[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 21 08:24:33 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c90855d4 by Salvatore Bonaccorso at 2021-12-21T09:24:04+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4867,7 +4867,7 @@ CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets, weat
 CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block kit s ...)
 	TODO: check
 CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...)
-	TODO: check
+	NOT-FOR-US: Wiki.js
 CVE-2021-43841
 	RESERVED
 CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In  ...)
@@ -5857,7 +5857,7 @@ CVE-2021-43765
 CVE-2021-43764
 	RESERVED
 CVE-2021-43763 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43762
 	RESERVED
 CVE-2021-43761
@@ -5883,15 +5883,15 @@ CVE-2021-43752
 CVE-2021-43751
 	RESERVED
 CVE-2021-43750 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43749 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43748 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43747 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43746 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During Web  ...)
 	NOT-FOR-US: snipe-it
 CVE-2022-21216
@@ -6763,13 +6763,13 @@ CVE-2021-43443
 CVE-2021-43442
 	RESERVED
 CVE-2021-43441 (An HTML Injection Vulnerability in iOrder 1.0 allows the remote attack ...)
-	TODO: check
+	NOT-FOR-US: iOrder
 CVE-2021-43440 (Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 a ...)
 	NOT-FOR-US: iOrder
 CVE-2021-43439 (RCE in Add Review Function in iResturant 1.0 Allows remote attacker to ...)
-	TODO: check
+	NOT-FOR-US: iResturant
 CVE-2021-43438 (Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to  ...)
-	TODO: check
+	NOT-FOR-US: iResturant
 CVE-2021-43437 (In sourcecodetester Engineers Online Portal as of 10-21-21, an attacke ...)
 	TODO: check
 CVE-2021-43436
@@ -8775,25 +8775,25 @@ CVE-2021-43032 (In XenForo through 2.2.7, a threat actor with access to the admi
 CVE-2021-43031
 	RESERVED
 CVE-2021-43030 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43029 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43028 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43027
 	RESERVED
 CVE-2021-43026 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43025 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43024 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43023 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43022 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43021 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43020
 	RESERVED
 CVE-2021-43019 (Adobe Creative Cloud version 5.5 (and earlier) are affected by a privi ...)
@@ -9260,7 +9260,7 @@ CVE-2021-42810
 CVE-2021-42809 (Improper Access Control of Dynamically-Managed Code Resources (DLL) in ...)
 	TODO: check
 CVE-2021-42808 (Improper Access Control in Thales Sentinel Protection Installer could  ...)
-	TODO: check
+	NOT-FOR-US: Thales Sentinel Protection Installer
 CVE-2021-42807
 	RESERVED
 CVE-2021-42806
@@ -12403,7 +12403,7 @@ CVE-2021-3862
 CVE-2021-3861
 	RESERVED
 CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...)
-	TODO: check
+	NOT-FOR-US: JFrog Artifactory
 CVE-2021-3859
 	RESERVED
 CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the Linux  ...)
@@ -15376,9 +15376,9 @@ CVE-2021-40786
 CVE-2021-40785
 	RESERVED
 CVE-2021-40784 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40783 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40782
 	RESERVED
 CVE-2021-40781
@@ -21083,11 +21083,11 @@ CVE-2021-38423
 CVE-2021-38422 (Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive  ...)
 	NOT-FOR-US: Delta Electronics DIALink
 CVE-2021-38421 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
-	TODO: check
+	NOT-FOR-US: Fuji Electric
 CVE-2021-38420 (Delta Electronics DIALink versions 1.2.4.0 and prior default permissio ...)
 	NOT-FOR-US: Delta Electronics DIALink
 CVE-2021-38419 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
-	TODO: check
+	NOT-FOR-US: Fuji Electric
 CVE-2021-38418 (Delta Electronics DIALink versions 1.2.4.0 and prior runs by default o ...)
 	NOT-FOR-US: Delta Electronics DIALink
 CVE-2021-38417
@@ -21095,11 +21095,11 @@ CVE-2021-38417
 CVE-2021-38416 (Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads  ...)
 	NOT-FOR-US: Delta Electronics DIALink
 CVE-2021-38415 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
-	TODO: check
+	NOT-FOR-US: Fuji Electric
 CVE-2021-38414
 	RESERVED
 CVE-2021-38413 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
-	TODO: check
+	NOT-FOR-US: Fuji Electric
 CVE-2021-38412 (Properly formatted POST requests to multiple resources on the HTTP and ...)
 	NOT-FOR-US: Digi PortServer TS
 CVE-2021-38411 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to  ...)
@@ -21107,7 +21107,7 @@ CVE-2021-38411 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerab
 CVE-2021-38410
 	RESERVED
 CVE-2021-38409 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
-	TODO: check
+	NOT-FOR-US: Fuji Electric
 CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAccess Ver ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2021-38407 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to  ...)
@@ -21123,7 +21123,7 @@ CVE-2021-38403 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerab
 CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
 	NOT-FOR-US: Delta Electronic
 CVE-2021-38401 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
-	TODO: check
+	NOT-FOR-US: Fuji Electric
 CVE-2021-38400 (An attacker with physical access to Boston Scientific Zoom Latitude Mo ...)
 	NOT-FOR-US: Boston Scientific Zoom Latitude Model 3120
 CVE-2021-38399
@@ -24817,7 +24817,7 @@ CVE-2021-36889 (Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnera
 CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading to full ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36887 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36886
 	RESERVED
 CVE-2021-36885
@@ -61287,9 +61287,9 @@ CVE-2021-22059
 CVE-2021-22058
 	RESERVED
 CVE-2021-22057 (VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an aut ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-22056 (VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity M ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-22055
 	RESERVED
 CVE-2021-22054 (VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 pr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c90855d4f7caaba318ac892b0a7ff812748933eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c90855d4f7caaba318ac892b0a7ff812748933eb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211221/0d241baf/attachment.htm>

More information about the debian-security-tracker-commits mailing list