[Git][security-tracker-team/security-tracker][master] Process NFUs

Fri Dec 10 12:45:14 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14ccc8be by Salvatore Bonaccorso at 2021-12-10T13:44:47+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -796,7 +796,7 @@ CVE-2021-44516
 CVE-2021-44515
 	RESERVED
 CVE-2021-44514 (ManageEngine's OpUtils 12.5.556 and prior allow access to a few audit  ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine
 CVE-2021-44513 (Insecure creation of temporary directories in tmate-ssh-server 2.3.0 a ...)
 	- tmate-ssh-server <unfixed> (bug #1001225)
 	NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596
@@ -1162,7 +1162,7 @@ CVE-2021-44354
 CVE-2021-4034
 	RESERVED
 CVE-2021-4033 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: kimai2
 CVE-2019-25053
 	RESERVED
 CVE-2021-44353
@@ -2215,7 +2215,7 @@ CVE-2021-43984
 CVE-2021-43983
 	RESERVED
 CVE-2021-43982 (Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: Delta
 CVE-2021-43981
 	RESERVED
 CVE-2021-43980
@@ -2786,7 +2786,7 @@ CVE-2021-43813
 CVE-2021-43812
 	RESERVED
 CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neural Ma ...)
-	TODO: check
+	NOT-FOR-US: Sockeye
 CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...)
 	TODO: check
 CVE-2021-43809 (`Bundler` is a package for managing application dependencies in Ruby.  ...)
@@ -10995,13 +10995,13 @@ CVE-2021-41699
 CVE-2021-41698
 	RESERVED
 CVE-2021-41697 (A reflected Cross Site Scripting (XSS) vulnerability exists in Premium ...)
-	TODO: check
+	NOT-FOR-US: Premiumdatingscript
 CVE-2021-41696 (An authentication bypass (account takeover) vulnerability exists in Pr ...)
-	TODO: check
+	NOT-FOR-US: Premiumdatingscript
 CVE-2021-41695 (An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 v ...)
-	TODO: check
+	NOT-FOR-US: Premiumdatingscript
 CVE-2021-41694 (An Incorrect Access Control vulnerability exists in Premiumdatingscrip ...)
-	TODO: check
+	NOT-FOR-US: Premiumdatingscript
 CVE-2021-41693
 	RESERVED
 CVE-2021-41692
@@ -13613,7 +13613,7 @@ CVE-2021-40580
 CVE-2021-40579
 	RESERVED
 CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerability was  ...)
-	TODO: check
+	NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code
 CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
 	NOT-FOR-US: Sourcecodester
 CVE-2021-40576
@@ -23091,9 +23091,9 @@ CVE-2021-36722
 CVE-2021-36721
 	RESERVED
 CVE-2021-36720 (PineApp - Mail Secure - Attacker sending a request to :/blocking.php?u ...)
-	TODO: check
+	NOT-FOR-US: PineApp - Mail Secure
 CVE-2021-36719 (PineApp - Mail Secure - The attacker must be logged in as a user to th ...)
-	TODO: check
+	NOT-FOR-US: PineApp - Mail Secure
 CVE-2021-36718 (SYNEL - eharmonynew / Synel Reports - The attacker can log in to the s ...)
 	TODO: check
 CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal vulnerabi ...)
@@ -65561,25 +65561,25 @@ CVE-2021-20148
 CVE-2021-20147
 	RESERVED
 CVE-2021-20146 (An unprotected ssh private key exists on the Gryphon devices which cou ...)
-	TODO: check
+	NOT-FOR-US: Gryphon Tower routers
 CVE-2021-20145 (Gryphon Tower routers contain an unprotected openvpn configuration fil ...)
-	TODO: check
+	NOT-FOR-US: Gryphon Tower routers
 CVE-2021-20144 (An unauthenticated command injection vulnerability exists in the param ...)
-	TODO: check
+	NOT-FOR-US: Gryphon Tower routers
 CVE-2021-20143 (An unauthenticated command injection vulnerability exists in the param ...)
-	TODO: check
+	NOT-FOR-US: Gryphon Tower routers
 CVE-2021-20142 (An unauthenticated command injection vulnerability exists in the param ...)
-	TODO: check
+	NOT-FOR-US: Gryphon Tower routers
 CVE-2021-20141 (An unauthenticated command injection vulnerability exists in the param ...)
-	TODO: check
+	NOT-FOR-US: Gryphon Tower routers
 CVE-2021-20140 (An unauthenticated command injection vulnerability exists in the param ...)
-	TODO: check
+	NOT-FOR-US: Gryphon Tower routers
 CVE-2021-20139 (An unauthenticated command injection vulnerability exists in the param ...)
-	TODO: check
+	NOT-FOR-US: Gryphon Tower routers
 CVE-2021-20138 (An unauthenticated command injection vulnerability exists in multiple  ...)
-	TODO: check
+	NOT-FOR-US: Gryphon Tower routers
 CVE-2021-20137 (A reflected cross-site scripting vulnerability exists in the url param ...)
-	TODO: check
+	NOT-FOR-US: Gryphon Tower routers
 CVE-2021-20136 (ManageEngine Log360 Builds < 5235 are affected by an improper acces ...)
 	NOT-FOR-US: ManageEngine
 CVE-2021-20135 (Nessus versions 8.15.2 and earlier were found to contain a local privi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14ccc8bef21b1781b6ebc05a957c3c249b008739

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14ccc8bef21b1781b6ebc05a957c3c249b008739
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211210/e9eba10a/attachment.htm>
