[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 15 20:26:37 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13eed94a by Salvatore Bonaccorso at 2021-11-15T21:26:08+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -645,7 +645,7 @@ CVE-2021-43497
 CVE-2021-43496 (Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd7 ...)
 	NOT-FOR-US: Clustering
 CVE-2021-43495 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...)
-	TODO: check
+	NOT-FOR-US: AlquistManager
 CVE-2021-43494 (OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc68 ...)
 	NOT-FOR-US: OpenCV-REST-API
 CVE-2021-43493 (ServerManagement master branch as of commit 49491cc6f94980e6be7791d17b ...)
@@ -3147,9 +3147,9 @@ CVE-2021-42841
 CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the system se ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2021-42839 (Grand Vice info Co. webopac7 file upload function fails to filter spec ...)
-	TODO: check
+	NOT-FOR-US: Grand Vice info Co. webopac7 file upload function
 CVE-2021-42838 (Grand Vice info Co. webopac7 book search field parameter does not prop ...)
-	TODO: check
+	NOT-FOR-US: Grand Vice info Co. webopac7 book search field parameter
 CVE-2021-42837 (An issue was discovered in Talend Data Catalog before 7.3-20210930. Af ...)
 	NOT-FOR-US: Talend Data Catalog
 CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...)
@@ -3471,13 +3471,13 @@ CVE-2021-42708
 CVE-2021-42707
 	RESERVED
 CVE-2021-42706 (This vulnerability could allow an attacker to disclose information and ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2021-42705
 	RESERVED
 CVE-2021-42704
 	RESERVED
 CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2021-42702
 	RESERVED
 CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...)
@@ -3723,7 +3723,7 @@ CVE-2021-42582
 CVE-2021-42581
 	RESERVED
 CVE-2021-42580 (Sourcecodester Online Learning System 2.0 is vunlerable to sql injecti ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-42579
 	RESERVED
 CVE-2021-42578
@@ -6473,9 +6473,9 @@ CVE-2021-41953
 CVE-2021-41952
 	RESERVED
 CVE-2021-41951 (ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: ResourceSpace
 CVE-2021-41950 (A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277  ...)
-	TODO: check
+	NOT-FOR-US: ResourceSpace
 CVE-2021-41949
 	RESERVED
 CVE-2021-41948
@@ -6939,7 +6939,7 @@ CVE-2021-3832 (Integria IMS in its 5.0.92 version is vulnerable to a Remote Code
 CVE-2021-3831
 	RESERVED
 CVE-2021-41765 (A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of R ...)
-	TODO: check
+	NOT-FOR-US: ResourceSpace
 CVE-2021-41764 (A cross-site request forgery (CSRF) vulnerability exists in Streama up ...)
 	NOT-FOR-US: Streama
 CVE-2021-41763
@@ -8003,7 +8003,7 @@ CVE-2021-41291 (ECOA BAS controller suffers from a path traversal content disclo
 CVE-2021-41290 (ECOA BAS controller suffers from an arbitrary file write and path trav ...)
 	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41289 (ASUS P453UJ contains the Improper Restriction of Operations within the ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2021-41288 (Zoho ManageEngine OpManager version 125466 and below is vulnerable to  ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-41287
@@ -23072,9 +23072,9 @@ CVE-2021-34994
 CVE-2021-34993
 	RESERVED
 CVE-2021-34992 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Orckestra C1 CMS
 CVE-2021-34991 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2021-34990
 	RESERVED
 CVE-2021-34989



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13eed94a65e97765bc5ae0481e86357e93dc06e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13eed94a65e97765bc5ae0481e86357e93dc06e8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211115/dbdb9698/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list