[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 10 21:28:04 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38bb7891 by Salvatore Bonaccorso at 2021-08-10T22:27:38+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10689,7 +10689,7 @@ CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active Workspa
 CVE-2021-33708
 	RESERVED
 CVE-2021-33707 (SAP NetWeaver Knowledge Management allows remote attackers to redirect ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-33706 (Due to improper input validation in InfraBox, logs can be modified by  ...)
 	TODO: check
 CVE-2021-33705
@@ -20659,7 +20659,7 @@ CVE-2021-29741 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to explo
 CVE-2021-29740 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 sys ...)
 	NOT-FOR-US: IBM
 CVE-2021-29739 (IBM Planning Analytics Local 2.0 could allow a remote attacker to obta ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-29738
 	RESERVED
 CVE-2021-29737
@@ -39963,9 +39963,9 @@ CVE-2021-21603 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not esca
 CVE-2021-21602 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbi ...)
 	- jenkins <removed>
 CVE-2021-21601 (Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and p ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2021-21600 (Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource co ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2021-21599
 	RESERVED
 CVE-2021-21598 (Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive  ...)
@@ -44360,7 +44360,7 @@ CVE-2021-20351 (IBM Engineering products are vulnerable to cross-site scripting.
 CVE-2021-20350 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
 	NOT-FOR-US: IBM
 CVE-2021-20349 (IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-bas ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-20348 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...)
 	NOT-FOR-US: IBM
 CVE-2021-20347 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...)
@@ -187298,15 +187298,15 @@ CVE-2018-17867 (The Port Forwarding functionality on DASAN H660GW devices allows
 CVE-2018-17866 (Multiple cross-site scripting (XSS) vulnerabilities in includes/core/u ...)
 	NOT-FOR-US: "Ultimate Member - User Profile & Membership" plugin for WordPress
 CVE-2018-17865 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2018-17864
 	RESERVED
 CVE-2018-17863
 	RESERVED
 CVE-2018-17862 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2018-17861 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2018-17860 (Cloudera CDH has Insecure Permissions because ALL cannot be revoked.Th ...)
 	NOT-FOR-US: Cloudera
 CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks in ...)
@@ -321854,7 +321854,7 @@ CVE-2015-7733
 CVE-2015-7732 (The Avira Mobile Security app before 1.5.11 for iOS sends sensitive lo ...)
 	NOT-FOR-US: Avira Mobile Security app
 CVE-2015-7731 (SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2015-7730 (SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and Bus ...)
 	NOT-FOR-US: SAP BusinessObjects
 CVE-2015-7729 (Eval injection in test-net.xsjs in the Web-based Development Workbench ...)
@@ -338160,9 +338160,9 @@ CVE-2015-2076 (The Auditing service in SAP BusinessObjects Edge 4.0 allows remot
 CVE-2015-2075 (SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit e ...)
 	NOT-FOR-US: SAP
 CVE-2015-2074 (The File Repository Server (FRS) CORBA listener in SAP BussinessObject ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2015-2073 (The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObject ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2015-2072 (Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1. ...)
 	NOT-FOR-US: SAP
 CVE-2015-2071 (Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouc ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38bb7891449098818072107ae8b56cd753988511

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38bb7891449098818072107ae8b56cd753988511
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210810/d3c08afe/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list