Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
739bfb0d by Salvatore Bonaccorso at 2021-12-17T11:00:01+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -79,7 +79,7 @@ CVE-2021-45094
CVE-2021-45093
RESERVED
CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html
reachab ...)
- TODO: check
+ NOT-FOR-US: Thinfinity VirtualUI
CVE-2021-45091
RESERVED
CVE-2021-45090
@@ -126,11 +126,11 @@ CVE-2021-4124 (janus-gateway is vulnerable to Improper
Neutralization of Input D
NOTE:
https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d
NOTE: Issues only in janus-demos built from src:janus
CVE-2021-4123 (livehelperchat is vulnerable to Cross-Site Request Forgery
(CSRF) ...)
- TODO: check
+ NOT-FOR-US: livehelperchat
CVE-2021-4122
RESERVED
CVE-2021-4121 (yetiforcecrm is vulnerable to Improper Neutralization of Input
During ...)
- TODO: check
+ NOT-FOR-US: yetiforcecrm
CVE-2021-23151
RESERVED
CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel
through 5. ...)
@@ -505,9 +505,9 @@ CVE-2021-45020
CVE-2021-45019
RESERVED
CVE-2021-45018 (Cross Site Scripting (XSS) vulnerability exists in Catfish
<=6.3.0 ...)
- TODO: check
+ NOT-FOR-US: CatFish (not same as src:catfish)
CVE-2021-45017 (Cross Site Request Forgery (CSRF) vulnerability exits in
Catfish <= ...)
- TODO: check
+ NOT-FOR-US: CatFish (not same as src:catfish)
CVE-2021-45016
RESERVED
CVE-2021-45015 (taocms 3.0.2 is vulnerable to arbitrary file deletion via
taocms\inclu ...)
@@ -2314,7 +2314,7 @@ CVE-2021-44352 (A Stack-based Buffer Overflow
vulnerability exists in the Tenda
CVE-2021-44351
RESERVED
CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x
<=5.1.22 via ...)
- TODO: check
+ NOT-FOR-US: ThinkPHP5
CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the
id parame ...)
NOT-FOR-US: TuziCMS
CVE-2021-44348 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the
id parame ...)
@@ -3900,13 +3900,13 @@ CVE-2021-43838
CVE-2021-43837
RESERVED
CVE-2021-43836 (Sulu is an open-source PHP content management system based on
the Symf ...)
- TODO: check
+ NOT-FOR-US: Sulu
CVE-2021-43835 (Sulu is an open-source PHP content management system based on
the Symf ...)
- TODO: check
+ NOT-FOR-US: Sulu
CVE-2021-43834 (eLabFTW is an electronic lab notebook manager for research
teams. In v ...)
- TODO: check
+ NOT-FOR-US: eLabFTW
CVE-2021-43833 (eLabFTW is an electronic lab notebook manager for research
teams. In v ...)
- TODO: check
+ NOT-FOR-US: eLabFTW
CVE-2021-43832
RESERVED
CVE-2021-43831 (Gradio is an open source framework for building interactive
machine le ...)
@@ -3965,7 +3965,7 @@ CVE-2021-43808 (Laravel is a web application framework.
Laravel prior to version
CVE-2021-43807 (Opencast is an Open Source Lecture Capture & Video
Management for ...)
TODO: check
CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end
traceability of ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on
Rails. Vers ...)
NOT-FOR-US: Solidus
CVE-2021-43804
@@ -4024,7 +4024,7 @@ CVE-2021-43784 (runc is a CLI tool for spawning and
running containers on Linux
CVE-2021-43783 (@backstage/plugin-scaffolder-backend is the backend for the
default Ba ...)
NOT-FOR-US: @backstage/plugin-scaffolder-backend
CVE-2021-43782 (Tuleap is a Libre and Open Source tool for end to end
traceability of ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2021-43781 (Invenio-Drafts-Resources is a submission/deposit module for
Invenio, a ...)
NOT-FOR-US: Invenio-Drafts-Resources
CVE-2021-43780 (Redash is a package for data visualization and sharing. In
versions 10 ...)
@@ -4934,9 +4934,9 @@ CVE-2022-21136
CVE-2022-21131
RESERVED
CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the
EPPUpdateSer ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software
suffers f ...)
NOT-FOR-US: iPack SCADA Automation
CVE-2021-43745
@@ -13135,7 +13135,7 @@ CVE-2021-41278 (Functions SDK for EdgeX is meant to
provide all the plumbing nec
CVE-2021-41277 (Metabase is an open source data analytics platform. In
affected versio ...)
NOT-FOR-US: Metabase
CVE-2021-41276 (Tuleap is a Libre and Open Source tool for end to end
traceability of ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2021-41275 (spree_auth_devise is an open source library which provides
authenticat ...)
NOT-FOR-US: spree_auth_devise
CVE-2021-41274 (solidus_auth_devise provides authentication services for the
Solidus w ...)
@@ -13143,7 +13143,7 @@ CVE-2021-41274 (solidus_auth_devise provides
authentication services for the Sol
CVE-2021-41273 (Pterodactyl is an open-source game server management panel
built with ...)
NOT-FOR-US: Pterodactyl
CVE-2021-41272 (Besu is an Ethereum client written in Java. Starting in
version 21.10. ...)
- TODO: check
+ NOT-FOR-US: Hyperledger Besu
CVE-2021-41271 (Discourse is a platform for community discussion. In affected
versions ...)
NOT-FOR-US: Discourse
CVE-2021-41270 (Symfony/Serializer handles serializing and deserializing data
structur ...)
@@ -14205,7 +14205,7 @@ CVE-2021-40837
CVE-2021-40836
RESERVED
CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in
Safe Brows ...)
- TODO: check
+ NOT-FOR-US: Safe Browser for iOS
CVE-2021-40834 (A user interface overlay vulnerability was discovered in
F-secure SAFE ...)
NOT-FOR-US: F-secure
CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was
discovered whe ...)
@@ -15803,9 +15803,9 @@ CVE-2021-40173 (Zoho ManageEngine Cloud Security Plus
before Build 4117 allows a
CVE-2021-40172 (Zoho ManageEngine Log360 before Build 5219 allows a CSRF
attack on pro ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-40171 (The absence of notifications regarding an ongoing RF jamming
attack in ...)
- TODO: check
+ NOT-FOR-US: SecuritasHome home alarm system
CVE-2021-40170 (An RF replay attack vulnerability in the SecuritasHome home
alarm syst ...)
- TODO: check
+ NOT-FOR-US: SecuritasHome home alarm system
CVE-2021-40169
RESERVED
CVE-2021-40168
@@ -27155,7 +27155,7 @@ CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5
could allow an authentic
CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza
Streaming E ...)
NOT-FOR-US: Wowza Streaming Engine
CVE-2021-35490 (Thruk 2.40-2 allows stored XSS. ...)
- TODO: check
+ NOT-FOR-US: Thruk
CVE-2021-35489 (Thruk 2.40-2 allows
/thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTN ...)
NOT-FOR-US: Thruk
CVE-2021-35488 (Thruk 2.40-2 allows
/thruk/#cgi-bin/status.cgi?style=combined&titl ...)
@@ -43280,7 +43280,7 @@ CVE-2021-29115 (An information disclosure vulnerability
in the ArcGIS Service Di
CVE-2021-29114 (A SQL injection vulnerability in feature services provided by
Esri Arc ...)
NOT-FOR-US: Esri ArcGIS
CVE-2021-29113 (A remote file inclusion vulnerability in the ArcGIS Server
help docume ...)
- TODO: check
+ NOT-FOR-US: ArcGIS Server
CVE-2021-29112
RESERVED
CVE-2021-29111
@@ -46452,15 +46452,15 @@ CVE-2021-27861
CVE-2021-27860 (A vulnerability in the web management interface of FatPipe
WARP, IPVPN ...)
NOT-FOR-US: FatPipe
CVE-2021-27859 (A missing authorization vulnerability in the web management
interface ...)
- TODO: check
+ NOT-FOR-US: FatPipe
CVE-2021-27858 (A missing authorization vulnerability in the web management
interface ...)
- TODO: check
+ NOT-FOR-US: FatPipe
CVE-2021-27857 (A missing authorization vulnerability in the web management
interface ...)
- TODO: check
+ NOT-FOR-US: FatPipe
CVE-2021-27856 (FatPipe WARP, IPVPN, and MPVPN software prior to versions
10.1.2r60p91 ...)
- TODO: check
+ NOT-FOR-US: FatPipe
CVE-2021-27855 (FatPipe WARP, IPVPN, and MPVPN software prior to versions
10.1.2r60p91 ...)
- TODO: check
+ NOT-FOR-US: FatPipe
CVE-2021-27854
RESERVED
CVE-2021-27853
@@ -97820,9 +97820,9 @@ CVE-2020-18987
CVE-2020-18986
RESERVED
CVE-2020-18985 (An issue in /domain/service/.ewell-known/caldav of Zimbra
Collaboratio ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2020-18984 (A reflected cross-site scripting (XSS) vulnerability in the
zimbraAdmi ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2020-18983
RESERVED
CVE-2020-18982 (Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via
CommentAutho ...)
@@ -114915,7 +114915,7 @@ CVE-2020-12142 (1. IPSec UDP key material can be
retrieved from machine-to-machi
CVE-2020-12141 (An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and
earlier ...)
NOT-FOR-US: SNMP stack in Contiki-NG
CVE-2020-12140 (A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE
stack in Co ...)
- TODO: check
+ NOT-FOR-US: Contiki-NG
CVE-2020-12139
RESERVED
CVE-2020-12138 (AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to
interact ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/739bfb0d3f588d8e07084dc4e7497529758f637b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/739bfb0d3f588d8e07084dc4e7497529758f637b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
