Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5966c07a by Salvatore Bonaccorso at 2021-12-09T22:05:57+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -798,7 +798,7 @@ CVE-2021-44479 (NXP Kinetis K82 devices have a buffer
over-read via a crafted wl
CVE-2021-44478
RESERVED
CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network
Security Ma ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-21240
RESERVED
CVE-2022-21237
@@ -3763,7 +3763,7 @@ CVE-2021-43705
CVE-2021-43704
RESERVED
CVE-2021-43703 (An Incorrect Access Control vulnerability exists in zzcms less
than or ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2021-43702
RESERVED
CVE-2021-43701
@@ -6055,7 +6055,7 @@ CVE-2021-43206
CVE-2021-43205
RESERVED
CVE-2021-43204 (A improper control of a resource through its lifetime in
Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
...)
NOT-FOR-US: firefly-iii
CVE-2021-3920 (grav-plugin-admin is vulnerable to Improper Neutralization of
Input Du ...)
@@ -6117,9 +6117,9 @@ CVE-2021-43178
CVE-2021-43177
RESERVED
CVE-2021-43176 (The GOautodial API prior to commit 3c3a979 made on October
13th, 2021 ...)
- TODO: check
+ NOT-FOR-US: GOautodial API
CVE-2021-43175 (The GOautodial API prior to commit 3c3a979 made on October
13th, 2021 ...)
- TODO: check
+ NOT-FOR-US: GOautodial API
CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification
of Obj ...)
- node-json-schema 0.4.0+~7.0.9-1 (bug #999765)
[bullseye] - node-json-schema <no-dsa> (Minor issue)
@@ -6355,19 +6355,19 @@ CVE-2021-43073
CVE-2021-43072
RESERVED
CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version
6.4.1 and 6. ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-43070
RESERVED
CVE-2021-43069
RESERVED
CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator
version 6.4.0 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-43067 (A exposure of sensitive information to an unauthorized actor
in Fortin ...)
NOT-FOR-US: FortiGuard
CVE-2021-43066
RESERVED
CVE-2021-43065 (A incorrect permission assignment for critical resource in
Fortinet Fo ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-43064 (A url redirection to untrusted site ('open redirect') in
Fortinet Fort ...)
NOT-FOR-US: FortiGuard
CVE-2021-43063 (A improper neutralization of input during web page generation
('cross- ...)
@@ -7095,7 +7095,7 @@ CVE-2021-42761
CVE-2021-42760 (A improper neutralization of special elements used in an sql
command ( ...)
NOT-FOR-US: FortiGuard
CVE-2021-42759 (A violation of secure design principles in Fortinet Meru AP
version 8. ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-42758 (An improper access control vulnerability [CWE-284] in FortiWLC
8.6.1 a ...)
NOT-FOR-US: FortiGuard
CVE-2021-42757 (A buffer overflow [CWE-121] in the TFTP client library of
FortiOS befo ...)
@@ -11304,7 +11304,7 @@ CVE-2021-3819 (firefly-iii is vulnerable to Cross-Site
Request Forgery (CSRF) ..
CVE-2021-3818 (grav is vulnerable to Reliance on Cookies without Validation
and Integ ...)
NOT-FOR-US: Grav CMS
CVE-2021-3817 (wbce_cms is vulnerable to Improper Neutralization of Special
Elements ...)
- TODO: check
+ NOT-FOR-US: wbce_cms
CVE-2021-41523
RESERVED
CVE-2021-41522
@@ -11466,7 +11466,7 @@ CVE-2021-41451
CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before
v1_211117 al ...)
NOT-FOR-US: TP-Link
CVE-2021-41449 (A path traversal attack in web interfaces of Netgear RAX35,
RAX38, and ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-41448
RESERVED
CVE-2021-41447
@@ -14298,13 +14298,13 @@ CVE-2021-40284 (D-Link DSL-3782 EU v1.01:EU v1.03 is
affected by a buffer overfl
CVE-2021-40283
RESERVED
CVE-2021-40282 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020,
abd 202 ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2021-40281 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020,
and 202 ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2021-40280 (An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020,
and 2021 ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2021-40279 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020,
and 202 ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2021-40278
RESERVED
CVE-2021-40277
@@ -24132,7 +24132,7 @@ CVE-2021-36196
CVE-2021-36195 (Multiple command injection vulnerabilities in the command line
interpr ...)
NOT-FOR-US: FortiGuard
CVE-2021-36194 (Multiple stack-based buffer overflows in the API controllers
of FortiW ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-36193
RESERVED
CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor
[CWE-200 ...)
@@ -24142,7 +24142,7 @@ CVE-2021-36191 (A url redirection to untrusted site
('open redirect') in Fortine
CVE-2021-36190 (A unintended proxy or intermediary ('confused deputy') in
Fortinet For ...)
NOT-FOR-US: FortiGuard
CVE-2021-36189 (A missing encryption of sensitive data in Fortinet
FortiClientEMS vers ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-36188 (A improper neutralization of input during web page generation
('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2021-36187 (A uncontrolled resource consumption in Fortinet FortiWeb
version 6.4.0 ...)
@@ -24186,7 +24186,7 @@ CVE-2021-36169
CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory
('Path T ...)
NOT-FOR-US: Fortinet
CVE-2021-36167 (An improper authorization vulnerabiltiy [CWE-285] in
FortiClient Windo ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-36166
RESERVED
CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is
affected by c ...)
@@ -45185,7 +45185,7 @@ CVE-2021-27862
CVE-2021-27861
RESERVED
CVE-2021-27860 (A vulnerability in the web management interface of FatPipe
WARP, IPVPN ...)
- TODO: check
+ NOT-FOR-US: FatPipe
CVE-2021-27859
RESERVED
CVE-2021-27858
@@ -54835,13 +54835,13 @@ CVE-2021-23864
CVE-2021-23863
RESERVED
CVE-2021-23862 (A crafted configuration packet sent by an authenticated
administrative ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23861 (By executing a special command, an user with administrative
rights can ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23860 (An error in a page handler of the VRM may lead to a reflected
cross si ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23859 (An unauthenticated attacker is able to send a special HTTP
request, th ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23858 (Information disclosure: The main configuration, including
users and th ...)
NOT-FOR-US: Bosch
CVE-2021-23857 (Login with hash: The login routine allows the client to log in
to the ...)
@@ -59179,9 +59179,9 @@ CVE-2021-21957 (A privilege escalation vulnerability
exists in the Remote Server
CVE-2021-21956
RESERVED
CVE-2021-21955 (An authentication bypass vulnerability exists in the
get_aes_key_info_ ...)
- TODO: check
+ NOT-FOR-US: Anker Eufy Homebase
CVE-2021-21954 (A command execution vulnerability exists in the
wifi_country_code_upda ...)
- TODO: check
+ NOT-FOR-US: Anker Eufy Homebase
CVE-2021-21953
RESERVED
CVE-2021-21952
@@ -95164,9 +95164,9 @@ CVE-2020-19685
CVE-2020-19684
RESERVED
CVE-2020-19683 (A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an
editfile a ...)
- TODO: check
+ NOT-FOR-US: zzzcms
CVE-2020-19682 (A Cross Site Request Forgery (CSRF) vulnerability exits in
ZZZCMS V1.7 ...)
- TODO: check
+ NOT-FOR-US: zzzcms
CVE-2020-19681
RESERVED
CVE-2020-19680
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5966c07a80142710d42bdad78a7f72d9eae65c85
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5966c07a80142710d42bdad78a7f72d9eae65c85
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
