diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-06-12 09:34:51 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-06-12 09:35:48 +0200 |
commit | 627de489954aeb46c4ab2077268f4839aa59473a (patch) | |
tree | 6e60db1e6684bf265f252d7db908d5e859b31297 /data | |
parent | bfbb0e632d8d2774a2d5323fe1f3845bb002f761 (diff) |
Process several NFUs
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 246 |
1 files changed, 123 insertions, 123 deletions
diff --git a/data/CVE/list b/data/CVE/list index d9af74dec3..24ce7bac17 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -282,7 +282,7 @@ CVE-2021-34542 CVE-2021-34541 RESERVED CVE-2021-34540 (Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column ...) - TODO: check + NOT-FOR-US: Advantech WebAccess CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of va ...) NOT-FOR-US: CubeCoders AMP CVE-2021-34538 @@ -3210,7 +3210,7 @@ CVE-2021-33207 CVE-2021-33206 RESERVED CVE-2021-33205 (Western Digital EdgeRover before 0.25 has an escalation of privileges ...) - TODO: check + NOT-FOR-US: Western Digital CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...) - libvirt <not-affected> (Vulnerable code never in a released version) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a (v7.0.0-rc1) @@ -3871,11 +3871,11 @@ CVE-2021-32934 CVE-2021-32933 RESERVED CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...) - TODO: check + NOT-FOR-US: Advantech CVE-2021-32931 RESERVED CVE-2021-32930 (The affected product’s configuration is vulnerable due to missin ...) - TODO: check + NOT-FOR-US: Advantech CVE-2021-32929 RESERVED CVE-2021-32928 @@ -13852,7 +13852,7 @@ CVE-2021-28816 CVE-2021-28815 RESERVED CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-28813 RESERVED CVE-2021-28812 (A command injection vulnerability has been reported to affect certain ...) @@ -13870,7 +13870,7 @@ CVE-2021-28807 (A post-authentication reflected XSS vulnerability has been repor CVE-2021-28806 (A DOM-based XSS vulnerability has been reported to affect QNAP NAS run ...) NOT-FOR-US: QNAP CVE-2021-28805 (Inclusion of sensitive information in the source code has been reporte ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-28804 RESERVED CVE-2021-28803 @@ -13878,7 +13878,7 @@ CVE-2021-28803 CVE-2021-28802 RESERVED CVE-2021-28801 (An out-of-bounds read vulnerability has been reported to affect certai ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-28800 RESERVED CVE-2021-28799 (An improper authorization vulnerability has been reported to affect QN ...) @@ -17162,11 +17162,11 @@ CVE-2021-27412 CVE-2021-27411 RESERVED CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write, which ma ...) - TODO: check + NOT-FOR-US: Welch Allyn CVE-2021-27409 RESERVED CVE-2021-27408 (The affected product is vulnerable to an out-of-bounds read, which can ...) - TODO: check + NOT-FOR-US: Welch Allyn CVE-2021-27407 RESERVED CVE-2021-27406 @@ -17680,7 +17680,7 @@ CVE-2021-XXXX [several security fixes: PHP injections, XSS and secrets stored in CVE-2021-27201 (Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated ...) NOT-FOR-US: Endian Firewall Community (aka EFW) CVE-2021-27200 (In WoWonder 3.0.4, remote attackers can take over any account due to t ...) - TODO: check + NOT-FOR-US: WoWonder CVE-2021-27199 RESERVED CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server through 11.0 ...) @@ -18117,15 +18117,15 @@ CVE-2021-26999 CVE-2021-26998 RESERVED CVE-2021-26997 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) - TODO: check + NOT-FOR-US: E-Series SANtricity OS Controller Software CVE-2021-26996 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) - TODO: check + NOT-FOR-US: E-Series SANtricity OS Controller Software CVE-2021-26995 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) - TODO: check + NOT-FOR-US: E-Series SANtricity OS Controller Software CVE-2021-26994 (Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptibl ...) NOT-FOR-US: Clustered Data ONTAP (NetApp) CVE-2021-26993 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) - TODO: check + NOT-FOR-US: E-Series SANtricity OS Controller Software CVE-2021-26992 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...) NOT-FOR-US: Cloud Manager (NetApp) CVE-2021-26991 (Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin ...) @@ -18561,9 +18561,9 @@ CVE-2021-26831 CVE-2021-26830 (SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote att ...) NOT-FOR-US: Tribalsystems Zenario CMS CVE-2021-26829 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...) - TODO: check + NOT-FOR-US: OpenPLC ScadaBR CVE-2021-26828 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...) - TODO: check + NOT-FOR-US: OpenPLC ScadaBR CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ route ...) NOT-FOR-US: TP-Link CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...) @@ -20319,11 +20319,11 @@ CVE-2021-23220 CVE-2021-23212 RESERVED CVE-2021-23211 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) - TODO: check + NOT-FOR-US: Gallagher Command Centre Server CVE-2021-23205 (Improper Encoding or Escaping in Gallagher Command Centre Server allow ...) - TODO: check + NOT-FOR-US: Gallagher Command Centre Server CVE-2021-23204 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: Gallagher Command Centre Server CVE-2021-23199 RESERVED CVE-2021-23197 @@ -20333,7 +20333,7 @@ CVE-2021-23193 CVE-2021-23185 RESERVED CVE-2021-23182 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) - TODO: check + NOT-FOR-US: Gallagher Command Centre Server CVE-2021-23167 RESERVED CVE-2021-23162 @@ -20343,9 +20343,9 @@ CVE-2021-23155 CVE-2021-23146 RESERVED CVE-2021-23140 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...) - TODO: check + NOT-FOR-US: Gallagher Command Centre Server CVE-2021-23136 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...) - TODO: check + NOT-FOR-US: Gallagher Command Centre Server CVE-2021-26123 (LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wiht ...) NOT-FOR-US: LivingLogic XIST4C CVE-2021-26122 (LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedb ...) @@ -22102,91 +22102,91 @@ CVE-2021-25427 CVE-2021-25426 RESERVED CVE-2021-25425 (Improper check vulnerability in Samsung Health prior to version 6.17 a ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25424 (Improper authentication vulnerability in Tizen bluetooth-frwk prior to ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25423 (Improper log management vulnerability in Watch Active2 PlugIn prior to ...) - TODO: check + NOT-FOR-US: Watch Active2 PlugIn CVE-2021-25422 (Improper log management vulnerability in Watch Active PlugIn prior to ...) - TODO: check + NOT-FOR-US: Watch Active2 PlugIn CVE-2021-25421 (Improper log management vulnerability in Galaxy Watch3 PlugIn prior to ...) - TODO: check + NOT-FOR-US: Galaxy Watch3 PlugIn CVE-2021-25420 (Improper log management vulnerability in Galaxy Watch PlugIn prior to ...) - TODO: check + NOT-FOR-US: Galaxy Watch PlugIn CVE-2021-25419 (Non-compliance of recommended secure coding scheme in Samsung Internet ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25418 (Improper component protection vulnerability in Samsung Internet prior ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25417 (Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allo ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25416 (Assuming EL1 is compromised, an improper address validation in RKP pri ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25415 (Assuming EL1 is compromised, an improper address validation in RKP pri ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25414 (Improper sanitization of incoming intent in Samsung Contacts prior to ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25413 (Improper sanitization of incoming intent in Samsung Contacts prior to ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25412 (An improper access control vulnerability in genericssoservice prior to ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25411 (Improper address validation vulnerability in RKP api prior to SMR JUN- ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25410 (Improper access control of a component in CallBGProvider prior to SMR ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25409 (Improper access in Notification setting prior to SMR JUN-2021 Release ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25408 (A possible buffer overflow vulnerability in NPU driver prior to SMR JU ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25407 (A possible out of bounds write vulnerability in NPU driver prior to SM ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25406 (Information exposure vulnerability in Gear S Plugin prior to version 2 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25405 (An improper access control vulnerability in ScreenOffActivity in Samsu ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25404 (Information Exposure vulnerability in SmartThings prior to version 1.7 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25403 (Intent redirection vulnerability in Samsung Account prior to version 1 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25402 (Information Exposure vulnerability in Samsung Notes prior to version 4 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25401 (Intent redirection vulnerability in Samsung Health prior to version 6. ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25400 (Intent redirection vulnerability in Samsung Internet prior to version ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25399 (Improper configuration in Smart Manager prior to version 11.0.05.0 all ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25398 (Intent redirection vulnerability in Bixby Voice prior to version 3.1.1 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25397 (An improper access control vulnerability in TelephonyUI prior to SMR M ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25396 (An improper input validation vulnerability in NPU firmware prior to SM ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25395 (A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25394 (A use after free vulnerability via race condition in MFC charger drive ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25393 (Improper sanitization of incoming intent in SecSettings prior to SMR M ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25392 (Improper protection of backup path configuration in Samsung Dex prior ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25391 (Intent redirection vulnerability in Secure Folder prior to SMR MAY-202 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25390 (Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 R ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25389 (Improper running task check in S Secure prior to SMR MAY-2021 Release ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25388 (Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25387 (An improper input validation vulnerability in sflacfd_get_frm() in lib ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25386 (An improper input validation vulnerability in sdfffd_parse_chunk_FVER( ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25385 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25384 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25383 (An improper input validation vulnerability in scmn_mfal_read() in libs ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-25382 (An improper authorization of using debugging command in Secure Folder ...) NOT-FOR-US: Samsung CVE-2021-25381 (Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in ...) @@ -25148,7 +25148,7 @@ CVE-2021-24037 CVE-2021-24036 RESERVED CVE-2021-24035 (A lack of filename validation when unzipping archives prior to WhatsAp ...) - TODO: check + NOT-FOR-US: WhatsApp CVE-2021-24034 RESERVED CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort ...) @@ -27691,7 +27691,7 @@ CVE-2021-22915 (Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable t CVE-2021-22914 RESERVED CVE-2021-22913 (Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclos ...) - TODO: check + NOT-FOR-US: Nextcloud Deck CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from an information disclosure vuln ...) TODO: check CVE-2021-22911 (A improper input sanitization vulnerability exists in Rocket.Chat serv ...) @@ -27707,7 +27707,7 @@ CVE-2021-22907 (An improper access control vulnerability exists in Citrix Worksp CVE-2021-22906 (Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers ...) TODO: check CVE-2021-22905 (Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnera ...) - TODO: check + NOT-FOR-US: Nextcloud Android App (com.nextcloud.client) CVE-2021-22904 (The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffer ...) {DSA-4929-1 DLA-2655-1} - rails 2:6.0.3.7+dfsg-1 (bug #988214) @@ -28037,45 +28037,45 @@ CVE-2021-22770 CVE-2021-22769 (A CWE-269: Improper Privilege Management vulnerability exists in Enerl ...) TODO: check CVE-2021-22768 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) - TODO: check + NOT-FOR-US: PowerLogic EGX300 CVE-2021-22767 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) - TODO: check + NOT-FOR-US: PowerLogic EGX300 CVE-2021-22766 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) - TODO: check + NOT-FOR-US: PowerLogic EGX300 CVE-2021-22765 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) - TODO: check + NOT-FOR-US: PowerLogic CVE-2021-22764 (A CWE-287: Improper Authentication vulnerability exists in PowerLogic ...) - TODO: check + NOT-FOR-US: PowerLogic CVE-2021-22763 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...) - TODO: check + NOT-FOR-US: PowerLogic CVE-2021-22762 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) - TODO: check + NOT-FOR-US: Schneider CVE-2021-22761 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) - TODO: check + NOT-FOR-US: Schneider CVE-2021-22760 (A CWE-763: Release of invalid pointer or reference vulnerability exist ...) - TODO: check + NOT-FOR-US: Schneider CVE-2021-22759 (A CWE-416: Use after free vulnerability exists inIGSS Definition (Def. ...) - TODO: check + NOT-FOR-US: Schneider CVE-2021-22758 (A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS ...) - TODO: check + NOT-FOR-US: Schneider CVE-2021-22757 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...) - TODO: check + NOT-FOR-US: Schneider CVE-2021-22756 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...) - TODO: check + NOT-FOR-US: Schneider CVE-2021-22755 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) - TODO: check + NOT-FOR-US: Schneider CVE-2021-22754 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) - TODO: check + NOT-FOR-US: Schneider CVE-2021-22753 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...) - TODO: check + NOT-FOR-US: Schneider CVE-2021-22752 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) - TODO: check + NOT-FOR-US: Schneider CVE-2021-22751 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) - TODO: check + NOT-FOR-US: Schneider CVE-2021-22750 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) - TODO: check + NOT-FOR-US: Schneider CVE-2021-22749 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) - TODO: check + NOT-FOR-US: Schneider CVE-2021-22748 RESERVED CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) @@ -30136,7 +30136,7 @@ CVE-2021-21835 CVE-2021-21834 RESERVED CVE-2021-21833 (An improper array index validation vulnerability exists in the TIF IP_ ...) - TODO: check + NOT-FOR-US: Accusoft ImageGear CVE-2021-21832 RESERVED CVE-2021-21831 @@ -30154,7 +30154,7 @@ CVE-2021-21826 CVE-2021-21825 RESERVED CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 ...) - TODO: check + NOT-FOR-US: Accusoft ImageGear CVE-2021-21823 RESERVED CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) @@ -30186,7 +30186,7 @@ CVE-2021-21810 CVE-2021-21809 RESERVED CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_proces ...) - TODO: check + NOT-FOR-US: Accusoft ImageGear CVE-2021-21807 RESERVED CVE-2021-21806 @@ -30212,7 +30212,7 @@ CVE-2021-21797 CVE-2021-21796 RESERVED CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD read_icc_ ...) - TODO: check + NOT-FOR-US: Accusoft ImageGear CVE-2021-21794 RESERVED CVE-2021-21793 @@ -34212,7 +34212,7 @@ CVE-2021-20734 CVE-2021-20733 RESERVED CVE-2021-20732 (The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 an ...) - TODO: check + NOT-FOR-US: ATOM (ATOM - Smart life App) CVE-2021-20731 (WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver ...) NOT-FOR-US: WSR-1166DHP3 firmware CVE-2021-20730 (Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.1 ...) @@ -34220,7 +34220,7 @@ CVE-2021-20730 (Improper access control vulnerability in WSR-1166DHP3 firmware V CVE-2021-20729 RESERVED CVE-2021-20728 (Improper access control vulnerability in goo blog App for Android ver. ...) - TODO: check + NOT-FOR-US: goo blog App CVE-2021-20727 (Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allo ...) NOT-FOR-US: Zettlr CVE-2021-20726 (Untrusted search path vulnerability in The Installer of Overwolf 2.168 ...) @@ -34497,7 +34497,7 @@ CVE-2021-20593 CVE-2021-20592 RESERVED CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27 model all ...) NOT-FOR-US: Mitsubishi CVE-2021-20589 (Buffer access with incorrect length value vulnerability in GOT2000 ser ...) @@ -47052,19 +47052,19 @@ CVE-2021-0102 (Insecure inherited permissions in the Intel Unite(R) Client for W CVE-2021-0101 (Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB ...) NOT-FOR-US: Intel CVE-2021-0100 (Incorrect default permissions in the installer for the Intel(R) SSD Da ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0099 RESERVED CVE-2021-0098 (Improper access control in the Intel Unite(R) Client for Windows befor ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0097 (Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0096 RESERVED CVE-2021-0095 (Improper initialization in the firmware for some Intel(R) Processors m ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0094 (Improper link resolution before file access in Intel(R) DSA before ver ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0093 RESERVED CVE-2021-0092 @@ -47072,7 +47072,7 @@ CVE-2021-0092 CVE-2021-0091 RESERVED CVE-2021-0090 (Uncontrolled search path element in Intel(R) DSA before version 20.11. ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0089 (Observable response discrepancy in some Intel(R) Processors may allow ...) - xen <unfixed> [stretch] - xen <end-of-life> (DSA 4602-1) @@ -47104,27 +47104,27 @@ CVE-2021-0079 CVE-2021-0078 RESERVED CVE-2021-0077 (Insecure inherited permissions in the installer for the Intel(R) VTune ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0076 RESERVED CVE-2021-0075 RESERVED CVE-2021-0074 (Improper permissions in the installer for the Intel(R) Computing Impro ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0073 (Insufficient control flow management in Intel(R) DSA before version 20 ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0072 RESERVED CVE-2021-0071 RESERVED CVE-2021-0070 (Improper input validation in the BMC firmware for Intel(R) Server Boar ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0069 RESERVED CVE-2021-0068 RESERVED CVE-2021-0067 (&nbsp;Improper access control in system firmware for some Intel(R) ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0066 RESERVED CVE-2021-0065 @@ -47142,21 +47142,21 @@ CVE-2021-0060 CVE-2021-0059 RESERVED CVE-2021-0058 (Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Drive ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0057 (Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pac ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0056 (Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Dri ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0055 (Insecure inherited permissions for some Intel(R) NUC 9 Extreme Laptop ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0054 (Improper buffer restrictions in system firmware for some Intel(R) NUCs ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0053 RESERVED CVE-2021-0052 (Incorrect default privileges in the Intel(R) Computing Improvement Pro ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0051 (Improper input validation in the Intel(R) SPS versions before SPS_E5_0 ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0050 RESERVED CVE-2021-0049 @@ -47256,7 +47256,7 @@ CVE-2021-0003 CVE-2021-0002 RESERVED CVE-2021-0001 (Observable timing discrepancy in Intel(R) IPP before version 2020 upda ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-27669 RESERVED CVE-2020-27668 @@ -47894,7 +47894,7 @@ CVE-2020-27386 (An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 CVE-2020-27385 (Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) ...) NOT-FOR-US: FlexDotnetCMS CVE-2020-27384 (The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an ...) - TODO: check + NOT-FOR-US: Guild Wars 2 launcher CVE-2020-27383 (Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of ...) TODO: check CVE-2020-27382 @@ -50833,7 +50833,7 @@ CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access P NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.cb327ed0cabe.Ib7dcffa2a31f0913d660de65ba3c8aca75b1d10f@changeid/ CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square brackets in ...) - TODO: check + NOT-FOR-US: SilverStripe CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...) - python-urllib3 1.25.9-1 [buster] - python-urllib3 <no-dsa> (Minor issue) @@ -54388,15 +54388,15 @@ CVE-2020-24673 (In S+ Operations and S+ Historian, a successful SQL injection ex CVE-2020-24672 RESERVED CVE-2020-24671 (Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL ...) - TODO: check + NOT-FOR-US: Trace Financial CRESTBridge CVE-2020-24670 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...) NOT-FOR-US: Hitachi CVE-2020-24669 (The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x c ...) NOT-FOR-US: Hitachi CVE-2020-24668 (Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulner ...) - TODO: check + NOT-FOR-US: Trace Financial CRESTBridge CVE-2020-24667 (Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL ...) - TODO: check + NOT-FOR-US: Trace Financial CRESTBridge CVE-2020-24666 (The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x conta ...) NOT-FOR-US: Hitachi CVE-2020-24665 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...) @@ -54404,7 +54404,7 @@ CVE-2020-24665 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8. CVE-2020-24664 (The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...) NOT-FOR-US: Hitachi CVE-2020-24663 (Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnera ...) - TODO: check + NOT-FOR-US: Trace Financial CRESTBridge CVE-2020-24662 (SmartStream Transaction Lifecycle Management (TLM) Reconciliation Prem ...) TODO: check CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate verificati ...) @@ -54766,11 +54766,11 @@ CVE-2020-24518 CVE-2020-24517 RESERVED CVE-2020-24516 (Modification of assumed-immutable data in subsystem in Intel(R) CSME v ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-24515 (Protection mechanism failure in some Intel(R) RealSense(TM) IDs may al ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-24514 (Improper authentication in some Intel(R) RealSense(TM) IDs may allow a ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-24513 (Domain-bypass transient execution vulnerability in some Intel Atom(R) ...) - intel-microcode 3.20210608.1 (bug #989615) NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608 |