[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 8 08:34:50 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ccb459a2 by Salvatore Bonaccorso at 2021-12-08T09:34:18+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,9 +23,9 @@ CVE-2021-44728
 CVE-2021-44727
 	RESERVED
 CVE-2021-44726 (KNIME Server before 4.13.4 allows XSS via the old WebPortal login page ...)
-	TODO: check
+	NOT-FOR-US: KNIME Server
 CVE-2021-44725 (KNIME Server before 4.13.4 allows directory traversal in a request for ...)
-	TODO: check
+	NOT-FOR-US: KNIME Server
 CVE-2021-44724
 	RESERVED
 CVE-2021-44723
@@ -1551,7 +1551,7 @@ CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent
 CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through  ...)
 	TODO: check
 CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...)
-	TODO: check
+	NOT-FOR-US: GL.iNet
 CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...)
 	NOT-FOR-US: Claris
 CVE-2021-44146
@@ -3741,9 +3741,9 @@ CVE-2021-43640
 CVE-2021-43639
 	RESERVED
 CVE-2021-43638 (Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL  ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler  ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2021-43636
 	RESERVED
 CVE-2021-43635
@@ -6418,19 +6418,19 @@ CVE-2021-43008
 CVE-2021-43007
 	RESERVED
 CVE-2021-43006 (AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOC ...)
-	TODO: check
+	NOT-FOR-US: AmZetta Amzetta zPortal DVM Tools
 CVE-2021-43005
 	RESERVED
 CVE-2021-43004
 	RESERVED
 CVE-2021-43003 (Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL ...)
-	TODO: check
+	NOT-FOR-US: Amzetta
 CVE-2021-43002 (Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handle ...)
-	TODO: check
+	NOT-FOR-US: Amzetta
 CVE-2021-43001
 	RESERVED
 CVE-2021-43000 (Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL  ...)
-	TODO: check
+	NOT-FOR-US: Amzetta
 CVE-2021-42999
 	RESERVED
 CVE-2021-42998
@@ -6444,19 +6444,19 @@ CVE-2021-42995
 CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the ...)
 	TODO: check
 CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x ...)
-	TODO: check
+	NOT-FOR-US: FlexiHub For Windows
 CVE-2021-42992
 	RESERVED
 CVE-2021-42991
 	RESERVED
 CVE-2021-42990 (FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x2 ...)
-	TODO: check
+	NOT-FOR-US: FlexiHub For Windows
 CVE-2021-42989
 	RESERVED
 CVE-2021-42988 (Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler  ...)
-	TODO: check
+	NOT-FOR-US: Eltima USB Network Gate
 CVE-2021-42987 (Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler ...)
-	TODO: check
+	NOT-FOR-US: Eltima USB Network Gate
 CVE-2021-42986 (NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Han ...)
 	TODO: check
 CVE-2021-42985
@@ -7141,21 +7141,21 @@ CVE-2021-42690
 CVE-2021-42689
 	RESERVED
 CVE-2021-42688 (An Integer Overflow vulnerability exists in Accops HyWorks Windows Cli ...)
-	TODO: check
+	NOT-FOR-US: Accops HyWorks Windows Client
 CVE-2021-42687 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...)
-	TODO: check
+	NOT-FOR-US: Accops HyWorks Windows Client
 CVE-2021-42686 (An Integer Overflow exists in Accops HyWorks Windows Client prior to v ...)
-	TODO: check
+	NOT-FOR-US: Accops HyWorks Windows Client
 CVE-2021-42685 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...)
-	TODO: check
+	NOT-FOR-US: Accops HyWorks DVM Tools
 CVE-2021-42684
 	RESERVED
 CVE-2021-42683 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...)
-	TODO: check
+	NOT-FOR-US: Accops HyWorks Windows Client
 CVE-2021-42682 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...)
-	TODO: check
+	NOT-FOR-US: Accops HyWorks DVM Tools
 CVE-2021-42681 (A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools pri ...)
-	TODO: check
+	NOT-FOR-US: Accops HyWorks DVM Tools
 CVE-2021-42680
 	RESERVED
 CVE-2021-42679
@@ -7388,7 +7388,7 @@ CVE-2021-42569
 CVE-2021-42568 (Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers  ...)
 	NOT-FOR-US: Sonatype
 CVE-2021-42567 (Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST ...)
-	TODO: check
+	NOT-FOR-US: Apereo CAS
 CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter. ...)
 	NOT-FOR-US: myfactory.FMS
 CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...)
@@ -11595,11 +11595,11 @@ CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow
 CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-41311 (Affected versions of Atlassian Jira Server and Data Center allow attac ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-41309 (Affected versions of Atlassian Jira Server and Data Center allow a use ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-41307 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
@@ -14128,7 +14128,7 @@ CVE-2021-40290
 CVE-2021-40289
 	RESERVED
 CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2021-40287
 	RESERVED
 CVE-2021-40286
@@ -17780,7 +17780,7 @@ CVE-2021-38761
 CVE-2021-38760
 	RESERVED
 CVE-2021-38759 (Raspberry Pi OS through 5.10 has the raspberry default password for th ...)
-	TODO: check
+	NOT-FOR-US: Raspberry Pi OS
 CVE-2021-38758 (Directory traversal vulnerability in Online Catering Reservation Syste ...)
 	NOT-FOR-US: Directory traversal in Online Catering Reservation System
 CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...)
@@ -77675,7 +77675,7 @@ CVE-2020-27358 (An issue was discovered in REDCap 8.11.6 through 9.x before 10.
 CVE-2020-27357
 	RESERVED
 CVE-2020-27356 (The debug-meta-data plugin 1.1.2 for WordPress allows XSS. ...)
-	TODO: check
+	NOT-FOR-US: debug-meta-data plugin for WordPress
 CVE-2020-27355
 	RESERVED
 CVE-2020-27354



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccb459a216cc68dd8dffef64ae0817ed4fe0576e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccb459a216cc68dd8dffef64ae0817ed4fe0576e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211208/57921d00/attachment.htm>


More information about the debian-security-tracker-commits mailing list