Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
709d23d3 by Salvatore Bonaccorso at 2022-01-31T22:12:18+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1561,9 +1561,9 @@ CVE-2021-46461
CVE-2021-46460
RESERVED
CVE-2021-46459 (Victor CMS v1.0 was discovered to contain multiple SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: Victor CMS
CVE-2021-46458 (Victor CMS v1.0 was discovered to contain a SQL injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Victor CMS
CVE-2021-46457
RESERVED
CVE-2021-46456
@@ -10027,7 +10027,7 @@ CVE-2021-45115 (An issue was discovered in Django 2.2
before 2.2.26, 3.2 before
CVE-2021-45106
RESERVED
CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an
attacker to ac ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-44462
RESERVED
CVE-2021-4137
@@ -12764,7 +12764,7 @@ CVE-2021-44257
CVE-2021-44256
RESERVED
CVE-2021-44255 (Authenticated remote code execution in MotionEye <= 0.42.1
and Moti ...)
- TODO: check
+ NOT-FOR-US: MotionEye
CVE-2021-44254
RESERVED
CVE-2021-44253
@@ -13320,7 +13320,7 @@ CVE-2021-44116 (Cross Site Scripting (XSS)
vulnerability exits in Anchor CMS <
CVE-2021-44115
RESERVED
CVE-2021-44114 (Cross Site Scripting (XSS) vulnerability exists in
Sourcecodester Stoc ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-44113
RESERVED
CVE-2021-44112
@@ -19218,7 +19218,7 @@ CVE-2021-42637
CVE-2021-42636
RESERVED
CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a
hardcode ...)
- TODO: check
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42634
RESERVED
CVE-2021-42633
@@ -19226,7 +19226,7 @@ CVE-2021-42633
CVE-2021-42632
RESERVED
CVE-2021-42631 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below
deserializes a ...)
- TODO: check
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42630
RESERVED
CVE-2021-42629
@@ -26825,7 +26825,7 @@ CVE-2021-40044
CVE-2021-40043
RESERVED
CVE-2021-40042 (There is a release of invalid pointer vulnerability in some
Huawei pro ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI
WS318n pr ...)
NOT-FOR-US: Huawei
CVE-2021-40040
@@ -26843,7 +26843,7 @@ CVE-2021-40035 (There is a Buffer overflow
vulnerability due to a boundary error
CVE-2021-40034
RESERVED
CVE-2021-40033 (There is an information exposure vulnerability on several
Huawei Produ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40032 (The bone voice ID TA has a vulnerability in information
management,Suc ...)
NOT-FOR-US: Huawei
CVE-2021-40031 (There is a Null pointer dereference vulnerability in the
camera module ...)
@@ -39589,7 +39589,7 @@ CVE-2021-34807 (An open redirect vulnerability exists
in the /preauth Servlet in
CVE-2021-34806
RESERVED
CVE-2021-34805 (An issue was discovered in FAUST iServer before 9.0.019.019.7.
For eac ...)
- TODO: check
+ NOT-FOR-US: FAUST iServer
CVE-2021-34804
RESERVED
CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs
in certai ...)
@@ -47667,7 +47667,7 @@ CVE-2021-31618 (Apache HTTP Server protocol handler for
the HTTP/2 protocol chec
NOTE:
https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4
NOTE:
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759
CVE-2021-31617 (In ASQ in Stormshield Network Security (SNS) 1.0.0 through
2.7.8, 2.8. ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware
wallet f ...)
NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware
CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth
Core Spec ...)
@@ -54691,7 +54691,7 @@ CVE-2021-28964 (A race condition was discovered in
get_old_root in fs/btrfs/ctre
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
CVE-2021-28962 (Stormshield Network Security (SNS) before 4.2.2 allows a
read-only adm ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in
the DDN ...)
NOT-FOR-US: DDNS package for OpenWrt
CVE-2021-28960 (Zoho ManageEngine Desktop Central before build 10.0.683 allows
unauthe ...)
@@ -57979,7 +57979,7 @@ CVE-2021-27656 (A vulnerability in exacqVision Web
Service 20.12.2.0 and prior c
CVE-2021-27655
RESERVED
CVE-2021-27654 (Forgotten password reset functionality for local accounts can
be used ...)
- TODO: check
+ NOT-FOR-US: Pega
CVE-2021-27653 (Misconfiguration of the Pega Chat Access Group portal in Pega
platform ...)
NOT-FOR-US: Pega
CVE-2021-27652
@@ -67204,7 +67204,7 @@ CVE-2021-23865
CVE-2021-23864
RESERVED
CVE-2021-23863 (HTML code injection vulnerability in Android Application,
Bosch Video ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23862 (A crafted configuration packet sent by an authenticated
administrative ...)
NOT-FOR-US: Bosch
CVE-2021-23861 (By executing a special command, an user with administrative
rights can ...)
@@ -69561,47 +69561,47 @@ CVE-2021-22829
CVE-2021-22828
RESERVED
CVE-2021-22827 (A CWE-20: Improper Input Validation vulnerability exists that
could ca ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22826 (A CWE-20: Improper Input Validation vulnerability exists that
could ca ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22825 (A CWE-200: Exposure of Sensitive Information to an
Unauthorized Actor ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22824
RESERVED
CVE-2021-22823
RESERVED
CVE-2021-22822 (A CWE-79 Improper Neutralization of Input During Web Page
Generation ( ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22821 (A CWE-918 Server-Side Request Forgery (SSRF) vulnerability
exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22820 (A CWE-614 Insufficient Session Expiration vulnerability exists
that co ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22819 (A CWE-1021 Improper Restriction of Rendered UI Layers or
Frames vulner ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22818 (A CWE-307 Improper Restriction of Excessive Authentication
Attempts vu ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22817
RESERVED
CVE-2021-22816 (A CWE-754: Improper Check for Unusual or Exceptional
Conditions vulner ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22815 (A CWE-200: Information Exposure vulnerability exists which
could cause ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22814 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22813 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22812 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22811 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22810 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22809 (A CWE-125:Out-of-Bounds Read vulnerability exists that could
cause uni ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22808 (A CWE-416: Use After Free vulnerability exists that could
cause arbitr ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22807 (A CWE-787: Out-of-bounds Write vulnerability exists that could
cause a ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22806
RESERVED
CVE-2021-22805
@@ -69617,7 +69617,7 @@ CVE-2021-22801
CVE-2021-22800
RESERVED
CVE-2021-22799 (A CWE-331: Insufficient Entropy vulnerability exists that
could cause ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22798
RESERVED
CVE-2021-22797
@@ -69765,9 +69765,9 @@ CVE-2021-22727 (A CWE-331: Insufficient Entropy
vulnerability exists in EVlink C
CVE-2021-22726 (A CWE-918: Server-Side Request Forgery (SSRF) vulnerability
exists in ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22725 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability
exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22724 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability
exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2021-22723 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22722 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
@@ -73018,7 +73018,7 @@ CVE-2020-36066 (GJSON <1.6.5 allows attackers to
cause a denial of service (r
CVE-2020-36065
RESERVED
CVE-2020-36064 (Online Course Registration v1.0 was discovered to contain
hardcoded cr ...)
- TODO: check
+ NOT-FOR-US: Online Course Registration
CVE-2020-36063
RESERVED
CVE-2020-36062
@@ -73034,7 +73034,7 @@ CVE-2020-36058
CVE-2020-36057
RESERVED
CVE-2020-36056 (Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version
V01.00.09_ ...)
- TODO: check
+ NOT-FOR-US: Beetel
CVE-2020-36055
RESERVED
CVE-2020-36054
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/709d23d37d4d0cf2d9614bbc9a8781db528f6be7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/709d23d37d4d0cf2d9614bbc9a8781db528f6be7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
