[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 10 21:47:23 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
439592c1 by Salvatore Bonaccorso at 2021-06-10T22:46:57+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2591,7 +2591,7 @@ CVE-2021-33395
 CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does not gener ...)
 	NOT-FOR-US: Cubecart
 CVE-2021-33393 (lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/bac ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2021-33392
 	RESERVED
 CVE-2021-33391
@@ -3424,7 +3424,7 @@ CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has
 CVE-2021-33032
 	RESERVED
 CVE-2021-33031 (In LabCup before <v2_next_18022, it is possible to use the save API ...)
-	TODO: check
+	NOT-FOR-US: LabCup
 CVE-2021-33030
 	RESERVED
 CVE-2021-33029
@@ -5763,7 +5763,7 @@ CVE-2021-32017
 CVE-2021-32016
 	RESERVED
 CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated mal ...)
-	TODO: check
+	NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware
 CVE-2021-32014
 	RESERVED
 CVE-2021-32013
@@ -5893,9 +5893,9 @@ CVE-2021-31962 (Kerberos AppContainer Security Feature Bypass Vulnerability ...)
 CVE-2021-31961
 	RESERVED
 CVE-2021-31960 (Windows Bind Filter Driver Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-31959 (Scripting Engine Memory Corruption Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-31958 (Windows NTLM Elevation of Privilege Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-31957 (ASP.NET Denial of Service Vulnerability ...)
@@ -5955,11 +5955,11 @@ CVE-2021-31931
 CVE-2021-31930 (Persistent cross-site scripting (XSS) in the web interface of Concerto ...)
 	NOT-FOR-US: Concerto
 CVE-2021-31929 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any auth ...)
-	TODO: check
+	NOT-FOR-US: Annex Cloud Loyalty Experience Platform
 CVE-2021-31928 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any auth ...)
-	TODO: check
+	NOT-FOR-US: Annex Cloud Loyalty Experience Platform
 CVE-2021-31927 (An Insecure Direct Object Reference (IDOR) vulnerability in Annex Clou ...)
-	TODO: check
+	NOT-FOR-US: Annex Cloud Loyalty Experience Platform
 CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1. ...)
 	NOT-FOR-US: CubeCoders AMP
 CVE-2021-31925
@@ -6242,9 +6242,9 @@ CVE-2021-31842
 CVE-2021-31841
 	RESERVED
 CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic link l ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2021-31839 (Improper privilege management vulnerability in McAfee Agent for Window ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2021-31838
 	RESERVED
 CVE-2021-31837 (Memory corruption vulnerability in the driver file component in McAfee ...)
@@ -6742,9 +6742,9 @@ CVE-2021-31661
 CVE-2021-31660
 	RESERVED
 CVE-2021-31659 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is v ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2021-31658 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is a ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2021-31657
 	RESERVED
 CVE-2021-31656
@@ -7489,13 +7489,13 @@ CVE-2021-31345
 CVE-2021-31344
 	RESERVED
 CVE-2021-31343 (The jutil.dll library in all versions of Solid Edge SE2020 before 2020 ...)
-	TODO: check
+	NOT-FOR-US: Solid Edge
 CVE-2021-31342 (The ugeom2d.dll library in all versions of Solid Edge SE2020 before 20 ...)
-	TODO: check
+	NOT-FOR-US: Solid Edge
 CVE-2021-31341 (Uploading a table mapping using a manipulated XML file results in an e ...)
 	NOT-FOR-US: Mendix Database Replication
 CVE-2021-31340 (A vulnerability has been identified in SIMATIC RF166C (All versions &g ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-31339 (A vulnerability has been identified in Mendix Excel Importer Module (A ...)
 	NOT-FOR-US: Mendix Excel Importer Module
 CVE-2021-31338
@@ -7806,11 +7806,11 @@ CVE-2021-31203
 CVE-2021-31202
 	RESERVED
 CVE-2021-31201 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-31200 (Common Utilities Remote Code Execution Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-31199 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-31198 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-31197
@@ -10393,7 +10393,7 @@ CVE-2021-30135
 CVE-2021-30134
 	RESERVED
 CVE-2021-30133 (A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, C ...)
-	TODO: check
+	NOT-FOR-US: CloverDX
 CVE-2021-30132
 	RESERVED
 CVE-2021-30131
@@ -10697,7 +10697,7 @@ CVE-2021-29997 (An issue was discovered in Wind River VxWorks 7 before 21.03. A
 CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command execution. ...)
 	NOT-FOR-US: marktext
 CVE-2021-29995 (A Cross Site Request Forgery (CSRF) issue in Server Console in CloverD ...)
-	TODO: check
+	NOT-FOR-US: CloverDX
 CVE-2021-29994
 	RESERVED
 CVE-2021-29993
@@ -13033,7 +13033,7 @@ CVE-2021-29051 (Cross-site scripting (XSS) vulnerability in the Asset module's A
 CVE-2021-29050
 	RESERVED
 CVE-2021-29049 (Cross-site scripting (XSS) vulnerability in the Portal Workflow module ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2021-29048 (Cross-site scripting (XSS) vulnerability in the Layout module's page a ...)
 	NOT-FOR-US: Liferay
 CVE-2021-29047 (The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Li ...)
@@ -16964,7 +16964,7 @@ CVE-2021-3413 (A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azur
 CVE-2021-3412 (It was found that all versions of 3Scale developer portal lacked brute ...)
 	NOT-FOR-US: Red Hat 3scale API Management
 CVE-2021-27399 (A vulnerability has been identified in Simcenter Femap 2020.2 (All ver ...)
-	TODO: check
+	NOT-FOR-US: Simcenter (Siemens)
 CVE-2021-27398 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
 	NOT-FOR-US: Tecnomatix Plant Simulation
 CVE-2021-27397 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
@@ -16988,7 +16988,7 @@ CVE-2021-27389 (A vulnerability has been identified in Opcenter Quality (All ver
 CVE-2021-27388
 	RESERVED
 CVE-2021-27387 (A vulnerability has been identified in Simcenter Femap 2020.2 (All ver ...)
-	TODO: check
+	NOT-FOR-US: Simcenter (Siemens)
 CVE-2021-27386 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
 	NOT-FOR-US: Siemens
 CVE-2021-27385 (A remote attacker could send specially crafted packets to a SmartVNC d ...)
@@ -19202,13 +19202,13 @@ CVE-2021-26476 (EPrints 3.4.2 allows remote attackers to execute OS commands via
 CVE-2021-26475 (EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal ...)
 	NOT-FOR-US: EPrints
 CVE-2021-26474 (Vembu BDR Suite before 4.2.0 allows Unauthenticated SSRF via a GET req ...)
-	TODO: check
+	NOT-FOR-US: Vembu BDR Suite
 CVE-2021-26473 (Vembu BDR Suite before 4.2.0 allows Unauthenticated file write via a G ...)
-	TODO: check
+	NOT-FOR-US: Vembu BDR Suite
 CVE-2021-26472 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execut ...)
-	TODO: check
+	NOT-FOR-US: Vembu BDR Suite
 CVE-2021-26471 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execut ...)
-	TODO: check
+	NOT-FOR-US: Vembu BDR Suite
 CVE-2021-26470
 	RESERVED
 CVE-2021-26469
@@ -19310,7 +19310,7 @@ CVE-2021-26422 (Skype for Business and Lync Remote Code Execution Vulnerability
 CVE-2021-26421 (Skype for Business and Lync Spoofing Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-26420 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26419 (Scripting Engine Memory Corruption Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-26418 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
@@ -19322,7 +19322,7 @@ CVE-2021-26416 (Windows Hyper-V Denial of Service Vulnerability ...)
 CVE-2021-26415 (Windows Installer Elevation of Privilege Vulnerability This CVE ID is  ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-26414 (Windows DCOM Server Security Feature Bypass ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26413 (Windows Installer Spoofing Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-26412 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
@@ -21305,7 +21305,7 @@ CVE-2021-3197 (An issue was discovered in SaltStack Salt before 3002.5. The salt
 	- salt 3002.5+dfsg1-1 (bug #983632)
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2021-3196 (An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 t ...)
-	TODO: check
+	NOT-FOR-US: Hitachi ID Bravura Security Fabric
 CVE-2021-3195 (** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a ne ...)
 	NOTE: Disputed Bitcoin issue
 	NOTE: https://github.com/bitcoin/bitcoin/issues/20866
@@ -25458,11 +25458,11 @@ CVE-2021-23856
 CVE-2021-23855
 	RESERVED
 CVE-2021-23854 (An error in the handling of a page parameter in Bosch IP cameras may l ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2021-23853 (In Bosch IP cameras, improper validation of the HTTP header allows an  ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2021-23852 (An authenticated attacker with administrator rights Bosch IP cameras c ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2021-23851
 	RESERVED
 CVE-2021-23850
@@ -25470,9 +25470,9 @@ CVE-2021-23850
 CVE-2021-23849
 	RESERVED
 CVE-2021-23848 (An error in the URL handler Bosch IP cameras may lead to a reflected c ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2021-23847 (A Missing Authentication in Critical Function in Bosch IP cameras allo ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2021-23846
 	RESERVED
 CVE-2021-23845
@@ -26960,11 +26960,11 @@ CVE-2021-3043
 CVE-2021-3042
 	RESERVED
 CVE-2021-3041 (A local privilege escalation vulnerability exists in the Palo Alto Net ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2021-3040 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2021-3039 (An information exposure through log file vulnerability exists in the P ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2021-3038 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2021-3037 (An information exposure through log file vulnerability exists in Palo  ...)
@@ -30085,9 +30085,9 @@ CVE-2021-21738
 CVE-2021-21737
 	RESERVED
 CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and access c ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21735 (A ZTE product has an information leak vulnerability. Due to improper p ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21734 (Some PON MDU devices of ZTE stored sensitive information in plaintext, ...)
 	NOT-FOR-US: ZTE
 CVE-2021-21733 (The management system of ZXCDN is impacted by the information leak vul ...)
@@ -33965,9 +33965,9 @@ CVE-2021-20733
 CVE-2021-20732 (The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 an ...)
 	TODO: check
 CVE-2021-20731 (WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver ...)
-	TODO: check
+	NOT-FOR-US: WSR-1166DHP3 firmware
 CVE-2021-20730 (Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.1 ...)
-	TODO: check
+	NOT-FOR-US: WSR-1166DHP3 firmware
 CVE-2021-20729
 	RESERVED
 CVE-2021-20728 (Improper access control vulnerability in goo blog App for Android ver. ...)
@@ -35674,7 +35674,7 @@ CVE-2021-20083 (Improperly Controlled Modification of Object Prototype Attribute
 CVE-2021-20082
 	RESERVED
 CVE-2021-20081 (Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus  ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2021-20080 (Insufficient output sanitization in ManageEngine ServiceDesk Plus befo ...)
 	NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2021-20079
@@ -39138,7 +39138,7 @@ CVE-2021-1677 (Azure Active Directory Pod Identity Spoofing Vulnerability ...)
 CVE-2021-1676 (Windows NT Lan Manager Datagram Receiver Driver Information Disclosure ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-1675 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-1674 (Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerabi ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-1673 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
@@ -46754,13 +46754,13 @@ CVE-2021-0136
 CVE-2021-0135
 	RESERVED
 CVE-2021-0134 (Improper input validation in an API for the Intel(R) Security Library  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0133 (Key exchange without entity authentication in the Intel(R) Security Li ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0132 (Missing release of resource after effective lifetime in an API for the ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0131 (Use of cryptographically weak pseudo-random number generator (PRNG) in ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0130
 	RESERVED
 CVE-2021-0129 (Improper access control in BlueZ may allow an authenticated user to po ...)
@@ -46800,9 +46800,9 @@ CVE-2021-0115
 CVE-2021-0114
 	RESERVED
 CVE-2021-0113 (Out of bounds write in the BMC firmware for Intel(R) Server Board M10J ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows before  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0111
 	RESERVED
 CVE-2021-0110
@@ -46810,21 +46810,21 @@ CVE-2021-0110
 CVE-2021-0109 (Insecure inherited permissions for the Intel(R) SOC driver package for ...)
 	NOT-FOR-US: Intel
 CVE-2021-0108 (Uncontrolled search path in the Intel Unite(R) Client for Windows befo ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0107
 	RESERVED
 CVE-2021-0106 (Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0105 (Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi d ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0104 (Uncontrolled search path element in the installer for the Intel(R) Rap ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0103
 	RESERVED
 CVE-2021-0102 (Insecure inherited permissions in the Intel Unite(R) Client for Window ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0101 (Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0100 (Incorrect default permissions in the installer for the Intel(R) SSD Da ...)
 	TODO: check
 CVE-2021-0099



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/439592c1706b6e790bfa739fc4eae787d547ebbd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/439592c1706b6e790bfa739fc4eae787d547ebbd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210610/9c8b89dd/attachment.htm>


More information about the debian-security-tracker-commits mailing list