[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 6 06:19:24 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
45400a16 by Salvatore Bonaccorso at 2021-08-06T07:19:03+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2021-38140
 CVE-2021-38139
 	RESERVED
 CVE-2021-38138 (OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vend ...)
-	TODO: check
+	NOT-FOR-US: OneNav
 CVE-2021-38137
 	RESERVED
 CVE-2021-38136
@@ -115,7 +115,7 @@ CVE-2021-38097
 CVE-2021-38096
 	RESERVED
 CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote unauthenticated at ...)
-	TODO: check
+	NOT-FOR-US: Planview Spigit
 CVE-2021-38094
 	RESERVED
 CVE-2021-38093
@@ -453,13 +453,13 @@ CVE-2021-37932
 CVE-2021-3681
 	RESERVED
 CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
-	TODO: check
+	NOT-FOR-US: showdoc
 CVE-2021-3679
 	RESERVED
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a
 CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
-	TODO: check
+	NOT-FOR-US: showdoc
 CVE-2021-37931
 	RESERVED
 CVE-2021-37930
@@ -1106,7 +1106,7 @@ CVE-2021-37627
 CVE-2021-37626
 	RESERVED
 CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to 0.6.4  ...)
-	TODO: check
+	NOT-FOR-US: Skytable
 CVE-2021-37624
 	RESERVED
 CVE-2021-37623
@@ -1150,9 +1150,9 @@ CVE-2021-3669 [reading /proc/sysvipc/shm does not scale with large shared memory
 CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery by an a ...)
 	NOT-FOR-US: Meow hash
 CVE-2021-37605 (In the Microchip MiWi v6.5 software stack, there is a possibility of f ...)
-	TODO: check
+	NOT-FOR-US: Microchip MiWi
 CVE-2021-37604 (In the Microchip MiWi v6.5 software stack, there is a possibility of f ...)
-	TODO: check
+	NOT-FOR-US: Microchip MiWi
 CVE-2021-37603
 	RESERVED
 CVE-2021-37602
@@ -2885,17 +2885,17 @@ CVE-2019-25050 (netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer over
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156
 CVE-2021-36805 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...)
-	TODO: check
+	NOT-FOR-US: Akaunting
 CVE-2021-36804 (Akaunting version 2.1.12 and earlier suffers from a password reset spo ...)
-	TODO: check
+	NOT-FOR-US: Akaunting
 CVE-2021-36803 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...)
-	TODO: check
+	NOT-FOR-US: Akaunting
 CVE-2021-36802 (Akaunting version 2.1.12 and earlier suffers from a denial-of-service  ...)
-	TODO: check
+	NOT-FOR-US: Akaunting
 CVE-2021-36801 (Akaunting version 2.1.12 and earlier suffers from an authentication by ...)
-	TODO: check
+	NOT-FOR-US: Akaunting
 CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code injection iss ...)
-	TODO: check
+	NOT-FOR-US: Akaunting
 CVE-2021-36799 (KNX ETS5 uses the hard-coded password ETS5Password, with a salt value  ...)
 	NOT-FOR-US: KNX ETS5
 CVE-2021-36798
@@ -3621,7 +3621,7 @@ CVE-2021-36485
 CVE-2021-36484
 	RESERVED
 CVE-2021-36483 (DevExpress.XtraReports.UI through v21.1 allows attackers to execute ar ...)
-	TODO: check
+	NOT-FOR-US: DevExpress.XtraReports.UI
 CVE-2021-36482
 	RESERVED
 CVE-2021-36481
@@ -12607,7 +12607,7 @@ CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute ar
 CVE-2021-32604 (Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles ...)
 	NOT-FOR-US: SolarWinds
 CVE-2021-32603 (A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiM ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-32602
 	RESERVED
 CVE-2021-32601
@@ -12617,7 +12617,7 @@ CVE-2021-32600
 CVE-2021-32599
 	RESERVED
 CVE-2021-32598 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-32597
 	RESERVED
 CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in the pas ...)
@@ -13762,7 +13762,7 @@ CVE-2021-32078 (An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge
 	NOTE: https://kirtikumarar.com/CVE-2021-32078.txt
 	NOTE: https://git.kernel.org/linus/298a58e165e447ccfaae35fe9f651f9d7e15166f (5.13-rc1)
 CVE-2021-3539 (EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site ...)
-	TODO: check
+	NOT-FOR-US: EspoCRM
 CVE-2021-3538 (A flaw was found in github.com/satori/go.uuid in versions from commit  ...)
 	- golang-github-satori-go.uuid <not-affected> (Vulnerable code introduced later and not in any released version)
 	NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
@@ -14438,11 +14438,11 @@ CVE-2021-3520 (There's a flaw in lz4. An attacker who submits a crafted file to
 	NOTE: https://github.com/lz4/lz4/pull/972
 	NOTE: Fixed by: https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
 CVE-2021-31869 (Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injec ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2021-31868
 	RESERVED
 CVE-2021-31867 (Pimcore Customer Data Framework version 3.0.0 and earlier suffers from ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2021-3519
 	RESERVED
 CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to lear ...)
@@ -44966,7 +44966,7 @@ CVE-2021-20030
 CVE-2021-20029
 	RESERVED
 CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Comma ...)
-	TODO: check
+	NOT-FOR-US: Sonicwall
 CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...)
 	NOT-FOR-US: SonicWall
 CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an authent ...)
@@ -50266,7 +50266,7 @@ CVE-2021-1574 (Multiple vulnerabilities in the web-based management interface of
 CVE-2021-1573
 	RESERVED
 CVE-2021-1572 (A vulnerability in ConfD could allow an authenticated, local attacker  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1571 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1570 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
@@ -67354,7 +67354,7 @@ CVE-2020-22734
 CVE-2020-22733
 	RESERVED
 CVE-2020-22732 (CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions &g ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple (CMSMS)
 CVE-2020-22731
 	RESERVED
 CVE-2020-22730
@@ -74425,9 +74425,9 @@ CVE-2020-19304 (An issue in /admin/index.php?n=system&c=filept&a=doGetFi
 CVE-2020-19303 (An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 ...)
 	NOT-FOR-US: hdcms
 CVE-2020-19302 (An arbitrary file upload vulnerability in the avatar upload function o ...)
-	TODO: check
+	NOT-FOR-US: vaeThink
 CVE-2020-19301 (A vulnerability in the vae_admin_rule database table of vaeThink v1.0. ...)
-	TODO: check
+	NOT-FOR-US: vaeThink
 CVE-2020-19300
 	RESERVED
 CVE-2020-19299



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45400a1662ca20f4bcbcf401bd005b704e7f223c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45400a1662ca20f4bcbcf401bd005b704e7f223c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210806/d3d69217/attachment.htm>


More information about the debian-security-tracker-commits mailing list