[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 2 20:18:01 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29c8d074 by Salvatore Bonaccorso at 2021-12-02T21:17:35+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2021-44520
 CVE-2021-44519
 	RESERVED
 CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...)
-	TODO: check
+	NOT-FOR-US: eGeeTouch 3rd Generation Travel Padlock application for Android
 CVE-2021-44517
 	RESERVED
 CVE-2021-44516
@@ -35,9 +35,9 @@ CVE-2021-44513
 CVE-2021-44512
 	RESERVED
 CVE-2015-20106 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2015-20105 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not hav ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-44511
 	RESERVED
 CVE-2021-44510
@@ -1234,7 +1234,7 @@ CVE-2021-44052
 CVE-2021-44051
 	RESERVED
 CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...)
-	TODO: check
+	NOT-FOR-US: CA Network Flow Analysis (NFA)
 CVE-2021-44049
 	RESERVED
 CVE-2021-44048
@@ -2018,7 +2018,7 @@ CVE-2021-43797
 CVE-2021-43796
 	RESERVED
 CVE-2021-43795 (Armeria is an open source microservice framework. In affected versions ...)
-	TODO: check
+	NOT-FOR-US: Armeria
 CVE-2021-43794 (Discourse is an open source discussion platform. In affected versions  ...)
 	NOT-FOR-US: Discourse
 CVE-2021-43793 (Discourse is an open source discussion platform. In affected versions  ...)
@@ -3078,7 +3078,7 @@ CVE-2021-43688
 CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulne ...)
 	NOT-FOR-US: Chamilo-lms
 CVE-2021-43686 (nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: nZEDb
 CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...)
 	TODO: check
 CVE-2021-43684
@@ -3088,11 +3088,11 @@ CVE-2021-43683 (pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulne
 CVE-2021-43682 (thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site  ...)
 	TODO: check
 CVE-2021-43681 (SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulne ...)
-	TODO: check
+	NOT-FOR-US: SakuraPanel
 CVE-2021-43680
 	RESERVED
 CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...)
-	TODO: check
+	NOT-FOR-US: ecshop
 CVE-2021-43678
 	RESERVED
 CVE-2021-43677
@@ -3384,7 +3384,7 @@ CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of Input
 CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote attackers (fro ...)
 	NOT-FOR-US: Diffie Hellmann kex protocol issue
 CVE-2021-3944 (bookstack is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: bookstack
 CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
 	- moodle <removed>
 CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...)
@@ -13324,9 +13324,9 @@ CVE-2021-40336
 CVE-2021-40335
 	RESERVED
 CVE-2021-40334 (Missing Handler vulnerability in the proprietary management protocol ( ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2021-40333 (Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2021-40332
 	RESERVED
 CVE-2021-3759 [unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks]
@@ -15742,7 +15742,7 @@ CVE-2021-3727 (# Vulnerability in `rand-quote` and `hitokoto` plugins **Descript
 CVE-2021-3726 (# Vulnerability in `title` function **Description**: the `title` funct ...)
 	TODO: check
 CVE-2021-3725 (Vulnerability in dirhistory plugin Description: the widgets that go ba ...)
-	TODO: check
+	NOT-FOR-US: ohmyzsh
 CVE-2021-3724
 	RESERVED
 	NOT-FOR-US: Red Hat Serverless
@@ -46787,7 +46787,7 @@ CVE-2021-26779
 CVE-2021-26778
 	RESERVED
 CVE-2021-26777 (Buffer overflow vulnerability in function SetFirewall in index.cgi in  ...)
-	TODO: check
+	NOT-FOR-US: CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare
 CVE-2021-26776 (CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerabilit ...)
 	NOT-FOR-US: CSZ CMS
 CVE-2021-26775
@@ -48863,7 +48863,7 @@ CVE-2021-25969 (In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnera
 CVE-2021-25968 (In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a  ...)
 	NOT-FOR-US: OpenCMS
 CVE-2021-25967 (In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerab ...)
-	TODO: check
+	NOT-FOR-US: CKAN
 CVE-2021-25966 (In “Orchard core CMS” application, versions 1.0.0-beta1-33 ...)
 	NOT-FOR-US: Orchard CMS
 CVE-2021-25965 (In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site  ...)
@@ -55276,17 +55276,17 @@ CVE-2021-23265
 CVE-2021-23264 (Installations, where crafter-search is not protected, allow unauthenti ...)
 	TODO: check
 CVE-2021-23263 (Unauthenticated remote attackers can read textual content via FreeMark ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS
 CVE-2021-23262 (Authenticated administrators may modify the main YAML configuration fi ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS
 CVE-2021-23261 (Authenticated administrators may override the system configuration fil ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS
 CVE-2021-23260 (Authenticated users with Site roles may inject XSS scripts via file na ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS
 CVE-2021-23259 (Authenticated users with Administrator or Developer roles may execute  ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS
 CVE-2021-23258 (Authenticated users with Administrator or Developer roles may execute  ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS
 CVE-2021-23257
 	RESERVED
 CVE-2021-23256
@@ -76738,7 +76738,7 @@ CVE-2020-27416
 CVE-2020-27415
 	RESERVED
 CVE-2020-27414 (Mahavitaran android application 7.50 and prior transmit sensitive info ...)
-	TODO: check
+	NOT-FOR-US: Mahavitaran android application
 CVE-2020-27413
 	RESERVED
 CVE-2020-27412



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29c8d074560455b05410c3d9cb4f8a378654cfec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29c8d074560455b05410c3d9cb4f8a378654cfec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211202/a1db2a40/attachment.htm>

More information about the debian-security-tracker-commits mailing list