Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
545ef007 by Salvatore Bonaccorso at 2021-12-22T21:26:57+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87,
15.0.19.88, 1 ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2021-45460
RESERVED
CVE-2021-4157
@@ -539,9 +539,9 @@ CVE-2021-45421
CVE-2021-45420
RESERVED
CVE-2021-45419 (Certain Starcharge products are affected by Improper Input
Validation. ...)
- TODO: check
+ NOT-FOR-US: Nova 360 Cabinet
CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory
Traversal via ...)
- TODO: check
+ NOT-FOR-US: Nova 360 Cabinet
CVE-2021-45417
RESERVED
CVE-2021-45416
@@ -1660,9 +1660,9 @@ CVE-2021-45044
CVE-2021-44768
RESERVED
CVE-2021-44544 (DIAEnergie Version 1.7.5 and prior is vulnerable to multiple
cross-sit ...)
- TODO: check
+ NOT-FOR-US: DIAEnergie
CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored
cross-site ...)
- TODO: check
+ NOT-FOR-US: DIAEnergie
CVE-2021-4119 (bookstack is vulnerable to Improper Access Control ...)
NOT-FOR-US: bookstack
CVE-2021-4118
@@ -1683,9 +1683,9 @@ CVE-2021-4112
CVE-2021-4111 (yetiforcecrm is vulnerable to Business Logic Errors ...)
NOT-FOR-US: yetiforcecrm
CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored
cross-site ...)
- TODO: check
+ NOT-FOR-US: DIAEnergie
CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a
reflected cross- ...)
- TODO: check
+ NOT-FOR-US: DIAEnergie
CVE-2022-21933
RESERVED
CVE-2022-21932
@@ -2975,7 +2975,7 @@ CVE-2021-44661
CVE-2021-44660
RESERVED
CVE-2021-44659 (Adding a new pipeline in GoCD server version 21.3.0 has a
functionalit ...)
- TODO: check
+ NOT-FOR-US: GoCD server
CVE-2021-44658
RESERVED
CVE-2021-44657 (In StackStorm versions prior to 3.6.0, the jinja interpreter
was not r ...)
@@ -4757,13 +4757,13 @@ CVE-2021-44033 (In Ionic Identity Vault before 5.0.5,
the protection mechanism f
CVE-2021-44032
RESERVED
CVE-2021-44031 (An issue was discovered in Quest KACE Desktop Authority before
11.2. / ...)
- TODO: check
+ NOT-FOR-US: Quest KACE Desktop Authority
CVE-2021-44030 (Quest KACE Desktop Authority before 11.2 allows XSS because it
does no ...)
- TODO: check
+ NOT-FOR-US: Quest KACE Desktop Authority
CVE-2021-44029 (An issue was discovered in Quest KACE Desktop Authority before
11.2. T ...)
- TODO: check
+ NOT-FOR-US: Quest KACE Desktop Authority
CVE-2021-44028 (XXE can occur in Quest KACE Desktop Authority before 11.2
because the ...)
- TODO: check
+ NOT-FOR-US: Quest KACE Desktop Authority
CVE-2021-44027
RESERVED
CVE-2021-44024
@@ -5370,7 +5370,7 @@ CVE-2021-43853
CVE-2021-43852
RESERVED
CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking
applicat ...)
- TODO: check
+ NOT-FOR-US: Anuko Time Tracker
CVE-2021-43850
RESERVED
CVE-2021-43849
@@ -5384,7 +5384,7 @@ CVE-2021-43846 (`solidus_frontend` is the cart and
storefront for the Solidus e-
CVE-2021-43845
RESERVED
CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets,
weather, a ...)
- TODO: check
+ NOT-FOR-US: MSEdgeRedirect
CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack
block kit s ...)
TODO: check
CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions
2.5.257 and e ...)
@@ -6671,13 +6671,13 @@ CVE-2021-43633
CVE-2021-43632
RESERVED
CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to
SQL inj ...)
- TODO: check
+ NOT-FOR-US: Projectworlds Hospital Management System
CVE-2021-43630 (Projectworlds Hospital Management System v1.0 is vulnerable to
SQL inj ...)
- TODO: check
+ NOT-FOR-US: Projectworlds Hospital Management System
CVE-2021-43629 (Projectworlds Hospital Management System v1.0 is vulnerable to
SQL inj ...)
- TODO: check
+ NOT-FOR-US: Projectworlds Hospital Management System
CVE-2021-43628 (Projectworlds Hospital Management System v1.0 is vulnerable to
SQL inj ...)
- TODO: check
+ NOT-FOR-US: Projectworlds Hospital Management System
CVE-2021-43627
RESERVED
CVE-2021-43626
@@ -8955,13 +8955,13 @@ CVE-2021-43160
CVE-2021-43159
RESERVED
CVE-2021-43158 (In ProjectWorlds Online Shopping System PHP 1.0, a CSRF
vulnerability ...)
- TODO: check
+ NOT-FOR-US: ProjectWorlds Online Shopping System PHP
CVE-2021-43157 (Projectsworlds Online Shopping System PHP 1.0 is vulnerable to
SQL inj ...)
- TODO: check
+ NOT-FOR-US: ProjectWorlds Online Shopping System PHP
CVE-2021-43156 (In ProjectWorlds Online Book Store PHP 1.0 a CSRF
vulnerability in adm ...)
- TODO: check
+ NOT-FOR-US: ProjectWorlds Online Book Store PHP
CVE-2021-43155 (Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: ProjectWorlds Online Book Store PHP
CVE-2021-43154
RESERVED
CVE-2021-43153
@@ -9779,7 +9779,7 @@ CVE-2021-42811
CVE-2021-42810
RESERVED
CVE-2021-42809 (Improper Access Control of Dynamically-Managed Code Resources
(DLL) in ...)
- TODO: check
+ NOT-FOR-US: ThalesThales Sentinel Protection Installer
CVE-2021-42808 (Improper Access Control in Thales Sentinel Protection
Installer could ...)
NOT-FOR-US: Thales Sentinel Protection Installer
CVE-2021-42807
@@ -15740,7 +15740,7 @@ CVE-2021-40838
CVE-2021-40837
RESERVED
CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was
discovered whe ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in
Safe Brows ...)
NOT-FOR-US: Safe Browser for iOS
CVE-2021-40834 (A user interface overlay vulnerability was discovered in
F-secure SAFE ...)
@@ -16270,7 +16270,7 @@ CVE-2021-40614
CVE-2021-40613
RESERVED
CVE-2021-40612 (An issue was discovered in Opmantek Open-AudIT after 3.5.0.
Without au ...)
- TODO: check
+ NOT-FOR-US: Opmantek Open-AudIT
CVE-2021-40611
RESERVED
CVE-2021-40610
@@ -22030,7 +22030,7 @@ CVE-2021-38246
CVE-2021-38245
RESERVED
CVE-2021-38244 (A regular expression denial of service (ReDoS) vulnerability
exits in ...)
- TODO: check
+ NOT-FOR-US: cbioportal
CVE-2021-38243
RESERVED
CVE-2021-38242
@@ -25340,9 +25340,9 @@ CVE-2021-36888 (Unauthenticated Arbitrary Options
Update vulnerability leading t
CVE-2021-36887 (Cross-Site Request Forgery (CSRF) vulnerability leading to
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36886 (Cross-Site Request Forgery (CSRF) vulnerability discovered in
Contact ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36885 (Unauthenticated Stored Cross-Site Scripting (XSS)
vulnerability discov ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36884 (Authenticated Persistent Cross-Site Scripting (XSS)
vulnerability disc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36883
@@ -25717,7 +25717,7 @@ CVE-2021-36752
CVE-2021-36751
RESERVED
CVE-2021-36750 (ENC DataVault 7.1.1W and VaultAPI v67, which is currently
being used i ...)
- TODO: check
+ NOT-FOR-US: ENC
CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for
reading dat ...)
- druid <itp> (bug #825797)
NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1
@@ -62072,9 +62072,9 @@ CVE-2021-21955 (An authentication bypass vulnerability
exists in the get_aes_key
CVE-2021-21954 (A command execution vulnerability exists in the
wifi_country_code_upda ...)
NOT-FOR-US: Anker Eufy Homebase
CVE-2021-21953 (An authentication bypass vulnerability exists in the
process_msg() fun ...)
- TODO: check
+ NOT-FOR-US: Anker Eufy Homebase 2
CVE-2021-21952 (An authentication bypass vulnerability exists in the
CMD_DEVICE_GET_RS ...)
- TODO: check
+ NOT-FOR-US: Anker Eufy Homebase 2
CVE-2021-21951 (An out-of-bounds write vulnerability exists in the
CMD_DEVICE_GET_SERV ...)
NOT-FOR-US: Anker Eufy Homebase
CVE-2021-21950 (An out-of-bounds write vulnerability exists in the
CMD_DEVICE_GET_SERV ...)
@@ -62154,11 +62154,11 @@ CVE-2021-21914
CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi
Smart Mesh ...)
NOT-FOR-US: D-LINK
CVE-2021-21912 (A privilege escalation vulnerability exists in the Windows
version of ...)
- TODO: check
+ NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
CVE-2021-21911 (A privilege escalation vulnerability exists in the Windows
version of ...)
- TODO: check
+ NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
CVE-2021-21910 (A privilege escalation vulnerability exists in the Windows
version of ...)
- TODO: check
+ NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
CVE-2021-21909 (Specially-crafted command line arguments can lead to arbitrary
file de ...)
TODO: check
CVE-2021-21908 (Specially-crafted command line arguments can lead to arbitrary
file de ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/545ef00786580cc1cba425e84e4ef8cd73fc7568
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/545ef00786580cc1cba425e84e4ef8cd73fc7568
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
