[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 13 20:20:34 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5dd0b8b2 by Salvatore Bonaccorso at 2021-11-13T21:20:05+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -277,7 +277,7 @@ CVE-2021-43522
 CVE-2021-3939
 	RESERVED
 CVE-2021-3938 (snipe-it is vulnerable to Improper Neutralization of Input During Web  ...)
-	TODO: check
+	NOT-FOR-US: snipe-it
 CVE-2021-3937
 	RESERVED
 CVE-2021-3936
@@ -544,7 +544,7 @@ CVE-2021-43402
 CVE-2021-43401
 	RESERVED
 CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: snipe-it
 CVE-2021-3930 [off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c]
 	RESERVED
 	- qemu <unfixed>
@@ -1997,7 +1997,7 @@ CVE-2021-43205
 CVE-2021-43204
 	RESERVED
 CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: firefly-iii
 CVE-2021-3920
 	RESERVED
 CVE-2021-3919
@@ -2265,7 +2265,7 @@ CVE-2021-43082 (Buffer Copy without Checking Size of Input ('Classic Buffer Over
 	NOTE: CVE description is wrong, this doesn't affect 8.1, only 9.x/master:
 	NOTE: Introduced with https://github.com/apache/trafficserver/commit/5e2385b666b4176be0f64fbadfbfae42094db396 (9.1.0-rc0)
 CVE-2021-3915 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous  ...)
-	TODO: check
+	NOT-FOR-US: bookstack
 CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...)
@@ -6870,7 +6870,7 @@ CVE-2021-41655
 CVE-2021-41654
 	RESERVED
 CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with firmware  ...)
-	TODO: check
+	NOT-FOR-US:  TP-Link
 CVE-2021-41652
 	RESERVED
 CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / Ahmed H ...)
@@ -9498,9 +9498,9 @@ CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TT
 CVE-2021-40525
 	RESERVED
 CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: showdoc
 CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: showdoc
 CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version a ...)
 	NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch
 CVE-2021-3773
@@ -15423,7 +15423,7 @@ CVE-2021-3685
 CVE-2021-3684
 	RESERVED
 CVE-2021-3683 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: showdoc
 CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...)
 	NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif)
 CVE-2021-38112 (In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, a ...)
@@ -87680,7 +87680,7 @@ CVE-2020-21143
 CVE-2020-21142 (Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire  ...)
 	NOT-FOR-US: IPFire
 CVE-2020-21141 (iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: iCMS
 CVE-2020-21140
 	RESERVED
 CVE-2020-21139 (EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dd0b8b211eecc2c4fa51ad500919f60c81fccc0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dd0b8b211eecc2c4fa51ad500919f60c81fccc0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211113/fe819f9d/attachment.htm>


More information about the debian-security-tracker-commits mailing list