Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
03fd6f6c by Salvatore Bonaccorso at 2022-01-06T21:33:05+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1649,7 +1649,7 @@ CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120
stores sensitive infor
CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege
escalation flaw d ...)
NOT-FOR-US: Bitmask Riseup VPN
CVE-2021-4194 (bookstack is vulnerable to Improper Access Control ...)
- TODO: check
+ NOT-FOR-US: bookstack
CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...)
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
@@ -2277,9 +2277,9 @@ CVE-2021-45747
CVE-2021-45746
RESERVED
CVE-2021-45745 (A Stored Cross Site Scripting (XSS) vulnerability exists in
Bludit 3.1 ...)
- TODO: check
+ NOT-FOR-US: Bludit
CVE-2021-45744 (A Stored Cross Site Scripting (XSS) vulnerability exists in
bludit 3.1 ...)
- TODO: check
+ NOT-FOR-US: Bludit
CVE-2021-45743
RESERVED
CVE-2021-45742
@@ -6179,7 +6179,7 @@ CVE-2021-44586
CVE-2021-44585
RESERVED
CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog
version ...)
- TODO: check
+ NOT-FOR-US: emlog
CVE-2021-44583
RESERVED
CVE-2021-44582
@@ -6833,7 +6833,7 @@ CVE-2021-44353
CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the
Tenda AC15 V ...)
NOT-FOR-US: Tenda
CVE-2021-44351 (An arbitrary file read vulnerability exists in NavigateCMS 2.9
via /na ...)
- TODO: check
+ NOT-FOR-US: NavigateCMS
CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x
<=5.1.22 via ...)
NOT-FOR-US: ThinkPHP5
CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the
id parame ...)
@@ -9641,7 +9641,7 @@ CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL
injection vulnerability in sh
CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting
(XSS) vul ...)
NOT-FOR-US: Wechat-php-sdk
CVE-2021-43677 (Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS)
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Fluxbb
CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation
vulnerabil ...)
NOT-FOR-US: matyhtf framework
CVE-2021-43675 (Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS)
vulnerabi ...)
@@ -16387,7 +16387,7 @@ CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does
not properly validate and
CVE-2021-41843 (An authenticated SQL injection issue in the calendar search
function o ...)
NOT-FOR-US: OpenEMR
CVE-2021-41842 (An issue was discovered in AtaLegacySmm in the kernel 5.0
before 05.08 ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2021-41841
RESERVED
CVE-2021-41840
@@ -17495,7 +17495,7 @@ CVE-2021-41390 (In Ericsson ECM before 18.0, it was
observed that Security Provi
CVE-2021-41389
RESERVED
CVE-2021-41388 (Netskope client prior to 89.x on macOS is impacted by a local
privileg ...)
- TODO: check
+ NOT-FOR-US: Netskope
CVE-2021-41387 (seatd-launch in seatd 0.6.x before 0.6.2 allows privilege
escalation b ...)
- seatd <not-affected> (Vulnerable code introduced later)
NOTE:
https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E
@@ -27958,9 +27958,9 @@ CVE-2021-37135
CVE-2021-37134 (Location-related APIs exists a Race Condition
vulnerability.Successful ...)
TODO: check
CVE-2021-37133 (There is an Unauthorized file access vulnerability in
Smartphones.Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37132 (PackageManagerService has a Permissions, Privileges, and
Access Contro ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37131 (There is a CSV injection vulnerability in ManageOne, iManager
NetEco a ...)
NOT-FOR-US: Huawei
CVE-2021-37130 (There is a path traversal vulnerability in Huawei FusionCube
6.0.2.The ...)
@@ -27968,13 +27968,13 @@ CVE-2021-37130 (There is a path traversal
vulnerability in Huawei FusionCube 6.0
CVE-2021-37129 (There is an out of bounds write vulnerability in some Huawei
products. ...)
NOT-FOR-US: Huawei
CVE-2021-37128 (HwPCAssistant has a Path Traversal vulnerability .Successful
exploitat ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37127 (There is a signature management vulnerability in some huawei
products. ...)
NOT-FOR-US: Huawei
CVE-2021-37126 (Arbitrary file has a Exposure of Sensitive Information to an
Unauthori ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37125 (Arbitrary file has a Exposure of Sensitive Information to an
Unauthori ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37124 (There is a path traversal vulnerability in Huawei PC product.
Because ...)
NOT-FOR-US: Huawei
CVE-2021-37123 (There is an improper authentication vulnerability in
Hero-CT060 before ...)
@@ -27982,29 +27982,29 @@ CVE-2021-37123 (There is an improper authentication
vulnerability in Hero-CT060
CVE-2021-37122 (There is a use-after-free (UAF) vulnerability in Huawei
products. An a ...)
NOT-FOR-US: Huawei
CVE-2021-37121 (There is a Configuration defects in Smartphone.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37120 (There is a Double free vulnerability in Smartphone.Successful
exploita ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37119 (There is a Service logic vulnerability in
Smartphone.Successful exploi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37118 (The HwNearbyMain module has a Improper Handling of Exceptional
Conditi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37117 (There is a Service logic vulnerability in
Smartphone.Successful exploi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37116 (PCManager has a Weaknesses Introduced During Design
vulnerability .Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37115
RESERVED
CVE-2021-37114 (There is an Out-of-bounds read vulnerability in
Smartphone.Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37113 (There is a Privilege escalation vulnerability with the file
system com ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37112 (Hisuite module has a External Control of System or
Configuration Setti ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37111 (There is a Memory leakage vulnerability in
Smartphone.Successful explo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37110 (There is a Timing design defects in Smartphone.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37109
RESERVED
CVE-2021-37108
@@ -28028,7 +28028,7 @@ CVE-2021-37100 (There is a Improper Authentication
vulnerability in Huawei Smart
CVE-2021-37099 (There is a Path Traversal vulnerability in Huawei
Smartphone.Successfu ...)
NOT-FOR-US: Huawei
CVE-2021-37098 (Hilinksvc service exists a Data Processing Errors
vulnerability .Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37097 (There is a Code Injection vulnerability in Huawei
Smartphone.Successfu ...)
NOT-FOR-US: Huawei
CVE-2021-37096 (There is a Improper Input Validation vulnerability in Huawei
Smartphon ...)
@@ -40846,7 +40846,7 @@ CVE-2021-31835 (Cross-Site Scripting vulnerability in
McAfee ePolicy Orchestrato
CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy
Orchestrat ...)
NOT-FOR-US: McAfee
CVE-2021-31833 (Potential product security bypass vulnerability in McAfee
Application ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator
extension fo ...)
NOT-FOR-US: McAfee
CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee
Database S ...)
@@ -41550,7 +41550,7 @@ CVE-2021-31591
CVE-2021-31590 (PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect
JSON Webtok ...)
NOT-FOR-US: PwnDoc
CVE-2021-31589 (BeyondTrust Secure Remote Access Base Software through 6.0.1
allows an ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust
CVE-2021-31588
RESERVED
CVE-2021-31587
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03fd6f6c83e0a6212c103ea6648601254ddf1275
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03fd6f6c83e0a6212c103ea6648601254ddf1275
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
