Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: be1205cf by Salvatore Bonaccorso at 2021-04-14T22:20:38+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -127,7 +127,7 @@ CVE-2021-31154 CVE-2021-31153 RESERVED CVE-2021-31152 (Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request ...) - TODO: check + NOT-FOR-US: Multilaser Router AC1200 CVE-2021-31151 RESERVED CVE-2021-31150 @@ -1509,9 +1509,9 @@ CVE-2021-30496 CVE-2021-30495 RESERVED CVE-2021-30494 (Multiple system services installed alongside the Razer Synapse 3 softw ...) - TODO: check + NOT-FOR-US: Razer Synapse 3 software suite CVE-2021-30493 (Multiple system services installed alongside the Razer Synapse 3 softw ...) - TODO: check + NOT-FOR-US: Razer Synapse 3 software suite CVE-2021-30492 RESERVED CVE-2021-30491 @@ -1625,7 +1625,7 @@ CVE-2021-30461 CVE-2021-30460 RESERVED CVE-2021-30459 (A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolba ...) - TODO: check + NOT-FOR-US: Jazzband Django Debug Toolbar CVE-2021-30458 (An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x ...) - mediawiki 1:1.35.2-1 [buster] - mediawiki <not-affected> (Only applies to 1.35 and later) @@ -3409,7 +3409,7 @@ CVE-2021-29656 CVE-2021-29655 RESERVED CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data ( ...) - TODO: check + NOT-FOR-US: AjaxSearchPro CVE-2021-29653 RESERVED CVE-2021-29652 (Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user s ...) @@ -5210,9 +5210,9 @@ CVE-2021-28858 CVE-2021-28857 RESERVED CVE-2021-28856 (In Deark before v1.5.8, a specially crafted input file can cause a div ...) - TODO: check + NOT-FOR-US: Deark CVE-2021-28855 (In Deark before 1.5.8, a specially crafted input file can cause a NULL ...) - TODO: check + NOT-FOR-US: Deark CVE-2021-28854 RESERVED CVE-2021-28853 @@ -5341,7 +5341,7 @@ CVE-2021-28799 CVE-2021-28798 RESERVED CVE-2021-28797 (A stack-based buffer overflow vulnerability has been reported to affec ...) - TODO: check + NOT-FOR-US: QNAP NAS devices CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. ...) NOT-FOR-US: Increments Qiita::Markdown CVE-2021-28795 @@ -6986,7 +6986,7 @@ CVE-2020-36258 CVE-2020-36257 RESERVED CVE-2021-28098 (An issue was discovered in Forescout CounterACT before 8.1.4. A local ...) - TODO: check + NOT-FOR-US: Forescout CounterACT CVE-2021-28097 RESERVED CVE-2021-28096 @@ -7081,7 +7081,7 @@ CVE-2021-28062 CVE-2021-28061 RESERVED CVE-2021-28060 (A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4 ...) - TODO: check + NOT-FOR-US: Group Office CVE-2021-28059 RESERVED CVE-2021-28058 @@ -7897,17 +7897,17 @@ CVE-2021-27712 CVE-2021-27711 RESERVED CVE-2021-27710 (Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118 ...) - TODO: check + NOT-FOR-US: TOTOLINK X5000R router CVE-2021-27709 RESERVED CVE-2021-27708 (Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118 ...) - TODO: check + NOT-FOR-US: TOTOLINK X5000R router CVE-2021-27707 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...) - TODO: check + NOT-FOR-US: Tenda routers CVE-2021-27706 (Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.1 ...) - TODO: check + NOT-FOR-US: Tenda routers CVE-2021-27705 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...) - TODO: check + NOT-FOR-US: Tenda routers CVE-2021-27704 RESERVED CVE-2021-27703 @@ -8110,7 +8110,7 @@ CVE-2021-27610 CVE-2021-27609 (SAP Focused RUN versions 200, 300, does not perform necessary authoriz ...) NOT-FOR-US: SAP CVE-2021-27608 (An unquoted service path in SAPSetup, version - 9.0, could lead to pri ...) - TODO: check + NOT-FOR-US: SAPSetup CVE-2021-27607 RESERVED CVE-2021-27606 @@ -8826,7 +8826,7 @@ CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular CVE-2021-27289 RESERVED CVE-2021-27288 (Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attack ...) - TODO: check + NOT-FOR-US: X2Engine X2CRM CVE-2021-27287 RESERVED CVE-2021-27286 @@ -8886,7 +8886,7 @@ CVE-2021-27260 (This vulnerability allows local attackers to disclose sensitive CVE-2021-27259 (This vulnerability allows local attackers to escalate privileges on af ...) TODO: check CVE-2021-27258 (This vulnerability allows remote attackers to execute escalate privile ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2021-27257 (This vulnerability allows network-adjacent attackers to compromise the ...) NOT-FOR-US: Netgear CVE-2021-27256 (This vulnerability allows network-adjacent attackers to execute arbitr ...) @@ -8896,21 +8896,21 @@ CVE-2021-27255 (This vulnerability allows remote attackers to execute arbitrary CVE-2021-27254 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2021-27253 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: Netgear CVE-2021-27252 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: Netgear CVE-2021-27251 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: Netgear CVE-2021-27250 (This vulnerability allows network-adjacent attackers to disclose sensi ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-27249 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-27248 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-27247 (This vulnerability allows remote attackers to disclose sensitive infor ...) TODO: check CVE-2021-27246 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2021-27245 (This vulnerability allows a firewall bypass on affected installations ...) NOT-FOR-US: TP-Link CVE-2021-27244 (This vulnerability allows local attackers to disclose sensitive inform ...) @@ -9177,7 +9177,7 @@ CVE-2021-27132 (SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection CVE-2021-27131 RESERVED CVE-2021-27130 (Online Reviewer System 1.0 contains a SQL injection vulnerability thro ...) - TODO: check + NOT-FOR-US: Online Reviewer System CVE-2021-27129 RESERVED CVE-2021-27128 @@ -9209,9 +9209,9 @@ CVE-2021-27116 CVE-2021-27115 RESERVED CVE-2021-27114 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-27113 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-27112 RESERVED CVE-2021-27111 @@ -9901,7 +9901,7 @@ CVE-2021-26834 CVE-2021-26833 (Code Execution vulnerability in Profile Picture upload in TimelyBills ...) NOT-FOR-US: TimelyBills App Budget, Expense tracker & Bills CVE-2021-26832 (Cross Site Scripting (XSS) in the "Reset Password" page form of Priori ...) - TODO: check + NOT-FOR-US: Priority Enterprise Management System CVE-2021-26831 RESERVED CVE-2021-26830 @@ -9911,7 +9911,7 @@ CVE-2021-26829 CVE-2021-26828 RESERVED CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ route ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...) - godot <unfixed> (bug #982593) [buster] - godot <no-dsa> (Minor issue) @@ -11862,9 +11862,9 @@ CVE-2021-26033 CVE-2021-26032 RESERVED CVE-2021-26031 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate fi ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2021-26030 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate es ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2021-26029 (An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate fi ...) NOT-FOR-US: Joomla! CVE-2021-26028 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an ...) @@ -27535,9 +27535,9 @@ CVE-2020-35421 CVE-2020-35420 RESERVED CVE-2020-35419 (Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LAN ...) - TODO: check + NOT-FOR-US: Group Office CRM CVE-2020-35418 (Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4 ...) - TODO: check + NOT-FOR-US: Group Office CRM CVE-2020-35417 RESERVED CVE-2020-35416 (Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabber ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be1205cf87b6e6fe2cba76169a2289f7a6c9d3d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be1205cf87b6e6fe2cba76169a2289f7a6c9d3d1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits