[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 22 20:22:30 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ec1d0c1c by Salvatore Bonaccorso at 2021-11-22T21:21:53+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2292,9 +2292,9 @@ CVE-2021-3952
 CVE-2021-3951
 	RESERVED
 CVE-2021-43582 (A Use-After-Free Remote Vulnerability exists when reading a DWG file u ...)
-	TODO: check
+	NOT-FOR-US: Open Design Alliance Drawings SDK
 CVE-2021-43581 (An Out-of-Bounds Read vulnerability exists when reading a U3D file usi ...)
-	TODO: check
+	NOT-FOR-US: Open Design Alliance PRC SDK
 CVE-2021-43580
 	RESERVED
 CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC before 1. ...)
@@ -4698,9 +4698,9 @@ CVE-2021-43018
 CVE-2021-43017 (Adobe Creative Cloud version 5.5 (and earlier) are affected by an Appl ...)
 	NOT-FOR-US: Adobe
 CVE-2021-43016 (Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43015 (Adobe InCopy version 16.4 (and earlier) is affected by a memory corrup ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-43014
 	RESERVED
 CVE-2021-43013 (Adobe Media Encoder version 15.4.1 (and earlier) are affected by a mem ...)
@@ -5341,9 +5341,9 @@ CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a
 	NOTE: https://seclists.org/oss-sec/2021/q2/46
 	NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/
 CVE-2021-42738 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-42737 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-42736
 	RESERVED
 CVE-2021-42735
@@ -5351,7 +5351,7 @@ CVE-2021-42735
 CVE-2021-42734
 	RESERVED
 CVE-2021-42733 (Adobe Prelude version 10.1 (and earlier) is affected by an improper in ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-42732
 	RESERVED
 CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Ov ...)
@@ -5363,7 +5363,7 @@ CVE-2021-42729
 CVE-2021-42728
 	RESERVED
 CVE-2021-42727 (Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected b ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-42726 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...)
 	NOT-FOR-US: Adobe
 CVE-2021-42725 (Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by ...)
@@ -5414,11 +5414,11 @@ CVE-2021-42709
 CVE-2021-42708
 	RESERVED
 CVE-2021-42707 (PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds  ...)
-	TODO: check
+	NOT-FOR-US: PLC Editor
 CVE-2021-42706 (This vulnerability could allow an attacker to disclose information and ...)
 	NOT-FOR-US: Advantech
 CVE-2021-42705 (PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buf ...)
-	TODO: check
+	NOT-FOR-US: PLC Editor
 CVE-2021-42704
 	RESERVED
 CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...)
@@ -11185,17 +11185,17 @@ CVE-2021-40777
 CVE-2021-40776
 	RESERVED
 CVE-2021-40775 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40774 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40773 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40772 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40771 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40770 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40769
 	RESERVED
 CVE-2021-40768
@@ -16929,15 +16929,15 @@ CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 s
 CVE-2021-38379 (The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permi ...)
 	NOT-FOR-US: CFEngine Enterprise
 CVE-2021-38378 (OX App Suite 7.10.5 allows Information Exposure because a caching mech ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-38377 (OX App Suite through 7.10.5 allows XSS via JavaScript code in an ancho ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-38376 (OX App Suite through 7.10.5 has Incorrect Access Control for retrieval ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-38375 (OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-38374 (OX App Suite through through 7.10.5 allows XSS via a crafted snippet t ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not hon ...)
 	- kmail <unfixed>
 	[bullseye] - kmail <no-dsa> (Minor issue)
@@ -17610,7 +17610,7 @@ CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for n
 CVE-2021-38147
 	RESERVED
 CVE-2021-38146 (The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_1 ...)
-	TODO: check
+	NOT-FOR-US: Wipro Holmes Orchestrator
 CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...)
 	NOT-FOR-US: Form Tools
 CVE-2021-38144 (An issue was discovered in Form Tools through 3.0.20. A low-privileged ...)
@@ -26446,9 +26446,9 @@ CVE-2021-34402
 CVE-2021-34401
 	RESERVED
 CVE-2021-34400 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2021-34399 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2021-34398 (NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in  ...)
 	NOT-FOR-US: NVIDIA
 CVE-2021-34397 (Bootloader contains a vulnerability in NVIDIA MB2, which may cause fre ...)
@@ -28600,21 +28600,21 @@ CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal
 CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. ...)
 	NOT-FOR-US: Dutchcoders transfer.sh
 CVE-2021-33495 (OX App Suite 7.10.5 allows XSS via an OX Chat system message. ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-33494 (OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-33493 (The middleware component in OX App Suite through 7.10.5 allows Code In ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-33492 (OX App Suite 7.10.5 allows XSS via an OX Chat room name. ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-33491 (OX App Suite through 7.10.5 allows Directory Traversal via ../ in an O ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-33490 (OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shar ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-33489 (OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-33488 (chat in OX App Suite 7.10.5 has Improper Input Validation. A user can  ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-33487
 	RESERVED
 CVE-2021-33486 (All versions of the CODESYS V3 Runtime Toolkit for VxWorks from versio ...)
@@ -46020,7 +46020,7 @@ CVE-2021-26616
 CVE-2021-26615
 	RESERVED
 CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...)
-	TODO: check
+	NOT-FOR-US: IpTime C200 camera
 CVE-2021-26613
 	RESERVED
 CVE-2021-26612



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec1d0c1ca1c00e28e8dc165ecfa2c9ab9eb00eed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec1d0c1ca1c00e28e8dc165ecfa2c9ab9eb00eed
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211122/56a18a0c/attachment.htm>

More information about the debian-security-tracker-commits mailing list