Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: af9b5e53 by Salvatore Bonaccorso at 2021-03-26T21:28:12+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -21,7 +21,7 @@ CVE-2021-29257 CVE-2021-29256 RESERVED CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credent ...) - TODO: check + NOT-FOR-US: MicroSeven CVE-2021-29254 RESERVED CVE-2021-29253 @@ -2182,13 +2182,13 @@ CVE-2021-28252 CVE-2021-28251 RESERVED CVE-2021-28250 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) - TODO: check + NOT-FOR-US: CA eHealth Performance Manager CVE-2021-28249 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) - TODO: check + NOT-FOR-US: CA eHealth Performance Manager CVE-2021-28248 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) - TODO: check + NOT-FOR-US: CA eHealth Performance Manager CVE-2021-28247 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) - TODO: check + NOT-FOR-US: CA eHealth Performance Manager CVE-2021-28246 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) NOT-FOR-US: CA eHealth Performance Manager CVE-2021-28245 @@ -7886,7 +7886,7 @@ CVE-2021-3277 CVE-2021-3276 RESERVED CVE-2021-3275 (Unauthenticated stored cross-site scripting (XSS) exists in multiple T ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2021-3274 RESERVED CVE-2021-3273 (Nagios XI below 5.7 is affected by code injection in the /nagiosxi/adm ...) @@ -9144,13 +9144,13 @@ CVE-2021-25374 CVE-2021-25373 RESERVED CVE-2021-25372 (An improper boundary check in DSP driver prior to SMR Mar-2021 Release ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25371 (A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows a ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25370 (An incorrect implementation handling file descriptor in dpu driver pri ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25369 (An improper access control vulnerability in sec_log file prior to SMR ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25368 (Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allo ...) NOT-FOR-US: Samsung CVE-2021-25367 (Path Traversal vulnerability in Samsung Notes prior to version 4.2.00. ...) @@ -12474,11 +12474,11 @@ CVE-2021-23892 CVE-2021-23891 RESERVED CVE-2021-23890 (Information leak vulnerability in the Agent Handler of McAfee ePolicy ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-23889 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-23888 (Unvalidated client-side URL redirect vulnerability in McAfee ePolicy O ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-23887 RESERVED CVE-2021-23886 @@ -13863,7 +13863,7 @@ CVE-2021-3111 (The Express Entries Dashboard in Concrete5 8.5.4 allows stored XS CVE-2021-3110 (The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL i ...) NOT-FOR-US: PrestaShop CVE-2021-3109 (The custom menu item options page in SolarWinds Orion Platform before ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2021-23242 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...) NOT-FOR-US: MERCUSYS Mercury X18G devices CVE-2021-23241 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...) @@ -14543,7 +14543,7 @@ CVE-2021-22888 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS v CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) mode ...) NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persist ...) - TODO: check + NOT-FOR-US: Rocket.Chat CVE-2021-22885 RESERVED CVE-2021-22884 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...) @@ -18372,7 +18372,7 @@ CVE-2021-21445 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, all CVE-2021-21444 (SAP Business Objects BI Platform, versions - 410, 420, 430, allows mul ...) NOT-FOR-US: SAP CVE-2020-35856 (SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2020-35855 RESERVED CVE-2020-35854 (Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Bod ...) @@ -20849,11 +20849,11 @@ CVE-2021-20685 CVE-2021-20684 RESERVED CVE-2021-20683 (Improper neutralization of JavaScript input in the blog article editin ...) - TODO: check + NOT-FOR-US: baserCMS CVE-2021-20682 (baserCMS versions prior to 4.4.5 allows a remote attacker with an admi ...) - TODO: check + NOT-FOR-US: baserCMS CVE-2021-20681 (Improper neutralization of JavaScript input in the page editing functi ...) - TODO: check + NOT-FOR-US: baserCMS CVE-2021-20680 RESERVED CVE-2021-20679 (Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6 ...) @@ -20861,7 +20861,7 @@ CVE-2021-20679 (Fuji Xerox multifunction devices and printers (DocuCentre-VII C7 CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro versions prior ...) NOT-FOR-US: Paid Memberships Pro CVE-2021-20677 (UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIV ...) - TODO: check + NOT-FOR-US: UNIVERGE CVE-2021-20676 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...) NOT-FOR-US: M-System CVE-2021-20675 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...) @@ -27710,7 +27710,7 @@ CVE-2020-28697 CVE-2020-28696 RESERVED CVE-2020-28695 (Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices ...) - TODO: check + NOT-FOR-US: Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices CVE-2020-28694 RESERVED CVE-2020-28693 (An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an ...) @@ -50848,7 +50848,7 @@ CVE-2020-19628 CVE-2020-19627 RESERVED CVE-2020-19626 (Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows re ...) - TODO: check + NOT-FOR-US: craftcms CVE-2020-19625 (Remote Code Execution Vulnerability in tests/support/stores/test_grid_ ...) TODO: check CVE-2020-19624 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af9b5e534537228200b19ad9f80e8af014b4907a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af9b5e534537228200b19ad9f80e8af014b4907a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits