[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 31 21:40:53 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
972fe81c by Salvatore Bonaccorso at 2021-08-31T22:40:29+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2163,7 +2163,7 @@ CVE-2021-39318
 CVE-2021-39317
 	RESERVED
 CVE-2021-39316 (The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-39315
 	RESERVED
 CVE-2021-39314
@@ -2545,7 +2545,7 @@ CVE-2021-39182
 CVE-2021-39181
 	RESERVED
 CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A path trave ...)
-	TODO: check
+	NOT-FOR-US: OpenOLAT
 CVE-2021-39179
 	RESERVED
 CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 and 1 ...)
@@ -11542,15 +11542,15 @@ CVE-2021-35225
 CVE-2021-35224
 	RESERVED
 CVE-2021-35223 (The Serv-U File Server allows for events such as user login failures t ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-35222 (This vulnerability allows attackers to impersonate users and perform a ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-35221 (Improper Access Control Tampering Vulnerability using ImportAlert func ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-35220 (Command Injection vulnerability in EmailWebPage API which can lead to  ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-35219 (ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-35218
 	RESERVED
 CVE-2021-35217
@@ -11562,9 +11562,9 @@ CVE-2021-35215
 CVE-2021-35214
 	RESERVED
 CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability was disc ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-35212 (An SQL injection Privilege Escalation Vulnerability was discovered in  ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-35211 (Microsoft discovered a remote code execution (RCE) vulnerability in th ...)
 	NOT-FOR-US: SolarWinds
 CVE-2020-36394 (pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux- ...)
@@ -12973,13 +12973,13 @@ CVE-2021-34583
 CVE-2021-34582
 	RESERVED
 CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2021-34580
 	RESERVED
 CVE-2021-34579
 	RESERVED
 CVE-2021-34578 (This vulnerability allows an attacker who has access to the WBM to rea ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2021-34577
 	RESERVED
 CVE-2021-34576
@@ -13005,19 +13005,19 @@ CVE-2021-34567
 CVE-2021-34566
 	RESERVED
 CVE-2021-34565 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telne ...)
-	TODO: check
+	NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-34564 (Any cookie-stealing vulnerabilities within the application or browser  ...)
-	TODO: check
+	NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-34563 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly att ...)
-	TODO: check
+	NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-34562 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject a ...)
-	TODO: check
+	NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-34561 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists ...)
-	TODO: check
+	NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-34560 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a pa ...)
-	TODO: check
+	NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may  ...)
-	TODO: check
+	NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-3596
 	RESERVED
 CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP network ...)
@@ -15406,7 +15406,7 @@ CVE-2021-33557 (An XSS issue was discovered in manage_custom_field_edit_page.php
 CVE-2021-33556
 	RESERVED
 CVE-2021-33555 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename paramet ...)
-	TODO: check
+	NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-33554
 	RESERVED
 CVE-2021-33553
@@ -30251,7 +30251,7 @@ CVE-2021-27670 (Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonpreques
 CVE-2021-27669
 	RESERVED
 CVE-2021-27668 (HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of lic ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2021-27667
 	RESERVED
 CVE-2021-27666
@@ -41362,9 +41362,9 @@ CVE-2021-22946
 CVE-2021-22945
 	RESERVED
 CVE-2021-22944 (A vulnerability found in UniFi Protect application V1.18.1 and earlier ...)
-	TODO: check
+	NOT-FOR-US: UniFi Protect application
 CVE-2021-22943 (A vulnerability found in UniFi Protect application V1.18.1 and earlier ...)
-	TODO: check
+	NOT-FOR-US: UniFi Protect application
 CVE-2021-22942 [ossible Open Redirect in Host Authorization Middleware]
 	RESERVED
 	- rails <unfixed> (bug #992586)
@@ -44136,7 +44136,7 @@ CVE-2021-21813 (Within the function HandleFileArg the argument filepattern is un
 CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the command-line ...)
 	NOT-FOR-US: Xmill (AT&T Labs)
 CVE-2021-21811 (A memory corruption vulnerability exists in the XML-parsing CreateLabe ...)
-	TODO: check
+	NOT-FOR-US: Xmill (AT&T Labs)
 CVE-2021-21810 (A memory corruption vulnerability exists in the XML-parsing ParseAttri ...)
 	NOT-FOR-US: AT&T Labs Xmill
 CVE-2021-21809 (A command execution vulnerability exists in the default legacy spellch ...)
@@ -80417,13 +80417,13 @@ CVE-2020-19051
 CVE-2020-19050
 	RESERVED
 CVE-2020-19049 (Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to  ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2020-19048 (Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to  ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2020-19047 (Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatck ...)
-	TODO: check
+	NOT-FOR-US: iWebShop
 CVE-2020-19046 (Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to ex ...)
-	TODO: check
+	NOT-FOR-US: S-CMS
 CVE-2020-19045
 	RESERVED
 CVE-2020-19044



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/972fe81cf9f41dd0f54016439f294b3d020d3dd6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/972fe81cf9f41dd0f54016439f294b3d020d3dd6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210831/b1407a43/attachment.htm>

More information about the debian-security-tracker-commits mailing list