[Git][security-tracker-team/security-tracker][master] Associate some NFUs with the potential opennms source package

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 1 20:35:09 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e61b25b by Salvatore Bonaccorso at 2021-12-01T21:34:34+01:00
Associate some NFUs with the potential opennms source package

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46984,7 +46984,7 @@ CVE-2021-3398
 CVE-2021-3397
 	RESERVED
 CVE-2021-3396 (OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1 ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2021-26676 (gdhcp in ConnMan before 1.39 could be used by network-adjacent attacke ...)
 	{DSA-4847-1 DLA-2552-1}
 	- connman 1.36-2.1
@@ -48878,19 +48878,19 @@ CVE-2021-25937
 CVE-2021-25936
 	RESERVED
 CVE-2021-25935 (In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1 ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2021-25934 (In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1 ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2021-25932 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2021-25931 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2021-25930 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2021-25929 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through ...)
 	NOT-FOR-US: Node safe-obj
 CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 throug ...)
@@ -110941,7 +110941,7 @@ CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer over
 	[jessie] - imlib2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63
 CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2020-12759 (Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook ...)
 	- zulip-server <itp> (bug #800052)
 CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when configured wit ...)
@@ -113929,7 +113929,7 @@ CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names
 CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an  ...)
 	NOT-FOR-US: svg2png
 CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList. ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability wher ...)
 	NOT-FOR-US: WSO2 Enterprise Integrator
 CVE-2020-11884 (In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code exec ...)
@@ -144074,7 +144074,7 @@ CVE-2020-1654 (On Juniper Networks SRX Series with ICAP (Internet Content Adapta
 CVE-2020-1653 (On Juniper Networks Junos OS devices, a stream of TCP packets sent to  ...)
 	NOT-FOR-US: Juniper
 CVE-2020-1652 (OpenNMS is accessible via port 9443 ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2020-1651 (On Juniper Networks MX series, receipt of a stream of specific Layer 2 ...)
 	NOT-FOR-US: Juniper
 CVE-2020-1650 (On Juniper Networks Junos MX Series with service card configured, rece ...)
@@ -341257,7 +341257,7 @@ CVE-2015-7858 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows re
 CVE-2015-7857 (SQL injection vulnerability in the getListQuery function in administra ...)
 	NOT-FOR-US: Joomla!
 CVE-2015-7856 (OpenNMS has a default password of rtc for the rtc account, which makes ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2015-7855 (The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3 ...)
 	{DSA-3388-1 DLA-335-1}
 	- ntp 1:4.2.8p4+dfsg-1
@@ -378617,7 +378617,7 @@ CVE-2014-3962 (Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow r
 CVE-2014-3961 (SQL injection vulnerability in the Export CSV page in the Participants ...)
 	NOT-FOR-US: WordPress plugin Participants Database
 CVE-2014-3960 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before  ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2014-3980 (libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in ...)
 	- libfep <itp> (bug #658575)
 CVE-2014-3959 (Cross-site scripting (XSS) vulnerability in list.jsp in the Configurat ...)
@@ -467919,7 +467919,7 @@ CVE-2008-6097 (Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog b
 CVE-2008-6096 (Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS ...)
 	NOT-FOR-US: Juniper NetScreen ScreenOS
 CVE-2008-6095 (Cross-site scripting (XSS) vulnerability in surveillanceView.htm in Op ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2008-6094 (Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technol ...)
 	NOT-FOR-US: Celoxis Technologies Celoxis
 CVE-2008-6093 (SQL injection vulnerability in index.php in Noname CMS 1.0, when magic ...)
@@ -473431,7 +473431,7 @@ CVE-2008-4322 (Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin
 CVE-2008-4321 (Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FT ...)
 	NOT-FOR-US: FlashGet FTP
 CVE-2008-4320 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before  ...)
-	NOT-FOR-US: OpenNMS
+	- opennms <itp> (bug #450615)
 CVE-2008-4319 (fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18  ...)
 	NOT-FOR-US: Libra File Manager
 CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute arbitr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e61b25b7c272dd2be30ca68e1cabadf2c5d5396

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e61b25b7c272dd2be30ca68e1cabadf2c5d5396
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211201/0562627f/attachment.htm>

More information about the debian-security-tracker-commits mailing list