[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 28 20:20:10 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d276f87 by Salvatore Bonaccorso at 2021-12-28T21:19:42+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2021-45905 (OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. ..
 CVE-2021-45904 (OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. ...)
 	NOT-FOR-US: OpenWrt
 CVE-2021-45903 (A persistent cross-site scripting (XSS) issue in the web interface of  ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2021-45902
 	RESERVED
 CVE-2021-45901
@@ -217,11 +217,11 @@ CVE-2021-45816
 CVE-2021-45815
 	RESERVED
 CVE-2021-45814 (Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attack ...)
-	TODO: check
+	NOT-FOR-US: Nettmp NNT
 CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vu ...)
-	TODO: check
+	NOT-FOR-US: SLICAN WebCTI
 CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site  ...)
-	TODO: check
+	NOT-FOR-US: NUUO Network Video Recorder NVRsolo
 CVE-2021-45811
 	RESERVED
 CVE-2021-45810
@@ -383,7 +383,7 @@ CVE-2021-45733
 CVE-2021-4180
 	RESERVED
 CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
-	TODO: check
+	NOT-FOR-US: livehelperchat
 CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for Rust. The it ...)
 	TODO: check
 CVE-2021-45719 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
@@ -483,7 +483,7 @@ CVE-2021-44460
 CVE-2021-4178
 	RESERVED
 CVE-2021-4177 (livehelperchat is vulnerable to Generation of Error Message Containing ...)
-	TODO: check
+	NOT-FOR-US: livehelperchat
 CVE-2021-4176
 	RESERVED
 CVE-2021-4175
@@ -999,7 +999,7 @@ CVE-2021-45471 (In MediaWiki through 1.37, blocked IP addresses are allowed to e
 CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular express ...)
 	NOT-FOR-US: cve-search
 CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
@@ -1586,7 +1586,7 @@ CVE-2021-45427
 CVE-2021-45426
 	RESERVED
 CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 an ...)
-	TODO: check
+	NOT-FOR-US: SAFARI Montage
 CVE-2021-45424
 	RESERVED
 CVE-2021-45423
@@ -8009,23 +8009,23 @@ CVE-2021-3941
 CVE-2021-3940
 	RESERVED
 CVE-2021-43556 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a s ...)
-	TODO: check
+	NOT-FOR-US: FATEK WinProladder
 CVE-2021-43555 (mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validat ...)
 	NOT-FOR-US: mySCADA myDESIGNER
 CVE-2021-43554 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an  ...)
-	TODO: check
+	NOT-FOR-US: FATEK WinProladder
 CVE-2021-43553 (PI Vision could disclose information to a user with insufficient privi ...)
 	NOT-FOR-US: OSIsoft
 CVE-2021-43552 (The use of a hard-coded cryptographic key significantly increases the  ...)
-	TODO: check
+	NOT-FOR-US: Philips
 CVE-2021-43551 (A remote attacker with write access to PI Vision could inject code int ...)
 	NOT-FOR-US: OSIsoft
 CVE-2021-43550 (The use of a broken or risky cryptographic algorithm is an unnecessary ...)
-	TODO: check
+	NOT-FOR-US: Philips
 CVE-2021-43549 (A remote authenticated attacker with write access to a PI Server could ...)
 	NOT-FOR-US: OSIsoft
 CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives ...)
-	TODO: check
+	NOT-FOR-US: Philips
 CVE-2021-43547
 	RESERVED
 CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...)
@@ -11397,7 +11397,7 @@ CVE-2021-42585
 CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before ...)
 	NOT-FOR-US: Convos-Chat
 CVE-2021-42583 (A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy  ...)
-	TODO: check
+	NOT-FOR-US: Max Mazurov Maddy
 CVE-2021-42582
 	RESERVED
 CVE-2021-42581
@@ -17442,7 +17442,7 @@ CVE-2021-40581
 CVE-2021-40580
 	RESERVED
 CVE-2021-40579 (https://www.sourcecodester.com/ Online Enrollment Management System in ...)
-	TODO: check
+	NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code
 CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerability was  ...)
 	NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code
 CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
@@ -30900,9 +30900,9 @@ CVE-2021-35034
 CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, ...)
 	NOT-FOR-US: Zyxel
 CVE-2021-35032 (A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2021-35031 (A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XG ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2021-35030 (A vulnerability was found in the CGI program in Zyxel GS1900-8 firmwar ...)
 	NOT-FOR-US: Zyxel
 CVE-2021-35029 (An authentication bypasss vulnerability in the web-based management in ...)
@@ -35702,7 +35702,7 @@ CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta Electronics
 CVE-2021-33018
 	RESERVED
 CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.0 ...)
-	TODO: check
+	NOT-FOR-US: Philips
 CVE-2021-33016
 	RESERVED
 CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
@@ -35750,7 +35750,7 @@ CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation
 CVE-2021-32994
 	RESERVED
 CVE-2021-32993 (IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded ...)
-	TODO: check
+	NOT-FOR-US: Philips
 CVE-2021-32992 (FATEK Automation WinProladder Versions 3.30 and prior do not properly  ...)
 	NOT-FOR-US: FATEK Automation WinProladder
 CVE-2021-32991 (Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to  ...)
@@ -60315,7 +60315,7 @@ CVE-2021-3097
 CVE-2021-3096
 	RESERVED
 CVE-2021-3095 (A remote attacker with write access to PI Vision could inject code int ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft
 CVE-2021-3094
 	RESERVED
 CVE-2021-3093
@@ -60325,7 +60325,7 @@ CVE-2021-3092
 CVE-2021-3091
 	RESERVED
 CVE-2021-3090 (PI Vision could disclose information to a user with insufficient privi ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft
 CVE-2021-3089
 	RESERVED
 CVE-2021-3088
@@ -95911,9 +95911,9 @@ CVE-2020-21239
 CVE-2020-21238 (An issue in the user login box of CSCMS v4.0 allows attackers to hijac ...)
 	TODO: check
 CVE-2020-21237 (An issue in the user login box of LJCMS v1.11 allows attackers to hija ...)
-	TODO: check
+	NOT-FOR-US: LJCMS
 CVE-2020-21236 (A vulnerability in /damicms-master/admin.php?s=/Article/doedit of Dami ...)
-	TODO: check
+	NOT-FOR-US: DamiCMS
 CVE-2020-21235
 	RESERVED
 CVE-2020-21234
@@ -96507,17 +96507,17 @@ CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Micro
 CVE-2020-20949 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 crypt ...)
 	NOT-FOR-US: STM32 cryptographic firmware library
 CVE-2020-20948 (An arbitrary file download vulnerability in jeecg v3.8 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: jeecg
 CVE-2020-20947
 	RESERVED
 CVE-2020-20946 (Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Qibosoft
 CVE-2020-20945 (A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&amp ...)
-	TODO: check
+	NOT-FOR-US: Qibosoft
 CVE-2020-20944 (An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 a ...)
-	TODO: check
+	NOT-FOR-US: Qibosoft
 CVE-2020-20943 (A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&am ...)
-	TODO: check
+	NOT-FOR-US: Qibosoft
 CVE-2020-20942
 	RESERVED
 CVE-2020-20941
@@ -140158,7 +140158,7 @@ CVE-2019-20084
 CVE-2019-20083
 	RESERVED
 CVE-2019-20082 (ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2019-20081
 	RESERVED
 CVE-2019-20080
@@ -212139,7 +212139,7 @@ CVE-2018-17877 (A lottery smart contract implementation for Greedy 599, an Ether
 CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0 version o ...)
 	NOT-FOR-US: Coaster CMS
 CVE-2018-17875 (A remote code execution issue in the ping command on Poly Trio 8800 5. ...)
-	TODO: check
+	NOT-FOR-US: Poly Trio 8800 devices
 CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
 	NOT-FOR-US: ExpressionEngine
 CVE-2018-17873 (An incorrect access control vulnerability in the FTP configuration of  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d276f87ce2ff1ba27626aa3734fcf570235cc87

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d276f87ce2ff1ba27626aa3734fcf570235cc87
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211228/b05b109b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list