[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 1 20:51:24 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4c83d3e by Salvatore Bonaccorso at 2021-11-01T21:51:00+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -185,7 +185,7 @@ CVE-2021-43084
 CVE-2021-3916
 	RESERVED
 CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-43083
 	RESERVED
 CVE-2021-43082
@@ -193,9 +193,9 @@ CVE-2021-43082
 CVE-2021-3915
 	RESERVED
 CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-43081
 	RESERVED
 CVE-2021-43080
@@ -341,11 +341,11 @@ CVE-2021-3907
 CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous  ...)
 	NOT-FOR-US: bookstack
 CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not have p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2015-20019 (The Content text slider on post WordPress plugin before 6.9 does not s ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-43032
 	RESERVED
 CVE-2021-43031
@@ -400,7 +400,7 @@ CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
 	NOTE: PoC crashes starting with https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8 (v8.2.0149)
 CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-43010
 	RESERVED
 CVE-2021-43009
@@ -1381,7 +1381,7 @@ CVE-2021-42559
 CVE-2021-42558
 	RESERVED
 CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...)
-	TODO: check
+	NOT-FOR-US: Jeedom
 CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...)
 	NOT-FOR-US: Rasa X
 CVE-2021-42555
@@ -3961,7 +3961,7 @@ CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 CVE-2021-3857
 	RESERVED
 CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
-	TODO: check
+	NOT-FOR-US: Apache MINA
 CVE-2021-41972
 	RESERVED
 CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...)
@@ -11290,7 +11290,7 @@ CVE-2021-38849
 CVE-2021-38848
 	RESERVED
 CVE-2021-38847 (S-Cart v6.4.1 and below was discovered to contain an arbitrary file up ...)
-	TODO: check
+	NOT-FOR-US: S-Cart
 CVE-2021-38846
 	RESERVED
 CVE-2021-38845
@@ -11778,9 +11778,9 @@ CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/us
 CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/conf ...)
 	NOT-FOR-US: Eigen
 CVE-2021-3705 (Potential security vulnerabilities have been discovered on a certain H ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2021-3704 (Potential security vulnerabilities have been discovered on a certain H ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is u ...)
 	- polipo <removed>
 	[buster] - polipo <ignored> (Minor issue)
@@ -35187,9 +35187,9 @@ CVE-2021-29215
 CVE-2021-29214
 	RESERVED
 CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29212 (A remote unauthenticated directory traversal security vulnerability ha ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
 	NOT-FOR-US: HPE
 CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
@@ -37534,7 +37534,7 @@ CVE-2021-28217
 CVE-2021-3441 (A potential security vulnerability has been identified for the HP Offi ...)
 	NOT-FOR-US: HP
 CVE-2021-3440 (HP Print and Scan Doctor, an application within the HP Smart App for W ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2021-3439
 	RESERVED
 CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...)
@@ -39039,7 +39039,7 @@ CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka g
 	NOTE: Introducing commit present in Debian since 2.28-1 with addition of
 	NOTE: https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919
 CVE-2021-27644 (In Apache DolphinScheduler before 1.3.6 versions, authorized users can ...)
-	TODO: check
+	NOT-FOR-US: Apache DolphinScheduler
 CVE-2021-27643 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
 	NOT-FOR-US: SAP
 CVE-2021-27642 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
@@ -40473,9 +40473,9 @@ CVE-2021-27007
 CVE-2021-27006
 	RESERVED
 CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16,  ...)
-	TODO: check
+	NOT-FOR-US: Clustered Data ONTAP
 CVE-2021-27004 (System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and  ...)
-	TODO: check
+	NOT-FOR-US: NetAPP
 CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 a ...)
 	NOT-FOR-US: Clustered Data ONTAP (NetApp)
 CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...)
@@ -41126,9 +41126,9 @@ CVE-2021-26742
 CVE-2021-26741
 	RESERVED
 CVE-2021-26740 (Arbitrary file upload vulnerability sysupload.php in millken doyocms 2 ...)
-	TODO: check
+	NOT-FOR-US: doyocms
 CVE-2021-26739 (SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows  ...)
-	TODO: check
+	NOT-FOR-US: doyocms
 CVE-2021-26738
 	RESERVED
 CVE-2021-26737



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4c83d3e33cd13a01c3e739c0ff11ad1a2258b73

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4c83d3e33cd13a01c3e739c0ff11ad1a2258b73
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211101/cc32f8b2/attachment.htm>

More information about the debian-security-tracker-commits mailing list