[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 24 20:18:13 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b04b18a0 by Salvatore Bonaccorso at 2021-11-24T21:12:25+01:00
Process NFUs

- - - - -
a307440d by Salvatore Bonaccorso at 2021-11-24T21:17:46+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1197,7 +1197,7 @@ CVE-2021-43780 (Redash is a package for data visualization and sharing. In versi
 CVE-2021-43779
 	RESERVED
 CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI inst ...)
-	TODO: check
+	NOT-FOR-US: GLPI plugin
 CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...)
 	NOT-FOR-US: Redash
 CVE-2021-43776
@@ -3263,7 +3263,7 @@ CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-001
 CVE-2021-43269
 	RESERVED
 CVE-2021-43268 (An issue was discovered in VxWorks 6.9 through 7. In the IKE component ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks
 CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...)
 	- mahara <removed>
 CVE-2021-43265 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag s ...)
@@ -15896,7 +15896,7 @@ CVE-2021-38875 (IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vul
 CVE-2021-38874
 	RESERVED
 CVE-2021-38873 (IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-38872
 	RESERVED
 CVE-2021-38871
@@ -20674,9 +20674,9 @@ CVE-2021-36919
 CVE-2021-36918
 	RESERVED
 CVE-2021-36917 (WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36916 (The SQL injection vulnerability in the Hide My WP WordPress plugin (ve ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36915
 	RESERVED
 CVE-2021-36914
@@ -26580,9 +26580,9 @@ CVE-2021-34426
 CVE-2021-34425
 	RESERVED
 CVE-2021-34424 (A vulnerability was discovered in the Zoom Client for Meetings (for An ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2021-34423 (A buffer overflow vulnerability was discovered in Zoom Client for Meet ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2021-34422 (The Keybase Client for Windows before version 5.7.0 contains a path tr ...)
 	NOT-FOR-US: Keybase Client for Windows
 CVE-2021-34421 (The Keybase Client for Android before version 5.8.0 and the Keybase Cl ...)
@@ -29866,11 +29866,11 @@ CVE-2021-33044 (The identity authentication bypass vulnerability found in some D
 CVE-2020-36363 (Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_C ...)
 	NOT-FOR-US: Amazon AWS CloudFront
 CVE-2021-3554 (Improper Access Control vulnerability in the patchesUpdate API as impl ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2021-3553 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2021-3552 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2021-33043
 	RESERVED
 CVE-2021-33042
@@ -54933,7 +54933,7 @@ CVE-2021-22959 (The parser in accepts requests with a space (SP) right after the
 CVE-2021-22958 (A Server-Side Request Forgery vulnerability was found in concrete5 &lt ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2021-22957 (A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Pr ...)
-	TODO: check
+	NOT-FOR-US: UniFi Protect
 CVE-2021-22956
 	RESERVED
 CVE-2021-22955
@@ -57117,7 +57117,7 @@ CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specif
 CVE-2021-22050
 	RESERVED
 CVE-2021-22049 (The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Requ ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...)
 	NOT-FOR-US: VMware
 CVE-2021-22047 (In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older  ...)
@@ -57260,7 +57260,7 @@ CVE-2021-21982 (VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has
 CVE-2021-21981 (VMware NSX-T contains a privilege escalation vulnerability due to an i ...)
 	NOT-FOR-US: VMware
 CVE-2021-21980 (The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-21979 (In Bitnami Containers, all Laravel container versions prior to: 6.20.0 ...)
 	NOT-FOR-US: Bitnami Containers
 CVE-2021-21978 (VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remot ...)
@@ -61699,7 +61699,7 @@ CVE-2021-20852
 CVE-2021-20851
 	RESERVED
 CVE-2021-20850 (PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and ea ...)
-	TODO: check
+	NOT-FOR-US: PowerCMS
 CVE-2021-20849
 	RESERVED
 CVE-2021-20848 (Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 a ...)
@@ -61707,19 +61707,19 @@ CVE-2021-20848 (Cross-site scripting vulnerability in rwtxt versions prior to v1
 CVE-2021-20847
 	RESERVED
 CVE-2021-20846 (Cross-site request forgery (CSRF) vulnerability in Push Notifications  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-20845 (Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap G ...)
 	TODO: check
 CVE-2021-20844 (Improper neutralization of HTTP request headers for scripting syntax v ...)
-	TODO: check
+	NOT-FOR-US: RTX830
 CVE-2021-20843 (Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev ...)
-	TODO: check
+	NOT-FOR-US: RTX830
 CVE-2021-20842 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2. ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE
 CVE-2021-20841 (Improper access control in Management screen of EC-CUBE 2 series 2.11. ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE
 CVE-2021-20840 (Cross-site scripting vulnerability in Booking Package - Appointment Bo ...)
-	TODO: check
+	NOT-FOR-US: Booking Package - Appointment Booking Calendar System
 CVE-2021-20839 (Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and e ...)
 	NOT-FOR-US: Office Server Document Converter
 CVE-2021-20838 (Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and e ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b79d100ebfa76d68b3725518011d71c86c3eca1a...a307440dc28fd3a3b44a88a86e43dc57fe1954e7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b79d100ebfa76d68b3725518011d71c86c3eca1a...a307440dc28fd3a3b44a88a86e43dc57fe1954e7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211124/f8a92850/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list