[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 24 08:52:13 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
799e7727 by Salvatore Bonaccorso at 2021-12-24T09:51:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2021-45472 (In MediaWiki through 1.37, XSS can occur in Wikibase because an
 CVE-2021-45471 (In MediaWiki through 1.37, blocked IP addresses are allowed to edit En ...)
 	TODO: check
 CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular express ...)
-	TODO: check
+	NOT-FOR-US: cve-search
 CVE-2021-4161
 	RESERVED
 CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...)
@@ -2763,7 +2763,7 @@ CVE-2021-26255
 CVE-2021-23189
 	RESERVED
 CVE-2021-23175 (NVIDIA GeForce Experience contains a vulnerability in user authorizati ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2021-23171
 	RESERVED
 CVE-2021-23170
@@ -3191,9 +3191,9 @@ CVE-2021-44602
 CVE-2021-44601
 	RESERVED
 CVE-2021-44600 (The password parameter on Simple Online Mens Salon Management System ( ...)
-	TODO: check
+	NOT-FOR-US: Simple Online Mens Salon Management System (MSMS)
 CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0 system a ...)
-	TODO: check
+	NOT-FOR-US: Online Enrollment Management System
 CVE-2021-44598
 	RESERVED
 CVE-2021-44597
@@ -3433,7 +3433,7 @@ CVE-2021-44528 [Possible Open Redirect in Host Authorization Middleware]
 CVE-2021-44527 (A vulnerability found in UniFi Switch firmware Version 5.43.35 and ear ...)
 	NOT-FOR-US: UniFi Switch firmware
 CVE-2021-44526 (Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication  ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-44525 (Zoho ManageEngine PAM360 before build 5303 allows attackers to modify  ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-44524 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
@@ -3464,7 +3464,7 @@ CVE-2021-4047
 	RESERVED
 	NOT-FOR-US: Red Hat OpenShift 4.9 incomplete fix for CVE-2021-39242
 CVE-2021-23198 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the passw ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2021-44521
 	RESERVED
 CVE-2021-4046
@@ -3637,7 +3637,7 @@ CVE-2021-23179
 CVE-2021-44464
 	RESERVED
 CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2021-44451
 	RESERVED
 CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All versions < ...)
@@ -4942,23 +4942,23 @@ CVE-2021-43991 (The Kentico Xperience CMS version 13.0 – 13.0.43 is vulner
 CVE-2021-43990
 	RESERVED
 CVE-2021-43989 (mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, wh ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2021-43988
 	RESERVED
 CVE-2021-43987 (An additional, nondocumented administrative account exists in mySCADA  ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2021-43986
 	RESERVED
 CVE-2021-43985 (An unauthenticated remote attacker can access mySCADA myPRO Versions 8 ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2021-43984 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmw ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2021-43983 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to mult ...)
 	NOT-FOR-US: WECON LeviStudioU
 CVE-2021-43982 (Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to ...)
 	NOT-FOR-US: Delta
 CVE-2021-43981 (mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2021-43980
 	RESERVED
 CVE-2021-43979 (** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0  ...)
@@ -50094,7 +50094,7 @@ CVE-2021-27009
 CVE-2021-27008
 	RESERVED
 CVE-2021-27007 (NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway i ...)
-	TODO: check
+	NOT-FOR-US: NetApp Virtual Desktop Service
 CVE-2021-27006 (StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11. ...)
 	TODO: check
 CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16,  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/799e7727b57f4273096b6cf3e9386d079baca326

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/799e7727b57f4273096b6cf3e9386d079baca326
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211224/6d5f7f11/attachment.htm>

More information about the debian-security-tracker-commits mailing list