CVE-2021-43327 (An issue was discovered on Renesas RX65 and RX65N devices.
With a VCC ...)
- TODO: check
+ NOT-FOR-US: Renesas
CVE-2021-43326
RESERVED
CVE-2021-43325
@@ -6508,7 +6508,7 @@ CVE-2021-42713
CVE-2021-42712
RESERVED
CVE-2021-42711 (Barracuda Network Access Client before 5.2.2 creates a
Temporary File ...)
- TODO: check
+ NOT-FOR-US: Barracuda Network Access Client
CVE-2021-42710
RESERVED
CVE-2021-42709
@@ -6806,7 +6806,7 @@ CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS
via the Error parameter.
CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter.
...)
NOT-FOR-US: myfactory.FMS
CVE-2021-42564 (An open redirect through HTML injection in confidential
messages in Cr ...)
- TODO: check
+ NOT-FOR-US: Cryptshare Server
CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator
(nisvcloc.exe) ...)
NOT-FOR-US: NI Service Locator
CVE-2021-3893
@@ -43262,9 +43262,9 @@ CVE-2021-28239
CVE-2021-28238
RESERVED
CVE-2021-28237 (LibreDWG v0.12.3 was discovered to contain a heap-buffer
overflow via ...)
- TODO: check
+ - libredwg <itp> (bug #595191)
CVE-2021-28236 (LibreDWG v0.12.3 was discovered to contain a NULL pointer
dereference ...)
- TODO: check
+ - libredwg <itp> (bug #595191)
CVE-2021-28235
RESERVED
CVE-2021-28234
@@ -47223,7 +47223,7 @@ CVE-2021-26614 (ius_get.cgi in IpTime C200 camera
allows remote code execution.
CVE-2021-26613
RESERVED
CVE-2021-26612 (An improper input validation leading to arbitrary file
creation was di ...)
- TODO: check
+ NOT-FOR-US: Tobesoft Nexacro
CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials
vulnera ...)
NOT-FOR-US: HejHome GKW-IC052 IP Camera
CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform
an integ ...)
@@ -47895,7 +47895,7 @@ CVE-2021-26336 (Insufficient bounds checking in System
Management Unit (SMU) may
CVE-2021-26335 (Improper input and range checking in the Platform Security
Processor ( ...)
NOT-FOR-US: AMD
CVE-2021-26334 (The AMDPowerProfiler.sys driver of AMD μProf tool may
allow lower ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform
Securit ...)
NOT-FOR-US: AMD
CVE-2021-26332
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54f0f0609bb39f919f7b3cc55231b74eed3cdb30
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54f0f0609bb39f919f7b3cc55231b74eed3cdb30
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
