Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cb6b015a by Salvatore Bonaccorso at 2021-12-15T21:32:28+01:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11888,7 +11888,7 @@ CVE-2021-3833 (Integria IMS login check uses a loose
comparator ("==") to compar
CVE-2021-3832 (Integria IMS in its 5.0.92 version is vulnerable to a Remote
Code Exec ...)
NOT-FOR-US: Integria IMS
CVE-2021-3831 (gnuboard5 is vulnerable to Improper Neutralization of Input
During Web ...)
- TODO: check
+ NOT-FOR-US: gnuboard5
CVE-2021-41765 (A SQL injection issue in
pages/edit_fields/9_ajax/add_keyword.php of R ...)
NOT-FOR-US: ResourceSpace
CVE-2021-41764 (A cross-site request forgery (CSRF) vulnerability exists in
Streama up ...)
@@ -12341,7 +12341,7 @@ CVE-2021-3823 (Improper Limitation of a Pathname to a
Restricted Directory ('Pat
CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression
Complexity ...)
NOT-FOR-US: jsoneditor
CVE-2021-41560 (OpenCATS through 0.9.6 allows remote attackers to execute
arbitrary co ...)
- TODO: check
+ NOT-FOR-US: OpenCATS
CVE-2021-41559
RESERVED
CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL
allows Proce ...)
@@ -12764,7 +12764,7 @@ CVE-2021-41367 (NTFS Elevation of Privilege
Vulnerability This CVE ID is unique
CVE-2021-41366 (Credential Security Support Provider Protocol (CredSSP)
Elevation of P ...)
NOT-FOR-US: Microsoft
CVE-2021-41365 (Microsoft Defender for IoT Remote Code Execution Vulnerability
This CV ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-41364
RESERVED
CVE-2021-41363 (Intune Management Extension Security Feature Bypass
Vulnerability ...)
@@ -12774,7 +12774,7 @@ CVE-2021-41362
CVE-2021-41361 (Active Directory Federation Server Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-41360 (HEVC Video Extensions Remote Code Execution Vulnerability This
CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-41359
RESERVED
CVE-2021-41358
@@ -12828,7 +12828,7 @@ CVE-2021-41335 (Windows Kernel Elevation of Privilege
Vulnerability ...)
CVE-2021-41334 (Windows Desktop Bridge Elevation of Privilege Vulnerability
...)
NOT-FOR-US: Microsoft
CVE-2021-41333 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-41332 (Windows Print Spooler Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-41331 (Windows Media Audio Decoder Remote Code Execution
Vulnerability ...)
@@ -14072,9 +14072,9 @@ CVE-2021-40829 (Connections initialized by the AWS IoT
Device SDK v2 for Java (v
CVE-2021-40828 (Connections initialized by the AWS IoT Device SDK v2 for Java
(version ...)
NOT-FOR-US: AWS IoT Device SDK
CVE-2021-40827 (Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL
is used) ...)
- TODO: check
+ NOT-FOR-US: Clementine Music Player
CVE-2021-40826 (Clementine Music Player through 1.3.1 is vulnerable to a User
Mode Wri ...)
- TODO: check
+ NOT-FOR-US: Clementine Music Player
CVE-2021-40825 (nLight ECLYPSE (nECY) system Controllers running software
prior to 1.1 ...)
NOT-FOR-US: nLight ECLYPSE (nECY) system Controllers
CVE-2021-40824 (A logic error in the room key sharing functionality of Element
Android ...)
@@ -14970,9 +14970,9 @@ CVE-2021-40455 (Windows Installer Spoofing
Vulnerability ...)
CVE-2021-40454 (Rich Text Edit Control Information Disclosure Vulnerability
...)
NOT-FOR-US: Microsoft
CVE-2021-40453 (HEVC Video Extensions Remote Code Execution Vulnerability This
CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-40452 (HEVC Video Extensions Remote Code Execution Vulnerability This
CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-40451
RESERVED
CVE-2021-40450 (Win32k Elevation of Privilege Vulnerability This CVE ID is
unique from ...)
@@ -14994,7 +14994,7 @@ CVE-2021-40443 (Windows Common Log File System Driver
Elevation of Privilege Vul
CVE-2021-40442 (Microsoft Excel Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-40441 (Windows Media Center Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-40440 (Microsoft Dynamics Business Central Cross-site Scripting
Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-3764 [DoS in ccp_run_aes_gcm_cmd() function]
@@ -23630,7 +23630,7 @@ CVE-2021-36890
CVE-2021-36889
RESERVED
CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading
to full ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36887
RESERVED
CVE-2021-36886
@@ -24661,7 +24661,7 @@ CVE-2021-36452
CVE-2021-36451
RESERVED
CVE-2021-36450 (Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS
via the co ...)
- TODO: check
+ NOT-FOR-US: Verint
CVE-2021-36449
RESERVED
CVE-2021-36448
@@ -59538,7 +59538,7 @@ CVE-2021-22281
CVE-2021-22280
RESERVED
CVE-2021-22279 (A Missing Authentication vulnerability in RobotWare for the
OmniCore r ...)
- TODO: check
+ NOT-FOR-US: ABB / OmniCore robot controller
CVE-2021-22278 (A certificate validation vulnerability in PCM600 Update
Manager allows ...)
NOT-FOR-US: PCM600 Update Manager
CVE-2021-22277
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb6b015a916f60a1dd836f69b1db0751b690f6df
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb6b015a916f60a1dd836f69b1db0751b690f6df
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
