[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Dec 13 15:04:45 GMT 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04d38433 by Moritz Muehlenhoff at 2021-12-13T16:04:19+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...)
-	TODO: check
+	NOT-FOR-US: CLI for Amazon AWS OpenSearch
 CVE-2021-4103
 	RESERVED
 CVE-2021-44832
@@ -107,7 +107,7 @@ CVE-2021-4099
 CVE-2021-4098
 	RESERVED
 CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Sequence ...)
-	TODO: check
+	NOT-FOR-US: phpservermon
 CVE-2021-4096
 	RESERVED
 CVE-2022-21822
@@ -159,7 +159,7 @@ CVE-2021-4093
 	NOTE: https://git.kernel.org/linus/95e16b4792b0429f1933872f743410f00e590c55 (5.15-rc7)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584
 CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: yetiforcecrm
 CVE-2021-4091
 	RESERVED
 CVE-2021-4090 [Overflow of bmval[bmlen-1] in nfsd4_decode_bitmap function]
@@ -965,7 +965,7 @@ CVE-2021-44517
 CVE-2021-44516
 	RESERVED
 CVE-2021-44515 (Zoho ManageEngine Desktop Central is vulnerable to authentication bypa ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine
 CVE-2021-44514 (OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles a ...)
 	NOT-FOR-US: ManageEngine
 CVE-2021-44513 (Insecure creation of temporary directories in tmate-ssh-server 2.3.0 a ...)
@@ -2963,7 +2963,7 @@ CVE-2021-43812
 CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neural Ma ...)
 	NOT-FOR-US: Sockeye
 CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...)
-	TODO: check
+	NOT-FOR-US: Admidio
 CVE-2021-43809 (`Bundler` is a package for managing application dependencies in Ruby.  ...)
 	TODO: check
 CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...)
@@ -2979,7 +2979,7 @@ CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails
 CVE-2021-43804
 	RESERVED
 CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12.0.5 o ...)
-	TODO: check
+	NOT-FOR-US: next.js
 CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...)
 	TODO: check
 CVE-2021-43801
@@ -6859,11 +6859,11 @@ CVE-2021-42998
 CVE-2021-42997
 	RESERVED
 CVE-2021-42996 (Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in th ...)
-	TODO: check
+	NOT-FOR-US: Donglify
 CVE-2021-42995
 	RESERVED
 CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the ...)
-	TODO: check
+	NOT-FOR-US: Donglify
 CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x ...)
 	NOT-FOR-US: FlexiHub For Windows
 CVE-2021-42992
@@ -12209,7 +12209,7 @@ CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter noteb
 	NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7
 	NOTE: https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
 CVE-2021-41246 (Express OpenID Connect is express JS middleware implementing sign on f ...)
-	TODO: check
+	NOT-FOR-US: Express OpenID Connect
 CVE-2021-41245
 	RESERVED
 CVE-2021-41244 (Grafana is an open-source platform for monitoring and observability. I ...)
@@ -12592,7 +12592,7 @@ CVE-2021-41091 (Moby is an open-source project created by Docker to enable softw
 	NOTE: https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
 	NOTE: https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
 CVE-2021-41090 (Grafana Agent is a telemetry collector for sending metrics, logs, and  ...)
-	TODO: check
+	NOT-FOR-US: Grafana Agent
 CVE-2021-41089 (Moby is an open-source project created by Docker to enable software co ...)
 	- docker.io 20.10.10+dfsg1-1
 	[bullseye] - docker.io <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04d3843308d5d78611feac624775d90c00c49c48

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04d3843308d5d78611feac624775d90c00c49c48
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211213/8042eb17/attachment.htm>


More information about the debian-security-tracker-commits mailing list