[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 1 20:32:41 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3d8d5212 by Salvatore Bonaccorso at 2021-12-01T21:31:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,9 +61,9 @@ CVE-2021-44482
 CVE-2021-44481
 	RESERVED
 CVE-2021-44480 (Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who ...)
-	TODO: check
+	NOT-FOR-US: Wokka Lokka Q50 devices
 CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted wlength  ...)
-	TODO: check
+	NOT-FOR-US: NXP Kinetis K82 devices
 CVE-2021-44478
 	RESERVED
 CVE-2021-4038
@@ -489,13 +489,13 @@ CVE-2021-44282
 CVE-2021-44281
 	RESERVED
 CVE-2021-44280 (attendance management system 1.0 is affected by a SQL injection vulner ...)
-	TODO: check
+	NOT-FOR-US: attendance management system
 CVE-2021-44279 (Librenms 21.11.0 is affected by is affected by a Cross Site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2021-44278
 	RESERVED
 CVE-2021-44277 (Librenms 21.11.0 is affected by is affected by a Cross Site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2021-44276
 	RESERVED
 CVE-2021-44275
@@ -791,9 +791,9 @@ CVE-2021-44208
 CVE-2021-44207
 	RESERVED
 CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web  ...)
-	TODO: check
+	NOT-FOR-US: snipe-it
 CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: showdoc
 CVE-2021-44206
 	RESERVED
 CVE-2021-44205
@@ -819,7 +819,7 @@ CVE-2021-44196
 CVE-2021-4016
 	RESERVED
 CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: firefly-iii
 CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-4014
@@ -1113,11 +1113,11 @@ CVE-2021-3996
 CVE-2021-3995
 	RESERVED
 CVE-2021-3994 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
-	TODO: check
+	NOT-FOR-US: django-helpdesk
 CVE-2021-3993 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: showdoc
 CVE-2021-3992 (kimai2 is vulnerable to Improper Access Control ...)
-	TODO: check
+	NOT-FOR-US: kimai2
 CVE-2021-44078
 	RESERVED
 CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP  ...)
@@ -1125,9 +1125,9 @@ CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plu
 CVE-2021-3991
 	RESERVED
 CVE-2021-3990 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
-	TODO: check
+	NOT-FOR-US: showdoc
 CVE-2021-3989 (showdoc is vulnerable to URL Redirection to Untrusted Site ...)
-	TODO: check
+	NOT-FOR-US: showdoc
 CVE-2021-3988
 	RESERVED
 CVE-2021-3987
@@ -1207,11 +1207,11 @@ CVE-2021-44042
 CVE-2021-44041
 	RESERVED
 CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...)
-	TODO: check
+	NOT-FOR-US: kimai2
 CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	TODO: check
 CVE-2021-3983 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...)
-	TODO: check
+	NOT-FOR-US: kimai2
 CVE-2022-21742
 	RESERVED
 CVE-2021-44040
@@ -3021,13 +3021,13 @@ CVE-2021-43692 (youtube-php-mirroring (last update Jun 9, 2017) is affected by a
 CVE-2021-43691 (tripexpress v1.1 is affected by a path manipulation vulnerability in f ...)
 	NOT-FOR-US: tripexpress
 CVE-2021-43690 (YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: YurunProxy
 CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by is affected by a Cros ...)
 	TODO: check
 CVE-2021-43688
 	RESERVED
 CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulne ...)
-	TODO: check
+	NOT-FOR-US: Chamilo-lms
 CVE-2021-43686
 	RESERVED
 CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...)
@@ -3650,7 +3650,7 @@ CVE-2021-43453
 CVE-2021-43452
 	RESERVED
 CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee Record Manag ...)
-	TODO: check
+	NOT-FOR-US: PHPGURUKUL
 CVE-2021-43450
 	RESERVED
 CVE-2021-43449



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d8d5212de4a053cc2322d735576ce0450c858b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d8d5212de4a053cc2322d735576ce0450c858b9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211201/40efc338/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list