[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Nov 11 10:22:08 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
da8c5fc6 by Salvatore Bonaccorso at 2021-11-11T11:21:47+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -411,7 +411,7 @@ CVE-2021-43398 (Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leak
 	- libcrypto++ <unfixed>
 	NOTE: https://github.com/weidai11/cryptopp/issues/1080
 CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate their priv ...)
-	TODO: check
+	NOT-FOR-US: LiquidFiles
 CVE-2021-43395
 	RESERVED
 CVE-2021-43394
@@ -2652,7 +2652,7 @@ CVE-2021-3898
 CVE-2021-3897
 	RESERVED
 CVE-2021-42847 (Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write t ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-42846
 	RESERVED
 CVE-2021-42845
@@ -5839,7 +5839,7 @@ CVE-2021-42004
 CVE-2021-42003
 	RESERVED
 CVE-2021-42002 (Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-42001
 	RESERVED
 CVE-2021-42000
@@ -6210,7 +6210,7 @@ CVE-2021-41838
 CVE-2021-41837
 	RESERVED
 CVE-2021-41833 (Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to una ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-3848 (An arbitrary file creation by privilege escalation vulnerability in Tr ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-3847 [low-privileged user privileges escalation]
@@ -7969,9 +7969,9 @@ CVE-2021-41083 (Dada Mail is a web-based e-mail list management system. In affec
 CVE-2021-41082 (Discourse is a platform for community discussion. In affected versions ...)
 	NOT-FOR-US: Discourse
 CVE-2021-41081 (Zoho ManageEngine Network Configuration Manager before &#65279 ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-41080 (Zoho ManageEngine Network Configuration Manager before &#65279 ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10. ...)
 	{DSA-4986-1 DLA-2764-1}
 	- tomcat9 9.0.53-1
@@ -9305,15 +9305,15 @@ CVE-2021-40523 (In Contiki 3.0, Telnet option negotiation is mishandled. During
 CVE-2021-40522
 	RESERVED
 CVE-2021-40521 (Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Executi ...)
-	TODO: check
+	NOT-FOR-US: Airangel
 CVE-2021-40520 (Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials ...)
-	TODO: check
+	NOT-FOR-US: Airangel
 CVE-2021-40519 (Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database  ...)
-	TODO: check
+	NOT-FOR-US: Airangel
 CVE-2021-40518 (Airangel HSMX Gateway devices through 5.2.04 allow CSRF. ...)
-	TODO: check
+	NOT-FOR-US: Airangel
 CVE-2021-40517 (Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored C ...)
-	TODO: check
+	NOT-FOR-US: Airangel
 CVE-2021-40516 (WeeChat before 3.2.1 allows remote attackers to cause a denial of serv ...)
 	{DLA-2770-1}
 	- weechat 3.2.1-1 (bug #993803)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da8c5fc6cd1fdcfd665e9768d580c5dbc5b5d3dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da8c5fc6cd1fdcfd665e9768d580c5dbc5b5d3dc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211111/09ee718b/attachment.htm>
