[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 6 09:17:24 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9abaabcf by Salvatore Bonaccorso at 2021-08-06T10:17:12+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -613,7 +613,7 @@ CVE-2021-37861
 CVE-2021-37860
 	RESERVED
 CVE-2021-37859 (Fixed a bypass for a reflected cross-site scripting vulnerability affe ...)
-	TODO: check
+	NOT-FOR-US: Mattermost
 CVE-2021-37858
 	RESERVED
 CVE-2021-37857
@@ -1100,7 +1100,7 @@ CVE-2021-37634
 CVE-2021-37633
 	RESERVED
 CVE-2021-37632 (SuperMartijn642's Config Lib is a library used by a number of mods for ...)
-	TODO: check
+	NOT-FOR-US: SuperMartijn642's Config Lib (lib for Minecraft)
 CVE-2021-37631
 	RESERVED
 CVE-2021-37630
@@ -1136,7 +1136,7 @@ CVE-2021-37616
 CVE-2021-37615
 	RESERVED
 CVE-2021-37614 (In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0 ...)
-	TODO: check
+	NOT-FOR-US: MOVEit Transfer
 CVE-2021-37613
 	RESERVED
 CVE-2021-37612
@@ -6306,13 +6306,13 @@ CVE-2021-35329
 CVE-2021-35328
 	RESERVED
 CVE-2021-35327 (A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B2020091 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK A720R A720R_Firmware
 CVE-2021-35326 (A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B2 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK A720R router firmware
 CVE-2021-35325 (A stack overflow in the checkLoginUser function of TOTOLINK A720R A720 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK A720R A720R_Firmware
 CVE-2021-35324 (A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Fir ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK A720R A720R_Firmware
 CVE-2021-35323
 	RESERVED
 CVE-2021-35322
@@ -6346,9 +6346,9 @@ CVE-2021-35309
 CVE-2021-35308
 	RESERVED
 CVE-2021-35307 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2021-35306 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2021-35305
 	RESERVED
 CVE-2021-35304
@@ -7830,9 +7830,9 @@ CVE-2021-34641
 CVE-2021-34640
 	RESERVED
 CVE-2021-34639 (Authenticated File Upload in WordPress Download Manager <= 3.1.24 a ...)
-	TODO: check
+	NOT-FOR-US: WordPress Download Manager
 CVE-2021-34638 (Authenticated Directory Traversal in WordPress Download Manager <=  ...)
-	TODO: check
+	NOT-FOR-US: WordPress Download Manager
 CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site Request Fo ...)
 	NOT-FOR-US:  WordPress plugin
 CVE-2021-34636
@@ -7840,13 +7840,13 @@ CVE-2021-34636
 CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-34634 (The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Req ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-34633 (The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Reques ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-34632 (The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-34631 (The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-34630 (In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtra ...)
 	NOT-FOR-US: GTranslate (Pro and Enterprise versions)
 CVE-2021-34629 (The SendGrid WordPress plugin is vulnerable to authorization bypass vi ...)
@@ -8462,7 +8462,7 @@ CVE-2021-34373 (Trusty trusted Linux kernel (TLK) contains a vulnerability in th
 CVE-2021-34372 (Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver c ...)
 	NOT-FOR-US: Trusty
 CVE-2021-34371 (Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI se ...)
-	TODO: check
+	NOT-FOR-US: Neo4j
 CVE-2021-34370 (Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do s ...)
 	NOT-FOR-US: Accela Civic Platform
 CVE-2021-34369 (portlets/contact/ref/refContactDetail.do in Accela Civic Platform thro ...)
@@ -10242,9 +10242,9 @@ CVE-2021-33599
 CVE-2021-33598
 	RESERVED
 CVE-2021-33597 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2021-33596 (Showing the legitimate URL in the address bar while loading the conten ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2021-33595
 	RESERVED
 CVE-2021-33594



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9abaabcfa4cd33cc5ca8cae73cf7283ec455660d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9abaabcfa4cd33cc5ca8cae73cf7283ec455660d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210806/33e93ad8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list