[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 4 05:21:59 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59fc5797 by Salvatore Bonaccorso at 2021-08-04T06:21:35+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2704,11 +2704,11 @@ CVE-2021-36705
 CVE-2021-36704
 	RESERVED
 CVE-2021-36703 (The "blog title" field in the "Settings" menu "config" page of "dashbo ...)
-	TODO: check
+	NOT-FOR-US: htmly
 CVE-2021-36702 (The "content" field in the "regular post" page of the "add content" me ...)
-	TODO: check
+	NOT-FOR-US: htmly
 CVE-2021-36701 (In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on ...)
-	TODO: check
+	NOT-FOR-US: htmly
 CVE-2021-36700
 	RESERVED
 CVE-2021-36699
@@ -7338,7 +7338,7 @@ CVE-2021-34639
 CVE-2021-34638
 	RESERVED
 CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site Request Fo ...)
-	TODO: check
+	NOT-FOR-US:  WordPress plugin
 CVE-2021-34636
 	RESERVED
 CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site  ...)
@@ -11580,7 +11580,7 @@ CVE-2021-32814 (Skytable is a NoSQL database with automated snapshots and TLS. V
 CVE-2021-32813
 	RESERVED
 CVE-2021-32812 (Monkshu is an enterprise application server for mobile apps (iOS and A ...)
-	TODO: check
+	NOT-FOR-US: Monkshu
 CVE-2021-32811 (Zope is an open-source web application server. Zope versions prior to  ...)
 	TODO: check
 CVE-2021-32810 (crossbeam-deque is a package of work-stealing deques for building task ...)
@@ -11641,7 +11641,7 @@ CVE-2021-32789 (woocommerce-gutenberg-products-block is a feature plugin for Woo
 CVE-2021-32788 (Discourse is an open source discussion platform. In versions prior to  ...)
 	NOT-FOR-US: Discourse
 CVE-2021-32787 (Sourcegraph is a code search and navigation engine. Sourcegraph before ...)
-	TODO: check
+	NOT-FOR-US: Sourcegraph
 CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
 	- libapache2-mod-auth-openidc 2.4.9-1 (bug #991582)
 	[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
@@ -11681,7 +11681,7 @@ CVE-2021-32773 (Racket is a general-purpose programming language and an ecosyste
 	[stretch] - racket <no-dsa> (Minor issue)
 	NOTE: https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c
 CVE-2021-32772 (Poddycast is a podcast app made with Electron. Prior to version 0.8.1, ...)
-	TODO: check
+	NOT-FOR-US: Poddycast
 CVE-2021-32771
 	RESERVED
 CVE-2021-32770 (Gatsby is a framework for building websites. The gatsby-source-wordpre ...)
@@ -13523,13 +13523,13 @@ CVE-2021-32021
 CVE-2021-32020 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insuffici ...)
 	NOT-FOR-US: kernel in Amazon Web Services FreeRTOS
 CVE-2021-32019 (There is missing input validation of host names displayed in OpenWrt b ...)
-	TODO: check
+	NOT-FOR-US: OpenWrt
 CVE-2021-32018 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP A ...)
-	TODO: check
+	NOT-FOR-US: JUMP AMS
 CVE-2021-32017 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...)
-	TODO: check
+	NOT-FOR-US: JUMP AMS
 CVE-2021-32016 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...)
-	TODO: check
+	NOT-FOR-US: JUMP AMS
 CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated mal ...)
 	NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware
 CVE-2021-32014 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...)
@@ -14999,9 +14999,9 @@ CVE-2021-31506 (This vulnerability allows remote attackers to disclose sensitive
 CVE-2021-31505 (This vulnerability allows attackers with physical access to escalate p ...)
 	NOT-FOR-US: Arlo Q Plus
 CVE-2021-31504 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: OpenText Brava! Desktop
 CVE-2021-31503 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: OpenText Brava! Desktop
 CVE-2021-31502 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: OpenText Brava! Desktop
 CVE-2021-31501 (This vulnerability allows remote attackers to disclose sensitive infor ...)
@@ -23876,11 +23876,11 @@ CVE-2019-25025 (The activerecord-session_store (aka Active Record Session Store)
 CVE-2021-27955
 	RESERVED
 CVE-2021-27954 (A heap-based buffer overflow vulnerability exists on the ecobee3 lite  ...)
-	TODO: check
+	NOT-FOR-US: ecobee3
 CVE-2021-27953 (A NULL pointer dereference vulnerability exists on the ecobee3 lite 4. ...)
-	TODO: check
+	NOT-FOR-US: ecobee3
 CVE-2021-27952 (Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.20 ...)
-	TODO: check
+	NOT-FOR-US: ecobee3
 CVE-2021-27951
 	RESERVED
 CVE-2021-27950 (A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through ...)
@@ -23915,9 +23915,9 @@ CVE-2021-3421 (A flaw was found in the RPM package in the read functionality. Th
 CVE-2021-27944
 	RESERVED
 CVE-2021-27943 (The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1  ...)
-	TODO: check
+	NOT-FOR-US: Vizio
 CVE-2021-27942 (Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a thre ...)
-	TODO: check
+	NOT-FOR-US: Vizio
 CVE-2021-27941 (Unconstrained Web access to the device's private encryption key in the ...)
 	NOT-FOR-US: eWeLink mobile application
 CVE-2021-27940 (resources/public/js/orchestrator.js in openark orchestrator before 3.2 ...)
@@ -32459,7 +32459,7 @@ CVE-2021-24373 (The WP Hardening – Fix Your WordPress Security WordPress p
 CVE-2021-24372 (The WP Hardening – Fix Your WordPress Security WordPress plugin  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24371 (The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24370 (The Fancy Product Designer WordPress plugin before 4.6.9 allows unauth ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24369 (In the GetPaid WordPress plugin before 2.3.4, users with the contribut ...)
@@ -36961,31 +36961,31 @@ CVE-2021-22427 (There is a Heap-based Buffer Overflow Vulnerability in Huawei Sm
 CVE-2021-22426
 	RESERVED
 CVE-2021-22425 (A component of the HarmonyOS has a Double Free vulnerability. Local at ...)
-	TODO: check
+	NOT-FOR-US: HarmonyOS
 CVE-2021-22424 (A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: HarmonyOS
 CVE-2021-22423 (A component of the HarmonyOS has a Out-of-bounds Write Vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: HarmonyOS
 CVE-2021-22422 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
-	TODO: check
+	NOT-FOR-US: HarmonyOS
 CVE-2021-22421 (A component of the HarmonyOS has a Improper Privilege Management vulne ...)
-	TODO: check
+	NOT-FOR-US: HarmonyOS
 CVE-2021-22420 (A component of the HarmonyOS has a External Control of System or Confi ...)
-	TODO: check
+	NOT-FOR-US: HarmonyOS
 CVE-2021-22419 (A component of the HarmonyOS has a Insufficient Verification of Data A ...)
-	TODO: check
+	NOT-FOR-US: HarmonyOS
 CVE-2021-22418 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
-	TODO: check
+	NOT-FOR-US: HarmonyOS
 CVE-2021-22417 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: HarmonyOS
 CVE-2021-22416 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: HarmonyOS
 CVE-2021-22415 (There is an Incorrect Calculation of Buffer Size Vulnerability in Huaw ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22414 (There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Suc ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22413 (There is an Integer Overflow Vulnerability in Huawei Smartphone.Succes ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22412 (There is an Integer Overflow Vulnerability in Huawei Smartphone.Succes ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22411 (There is an out-of-bounds write vulnerability in some Huawei products. ...)
@@ -37011,7 +37011,7 @@ CVE-2021-22402
 CVE-2021-22401
 	RESERVED
 CVE-2021-22400 (Some Huawei Smartphones has an insufficient input validation vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS vulnerabil ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22398 (There is a logic error vulnerability in several smartphones. The softw ...)
@@ -38821,7 +38821,7 @@ CVE-2021-21567
 CVE-2021-21566
 	RESERVED
 CVE-2021-21565 (Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2021-21564
 	RESERVED
 CVE-2021-21563 (Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper C ...)
@@ -38845,7 +38845,7 @@ CVE-2021-21555 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, M
 CVE-2021-21554 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...)
 	NOT-FOR-US: Dell
 CVE-2021-21553 (Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User M ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2021-21552 (Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier ...)
 	NOT-FOR-US: Dell
 CVE-2021-21551 (Dell dbutil_2_3.sys driver contains an insufficient access control vul ...)
@@ -138807,7 +138807,7 @@ CVE-2013-7474 (Windu CMS 2.2 allows XSS via the name parameter to admin/content/
 CVE-2013-7473 (Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to a ...)
 	NOT-FOR-US: Windu CMS
 CVE-2019-14453 (An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It ...)
-	TODO: check
+	NOT-FOR-US: Comelit "App lejos de casa (web)"
 CVE-2018-20953 (cPanel before 68.0.27 allows self XSS in the WHM listips interface (SE ...)
 	NOT-FOR-US: cPanel
 CVE-2018-20952 (cPanel before 68.0.27 creates world-readable files during use of WHM A ...)
@@ -216967,7 +216967,7 @@ CVE-2017-18115
 CVE-2017-18114
 	RESERVED
 CVE-2017-18113 (The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data C ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2017-18112 (Affected versions of Atlassian Fisheye allow remote attackers to view  ...)
 	NOT-FOR-US: Atlassian
 CVE-2017-18111 (The OAuthHelper in Atlassian Application Links before version 5.0.10,  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59fc57971b7dadc6bcc7730167bcdd9213fd29cd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59fc57971b7dadc6bcc7730167bcdd9213fd29cd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210804/42d1cdce/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list