[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 5 20:20:15 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf0c385a by Salvatore Bonaccorso at 2021-11-05T21:19:47+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,13 +5,13 @@ CVE-2021-43408
 CVE-2021-43407
 	RESERVED
 CVE-2021-43406 (An issue was discovered in FusionPBX before 4.5.30. The fax_post_size  ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2021-43405 (An issue was discovered in FusionPBX before 4.5.30. The fax_extension  ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2021-43404 (An issue was discovered in FusionPBX before 4.5.30. The FAX file name  ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2021-43403 (An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2021-43402
 	RESERVED
 CVE-2021-43401
@@ -244,7 +244,7 @@ CVE-2021-43298
 CVE-2021-43297
 	RESERVED
 CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Restricte ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2021-23222
 	RESERVED
 CVE-2021-23214
@@ -1693,7 +1693,7 @@ CVE-2021-43085
 CVE-2021-43084
 	RESERVED
 CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
-	TODO: check
+	NOT-FOR-US: bookstack
 CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-43083
@@ -2281,7 +2281,7 @@ CVE-2021-42839
 CVE-2021-42838
 	RESERVED
 CVE-2021-42837 (An issue was discovered in Talend Data Catalog before 7.3-20210930. Af ...)
-	TODO: check
+	NOT-FOR-US: Talend Data Catalog
 CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...)
 	- golang-github-tidwall-gjson <unfixed>
 	NOTE: https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
@@ -2605,13 +2605,13 @@ CVE-2021-42703
 CVE-2021-42702
 	RESERVED
 CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...)
-	TODO: check
+	NOT-FOR-US: AzeoTech
 CVE-2021-42700
 	RESERVED
 CVE-2021-42699 (The affected product is vulnerable to cookie information being transmi ...)
-	TODO: check
+	NOT-FOR-US: AzeoTech
 CVE-2021-42698 (Project files are stored memory objects in the form of binary serializ ...)
-	TODO: check
+	NOT-FOR-US: AzeoTech
 CVE-2021-42697 (Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhausti ...)
 	NOT-FOR-US: Akka HTTP
 CVE-2021-42696
@@ -2665,25 +2665,25 @@ CVE-2021-42673
 CVE-2021-42672
 	RESERVED
 CVE-2021-42671 (An incorrect access control vulnerability exists in Sourcecodester Eng ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-42670 (A SQL injection vulnerability exists in Sourcecodester Engineers Onlin ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-42669 (A file upload vulnerability exists in Sourcecodester Engineers Online  ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-42668 (A SQL Injection vulnerability exists in Sourcecodester Engineers Onlin ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-42667 (A SQL Injection vulnerability exists in Sourcecodester Online Event Bo ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-42666 (A SQL Injection vulnerability exists in Sourcecodester Engineers Onlin ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-42665 (An SQL Injection vulnerability exists in Sourcecodester Engineers Onli ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-42664 (A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecod ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-42663 (An HTML injection vulnerability exists in Sourcecodester Online Event  ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-42662 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-42661
 	RESERVED
 CVE-2021-42660
@@ -2945,7 +2945,7 @@ CVE-2021-42545
 CVE-2021-42544
 	RESERVED
 CVE-2021-42543 (The affected application uses specific functions that could be abused  ...)
-	TODO: check
+	NOT-FOR-US: AzeoTech
 CVE-2021-42542 (The affected product is vulnerable to directory traversal due to misha ...)
 	NOT-FOR-US: Emerson
 CVE-2021-42541
@@ -4834,7 +4834,7 @@ CVE-2021-42239
 CVE-2021-42238
 	RESERVED
 CVE-2021-42237 (Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnera ...)
-	TODO: check
+	NOT-FOR-US: Sitecore
 CVE-2021-42236
 	RESERVED
 CVE-2021-42235



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf0c385a26fcb899cf796314bdcdebf3e5d65f2d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf0c385a26fcb899cf796314bdcdebf3e5d65f2d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211105/d4a1d9bf/attachment.htm>

More information about the debian-security-tracker-commits mailing list