[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 10 20:25:00 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52414c92 by Salvatore Bonaccorso at 2021-12-10T21:24:45+01:00
Process some NFUs

- - - - -
5e71760a by Salvatore Bonaccorso at 2021-12-10T21:24:45+01:00
Add CVE-2021-43813 /grafana

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -135,13 +135,13 @@ CVE-2021-4086
 CVE-2021-4085
 	RESERVED
 CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2021-4083
 	RESERVED
 CVE-2021-4082 (pimcore is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2021-44758
 	RESERVED
 CVE-2021-44757
@@ -2829,7 +2829,7 @@ CVE-2021-43815
 CVE-2021-43814
 	RESERVED
 CVE-2021-43813 (Grafana is an open-source platform for monitoring and observability. G ...)
-	TODO: check
+	- grafana <removed>
 CVE-2021-43812
 	RESERVED
 CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neural Ma ...)
@@ -11228,7 +11228,7 @@ CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2.
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r
 	NOTE: Fixed by: http://www.squid-cache.org/Versions/v5/changesets/squid-5-533b4359f16cf9ed15a6d709a57a4b06e4222cfe.patch
 CVE-2021-3829 (openwhyd is vulnerable to URL Redirection to Untrusted Site ...)
-	TODO: check
+	NOT-FOR-US: openwhyd
 CVE-2021-41610
 	RESERVED
 CVE-2021-41609
@@ -13072,7 +13072,7 @@ CVE-2021-40836
 CVE-2021-40835
 	RESERVED
 CVE-2021-40834 (A user interface overlay vulnerability was discovered in F-secure SAFE ...)
-	TODO: check
+	NOT-FOR-US: F-secure
 CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
 	NOT-FOR-US: F-Secure
 CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
@@ -21984,11 +21984,11 @@ CVE-2021-37191 (A vulnerability has been identified in SINEMA Remote Connect Ser
 CVE-2021-37190 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
 	NOT-FOR-US: Siemens
 CVE-2021-37189 (An issue was discovered on Digi TransPort Gateway devices through 5.2. ...)
-	TODO: check
+	NOT-FOR-US: Digi TransPort Gateway devices
 CVE-2021-37188 (An issue was discovered on Digi TransPort devices through 2021-07-21.  ...)
-	TODO: check
+	NOT-FOR-US: Digi TransPort devices
 CVE-2021-37187 (An issue was discovered on Digi TransPort devices through 2021-07-21.  ...)
-	TODO: check
+	NOT-FOR-US: Digi TransPort devices
 CVE-2021-37186 (A vulnerability has been identified in LOGO! CMR2020 (All versions &lt ...)
 	NOT-FOR-US: Siemens
 CVE-2021-37185
@@ -22637,7 +22637,7 @@ CVE-2021-36913
 CVE-2021-36912
 	RESERVED
 CVE-2021-36911 (Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36910
 	RESERVED
 CVE-2021-36909 (Authenticated Database Reset vulnerability in WordPress WP Reset PRO P ...)
@@ -24928,7 +24928,7 @@ CVE-2021-35980
 CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0. The 'encry ...)
 	NOT-FOR-US: Digi RealPort
 CVE-2021-35978 (An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ...)
-	TODO: check
+	NOT-FOR-US: Digi TransPort devices
 CVE-2021-35977 (An issue was discovered in Digi RealPort for Windows through 4.8.488.0 ...)
 	NOT-FOR-US: Digi RealPort
 CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0 ...)
@@ -35378,11 +35378,11 @@ CVE-2021-31749
 CVE-2021-31748
 	RESERVED
 CVE-2021-31747 (Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in upd ...)
-	TODO: check
+	NOT-FOR-US: Pluck CMS
 CVE-2021-31746 (Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to ...)
-	TODO: check
+	NOT-FOR-US: Pluck CMS
 CVE-2021-31745 (Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15  ...)
-	TODO: check
+	NOT-FOR-US: Pluck CMS
 CVE-2021-31744
 	RESERVED
 CVE-2021-31743
@@ -41933,7 +41933,7 @@ CVE-2021-29216
 CVE-2021-29215
 	RESERVED
 CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...)
 	NOT-FOR-US: HPE
 CVE-2021-29212 (A remote unauthenticated directory traversal security vulnerability ha ...)
@@ -45011,9 +45011,9 @@ CVE-2021-27986
 CVE-2021-27985
 	RESERVED
 CVE-2021-27984 (In Pluck-4.7.15 admin background a remote command execution vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Pluck CMS
 CVE-2021-27983 (Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 ...)
-	TODO: check
+	NOT-FOR-US: MaxSite CMS
 CVE-2021-27982
 	RESERVED
 CVE-2021-27981



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5fbadc4ed96d4188a185d21dc979aaa529f77691...5e71760a052a3953c90bca4a81152f541fe04e56

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5fbadc4ed96d4188a185d21dc979aaa529f77691...5e71760a052a3953c90bca4a81152f541fe04e56
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211210/af59204b/attachment.htm>

More information about the debian-security-tracker-commits mailing list