Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
14ccc8be by Salvatore Bonaccorso at 2021-12-10T13:44:47+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -796,7 +796,7 @@ CVE-2021-44516
CVE-2021-44515
RESERVED
CVE-2021-44514 (ManageEngine's OpUtils 12.5.556 and prior allow access to a
few audit ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2021-44513 (Insecure creation of temporary directories in tmate-ssh-server
2.3.0 a ...)
- tmate-ssh-server <unfixed> (bug #1001225)
NOTE: Fixed by:
https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596
@@ -1162,7 +1162,7 @@ CVE-2021-44354
CVE-2021-4034
RESERVED
CVE-2021-4033 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: kimai2
CVE-2019-25053
RESERVED
CVE-2021-44353
@@ -2215,7 +2215,7 @@ CVE-2021-43984
CVE-2021-43983
RESERVED
CVE-2021-43982 (Delta Electronics CNCSoft Versions 1.01.30 and prior are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Delta
CVE-2021-43981
RESERVED
CVE-2021-43980
@@ -2786,7 +2786,7 @@ CVE-2021-43813
CVE-2021-43812
RESERVED
CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for
Neural Ma ...)
- TODO: check
+ NOT-FOR-US: Sockeye
CVE-2021-43810 (Admidio is a free open source user management system for
websites of o ...)
TODO: check
CVE-2021-43809 (`Bundler` is a package for managing application dependencies
in Ruby. ...)
@@ -10995,13 +10995,13 @@ CVE-2021-41699
CVE-2021-41698
RESERVED
CVE-2021-41697 (A reflected Cross Site Scripting (XSS) vulnerability exists in
Premium ...)
- TODO: check
+ NOT-FOR-US: Premiumdatingscript
CVE-2021-41696 (An authentication bypass (account takeover) vulnerability
exists in Pr ...)
- TODO: check
+ NOT-FOR-US: Premiumdatingscript
CVE-2021-41695 (An SQL Injection vulnerability exists in Premiumdatingscript
4.2.7.7 v ...)
- TODO: check
+ NOT-FOR-US: Premiumdatingscript
CVE-2021-41694 (An Incorrect Access Control vulnerability exists in
Premiumdatingscrip ...)
- TODO: check
+ NOT-FOR-US: Premiumdatingscript
CVE-2021-41693
RESERVED
CVE-2021-41692
@@ -13613,7 +13613,7 @@ CVE-2021-40580
CVE-2021-40579
RESERVED
CVE-2021-40578 (Authenticated Blind & Error-based SQL injection
vulnerability was ...)
- TODO: check
+ NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free
Source Code
CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in
Sourcecode ...)
NOT-FOR-US: Sourcecodester
CVE-2021-40576
@@ -23091,9 +23091,9 @@ CVE-2021-36722
CVE-2021-36721
RESERVED
CVE-2021-36720 (PineApp - Mail Secure - Attacker sending a request to
:/blocking.php?u ...)
- TODO: check
+ NOT-FOR-US: PineApp - Mail Secure
CVE-2021-36719 (PineApp - Mail Secure - The attacker must be logged in as a
user to th ...)
- TODO: check
+ NOT-FOR-US: PineApp - Mail Secure
CVE-2021-36718 (SYNEL - eharmonynew / Synel Reports - The attacker can log in
to the s ...)
TODO: check
CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal
vulnerabi ...)
@@ -65561,25 +65561,25 @@ CVE-2021-20148
CVE-2021-20147
RESERVED
CVE-2021-20146 (An unprotected ssh private key exists on the Gryphon devices
which cou ...)
- TODO: check
+ NOT-FOR-US: Gryphon Tower routers
CVE-2021-20145 (Gryphon Tower routers contain an unprotected openvpn
configuration fil ...)
- TODO: check
+ NOT-FOR-US: Gryphon Tower routers
CVE-2021-20144 (An unauthenticated command injection vulnerability exists in
the param ...)
- TODO: check
+ NOT-FOR-US: Gryphon Tower routers
CVE-2021-20143 (An unauthenticated command injection vulnerability exists in
the param ...)
- TODO: check
+ NOT-FOR-US: Gryphon Tower routers
CVE-2021-20142 (An unauthenticated command injection vulnerability exists in
the param ...)
- TODO: check
+ NOT-FOR-US: Gryphon Tower routers
CVE-2021-20141 (An unauthenticated command injection vulnerability exists in
the param ...)
- TODO: check
+ NOT-FOR-US: Gryphon Tower routers
CVE-2021-20140 (An unauthenticated command injection vulnerability exists in
the param ...)
- TODO: check
+ NOT-FOR-US: Gryphon Tower routers
CVE-2021-20139 (An unauthenticated command injection vulnerability exists in
the param ...)
- TODO: check
+ NOT-FOR-US: Gryphon Tower routers
CVE-2021-20138 (An unauthenticated command injection vulnerability exists in
multiple ...)
- TODO: check
+ NOT-FOR-US: Gryphon Tower routers
CVE-2021-20137 (A reflected cross-site scripting vulnerability exists in the
url param ...)
- TODO: check
+ NOT-FOR-US: Gryphon Tower routers
CVE-2021-20136 (ManageEngine Log360 Builds < 5235 are affected by an
improper acces ...)
NOT-FOR-US: ManageEngine
CVE-2021-20135 (Nessus versions 8.15.2 and earlier were found to contain a
local privi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14ccc8bef21b1781b6ebc05a957c3c249b008739
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14ccc8bef21b1781b6ebc05a957c3c249b008739
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
