[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 22 20:27:24 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
545ef007 by Salvatore Bonaccorso at 2021-12-22T21:26:57+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 1 ...)
-	TODO: check
+	NOT-FOR-US: FreePBX
 CVE-2021-45460
 	RESERVED
 CVE-2021-4157
@@ -539,9 +539,9 @@ CVE-2021-45421
 CVE-2021-45420
 	RESERVED
 CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Validation. ...)
-	TODO: check
+	NOT-FOR-US: Nova 360 Cabinet
 CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via  ...)
-	TODO: check
+	NOT-FOR-US: Nova 360 Cabinet
 CVE-2021-45417
 	RESERVED
 CVE-2021-45416
@@ -1660,9 +1660,9 @@ CVE-2021-45044
 CVE-2021-44768
 	RESERVED
 CVE-2021-44544 (DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-sit ...)
-	TODO: check
+	NOT-FOR-US: DIAEnergie
 CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site  ...)
-	TODO: check
+	NOT-FOR-US: DIAEnergie
 CVE-2021-4119 (bookstack is vulnerable to Improper Access Control ...)
 	NOT-FOR-US: bookstack
 CVE-2021-4118
@@ -1683,9 +1683,9 @@ CVE-2021-4112
 CVE-2021-4111 (yetiforcecrm is vulnerable to Business Logic Errors ...)
 	NOT-FOR-US: yetiforcecrm
 CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site  ...)
-	TODO: check
+	NOT-FOR-US: DIAEnergie
 CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross- ...)
-	TODO: check
+	NOT-FOR-US: DIAEnergie
 CVE-2022-21933
 	RESERVED
 CVE-2022-21932
@@ -2975,7 +2975,7 @@ CVE-2021-44661
 CVE-2021-44660
 	RESERVED
 CVE-2021-44659 (Adding a new pipeline in GoCD server version 21.3.0 has a functionalit ...)
-	TODO: check
+	NOT-FOR-US: GoCD server
 CVE-2021-44658
 	RESERVED
 CVE-2021-44657 (In StackStorm versions prior to 3.6.0, the jinja interpreter was not r ...)
@@ -4757,13 +4757,13 @@ CVE-2021-44033 (In Ionic Identity Vault before 5.0.5, the protection mechanism f
 CVE-2021-44032
 	RESERVED
 CVE-2021-44031 (An issue was discovered in Quest KACE Desktop Authority before 11.2. / ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE Desktop Authority
 CVE-2021-44030 (Quest KACE Desktop Authority before 11.2 allows XSS because it does no ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE Desktop Authority
 CVE-2021-44029 (An issue was discovered in Quest KACE Desktop Authority before 11.2. T ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE Desktop Authority
 CVE-2021-44028 (XXE can occur in Quest KACE Desktop Authority before 11.2 because the  ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE Desktop Authority
 CVE-2021-44027
 	RESERVED
 CVE-2021-44024
@@ -5370,7 +5370,7 @@ CVE-2021-43853
 CVE-2021-43852
 	RESERVED
 CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
-	TODO: check
+	NOT-FOR-US: Anuko Time Tracker
 CVE-2021-43850
 	RESERVED
 CVE-2021-43849
@@ -5384,7 +5384,7 @@ CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-
 CVE-2021-43845
 	RESERVED
 CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets, weather, a ...)
-	TODO: check
+	NOT-FOR-US: MSEdgeRedirect
 CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block kit s ...)
 	TODO: check
 CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...)
@@ -6671,13 +6671,13 @@ CVE-2021-43633
 CVE-2021-43632
 	RESERVED
 CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
-	TODO: check
+	NOT-FOR-US: Projectworlds Hospital Management System
 CVE-2021-43630 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
-	TODO: check
+	NOT-FOR-US: Projectworlds Hospital Management System
 CVE-2021-43629 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
-	TODO: check
+	NOT-FOR-US: Projectworlds Hospital Management System
 CVE-2021-43628 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
-	TODO: check
+	NOT-FOR-US: Projectworlds Hospital Management System
 CVE-2021-43627
 	RESERVED
 CVE-2021-43626
@@ -8955,13 +8955,13 @@ CVE-2021-43160
 CVE-2021-43159
 	RESERVED
 CVE-2021-43158 (In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: ProjectWorlds Online Shopping System PHP
 CVE-2021-43157 (Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL inj ...)
-	TODO: check
+	NOT-FOR-US: ProjectWorlds Online Shopping System PHP
 CVE-2021-43156 (In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in adm ...)
-	TODO: check
+	NOT-FOR-US: ProjectWorlds Online Book Store PHP
 CVE-2021-43155 (Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: ProjectWorlds Online Book Store PHP
 CVE-2021-43154
 	RESERVED
 CVE-2021-43153
@@ -9779,7 +9779,7 @@ CVE-2021-42811
 CVE-2021-42810
 	RESERVED
 CVE-2021-42809 (Improper Access Control of Dynamically-Managed Code Resources (DLL) in ...)
-	TODO: check
+	NOT-FOR-US: ThalesThales Sentinel Protection Installer
 CVE-2021-42808 (Improper Access Control in Thales Sentinel Protection Installer could  ...)
 	NOT-FOR-US: Thales Sentinel Protection Installer
 CVE-2021-42807
@@ -15740,7 +15740,7 @@ CVE-2021-40838
 CVE-2021-40837
 	RESERVED
 CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...)
 	NOT-FOR-US: Safe Browser for iOS
 CVE-2021-40834 (A user interface overlay vulnerability was discovered in F-secure SAFE ...)
@@ -16270,7 +16270,7 @@ CVE-2021-40614
 CVE-2021-40613
 	RESERVED
 CVE-2021-40612 (An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without au ...)
-	TODO: check
+	NOT-FOR-US: Opmantek Open-AudIT
 CVE-2021-40611
 	RESERVED
 CVE-2021-40610
@@ -22030,7 +22030,7 @@ CVE-2021-38246
 CVE-2021-38245
 	RESERVED
 CVE-2021-38244 (A regular expression denial of service (ReDoS) vulnerability exits in  ...)
-	TODO: check
+	NOT-FOR-US: cbioportal
 CVE-2021-38243
 	RESERVED
 CVE-2021-38242
@@ -25340,9 +25340,9 @@ CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading t
 CVE-2021-36887 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36886 (Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36885 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36884 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability disc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36883
@@ -25717,7 +25717,7 @@ CVE-2021-36752
 CVE-2021-36751
 	RESERVED
 CVE-2021-36750 (ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used i ...)
-	TODO: check
+	NOT-FOR-US: ENC
 CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for reading dat ...)
 	- druid <itp> (bug #825797)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1
@@ -62072,9 +62072,9 @@ CVE-2021-21955 (An authentication bypass vulnerability exists in the get_aes_key
 CVE-2021-21954 (A command execution vulnerability exists in the wifi_country_code_upda ...)
 	NOT-FOR-US: Anker Eufy Homebase
 CVE-2021-21953 (An authentication bypass vulnerability exists in the process_msg() fun ...)
-	TODO: check
+	NOT-FOR-US: Anker Eufy Homebase 2
 CVE-2021-21952 (An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RS ...)
-	TODO: check
+	NOT-FOR-US: Anker Eufy Homebase 2
 CVE-2021-21951 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
 	NOT-FOR-US: Anker Eufy Homebase
 CVE-2021-21950 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
@@ -62154,11 +62154,11 @@ CVE-2021-21914
 CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi Smart Mesh  ...)
 	NOT-FOR-US: D-LINK
 CVE-2021-21912 (A privilege escalation vulnerability exists in the Windows version of  ...)
-	TODO: check
+	NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
 CVE-2021-21911 (A privilege escalation vulnerability exists in the Windows version of  ...)
-	TODO: check
+	NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
 CVE-2021-21910 (A privilege escalation vulnerability exists in the Windows version of  ...)
-	TODO: check
+	NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
 CVE-2021-21909 (Specially-crafted command line arguments can lead to arbitrary file de ...)
 	TODO: check
 CVE-2021-21908 (Specially-crafted command line arguments can lead to arbitrary file de ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/545ef00786580cc1cba425e84e4ef8cd73fc7568

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/545ef00786580cc1cba425e84e4ef8cd73fc7568
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211222/93eb3a09/attachment.htm>

More information about the debian-security-tracker-commits mailing list