[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 15 16:36:15 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
97137f96 by Salvatore Bonaccorso at 2021-12-15T17:35:49+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3725,9 +3725,9 @@ CVE-2021-43831
 CVE-2021-43830 (OpenProject is a web-based project management software. OpenProject ve ...)
 	TODO: check
 CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating Security  ...)
-	TODO: check
+	NOT-FOR-US: PatrOwl
 CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating Security  ...)
-	TODO: check
+	NOT-FOR-US: PatrOwl
 CVE-2021-43827 (discourse-footnote is a library providing footnotes for posts in Disco ...)
 	TODO: check
 CVE-2021-43826
@@ -5862,9 +5862,9 @@ CVE-2021-43328
 CVE-2021-43327 (An issue was discovered on Renesas RX65 and RX65N devices. With a VCC  ...)
 	NOT-FOR-US: Renesas
 CVE-2021-43326 (Automox Agent before 32 on Windows incorrectly sets permissions on a t ...)
-	TODO: check
+	NOT-FOR-US: Automox Agent
 CVE-2021-43325 (Automox Agent 33 on Windows incorrectly sets permissions on a temporar ...)
-	TODO: check
+	NOT-FOR-US: Automox Agent
 CVE-2021-43324 (LibreNMS through 21.10.2 allows XSS via a widget title. ...)
 	NOT-FOR-US: LibreNMS
 CVE-2021-43323
@@ -7332,7 +7332,7 @@ CVE-2021-43115
 CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publis ...)
 	- fort-validator 1.5.2-1
 CVE-2021-43113 (iTextPDF in iText before 7.1.17 allows command injection via a Compare ...)
-	TODO: check
+	NOT-FOR-US: iText
 CVE-2021-43112
 	RESERVED
 CVE-2021-43111
@@ -7768,7 +7768,7 @@ CVE-2021-42947
 CVE-2021-42946
 	RESERVED
 CVE-2021-42945 (A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclass ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2021-42944
 	RESERVED
 CVE-2021-42943
@@ -11510,9 +11510,9 @@ CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box
 CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...)
 	NOT-FOR-US: Skyworth Digital Technology Penguin Aurora Box 41502
 CVE-2021-41871 (An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper  ...)
-	TODO: check
+	NOT-FOR-US: Socomec
 CVE-2021-41870 (An issue was discovered in the firmware update form in Socomec REMOTE  ...)
-	TODO: check
+	NOT-FOR-US: Socomec
 CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...)
@@ -11581,7 +11581,7 @@ CVE-2021-41846
 CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret Server ...)
 	NOT-FOR-US: ThycoticCentrify Secret Server
 CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate and sanit ...)
-	TODO: check
+	NOT-FOR-US: Crocoblock JetEngine
 CVE-2021-41843
 	RESERVED
 CVE-2021-41842
@@ -12302,7 +12302,7 @@ CVE-2021-41559
 CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL allows Proce ...)
 	NOT-FOR-US: set_user extension for Postgres
 CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site ...)
-	TODO: check
+	NOT-FOR-US: Sofico
 CVE-2021-41556
 	RESERVED
 CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a  ...)
@@ -19152,7 +19152,7 @@ CVE-2021-3707 (D-Link router DSL-2750U with firmware vME1.16 or prior versions i
 CVE-2021-38702 (Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 a ...)
 	NOT-FOR-US: Cyberoam NetGenie C0101B1-20141120-NG11VO devices
 CVE-2021-38701 (Certain Motorola Solutions Avigilon devices allow XSS in the administr ...)
-	TODO: check
+	NOT-FOR-US: Motorola Solutions Avigilon devices
 CVE-2021-38700
 	RESERVED
 CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashb ...)
@@ -29450,7 +29450,7 @@ CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use
 CVE-2021-34426 (A vulnerability was discovered in the Keybase Client for Windows befor ...)
 	TODO: check
 CVE-2021-34425 (The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, L ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2021-34424 (A vulnerability was discovered in the Zoom Client for Meetings (for An ...)
 	NOT-FOR-US: Zoom
 CVE-2021-34423 (A buffer overflow vulnerability was discovered in Zoom Client for Meet ...)
@@ -48759,7 +48759,7 @@ CVE-2021-26789
 CVE-2021-26788 (Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected b ...)
 	NOT-FOR-US: Oryx Embedded CycloneTCP
 CVE-2021-26787 (A cross site scripting (XSS) vulnerability in Genesys Workforce Manage ...)
-	TODO: check
+	NOT-FOR-US: Genesys Workforce Management
 CVE-2021-26786 (An issue was discoverered in in customercentric-selling-poland PlayTub ...)
 	NOT-FOR-US: PlayTube
 CVE-2021-26785
@@ -49362,7 +49362,7 @@ CVE-2021-3378 (FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sendi
 CVE-2021-3377 (The npm package ansi_up converts ANSI escape codes into HTML. In ansi_ ...)
 	- node-ansi-up 5.0.0+dfsg-1 (bug #984667)
 CVE-2021-3376 (An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allow ...)
-	TODO: check
+	NOT-FOR-US: Cuppa CMS
 CVE-2021-3375 (ActivePresenter 6.1.6 is affected by a memory corruption vulnerability ...)
 	NOT-FOR-US: ActivePresenter
 CVE-2021-3374 (Directory traversal in RStudio Shiny Server before 1.5.16 allows attac ...)
@@ -88036,7 +88036,7 @@ CVE-2020-23547
 CVE-2020-23546 (IrfanView 4.54 allows attackers to cause a denial of service or possib ...)
 	NOT-FOR-US: IrfanView
 CVE-2020-23545 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2020-23544
 	RESERVED
 CVE-2020-23543
@@ -97621,7 +97621,7 @@ CVE-2020-19044
 CVE-2020-19043
 	RESERVED
 CVE-2020-19042 (Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via  ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2020-19041
 	RESERVED
 CVE-2020-19040
@@ -145102,7 +145102,7 @@ CVE-2019-19140
 CVE-2019-19139
 	RESERVED
 CVE-2019-19138 (Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade  ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2019-19137
 	RESERVED
 CVE-2019-19136



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97137f96b549bcdb656c8e50284b865a970e0762

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97137f96b549bcdb656c8e50284b865a970e0762
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211215/ae0b4e06/attachment.htm>

More information about the debian-security-tracker-commits mailing list