Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e7335e1c by Salvatore Bonaccorso at 2022-01-15T10:22:58+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5222,7 +5222,7 @@ CVE-2022-21196
CVE-2022-21155
RESERVED
CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a
stack-based b ...)
- TODO: check
+ NOT-FOR-US: Omron CX-One
CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for
Node.js ...)
NOT-FOR-US: Node windows
CVE-2021-4154 [cgroup: verify that source is a string]
@@ -5567,7 +5567,7 @@ CVE-2021-45408
CVE-2021-45407
RESERVED
CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an
attacker to ...)
- TODO: check
+ NOT-FOR-US: SalonERP
CVE-2021-45405
RESERVED
CVE-2021-45404
@@ -6469,9 +6469,9 @@ CVE-2021-26264
CVE-2021-23173 (The affected product is vulnerable to an improper access
control, whic ...)
NOT-FOR-US: Philips
CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable
to a he ...)
- TODO: check
+ NOT-FOR-US: WECON LeviStudioU
CVE-2021-23138 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable
to a st ...)
- TODO: check
+ NOT-FOR-US: WECON LeviStudioU
CVE-2021-XXXX [several SQL injection, remote code execution, XSS issues]
- spip 3.2.12-1
[bullseye] - spip 3.2.11-3+deb11u1
@@ -8453,7 +8453,7 @@ CVE-2021-44531 [Improper handling of URI Subject
Alternative Names]
NOTE:
https://github.com/nodejs/node/commit/e0fe6a635e5929a364986a6c39dc3585b9ddcd85
(v12.x)
NOTE:
https://github.com/nodejs/node/commit/a5c7843cab6fdb9c845edadc2a7b9b30e02c8bf2
(v12.x)
CVE-2021-44530 (An injection vulnerability exists in a third-party library
used in Uni ...)
- TODO: check
+ NOT-FOR-US: UniFi Network
CVE-2021-44529 (A code injection vulnerability in the Ivanti EPM Cloud
Services Applia ...)
NOT-FOR-US: Ivanti
CVE-2021-44528 (A open redirect vulnerability exists in Action Pack >=
6.0.0 that c ...)
@@ -10035,13 +10035,13 @@ CVE-2021-43975 (In the Linux kernel through 5.15.2,
hw_atl_utils_fw_rpc_wait in
[bullseye] - linux 5.10.84-1
NOTE:
https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-not...@kernel.org/T/
CVE-2021-43974 (An issue was discovered in SysAid ITIL 20.4.74 b10. The
/enduserreg en ...)
- TODO: check
+ NOT-FOR-US: SysAid ITIL
CVE-2021-43973 (An unrestricted file upload vulnerability in /UploadPsIcon.jsp
in SysA ...)
- TODO: check
+ NOT-FOR-US: SysAid ITIL
CVE-2021-43972 (An unrestricted file copy vulnerability in
/UserSelfServiceSettings.js ...)
- TODO: check
+ NOT-FOR-US: SysAid ITIL
CVE-2021-43971 (A SQL injection vulnerability in /mobile/SelectUsers.jsp in
SysAid ITI ...)
- TODO: check
+ NOT-FOR-US: SysAid ITIL
CVE-2021-43970
RESERVED
CVE-2021-43969
@@ -10739,7 +10739,7 @@ CVE-2021-3967
CVE-2021-3966
RESERVED
CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to
unauthenticated HTT ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2021-43774
RESERVED
CVE-2021-43773
@@ -14428,13 +14428,13 @@ CVE-2021-43057 (An issue was discovered in the Linux
kernel before 5.14.8. A use
NOTE:
https://git.kernel.org/linus/a3727a8bac0a9e77c70820655fd8715523ba3db7 (5.15-rc3)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2229
CVE-2021-43055 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL
- Commun ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2021-43054 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL
- Commun ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2021-43053 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL
- Commun ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2021-43052 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL
- Commun ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2021-43051 (The Spotfire Server component of TIBCO Software Inc.'s TIBCO
Spotfire ...)
NOT-FOR-US: Spotfire Server component of TIBCO
CVE-2021-43050
@@ -15581,15 +15581,15 @@ CVE-2021-42563 (There is an Unquoted Service Path in
NI Service Locator (nisvclo
CVE-2021-3893
RESERVED
CVE-2021-42562 (An issue was discovered in CALDERA 2.8.1. It does not properly
segrega ...)
- TODO: check
+ NOT-FOR-US: CALDERA
CVE-2021-42561 (An issue was discovered in CALDERA 2.8.1. When activated, the
Human pl ...)
- TODO: check
+ NOT-FOR-US: CALDERA
CVE-2021-42560 (An issue was discovered in CALDERA 2.9.0. The Debrief plugin
receives ...)
- TODO: check
+ NOT-FOR-US: CALDERA
CVE-2021-42559 (An issue was discovered in CALDERA 2.8.1. It contains multiple
startup ...)
- TODO: check
+ NOT-FOR-US: CALDERA
CVE-2021-42558 (An issue was discovered in CALDERA 2.8.1. It contains multiple
reflect ...)
- TODO: check
+ NOT-FOR-US: CALDERA
CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to
bypass API ...)
NOT-FOR-US: Jeedom
CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive
extract ...)
@@ -15619,7 +15619,7 @@ CVE-2021-42553
CVE-2021-42552
RESERVED
CVE-2021-42551 (Cross-site Scripting (XSS) vulnerability in the search
functionality o ...)
- TODO: check
+ NOT-FOR-US: AlCoda NetBiblio WebOPAC
CVE-2021-42549 (Insufficient Input Validation in the search functionality of
Wordpress ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-42548 (Insufficient Input Validation in the search functionality of
Wordpress ...)
@@ -19154,7 +19154,7 @@ CVE-2021-41599
CVE-2021-41598
RESERVED
CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant
remote ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information
disclosure via ...)
NOT-FOR-US: SuiteCRM
CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information
disclosure via ...)
@@ -21084,7 +21084,7 @@ CVE-2021-40815
CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop
is vulner ...)
NOT-FOR-US: PrestaShop addon
CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip
content" featur ...)
- TODO: check
+ NOT-FOR-US: Element-IT HTTP Commander
CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an
out-of-bounds ...)
- libgd2 <unfixed>
[bullseye] - libgd2 <no-dsa> (Minor issue)
@@ -21276,7 +21276,7 @@ CVE-2021-40724 (Acrobat Reader for Android versions
21.8.0 (and earlier) are aff
CVE-2021-40723
RESERVED
CVE-2021-40722 (AEM Forms Cloud Service offering, as well as version 6.5.10.0
(and bel ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-40721 (Adobe Connect version 11.2.3 (and earlier) is affected by a
reflected ...)
NOT-FOR-US: Adobe
CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a
Deserialization o ...)
@@ -22278,7 +22278,7 @@ CVE-2021-3751 (libmobi is vulnerable to Out-of-bounds
Write ...)
CVE-2021-40328
RESERVED
CVE-2021-40327 (Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used,
has incor ...)
- TODO: check
+ NOT-FOR-US: Trusted Firmware-M (TF-M)
CVE-2021-40326
RESERVED
CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for
modification of s ...)
@@ -26181,13 +26181,13 @@ CVE-2020-36473 (UCWeb UC 12.12.3.1219 through
12.12.3.1226 uses cleartext HTTP,
CVE-2021-38693
RESERVED
CVE-2021-38692 (A stack buffer overflow vulnerability has been reported to
affect QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38691 (A stack buffer overflow vulnerability has been reported to
affect QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38690 (A stack buffer overflow vulnerability has been reported to
affect QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38689 (A stack buffer overflow vulnerability has been reported to
affect QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38688 (An improper authentication vulnerability has been reported to
affect A ...)
NOT-FOR-US: QNAP
CVE-2021-38687 (A stack buffer overflow vulnerability has been reported to
affect QNAP ...)
@@ -26201,7 +26201,7 @@ CVE-2021-38684 (A stack buffer overflow vulnerability
has been reported to affec
CVE-2021-38683
RESERVED
CVE-2021-38682 (A stack buffer overflow vulnerability has been reported to
affect QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38681 (A reflected cross-site scripting (XSS) vulnerability has been
reported ...)
NOT-FOR-US: QNAP
CVE-2021-38680 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
@@ -26209,9 +26209,9 @@ CVE-2021-38680 (A cross-site scripting (XSS)
vulnerability has been reported to
CVE-2021-38679
RESERVED
CVE-2021-38678 (An open redirect vulnerability has been reported to affect
QNAP device ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38677 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38676
RESERVED
CVE-2021-38675 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
@@ -29544,9 +29544,9 @@ CVE-2021-3660
[buster] - cockpit <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980688
CVE-2021-37401 (An attacker may obtain the user credentials from file servers,
backup ...)
- TODO: check
+ NOT-FOR-US: IDEC
CVE-2021-37400 (An attacker may obtain the user credentials from the
communication bet ...)
- TODO: check
+ NOT-FOR-US: IDEC
CVE-2021-37399
RESERVED
CVE-2021-37398
@@ -30649,7 +30649,7 @@ CVE-2021-36922 (RtsUpx.sys in Realtek RtsUpx USB
Utility Driver for Camera/Hub/A
CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web
Applicatio ...)
NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall
(AIWAF) devices
CVE-2021-36920 (Authenticated Reflected Cross-Site Scripting (XSS)
vulnerability disco ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS)
vulnerabil ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36918
@@ -32320,7 +32320,7 @@ CVE-2021-36201
CVE-2021-36200
RESERVED
CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can
cause some ...)
- TODO: check
+ NOT-FOR-US: Sensormatic Electronics, LLC, a subsidiary of Johnson
Controls, Inc.
CVE-2021-36198 (Successful exploitation of this vulnerability could allow an
unauthori ...)
NOT-FOR-US: Sensormatic Electronics, LLC
CVE-2021-36197
@@ -34067,7 +34067,7 @@ CVE-2021-3620
- ansible-base <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767
CVE-2021-35500 (The Data Virtualization Server component of TIBCO Software
Inc.'s TIBC ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2021-35499 (The Web Reporting component of TIBCO Software Inc.'s TIBCO
Nimbus cont ...)
NOT-FOR-US: TIBCO
CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s
TIBCO EBX, ...)
@@ -35212,17 +35212,17 @@ CVE-2021-35000
CVE-2021-34999
RESERVED
CVE-2021-34998 (This vulnerability allows local attackers to escalate
privileges on af ...)
- TODO: check
+ NOT-FOR-US: Panda Security Free Antivirus
CVE-2021-34997 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Commvault CommCell
CVE-2021-34996 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Commvault CommCell
CVE-2021-34995 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Commvault CommCell
CVE-2021-34994 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Commvault CommCell
CVE-2021-34993 (This vulnerability allows remote attackers to bypass
authentication on ...)
- TODO: check
+ NOT-FOR-US: Commvault CommCell
CVE-2021-34992 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: Orckestra C1 CMS
CVE-2021-34991 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
@@ -35238,9 +35238,9 @@ CVE-2021-34987
CVE-2021-34986
RESERVED
CVE-2021-34985 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley ContextCapture
CVE-2021-34984 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley ContextCapture
CVE-2021-34983
RESERVED
CVE-2021-34982
@@ -35253,13 +35253,13 @@ CVE-2021-34981 [Bluetooth CMTP Module Double Free
Privilege Escalation Vulnerabi
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-1223/
NOTE:
https://git.kernel.org/linus/3cfdf8fcaafa62a4123f92eb0f4a72650da3a479 (5.14-rc1)
CVE-2021-34980 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-34979 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-34978 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-34977 (This vulnerability allows network-adjacent attackers to bypass
authent ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-34976
RESERVED
CVE-2021-34975
@@ -35321,157 +35321,157 @@ CVE-2021-34948
CVE-2021-34947
RESERVED
CVE-2021-34946 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34945 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34944 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34943 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34942 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34941 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34940 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34939 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34938 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34937 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34936 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34935 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34934 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34933 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34932 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34931 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34930 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34929 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34928 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34927 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34926 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34925 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34924 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34923 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34922 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34921 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34920 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34919 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34918 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34917 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34916 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34915 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34914 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34913 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34912 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34911 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34910 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34909 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34908 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34907 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34906 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34905 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34904 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34903 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34902 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34901 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34900 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34899 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34898 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34897 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34896 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34895 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34894 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34893 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34892 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34891 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34890 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34889 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34888 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34887 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34886 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34885 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34884 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34883 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34882 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34881 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34880 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34879 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34878 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34877 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34876 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34875 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34874 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34873 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34872 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34871 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley View
CVE-2021-34870
RESERVED
CVE-2021-34869
@@ -35849,7 +35849,7 @@ CVE-2021-34706 (A vulnerability in the web-based
management interface of Cisco I
CVE-2021-34705 (A vulnerability in the Voice Telephony Service Provider (VTSP)
service ...)
NOT-FOR-US: Cisco
CVE-2021-34704 (A vulnerability in the web services interface of Cisco
Adaptive Securi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34703 (A vulnerability in the Link Layer Discovery Protocol (LLDP)
message pa ...)
NOT-FOR-US: Cisco
CVE-2021-34702 (A vulnerability in the web-based management interface of Cisco
Identit ...)
@@ -37540,7 +37540,7 @@ CVE-2021-33964
CVE-2021-33963
RESERVED
CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an
OS comman ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-33961
RESERVED
CVE-2021-33960
@@ -39858,7 +39858,7 @@ CVE-2021-33048
CVE-2021-33047
RESERVED
CVE-2021-33046 (Some Dahua products have access control vulnerability in the
password ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2021-33045 (The identity authentication bypass vulnerability found in some
Dahua p ...)
NOT-FOR-US: Dahua
CVE-2021-33044 (The identity authentication bypass vulnerability found in some
Dahua p ...)
@@ -40893,9 +40893,9 @@ CVE-2021-32652 (Nextcloud Mail is a mail app for the
Nextcloud platform. A missi
CVE-2021-32651 (OneDev is a development operations platform. If the LDAP
external auth ...)
NOT-FOR-US: OneDev
CVE-2021-32650 (October CMS is a self-hosted content management system (CMS)
platform ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2021-32649 (October CMS is a self-hosted content management system (CMS)
platform ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2021-32648 (octobercms in a CMS platform based on the Laravel PHP
Framework. In af ...)
NOT-FOR-US: October CMS
CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected
versions ...)
@@ -51771,9 +51771,9 @@ CVE-2021-28509
CVE-2021-28508
RESERVED
CVE-2021-28507 (An issue has recently been discovered in Arista EOS where,
under certa ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28506 (An issue has recently been discovered in Arista EOS where
certain gNOI ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28505
RESERVED
CVE-2021-28504
@@ -51783,9 +51783,9 @@ CVE-2021-28503
CVE-2021-28502
RESERVED
CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the
incorrec ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28500 (An issue has recently been discovered in Arista EOS where the
incorrec ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28499 (In Arista's MOS (Metamako Operating System) software which is
supporte ...)
NOT-FOR-US: Arista
CVE-2021-28498 (In Arista's MOS (Metamako Operating System) software which is
supporte ...)
@@ -52045,9 +52045,9 @@ CVE-2021-28379 (web/upload/UploadHandler.php in Vesta
Control Panel (aka VestaCP
CVE-2021-28378 (Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain
issue dat ...)
- gitea <removed>
CVE-2021-28377 (ChronoForums 2.0.11 allows av Directory Traversal to read
arbitrary fi ...)
- TODO: check
+ NOT-FOR-US: ChronoForums
CVE-2021-28376 (ChronoForms 7.0.7 allows fname Directory Traversal to read
arbitrary f ...)
- TODO: check
+ NOT-FOR-US: ChronoForums
CVE-2021-28373 (The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before
2021-03- ...)
- tt-rss <not-affected> (Vulnerable code introduced later)
NOTE:
https://community.tt-rss.org/t/check-password-not-called-if-otp-is-enabled-update-asap-if-youre-using-2fa/4502
@@ -72341,9 +72341,9 @@ CVE-2021-20615
CVE-2021-20614
RESERVED
CVE-2021-20613 (Improper initialization vulnerability in MELSEC-F series
FX3U-ENET Fir ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2021-20612 (Lack of administrator control over security vulnerability in
MELSEC-F ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2021-20611 (Improper Input Validation vulnerability in MELSEC iQ-R Series
R00/01/0 ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20610 (Improper Handling of Length Parameter Inconsistency
vulnerability in M ...)
@@ -79369,7 +79369,7 @@ CVE-2020-28681
CVE-2020-28680
RESERVED
CVE-2020-28679 (A vulnerability in the showReports module of Zoho ManageEngine
Applica ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2020-28678
RESERVED
CVE-2020-28677
@@ -79555,7 +79555,7 @@ CVE-2021-1575 (A vulnerability in the web-based
management interface of Cisco Vi
CVE-2021-1574 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1573 (A vulnerability in the web services interface of Cisco Adaptive
Securi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1572 (A vulnerability in ConfD could allow an authenticated, local
attacker ...)
NOT-FOR-US: Cisco
CVE-2021-1571 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
@@ -83468,9 +83468,9 @@ CVE-2020-28105
CVE-2020-28104
RESERVED
CVE-2020-28103 (cscms v4.1 allows for SQL injection via the "page_del"
function. ...)
- TODO: check
+ NOT-FOR-US: cscms
CVE-2020-28102 (cscms v4.1 allows for SQL injection via the "js_del" function.
...)
- TODO: check
+ NOT-FOR-US: cscms
CVE-2020-28101
RESERVED
CVE-2020-28100
@@ -98231,7 +98231,7 @@ CVE-2020-22059
CVE-2020-22058
RESERVED
CVE-2020-22057 (The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA
Precisio ...)
- TODO: check
+ NOT-FOR-US: EVGA Precision XOC
CVE-2020-22056 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to
a memory ...)
- ffmpeg 7:4.3-2 (unimportant)
[stretch] - ffmpeg <not-affected> (vulnerable code is not present)
@@ -111533,7 +111533,7 @@ CVE-2020-15935 (A cleartext storage of sensitive
information in GUI in FortiADC
CVE-2020-15934
RESERVED
CVE-2020-15933 (A exposure of sensitive information to an unauthorized actor
in Fortin ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during
updates, c ...)
NOT-FOR-US: Overwolf
CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote
attackers to ...)
@@ -128690,7 +128690,7 @@ CVE-2020-10139 (Acronis True Image 2021 includes an
OpenSSL component that speci
CVE-2020-10138 (Acronis Cyber Backup 12.5 and Cyber Protect 15 include an
OpenSSL comp ...)
NOT-FOR-US: Acronis
CVE-2020-10137 (Z-Wave devices based on Silicon Labs 700 series chipsets using
S2 do n ...)
- TODO: check
+ NOT-FOR-US: Z-Wave devices
CVE-2020-10136 (Multiple products that implement the IP Encapsulation within
IP standa ...)
NOT-FOR-US: Cisco
CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication
in Blueto ...)
@@ -131262,15 +131262,15 @@ CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS
05.01.00 or earlier do not au
CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase
version ...)
NOT-FOR-US: Diebold Nixdorf ProCash 2100xe USB ATMs
CVE-2020-9061 (Z-Wave devices using Silicon Labs 500 and 700 series chipsets,
includi ...)
- TODO: check
+ NOT-FOR-US: Z-Wave devices
CVE-2020-9060 (Z-Wave devices based on Silicon Labs 500 series chipsets using
S2, inc ...)
- TODO: check
+ NOT-FOR-US: Z-Wave devices
CVE-2020-9059 (Z-Wave devices based on Silicon Labs 500 series chipsets using
S0 auth ...)
- TODO: check
+ NOT-FOR-US: Z-Wave devices
CVE-2020-9058 (Z-Wave devices based on Silicon Labs 500 series chipsets using
CRC-16 ...)
- TODO: check
+ NOT-FOR-US: Z-Wave devices
CVE-2020-9057 (Z-Wave devices based on Silicon Labs 100, 200, and 300 series
chipsets ...)
- TODO: check
+ NOT-FOR-US: Z-Wave devices
CVE-2020-9056 (Periscope BuySpeed version 14.5 is vulnerable to stored
cross-site scr ...)
NOT-FOR-US: Periscope BuySpeed
CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is
vulnera ...)
@@ -134412,7 +134412,7 @@ CVE-2020-7885
CVE-2020-7884
RESERVED
CVE-2020-7883 (Printchaser v2.2021.804.1 and earlier versions contain a
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Printchaser
CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can
see th ...)
NOT-FOR-US: anySign
CVE-2020-7881 (The vulnerability function is enabled when the streamer service
relate ...)
@@ -134422,7 +134422,7 @@ CVE-2020-7880 (The vulnerabilty was discovered in
ActiveX module related to NeoR
CVE-2020-7879 (This issue was discovered when the ipTIME C200 IP Camera was
synchroni ...)
NOT-FOR-US: ipTIME C200 IP Camera
CVE-2020-7878 (An arbitrary file download and execution vulnerability was
found in th ...)
- TODO: check
+ NOT-FOR-US: VideoOffice
CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote
adminis ...)
NOT-FOR-US: ZOOK
CVE-2020-7876
@@ -139383,7 +139383,7 @@ CVE-2019-20358 (Trend Micro Anti-Threat Toolkit
(ATTK) versions 1.62.0.1218 and
CVE-2019-20357 (A Persistent Arbitrary Code Execution vulnerability exists in
the Tren ...)
NOT-FOR-US: Trend Micro
CVE-2020-5956 (An issue was discovered in SdLegacySmm in Insyde InsydeH2O with
kernel ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2020-5955 (An issue was discovered in Int15MicrocodeSmm in Insyde
InsydeH2O befor ...)
NOT-FOR-US: Int15MicrocodeSmm
CVE-2020-5954
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7335e1c62610b0d53f8afcdbe2e02c3eb4b2ffc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7335e1c62610b0d53f8afcdbe2e02c3eb4b2ffc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
