Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1d276f87 by Salvatore Bonaccorso at 2021-12-28T21:19:42+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2021-45905 (OpenWrt 21.02.1 allows XSS via the Traffic
Rules Name screen. ..
CVE-2021-45904 (OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name
screen. ...)
NOT-FOR-US: OpenWrt
CVE-2021-45903 (A persistent cross-site scripting (XSS) issue in the web
interface of ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2021-45902
RESERVED
CVE-2021-45901
@@ -217,11 +217,11 @@ CVE-2021-45816
CVE-2021-45815
RESERVED
CVE-2021-45814 (Nettmp NNT 5.1 is affected by a SQL injection vulnerability.
An attack ...)
- TODO: check
+ NOT-FOR-US: Nettmp NNT
CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting
(XSS) vu ...)
- TODO: check
+ NOT-FOR-US: SLICAN WebCTI
CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a
Cross Site ...)
- TODO: check
+ NOT-FOR-US: NUUO Network Video Recorder NVRsolo
CVE-2021-45811
RESERVED
CVE-2021-45810
@@ -383,7 +383,7 @@ CVE-2021-45733
CVE-2021-4180
RESERVED
CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of
Input Durin ...)
- TODO: check
+ NOT-FOR-US: livehelperchat
CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for
Rust. The it ...)
TODO: check
CVE-2021-45719 (An issue was discovered in the rusqlite crate 0.25.x before
0.25.4 and ...)
@@ -483,7 +483,7 @@ CVE-2021-44460
CVE-2021-4178
RESERVED
CVE-2021-4177 (livehelperchat is vulnerable to Generation of Error Message
Containing ...)
- TODO: check
+ NOT-FOR-US: livehelperchat
CVE-2021-4176
RESERVED
CVE-2021-4175
@@ -999,7 +999,7 @@ CVE-2021-45471 (In MediaWiki through 1.37, blocked IP
addresses are allowed to e
CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular
express ...)
NOT-FOR-US: cve-search
CVE-2021-4161 (The affected products contain vulnerable firmware, which could
allow a ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel
through 5.15 ...)
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
@@ -1586,7 +1586,7 @@ CVE-2021-45427
CVE-2021-45426
RESERVED
CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage
versions 8.3 an ...)
- TODO: check
+ NOT-FOR-US: SAFARI Montage
CVE-2021-45424
RESERVED
CVE-2021-45423
@@ -8009,23 +8009,23 @@ CVE-2021-3941
CVE-2021-3940
RESERVED
CVE-2021-43556 (FATEK WinProladder Versions 3.30_24518 and prior are
vulnerable to a s ...)
- TODO: check
+ NOT-FOR-US: FATEK WinProladder
CVE-2021-43555 (mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly
validat ...)
NOT-FOR-US: mySCADA myDESIGNER
CVE-2021-43554 (FATEK WinProladder Versions 3.30_24518 and prior are
vulnerable to an ...)
- TODO: check
+ NOT-FOR-US: FATEK WinProladder
CVE-2021-43553 (PI Vision could disclose information to a user with
insufficient privi ...)
NOT-FOR-US: OSIsoft
CVE-2021-43552 (The use of a hard-coded cryptographic key significantly
increases the ...)
- TODO: check
+ NOT-FOR-US: Philips
CVE-2021-43551 (A remote attacker with write access to PI Vision could inject
code int ...)
NOT-FOR-US: OSIsoft
CVE-2021-43550 (The use of a broken or risky cryptographic algorithm is an
unnecessary ...)
- TODO: check
+ NOT-FOR-US: Philips
CVE-2021-43549 (A remote authenticated attacker with write access to a PI
Server could ...)
NOT-FOR-US: OSIsoft
CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03
receives ...)
- TODO: check
+ NOT-FOR-US: Philips
CVE-2021-43547
RESERVED
CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks
against u ...)
@@ -11397,7 +11397,7 @@ CVE-2021-42585
CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in
Convos-Chat before ...)
NOT-FOR-US: Convos-Chat
CVE-2021-42583 (A Broken or Risky Cryptographic Algorithm exists in Max
Mazurov Maddy ...)
- TODO: check
+ NOT-FOR-US: Max Mazurov Maddy
CVE-2021-42582
RESERVED
CVE-2021-42581
@@ -17442,7 +17442,7 @@ CVE-2021-40581
CVE-2021-40580
RESERVED
CVE-2021-40579 (https://www.sourcecodester.com/ Online Enrollment Management
System in ...)
- TODO: check
+ NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free
Source Code
CVE-2021-40578 (Authenticated Blind & Error-based SQL injection
vulnerability was ...)
NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free
Source Code
CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in
Sourcecode ...)
@@ -30900,9 +30900,9 @@ CVE-2021-35034
CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818,
NBG7815, WSQ20, ...)
NOT-FOR-US: Zyxel
CVE-2021-35032 (A vulnerability in the 'libsal.so' of the Zyxel GS1900 series
firmware ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2021-35031 (A vulnerability in the TFTP client of Zyxel GS1900 series
firmware, XG ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2021-35030 (A vulnerability was found in the CGI program in Zyxel GS1900-8
firmwar ...)
NOT-FOR-US: Zyxel
CVE-2021-35029 (An authentication bypasss vulnerability in the web-based
management in ...)
@@ -35702,7 +35702,7 @@ CVE-2021-33019 (A stack-based buffer overflow
vulnerability in Delta Electronics
CVE-2021-33018
RESERVED
CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub
(C.00.0 ...)
- TODO: check
+ NOT-FOR-US: Philips
CVE-2021-33016
RESERVED
CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper
validation of use ...)
@@ -35750,7 +35750,7 @@ CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5)
lacks proper validation
CVE-2021-32994
RESERVED
CVE-2021-32993 (IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains
hard-coded ...)
- TODO: check
+ NOT-FOR-US: Philips
CVE-2021-32992 (FATEK Automation WinProladder Versions 3.30 and prior do not
properly ...)
NOT-FOR-US: FATEK Automation WinProladder
CVE-2021-32991 (Delta Electronics DIAEnergie Version 1.7.5 and prior is
vulnerable to ...)
@@ -60315,7 +60315,7 @@ CVE-2021-3097
CVE-2021-3096
RESERVED
CVE-2021-3095 (A remote attacker with write access to PI Vision could inject
code int ...)
- TODO: check
+ NOT-FOR-US: OSIsoft
CVE-2021-3094
RESERVED
CVE-2021-3093
@@ -60325,7 +60325,7 @@ CVE-2021-3092
CVE-2021-3091
RESERVED
CVE-2021-3090 (PI Vision could disclose information to a user with
insufficient privi ...)
- TODO: check
+ NOT-FOR-US: OSIsoft
CVE-2021-3089
RESERVED
CVE-2021-3088
@@ -95911,9 +95911,9 @@ CVE-2020-21239
CVE-2020-21238 (An issue in the user login box of CSCMS v4.0 allows attackers
to hijac ...)
TODO: check
CVE-2020-21237 (An issue in the user login box of LJCMS v1.11 allows attackers
to hija ...)
- TODO: check
+ NOT-FOR-US: LJCMS
CVE-2020-21236 (A vulnerability in /damicms-master/admin.php?s=/Article/doedit
of Dami ...)
- TODO: check
+ NOT-FOR-US: DamiCMS
CVE-2020-21235
RESERVED
CVE-2020-21234
@@ -96507,17 +96507,17 @@ CVE-2020-20950 (Bleichenbacher's attack on PKCS #1
v1.5 padding for RSA in Micro
CVE-2020-20949 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in
STM32 crypt ...)
NOT-FOR-US: STM32 cryptographic firmware library
CVE-2020-20948 (An arbitrary file download vulnerability in jeecg v3.8 allows
attacker ...)
- TODO: check
+ NOT-FOR-US: jeecg
CVE-2020-20947
RESERVED
CVE-2020-20946 (Qibosoft v7 contains a stored cross-site scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Qibosoft
CVE-2020-20945 (A Cross-Site Request Forgery (CSRF) in
/admin/index.php?lfj=member& ...)
- TODO: check
+ NOT-FOR-US: Qibosoft
CVE-2020-20944 (An issue in /admin/index.php?lfj=mysql&action=del of
Qibosoft v7 a ...)
- TODO: check
+ NOT-FOR-US: Qibosoft
CVE-2020-20943 (A Cross-Site Request Forgery (CSRF) in
/member/post.php?job=postnew&am ...)
- TODO: check
+ NOT-FOR-US: Qibosoft
CVE-2020-20942
RESERVED
CVE-2020-20941
@@ -140158,7 +140158,7 @@ CVE-2019-20084
CVE-2019-20083
RESERVED
CVE-2019-20082 (ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow
via a long ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2019-20081
RESERVED
CVE-2019-20080
@@ -212139,7 +212139,7 @@ CVE-2018-17877 (A lottery smart contract
implementation for Greedy 599, an Ether
CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0
version o ...)
NOT-FOR-US: Coaster CMS
CVE-2018-17875 (A remote code execution issue in the ping command on Poly Trio
8800 5. ...)
- TODO: check
+ NOT-FOR-US: Poly Trio 8800 devices
CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
NOT-FOR-US: ExpressionEngine
CVE-2018-17873 (An incorrect access control vulnerability in the FTP
configuration of ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d276f87ce2ff1ba27626aa3734fcf570235cc87
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d276f87ce2ff1ba27626aa3734fcf570235cc87
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
