[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Apr 23 21:31:41 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b33eb94a by Salvatore Bonaccorso at 2021-04-23T22:31:19+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -463,9 +463,9 @@ CVE-2021-31542
 CVE-2021-31541
 	RESERVED
 CVE-2021-31540 (Wowza Streaming Engine through 4.8.5 (in a default installation) has i ...)
-	TODO: check
+	NOT-FOR-US: Wowza Streaming Engine
 CVE-2021-31539 (Wowza Streaming Engine through 4.8.5 (in a default installation) has c ...)
-	TODO: check
+	NOT-FOR-US: Wowza Streaming Engine
 CVE-2021-31538
 	RESERVED
 CVE-2021-31537
@@ -775,21 +775,21 @@ CVE-2021-31412
 CVE-2021-31411
 	RESERVED
 CVE-2021-31410 (Overly relaxed configuration of frontend resources server in Vaadin De ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2021-31409
 	RESERVED
 CVE-2021-31408 (Authentication.logout() helper in com.vaadin:flow-client versions 5.0. ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2021-31407 (Vulnerability in OSGi integration in com.vaadin:flow-server versions 1 ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2021-31406 (Non-constant-time comparison of CSRF tokens in endpoint request handle ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2021-31405 (Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-t ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2021-31404 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2021-31403 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2021-3502 [reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames]
 	RESERVED
 	- avahi <unfixed> (bug #986018)
@@ -2403,17 +2403,17 @@ CVE-2021-30640
 CVE-2021-30639
 	RESERVED
 CVE-2020-36321 (Improper URL validation in development mode handler in com.vaadin:flow ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2020-36320 (Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-s ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2020-36319 (Insecure configuration of default ObjectMapper in com.vaadin:flow-serv ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2019-25028 (Missing variable sanitization in Grid component in com.vaadin:vaadin-s ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2019-25027 (Missing output sanitization in default RouteNotFoundError view in com. ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2018-25007 (Missing check in UIDL request handler in com.vaadin:flow-server versio ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2017-20003
 	REJECTED
 CVE-2021-30638
@@ -11020,9 +11020,9 @@ CVE-2021-26912 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows una
 CVE-2021-26911 (core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL ...)
 	NOT-FOR-US: Canary Mail
 CVE-2021-26909 (Automox Agent prior to version 31 uses an insufficiently protected S3  ...)
-	TODO: check
+	NOT-FOR-US: Automox Agent
 CVE-2021-26908 (Automox Agent prior to version 31 logs potentially sensitive informati ...)
-	TODO: check
+	NOT-FOR-US: Automox Agent
 CVE-2021-26907
 	RESERVED
 CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...)
@@ -20312,7 +20312,7 @@ CVE-2021-22895
 CVE-2021-22894
 	RESERVED
 CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authen ...)
-	TODO: check
+	NOT-FOR-US: Pulse Connect Secure
 CVE-2021-22892
 	RESERVED
 CVE-2021-22891
@@ -20916,7 +20916,7 @@ CVE-2021-22684
 CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
 	NOT-FOR-US: Fatek FvDesigner
 CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4) is configured by default to be ...)
-	TODO: check
+	NOT-FOR-US: Cscape
 CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and later,  ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2021-22680
@@ -20924,7 +20924,7 @@ CVE-2021-22680
 CVE-2021-22679
 	RESERVED
 CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper validation of use ...)
-	TODO: check
+	NOT-FOR-US: Cscape
 CVE-2021-22677
 	RESERVED
 CVE-2021-22676



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b33eb94a91a6ac1e889c8644a565d3b65310e353

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b33eb94a91a6ac1e889c8644a565d3b65310e353
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210423/ffd78fa1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list