[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Oct 4 21:24:50 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3b186e2 by Salvatore Bonaccorso at 2021-10-04T22:24:23+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -199,7 +199,7 @@ CVE-2021-41880
 CVE-2021-41879
 	RESERVED
 CVE-2021-41878 (A reflected cross-site scripting (XSS) vulnerability exists in the i-P ...)
-	TODO: check
+	NOT-FOR-US: i-Panel Administration System
 CVE-2021-41877
 	RESERVED
 CVE-2021-41876
@@ -718,7 +718,7 @@ CVE-2021-41653
 CVE-2021-41652
 	RESERVED
 CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / Ahmed H ...)
-	TODO: check
+	NOT-FOR-US: Raymart DG / Ahmed Helal Hotel-mgmt-system
 CVE-2021-41650
 	RESERVED
 CVE-2021-41649 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...)
@@ -837,9 +837,9 @@ CVE-2021-41598
 CVE-2021-41597
 	RESERVED
 CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via  ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via  ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2021-41594
 	RESERVED
 CVE-2021-41593 (Lightning Labs lnd before 0.13.3-beta allows loss of funds because of  ...)
@@ -847,7 +847,7 @@ CVE-2021-41593 (Lightning Labs lnd before 0.13.3-beta allows loss of funds becau
 CVE-2021-41592 (Blockstream c-lightning through 0.10.1 allows loss of funds because of ...)
 	TODO: check
 CVE-2021-41591 (ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC ex ...)
-	TODO: check
+	NOT-FOR-US: ACINQ Eclair
 CVE-2021-41590
 	RESERVED
 CVE-2021-41589
@@ -879,9 +879,9 @@ CVE-2021-41581 (x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constr
 CVE-2021-41580 (** DISPUTED ** The passport-oauth2 package before 1.6.1 for Node.js mi ...)
 	NOT-FOR-US: Node passport-oauth2
 CVE-2021-41579 (LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass ...)
-	TODO: check
+	NOT-FOR-US: LCDS LAquis SCADA
 CVE-2021-41578 (mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myDESIGNER
 CVE-2021-41577
 	RESERVED
 CVE-2021-41576
@@ -990,7 +990,7 @@ CVE-2021-41532
 CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if  ...)
 	- routinator <itp> (bug #929024)
 CVE-2021-41530 (Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, ...)
-	TODO: check
+	NOT-FOR-US: Forcepoint NGFW Engine
 CVE-2021-41529
 	RESERVED
 CVE-2021-41528
@@ -1039,7 +1039,7 @@ CVE-2021-41513
 CVE-2021-41512
 	RESERVED
 CVE-2021-41511 (The username and password field of login in Lodging Reservation Manage ...)
-	TODO: check
+	NOT-FOR-US: Lodging Reservation Management System
 CVE-2021-41510
 	RESERVED
 CVE-2021-41509
@@ -2876,7 +2876,7 @@ CVE-2021-40818 (scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buf
 	[buster] - glewlwyd <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2
 CVE-2021-40683 (In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4 ...)
-	TODO: check
+	NOT-FOR-US: Akamai EAA (Enterprise Application Access) Client
 CVE-2021-40682
 	RESERVED
 CVE-2021-3779
@@ -5618,7 +5618,7 @@ CVE-2021-39488
 CVE-2021-39487
 	RESERVED
 CVE-2021-39486 (A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2. ...)
-	TODO: check
+	NOT-FOR-US: Gila CMS
 CVE-2021-39485
 	RESERVED
 CVE-2021-39484
@@ -5938,7 +5938,7 @@ CVE-2021-39349
 CVE-2021-39348
 	RESERVED
 CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-39346
 	RESERVED
 CVE-2021-39345
@@ -7252,9 +7252,9 @@ CVE-2021-38825
 CVE-2021-38824
 	RESERVED
 CVE-2021-38823 (The IceHrm 30.0.0 OS website was found vulnerable to Session Managemen ...)
-	TODO: check
+	NOT-FOR-US: IceHrm
 CVE-2021-38822 (A Stored Cross Site Scripting vulnerability via Malicious File Upload  ...)
-	TODO: check
+	NOT-FOR-US: IceHrm
 CVE-2021-38821
 	RESERVED
 CVE-2021-38820
@@ -7683,7 +7683,7 @@ CVE-2021-38620
 CVE-2021-38619 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...)
 	NOT-FOR-US: openBaraza HCM
 CVE-2021-38618 (In GFOS Workforce Management 4.8.272.1, the login page of application  ...)
-	TODO: check
+	NOT-FOR-US: GFOS Workforce Management
 CVE-2021-38617 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ us ...)
 	NOT-FOR-US: Eigen
 CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{us ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3b186e2e54ece91ee93455d16e9ef265bb4475f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3b186e2e54ece91ee93455d16e9ef265bb4475f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211004/95054261/attachment.htm>

More information about the debian-security-tracker-commits mailing list