[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Oct 1 10:33:10 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a67572b by Moritz Muehlenhoff at 2021-10-01T11:32:52+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1104,7 +1104,7 @@ CVE-2021-41326 (In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishan
 CVE-2021-41325 (Broken access control for user creation in Pydio Cells 2.2.9 allows re ...)
 	NOT-FOR-US: Pydio Cells
 CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in Pydio Ce ...)
-	TODO: check
+	NOT-FOR-US: Pydio Cells
 CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 2.2.9 allow ...)
 	NOT-FOR-US: Pydio Cells
 CVE-2021-41322
@@ -1574,13 +1574,13 @@ CVE-2021-41111
 CVE-2021-41110
 	RESERVED
 CVE-2021-41109 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2021-41108
 	RESERVED
 CVE-2021-41107
 	RESERVED
 CVE-2021-41106 (JWT is a library to work with JSON Web Token and JSON Web Signature. P ...)
-	TODO: check
+	NOT-FOR-US: PHP lcobucci/jwt
 CVE-2021-41105
 	RESERVED
 CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with web_serv ...)
@@ -1590,7 +1590,7 @@ CVE-2021-41103
 CVE-2021-41102
 	RESERVED
 CVE-2021-41101 (wire-server is an open-source back end for Wire, a secure collaboratio ...)
-	TODO: check
+	NOT-FOR-US: wire-server
 CVE-2021-41100
 	RESERVED
 CVE-2021-41099
@@ -3774,7 +3774,7 @@ CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020
 CVE-2021-40155 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...)
 	NOT-FOR-US: Autodesk
 CVE-2021-3747 (The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, acciden ...)
-	TODO: check
+	NOT-FOR-US: Multipass
 CVE-2021-40154
 	RESERVED
 CVE-2021-40152
@@ -7229,7 +7229,7 @@ CVE-2021-38677
 CVE-2021-38676
 	RESERVED
 CVE-2021-38675 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-38674
 	RESERVED
 CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag ...)
@@ -13772,7 +13772,7 @@ CVE-2021-35937 [TOCTOU race in checks for unsafe symlinks]
 CVE-2021-35936 (If remote logging is not used, the worker (in the case of CeleryExecut ...)
 	- airflow <itp> (bug #819700)
 CVE-2021-3626 (The Windows version of Multipass before 1.7.0 allowed any local proces ...)
-	TODO: check
+	NOT-FOR-US: Multipass
 CVE-2021-3625
 	RESERVED
 CVE-2021-35935
@@ -17320,15 +17320,15 @@ CVE-2021-34358
 CVE-2021-34357
 	RESERVED
 CVE-2021-34356 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-34355 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-34354 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-34353
 	RESERVED
 CVE-2021-34352 (A command injection vulnerability has been reported to affect QNAP dev ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-34351 (A command injection vulnerability has been reported to affect QNAP dev ...)
 	NOT-FOR-US: QNAP
 CVE-2021-34350
@@ -18241,9 +18241,9 @@ CVE-2021-33926
 CVE-2021-33925
 	RESERVED
 CVE-2021-33924 (Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 i ...)
-	TODO: check
+	NOT-FOR-US: Confluent Ansible
 CVE-2021-33923 (Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5 ...)
-	TODO: check
+	NOT-FOR-US: Confluent Ansible
 CVE-2021-33922
 	RESERVED
 CVE-2021-33921
@@ -19019,7 +19019,7 @@ CVE-2021-33628
 CVE-2021-33627
 	RESERVED
 CVE-2021-33626 (In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not cor ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2021-33625
 	RESERVED
 CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch  ...)
@@ -19114,7 +19114,7 @@ CVE-2021-33585
 CVE-2021-33584
 	RESERVED
 CVE-2021-33583 (REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa pas ...)
-	TODO: check
+	NOT-FOR-US: REINER
 CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of s ...)
 	- cyrus-imapd 3.4.2-1 (bug #993433)
 	[bullseye] - cyrus-imapd <no-dsa> (Minor issue; pending fix via point release)
@@ -44319,7 +44319,7 @@ CVE-2021-23448
 CVE-2021-23447
 	RESERVED
 CVE-2021-23446 (The package handsontable before 10.0.0; the package handsontable from  ...)
-	TODO: check
+	NOT-FOR-US: Node handsontable
 CVE-2021-23445 (This affects the package datatables.net before 1.11.3. If an array is  ...)
 	- datatables.js 1.10.21+dfsg-3 (bug #995229)
 	NOTE: https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b (v1.11.3)
@@ -81138,13 +81138,13 @@ CVE-2020-20801
 CVE-2020-20800 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection ...)
 	NOT-FOR-US: MetInfo
 CVE-2020-20799 (JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: JeeCMS
 CVE-2020-20798
 	RESERVED
 CVE-2020-20797 (FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: FlameCMS
 CVE-2020-20796 (FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/artic ...)
-	TODO: check
+	NOT-FOR-US: FlameCMS
 CVE-2020-20795
 	RESERVED
 CVE-2020-20794
@@ -81244,7 +81244,7 @@ CVE-2020-20748
 CVE-2020-20747
 	RESERVED
 CVE-2020-20746 (A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03. ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2020-20745
 	RESERVED
 CVE-2020-20744
@@ -102242,7 +102242,7 @@ CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM120
 CVE-2020-12031 (In all versions of FactoryTalk View SE, after bypassing memory corrupt ...)
 	NOT-FOR-US: FactoryTalk View SE
 CVE-2020-12030 (There is a flaw in the code used to configure the internal gateway fir ...)
-	TODO: check
+	NOT-FOR-US: Emerson WirelessHART Gateway
 CVE-2020-12029 (All versions of FactoryTalk View SE do not properly validate input of  ...)
 	NOT-FOR-US: FactoryTalk View SE
 CVE-2020-12028 (In all versions of FactoryTalk View SEA remote, an authenticated attac ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a67572b8d0594760fb19bc165bc896c1c77b924

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a67572b8d0594760fb19bc165bc896c1c77b924
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211001/3d250d10/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list