[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 6 09:24:58 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8fedc428 by Salvatore Bonaccorso at 2021-08-06T10:23:44+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12660,17 +12660,17 @@ CVE-2021-32583
 CVE-2021-32582 (An issue was discovered in ConnectWise Automate before 2021.5. A blind ...)
 	NOT-FOR-US: ConnectWise Automate
 CVE-2021-32581 (Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Im ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2021-32580 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2021-32579 (Acronis True Image prior to 2021 Update 4 for Windows and Acronis True ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2021-32578 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2021-32577 (Acronis True Image prior to 2021 Update 5 for Windows allowed local pr ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2021-32576 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2021-32606 (In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/i ...)
 	- linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/16
@@ -14082,9 +14082,9 @@ CVE-2021-32005
 CVE-2021-32004
 	RESERVED
 CVE-2021-32003 (Unprotected Transport of Credentials vulnerability in SiteManager prov ...)
-	TODO: check
+	NOT-FOR-US: Secomea SiteManager
 CVE-2021-32002 (Improper Access Control vulnerability in web service of Secomea SiteMa ...)
-	TODO: check
+	NOT-FOR-US: Secomea SiteManager
 CVE-2021-32001 (A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of S ...)
 	NOT-FOR-US: Rancher
 CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-ma ...)
@@ -27508,7 +27508,7 @@ CVE-2021-26607
 CVE-2021-26606
 	RESERVED
 CVE-2021-26605 (An improper input validation vulnerability in the service of ezPDFRead ...)
-	TODO: check
+	NOT-FOR-US: ezPDFReader
 CVE-2021-26604
 	RESERVED
 CVE-2021-26603
@@ -27561,7 +27561,7 @@ CVE-2021-26588
 CVE-2021-26587
 	RESERVED
 CVE-2021-26586 (A potential security vulnerability has been identified in the HPE Edge ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-26585 (A potential vulnerability has been identified in HPE OneView Global Da ...)
 	NOT-FOR-US: HPE
 CVE-2021-26584 (A security vulnerability in HPE OneView for VMware vCenter (OV4VC) cou ...)
@@ -30567,17 +30567,17 @@ CVE-2021-25450
 CVE-2021-25449
 	RESERVED
 CVE-2021-25448 (Improper access control vulnerability in Smart Touch Call prior to ver ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25447 (Improper access control vulnerability in SmartThings prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25446 (Improper access control vulnerability in SmartThings prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25445 (Unprotected component vulnerability in Samsung Internet prior to versi ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25444 (An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25443 (A use after free vulnerability in conn_gadget driver prior to SMR AUG- ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25442 (Improper MDM policy management vulnerability in KME module prior to KC ...)
 	NOT-FOR-US: Samsung (KME module)
 CVE-2021-25441 (Improper input validation vulnerability in AR Emoji Editor prior to ve ...)
@@ -36187,9 +36187,9 @@ CVE-2021-22930 [Use after free on close http2 on stream canceling]
 CVE-2021-22929
 	RESERVED
 CVE-2021-22928 (A vulnerability has been identified in Citrix Virtual Apps and Desktop ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2021-22927 (A session fixation vulnerability exists in Citrix ADC and Citrix Gatew ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2021-22926 (libcurl-using applications can ask for a specific client certificate t ...)
 	TODO: check
 CVE-2021-22925 (curl supports the `-t` command line option, known as `CURLOPT_TELNETOP ...)
@@ -36223,9 +36223,9 @@ CVE-2021-22922 (When curl is instructed to download content using the metalink f
 CVE-2021-22921 (Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local pri ...)
 	- nodejs <not-affected> (Only affects Windows installer)
 CVE-2021-22920 (A vulnerability has been discovered in Citrix ADC (formerly known as N ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2021-22919 (A vulnerability has been discovered in Citrix ADC (formerly known as N ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2021-22918 (Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bou ...)
 	{DSA-4936-1}
 	- libuv1 1.40.0-2 (bug #990561)
@@ -37184,7 +37184,7 @@ CVE-2021-22554
 CVE-2021-22553 (Any git operation is passed through Jetty and a session is created. No ...)
 	- gerrit <itp> (bug #589436)
 CVE-2021-22552 (An untrusted memory read vulnerability in Asylo versions up to 0.6.1 a ...)
-	TODO: check
+	NOT-FOR-US: Asylo
 CVE-2021-22551
 	RESERVED
 CVE-2021-22550 (An attacker can modify the pointers in enclave memory to overwrite arb ...)
@@ -38604,7 +38604,7 @@ CVE-2021-21895
 CVE-2021-21894
 	RESERVED
 CVE-2021-21893 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2021-21892
 	RESERVED
 CVE-2021-21891
@@ -38650,7 +38650,7 @@ CVE-2021-21872
 CVE-2021-21871 (A memory corruption vulnerability exists in the DMG File Format Handle ...)
 	NOT-FOR-US: PowerISO
 CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2021-21869
 	RESERVED
 CVE-2021-21868
@@ -38664,7 +38664,7 @@ CVE-2021-21865 (A unsafe deserialization vulnerability exists in the PackageMana
 CVE-2021-21864 (A unsafe deserialization vulnerability exists in the ComponentModel Co ...)
 	NOT-FOR-US: CODESYS
 CVE-2021-21863 (A unsafe deserialization vulnerability exists in the ComponentModel Pr ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2021-21862
 	RESERVED
 CVE-2021-21861
@@ -38728,7 +38728,7 @@ CVE-2021-21833 (An improper array index validation vulnerability exists in the T
 CVE-2021-21832
 	RESERVED
 CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2021-21830
 	RESERVED
 CVE-2021-21829
@@ -38784,7 +38784,7 @@ CVE-2021-21806 (An exploitable use-after-free vulnerability exists in WebKitGTK
 	- wpewebkit 2.30.6-1
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214
 CVE-2021-21805 (An OS Command Injection vulnerability exists in the ping.php script fu ...)
-	TODO: check
+	NOT-FOR-US: Advantech R-SeeNet
 CVE-2021-21804 (A local file inclusion (LFI) vulnerability exists in the options.php s ...)
 	NOT-FOR-US: Advantech R-SeeNet
 CVE-2021-21803 (This vulnerability is present in device_graph_page.php script, which i ...)
@@ -38939,9 +38939,9 @@ CVE-2021-21741
 CVE-2021-21740
 	RESERVED
 CVE-2021-21739 (A ZTE's product of the transport network access layer has a security v ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21738 (ZTE's big video business platform has two reflective cross-site script ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21737 (A smart STB product of ZTE is impacted by a permission and access cont ...)
 	NOT-FOR-US: ZTE
 CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and access c ...)
@@ -44532,9 +44532,9 @@ CVE-2021-20118
 CVE-2021-20117
 	RESERVED
 CVE-2021-20116 (A reflected cross-site scripting vulnerability exists in TCExam <=  ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2021-20115 (A reflected cross-site scripting vulnerability exists in TCExam <=  ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2021-20114 (When installed following the default/recommended settings, TCExam < ...)
 	NOT-FOR-US: TCExam
 CVE-2021-20113 (An exposure of sensitive information vulnerability exists in TCExam &l ...)
@@ -68044,7 +68044,7 @@ CVE-2020-22394 (In YzmCMS v5.5 the member contribution function in the editor co
 CVE-2020-22393
 	RESERVED
 CVE-2020-22392 (Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 w ...)
-	TODO: check
+	NOT-FOR-US: Subrion CMS
 CVE-2020-22391
 	RESERVED
 CVE-2020-22390 (Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fedc428132b4ba08c304f8370c09c9f8da22fc7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fedc428132b4ba08c304f8370c09c9f8da22fc7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210806/6c7f2c35/attachment.htm>


More information about the debian-security-tracker-commits mailing list