[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Aug 16 21:01:22 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
270cbd7f by Moritz Muehlenhoff at 2021-08-16T22:01:02+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9809,7 +9809,7 @@ CVE-2021-34534 (Windows MSHTML Platform Remote Code Execution Vulnerability ...)
 CVE-2021-34533 (Windows Graphics Component Font Parsing Remote Code Execution Vulnerab ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-34532 (ASP.NET Core and Visual Studio Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-34531
 	RESERVED
 CVE-2021-34530 (Windows Graphics Component Remote Code Execution Vulnerability ...)
@@ -9903,7 +9903,7 @@ CVE-2021-34487 (Windows Event Tracing Elevation of Privilege Vulnerability This
 CVE-2021-34486 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-34485 (.NET Core and Visual Studio Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-34484 (Windows User Profile Service Elevation of Privilege Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-34483 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
@@ -11734,7 +11734,7 @@ CVE-2021-33701
 CVE-2021-33700
 	RESERVED
 CVE-2021-33699 (Task Hijacking is a vulnerability that affects the applications runnin ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2021-33698
 	RESERVED
 CVE-2021-33697
@@ -13821,7 +13821,7 @@ CVE-2021-32808 (ckeditor is an open source WYSIWYG HTML editor with rich content
 CVE-2021-32807 (The module `AccessControl` defines security policies for Python code u ...)
 	NOT-FOR-US: Zope AccessControl
 CVE-2021-32806 (Products.isurlinportal is a replacement for isURLInPortal method in Pl ...)
-	TODO: check
+	NOT-FOR-US: Plone
 CVE-2021-32805
 	RESERVED
 CVE-2021-32804 (The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4 ...)
@@ -29811,7 +29811,7 @@ CVE-2021-26425 (Windows Event Tracing Elevation of Privilege Vulnerability This
 CVE-2021-26424 (Windows TCP/IP Remote Code Execution Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-26423 (.NET Core and Visual Studio Denial of Service Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26422 (Skype for Business and Lync Remote Code Execution Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-26421 (Skype for Business and Lync Spoofing Vulnerability ...)
@@ -38027,7 +38027,7 @@ CVE-2021-22928 (A vulnerability has been identified in Citrix Virtual Apps and D
 CVE-2021-22927 (A session fixation vulnerability exists in Citrix ADC and Citrix Gatew ...)
 	NOT-FOR-US: Citrix
 CVE-2021-22926 (libcurl-using applications can ask for a specific client certificate t ...)
-	TODO: check
+	NOT-FOR-US: curl builds on MacOS
 CVE-2021-22925 (curl supports the `-t` command line option, known as `CURLOPT_TELNETOP ...)
 	- curl <not-affected> (Incomplete fix for CVE-2021-22898 not applied)
 	NOTE: https://curl.se/docs/CVE-2021-22925.html
@@ -45508,7 +45508,7 @@ CVE-2021-20333 (Sending specially crafted commands to a MongoDB Server may resul
 	[stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
 	NOTE: https://jira.mongodb.org/browse/SERVER-50605
 CVE-2021-20332 (Specific MongoDB Rust Driver versions can include credentials used by  ...)
-	TODO: check
+	NOT-FOR-US: MongoDB rust driver
 CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publish eve ...)
 	NOT-FOR-US: MongoDB C# Driver
 CVE-2021-20330
@@ -50108,7 +50108,7 @@ CVE-2021-1632
 CVE-2021-1631
 	RESERVED
 CVE-2021-1630 (XML external entity (XXE) vulnerability affecting certain versions of  ...)
-	TODO: check
+	NOT-FOR-US: Salesforce
 CVE-2021-1629 (Tableau Server fails to validate certain URLs that are embedded in ema ...)
 	NOT-FOR-US: Tableau Server
 CVE-2021-1628 (MuleSoft is aware of a XML External Entity (XXE) vulnerability affecti ...)
@@ -53213,7 +53213,7 @@ CVE-2021-1106 (NVIDIA Linux kernel distributions contain a vulnerability in nvma
 CVE-2021-1105
 	RESERVED
 CVE-2021-1104 (The RISC-V Instruction Set Manual contains a documented ambiguity for  ...)
-	TODO: check
+	NOT-FOR-US: RISC-V
 CVE-2021-1103 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
 	NOT-FOR-US: NVIDIA vGPU software
 CVE-2021-1102 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
@@ -69898,7 +69898,7 @@ CVE-2020-22405
 CVE-2020-22404
 	RESERVED
 CVE-2020-22403 (The express-cart package through 1.1.10 for Node.js allows CSRF. ...)
-	TODO: check
+	NOT-FOR-US: Node express-cart
 CVE-2020-22402
 	RESERVED
 CVE-2020-22401



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/270cbd7f6c6a253e47da19399c33b2d93b842d6b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/270cbd7f6c6a253e47da19399c33b2d93b842d6b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210816/a6a6d943/attachment.htm>

More information about the debian-security-tracker-commits mailing list