[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 17 10:00:28 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
739bfb0d by Salvatore Bonaccorso at 2021-12-17T11:00:01+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -79,7 +79,7 @@ CVE-2021-45094
 CVE-2021-45093
 	RESERVED
 CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...)
-	TODO: check
+	NOT-FOR-US: Thinfinity VirtualUI
 CVE-2021-45091
 	RESERVED
 CVE-2021-45090
@@ -126,11 +126,11 @@ CVE-2021-4124 (janus-gateway is vulnerable to Improper Neutralization of Input D
 	NOTE: https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d
 	NOTE: Issues only in janus-demos built from src:janus
 CVE-2021-4123 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: livehelperchat
 CVE-2021-4122
 	RESERVED
 CVE-2021-4121 (yetiforcecrm is vulnerable to Improper Neutralization of Input During  ...)
-	TODO: check
+	NOT-FOR-US: yetiforcecrm
 CVE-2021-23151
 	RESERVED
 CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel through 5. ...)
@@ -505,9 +505,9 @@ CVE-2021-45020
 CVE-2021-45019
 	RESERVED
 CVE-2021-45018 (Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0  ...)
-	TODO: check
+	NOT-FOR-US: CatFish (not same as src:catfish)
 CVE-2021-45017 (Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <= ...)
-	TODO: check
+	NOT-FOR-US: CatFish (not same as src:catfish)
 CVE-2021-45016
 	RESERVED
 CVE-2021-45015 (taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\inclu ...)
@@ -2314,7 +2314,7 @@ CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda
 CVE-2021-44351
 	RESERVED
 CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via  ...)
-	TODO: check
+	NOT-FOR-US: ThinkPHP5
 CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
 	NOT-FOR-US: TuziCMS
 CVE-2021-44348 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
@@ -3900,13 +3900,13 @@ CVE-2021-43838
 CVE-2021-43837
 	RESERVED
 CVE-2021-43836 (Sulu is an open-source PHP content management system based on the Symf ...)
-	TODO: check
+	NOT-FOR-US: Sulu
 CVE-2021-43835 (Sulu is an open-source PHP content management system based on the Symf ...)
-	TODO: check
+	NOT-FOR-US: Sulu
 CVE-2021-43834 (eLabFTW is an electronic lab notebook manager for research teams. In v ...)
-	TODO: check
+	NOT-FOR-US: eLabFTW
 CVE-2021-43833 (eLabFTW is an electronic lab notebook manager for research teams. In v ...)
-	TODO: check
+	NOT-FOR-US: eLabFTW
 CVE-2021-43832
 	RESERVED
 CVE-2021-43831 (Gradio is an open source framework for building interactive machine le ...)
@@ -3965,7 +3965,7 @@ CVE-2021-43808 (Laravel is a web application framework. Laravel prior to version
 CVE-2021-43807 (Opencast is an Open Source Lecture Capture & Video Management for  ...)
 	TODO: check
 CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceability of  ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
 	NOT-FOR-US: Solidus
 CVE-2021-43804
@@ -4024,7 +4024,7 @@ CVE-2021-43784 (runc is a CLI tool for spawning and running containers on Linux
 CVE-2021-43783 (@backstage/plugin-scaffolder-backend is the backend for the default Ba ...)
 	NOT-FOR-US: @backstage/plugin-scaffolder-backend
 CVE-2021-43782 (Tuleap is a Libre and Open Source tool for end to end traceability of  ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2021-43781 (Invenio-Drafts-Resources is a submission/deposit module for Invenio, a ...)
 	NOT-FOR-US: Invenio-Drafts-Resources
 CVE-2021-43780 (Redash is a package for data visualization and sharing. In versions 10 ...)
@@ -4934,9 +4934,9 @@ CVE-2022-21136
 CVE-2022-21131
 	RESERVED
 CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software suffers f ...)
 	NOT-FOR-US: iPack SCADA Automation
 CVE-2021-43745
@@ -13135,7 +13135,7 @@ CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing nec
 CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...)
 	NOT-FOR-US: Metabase
 CVE-2021-41276 (Tuleap is a Libre and Open Source tool for end to end traceability of  ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2021-41275 (spree_auth_devise is an open source library which provides authenticat ...)
 	NOT-FOR-US: spree_auth_devise
 CVE-2021-41274 (solidus_auth_devise provides authentication services for the Solidus w ...)
@@ -13143,7 +13143,7 @@ CVE-2021-41274 (solidus_auth_devise provides authentication services for the Sol
 CVE-2021-41273 (Pterodactyl is an open-source game server management panel built with  ...)
 	NOT-FOR-US: Pterodactyl
 CVE-2021-41272 (Besu is an Ethereum client written in Java. Starting in version 21.10. ...)
-	TODO: check
+	NOT-FOR-US: Hyperledger Besu
 CVE-2021-41271 (Discourse is a platform for community discussion. In affected versions ...)
 	NOT-FOR-US: Discourse
 CVE-2021-41270 (Symfony/Serializer handles serializing and deserializing data structur ...)
@@ -14205,7 +14205,7 @@ CVE-2021-40837
 CVE-2021-40836
 	RESERVED
 CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...)
-	TODO: check
+	NOT-FOR-US: Safe Browser for iOS
 CVE-2021-40834 (A user interface overlay vulnerability was discovered in F-secure SAFE ...)
 	NOT-FOR-US: F-secure
 CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
@@ -15803,9 +15803,9 @@ CVE-2021-40173 (Zoho ManageEngine Cloud Security Plus before Build 4117 allows a
 CVE-2021-40172 (Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on pro ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-40171 (The absence of notifications regarding an ongoing RF jamming attack in ...)
-	TODO: check
+	NOT-FOR-US: SecuritasHome home alarm system
 CVE-2021-40170 (An RF replay attack vulnerability in the SecuritasHome home alarm syst ...)
-	TODO: check
+	NOT-FOR-US: SecuritasHome home alarm system
 CVE-2021-40169
 	RESERVED
 CVE-2021-40168
@@ -27155,7 +27155,7 @@ CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an authentic
 CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming E ...)
 	NOT-FOR-US: Wowza Streaming Engine
 CVE-2021-35490 (Thruk 2.40-2 allows stored XSS. ...)
-	TODO: check
+	NOT-FOR-US: Thruk
 CVE-2021-35489 (Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTN ...)
 	NOT-FOR-US: Thruk
 CVE-2021-35488 (Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&titl ...)
@@ -43280,7 +43280,7 @@ CVE-2021-29115 (An information disclosure vulnerability in the ArcGIS Service Di
 CVE-2021-29114 (A SQL injection vulnerability in feature services provided by Esri Arc ...)
 	NOT-FOR-US: Esri ArcGIS
 CVE-2021-29113 (A remote file inclusion vulnerability in the ArcGIS Server help docume ...)
-	TODO: check
+	NOT-FOR-US: ArcGIS Server
 CVE-2021-29112
 	RESERVED
 CVE-2021-29111
@@ -46452,15 +46452,15 @@ CVE-2021-27861
 CVE-2021-27860 (A vulnerability in the web management interface of FatPipe WARP, IPVPN ...)
 	NOT-FOR-US: FatPipe
 CVE-2021-27859 (A missing authorization vulnerability in the web management interface  ...)
-	TODO: check
+	NOT-FOR-US: FatPipe
 CVE-2021-27858 (A missing authorization vulnerability in the web management interface  ...)
-	TODO: check
+	NOT-FOR-US: FatPipe
 CVE-2021-27857 (A missing authorization vulnerability in the web management interface  ...)
-	TODO: check
+	NOT-FOR-US: FatPipe
 CVE-2021-27856 (FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 ...)
-	TODO: check
+	NOT-FOR-US: FatPipe
 CVE-2021-27855 (FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 ...)
-	TODO: check
+	NOT-FOR-US: FatPipe
 CVE-2021-27854
 	RESERVED
 CVE-2021-27853
@@ -97820,9 +97820,9 @@ CVE-2020-18987
 CVE-2020-18986
 	RESERVED
 CVE-2020-18985 (An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboratio ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2020-18984 (A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmi ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2020-18983
 	RESERVED
 CVE-2020-18982 (Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAutho ...)
@@ -114915,7 +114915,7 @@ CVE-2020-12142 (1. IPSec UDP key material can be retrieved from machine-to-machi
 CVE-2020-12141 (An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier  ...)
 	NOT-FOR-US: SNMP stack in Contiki-NG
 CVE-2020-12140 (A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Co ...)
-	TODO: check
+	NOT-FOR-US: Contiki-NG
 CVE-2020-12139
 	RESERVED
 CVE-2020-12138 (AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/739bfb0d3f588d8e07084dc4e7497529758f637b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/739bfb0d3f588d8e07084dc4e7497529758f637b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211217/972927ae/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list