[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 9 08:30:53 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a4c266a8 by Salvatore Bonaccorso at 2021-12-09T09:30:31+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6857,7 +6857,7 @@ CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of
 	NOTE: https://github.com/tidwall/gjson/issues/236
 	NOTE: https://github.com/tidwall/gjson/issues/237
 CVE-2021-42835 (An issue was discovered in Plex Media Server through 1.24.4.5081-e362d ...)
-	TODO: check
+	NOT-FOR-US: Plex Media Server
 CVE-2021-42834
 	RESERVED
 CVE-2021-42833
@@ -9755,7 +9755,7 @@ CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS t
 CVE-2021-42111 (An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 fo ...)
 	NOT-FOR-US: RCDevs OpenOTP app
 CVE-2021-42110 (An issue was discovered in Allegro Windows (formerly Popsy Windows) be ...)
-	TODO: check
+	NOT-FOR-US: Allegro Windows
 CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
 	NOT-FOR-US: bookstack
 CVE-2021-3873
@@ -12419,7 +12419,7 @@ CVE-2021-41027 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1
 CVE-2021-41026
 	RESERVED
 CVE-2021-41025 (Multiple vulnerabilities in the authentication mechanism of confd in F ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-41024 (A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7 ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-41023 (A unprotected storage of credentials in Fortinet FortiSIEM Windows Age ...)
@@ -12435,7 +12435,7 @@ CVE-2021-41019 (An improper validation of certificate with host mismatch [CWE-29
 CVE-2021-41018
 	RESERVED
 CVE-2021-41017 (Multiple heap-based buffer overflow vulnerabilities in some web API co ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-41016
 	RESERVED
 CVE-2021-41015 (A improper neutralization of input during web page generation ('cross- ...)
@@ -12796,9 +12796,9 @@ CVE-2021-40863
 CVE-2021-40862 (HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoi ...)
 	NOT-FOR-US: HashiCorp Terraform Enterprise
 CVE-2021-40861 (A SQL Injection in the custom filter query component in Genesys intell ...)
-	TODO: check
+	NOT-FOR-US: Genesys
 CVE-2021-40860 (A SQL Injection in the custom filter query component in Genesys intell ...)
-	TODO: check
+	NOT-FOR-US: Genesys
 CVE-2021-40859 (Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B dev ...)
 	NOT-FOR-US: Auerswald
 CVE-2021-40858
@@ -24051,7 +24051,7 @@ CVE-2021-36197
 CVE-2021-36196
 	RESERVED
 CVE-2021-36195 (Multiple command injection vulnerabilities in the command line interpr ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-36194
 	RESERVED
 CVE-2021-36193
@@ -24095,7 +24095,7 @@ CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in Fo
 CVE-2021-36174 (A memory allocation with excessive size value vulnerability in the lic ...)
 	NOT-FOR-US: Fortiguard
 CVE-2021-36173 (A heap-based buffer overflow in the firmware signature verification fu ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-36172 (An improper restriction of XML external entity reference vulnerability ...)
 	NOT-FOR-US: Fortiguard
 CVE-2021-36171
@@ -59095,7 +59095,7 @@ CVE-2021-21959
 CVE-2021-21958
 	RESERVED
 CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...)
-	TODO: check
+	NOT-FOR-US: Dream Report ODS Remote Connector
 CVE-2021-21956
 	RESERVED
 CVE-2021-21955
@@ -59107,9 +59107,9 @@ CVE-2021-21953
 CVE-2021-21952
 	RESERVED
 CVE-2021-21951 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
-	TODO: check
+	NOT-FOR-US: Anker Eufy Homebase
 CVE-2021-21950 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
-	TODO: check
+	NOT-FOR-US: Anker Eufy Homebase
 CVE-2021-21949
 	RESERVED
 CVE-2021-21948
@@ -77670,7 +77670,7 @@ CVE-2020-27418
 CVE-2020-27417
 	RESERVED
 CVE-2020-27416 (Mahavitaran android application 7.50 and prior are affected by account ...)
-	TODO: check
+	NOT-FOR-US: Mahavitaran android application
 CVE-2020-27415
 	RESERVED
 CVE-2020-27414 (Mahavitaran android application 7.50 and prior transmit sensitive info ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4c266a85e99ace2cac059a166bba4ccd7701d5d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4c266a85e99ace2cac059a166bba4ccd7701d5d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211209/4be4809f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list