[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 8 21:22:16 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cbe7785b by Salvatore Bonaccorso at 2021-10-08T22:21:50+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...)
-	TODO: check
+	NOT-FOR-US: VITEC Exterity IPTV products
 CVE-2021-42108
 	RESERVED
 CVE-2021-42107
@@ -324,11 +324,11 @@ CVE-2021-41978
 CVE-2021-41977
 	RESERVED
 CVE-2021-41976 (Tad Uploader edit book list function is vulnerable to authorization by ...)
-	TODO: check
+	NOT-FOR-US: Tad Uploader
 CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, thus remo ...)
-	TODO: check
+	NOT-FOR-US: TadTools
 CVE-2021-41974 (Tad Book3 editing book page does not perform identity verification. Re ...)
-	TODO: check
+	NOT-FOR-US: Tad Book3
 CVE-2021-3858
 	RESERVED
 CVE-2021-3857
@@ -397,7 +397,7 @@ CVE-2021-41949
 CVE-2021-41948
 	RESERVED
 CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visu ...)
-	TODO: check
+	NOT-FOR-US: Subrion CMS
 CVE-2021-41946
 	RESERVED
 CVE-2021-41945
@@ -451,15 +451,15 @@ CVE-2021-41922
 CVE-2021-41921
 	RESERVED
 CVE-2021-41920 (webTareas version 2.4 and earlier allows an unauthenticated user to pe ...)
-	TODO: check
+	NOT-FOR-US: webTareas
 CVE-2021-41919 (webTareas version 2.4 and earlier allows an authenticated user to arbi ...)
-	TODO: check
+	NOT-FOR-US: webTareas
 CVE-2021-41918 (webTareas version 2.4 and earlier allows an authenticated user to inje ...)
-	TODO: check
+	NOT-FOR-US: webTareas
 CVE-2021-41917 (webTareas version 2.4 and earlier allows an authenticated user to stor ...)
-	TODO: check
+	NOT-FOR-US: webTareas
 CVE-2021-41916 (A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version ...)
-	TODO: check
+	NOT-FOR-US: webTareas
 CVE-2021-41915
 	RESERVED
 CVE-2021-41914
@@ -666,7 +666,7 @@ CVE-2021-41827 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hard
 CVE-2021-41826 (PlaceOS Authentication Service before 1.29.10.0 allows app/controllers ...)
 	NOT-FOR-US: PlaceOS Authentication Service
 CVE-2021-41825 (Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection  ...)
-	TODO: check
+	NOT-FOR-US: Verint Workforce Optimization (WFO)
 CVE-2021-41824 (Craft CMS before 3.7.14 allows CSV injection. ...)
 	NOT-FOR-US: Craft CMS
 CVE-2021-41823
@@ -1256,17 +1256,17 @@ CVE-2021-41569
 CVE-2021-3826
 	RESERVED
 CVE-2021-41568 (Tad Web is vulnerable to authorization bypass, thus remote attackers c ...)
-	TODO: check
+	NOT-FOR-US: Tad Web
 CVE-2021-41567 (The new add subject parameter of Tad Uploader view book list function  ...)
-	TODO: check
+	NOT-FOR-US: Tad Uploader
 CVE-2021-41566 (The file extension of the TadTools file upload function fails to filte ...)
-	TODO: check
+	NOT-FOR-US: TadTools
 CVE-2021-41565 (TadTools special page parameter does not properly restrict the input o ...)
-	TODO: check
+	NOT-FOR-US: TadTools
 CVE-2021-41564 (Tad Honor viewing book list function is vulnerable to authorization by ...)
-	TODO: check
+	NOT-FOR-US: Tad Honor
 CVE-2021-41563 (Tad Book3 editing book function does not filter special characters. Un ...)
-	TODO: check
+	NOT-FOR-US: Tad Book3
 CVE-2021-41562
 	RESERVED
 CVE-2021-41561
@@ -2886,7 +2886,7 @@ CVE-2021-40834
 CVE-2021-40833
 	RESERVED
 CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2021-40831
 	RESERVED
 CVE-2021-40830
@@ -38463,7 +38463,7 @@ CVE-2021-3314 (** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18
 CVE-2021-3313 (Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS)  ...)
 	NOT-FOR-US: Plone
 CVE-2021-3312 (An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11 ...)
-	TODO: check
+	NOT-FOR-US: Alkacon OpenCms
 CVE-2021-3311 (An issue was discovered in October through build 471. It reactivates a ...)
 	NOT-FOR-US: October CMS
 CVE-2021-3310 (Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbol ...)
@@ -41119,9 +41119,9 @@ CVE-2021-25273 (Stored XSS can execute as administrator in quarantined email det
 CVE-2021-25272
 	RESERVED
 CVE-2021-25271 (A local attacker could read or write arbitrary files with administrato ...)
-	TODO: check
+	NOT-FOR-US: HitmanPro
 CVE-2021-25270 (A local attacker could execute arbitrary code with administrator privi ...)
-	TODO: check
+	NOT-FOR-US: HitmanPro
 CVE-2021-25269
 	RESERVED
 CVE-2021-25268
@@ -53402,7 +53402,7 @@ CVE-2021-20602 (Improper Handling of Exceptional Conditions vulnerability in GOT
 CVE-2021-20601
 	RESERVED
 CVE-2021-20600 (Uncontrolled resource consumption in MELSEC iQ-R series C Controller M ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2021-20599
 	RESERVED
 CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...)
@@ -79634,7 +79634,7 @@ CVE-2020-21867
 CVE-2020-21866
 	RESERVED
 CVE-2020-21865 (ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: ThinkPHP50-CMS
 CVE-2020-21864
 	RESERVED
 CVE-2020-21863
@@ -79906,15 +79906,15 @@ CVE-2020-21731 (Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http:/
 CVE-2020-21730
 	RESERVED
 CVE-2020-21729 (JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: JEECMS
 CVE-2020-21728
 	RESERVED
 CVE-2020-21727
 	RESERVED
 CVE-2020-21726 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Contro ...)
-	TODO: check
+	NOT-FOR-US: OpenSNS
 CVE-2020-21725 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Contro ...)
-	TODO: check
+	NOT-FOR-US: OpenSNS
 CVE-2020-21724
 	RESERVED
 CVE-2020-21723



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe7785b42851454c80523873a28e007f268b66f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe7785b42851454c80523873a28e007f268b66f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211008/2ed7a55d/attachment.htm>

More information about the debian-security-tracker-commits mailing list